►
From YouTube: 38. #EveryoneCanContribute cafe: Talos, a Kubernetes OS
Description
Blog: https://everyonecancontribute.com/post/2021-07-14-cafe-38-talos-kubernetes-os/
Website: https://www.talos.dev/
Twitter thread: https://twitter.com/philip_welz/status/1415341665636732933
A
We
are
live
on
youtube,
hello,
everyone
and
yeah.
It's
my
pleasure
today
to
learn
something
new
again
like
we
all
tried
on
a
weekly
basis,
and
today
we
want
to
talk
about
talos,
which
I
heard
is
a
kubernetes
operating
system,
but
yeah.
I
have
no
I'm
eager
to
learn.
So
it's
my
pleasure
that
andrew
joins
us
from
taylor's
and
he
will
do
an
introduction
share
us,
the
cool
stuff.
A
B
My
name's
andrew
reinhard,
I
created
talos,
oh
roughly
five
years
ago.
It
started
as
a
project
where
I
was.
I
was
managing
a
bunch
of
kubernetes
clusters
and
I
was
very
frustrated
with
having
to
manage
both
the
os
and
kubernetes
itself.
You
know
and
so
started.
Working
on
talos
I
was
very
inspired
by
a
project
called
linux
from
scratch.
A
B
I
like
to
start
with
a
little
bit
of
the
origin
story.
Again
I
talked
about
this
in
my
intro.
I
was
managing
a
bunch
of
kubernetes
clusters
and
I
found
that
for
everything
at
the
os
that
I
had
to
do,
such
as
securing
users
doing
patch
management
installing
the
os
so
on
and
so
forth.
There
was
parallels
within
the
kubernetes
world,
and
so
you
know
at
the
time-
and
I
think
this
is
still
a
problem
within
our
industry-
is
that
there's
not
a
whole
lot
of
kubernetes
expertise
out
there.
B
So
this
job
fell
onto
the
shoulders
of
the
operations
engineers
they
had
to
both
figure
out
how
to
wrangle
kubernetes
and
to
continue
maintaining
the
underlying
os,
and
you
know,
for
one
person
migrating
a
bunch
of
applications.
It
was
a
lot
for
me
personally
just
making
sure
that
both
were
monitored
so
on
and
so
forth,
and
so
I
thought
to
myself
what
if
I
could
just
kind
of
more
or
less
eliminate
the
operating
system.
B
B
B
I
decided
to
make
it
grpc,
and
this
api
is
going
to
give
me
diagnostics
toolings
that
I
might
need
when
the
node
is
up
instead
of
sshinging
on,
I
just
hit
an
endpoint
and
I
can
get
data
which
processes
are
running
so
on
and
so
forth,
and
I
also
want
to
encourage
that.
Even
if
someone
does
manage
to
get
onto
the
operating
system,
I
don't
want
snowflakes,
you
know
in
a
clustered
environment,
you
need
your
substrate
to
be
as
consistent
as
possible,
and
so
let's
make
the
root.
B
B
I
want
to
say
50
or
40
megabytes
squash
fest,
that's
the
entirety
of
talos,
and
so
it
can't
be
remounted
as
rewrite
read
write,
so
it's
all
or
nothing.
It
is
read
only
and
that's
that
and
again
keeping
these
things,
keeping
it
as
minimal
as
possible.
Talos
just
comes
with
the
bare
minimum
that
you
need
to
run
kubernetes
more,
more
specifically
the
kubelet,
so
that
comes
with
container
d,
ip
tables,
the
oh
god,
not
a
whole
lot
else.
B
It's
really
that
we
we
deliver
the
kubelet
as
a
container
there's
a
lot
that
the
kubelet
does
depend
on,
but
that's
in
the
container
of
the
kubelet
itself.
I
was
going
to
go
there
so
yeah.
The
idea
is
that
basically
we're
going
to
modernize
the
os
for
distributed
systems
and
another
thing
that
I
think
is
interesting
in
practice.
What
this
means
is
that
we
actually
don't
even
run
systemd.
It's
a
completely
new
init
system,
which
we're
calling
machine
d
which
is
built
for
the
purposes
of
these
distributed
systems,
types
things
right.
B
It
comes
with
an
api,
it's
completely
written
in
a
modern
language,
it's
go,
and
so
what
that
translates
into
today
is
really
the
talos
is
almost
a
single
binary.
I
think
we
have
one
extra
service
that
we
call.
We
call
trustd
that
runs
right
now
and
it
runs
as
a
container
outside
of
kubernetes,
but
other
than
that
talos
is
basically
a
single
binary.
I
lied,
there's
there's
also
uwd.
We
tried
to
rewrite
uwd
and
go,
but
that
was
no
fun.
Maybe
we'll
pick
it
up
again
later.
B
So
the
idea
is
that
you
know
if
you
were
to
hit
the
talos
list
api
and
look
at
the
route
fs,
you
would
see
that
there's
actually
not
a
whole
lot
outside
of
kubernetes
and
again.
Another
thing
to
point
out
here
is
that
there's
no
ssh
and
there's
no
shell,
so
the
next
thing
I
want
to
talk
about
is
something
that
we're
trying
to
do
with
talos.
Is
we're
really
trying
to
ask
ourselves?
B
You
know
what
what
is
this
api
driven
operating
system?
How
can
we
standardize
that?
And
how
can
we
bring
this
to
the
world
in
a
more
generic
way?
In
the
same
way
that
there's
the
container
networking
interface,
the
cri,
the
container
storage
interface,
so
on
and
so
forth,
we
envision
a
world
where
there
will
be
an
api
for
things
like
kubernetes
to
communicate
with
the
host.
B
So
we
got
to
figure
out
something
else,
but
the
idea
is
again.
We
want
to
come
from
this
place
of
you
know
your
traditional
operating
systems.
You
can
see
on
the
left
here.
Your
traditional
unix
systems
are
really
oriented
for
a
single
shared
system,
right,
multiple
users
hopping
on
and
managing
it,
multiple
users
having
to
be
created
and
so
on
and
so
forth.
B
In
our
world
of
cozy,
we
envision
a
place
where
the
host
really
just
has
one
job,
and
that
is
to
deliver
isolated
workloads,
vms
containers,
and
so
this
is
probably
not
in
the
correct
order
that
I
want
to
go
in.
Let
me
jump
down
to
the
shell,
so
we've
taken
out
the
shell
and
what
that
means
is
in
practice,
there's
no
users
right,
it's
just
purely
api
driven,
and
so
how
do
you
hop
on
and
make
things
happen?
B
The
idea
with
cozy
is
that
everything's
going
to
be
declaratively,
driven
in
the
same
way
that
kubernetes
is
declaratively
driven.
So
if
you
want
an
interface
configured,
you're
going
to
have
a
yaml
file,
that
represents
how
this
interface
can
should
be
configured
say:
bond
zero
needs
to
be
set
up
in
such
in
such
a
way.
You
deliver
that
to
the
system
and
you're
going
to
have
a
controller
that
lives
on
the
operating
system.
That
makes
that
a
reality.
That's
your
new
way
of
interacting
with
the
system
not
hopping
on
and
using
pipes.
B
You
know
these
are
plug-ins
as
we're
calling
them
plug-ins
can
kind
of
represent
something
bigger
like,
for
example,
in
talos
011.
As
we're
going
to
show
off
today
we
have
a
plug-in
that
we're
it's
basically
a
whole
new
networking
stack
and
within
that
networking
stack,
it
has
controllers
for
a
bunch
of
different
resources
like
addresses
and
routes
and
so
on
and
so
forth.
B
I'll
show
you
in
the
demo,
but
that's
the
new
way
of
doing
things
within
this
world,
that
we
see
we're
going
to
bring
the
idea
of
controllers
down
to
the
operating
system
itself,
and
they
are
the
ones
that
are
in
charge
of
enforcing
the
state
that
you
define
declaratively,
and
you
know
one
of
the
benefits
to
this
is
that
now
the
entire
system
is
under
a
structured
configuration
format.
So
nothing
is
now
an
ansible
playbook
that
ssh
is
onto
a
machine,
runs
this
command
pipes
it
through
grep
pipes.
B
It
through
awk
so
on
and
so
forth,
which
can
change
and
break
from
different
versions.
It
is
a
api
that
has
backwards
compatibility
guarantees
and
you
submit
yamls
that
make
this
a
reality
for
you.
I
hope
that
was
clear.
I'm
happy
to
pause
and
take
any
questions
and
that's
kind
of
setting
the
stage
for
the
demo.
C
B
Exactly
so,
the
idea
is
that
you
could
go
and
write
a
plug-in.
This
is
not
currently
possible
today.
This
is
just
kind
of
you
know,
setting
the
vision
right
now.
We
do
have
this
idea
within
talos.
Currently
it's
our
networking
stack,
but
the
idea
is
yes,
you
will
be
able
to
get
notified
when
someone
creates
something
that
you
want
to
be
notified
about,
updates,
deletes
changes
so
on
and
so
forth.
B
You
have
a
reconciliation
loop
that
gets
hit
and
you
are
now
responsible
for
enforcing
what
the
state
should
be
based
on
your
inputs
and
outputs.
You
know
the
the
previous
way
that
we
did
inpat
inputs
and
outputs
as
engineers
was,
you
know
again
we
would
ssh
onto
a
box
we'd
run
a
bunch
of
unique
unix
commands
and
pipe
them
through
a
bunch
of
things
in
the
cozy
world.
You
it's
very
much
like
kubernetes.
B
B
You
know
maybe
overriding
those
firewall.
It
could
be
arbitrary.
Just
imagine
what
you
want.
The
inputs
and
outputs
are
now
different:
they're,
not
free
form,
they're,
structured
and
they're
controllers
that
are
actually
taking
inputs
and
making
things
happen
per
a
spec
that
has
been
delivered
to
it.
C
C
B
Yeah,
I
honestly
don't
think
we
should
be,
especially
in
a
distributed
environment
like
kubernetes
right
and
when
you
give
a
it's
just
too
tempting
even
as
a
senior
engineer.
Sometimes
you
have
a
problem
and
it
needs
to
be
fixed
and
you
hop
on
hey,
look
to
stop
the
bleeding.
I
had
to
do
x,
y
and
z
and
sometimes
that's
not
communicated,
and
then
now
this
machine
is
a
snowflake,
and
so
it's
really
just
embracing
and
enforcing.
B
You
know,
but
then
it
just
creates
this
dynamic,
that's
not
very
conducive
to
a
well-performing
team,
and
so
now
with
talos
and
something
like
cozy
you're,
actually
fighting
the
technology
right,
you're,
fighting
a
robot
and
you
can
be
mad
at
that.
Robot
that
says,
you
cannot
do
that,
because
it's
a
read-only
file
system
be
mad
at
that.
B
First
of
all,
you
just
simply
cannot
do
that
from
a
technological
standpoint,
and
it's
conveniently
packaged
you
don't
have
to
go
and
build
golden
images
all
these
things.
This
is
just
an
inherent
idea
built
into
the
operating
system,
and
you
get
all
of
that.
Goodness,
it's
all
delivered
by
the
team
upstream.
C
B
B
Exactly
I'm,
I'm
actually
very
surprised.
You
know
that
was
a
fear
that
I
had.
You
know.
I
remember
us
going
to
our
first
kubecon
and
people.
I
was
like
man
we're
going
to
tell
people
that
there's
no
ssh
and
they're
going
to
turn
around
and
walk
away
and
they
actually
leaned
into
over
the
desk
and
wait
there's
no
ssh.
I
love
that
idea
and
so
yeah.
I
think
I
think
the
industry
is
definitely
ready
for
this,
so
yeah.
B
A
A
Well,
I
I
do
use
ssh,
but
if
there
is
a
different
method
for
it,
I'm
I'm
all
for
it.
So
I
know
the
shortcomings
of
I
think
yesterday
or
two
days
ago
I
advised
the
user
to
not
set
a
password
on
the
git
user
for
ssh,
just
because
it's
a
security,
vulnerability
or
possible
attack
vector
so
not
using
ssh
is
a
good
idea
in
various
scenarios.
A
C
I
mean
practically
from
from
let's
say
our
day:
job
is
like
this.
For
example,
you
do
some
terraform
infrastructure
as
code,
then
you
have
your
kubernetes
cluster
and
your
ssh
keys
and
then
a
new
member
joint,
and
then
you
always
struggle
and
make
ssh
keys,
new
and
right
re-run,
your
terraform
state.
So
it's
really
annoying
yeah
ridiculous.
So.
B
Yeah
and
then
nine
times
out
of
ten
that
same
user
needs
permissions
within
kubernetes,
even
right,
and
so
they
have
different
roles
based
on
where
they're
operating
you
know.
With
with
the
api,
it's
you
can
we
have
this
vision
of
kind
of
unifying
using
kubernetes
rbac,
even
to
define
what
apis
you
have
access
to
within
talos
itself,.
A
And
I
think
from
from
a
user
perspective,
I
don't
need
ssa
ssh
access
to
most
servers
and
at
gitlab
I
don't
have.
I
don't
have
it
so.
I
cannot
break
anything,
but
I
cannot
also
cannot
like
look
into
this
stuff.
I
need
an
abstracted
way
and
then
I
get
an
api
and
maybe
an
event
stream
or
something
like
that
or
work
wherever
I
can
see
what
I
need.
C
A
Most
often
times
when
I'm
debugging
something
or
when
I
want
to
change
something,
I
need
a
scope
view,
but
I
don't
want
to
like
search
it
myself
and
okay.
I
can
do
that
totally
on
the
server
on
the
terminal,
but
in
the
end
it
would
be
much
more
nicer
to
have
an
api.
Have
a
web
interface,
maybe
and
automate
everything.
B
That's
exactly
it,
you
know
it's!
I
I
always
ask
people,
you
know
the
people
that
do
say
well,
I
need
ssh,
I'm
like
well.
What
is
it
that
you
want
to
get?
Well,
I
gotta
hop
on
and
figure
out,
what's
going
wrong?
Well,
what?
If
there's
an
api
that
can
tell
you
what's
going
wrong?
You
could
do
the
same
things
over
an
api,
oh
okay,
yeah!
So
it's
really
not
about
ssh
the
technology
itself.
I
mean.
Maybe
there's
some
people
out
there
that
really
love
ssh
and
they
think.
B
B
A
B
B
B
All
of
these
little
components
here,
they're
all
individual
apis-
that
we're
kind
of
in
go
we're,
kicking
off
as
go
routines
and
we're
aggregating
this
data
and
we're
refreshing
this
screen
as
we
go,
and
so
this
is
all
api
driven
at
the
end
of
the
day,
and
I
can
cycle
through
at
the
bottom
here
I
could
say,
look
at
different
machines
and
I
could
even
you
know,
exit
out
of
this
and
let's
take
a
look
at
a
list
of
processes.
For
example,.
B
Oh,
that
is
ugly
notice
that
it's
prefixed
here.
Let
me
let
me
do
this.
This
looks
better
still
in
the
in
the
front.
Here
I
want
to
point
out
something.
That's
kind
of
interesting
is
we're
able
to
aggregate
this
data
so
the
way
that
this
roughly
works
is.
I
have
within
my
configuration
file
right
now,
I'm
telling
telo
ctl
that
I
want
to
talk
to.
I
want
to
talk
to
three
different
nodes.
B
I
want
to
talk
to
cp
0,
1
and
2,
and
I
want
to
ask
them
for
a
list
of
their
processes,
and
so
you
submit
this
request
to
a
control,
plane
node
within
talos,
and
it
goes
off,
and
it
makes
this
request
on
your
behalf
to
those
nodes
aggregates
that
data
and
gets
it
sent
back
so,
for
example,
where
this
can
be
really
useful.
Sometimes
I
use
this
a
lot
is
say
looking
at
the
logs
of
etcd.
B
Sometimes
you
know
you
have
three
different
terminals:
open
you're,
trying
to
figure
out
what
one
etcd
thinks
versus
another.
You
can
see
all
of
them
here,
cp0!
Well,
let
me
scroll
way
up.
Here's
cp2!
This
is
an
aggregate
of
the
logs
of
all
the
etcd
services
that
are
running
within
the
cluster
talus
ctl
services.
B
B
Basically,
it's
the
connection.
It's
the
exposed,
it's
the
thing
that
has
an
exposed
port
that
actually
serves
the
api
on
each
machine.
We
have
container
d.
That
is
the
only
cri
that
we
offer
currently
sorry,
I
should
clarify.
We
have
container
d
because
we
do
run
one
service
here
called
trustd
in
a
different
instance
of
container
d,
which
is
backed
by
ephemeral
storage.
B
B
B
Let
me
show
one
node
for
now,
I'm
going
to
show
you
the
resource
definitions.
These
are
almost
like
crds
within
kubernetes
that
cp
that
the
node
cp0
knows
of
these
are
all
the
registered
sort
of
imagine
them
as
crds.
Again,
we
have
address
specs,
address
statuses,
link,
specs,
link,
statuses,
I'm
going
to
just
look
for
all
the
networking
specific
things.
B
B
B
It
has
a
single
single
configuration
file
where
all
of
these
things
are
kind
of
like
the
machine.
For
example,
the
networking
is
kind
of
an
entire.
It's
just
a
single
thing
right
and
it's
got
interfaces.
It's
got
a
host
name,
it's
got
a
list
of
name
servers.
It's
got
a
list
of
you
know,
time
servers
so
on
and
so
forth,
different
ways
that
you
can
configure
the
networking
for
this
particular
node.
But
it's
a
single
thing.
B
B
C
B
B
B
C
C
B
B
B
B
B
C
Could
you
could
you
like,
so
the
you
could
run
prompt
tail
as
a
demon
set
correctly,
but
you
need
to
figure
out
the
access
to
the
talos
api?
That's
more
the
issue
right,
yeah,
okay,
yes,
exactly
yeah!
I
would
have
another
question
like
for
me
like
when
you,
for
example,
often
when
you
run
kubernetes,
you
need
some
certificate
like
the
lcd
is
a
pki
certificate,
the
key
and
so
on
so
and
kubernetes.
Maybe
you
would
copy
it
or
you
can
mount
the
host
path
and
then
you
have
access
to
the
certificates.
B
You
know
space
and
actually
execute
different
binaries
like
mount
or
iscsi
adm,
or
you
know
all
these
different
things,
and
we
are
not
big
fans
of
that.
We
don't
think
that
that's
the
way
to
go,
we
don't
think
mounting
up.
Host
paths
is
a
way
to
go,
so
we
do
have
talos
like
we
do
have.
We
do
have
apis
like.
What's
it
called,
I
don't
remember
the
name
of
it.
There
are
etsyd
specific
apis,
so
you
know
it
could
be
possible
that
maybe
we
provide
those
just
as
an
example.
C
B
B
We
create
this
directory
called
slash
system
which,
which
is
basically
a
temp
fs,
and
this
basically
holds
runtime
data.
That's
completely,
you
know,
reproducible
on
every
run,
but
we
also
do
have
one
place
where
things
are
persisted
and
that
is
in
slash
var.
So
the
kubelet's
data
is
persisted,
scd's
data,
container
d,
so
on
and
so
forth.
B
That
is
the
only
writable
place
now
that
being
said,
when
you
perform
an
upgrade
within
talos
the
default
way
of
doing
an
upgrade,
is
we
actually
shut
everything
down,
except
for
pig,
one
unmount
all
mounts,
and
then
we
completely
wipe
the
disc
from
underneath
talos
and
we
reinstall
it
as
a
brand
new
node.
It's
a
way
to
kind
of
do
like
in
place
pets,
first
cattle.
This
idea
of
like
replacing
a
node
rather
than
upgrading
a
node.
Our
upgrades
are
actually
full
on
replaces
but
they're
in
place.
B
If
that
makes
sense,
and
so
slash
var,
we
label
it
as
ephemeral.
We
tell
you.
Yes,
it
is
persisted
across
reboots,
but
it
is
not
persisted
across
upgrades.
That
being
said,
that
posed
a
problem
for
single
node
clusters,
which
we
do
have
people
running
in
production.
So
we
do
have
a
way
to
say,
preserve
the
data.
So
you
have
options
within
talos
to
how
you
want
to
perform
that,
but
yeah
that
slash
var
is
the
only
writable
place.
Essentially.
C
B
So
that's
in
so
we
do
have
we
have
one
more
partition
that
talos
saves
things
too
and
it
currently
today
it's
called
the
state
partition
and
it
just
stores
the
configuration
file,
and
so
that
is
persisted
other
than
that.
It's
not.
You
could
tell
talos
even
to
not
save
anything
or
sorry
to
always
pull
its
configuration
file.
That
is
also
an
option.
B
B
B
B
B
B
B
B
B
What
I
was
wanting
to
show
you
guys
is
that
I
was
going
to
add
a
dummy
interface
and
it
would
just
be
created.
You
know,
declaratively,
I'm
going
to
say
I
want
this
interface
called
dummy
zero
and
it
is
a
dummy
interface.
I
want
you
to
create
it
for
me.
It
makes
it
happen
as
opposed
to
hopping
onto
the
machine
with
ssh
finding
out
which
ip
command
you
have
to
run
and
adding
an
interface.
It's
not
a
human
doing
it.
You
submit
this
to
the
system.
The
configuration
file
declaratively
defines
what
you
want.
B
Oh,
that's
just
a
you
know
it's
kind
of
like
when
you're
in
kubernetes
and
you
get
those
controllers
they.
I
don't
know
if
you
guys
have
used
the
controller
runtime
in
kubernetes,
but
it
has
this
when
you
log
in
air.
It
has
this
like
stack
trace.
That
looks
really
nasty
and
it's
scary,
but
it's
really
just
logs
at
some
point
we
were
failing,
but
it's
not
currently
failing.
B
B
B
B
B
Well,
it's
actually
not
talos,
so
I
gotta
dust
off
the
old
skills
and
see
what
happens
yeah.
So
I
messed
up
this
machine.
I
I
so
here's
the
problem
with
networking.
This
is
probably
a
good
chance
to
talk
about
some
of
the
things
that
we
can
see.
Road
mapping,
wise
validation
on
the
config
is
something
that
we
want
to
do,
especially-
and
in
this
case
it's
very
apparent
around
the
networking
stack.
B
You
know
you
can
easily
mess
up
the
networking,
auto
roll
rolling
back
of
that
configuration
if
the
networking
goes
away,
something
to
that
effect
and
yeah
again
just
validating
settings
letting
you
know
that
this
thing
is
not
a
known
field
or
this
field
is
mis.
You
know
it's
not
a
valid
option,
we're
working
towards
that.
We
have.
We
have
some
of
that
today,
but
we
need
to
flesh
that
out
a
little
bit
more
and
just
general
configuration
management
within
talos.
B
Again,
talking
about
the
machine
configuration
file
being
one
big
file
where
we're
playing
with
this
idea
of
having
it
feel
very
much
like
kubernetes,
where
you
have
a
bunch
of
yamls
that
represent
the
config
collectively
and
you
can
submit
them
individually,
you
can
submit
them.
You
know
multi-doc,
so
on
and
so
forth.
Very
much
like
kubernetes.
A
C
B
We
have
this
particular
cluster
is
running
in
our
data
center
and
we
want
to
be
able
to
burst
out
to
equinix
metal
for
bigger
machines
that
we
may
not
have,
and
so
we
want
to
set
up
a
wire
guard
network
across
those
two
so
that
it
feels
like
a
single
network
and
we're
working
on
something
to
make
that
completely
automated.
Because
with
wire
guard,
you
got
to
send
up
set
up
your
peers.
B
You
got
to
set
up,
you
know
all
these
different
things
and
we
have
something
that
we're
going
to
be
coming
out
with
where
you
can
do
that
automatically
and
it'll
all
be
driven
via
the
configuration
file
for
talos
and
completely
automatic,
so
yeah,
nothing
out
of
the
box.
But
we
are
working
on
ways
to
use
wireguard
for
these
hybrid
cluster
scenarios.
B
B
B
Simple
as
that
yep,
it's
very
useful
in
your
like
home
environments,
even
vmware,
like
that,
we
we
have
some
users
that
were
struggling
to
figure
out
how
to
set
up
a
load
balancer
dynamically
based
on
vms
ips.
You
know
you
got
to
be
able
to
have
kubernetes
api,
be
they
just
use
the
virtual
ip
and
now
you
have
an
cluster
and
it's
really
really
simple.
It's
it's
a
it's
a
really
cool
feature
of
talos.
I
think.
A
B
B
But
if
you
want
it
on
real
hardware,
we
have
an
iso
and
the
way
that
that
works
is
you
boot,
the
iso
and
then
talos
comes
up,
and
it
knows
that
it
has
no
configuration
file.
It
knows
that
it's
running
in
iso,
and
it
knows
also
too
that
talos
has
not
been
previously
installed,
and
so
what
it
does
is
it
sits
there
with
an
unsecured
port.
B
I
know
that
sounds
bad,
but
it
sits
there
and
it
says:
okay,
I'm
waiting
for
a
configuration
file
to
be
pushed
to
me
and
so
it'll
print
this
out
onto
the
console.
It'll
tell
you
how
to
connect
to
it.
You
could
even
add
a
a
fingerprint
validation
for
the
cert.
If
you
feel
like
you
want
to
secure
it
in
some
way,
and
you
just
generate
the
configuration
file,
you
push
it
to
this
initial
node
and
it
bootstraps
itself,
and
you
have
yourself
a
kubernetes
cluster.
A
few
minutes
later.
A
B
A
B
Yeah,
actually,
we
have
a
whole
product
called
sedero
which
builds
on
top
of
cluster
api
and
basically
does
automated
provisioning
of
talos
and
we
use
ipmi
to
do
part
power
management
of
all
the
nodes
and
it
bootstraps
kubernetes
clusters.
For
you
on
your
bare
metal.
It
comes
with
the
ipxc
pixie
tftp
service,
a
service
for
talos
to
get
its
metadata
from,
and
it's
just
a
nice
way
to
to
kind
of
manage
your
bare
metal
infrastructure.
In
fact,
it's
all
just
kubernetes
crds.
At
the
end
of
the
day,
we
call
them
servers.
B
A
B
No
really,
it
has
servers
but
not
server
classes.
I'm
probably
fat
fingering,
something
anyways.
We
have
this
idea
of
server
classes
and
basically,
what
that
means
is
you
can
have
these
things
called
qualifiers,
which
say
you
know
anything.
That's
a
super
micro
motherboard
with
this
type
of
intel
cpu
and
this
much
ram
so
on
and
so
forth.
This
is
a
t2
micro
within
our
data
center
and
then
you
can
tell
sedero.
B
B
S-I-D-E-R-O-Dev,
so
we
didn't
get
server
classes
because
when
the
cli
creates
the
cluster,
it's
done.
It
basically
sets
up
your
coop,
config
and
talo
ctl
to
speak
to
it
automatically
out
of
convenience.
So
it
switched
the
context
out
from
me,
but
here's
what
server
classes
look
like?
We
have
a
general
medium
x86
and
I
have
one
that
is
available
and
three
that
are
in
use
currently.
A
B
X,
86,
64.
yeah,
so
currently
we
only
support
x,
86,
64
and
amd
64.
or
sorry
arm
64..
So
you
know
spinning
up
talos
on
a
raspberry
pi.
We
have
actual
pre-made
images
that
you
just
flash
to
an
sd
card
turn
it
on
and
then
talo
sits.
There
waits
for
the
config
to
be
pushed
to
it,
and
then
you
have
yourself
a
home
cluster.
A
few
minutes.
A
B
B
Now,
that's
too
small,
let
me
know,
but
you
can
see.
I
have
two
talos
containers
running
and
these
represent
my
nodes
right
now
on
my
local
laptop.
So
this
is
a
great
way
in
ci
cd,
for
example
like
we
run
talos
and
you
know
obviously
for
our
kubernetes
clusters
and
ci
cd
needs
and
then
on
top
of
that,
we're
actually
spinning
up
talos
within
kubernetes
as
containers
and
testing,
basically
creation
of
kubernetes
clusters,
and
this
is
a
great
tool
for
even
like
you
know,
you
can
give
your
developers
talos
ctl.
B
You
can
set
it
up
to
do
qmu,
but
that's
linux,
based
only
so
you
can
get
a
little
closer
to
emulating
production.
You
can
set
this
up
in
ci
cd,
so
it's
really
a
great
development
tool
and
being
able
to
bridge
the
gap
between
developers,
environments
with
production
and
testing
and
staging
and
so
on
and
so
forth.
C
B
What
is
it
telos
yeah?
We
have
this,
it's
kind
of
like
kubernetes,
dot,
cube
config.
We
have
a
talos,
slash
config,
and
this
contains
all
the
pki
that
you
need
in
order
to
communicate
with
the
node
and
in
zero
11.
What
we
added
is
our
back,
so
we
have
three
different
roles.
Right
now
we
have
a
reader
role,
we've
kind
of
decided
which
apis
are
safe
for
reading
like
getting
address,
network
addresses
interfaces
so
on
and
so
forth.
B
B
That's
exactly
what
we're
learning
and
that's
why
we're
building
a
ui,
so
this
is
this
is
a
I'm
basically
looking
at
that
same
cluster,
you
can
see
here's
the
node
that
I
messed
up.
It
is
not
ready,
and
so
now
I
just
gave
myself
some
work
for
the
date.
I'll
go
fix
that
after
this.
But
if
I
click
on
one
of
these
nodes
right,
remember
the
telo
ctl
dashboard.
This
is
not
completely
like
talus
ctl
dashboard
we're
still
working
on
this.
B
B
B
A
B
B
B
Yeah,
it's
actually
interesting
that
you
bring
that
up,
because
one
of
the
things
that
one
of
the
things
that
kind
of
is
the
vision
here
is
that
now
that
we
have
an
operating
system
that
has
an
api,
we
have
an
orchestration
system
that
consumes
that
api
and
also
provides
an
api.
We
have
metrics,
we
have
data.
B
Now
imagine
you
can
set
up
some
kind
of
you
know
piping
system
where
you
can
consume
this
data,
maybe
particularly
around
the
docker
daemon,
just
using
that
as
an
example
that
says,
if
the
memory
you
know
balloons
up
to
this
threshold,
you
know
use
the
apis
to
automatically
restart
the
system,
doing
something
like
that
over
ssh
or
ansible
tower.
All
these
things,
like
all
the
tooling
that
we
currently
have
just,
sounds
not
fun.
B
A
That's
that's
really
great
and
brings
me
to
an
idea
of
saying
hey.
You
can
do
it
like
on
your
own
in
telos,
but
you
could
also
plug
it
into
promises
and
alert
manager,
for
instance,
and
re
and
use
what's
possible
already
there.
So
people
are
already
like
used
to
prom
ql
and
the
alerting
rules
and
like
maybe
even
defining
annotations
in
grafana
and
if
you
plug
it
in
and
provide
a
channel
back
to
say,
hey,
I
just
want
to
do
create
an
event
which
automatically
restarts
something,
and
I
don't
want
to
do-
ssh
and
service.
A
Can
I
just
get
an
api
which
dumps
the
json
file
json
line
with
an
event
every
second
or
whenever
something
happens,
and
can
you
also
buffer
that
the
buffering
is
the
separate
point?
But
in
the
end
it's
like,
I
want
to
consume
it
live,
and
then
I
need
to
write
my
own
api
client
or
I
use
a
different
system,
a
daemon
yeah,
and
when
you
provide
that
to
users,
they
start
adopting
it
even
more.
And
then
it's
like
the
the
self
marketing
of
hey
everyone
talks
about
it
because
it
has
consumable
apis.
B
Exactly
yep,
I
mean
it's
really
just
it's.
It's
kind
of
what
operators
in
the
kubernetes
world
has
done
for
deploying
applications
and
managing
them
right.
You
just
submit
a
crd,
and
this
happens
I
mean,
and
you
can
make
decisions
based
on
events
so
on
and
so
forth
same
idea,
but
we
want
to
bring
that
down
to
the
operating
system
and
we
do
have
events
and
I'm
trying
to
show
them
to
you.
B
A
A
B
Yep,
something
happened
with
dns
there,
it
was
working,
but
you
know
anyways
I
switched
over
to
using
the
ip
addresses
and
you
could
see
everything
in
talos
going
back
to
what
you
were
talking
about,
mikhail
is
is
where
we're
trying
to
publish
as
an
event,
and
the
idea
is
that
you
can
make
decisions
based
on
those
events
consume
those
events,
and
maybe
you
look
for
particular
events
and
make
a
decision
based
on
that.
So,
for
example,
you
know
we
set
the
our
limit
here.
We,
you
know
started
container
d.
B
B
A
Yeah-
and
one
thing
we
also
did
in
the
past,
was
to
add
a
simple
filter
in
in
a
way
of
saying,
hey,
I
want
to
get
a
specific
event
type
or
I
want
to
yeah.
I
want
to
get
all
messages
where
this
string
is
inside.
Not
a
doesn't
need
to
be
a
regular
ex
can
be
just
a
wide
cut
pattern
or
something
so
to
not
so
that
you
don't
need
to
consume
the
whole
network
traffic,
but
the
server
filters
for
you
a
little
bit
yeah.
B
Even
like
even
you
know,
going
back
to
cozy-
and
we
have
this
idea
that
we're
going
to
be
name
spacing
resources,
so
the
whole
networking
name
space.
Maybe
your
networking
team
just
wants
to
get
events
related
to
networking.
So
you
can
say
give
me
all
events
related
to
networking
and
filter
on
those
right.
There's
there's
all
kinds
of
things
that
we
can
do
here.
A
So
you
you,
never
lose
something
which
you
might
be
needing
for
sla
reporting
or
for
your
persistent
logs
or
something
else
in
that
regard.
But
on
the
other
side
it
it.
It
is
an
advanced
feature.
So
you
at
first
glance
you
want
to
make
it
happen,
and
then
you
look
for
future
requests
and
how
easy
it
is
to
maintain
yeah
and
how
much
performance
impact
it
has
when
you
buff,
when
you're,
adding
buffering
all
the
time
exactly.
B
Yeah,
this
is
all
we
do
have
a.
We
keep
a
in
memory
buffer
of
x,
number
of
events,
and
you
know
eventually
it's
a
eventually.
It
all
gets
it's
a
circular
buffer.
So
eventually
it
all
goes
away,
but
you
can
look
back
into
the
history
and
that's
what
I'm
doing
here.
That's
what
this
tail
minus
one
is
doing.
B
A
B
B
Yeah
yeah
our
goal
at
the
os
level
is
to
really
give
you
the
tools
and
apis
to
make
these
higher
level
things
possible.
What
you're
talking
about
could
be
written
as
a
controller
within
kubernetes,
and
then
you
just
use
the
talus
apis
to
consume
that,
and
you
know
we
want
to
keep
the
operating
system
again.
Going
back
to
the
very
first
thing
I
talked
about
was
talos.
Is
ultra
minimal
not
just
minimal?
A
I
think
that
that
builds
out
a
great
storyline,
so
you,
like
you,
you
have
the
you
have
telos
as
the
the
operating
system
and
then
the
user
story
is
hey.
You
can
like
add
a
controller,
you
add
redis,
you
add,
I
don't
know
grafana
prometheus,
whatever
is
needed
around
it,
and
when
you
have
these
stories,
you
can
write
blog
posts
for
like
reaching
greater
visibility.
A
And
also
have
these
like
the
use
case
stories,
because
right
now,
I'm
learning
as
we
are
talking
what
telos
is
and
how
I
can
use
it,
but
I
also
think
that
others
might
be
wanna
learn
how
exactly
it
fits
or
what
what
you
can
do
and
when
you
imagine
like.
Oh,
it's
like
easy
logging.
I
think
logging
always
implies
that
you
need
to
have
elastic,
search
or
low-key.
B
A
Fluenty,
whatever
so,
like
the
the
whole
ecosystem
attached
to
it
and
you
dump
something
in
there
and
it's
hard
to
find
it
again,
maybe
like
when
it's
coupled
with
tellers
on,
like
on
a
on
a
simple
level,
just
to
see
the
the
events
or
the
the
logs
events.
Basically,
the
same
diving
even
further
into
like
observability
topics
like
tracing
or
distributed
tracing
is
super
hard
in
my
opinion,
especially
when
you
need
to
do
it
on
the
application
level
as
a
developer
learning
new
things.
A
B
Yeah,
exactly,
I
think
you
get
it
mikhail.
There's
a
an
api
driven
operating
system
really
just
opens
up
a
whole
new
paradigm
within
linux.
Distributions
that
I
think
we're
just
barely
beginning
to
tap
into,
and
it's
taken
us
a
while
to
get
to
this
point,
because
again
we
have
rewritten
the
entire
user
space
from
scratch
to
be
controller
based
on
a
modern
language
golang
and
with
kubernetes
type
ideas
into
it.
We're
not
taking
any
shortcuts,
and
so
you
know
we've
gotten
up
to
this
point.
B
But
you
know
all
the
things
that
we're
talking
about,
I
think,
is
going
to
take
a
wider,
broader
community,
which
is
why
I'm
happy
to
get
on
you
know
things
such
as
this,
and
we
just
got
to
spread
that
word
and
let
people
know
that
you
know
there
is
a
way
that
we
could
do
this
better
in
the
future.
I
think
so.
I
think
you
get
it.
We
got
to
get
there
and
talos,
I
think,
is
a
start
to
that
and
that's.
B
B
She's
sharing
a
lot
of
great
ideas
on
cozy
and
advocating
for
it
and
she's
at
the
cozy
meetings
regularly
she's
a
big
part
of
it
and
she
definitely
gets
the
vision.
We
were
just
talking
about
it
this
morning.
Actually-
and
you
know,
we
think
it's
gonna
take
a
while,
but
it
is
it's
the
path
to
go
for
sure,
and
you
know
our
meetings
are.
C
B
We
have
a
call
every
week
on
mondays
at
16,
30
utc
it's
on.
If
you
go
to
the
talos,
you
know
talos
github.com
systems,
slash
talos
in
the
readme.
You
can
see
a
link,
get
a
link
to
our
community
calls
and
cozy
itself
also
has
one
on
wednesdays.
And
if
you
go
to
github.com
cozy
dash
project
slash
community
in
the
readme,
there
will
also
be
a
way
for
you
to
join
the
join
the
party.
C
C
C
B
A
B
A
No
worries
I
was,
I
was
actually
like
following
telus.dev
for
the
for
the
project
website,
and
then
I
clicked
on
like
try
now
and
the
quick
start
tells
me
what
to
do.
I
was
just
curious
of
like:
is
there
a
a
different
way
or
is
the
like
the
the
the
live
demo
way
of
actually
doing
that?
So
that's
what
that's
really
nice
and
I
also
like
what
what
I
see
on
on
like
the
the
ui
level
on
the
api
level
and
also
the
vision.
What
if
so
like.
A
B
Yeah
we,
we
certainly
do
have
those
we
could.
Obviously
you
know,
as
with
all
projects
do
better
about
labeling
them,
but
I
will
say
that
talos
is
a
quite
low
level,
and
so
it
could
be
kind
of
a
big
undertaking
to
kind
of
grok
on
your
own,
but
we
have
a
very,
very
good
community.
So
if
you
go
to
our
slack
again,
that's
in
the
talos
read
me
and
join
our
slack.
B
The
community
is,
I'm
really
really
proud
of
our
community.
Everyone's
super
helpful.
We
we
talk
in
the
open,
a
lot
about
engineering
decisions.
Again,
the
community
meetings
are
a
great
place,
just
come
and
talk
to
us.
I
think
that
that's
the
best
way,
if
you're
not
getting
you
know
a
a
concept,
we're
always
happy
to
hop
on
a
call.
B
You
know
and
chat
through
some
of
the
ideas
get
opinions
on
things.
There's
there's
a
lot
of
people
in
our
community
that
influence
the
direction
of
talos
and
that's
what
we're
actually
pride
ourselves
in
is
where
we
try
to
be
data
driven
ask
our
community.
What
do
you
guys
want
and
go
and
make
that
happen,
and
we
have
people
that
are
contributing
a
very
big,
significant
things
to
talos,
but
it
does
have
a
little
bit
of
a
find
that
you
know
even
just
using
telus.
B
Obviously
that's
the
user
and
you're
asking
about
developers,
but
the
point
is
talos
does
have
a
learning
curve.
Even
you
know
translated
over
to
the
development
side
of
that,
because
it's
not
your
typical,
you
know
simple:
go
application,
we're
writing
a
completely
new
user
space,
everything's
controller
based
so
yeah
come
in
and
just
talk
to
us
and
and
join
our
join.
Our
slack
join
our
calls
and
we
can
get
through
it.
A
Yeah,
we'll
quickly
share
my
screen,
so
we
can
like
well,
I
will
I
have
opened
now,
and
this
will
also
be
linked
in
the
blog
post
later
on,
but
I
just
figured
that
the
documentation
is
huge.
It's
it's
really
inviting.
We
have
lots
of
guides
how
to
install
it.
The
introduction
provides
the
the
quick
start
guides,
which
we
just
talked
about
and
following
up
the
the
getting
started,
what
to
do
next
so
yeah
it
will
be
like
tried.
A
I
would
encourage
everyone
to
try
it
out
and
follow
the
documentation
join
this
lecture
and
let
us
I
think
there
is
a
discussion
board
as
well,
and
I've
also
seen
that
there
is
like
learn
more
with
the
philosophy,
the
concepts
and
the
the
architecture,
which
also
should
be
helpful
to
get
things
going.
Since
you
mentioned
that
it's
like
low
level
is
there
some
some
books
or
some
courses
or
some
presentations
you
maybe
recommend
in
in
watching
or
getting.
This
is
something
which
could
be
added
to
the
docs
as
well.
B
That's
a
good
question:
I
have
a
horrible
memory,
so
I'm
sure
I've
learned
from
a
lot
of
really
great
resources
and
I'm
not
gonna
do
any
of
them
justice,
and
so
I
won't
attempt
to
say
any
particular
book
or
whatever,
because
I
really,
I
think
linux
experience
is
obviously
you
know
crucial
fundamental
understanding.
You
know
how
linux
just
fundamentally
operates.
B
One
thing
that
actually
helped
me
a
lot-
and
this
is
this-
is
not
as
simple
as
reading
a
book
or
reading
a
blog,
but
linux
from
scratch.
Really
just
kind
of
really
takes
you
through
how
a
linux
distribution
is
built
from
the
bottom
up,
and
it
really
just
kind
of
is
eye-opening,
and
for
me
that
was
that
was
very
cool.
B
B
Build
this
in
some
special
phase
and
then
we're
going
to
there's
like
a
phase
two
building
it
so
that
you
end
up
with
the
tool
chain:
that's
completely
decoupled
from
your
host
system.
So
all
the
linker
search
paths
and
all
these
things
are
as
pure
as
possible
from
any
host
operating
system.
And
then
you
use
that
to
actually
build
your
packages,
which
will
make
your
distribution
eventually
so
you're
building.
B
A
A
I
I
know
some
portions
in
that
regard,
but
I
never
like
took
the
step
myself
of
saying:
hey,
I'm
compiling
my
own
linux
now,
but
it's
it's
really
interesting
to
to
learn
and
see
how
it
goes
or
how
it
actually
works.
In
the
background,
it
also
helps
you
with
debugging
exactly
sometimes
when
grub
is
not
working
for
some
reason,
because
windows
overwrote
the
boot
partition
for
some
reason,
then
it's
like
you
should
be
knowing
how
it
works
or
at
least
know
how
to
google
it
because
from
the
era
it's
yeah
exactly
interesting.
B
C
C
A
A
A
I
think
many
many
many
years
ago
when
I
was
in
vienna
at
the
student
store,
my
colleague
was
compiling
gen
2.
I
think,
and
compiling
the
tool
chain
took
one
day
and
compiling
the
operating
system
three
days
or
something
like
that,
so
it
was
in
2005
where
we
didn't
have
any
like
multi-core
cpus
back
then
so
it
took
a
while,
but
in
the
end
I
think
it's
great
to
yeah,
sometimes
dive
a
little
deep
deeper
into
into
all
the
stuff.
A
B
B
Well,
I
should
have
done
computer
science,
but
I
decided
to
do
physics
because
to
me
engineering
is
the
how
and
physics
kind
of
explained
the.
Why,
and
so
I
think,
when
you
dig
deep
into
you
know
something
like
lfs,
like
literally
building
something
from
scratch.
You
get
you
scratch
that
itch
of.
Why
was
it
done
this
way,
and
you
know
I
think
that
that
helps
you
do
the
how
better.
A
A
I
was
looking
in
the
docs
folder
and
wondering
why
it's
empty
the
thing
is,
or
this
could
be
an
idea
for
for
making
contributions
easier
to
add
a
link
to
each
website
and
say:
hey.
You
can
edit
this
website
on
github
or
in
the
repository
yeah,
to
make
it
more
discoverable
and
yeah.
I
allow
everyone
to
like
fix,
fix
the
typo
or
suggest
a
grammar
mistake.
A
grammar
suggests
a
better
documentation.
B
C
C
C
C
B
A
And
the
problem
is
with
an
acknowledgement
in
the
monitoring
system
I
kept
developing.
It
was
like
the
common
thing,
you
acknowledge
a
problem
and
it's
like.
Oh
not
again,
I
made
a
typo
and
yeah
anyhow.
I
think
I
don't
have
any
questions
anymore,
except
for
that.
We
want
to
try
it
out
and
philip
wants
to
prepare
the
next
session.
C
B
A
I
think
when
you
run
it
on
the
raspberry
pi
or
I'm
also
reading
pie
in
64
and
banana
pie,
and
what
and
other
things
in
the
docs
it's
it
has
this
like
hobby
playground
a
little
bit
at
least
it's
not
your
work
computer,
where
you're
sitting
in
front
of
all
the
day.
It's
it's
something
you
yes,
somehow
like.
I
built
lego
models,
it's
something
that
you
play
with
a
little
more.
B
B
A
B
So,
first
and
foremost
we
are,
we
are
committed
to
keeping
what
we
do
open
source
100,
open
source.
The
way
that
we
make
money
is
off
of
a
support
model,
and
you
know
professional
services
and
stuff
like
that.
We've
we're
doing
well
with
that,
and
you
know
it.
It
changes
based
on
the
customer.
I'd
say
the
pricing
model,
but
we
do
have
a
a
basic.
You
know:
here's
how
we
do
it
and
it's
basically
based
on
per
cluster
and
our
idea
is
that
really
the
the
risk
is
in
well.
B
Kitchen
yeah
someone's
in
the
kitchen
yeah
the
risk
is
in
the
control
plane
for
us
really,
since
talos
is
immutable
and
all
that
good
stuff,
adding
worker
nodes.
It's
kind
of
you
know
it
is
what
it
is.
It's
simple,
it's
simple,
there's
not
a
whole
lot
of
issue
there,
really
it's
protecting
the
lcd
data,
and
so
we
have
a
per
class
a
cost
per
cluster
and
that
comes
with
20
nodes
and
that
doesn't
include
the
control
plane
node.
B
B
Sometimes
that
doesn't
work
for
people
when
we
come
up
with
a
different
model,
especially
when
the
scale
is
really
big
and
we
we
kind
of
get
creative
with
it.
But
that's
the
rough
idea
there
we
do
have
an
enterprise
offering,
but
we're
not
really
looking
into
having
like
enterprise
proprietary
software.
That's
binaries
that
you
can't
download
for
free.
We
are,
you
know,
open
source,
open
source
nerds
at
heart,
so
that's
a
big
part
of
our
our
personality,
our
business
cultures,
open
source
is
very,
very
important
to
us.
A
B
We're
working
on
a
we're
working
on
a
project
that
we're
calling
argus,
which
is
basically
it's
going
to
be
a
big
abstraction
on
top
of
cluster
api
in
talos.
That's
really
going
to
move
closer
towards
this
vision
that
we
were
talking
about
earlier,
where
you
know
completely
automated
upgrades.
You
know
this.
If
this,
then
that
type
thing
you
know
providing
this
ecosystem
for
a
more
living
breathing
system,
that's
reactive
rather
than
waking
up
humans
and
doing
it
and
it's
called
argus
and
again
we're
building
it.
B
On
top
of
all
the
things
we're
working
up
to
that.
So
I'd
love
to
come
back
and
talk
about
that
when
that's
a
little
more
fleshed
out
yeah,
I'm
not!
I
don't
have
anything
on
the
schedule
to
talk
about
talos
after
this
tomorrow,
we're
going
to
be
on
clustered
that'll,
be
fun,
I'd
like
to
give
them
a
plug
that
that's
a
fun
little
project,
so
yeah
just
you
know
we're
heads
down
right
now,
really
we're
very
engineering
based
team
and
technology
driven.