> ## Documentation Index
> Fetch the complete documentation index at: https://docs.siderolabs.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Kubernetes

> Running Talos Linux as a pod in Kubernetes.

export const release_v1_13 = 'v1.13.0';

export const VersionWarningBanner = () => {
  const latestVersion = "v1.13";
  const [latestUrl, setLatestUrl] = useState(null);
  const [currentVersion, setCurrentVersion] = useState(null);
  const [isBeta, setIsBeta] = useState(false);
  const parseVersion = v => v.replace("v", "").split(".").map(Number);
  const isGreaterVersion = (a, b) => {
    const [aMajor, aMinor] = parseVersion(a);
    const [bMajor, bMinor] = parseVersion(b);
    if (aMajor > bMajor) return true;
    if (aMajor === bMajor && aMinor > bMinor) return true;
    return false;
  };
  useEffect(() => {
    if (typeof window === "undefined") return;
    const {pathname, hash, search} = window.location;
    const match = pathname.match(/\/talos\/(v\d+\.\d+)\//);
    if (!match) return;
    const detectedVersion = match[1];
    if (detectedVersion === latestVersion) return;
    setCurrentVersion(detectedVersion);
    if (isGreaterVersion(detectedVersion, latestVersion)) {
      setIsBeta(true);
    }
    const newPath = pathname.replace(`/talos/${detectedVersion}/`, `/talos/${latestVersion}/`);
    setLatestUrl(`${newPath}${search}${hash}`);
  }, []);
  if (!latestUrl || !currentVersion) return null;
  return <div className="not-prose sticky top-6 z-50 my-6">
      <div className="border border-yellow-500/30 bg-yellow-500/10 px-4 py-3 rounded-xl">
        <div className="text-sm">
          {isBeta ? <>
              ⚠️ You are viewing a <strong>beta version</strong> of Talos ({currentVersion}).
              This version may be unstable.
              <a href={latestUrl} className="ml-2 underline text-yellow-400 hover:text-yellow-300 font-medium">
                View latest stable version {latestVersion} →
              </a>
            </> : <>
              ⚠️ You are viewing an older version of Talos ({currentVersion}).
              <a href={latestUrl} className="ml-2 underline text-yellow-400 hover:text-yellow-300 font-medium">
                View the latest version {latestVersion} →
              </a>
            </>}
        </div>
      </div>
    </div>;
};

<VersionWarningBanner />

Talos Linux can be run as a pod in Kubernetes similar to running Talos in [Docker](../local-platforms/docker).
This can be used e.g. to run controlplane nodes inside an existing Kubernetes cluster.

Talos Linux running in Kubernetes is not full Talos Linux experience, as it is running in a container using the host's kernel and network stack.
Some operations like upgrades and reboots are not supported.

## Prerequisites

* a running Kubernetes cluster
* a `talos` container image:

<CodeBlock lang="sh">
  {`ghcr.io/siderolabs/talos:${release_v1_13}`}
</CodeBlock>

## Machine configuration

Machine configuration can be generated using [Getting Started](../../getting-started/getting-started) guide.
Machine install disk will ge ignored, as the install image.
The Talos version will be driven by the container image being used.

The required machine configuration patch to enable using container runtime DNS:

```yaml theme={null}
machine:
  features:
    hostDNS:
      enabled: true
      forwardKubeDNSToHost: true
```

Talos and Kubernetes API can be exposed using Kubernetes services or load balancers, so they can be accessed from outside the cluster.

## Running Talos pods

There might be many ways to run Talos in Kubernetes (StatefulSet, Deployment, single Pod), so we will only provide some basic guidance here.

### Container settings

<CodeBlock lang="yaml">
  {`
    env:
    - name: PLATFORM
      value: container
    image: ghcr.io/siderolabs/talos:${release_v1_13}
    ports:
    - containerPort: 50000
      name: talos-api
      protocol: TCP
    - containerPort: 6443
      name: k8s-api
      protocol: TCP
    securityContext:
    privileged: true
    readOnlyRootFilesystem: true
    seccompProfile:
        type: Unconfined
    `}
</CodeBlock>

### Submitting initial machine configuration

Initial machine configuration can be submitted using `talosctl apply-config --insecure` when the pod is running, or it can be submitted
via an environment variable `USERDATA` with base64-encoded machine configuration.

### Volume mounts

Three ephemeral mounts are required for `/run`, `/system`, and `/tmp` directories:

```yaml theme={null}
volumeMounts:
  - mountPath: /run
    name: run
  - mountPath: /system
    name: system
  - mountPath: /tmp
    name: tmp
```

```yaml theme={null}
volumes:
  - emptyDir: {}
    name: run
  - emptyDir: {}
    name: system
  - emptyDir: {}
    name: tmp
```

Several other mountpoints are required, and they should persist across pod restarts, so one should use `PersistentVolume` for them:

```yaml theme={null}
volumeMounts:
  - mountPath: /system/state
    name: system-state
  - mountPath: /var
    name: var
  - mountPath: /etc/cni
    name: etc-cni
  - mountPath: /etc/kubernetes
    name: etc-kubernetes
  - mountPath: /usr/libexec/kubernetes
    name: usr-libexec-kubernetes
```