Learn how to use Kubernetes the easy way with Talos.
Translated from Making Kubernetes Simple with Talos , author Ritesh.
This year, Kubernetes celebrates its tenth anniversary with the release of v1.30.0, solidifying its position as the cloud platform of choice. Self-managed Kubernetes clusters such as EKS, GKS, and AKS account for 73% of the total clusters, with the remaining 27% being self-managed, as described by Dynatrace . The past decade has been the era of public cloud, but due to rising costs, some enterprises are trying to find a balance with hybrid cloud. According to VMware , approximately 76% of organizations now utilize multiple clouds, a combination of public and private clouds. Kubernetes allows us to build multi-cloud and private cloud tiers on hardware of choice, and to do so cost-effectively without committing to a specific cloud.
While Kubernetes adoption continues to grow, concerns remain about cost efficiency, reliability, and security. Transitioning from Kubernetes VMs to bare metal infrastructure provides performance benefits by eliminating the hypervisor layer, simplifying troubleshooting processes, and maximizing resource availability for applications. A bare-metal setup gives organizations full control over hardware components for custom optimization for specific workloads. With the right engineering practices and Kubernetes integration, organizations can achieve functional parity with public cloud offerings. Historically, running Kubernetes on bare metal has posed challenges due to operational complexity, particularly in managing the cluster lifecycle. However, these obstacles have been overcome with the introduction of Talos , which we will explore further in this article.
Talos is a very streamlined operating system written in Golang. Talos is designed as an operating system-specific operating system for maintaining Kubernetes clusters. To make the Kubernetes infrastructure more reliable, we need to ensure that each node is running the same version of the operating system. Talos can help us keep our Kubernetes infrastructure reliable and consistent by adding the immutable philosophy that Talos is built on.
Talos always runs as a SquashFS image, which is a read-only file system in Linux. The total size of the Talos SquashFS image is approximately 80M. Talos intentionally omits components such as systemd, GNU utilities, console packages, bash or SSH binaries to minimize the attack surface and reduce the possibility of security vulnerabilities. Instead, it relies on a modern API for managing system operations.
Talos contains only what you need. Instead, everything is managed by a modern API. Talos is very focused on the idea of immutable infrastructure.
What is immutable infrastructure?
Immutable Infrastructure Once a system is deployed, you cannot make any changes to it; this concept is called immutable infrastructure. If a change is required in immutable infrastructure, a new infrastructure is created with the required modifications instead of changing the existing infrastructure. Having an immutable infrastructure makes staging, staging, and production environments more consistent. Maintaining consistency between nodes is paramount on bare metal k8s infrastructure. In this type of infrastructure, our applications are tightly coupled to the operating system, which is the disadvantage of immutable systems.
Benefits of using Talos
- Talos maintains consistency across the entire system and avoids any configuration changes. Talos calls this “predictability.”
- Talos aims to make Kubernetes infrastructure fully immutable, thereby enhancing reliability, security, and consistency. This makes Talos ideal for bare metal servers running Kubernetes.
- Talos is designed to be immutable, so it runs on RAM, not disk. Because Talos is a SquashFS image, it has fewer write points, which are ephemeral in nature.
- Talos is highly secure.
- Talos is a very lightweight operating system with about 12 binaries, all used to run Kubernetes.
- Talos is API driven.
- Talos follows the recommendations given by KSPP (Kernel Self-Protection Project) - KSPP documentation
Example
Talos is great for self-managing Kubernetes clusters, but platforms such as CIVO provide support for deploying Kubernetes clusters using Talos. Here are some use cases for running Kubernetes with Talos.
1. Edge applications:
To manage large-scale clusters of edge devices, Kubernetes is one of the best options as it is not only designed for container orchestration but also manages edge devices efficiently. To ensure reliability and security of edge applications, have a secure and reliable Kubernetes
2. Kuberntes on bare metal:
Using Kubernetes on bare metal removes unnecessary abstractions and gives our applications full control of the hardware. Talos is an excellent choice for deploying Kubernetes on bare metal servers. It eliminates unnecessary configuration and troubleshooting and makes it easy to deploy Kubernetes on bare metal.
3. AI & Machine Learning Workloads:
Kubernetes proves to be an ideal platform for testing and training new machine learning models, enabling seamless deployment to larger scale environments. Maintaining consistency in deployment is critical to ensuring safe and stable model deployment. Talos plays a key role in this process by providing a consistent environment that enables reliable model scaling based on demand.
architecture and design
Talos Architecture consists of many different components with defined gRPC interfaces. Communication between all Talos components occurs via gRPC.
Talos file system partition
- EFI: Stores EFI boot data.
- BIOS: used for GRUB second stage boot.
- Boot: used for boot loader, stores initramfs and kernel data.
- Meta: Stores metadata about Talos nodes.
- State: stores machine configuration.
- Ephemeral: Mounted on /var, used to store temporary data.
Talos's file system has 3 layers:
- rootfs: It is the read-only core squashfs layer. Then mount Squashfs in memory as a loop device.
- tmpfs: This file system is used for runtime specific needs.
- system: Required for internal operations.
For example, Talos will write to /system/etc/hosts and then bind it to /etc/hosts. Talos does not make /etc writable, but only specific parts of /etc. /system is completely recreated on every boot. In order to achieve persistence at startup, Talos creates an overlay file system. Kubernetes owns /var. This directory is used by etcd for writing data. We added the "--preserve" option to avoid deleting this data on upgrade, it will only be deleted when the machine is upgraded or reset.
components
talosctlis a CLI tool for interacting with all components in Talos. Similar to kubectlhow we use kube-api talosctlto interact with apid.
- apid: Talos is API driven and
apidis responsible for providing gRPC endpoints to interact with different components.apidPresent on every node, including the control plane.
Talos architecture
- machined: It is responsible for processing API requests from apid and performing resource and control management.
- trustd: It is a daemon process used to establish trust in the system. It is used to establish trust between nodes.
- udevd: It is used to set up necessary links in /dev.
Controllers and Resources
- Resources : They are similar to resources in Kubernetes, resources are of different types and contain metadata such as namespace, type, etc. A resource is uniquely identified by its namespace. The "Machine Configuration" resource reflects the current machine configuration.
- Controller : In Talos, controllers run as threads. A controller can manage multiple resource types, and each resource type can have many resources. To avoid conflicts, only one controller is responsible for managing a specific resource type in the namespace. Talos stores the resource types defined for the controller in the meta namespace.
Demo
In this article, we will use Docker to demonstrate this functionality since bare metal is not yet available. Subscribe to our blog as we plan to cover how to run Talos on bare metal in a future article. We will learn how to create a Kubernetes cluster using Docker.
Set up Docker and Talos clusters
prerequisites
Before continuing, please make sure you have the following software installed:
- Docker Engine
- Kubectl
- talosctl
Note: The talosctl and Talos operating system ISO image versions should be the same. For more information, please view the release information.
Mac:
brew install siderolabs/tap/talosctl
Linux:
wget https://github.com/siderolabs/talos/releases/download/v1.7.0/talosctl-linux-amd64
chmod +x talosctl-linux-amd64
./talosctl-linux-amd64
sudo mv ./talosctl-linux-amd64 /usr/local/bin
Install a three-node cluster using docker and talosctl. The following command will create a 3-node cluster (controlplane, workernode-1, workernode-2).
talosctl cluster create --workers 2
Let us check the number of nodes created and the operating system information
kubectl get nodes -o wide
kubectl get node talos-default-worker-1 -o json | jq -r '.status.nodeInfo.osImage'
Let's clean and delete the cluster
in conclusion
Talos plays a vital role in managing Kubernetes environments. Its simplicity greatly simplifies the configuration of Kubernetes clusters. Talos' immutable philosophy greatly enhances the security and consistency of the infrastructure.
Frequently Asked Questions
Talos and k3s
There is no direct comparison between Talos and k3s. However, when considering deploying a Kubernetes cluster, k3s requires an operating system and has other dependencies that vary depending on the underlying operating system. Talos' focus is on running Kubernetes clusters using its immutable philosophy to maintain its security and reliability. Talos makes Kubernetes deployment easier.
What binaries does Talos include?
- The binaries in Talos
initare responsible for running the kubelet and container runtime. - Containerd is the runtime in Talos, along with runc.
- Modprobe is used to load modules for certain binaries. Modules can be added to Talos, or we can use pre-built modules from Image Factory .
- For volume management, use lvm.
- udevd is used to collect messages from the kernel and pass them to other systems.
- Binaries such as xfs_repair are used to repair XFS file systems.
Is Talos free?
Talos is a free and open source operating system covered by the Mozilla Public License version 2.0, which allows commercial use. See more information in the Talos Github repository .
Why use Talos?
Talos makes Kubernetes environments more secure and reliable. As we all know, Talos is suitable for distributed systems such as Kubernetes. If you want your Kubernetes environment to be more secure and reliable, you should use Talos.
Can we run Talos on bare metal?
Talos is ideal if you want to configure Kubernetes on bare metal. Stay tuned to learn how to deploy Talos on bare metal, subscribe to our posts or contact us directly to discuss the matter further.
Who provides additional support for Talos?
- Sidero Labs
- CloudRaft is used for implementation and support. Contact us to discuss further.
RustDesk suspends domestic services due to rampant fraud Apple releases M4 chip Taobao (taobao.com) restarts web version optimization work High school students create their own open source programming language as a coming-of-age gift - Netizens' critical comments: Relying on the defense Yunfeng resigned from Alibaba, and plans to produce in the future The destination for independent game programmers on the Windows platform . Visual Studio Code 1.89 releases Java 17. It is the most commonly used Java LTS version. Windows 10 has a market share of 70%, and Windows 11 continues to decline. Open Source Daily | Google supports Hongmeng to take over; open source Rabbit R1; Docker supports Android phones; Microsoft’s anxiety and ambitions; Haier Electric has shut down the open platformThis article was first published on Yunyunzhongsheng ( https://yylives.cc/ ), everyone is welcome to visit.