Hacker News new | past | comments | ask | show | jobs | submit login
Talos – A modern Linux distribution for Kubernetes (github.com)
139 points by alexellisuk 32 days ago | hide | past | web | favorite | 42 comments

I’m all for more people using immutable machine images for their base system images, and think more environments should be built this way.

However, I’m not sure what the difference is here from say https://github.com/linuxkit/linuxkit which also has an example for how to use LinuxKit to build Kubernetes environments https://github.com/linuxkit/kubernetes

It is indeed very similar. Talos does a few things differently. The biggest being that it does not allow any host-level access and exposes a gRPC API for things like querying the processes, or restarting a node.

So essentially you just need to put your gRPC agent in a linuxkit image with access to the containerd socket? That’s how the docker in docker/kubernetes examples already work for LinuxKit.

I am not sure what exactly you mean by “does not allow host level access”, the benefit of linuxkit is you can configure the software that needs to run in the root namespace, or not, aside from every process generally having a mount namespace.

The real benefit (imo) of LinuxKit is the familiar declarative manifest model for image definition, and container configuration. As a by product, it’s really straight forward to have reproducible builds.

LinuxKit is really neat. Don't get me wrong. I think each have their benefits. LinuxKit is great if you need that flexibility. With Talos we would rather focus on building a Kubernetes-centric distro.

So it’s like osquery over gRPC?

Not to be confused with the Cisco Talos security people. I thought maybe they had released a distro when I read this headline.

Or the Talos workstation[1]. I was hoping maybe this was a Power port of kubernates.

[1]: https://www.raptorcs.com/TALOSII/

kubernetes should be able to be compiled for power? Go works on POWER no problem.

A quick google shows docker working on power too, so there really should be little to no work to run k8s on power.

Or the Talos god from Elder Scrolls lore.

Or the Talos Principle, which along with Soma and the Portal series are some of the worlds best games.

Or the Greek mythical defender of Europa, the mother of King Minos.

At this point, it seems simpler to run OpenShift, which is essentially Kubernetes + extra stuff you don't have to use + nicer console. If you go with Red Hat, you get a number of benefits, such as not being affected by the recent 'Doomsday bug' in docker that wasn't really that doomsday-ish.

Does Google actually support self-hosted Kubernetes?

Because "This vulnerability is mitigated on Red Hat Enterprise Linux 7 if SELinux is in enforcing mode." Which is the default when you install OpenShift - opposed to a gazillion of server software packages that advise you to deactivate SELinux.

Check out [1], more specifically: "For many Red Hat end users, it’s unlikely that this flaw gets that far. IT organizations using Red Hat Enterprise Linux to underpin their Linux container and cloud-native deployments are likely protected, thanks to SELinux."

[1] https://www.redhat.com/en/blog/it-starts-linux-how-red-hat-h...

SELinux exists in other distros.

It does, but is it a first-class citizen as it is in RHEL and CentOS? Also OpenShift is finely tuned to run with SELinux. This is something you would have to do yourself on another platform with, say, Kubernetes and SELinux.

I was just saying that instead of all the hassle of going into production with self-supported, on-prem Kubernetes on top of some new-ish distro, the sane way seems to go with Red Hat's Kubernetes on top of a battle-tested distro with extra security features that is all supported.

If you want to run your prod workloads on self-supported Kubernetes with SELinux and similar features yourself, sure you could do that. Is that sane? I'll leave that as an exercise for the reader. What do I know, maybe it is.

They're going to, it's in private beta apparently https://cloud.google.com/gke-on-prem/

Sounds like CoreOS

Not sure about the Future of CoreOS, though: "With the acquisition, Container Linux will be reborn as Red Hat CoreOS, a new entry into the Red Hat ecosystem. Red Hat CoreOS will be based on Fedora and Red Hat Enterprise Linux sources and is expected to ultimately supersede Atomic Host as Red Hat’s immutable, container-centric operating system."


The Flatcar project wants to keep the original CoreOS alive, however: https://www.flatcar-linux.org

Recently started using CoreOS for Docker Swarm, and it seems really promising. I wonder how this compares?

Really good question. The short version is that CoreOS is a generic container based distro. Talos is not. It is designed with the goal of making a machine a Kubernetes node in a fast and reliable way. We don't use systemd, but a pure Golang init that is Kubernetes aware.

There is also talos embedded systems and the talos raptor workstation/servers

Exactly, which are probably much cooler than the distribution.

For anyone interested in joining our slack, feel free to PM me!

Please, not another Slack walled-garden for discussion. Slack is both inaccessible and unsearchable, as well as a privacy concern.

Suggest to use already available open source discussion networks such as freenode and open software with accessible medium such as mailing lists powered by mailman and its archives.

If you insist on using a javascript-tainted webui for community discussions, use open forum software such as discourse ensuring it's properly searchable and archived by major search engines.

or Matrix.

It's gotten really good since the last time I looked at it.

We actually had matrix up on running on a cluster built with Talos in AWS. We decided to focus our efforts on Talos instead of maintaining infrastructure. There is a convenience factor for us since it is only three of us.

Makes sense.

It's just the few times I've used slack as part of an open community it's been suboptimal, honestly a freenode channel was and is better, anyone looking at something like Talos is likely to have an irc client installed :).

We want to build a great community. So I have taken note and we will look into supporting that!

The beauty of Matrix is it's distributed, so it doesn't really matter if you're running your own servers. If someone joins from their own server (like I would from mine), the conversation exists there too!

You don't need to have your own matrix server, just create a room on matrix.org, takes seconds. Try https://riot.im/app

you could also spin up a dedicated (albeit paid) matrix server at modular.im, which is way cheaper than the hassle of running your own.

Slack is searchable.

How? By following your GitHub profile to your email?

Fair point :) But that does work. andrew@andrewrynhard.com

> License: unknown

Guessing the commenter was looking at the badge at bottom of README which does say unknown, though it links to the license.

The LICENSE file in the repo mentions that it's MPL 2.0.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact