Back to Blog

Storyยท

Kubernetes the Easy Way

How to build a secure and minimal Kubernetes cluster when managed services are not an option. The story on how I found Talos OS.

How many different ways are there to install Kubernetes?

The easiest option to get a production ready Kubernetes cluster is to simply use a managed service, which is what most sane people would do. The hard way is to install perform every step manually, which you'd do if you want to learn the inner workings Kubernetes.

But what's in-between?

Meme for too many Kubernetes install options

Yes, there's a ton of options!

I won't cover them all. In fact, I won't talk about most of them. This post is about a specific one that I found way too perfect that I had to write a blog post about it.

Building a new cluster (again)

A few months ago I had requirements to build a Kubernetes cluster on Hetzner Cloud. Unfortunately Hetzner does not provide a managed service, otherwise I'd have used it without thinking too much.

I had to look for something else. Up until recently I'd recommend k3s as an easy and lightweight option to bootstrap a cluster, but the reality is that I never really liked k3s, except for use in test and throw away clusters.

I started then my journey to look for what options are out there and which would work best for me. My first step was to research the perfect Linux distro and only then look for a Kubernetes bootstrapper.

If there's one thing that makes me nervous, is the OS updates. I'm not a big fan of Serverless, but if there's one thing I like about them is not having to worry about OS updates. Which is why I focused on finding a minimal, container-optimised Linux OS.

It was during this search that eventually stumbled across Talos OS. Their tagline is "Talos Linux is Linux designed for Kubernetes - secure, immutable, and minimal.". I was hyped, but I had to read more about it.

I spent a few hours reading the docs โ€” which I'm really proud of myself for doing it because I usually skip it. To be fair, it was a long-haul flight and I had nothing else to do ๐Ÿ˜…

Talos OS

Talos OS is basically a bundled of Linux Kernel, Talos API and the Kubernetes API. That's it, none of the bloat that comes with other distros. The OS is immutable, minimal and secure by default. It doesn't even have SSH or a Package Manager, because why would you need those anyway?

The process of bootstraping a cluster is:

  1. Generate the control plane and worker machine config using talosctl
  2. Create a control plane node using the Talos ISO and the machine config above
  3. Use talosctl to instruct the node to bootstrap a Kubernetes cluster

That's all! At the end of step 3 we have a 1-node kubernetes cluster ready to rock!

New virtual machine created using the talos image and the machine config will automatically join the cluster, no need to run other commands or mess with SSH. The minimalist approach and immutable OS also makes updates painless and safe. This setup works really well with Terraform and other automation tools.

I found this message from Vaizki on the Kubernetes Slack and I think it sums up my experience with Talos really well.

Quote from vaizki 'I have used kubernetes for many years and I trust Talos as a platform more than anything I put together myself

If you need to build a new Kubernetes cluster, be it for production or just to play around, go give Talos a try. I'm sure you won't regret it ๐Ÿ˜Š

Tired of using Kubectl? ๐Ÿ˜“

Give Aptakube a go โ€” a modern, lightweight Kubernetes interface.

Screenshot of Aptakube showing a list of pods from 2 clusters in a single view