longhorn · innobead · Jan 3, 2024 · Dec 29, 2023 · Dec 26, 2023
@@ -0,0 +1,65 @@
+---
+title:  Talos Linux Support
+weight: 5
+---
+
+## Requirements
+
+You must meet the following requirements before installing Longhorn on a Talos Linux cluster.
+
+### System Extensions
+
+Some Longhorn-dependent binary executables are not present in the default Talos root filesystem. To have access to these binaries, Talos offers system extension mechanism to extend the installation.
+
+- `siderolabs/iscsi-tools`: this extension enables iscsid daemon and iscsiadm to be available to all nodes for the Kubernetes persistent volumes operations.
+- `siderolabs/util-linux-tools`: this extension enables linux tool to be available to all nodes. For example, the `fstrim` binary is used for Longhorn volume trimming.
+
+The most straightforward method is patching the extensions onto existing Talos Linux nodes.
+
+```yaml
+customization:
+  systemExtensions:
+    officialExtensions:
+      - siderolabs/iscsi-tools
+      - siderolabs/util-linux-tools
+```
+
+For detailed instructions, see the Talos documentation on [System Extensions](https://www.talos.dev/v1.6/talos-guides/configuration/system-extensions/) and [Boot Assets](https://www.talos.dev/v1.6/talos-guides/install/boot-assets/).
+
+### Pod Security
+
+Longhorn requires pod security `enforce: "privileged"`.
+
+
+By default, Talos Linux applies a `baseline` pod security profile across namespaces, except for the kube-system namespace. This default setting restricts Longhorn's ability to manage and access system resources. For more information, see [Root and Privileged Permission](../../../deploy/install/#root-and-privileged-permission).
+
+For detailed instructions, see [Pod Security Policies Disabled & Pod Security Admission Introduction](../../../deploy/important-notes/#pod-security-policies-disabled--pod-security-admission-introduction) and Talos' documentation on [Pod Security](https://www.talos.dev/v1.6/kubernetes-guides/configuration/pod-security/).
+
+### Data Path Mounts
+
+You need provide additional data path mounts to be accessible to the Kubernetes Kubelet container.
+
+These mount is necessary to provide access to the host directories and attaching volumes required by the Longhorn components.
+
+```yaml
+machine:
+  kubelet:
+    extraMounts:
+      - destination: /var/lib/longhorn
+        type: bind
+        source: /var/lib/longhorn
+        options:
+          - bind
+          - rshared
+          - rw
+```
+
+For detailed instructions, see the Talos documentation on [Editing Machine Configuration](https://www.talos.dev/v1.6/talos-guides/configuration/editing-machine-configuration/).
+
+## Limitations
+
+- Exclusive to v1 data volume: currently, within a Talos Linux cluster, Longhorn only supports v1 data volume. The v2 data volume isn't currently supported in this environment.
+
+## References
+
+- [[FEATURE] Talos support](https://github.com/longhorn/longhorn/issues/3161)
@@ -57,6 +57,7 @@ The following Linux OS distributions and versions have been verified during the
 | 4.  | RHEL         | 9.1
 | 5.  | Oracle Linux | 9.1
 | 6.  | Rocky Linux  | 9.2
+| 7.  | Talos Linux  | 1.6.0
 
 Note: It's recommended to guarantee that the kernel version is at least 5.8 as there is filesystem optimization/improvement since this version. See [this issue](https://github.com/longhorn/longhorn/issues/2507#issuecomment-857195496) for details.
 

@@ -45,10 +45,13 @@ For the minimum recommended hardware, refer to the [best practices guide.](../..
 
 ### OS/Distro Specific Configuration
 
-- **Google Kubernetes Engine (GKE)** requires some additional setup for Longhorn to function properly. If you're a GKE user, refer to [this section](../../advanced-resources/os-distro-specific/csi-on-gke) for details.
-- **K3s clusters** require some extra setup. Refer to [this section](../../advanced-resources/os-distro-specific/csi-on-k3s)
-- **RKE clusters with CoreOS** need [this configuration.](../../advanced-resources/os-distro-specific/csi-on-rke-and-coreos)
-- **OCP/OKD clusters** require some extra setup. Refer to [this section](../../advanced-resources/os-distro-specific/okd-support)
+You must perform additional setups before using Longhorn with certain operating systems and distributions.
+
+- Google Kubernetes Engine (GKE): See [Longhorn CSI on GKE](../../advanced-resources/os-distro-specific/csi-on-gke).
+- K3s clusters: See [Longhorn CSI on K3s](../../advanced-resources/os-distro-specific/csi-on-k3s).
+- RKE clusters with CoreOS: See [Longhorn CSI on RKE and CoreOS](../../advanced-resources/os-distro-specific/csi-on-rke-and-coreos).
+- OCP/OKD clusters: See [OKD Support](../../advanced-resources/os-distro-specific/okd-support).
+- Talos Linux clusters: See [Talos Linux Support](../../advanced-resources/os-distro-specific/talos-linux-support).
 
 ### Using the Environment Check Script
 
@@ -138,26 +141,25 @@ For GKE, we recommend using Ubuntu as the guest OS image since it contains`open-
 
 You may need to edit the cluster security group to allow SSH access.
 
-For SUSE and openSUSE, use this command:
-
-```
-zypper install open-iscsi
-```
-
-For Debian and Ubuntu, use this command:
+- SUSE and openSUSE: Run the following command:
+  ```
+  zypper install open-iscsi
+  ```
 
-```
-apt-get install open-iscsi
-```
+- Debian and Ubuntu: Run the following command:
+  ```
+  apt-get install open-iscsi
+  ```
 
-For RHEL, CentOS, and EKS with EKS Kubernetes Worker AMI with AmazonLinux2 image, use below commands:
+- RHEL, CentOS, and EKS *(EKS Kubernetes Worker AMI with AmazonLinux2 image)*: Run the following commands:
+  ```
+  yum --setopt=tsflags=noscripts install iscsi-initiator-utils
+  echo "InitiatorName=$(/sbin/iscsi-iname)" > /etc/iscsi/initiatorname.iscsi
+  systemctl enable iscsid
+  systemctl start iscsid
+  ```
 
-```
-yum --setopt=tsflags=noscripts install iscsi-initiator-utils
-echo "InitiatorName=$(/sbin/iscsi-iname)" > /etc/iscsi/initiatorname.iscsi
-systemctl enable iscsid
-systemctl start iscsid
-```
+- Talos Linux: See [Talos Linux Support](../../advanced-resources/os-distro-specific/talos-linux-support).
 
 Please ensure iscsi_tcp module has been loaded before iscsid service starts. Generally, it should be automatically loaded along with the package installation.
 
@@ -226,6 +228,8 @@ The command used to install a NFSv4 client differs depending on the Linux distri
   zypper install nfs-client
   ```
 
+- For Talos Linux, [the NFS client is part of the `kubelet` image maintained by the Talos team](https://www.talos.dev/v1.6/kubernetes-guides/configuration/storage/#nfs).
+
 We also provide an `nfs` installer to make it easier for users to install `nfs-client` automatically:
 ```
 kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/v{{< current-version >}}/deploy/prerequisite/longhorn-nfs-installation.yaml