Simplify Kubernetes with Talos

Estimated read time 9 min read

Learn how to use Kubernetes the easy way with Talos.

Translated from  Making Kubernetes Simple with Talos , author Ritesh.

This year, Kubernetes celebrates its tenth anniversary with the release of v1.30.0, solidifying its position as the cloud platform of choice. Self-managed Kubernetes clusters such as EKS, GKS, and AKS account for 73% of the total clusters, with the remaining 27% being self-managed, as  described by Dynatrace  . The past decade has been the era of public cloud, but due to rising costs, some enterprises are trying to find a balance with hybrid cloud. According to  VMware  , approximately 76% of organizations now utilize multiple clouds, a combination of public and private clouds. Kubernetes allows us to build multi-cloud and private cloud tiers on hardware of choice, and to do so cost-effectively without committing to a specific cloud.

While Kubernetes adoption continues to grow, concerns remain about cost efficiency, reliability, and security. Transitioning from Kubernetes VMs to bare metal infrastructure provides performance benefits by eliminating the hypervisor layer, simplifying troubleshooting processes, and maximizing resource availability for applications. A bare-metal setup gives organizations full control over hardware components for custom optimization for specific workloads. With the right engineering practices and Kubernetes integration, organizations can achieve functional parity with public cloud offerings. Historically, running Kubernetes on bare metal has posed challenges due to operational complexity, particularly in managing the cluster lifecycle. However, these obstacles have been overcome with  the introduction of Talos  , which we will explore further in this article.

Talos is a very streamlined operating system written in Golang. Talos is designed as an operating system-specific operating system for maintaining Kubernetes clusters. To make the Kubernetes infrastructure more reliable, we need to ensure that each node is running the same version of the operating system. Talos can help us keep our Kubernetes infrastructure reliable and consistent by adding the immutable philosophy that Talos is built on.

Talos always runs as a SquashFS image, which is a read-only file system in Linux. The total size of the Talos SquashFS image is approximately 80M. Talos intentionally omits components such as systemd, GNU utilities, console packages, bash or SSH binaries to minimize the attack surface and reduce the possibility of security vulnerabilities. Instead, it relies on a modern API for managing system operations.

Talos contains only what you need. Instead, everything is managed by a modern API. Talos is very focused on the idea of ​​immutable infrastructure.

What is immutable infrastructure?

Immutable Infrastructure Once a system is deployed, you cannot make any changes to it; this concept is called immutable infrastructure. If a change is required in immutable infrastructure, a new infrastructure is created with the required modifications instead of changing the existing infrastructure. Having an immutable infrastructure makes staging, staging, and production environments more consistent. Maintaining consistency between nodes is paramount on bare metal k8s infrastructure. In this type of infrastructure, our applications are tightly coupled with the operating system, which is the disadvantage of immutable systems.

Benefits of using Talos

  1. Talos maintains consistency across the entire system and avoids any configuration changes. Talos calls this “predictability.”
  2. Talos aims to make Kubernetes infrastructure fully immutable, thereby enhancing reliability, security, and consistency. This makes Talos ideal for bare metal servers running Kubernetes.
  3. Talos is designed to be immutable, so it runs on RAM, not disk. Because Talos is a SquashFS image, it has fewer write points, which are ephemeral in nature.
  4. Talos is highly secure.
  5. Talos is a very lightweight operating system with about 12 binaries, all used to run Kubernetes.
  6. Talos is API driven.
  7. Talos follows the recommendations given by KSPP (Kernel Self-Protection Project) –  KSPP documentation

Example

Talos is great for self-managing Kubernetes clusters, but  platforms such as CIVO  provide support for deploying Kubernetes clusters using Talos. Here are some use cases for running Kubernetes with Talos.

1. Edge applications:

To manage large-scale clusters of edge devices, Kubernetes is one of the best options as it is not only designed for container orchestration but also manages edge devices efficiently. To ensure reliability and security of edge applications, have a secure and reliable Kubernetes

2. Kuberntes on bare metal:

Using Kubernetes on bare metal removes unnecessary abstractions and gives our applications full control of the hardware. Talos is an excellent choice for deploying Kubernetes on bare metal servers. It eliminates unnecessary configuration and troubleshooting and makes it easy to deploy Kubernetes on bare metal.

3. AI & Machine Learning Workloads:

Kubernetes proves to be an ideal platform for testing and training new machine learning models, enabling seamless deployment to larger scale environments. Maintaining consistency in deployment is critical to ensuring safe and stable model deployment. Talos plays a key role in this process by providing a consistent environment that enables reliable model scaling based on demand.

architecture and design

Talos Architecture consists of many different components with defined gRPC interfaces. Communication between all Talos components occurs via gRPC.

Talos file system partition

  • EFI: Stores EFI boot data.
  • BIOS: used for GRUB second stage boot.
  • Boot: used for boot loader, stores initramfs and kernel data.
  • Meta: Stores metadata about Talos nodes.
  • State: stores machine configuration.
  • Ephemeral: Mounted on /var, used to store temporary data.

Talos’s file system has 3 layers:

  1. rootfs: It is the read-only core squashfs layer. Then mount Squashfs in memory as a loop device.
  2. tmpfs: This file system is used for runtime specific needs.
  3. system: Required for internal operations.

For example, Talos will write to /system/etc/hosts and then bind it to /etc/hosts. Talos does not make /etc writable, but only specific parts of /etc. /system is completely recreated on every boot. In order to achieve persistence at startup, Talos creates an overlay file system. Kubernetes owns /var. This directory is used by etcd for writing data. We added the “–preserve” option to avoid deleting this data on upgrade, it will only be deleted when the machine is upgraded or reset.

components

talosctl is a CLI tool for interacting with all components in Talos. Similar to kubectl how we use  kube-api talosctl to interact with apid.

  • apid: Talos is API driven and apid is responsible for providing gRPC endpoints to interact with different components. apid Present on every node, including the control plane.

Talos architecture

  • machined: It is responsible for processing API requests from apid and performing resource and control management.
  • trustd: It is a daemon process used to establish trust in the system. It is used to establish trust between nodes.
  • udevd: It is used to set up necessary links in /dev.

Controllers and resources

  • Resources : They are similar to resources in Kubernetes, resources are of different types and contain metadata such as namespace, type, etc. A resource is uniquely identified by its namespace. The “Machine Configuration” resource reflects the current machine configuration.
  • Controller : In Talos, controllers run as threads. A controller can manage multiple resource types, and each resource type can have many resources. To avoid conflicts, only one controller is responsible for managing a specific resource type in the namespace. Talos stores the resource types defined for the controller in the meta namespace.

Demo

In this article, we will use Docker to demonstrate this functionality since bare metal is not yet available. Subscribe to our blog as we plan to cover how to run Talos on bare metal in a future article. We will learn how to create a Kubernetes cluster using Docker.

Set up Docker and Talos clusters

prerequisites

Before continuing, please make sure you have the following software installed:

  • Docker Engine
  • Kubectl
  • talosctl

Note: The talosctl and Talos operating system ISO image versions should be the same. For more information, please view the release information.

Mac:

brew install siderolabs/tap/talosctl

Linux:

wget https://github.com/siderolabs/talos/releases/download/v1.7.0/talosctl-linux-amd64
chmod +x talosctl-linux-amd64
./talosctl-linux-amd64
sudo mv ./talosctl-linux-amd64 /usr/local/bin

Install a three-node cluster using docker and talosctl. The following command will create a 3-node cluster (controlplane, workernode-1, workernode-2).

talosctl cluster create --workers 2

Let us check the number of nodes created and the operating system information

kubectl get nodes -o wide
kubectl get node talos-default-worker-1 -o json | jq -r '.status.nodeInfo.osImage'

Let’s clean and delete the cluster

in conclusion

Talos plays a vital role in managing Kubernetes environments. Its simplicity greatly simplifies the configuration of Kubernetes clusters. Talos’ immutable philosophy greatly enhances the security and consistency of the infrastructure.

Frequently Asked Questions

Talos and k3s

There is no direct comparison between Talos and k3s. However, when considering deploying a Kubernetes cluster, k3s requires an operating system and has other dependencies that vary depending on the underlying operating system. Talos’ focus is on running Kubernetes clusters using its immutable philosophy to maintain its security and reliability. Talos makes Kubernetes deployment easier.

What binaries does Talos include?

  • The binaries in Talos  init are responsible for running the kubelet and container runtime.
  • Containerd is the runtime in Talos, along with runc.
  • Modprobe is used to load modules for certain binaries. Modules can be added to Talos, or we can use   pre-built modules from Image Factory .
  • For volume management, use lvm.
  • udevd is used to collect messages from the kernel and pass them to other systems.
  • Binaries such as xfs_repair are used to repair XFS file systems.

Is Talos free?

Talos is a free and open source operating system covered by the Mozilla Public License version 2.0, which allows commercial use.  See more information in the  Talos Github repository .

Why use Talos?

Talos makes Kubernetes environments more secure and reliable. As we all know, Talos is suitable for distributed systems such as Kubernetes. If you want your Kubernetes environment to be more secure and reliable, you should use Talos.

You May Also Like

More From Author

+ There are no comments

Add yours