Talos 1.0: what a minimal OS enables

When I first started on this journey of building Talos, a minimal, secure-by-default platform for Kubernetes, I never imagined that it would be as successful as it has become. Seeing Talos mentioned with the likes of Ubuntu, RHEL, and CoreOS is a bit surreal for me. I vividly remember the days when the project was just a few hundred lines of code and only little ol’ me knew it was a thing. Today Talos is used by some of the largest companies in the world. I remember these companies from when I was a child. I never imagined they would end up needing something that I created. Talos has gone from a nights and weekends project to now being backed by a growing company with a phenomenal team of engineers who all believe in what we are doing. One of my favorite things to have come from Talos is the fast growing, friendly, and enthusiastic community behind it. It is truly something special.

Talos is now at version 1.0. It is stable, reliable, well tested, and proven in production at scale in every environment you can think of – cloud, bare-metal, edge, hybrid, on hypervisors. There are also several exciting new features in version 1.0, including early GPU support – you can check them out here.

But I believe that what companies and our community alike are so enthusiastic about is not just the details of the technology. Rather, they are appreciative of the philosophy embodied in Talos, and also the potential in such a system and what it represents. The architectural choices that are driven by this philosophy have immediate benefits now, but, for the imaginative, offer far reaching possibilities.

The same thing happened with Kubernetes. We loved it in the beginning because it gave us a way to manage containers at scale, solving an immediate need, but along the way we started to build operators that leveraged Kubernetes to manage things other than containers. We saw the potential in Kubernetes for things greater than it was originally intended due to its well thought out design. At Sidero Labs we are starting to see the same happen with Talos.

The fact that we implemented an entirely new PID 1 in Go based on the controller pattern is bad ass, but what a controller driven operating system enables is the real magic. Removing console access and SSH and replacing it with gRPC API for management is forward-thinking, but what that enables in the future will be far more valuable. A 50MB read-only filesystem, KSPP hardened kernel, hardened Kubernetes, high cryptographic standards, reproducible builds, and our security first approach are loved by the security conscious but these decisions enable something greater than just a better security posture.

I wish I had a punchline to summarize what I am alluding to but, alas, I don’t. I probably could have been done with this blog a few weeks ago if that were the case.

But the fact that I can’t say it simply, in itself says something: Talos is a *big* idea.

Big ideas touch on many subjects and open up many possibilities.

They inspire and people innovate on top of them.

I think that is especially true in the case of Talos.

Take, for example, a fun project called TINK (Talos in Kubernetes) from Bryan Zubrod. Thanks to the way Talos was designed, Talos itself is able to run in a container. The containers can be thought of as nodes. Bryan runs Kubernetes on Talos on bare-metal, and then is able to distribute Talos based Kubernetes clusters that are running in containers on that bare metal Kubernetes cluster, to developers. The entire stack has the same APIs!

Another project, talos-vmtoolsd, came from Oliver Kuckertz. This project uses the Talos APIs to gather host information and update VSphere. On any dynamic change within Talos, `talos-vmtoolsd` is able to get this event and update Vsphere nearly instantaneously. A simple tool but built to be entirely reactive and based on versioned APIs.

There are Terraform providers for Talos that leverage the API to create and manage clusters on vSphere, or Digital Ocean and OpenStack

Sidero Metal uses the Talos API alongside the Kubernetes API to manage the entire lifecycle of bare-metal clusters, including operational tasks like patching node specific settings, PXE booting servers, installing an operating system (Talos of course), bootstrapping a cluster, upgrading a cluster, and so much more. SideroLink is set up and automatically configured to enable a deep integration between the APIs of Talos and Sidero Metal. With this link we can do things like stream events from Talos to Sidero Metal in order to know if, for example, Talos was successfully installed or not. We can stream kernel logs from Talos to Sidero Metal and give users a way to debug early boot issues.

Think about how you would do any of these things without something like Talos. Sure, it may be possible, but in the end it will be held together with tape and gum. In the same way that Kubernetes came along and gave us a platform for running our containers, Talos gives us a platform for running our infrastructure. Rather than depending on brittle scripts that depend on parsing unstructured output with sed, grep, and/or awk, Talos offers a structured API. Terraform providers can interact directly with the operating system. Platforms can be consistent throughout the entire stack. Tooling becomes reactive and real-time.

All of these examples are projects that were enabled by the ideas in Talos and I believe we will see some truly amazing projects within the Talos community that simply wouldn’t be possible without the architecture that Talos provides.

Along the journey to Talos 1.0 we have already seen how Talos has inspired new ideas and even made existing ideas better. For the last 3 years we have focused on the low-level details in Talos to make this possible. Looking forward you can expect Sidero Labs to build things on top of Talos that will take full advantage of the capabilities that Talos exposes. Automating many operational tasks that have not, to date, been simply or reliably automated. We will extend the Talos philosophy further up and down the stack to create a truly API-driven platform that will set a new standard in our industry. There’s much more to come – I’m excited about what the company, our community, and our partners imagine and create on top of Talos!

Subscribe!

Occasional Updates On Sidero Labs, Kubernetes And More!