Mary Branscombe's avatar

I took the recent TalosCon as a chance to dig into a Linux distro that's designed only for running Kubernetes on in a way that's a much like Kubernetes itself as it can manage: no system, no shell, no scripts, no SSH, no problem - because no snowflakes

Mary Branscombe's avatar

Talos grew out of the frustration of people like @rsmitty.cloud @siderolabs.com running ops: good open source often starts with someone scratching their own itch and discovering that it's not just their own itch because starting with the problem is a good way to get a realistic solution.

Mary Branscombe's avatar

It's a very different mindset; Talos doesn't have the recent busybox CVE because it doesn't have busybox, which is great but it also doesn't have a lot of things security agents and compliance audits expect so you have to change the way you do traditional ops to make it work and that can take time

Mary Branscombe's avatar

Just convincing people to do it that way probably takes longer than doing it and it's going to be easier if you're born in the cloud, bursting to cloud, living on the edge or doing anything but coming from a very traditional ops environment; which is why I'm impressed that SNCF did just that

Talos Linux: Rethink running Kubernetes
Like Flatcar, Talos is minimal by design; unlike Flatcar, it gets that way by adding just what it needs to a stripped down Linux kernel that only runs cryptographically signed modules. It has only a handful of binaries, including its own process manager...
https://www.thestack.technology/talos-linux-rethink-running-kubernetes/
A running theme with quite a few of the pieces I'm doing for The Stack this year is 'what can I replace VMware with, because I don't want to pay what Broadcom wants to charge'; Talos shows up in several migrations from VMware to OpenStack, perhaps because it's one less thing to secure and stabilise.
  • Linux

  • Kubernetes

  • governance

  • private cloud

  • edge

  • Broadcom

  • OpenStack

  • security