This is a guest post by Mathias Pius, who has dual experience as a Software Engineer and in Operations & Infrastructure, with keen insights into the unique challenges associated with each discipline, but importantly also the contact point between them. With the pendulum of Cloud vs. On-premises swinging slightly towards on-premises again, some might be considering moving their Kubernetes clusters onto bare metal while nursing their scars from the last time they tried managing their control plane using kubeadm. Others have been using bare metal the whole time, but have been hamstrun ..read more

I know it’s a click bait title, and you clicked it anyway. So let’s just pretend you want to get an interactive terminal on a Talos Linux node. I’m not sure why you’d want to do that—the API is more powerful. But Talos doesn’t have SSH. Not only does it not have the service running—it doesn’t even have the sshd binary on the file system. Whatever the reason, let’s pretend you need a shell “on” the host. Maybe you have too much muscle memory for netstat or maybe you just hate declarative APIs. Perhaps you want to impress your co-workers with your 1337 hacker skillz. Whatever the case may be, T ..read more

Come out to Cidercade in Austin on May 7th at 8 PM to meet Andrew Rynhard and Justin Garrison in person. We’d love to hear what you’re working on and what you’re doing with Talos Linux. We’ll pay for your unlimited game pass, drinks, and food. Cidercade is located at 600 East Riverside Drive Austin, TX, 78704 goo.gl/maps/EYq23pgopX275skY6 Please sign up before coming so we can have a head count and pay for passes. Sign up here The post Sidero Austin meetup – May 7th appeared first on Sidero Labs ..read more

Linux golden images have come and gone in popularity over the years with a variety of different tools. When I was first a sysadmin we would hand craft a VM, sysprep it, and then export a vmdk file. When configuration management tools came out we would hand craft a “minimal” VM, sysprep it, export a vmdk file, and let puppet configure the rest during boot. This wasn’t anti-golden image, but the tools at the time made it hard to manage lots of different images and we could get a lot more flexibility by doing a little post-provisioning configuration. Packer leaned into this approach for creating ..read more

As you’ve probably heard there was a sophisticated back door discovered as part of the liblzma decryption library. This back door is intended to allow a malicious actor to remotely execute code on a system via a special SSH public key. Talos Linux is not vulnerable to this CVE, and does not ship with xz installed. We do use xz utilitiy in our build system, we have reverted back to a non-compromised version of xz utilities out of an abundance of caution. The exploit requires some very specific attributes to be true for it to work, none of which apply to Talos Linux. The main required component ..read more

Talos Linux is an API driven distribution for running Kubernetes. It takes great ideas behind immutable operating systems a step further. It isn’t a container operating system, it’s a Kubernetes operating system. The difference is, Talos is built only to run in Kubernetes. Other minimal distributions, like Bottlerocket, add complexity by supporting multiple workloads and orchestrators. By focusing Talos only on Kubernetes and a declarative API it will greatly reduce the toil required for running a Kubernetes cluster. It can reduce it so much there are only 12 binaries in Talos. Bottlerocket i ..read more

The Talos community is great! Not only are they passionate about minimizing the amount of work needed to create on-prem Kubernetes clusters, but they share what they’ve built. Here’s a selection of home lab clusters our community shared on social media so you could see what’s possible and get started yourself. If you want to share your home lab for a future post please join the Slack community or mention us on X. If you want to meet other Talos community members face to face don’t forget to sign up for Taloscon in London. That’s a lot of Macs Buroa in the home operations discord has a really ..read more

Taloscon in 2023 was a big hit! It was a global, virtual conference where we got to talk all about Talos, Kubernetes, and Omni. There were presentations and discussions all about how people are using Talos to minimize their Kubernetes operations, and we announced KubeSpan for Kubernetes clusters that can span on-prem, edge, and cloud environments. It was wonderful to see you all virtually but this year Taloscon is going to be in-person, face-to-face, and on-prem! Did we mention it’s still free!!! We’ve partnered up with SREday in London to be a day 0 event all about Talos, Omni, and Kubernete ..read more

Linux is a core component of your Kubernetes cluster. The distribution you choose will have a big impact on how quickly you can create a cluster, the stability of your workloads, and how much maintenance you’ll need to perform. When creating a version of Linux for containers or Kubernetes, for many companies and distributions the common practice is to start with a general-purpose Linux and strip away things you don’t need. This results in a smaller footprint variation of the main distribution—e.g. Ubuntu minimal—but it always starts from a big, general purpose Linux and tries to make it small ..read more

Omni is the easiest way to manage Kubernetes clusters and Talos Linux. It has been a hosted service provided by Sidero Labs and now the source code is available under a BUSL license which means you can self-host it for testing and personal use cases. https://github.com/siderolabs/omni Omni has been (and still is) available as a SaaS offering—the easiest way to get started—and available to run on-prem for enterprise licensed users. With this release you can now run Omni in your testing environment without requiring an account. The BUSL license means you can run Omni for non-production workload ..read more