Veganism Social

Jorijn SchrijvershofBought a ticket for <a href="https://toot.community/tags/TalosCon" class="mention hashtag" rel="nofollow noopener" target="_blank">#TalosCon</a> this year. It's held in Amsterdam, so close to home! :-)<a href="https://toot.community/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a> <a href="https://toot.community/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#TalosLinux</a>

Mauricio Teixeira 🇺🇸🇧🇷I'm two days behind on my Mastodon timeline because my K8s cluster project has been eating my brain. I probably should go to therapy instead. 🤣 <a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#HomeLab</a> <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#TalosLinux</a> <a href="https://hachyderm.io/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a>

Mauricio Teixeira 🇺🇸🇧🇷It's interesting when I go down this rabbit hole of learning new things: because of Talos I need to learn Talhelper (as opposed to Terraform), Cilium (as opposed to Calico/Flannel), LGTM (as opposed to Kube-Prometheus), and now I found out about Taskfile (as opposed to Makefile). My head is spinning. 😵<a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#HomeLab</a> <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#TalosLinux</a>

Mauricio Teixeira 🇺🇸🇧🇷After a good night of sleep I realized I was unfair on my rant about Talos Linux: it's not their fault.Setting up a basic cluster was easy. Doing the same with Talhelper was even easier.But it took me hours to set up UEFI secure boot and TPM disk encryption. Talos doesn't have a native way to manage secrets, and their Terraform provider is very incomplete. Talhelper made it less bad, even though still not ideal.Bootstrapping with extended security like encrypted local storage, privileged namespace exceptions and network firewalls were very cumbersome to implement. Apparently it's supposed to be easier if you do post bootstrapping.So, as you can see, my problems are mostly because I'm paranoid, and I want to run a home lab with the same level of automation and security as a production environment.I'm sure it's not supposed to be that hard for most people. Please don't get discouraged by my experience.I'm still working on getting it up and running the way I want. I'm getting there.<a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#HomeLab</a> <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#TalosLinux</a> <a href="https://hachyderm.io/tags/Azure" class="mention hashtag" rel="nofollow noopener" target="_blank">#Azure</a> <a href="https://hachyderm.io/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a>

Mauricio Teixeira 🇺🇸🇧🇷Seriously... Building this Talos Kubernetes cluster on my local home lab machine is turning out to be a lot harder than building an Azure AKS cluster. 🙄<a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#HomeLab</a> <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#TalosLinux</a> <a href="https://hachyderm.io/tags/Azure" class="mention hashtag" rel="nofollow noopener" target="_blank">#Azure</a> <a href="https://hachyderm.io/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a>

Mauricio Teixeira 🇺🇸🇧🇷And why did I choose Talos Linux instead of k3s, minikube, or so many other ways to deploy Kubernetes? Very simple answer: immutable deployment + GitOps. I have a number of hosts that need to run apt/dnf update on a regular basis. As much as this can be automated, it is still tiresome to manage. I don't have to worry as much about an immutable host running a Kubernetes cluster, mostly because the bulk of the attack surface is in the pods, which can be easily upgraded by Renovate/GitOps (which is also something I miss on the hosts running Docker Compose).Now the research starts. I know Kubernetes, but I don't know Talos Linux, so there's a lot to read because each Kubernetes deployment has it's own nitpicks. Besides, I need to figure out how to fit this new player in my current environment (CA, DNS, storage, backups, etc).Will my experience become a series of blog posts? Honestly: most likely not. In a previous poll the majority of people who read my blog posts expressed that they're more interested in Docker/Podman. Besides, the Fediverse is already full of brilliant people talking extensively talking about Kubernetes, so I will not be " yet another one".You will, however, hear me ranting. A lot.3/3<a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#HomeLab</a> <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#TalosLinux</a> <a href="https://hachyderm.io/tags/k3s" class="mention hashtag" rel="nofollow noopener" target="_blank">#k3s</a> <a href="https://hachyderm.io/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a> <a href="https://hachyderm.io/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8s</a>

Mauricio Teixeira 🇺🇸🇧🇷The main reason for replacing my Proxmox for a Kubernetes deployment, is because most of what I have deployed on it are LXC containers running Docker containers. This is very cumbersome, sounds really silly, and is not even recommended by the Proxmox developers.The biggest feature I would miss with that move would be the possibility of running VMs. However, so far I've only needed a single one for a very specific test, that lasted exactly one hour, so it's not a hard requirement. But that problem can be easily solved by running Kubevirt. I've done that before, at work, and have tested it in my home lab, so I know it is feasible. Is it going to be horrible to manage VMs that way? Probably. But like I said, they're an exception. Worst case scenario I can run them on my personal laptop with kvm/libvirt.2/3<a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#HomeLab</a> <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#TalosLinux</a> <a href="https://hachyderm.io/tags/Proxmox" class="mention hashtag" rel="nofollow noopener" target="_blank">#Proxmox</a> <a href="https://hachyderm.io/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a> <a href="https://hachyderm.io/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8s</a>

Mauricio Teixeira 🇺🇸🇧🇷Quick talk about the future of my home lab. (broken out in a thread for readability)After lots of thinking, a huge amount of frustration, and a couple of hours of testing, I am seriously considering replacing my Proxmox host for a Kubernetes deployment using Talos Linux.This is not set in stone yet. I still need to do some further investigation about how to properly deploy this in a way that is going to be easy to manage. But that's the move that makes sense for me in the current context.I'm not fully replacing my bunch of Raspberry Pi running Docker Compose. But I do have a couple of extra Intel-based (amd64/x86_64) mini-PCs where I run some bulkier workloads that require lots of memory (more than 8GB). So I am still keeping my promise to continue writing about "the basics", while also probably adding a bit of "the advanced". Besides, I want to play around with multi-architecture deployments (mixing amd64 and arm64 nodes in the same k8s cluster).1/3<a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#HomeLab</a> <a href="https://hachyderm.io/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#TalosLinux</a> <a href="https://hachyderm.io/tags/Proxmox" class="mention hashtag" rel="nofollow noopener" target="_blank">#Proxmox</a> <a href="https://hachyderm.io/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a> <a href="https://hachyderm.io/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8s</a>

Jorijn SchrijvershofJust had an interesting issue with Talos Linux. The network interface names changed after I created the initial configuration. During an OS upgrade, the floating API IP was not assigned to the new `etcd` leader, resulting in a broken cluster.Spun up a quick rescue box so I could work from within the VPC to reapply the corrected `MachineConfig`.Fortunately, the worker nodes remained unaffected and continued to operate normally.<a href="https://toot.community/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#TalosLinux</a> <a href="https://toot.community/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a> <a href="https://toot.community/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevOps</a>

xyhhx 🔻 (plz hire me)i wonder if i could get talos to run on qubes<a href="https://nso.group/tags/talos" class="mention hashtag" rel="nofollow noopener" target="_blank">#talos</a> <a href="https://nso.group/tags/talosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#talosLinux</a> <a href="https://nso.group/tags/qubes" class="mention hashtag" rel="nofollow noopener" target="_blank">#qubes</a> <a href="https://nso.group/tags/qubesOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#qubesOS</a> <a href="https://nso.group/tags/kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#kubernetes</a>

Scott Williams 🐧Here's the interesting thing about that, though: It is *not* currently possible to run an Elemental downstream cluster in Harvester, but it should be possible to deploy a TalosLinux cluster on Harvester, though not as a Rancher downstream cluster, by provision nor adoption, since Rancher agent very much assumes you're running k3s/RKE2. But you could just spin up Talos VMs in Harvester with bridged networking, etc, and it should work.<a href="https://mastodon.online/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a> <a href="https://mastodon.online/tags/Rancher" class="mention hashtag" rel="nofollow noopener" target="_blank">#Rancher</a> <a href="https://mastodon.online/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#TalosLinux</a>

Scott Williams 🐧Someone at SCaLE asked me about running <a href="https://mastodon.online/tags/Rancher" class="mention hashtag" rel="nofollow noopener" target="_blank">#Rancher</a> on <a href="https://mastodon.online/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#TalosLinux</a>. Strictly speaking, it should be possible in <a href="https://mastodon.online/tags/Harvester" class="mention hashtag" rel="nofollow noopener" target="_blank">#Harvester</a> since I remember getting it to run in Eucalyptus. It is possible to do <a href="https://mastodon.online/tags/Longhorn" class="mention hashtag" rel="nofollow noopener" target="_blank">#Longhorn</a> in Talos as well, but I don't know about k3s/RKE2, but it doesn't seem practical (or possible, or in any way supported) to do that over Sidero Metal for Talos or SLEMicro for Rancher.<a href="https://mastodon.online/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a>

Recent searches

Search options

Administered by:

Server stats:

#TalosLinux