Getting COSI with Talos
COSI, the Common Operating System Interface, is a project we are driving and announcing at Kubecon Europe. However, aspects of COSI will be given a sneak preview on this blog and in other places, and we are already engineering some of the benefits of COSI into Talos OS.
One big benefit is that Talos OS now runs the Kubernetes control plane as static pods managed by COSI. Why is this a good thing? You can read why here. With the Talos (COSI) managed control plane, even single control plane node clusters are now rock solid, and Kubernetes can be upgraded safely and simply. All your control plane configurations are managed declaratively, and COSI will drive the state continually to match the declared configurations.
Another benefit COSI brings is that Talos OS is now reactive on parts of the machine configuration: the Kubernetes control plane can be reconfigured without a reboot, and bad changes can be reverted back easily: https://talos.dev/docs/v0.9/guides/editing-machine-configuration…
Need for speed
Configuring Kubernetes is much faster with Talos OS 0.9 thanks to ECDSA keys replacing RSA keys. This improves all sorts of operations – the time to generate machine configuration files drops to about 0.1 seconds, from 6 seconds or so. The time to add a node to a cluster improves, and as for bootstrapping – Talos OS can go from zero to a running Kubernetes cluster in two and a half minutes! The speedup on bootstrap times is really noticeable on smaller platforms like @Raspberry_Pi. And yes, Talos 0.9 runs Kubernetes on SBCs as well.
Encrypt that disk
Want to encrypt all your Talos OS and Kubernetes runtime data on disk? The system disk can now be encrypted to protect against data leaks if disks are removed without being wiped. See the guide for Kubernetes disk encryption.
No load balancer required
Setting up Kubernetes correctly, securely, and robustly can be … tricky.
One of the pain points when building a high-availability controlplane is giving clients a single IP or URL at which they can reach any of the controlplane nodes. The most common approaches all require external resources: reverse proxy, load balancer, BGP, or DNS.
Talos OS now offers a “Virtual” IP address, providing high availability without requiring external resources, so long as the controlplane members share a layer 2 network. Now you can have a robust, high availability solution that can be simply configured within Talos OS itself. See the guide.
Keep those CVE’s away!
As always, Talos OS brings in the latest versions of components, so you get current bugfixes and security updates, in a timely manner: Linux 5.10.19, Kubernetes 1.20.5, etcd 3.4.15, containerd 1.4.4.