
Talos – A modern Linux distribution for Kubernetes - alexellisuk
https://github.com/autonomy/talos
======
tjfontaine
I’m all for more people using immutable machine images for their base system
images, and think more environments should be built this way.

However, I’m not sure what the difference is here from say
[https://github.com/linuxkit/linuxkit](https://github.com/linuxkit/linuxkit)
which also has an example for how to use LinuxKit to build Kubernetes
environments
[https://github.com/linuxkit/kubernetes](https://github.com/linuxkit/kubernetes)

~~~
andrewrynhard
It is indeed very similar. Talos does a few things differently. The biggest
being that it does not allow any host-level access and exposes a gRPC API for
things like querying the processes, or restarting a node.

~~~
tjfontaine
So essentially you just need to put your gRPC agent in a linuxkit image with
access to the containerd socket? That’s how the docker in docker/kubernetes
examples already work for LinuxKit.

I am not sure what exactly you mean by “does not allow host level access”, the
benefit of linuxkit is you can configure the software that needs to run in the
root namespace, or not, aside from every process generally having a mount
namespace.

The real benefit (imo) of LinuxKit is the familiar declarative manifest model
for image definition, and container configuration. As a by product, it’s
really straight forward to have reproducible builds.

~~~
andrewrynhard
LinuxKit is really neat. Don't get me wrong. I think each have their benefits.
LinuxKit is great if you need that flexibility. With Talos we would rather
focus on building a Kubernetes-centric distro.

------
blakesterz
Not to be confused with the Cisco Talos security people. I thought maybe they
had released a distro when I read this headline.

~~~
geocar
Or the Talos workstation[1]. I was hoping maybe this was a Power port of
kubernates.

[1]: [https://www.raptorcs.com/TALOSII/](https://www.raptorcs.com/TALOSII/)

~~~
pexaizix
Or the Talos god from Elder Scrolls lore.

~~~
kuwze
Or the Talos Principle, which along with Soma and the Portal series are some
of the worlds best games.

------
BossingAround
At this point, it seems simpler to run OpenShift, which is essentially
Kubernetes + extra stuff you don't have to use + nicer console. If you go with
Red Hat, you get a number of benefits, such as not being affected by the
recent 'Doomsday bug' in docker that wasn't really that doomsday-ish.

Does Google actually support self-hosted Kubernetes?

~~~
shaklee3
How are you not affected?

[https://access.redhat.com/security/vulnerabilities/runcescap...](https://access.redhat.com/security/vulnerabilities/runcescape)

~~~
BossingAround
Check out [1], more specifically: "For many Red Hat end users, it’s unlikely
that this flaw gets that far. IT organizations using Red Hat Enterprise Linux
to underpin their Linux container and cloud-native deployments are likely
protected, thanks to SELinux."

[1] [https://www.redhat.com/en/blog/it-starts-linux-how-red-
hat-h...](https://www.redhat.com/en/blog/it-starts-linux-how-red-hat-helping-
counter-linux-container-security-flaws)

~~~
vertex-four
SELinux exists in other distros.

~~~
ofrzeta
It does, but is it a first-class citizen as it is in RHEL and CentOS? Also
OpenShift is finely tuned to run with SELinux. This is something you would
have to do yourself on another platform with, say, Kubernetes and SELinux.

------
godojo
Sounds like CoreOS

~~~
ssewell
Recently started using CoreOS for Docker Swarm, and it seems really promising.
I wonder how this compares?

~~~
andrewrynhard
Really good question. The short version is that CoreOS is a generic container
based distro. Talos is not. It is designed with the goal of making a machine a
Kubernetes node in a fast and reliable way. We don't use systemd, but a pure
Golang init that is Kubernetes aware.

------
michaelmrose
There is also talos embedded systems and the talos raptor workstation/servers

~~~
blablabla123
Exactly, which are probably much cooler than the distribution.

------
andrewrynhard
For anyone interested in joining our slack, feel free to PM me!

~~~
waz0wski
Please, not another Slack walled-garden for discussion. Slack is both
inaccessible and unsearchable, as well as a privacy concern.

Suggest to use already available open source discussion networks such as
freenode and open software with accessible medium such as mailing lists
powered by mailman and its archives.

If you insist on using a javascript-tainted webui for community discussions,
use open forum software such as discourse ensuring it's properly searchable
and archived by major search engines.

~~~
noir_lord
or Matrix.

It's gotten really good since the last time I looked at it.

~~~
andrewrynhard
We actually had matrix up on running on a cluster built with Talos in AWS. We
decided to focus our efforts on Talos instead of maintaining infrastructure.
There is a convenience factor for us since it is only three of us.

~~~
noir_lord
Makes sense.

It's just the few times I've used slack as part of an open community it's been
suboptimal, honestly a freenode channel was and is better, anyone looking at
something like Talos is likely to have an irc client installed :).

~~~
andrewrynhard
We want to build a great community. So I have taken note and we will look into
supporting that!

------
nfrankel
> License: unknown

~~~
vervas
You only have to click
[https://github.com/autonomy/talos/blob/master/LICENSE](https://github.com/autonomy/talos/blob/master/LICENSE)

~~~
markphip
Guessing the commenter was looking at the badge at bottom of README which does
say unknown, though it links to the license.

