It is indeed very similar. Talos does a few things differently. The biggest being that it does not allow any host-level access and exposes a gRPC API for things like querying the processes, or restarting a node.
So essentially you just need to put your gRPC agent in a linuxkit image with access to the containerd socket? That’s how the docker in docker/kubernetes examples already work for LinuxKit.
I am not sure what exactly you mean by “does not allow host level access”, the benefit of linuxkit is you can configure the software that needs to run in the root namespace, or not, aside from every process generally having a mount namespace.
The real benefit (imo) of LinuxKit is the familiar declarative manifest model for image definition, and container configuration. As a by product, it’s really straight forward to have reproducible builds.
LinuxKit is really neat. Don't get me wrong. I think each have their benefits. LinuxKit is great if you need that flexibility. With Talos we would rather focus on building a Kubernetes-centric distro.
At this point, it seems simpler to run OpenShift, which is essentially Kubernetes + extra stuff you don't have to use + nicer console. If you go with Red Hat, you get a number of benefits, such as not being affected by the recent 'Doomsday bug' in docker that wasn't really that doomsday-ish.
Does Google actually support self-hosted Kubernetes?
Because "This vulnerability is mitigated on Red Hat Enterprise Linux 7 if SELinux is in enforcing mode." Which is the default when you install OpenShift - opposed to a gazillion of server software packages that advise you to deactivate SELinux.
Check out [1], more specifically: "For many Red Hat end users, it’s unlikely that this flaw gets that far. IT organizations using Red Hat Enterprise Linux to underpin their Linux container and cloud-native deployments are likely protected, thanks to SELinux."
It does, but is it a first-class citizen as it is in RHEL and CentOS? Also OpenShift is finely tuned to run with SELinux. This is something you would have to do yourself on another platform with, say, Kubernetes and SELinux.
I was just saying that instead of all the hassle of going into production with self-supported, on-prem Kubernetes on top of some new-ish distro, the sane way seems to go with Red Hat's Kubernetes on top of a battle-tested distro with extra security features that is all supported.
If you want to run your prod workloads on self-supported Kubernetes with SELinux and similar features yourself, sure you could do that. Is that sane? I'll leave that as an exercise for the reader. What do I know, maybe it is.
Not sure about the Future of CoreOS, though: "With the acquisition, Container Linux will be reborn as Red Hat CoreOS, a new entry into the Red Hat ecosystem. Red Hat CoreOS will be based on Fedora and Red Hat Enterprise Linux sources and is expected to ultimately supersede Atomic Host as Red Hat’s immutable, container-centric operating system."
Really good question. The short version is that CoreOS is a generic container based distro. Talos is not. It is designed with the goal of making a machine a Kubernetes node in a fast and reliable way. We don't use systemd, but a pure Golang init that is Kubernetes aware.
Please, not another Slack walled-garden for discussion. Slack is both inaccessible and unsearchable, as well as a privacy concern.
Suggest to use already available open source discussion networks such as freenode and open software with accessible medium such as mailing lists powered by mailman and its archives.
If you insist on using a javascript-tainted webui for community discussions, use open forum software such as discourse ensuring it's properly searchable and archived by major search engines.
We actually had matrix up on running on a cluster built with Talos in AWS. We decided to focus our efforts on Talos instead of maintaining infrastructure. There is a convenience factor for us since it is only three of us.
It's just the few times I've used slack as part of an open community it's been suboptimal, honestly a freenode channel was and is better, anyone looking at something like Talos is likely to have an irc client installed :).
The beauty of Matrix is it's distributed, so it doesn't really matter if you're running your own servers. If someone joins from their own server (like I would from mine), the conversation exists there too!
However, I’m not sure what the difference is here from say https://github.com/linuxkit/linuxkit which also has an example for how to use LinuxKit to build Kubernetes environments https://github.com/linuxkit/kubernetes
I am not sure what exactly you mean by “does not allow host level access”, the benefit of linuxkit is you can configure the software that needs to run in the root namespace, or not, aside from every process generally having a mount namespace.
The real benefit (imo) of LinuxKit is the familiar declarative manifest model for image definition, and container configuration. As a by product, it’s really straight forward to have reproducible builds.
[1]: https://www.raptorcs.com/TALOSII/
A quick google shows docker working on power too, so there really should be little to no work to run k8s on power.
Does Google actually support self-hosted Kubernetes?
https://access.redhat.com/security/vulnerabilities/runcescap...
[1] https://www.redhat.com/en/blog/it-starts-linux-how-red-hat-h...
If you want to run your prod workloads on self-supported Kubernetes with SELinux and similar features yourself, sure you could do that. Is that sane? I'll leave that as an exercise for the reader. What do I know, maybe it is.
https://coreos.com/blog/coreos-tech-to-combine-with-red-hat-...
The Flatcar project wants to keep the original CoreOS alive, however: https://www.flatcar-linux.org
Suggest to use already available open source discussion networks such as freenode and open software with accessible medium such as mailing lists powered by mailman and its archives.
If you insist on using a javascript-tainted webui for community discussions, use open forum software such as discourse ensuring it's properly searchable and archived by major search engines.
It's gotten really good since the last time I looked at it.
It's just the few times I've used slack as part of an open community it's been suboptimal, honestly a freenode channel was and is better, anyone looking at something like Talos is likely to have an irc client installed :).