A quick update on some of the goodness that is in Talos v0.11, which was just released and will help your enterprise adoption of Kubernetes. How, you ask? Well, Talos OS, as a dedicated operating system for kubernetes, helps automate all your Kubernetes operations programmatically, and enforces best practices – meaning Kubernetes administrators can get more done, reliably and securely, with confidence. Regardless of your level of expertise, Talos will make you more productive.
Some of the goodies that we’ve recently released:
Immediate Network Configuration Changes
Talos network configuration was completely rewritten to be based on controllers and resources. It maintains the same file format, and you still have all the benefits of declarative configuration ensuring your systems are exactly as you want them to be. (Talos is becoming a reference implementation of the Common Operating System Interface. COSI is an open source project to offer a standardized interface for modern operating systems. To learn more about the COSI project, please visit https://github.com/cosi-project/community) However, now any update to .machine.network can be applied in immediate mode (without a reboot).
RBAC for the Talos API
Initial RBAC support in the Talos API is now enabled by default for Talos 0.11. The default role os:admin has access to all the APIs. Certificates with a reduced set of roles can be created with talosctl config new command.
List of available roles:
- os:admin role enables every Talos API
- os:reader role limits access to read-only APIs which do not return sensitive data
- os:etcd:backup role only allows talosctl etcd snapshot API call (for etcd backup automation)
Disaster Recovery ( v0.10)
We now support creating etcd snapshots (backups), and an etcd cluster can be recovered from a snapshot. This allows users to have a Kubernetes backup plan if the worst happens. The etcd database backs up the Kubernetes control plane state, so if the etcd service is unavailable or the Kubernetes control plane goes down, and the cluster is not recoverable, etcd can be recovered and the cluster rebuilt. https://www.talos.dev/docs/v0.11/guides/disaster-recovery/
Performance Optimizations ( v0.10)
Talos system services now run without container images on initramfs from the single executable; this change reduces RAM usage, initramfs size and boot time. This lowers resource usage so there’s more room for running your workloads, and means that Talos runs Kubernetes even better on devices like the Raspberry Pi. Read more about optimizations for Raspberry Pi here: Is Vanilla Kubernetes Really Too Heavy For The Raspberry Pi?
Keeping you secure and without known bugs: component updates
- containerd was updated to 1.5.2
- Linux kernel was updated to 5.10.45
- Kubernetes was updated to 1.21.2
- etcd was updated to 3.4.16
And of course updates to Talos OS nodes are atomic, and can be fully automated, minimizing work for your team.