Sometimes you just want to run Kubernetes without babysitting an OS. No patching weird daemons. No apt upgraderoulette. No mystery errors after installing a “helpful” package at 2am.
Enter Talos Linux: an operating system so opinionated, it makes Arch users look indecisive.
Talos isn’t just a lightweight OS—it’s practically a Kubernetes appliance. It removes distractions, limits access (seriously—no SSH), and forces you to treat your infrastructure like code. Just the way I like it.
🧪 Why Talos?
Okay, imagine if Kubernetes and a security audit had a baby. That’s Talos.
It’s an immutable, API-driven, container-native OS designed from the ground up to run Kubernetes. No extra fluff, no OS surprises, and no way to manually “just fix something” on the node (because there’s literally no way to log into it). The idea is that your entire infrastructure should be declarative and automated.
If that makes your inner SRE giddy—congrats, you’re Talos-pilled.
What stands out:
- No SSH or shell access – Not even as root. Everything is managed via
talosctlover a secure gRPC API. - Atomic upgrades – Upgrades are applied as a whole unit. No more “half-upgraded nodes.”
- Built-in Kubernetes – Talos doesn’t install Kubernetes—it is Kubernetes.
- Declarative config – Your whole node setup lives in a single YAML file. No scripts, no surprises.
🧰 My Frankencluster
My home lab isn’t fancy. It’s a ragtag crew of:
- 🧱 Old Mac Minis (2012-era Core i5s with tiny fans that still boot)
- 🍓 Raspberry Pi 4s (plucky little nodes that get the job done)
- 🤖 Jetson Nano (when you want to run an LLM while pretending it’s a toaster)
- 📦 Synology DS720+ NAS (a two-bay workhorse with enough storage to hold all my Helm charts and baby photos)
Each one of these has its quirks, but that’s part of the joy. The best part? Talos supports ARM64 and x86_64 just fine, and Kubernetes doesn’t care what hardware your pods run on—as long as your YAML is strong.
📦 How to Get Started with Talos
Before you start dreaming about perfect clusters, you need to install Talos. The process is refreshingly modern, even if your hardware isn’t.
Step 1: Download the tools
Head to talos.dev and grab:
talosctl(your remote control)- The appropriate Talos OS image for your hardware:
metal-arm64for Pi/Jetsonmetal-amd64for x86 boxes (like the Mac Mini)
Or install talosctl with Homebrew:
brew install siderolabs/tap/talosctlStep 2: Flash the image
Use balenaEtcher, dd, or any tool to flash the Talos image to a USB stick or SD card. Boot your device from it.
Tip: Some devices (like the Pi 4 or Jetson Nano) might need extra kernel args or boot tweaks—Talos docs cover this pretty well.
⚙️ No Shell? No Problem
Talos isn’t like traditional Linux. There’s no logging into your node and poking around. You build everything up from outside, and talosctl is your scalpel.
First, generate your machine configurations:
talosctl gen config home-cluster https://10.0.1.10:6443This gives you:
controlplane.yaml– the blueprint for control nodesworker.yaml– same idea, but for workload nodestalosconfig– your config for talking to the Talos API
Customize your YAMLs:
- Set
allowSchedulingOnControlPlane: trueif you’re working with limited nodes - Change the install disk (mine wasn’t
/dev/sda, yours probably isn’t either) - Add kernel args if you’re on Raspberry Pi or Jetson Nano
You can check what disks are available like this:
talosctl -n 10.0.1.10 get disks --insecure🚀 Deploy and Bootstrap
Once your node boots into Talos, it’s just a stub—it’s waiting for you to push a config:
talosctl apply-config \
--nodes 10.0.1.10 \
--endpoints 10.0.1.10 \
--file controlplane.yamlAfter applying, the node installs Talos and reboots.
Then, bootstrap Kubernetes:
talosctl bootstrap --nodes 10.0.1.10Give it a minute, and boom—your cluster is alive.
To grab your kubeconfig:
talosctl kubeconfig -n 10.0.1.10🗂️ Persistent Storage with Synology CSI
Eventually, you’ll want your containers to remember things—like where your app stored data, or where your LLM model lives (don’t ask it to redownload 7GB every restart, it will judge you).
Enter: the Synology CSI driver, a nifty Kubernetes storage plugin that turns your NAS into a persistent volume vending machine.
GitHub: Synology CSI Plugin
What you’ll need:
- A Synology NAS (DS720+ in my case) running DSM 7+
- iSCSI enabled and configured
- Kubernetes 1.20+
- A StorageClass and Secret set up to talk to the NAS
Setup steps (TL;DR version):
- Install the CSI plugin with Helm:
helm repo add synology-csi https://synology-open-source.github.io/synology-csi
helm install synology-csi-driver synology-csi/synology-csi-driver \
--namespace kube-system- Create a secret for NAS credentials:
apiVersion: v1
kind: Secret
metadata:
name: synology-secret
namespace: kube-system
type: Opaque
stringData:
username: "admin"
password: "your-nas-password"- Create a StorageClass:
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: synology-iscsi
provisioner: csi.san.synology.com
parameters:
protocol: iscsi
location: 10.0.1.100
fsType: ext4
reclaimPolicy: Retain
volumeBindingMode: Immediate- Make a PVC:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: my-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: synology-iscsi
resources:
requests:
storage: 10GiTalos tips:
Talos already has iSCSI support baked in. Just make sure the NAS is reachable, and nothing’s blocking port 3260.
🎉 Wrap-Up
Talos isn’t for everyone—but if you’re into treating your infrastructure like code, love declarative configs, and want a rock-solid, minimal OS purpose-built for Kubernetes, it’s hard to beat.
And the best part? It runs beautifully on random old hardware, Jetsons, Pis, and even that dusty Mac Mini in your closet.
Home lab cloud. No shell required.
Software enthusiast with a passion for AI, edge computing, and building intelligent SaaS solutions. Experienced in cloud computing and infrastructure, with a track record of contributing to multiple tech companies in Silicon Valley. Always exploring how emerging technologies can drive real-world impact, from the cloud to the edge.