kubefirst VS talos

this isn't just any typical friday for us though, this is the day that we've been awaiting forever!!! we're excited to announce that not only did we release a new awesome UI for the kubefirst instant gitops platform, and not only is it all still free and installs gitops platforms in minutes, and not only is it an incredible new user experience, but we even let you play our new video game flappy-kray during the cluster provisioning operation. 😱🚀🎮

[cofounder alert] Would love for you to consider our kubefirst instant gitops FOSS platforms. Fully managed K8S: our platform provisions managed kubernetes clusters in our cloud versions of the platform - or k3d clusters when running the platform locally Support for cross cloud and bare metal: we support aws, civo, vultr*, digitalocean*, and apply our k3d platform to bare metal stories, but our homelabs community is going in some neat new directions for bare metal k8s as well. Installation on new machines should be fully automatic: 100% - single command Terraform: all infra (terraform) and app config (argocd) is powered by a gitops repository that we give you, the tf is wired up and automated with atlantis, and your changes to the platform are a pull request away. love most of our tools, but hate a couple and want a bunch more - no problem, start here. --- stuff you didn't ask for: - application delivery with argo workflows preintegrated with github or gitlab with self hosted runners - secrets management, user management, and an oidc provider with hasicorp vault that's automatically configured throughout the platform. vault is our single source of truth for every secret throughout the platform (apps, iac, ci, etc) - cluster management: management of workload clusters (rancher like) will be release in 2.2 in a few weeks. we have to release our new ui first in 2.1 and that's expected in the next week or two. --- it seems like with the immediate cross cloud / hybrid needs you have, you may need more out of cluster management than we can offer today, but it's the focus for the next 2 releases. we're an open source free solution that's trying to solve a lot of the problems that you're up against, we have an active community and would love to help support your use case.

nothing blew up accidentally this week, but our team at kubefirst is falling more and more in love with aws-nuke. it's an open source command line tool that lets you basically reset an aws account back to an empty state. if you have an environment where you regularly practice your platform provisioning, you probably know that failed destroys while iterating on orchestration can leave junk behind pretty easily. aws-nuke has been so nice to be able to blow away everything in an aws account - and then we just run terraform in the account to get all our core infra back afterward. nice allowlist filters and dryrun detail work too. check them out.

we'll be looking into leveraging this technique at kubefirst - wondering if anyone here has other thoughts on the tech used in this piece or any FOSS alternatives we should be considering for container sig validation? this seems just about as frictionless as the discipline can get - but don't know what other gems might be out there in this space that folks may be flipping over.

at kubefirst we internally love both helm and kustomize. to build our instant oss gitops platforms we use both.

at kubefirst we build containers a lot - gitops ci pipelines are part of our instant oss platforms. i ran into this issue a few years ago that blew my mind and i haven't been able to reproduce until yesterday.

check us out if it sounds neat ⭐ https://github.com/kubefirst/kubefirst

Kubernetes: launch a service of your choosing, like Pritunl VPN. Dockerize it, create some helm charts for it, set it up in a CICD pipeline of your choosing. There's also a project called nebulous you might want to check out that aims to demonstrate k8s capabilities with a live env but it's very early stages. If you can do the former task in, say, DigitalOcean, you'll have a good head start. I can send you some additional "homework" you can work on if you'd like as well and the solution to the first task I mentioned just DM me.

Super cool. I always enjoy reading about systems that challenge, well, "ossified" assumptions. An OS not providing a shell, for example? Madness! ... or is it genius, if the OS has a specific purpose...? It's thought-provoking, if nothing else.

I'm a bit skeptical of parts. For instance, the "init" binary being less than 400 lines of golang - wow! And sure, main.go [1] is less than 400 lines and very readable. Then you squint at the list of imported packages, or look to the left at the directory list and realize main.go isn't nearly the entire init binary.

That `talosctl list` invocation [2] didn't escape my notice either. Sure, the base OS may have only a handful of binaries - how many of those traditional utilities have been stuffed into the API server? Not that I disagree with the approach! I think every company eventually replaces direct shell access with a daemon like this. It's just that "binary footprint" can get a bit funny if you have a really sophisticated API server sitting somewhere.

[1]: https://github.com/siderolabs/talos/blob/main/internal/app/m...

[2]: https://www.talos.dev/v1.6/reference/cli/#talosctl-list

Where `kube.cue` sets reasonable defaults (e.g. image is /). The "cluster" runs on a mini PC in my basement, and I have a small Digital Ocean VM with a static IP acting as an ingress (networking via Tailscale). Backups to cloud storage with restic, alerting/monitoring with Prometheus/Grafana, Caddy/Tailscale for local ingress.

[1] https://www.talos.dev/

[2] https://cuelang.org/

Looks somewhat similar to the talos Linux project[1]

[1] https://www.talos.dev/

Talos Linux basically implements their entire userspace in Go and its similar to BottleRocketOS, because it is designed to host Kubernetes.

https://www.talos.dev/

You might be surprised to find that Talos os (linux distro for kubernetes) mostly uses Go: https://github.com/siderolabs/talos

I've been using a 3 nuc (actually Ryzen devices) k3s on SuSE MicroOS https://microos.opensuse.org/ for my homelab for a while, and I really like it. They made some really nice decisions on which parts of k8s to trim down and which Networking / LB / Ingress to use.

The option to use sqlite in place of etcd on an even lighter single node setup makes it super interesting for even lighter weight homelab container environment setups.

I even use it with Longhorn https://longhorn.io/ for shared block storage on the mini cluster.

If anyone uses it with MicroOS, just make sure you switch to kured https://kured.dev/ for the transactional-updates reboot method.

I'd love to compare it against Talos https://www.talos.dev/ but their lack of support for a persistent storage partition (only separate storage device) really hurts most small home / office usage I'd want to try.

If you’re interested in something not AWS check out Talos https://www.talos.dev/

It’s been around longer than Bottlerocket

Can't talk about work, but my homelab is Azure and Oracle managed k8s (AKS/OKE), with onprem Talos soon (Turing Pi 2). My Flux monorepo has the details. OKE performs noticably worse (update cycle, features, control plane performance), but it provides 4 ARM cores and 24GB RAM free so I can't complain

Talos