1.1 Choose Your Deployment Model¶
This manual supports three deployment models for hosting RCIIS infrastructure. All models run Talos Linux as the Kubernetes operating system and use the same application stack — the difference is where and how the underlying compute, networking, and storage are provisioned.
Select the model that matches your environment, then follow the corresponding tab throughout the manual.
Deployment Models¶
AWS¶
Fully cloud-hosted on Amazon Web Services. Infrastructure is provisioned using Formae (Pkl-based IaC) and includes:
- Compute: EC2 instances running Talos Linux from a custom AMI
- Networking: VPC with public/private subnets, NAT gateways, internet gateway
- Load Balancing: Network Load Balancer (NLB) for Kubernetes API (6443) and Talos API (50000)
- Storage: Encrypted gp3 EBS volumes
- Security: Security groups, IAM roles, KMS encryption at rest
Bare Metal¶
Talos Linux installed directly on physical servers. You manage the hardware, network switches, and power infrastructure. Typical components:
- Compute: Physical servers booted via PXE or USB with Talos Linux
- Networking: Physical switches, VLANs, static IP assignments
- Load Balancing: HAProxy, MetalLB, or an external hardware load balancer
- Storage: Local disks, NVMe, or SAN-attached volumes
- Security: Firewall appliances, physical access controls
Proxmox VMs¶
Talos Linux running as virtual machines on a Proxmox VE hypervisor. Suited for on-premise environments that already have Proxmox infrastructure:
- Compute: QEMU/KVM virtual machines managed through the Proxmox API
- Networking: Virtual bridges, VLANs managed in Proxmox
- Load Balancing: HAProxy VM or external load balancer
- Storage: Proxmox storage pools (ZFS, Ceph, LVM)
- Security: Proxmox firewall rules, VLAN isolation
Key Differences¶
| Aspect | AWS | Bare Metal | Proxmox VMs |
|---|---|---|---|
| Provisioning tool | Formae (Pkl) | PXE / USB boot | Proxmox API / Terraform |
| Network model | VPC + subnets | Physical switches + VLANs | Virtual bridges + VLANs |
| Load balancer | AWS NLB | HAProxy / MetalLB | HAProxy / MetalLB |
| Storage | EBS gp3 volumes | Local disk / SAN | Proxmox storage pools |
| Encryption at rest | KMS-managed EBS encryption | LUKS / dm-crypt | LUKS / ZFS encryption |
| Talos install method | AMI boot | PXE / ISO / USB | ISO / cloud-init |
How Tab Groups Work¶
Throughout this manual, instructions that differ by deployment model are presented in tabbed sections. Select your model once — the selection carries across all pages:
You will see AWS-specific instructions: Formae modules, AWS CLI commands, and EC2/VPC configuration.
You will see Bare Metal instructions: PXE boot setup, network switch configuration, and hardware-specific steps.
You will see Proxmox instructions: VM creation via the Proxmox API, virtual networking, and storage pool configuration.
Section Applicability¶
| Section | AWS | Bare Metal | Proxmox VMs |
|---|---|---|---|
| 2.3 Hardware Setup | x | ||
| 7.6 Cost Management | x | ||
| All other sections | x | x | x |