doc(1.6.0): Talos Linux support

longhorn-3161 Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>
longhorn · Jan 3, 2024 · 327d2e5 · 327d2e5
1 parent 447eb00
commit 327d2e5
Show file tree

Hide file tree

Showing 3 changed files with 71 additions and 0 deletions.
diff --git a/content/docs/1.6.0/advanced-resources/os-distro-specific/talos-linux-support.md b/content/docs/1.6.0/advanced-resources/os-distro-specific/talos-linux-support.md
@@ -0,0 +1,65 @@
+---
+title:  Talos Linux Support
+weight: 5
+---
+
+## Requirements
+
+You must meet the following requirements before installing Longhorn on a Talos Linux cluster.
+
+### System Extensions
+
+Some Longhorn-dependent binary executables are not present in the default Talos root filesystem. To have access to these binaries, Talos offers system extension mechanism to extend the installation.
+
+- `siderolabs/iscsi-tools`: this extension enables iscsid daemon and iscsiadm to be available to all nodes for the Kubernetes persistent volumes operations.
+- `siderolabs/util-linux-tools`: this extension enables linux tool to be available to all nodes. For example, the `fstrim` binary is used for Longhorn volume trimming.
+
+The most straightforward method is patching the extensions onto existing Talos Linux nodes.
+
+```yaml
+customization:
+  systemExtensions:
+    officialExtensions:
+      - siderolabs/iscsi-tools
+      - siderolabs/util-linux-tools
+```
+
+For detailed instructions, see the Talos documentation on [System Extensions](https://www.talos.dev/v1.6/talos-guides/configuration/system-extensions/) and [Boot Assets](https://www.talos.dev/v1.6/talos-guides/install/boot-assets/).
+
+### Pod Security
+
+Longhorn requires pod security `enforce: "privileged"`.
+
+
+By default, Talos Linux applies a `baseline` pod security profile across namespaces, except for the kube-system namespace. This default setting restricts Longhorn's ability to manage and access system resources. For more information, see [Root and Privileged Permission](../../../deploy/install/#root-and-privileged-permission).
+
+For detailed instructions, see [Pod Security Policies Disabled & Pod Security Admission Introduction](../../../deploy/important-notes/#pod-security-policies-disabled--pod-security-admission-introduction) and Talos' documentation on [Pod Security](https://www.talos.dev/v1.6/kubernetes-guides/configuration/pod-security/).
+
+### Data Path Mounts
+
+You need provide additional data path mounts to be accessible to the Kubernetes Kubelet container.
+
+These mount is necessary to provide access to the host directories and attaching volumes required by the Longhorn components.
+
+```yaml
+machine:
+  kubelet:
+    extraMounts:
+      - destination: /var/lib/longhorn
+        type: bind
+        source: /var/lib/longhorn
+        options:
+          - bind
+          - rshared
+          - rw
+```
+
+For detailed instructions, see the Talos documentation on [Editing Machine Configuration](https://www.talos.dev/v1.6/talos-guides/configuration/editing-machine-configuration/).
+
+## Limitations
+
+- Exclusive to v1 data volume: currently, within a Talos Linux cluster, Longhorn only supports v1 data volume. The v2 data volume isn't currently supported in this environment.
+
+## References
+
+- [[FEATURE] Talos support](https://github.com/longhorn/longhorn/issues/3161)
diff --git a/content/docs/1.6.0/best-practices.md b/content/docs/1.6.0/best-practices.md
@@ -57,6 +57,7 @@ The following Linux OS distributions and versions have been verified during the
 | 4.  | RHEL         | 9.1
 | 5.  | Oracle Linux | 9.1
 | 6.  | Rocky Linux  | 9.2
+| 7.  | Talos Linux  | 1.6.0
 
 Note: It's recommended to guarantee that the kernel version is at least 5.8 as there is filesystem optimization/improvement since this version. See [this issue](https://github.com/longhorn/longhorn/issues/2507#issuecomment-857195496) for details.
 

diff --git a/content/docs/1.6.0/deploy/install/_index.md b/content/docs/1.6.0/deploy/install/_index.md
@@ -51,6 +51,7 @@ You must perform additional setups before using Longhorn with certain operating
 - K3s clusters: See [Longhorn CSI on K3s](../../advanced-resources/os-distro-specific/csi-on-k3s).
 - RKE clusters with CoreOS: See [Longhorn CSI on RKE and CoreOS](../../advanced-resources/os-distro-specific/csi-on-rke-and-coreos).
 - OCP/OKD clusters: See [OKD Support](../../advanced-resources/os-distro-specific/okd-support).
+- Talos Linux clusters: See [Talos Linux Support](../../advanced-resources/os-distro-specific/talos-linux-support).
 
 ### Using the Environment Check Script
 
@@ -158,6 +159,8 @@ You may need to edit the cluster security group to allow SSH access.
   systemctl start iscsid
   ```
 
+- Talos Linux: See [Talos Linux Support](../../advanced-resources/os-distro-specific/talos-linux-support).
+
 Please ensure iscsi_tcp module has been loaded before iscsid service starts. Generally, it should be automatically loaded along with the package installation.
 
 ```
@@ -225,6 +228,8 @@ The command used to install a NFSv4 client differs depending on the Linux distri
   zypper install nfs-client
   ```
 
+- For Talos Linux, [the NFS client is part of the `kubelet` image maintained by the Talos team](https://www.talos.dev/v1.6/kubernetes-guides/configuration/storage/#nfs).
+
 We also provide an `nfs` installer to make it easier for users to install `nfs-client` automatically:
 ```
 kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/v{{< current-version >}}/deploy/prerequisite/longhorn-nfs-installation.yaml