2.2 Install Tooling¶
Install the tools required to provision and manage the RCIIS infrastructure. The tools you need depend on your deployment model — universal tools are listed first, followed by model-specific tools.
Universal Tools (All Deployment Models)¶
These tools are required regardless of which deployment model you choose.
talosctl¶
The talosctl version must match the Talos version used in your cluster.
# Install via the official install script
curl -sL https://talos.dev/install | sh
# Or download a specific version (Apple Silicon)
curl -LO https://github.com/siderolabs/talos/releases/download/v1.12.0/talosctl-darwin-arm64
chmod +x talosctl-darwin-arm64
sudo mv talosctl-darwin-arm64 /usr/local/bin/talosctl
# Intel Mac — use darwin-amd64 instead
# Verify
talosctl version --client
# Install via the official install script
curl -sL https://talos.dev/install | sh
# Or download a specific version
curl -LO https://github.com/siderolabs/talos/releases/download/v1.12.0/talosctl-linux-amd64
chmod +x talosctl-linux-amd64
sudo mv talosctl-linux-amd64 /usr/local/bin/talosctl
# Verify
talosctl version --client
kubectl¶
Utilities¶
Provisioning Tools¶
Required Tools¶
| Tool | Version | Purpose |
|---|---|---|
| Terraform | >= 1.5 | Infrastructure-as-Code engine |
| AWS CLI | v2 | AWS API interaction, AMI registration, S3 uploads |
| xz | Any | Decompress Talos disk images before S3 upload |
Install Terraform¶
# Add HashiCorp GPG key and repository
wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt-get update && sudo apt-get install -y terraform
# Verify
terraform --version
Install AWS CLI v2¶
Configure your AWS profile (same on all platforms):
Install xz¶
# Install via the official install script
curl -sL https://talos.dev/install | sh
# Or download a specific version (Apple Silicon)
curl -LO https://github.com/siderolabs/talos/releases/download/v1.12.2/talosctl-darwin-arm64
chmod +x talosctl-darwin-arm64
sudo mv talosctl-darwin-arm64 /usr/local/bin/talosctl
# Intel Mac — use darwin-amd64 instead
# curl -LO https://github.com/siderolabs/talos/releases/download/v1.12.2/talosctl-darwin-amd64
# Verify
talosctl version --client
# Install via the official install script
curl -sL https://talos.dev/install | sh
# Or download a specific version
curl -LO https://github.com/siderolabs/talos/releases/download/v1.12.2/talosctl-linux-amd64
chmod +x talosctl-linux-amd64
sudo mv talosctl-linux-amd64 /usr/local/bin/talosctl
# Verify
talosctl version --client
For other methods, see the talosctl getting started guide.
Install Utilities¶
Required Tools¶
| Tool | Purpose |
|---|---|
| ipmitool | Out-of-band server management (power, BIOS, console) |
| PXE infrastructure | Network boot Talos onto servers (dnsmasq or existing PXE) |
| SSH client | Access to network switches and IPMI interfaces |
Install ipmitool¶
ipmitool provides remote management of server hardware via IPMI/BMC interfaces — power control, BIOS access, serial-over-LAN console.
PXE Boot Infrastructure¶
If you plan to boot multiple servers over the network, you need a PXE server. If you already have PXE infrastructure (e.g., Cobbler, Foreman, MAAS), configure it to serve the Talos kernel and initramfs.
For a minimal setup, dnsmasq can serve both DHCP and TFTP:
Note
If you are installing Talos via ISO or USB on a small number of servers, PXE is not required. See Provision Compute for alternative boot methods.
SSH Client¶
SSH is used for managing network switches and accessing IPMI web consoles via tunnels. After Talos is installed, all node management is via talosctl — Talos does not run an SSH server.
SSH is pre-installed on macOS and most Linux distributions. On Windows, OpenSSH is included in Windows 10+.
Required Tools¶
| Tool | Version | Purpose |
|---|---|---|
| Terraform | >= 1.5 | Infrastructure-as-Code for VM provisioning |
| bpg/proxmox provider | ~> 0.86.0 | Terraform provider for Proxmox VE API |
| siderolabs/talos provider | ~> 0.9.0 | Terraform provider for Talos machine config and bootstrap |
| SSH client | Any | Proxmox node access (required by the Terraform provider) |
Install Terraform¶
# Add HashiCorp GPG key and repository
wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt-get update && sudo apt-get install -y terraform
# Verify
terraform --version
Terraform Providers¶
The providers are downloaded automatically when you run terraform init in the project directory. The required providers are declared in terraform/cluster/main.tf:
required_providers {
proxmox = {
source = "bpg/proxmox"
version = "~> 0.86.0"
}
talos = {
source = "siderolabs/talos"
version = "~> 0.9.0"
}
}
To download them:
SSH Client and Agent¶
The bpg/proxmox Terraform provider requires SSH access to the Proxmox node for disk import and template operations. The provider is configured with ssh { agent = true }, which means your SSH agent must be running with a key that can authenticate to the Proxmox node.
# Start SSH agent (if not already running)
eval "$(ssh-agent -s)"
# Add your key
ssh-add ~/.ssh/id_rsa
# Verify you can SSH to the Proxmox node
ssh root@<proxmox-host>
Proxmox CLI Tools (On-Node)¶
The following tools are available directly on the Proxmox node and are useful for template creation and debugging. You do not need to install them on your workstation:
| Tool | Purpose |
|---|---|
qm |
Create, configure, and manage QEMU/KVM virtual machines |
pvecm |
Proxmox cluster management |
pvesh |
Proxmox API shell (useful for scripting) |
pvesm |
Storage management |