Talos Linux - The Best OS For Kubernetes
Vložit
- čas přidán 22. 06. 2024
- In this video, I go over the reasons for which I believe using a traditional operating system is not a good choice to host our Kubernets clusters and I present what I think is a much better choice: Talos Linux.
USEFUL LINKS
============
Associated blog post: mirceanton.com/posts/2023-11-...
Talos Linux Docs: www.talos.dev/v1.5/
Talos Linux Config Reference: www.talos.dev/v1.5/reference/...
talosctl CLI Reference: www.talos.dev/v1.5/reference/...
Talos GitHub Repo: github.com/siderolabs/talos
My home-ops GitHub Repo: github.com/mirceanton/home-ops/
TIMESTAMPS
===========
00:00 Intro
00:32 The Old Way of Doing Things
03:31 What is Talos Linux?
05:46 Demo Overview
06:05 Demo Setup
08:01 Preparing the config files
14:55 Pushing the config files to the cluster
15:48 Configuring `talosctl`
18:15 Bootstrapping Kubernetes
20:46 Deploying a Test Workload
22:10 Conclusion
23:27 Outro
ABOUT MY CHANNEL
My channel is about all things HomeLab and DevOps. I cover lots of cool stuff such as Proxmox, Kubernetes and Virtualization.
Check out my channel here:
@mirceanton
Don’t forget to subscribe! / @mirceanton
FIND ME AT
==========
mirceanton.com/
FOLLOW ME ON SOCIAL
====================
Here's where you can find me on other online platforms:
Instagram: / _mirceanton
Reddit: / mikeanth
GitHub: github.com/mirceanton
LinkedIn: / mirceanton
CREDITS
=======
Music By:
Rain, Book And Cup Of Tea by | e s c p | www.escp.space
escp-music.bandcamp.com - Věda a technologie
An excellent POC. I would like to see in the upcoming videos: ingress controller, statefulset and backup&restore. Keep up the good work!🎉🎉
I was looking for an installation guide for Talos Linux. The title doesn't say that, but the video is great. I got what I wanted.
Very nice comprehensive video, looking forward to your next one! ( Kubeti )
You are now my personal hero, thank you for this explanation, and most of all for the clearity, context and the way you did the edit. I looked for many videos and stumbled upon yours, and after all those others, i didnt learn as much as i did in the video you made thats shorter, more to the point and well great. So yes make more of them 😜
awesome video! cannot wait to find a way to apply this to my craft :) keep at it
The topics were really well explained, even for someone who is very new to these concepts. Loved it
Excellent video. Liked an subscribed. Looking forward to your future videos.
Thank you! Will setup this and test. Seems way simpler than my present cluster based on AlmaLinux with Kubernetes installed using kubeadm :)
Nice and very instructive video. Thanks a lot !
K3s is definitely the easiest I've found. Particularly techno Tims ansible playbook. So satisfying watching it run too
Yep, it's definitely an option.
My main gripe with this approach is that you now either rely on TechnoTim to update and maintain that playbook or just assume that responsibility/workload yourself. Also, you now have the underlying OS to update and manage as well
Looking alse forward to your future videos
I appreciate your effort! Si astia pe site zic ca il instalezi cu o singura comanda, ha :))
M-ai făcut curios. O sa încerc Talos in HomeLab-ul meu. Poate ne-om cunoaște când voi trece prin Bucuresti, la un schimb de experiența
Very nice video and useful for me. I had a Talos OS cluster already setup on 3 Intel NUCs with Mayastor as storage solution. However, I did the interactive Talos OS installation of each node. As I messed up the configuration, I had to redo the setup. This time with your approach. It work well. Looking forward to more content from you.
Glad it helped! I tried Mayastor in the past and the performance was good. Sadly, the lack of snapshot support made me look for other solutions. I'll probably try to cover rook-ceph in the future as well, and take another look at Mayastor if/when they implement snapshot support
Crazy quality!
Thank you....
More videos please
Super info about Talos!!
Can I add a Talos/Kubernetes node to other K8S clusters on GKE/AWS/Azure/...
Thank you!
It's not really designed for "mixed" clusters, but they do provide cloud-specific images. Migrating should be doable with a tool like Velero or volsync for example
Great video thank you.. does your talos cluster commit to disk after doing this steps ? What happens if one of the nodes in the cluster is rebooted does it automatically scale and cluster goes to healthy state after node comes back online.
In the machine configuration which you apply during the install, you specify the disk which Talos will use.
Once the machine config is applied, Talos is written to disk, yes, meaning that you can remove the ISO and the machine will boot into the os you configured.
If a node is rebooted, the Talos cluster behaves much like a K8S cluster, it will return to a healthy state once the node returns/is replaced
Great video and great explanation why to choose Talos. But thee music is horrible if you want to listen and focus. A tutorial with that complexity, I do not believe that anyone is interested in a distracting and annoying noise pollution 😮
Now, we can continue with the promised video series about automation 👍
Thanks for the feedback! Would you say it would be better to have the music quieter or just no music at all during tutorials?
nice video. thanks a lot... have you ever try rancher, ingress on talos kubernetes ?
I have tried Rancher, both in my Homelab on top of Talos as well as professionally, using it to manage multiple rke clusters. It's an interesting tool and dashboard, but I don't personally like it that much. I don't have it deployed in my infra as I have no need for it.
As for ingress - I am using ingress nginx for now with Talos and at work too. It's great and I recommend it. I'm not really a huge fan of Traefik, even though it seems popular in the Homelab community
much cleaner and visual than using talhelper in my opinion
I definitely think both have their own place. Talhelper makes a lot of things much easier, though at the cost of an added layer of complexity.
I want/plan to make a video about it as well to showcase how it can simplify some things and make more complicated configs easier to manage. One analogy I like to make is that using talhelper for talos configs is similar to using kustomize for k8s manifests.
It doesn't have ssh but it does expose an HTTP server right? So it's removed one attack surface and introduced another.
Well... yes and no. In my opinion, the HTTP server is a smaller attack surface than SSH. If you were to break through SSH and gain access to a machine, you have the familiar environment of a shell which would allow you to do more or less whatever you want. With the API server on the other hand, if you were to get the certificates to authenticate you are still relatively limited as to what you can do. The API server only exposes certain functionalities, not an entire shell with all of the tools and utilities.
There is also the "security by obscurity" argument since the API server definitely provides a less familiar interface than a shell.
But in essence, yes. Neither the API nor SSH are perfectly secure and every solution is susceptible to vulnerabilities.
I would also argue that having the OS config in a YAML file makes it easier to just nuke the node/cluster and restore it if something happens, but this is not really related to the API vs SSH discussion, but rather to the traditional OS vs API-driven immutable OS.
Ah that's a really good point
Thanks
@@mirceanton APIs don't restrict capability of a bad actor just because it's not a shell environment, one or more webshells are likely going to be deployed once compromised. CVE-2021-26855 for one example.
Great tutorial. It worked perfectly the first time, however, I started noticing some weird issues and decided to reinstall the cluster. As of today, after the talosctl apply -f rendered/controlplane.yaml, the install hangs and /dev/sda disappears. Anyone have some ideas?
Thanks! Are you installing on bare metal, or VM? Are you sure `/dev/sda` is not the USB you are booting from?
@@mirceanton Hi! I am running on vSphere 6.7. When I check the disks before running the apply command, I see my 32 gig /dev/sda drive. After I run the command, it goes away and my Talos stays in maintenance mode, after that /dev/sda seems to be gone. I am running the newest ISO. Could this have something to do with it?
@@mirceanton Got it working using the ova instead :)
Your blog post link doesn't work.
Thanks for the heads-up! I recently migrated my blog from Hugo to Jekyll and apparently I didn't do a great job at preserving all the links.
I updated the description so now the URL should work. Thanks!
The instructions are clear but what you receive in the end is not working.
Machines stuck on Booting state, you can't do anything. There is no explanation what is host 10.0.10.10 doing and i see a lot of error messages related to my VIP ip (in my case different IP).
If i run: talosctl get members
rpc error: code = Unavailable desc = last connection error: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: cannot validate certificate for IP.IP.IP.NODE3 because it doesn't contain any IP SANs"
If i repeat this message, IP.IP.IP.NOD1, NODE2, NODE3 are cycling, but otherwise the same message.
Around 9:45 I explain that 10.0.10.10 is the IP address I am using for the VIP that essentially acts as a load balancer in front of the nodes.
Did you set up your talosconfig properly? Maybe you have the wrong endpoints or perhaps an old secrets bundle