OPS
talos
OPS | talos | |
---|---|---|
11 | 43 | |
1,203 | 5,335 | |
1.2% | 3.3% | |
8.7 | 9.7 | |
7 days ago | 5 days ago | |
Go | Go | |
MIT License | Mozilla Public License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
OPS
-
Nanos – A Unikernel
I am a bit confused, there are three sites:
* https://nanos.org/
* https://nanovms.com/
* https://ops.city/
And I am not sure what "thing" I am using. Is there some disambiguation? I know is OPS is the orchestration CLI, but I am confused at the difference between Nanos and NanoVMs. What should I call the section of my README that deals with this tech? Currently gone with Nanos/OPS but I am confused.
-
AsmBB – a lightweight web forum engine written in assembly language
Sorry - just now seeing this.
We don't have any $7/unikernel offerings out there at all. We do have a desktop app that costs $7.
As for your other comment - one of the really awesome things about unikernels is that you don't have to roll your own infrastructure.
The way these are made is that all the infrastructure management is pushed onto the cloud of choice.
I'd highly encourage you to if you haven't to download https://ops.city and try to deploy something to GCP or AWS or wherever - it's free and would answer a lot of questions/assumptions you might have.
-
Gokrazy – Go Appliances
I've been looking at a few.
https://github.com/cloudius-systems/osv
https://ops.city/ (also nanovms) - this is one that I actually got working to at least demo state
-
Kolibri OS: fits on a floppy disk, programmed using interrupts
I work with https://nanos.org && https://ops.city - we can run thousands of these on commodity hardware.
-
Ask HN: Best Way to Harden a Server?
Might be a rhetorical question but are you on the cloud?
If so what language, apps are you running? I'd encourage you to take a look at https://ops.city && see if that is something that would work well for your use-case. It effectively turns your application into a server with no ability to run other programs on it and doesn't even have the notion of users or the ability to ssh in. The auditing requirements you are looking for go way down too as most of the things like "open a port", "log when rm -rf ~/.bash_history", or things like that simply don't happen. We actually measured the security controls from the the STIGs that are referenced in the other post and were seeing up to 70% reduction in them when deploying like this versus a deb/ubuntu instance, not to mention you don't have a half-dozen different interpreters, tens of users, thousands of shared libraries, etc.
Happy to answer any questions as I'm one of the authors/maintainers.
-
Running Postgres as a Unikernel
Definitely agree with the top part, however, I should note that, ops, the tool's, whole existence is to create disk images and upload them to any cloud, any hypervisor.
In particular, both https://ops.city && https://nanos.org are Go unikernels running on GCP and their deploys take just a few seconds to push out. AWS can be even faster cause we skip the s3 upload part. We also have lots of people using Azure which would be utilizing vhdx.
-
Apple Virtualization Framework
Translating x86 -> arm or vice-versa is always going to be slow. No amount of software will ever overcome that. If you are using arm you really need to embrace it. Running x86 on arm is only a hack - whether it's apple or some random github - it will only ever be a hack. It is one thing to dev on arm and deploy to x86 but expecting x86 to perform remotely close to the same exp on arm isn't something that's going to happen.
Having said that..
If you really want to run x86 images on arm, and while we're definitely not 1:1 with docker (and don't want to be) we're interested in people's experiences with https://ops.city as there is native hardware accelerated arm support and x86 on arm. (I'm with the company behind it.) It's definitely going to be more performant than a docker image since docker/k8s not only rely on a full blown linux but also abuse iptables, et al. It also has support for bridging (outside of the vm) and 9pfs so that would help alleviate your pain.
-
Applications available in unikernels?
I'm with that organization that works on https://nanos.org and https://ops.city . If you aren't a software engineer but still would like to use unikernels you're in luck - we also have a package repository at https://repo.ops.city/ (running as a go unikernel on GCP) that will allow you to run and deploy pre-made applications. If you don't see something that you'd like to us there's also a way of importing docker containers into unikernels via ops which works for most (but not all) applications.
-
Unikernels: The Next Stage of Linux's Dominance
For instance the filesystems have no permissions because there are no users because it is only running one process. Linux is ~30M LOC and half of that is drivers. When you deploy to a cloud you only really need a handful of drivers - something to talk to the disk, the network, a clock, etc. That's very different than deploying to bare metal servers where you have hundreds of different nics, usb, disk drives, etc. .... but it goes a lot further than that. The CFS scheduler and others are written specifically with the intention that the operating system is going to have to manage tens or hundreds of applications with tens of users. If you go to AWS and boot up a linux instance you'll find around a hundred programs running without you installing anything - even if it is on a vm with only one thread. Multiple processes which unikernels eschew come with a ton of baggage. Shared memory, IPC calls, scheduling, permissions, etc. We used to get questions asking why we didn't just make patches to linux (which this paper argues for btw) and the answer is simple - doing so is actually more work and harder to deal with than just writing a new unikernel specific kernel from scratch which is what we did. Might be worth pointing out that I've worked at a unikernel company for the past 5 years that is in charge of the open source https://nanos.org and https://ops.city toolchains.
-
Nanos: A kernel designed to run one and only one application
You an also build from source here: https://github.com/nanovms/nanos && https://github.com/nanovms/ops .
There are also packages available through AUR/homebrew and the like: https://ops.city/downloads .
The script is only there facilitate the 'install' such as ensuring you have qemu installed locally or assessing whether you have kvm/hvf rights/etc.
Also, I don't think this is documented yet but you can target various PRs/builds with ops via this way:
ops run /bin/ls --nanos-version d632de2
talos
-
There are only 12 binaries in Talos Linux
Super cool. I always enjoy reading about systems that challenge, well, "ossified" assumptions. An OS not providing a shell, for example? Madness! ... or is it genius, if the OS has a specific purpose...? It's thought-provoking, if nothing else.
I'm a bit skeptical of parts. For instance, the "init" binary being less than 400 lines of golang - wow! And sure, main.go [1] is less than 400 lines and very readable. Then you squint at the list of imported packages, or look to the left at the directory list and realize main.go isn't nearly the entire init binary.
That `talosctl list` invocation [2] didn't escape my notice either. Sure, the base OS may have only a handful of binaries - how many of those traditional utilities have been stuffed into the API server? Not that I disagree with the approach! I think every company eventually replaces direct shell access with a daemon like this. It's just that "binary footprint" can get a bit funny if you have a really sophisticated API server sitting somewhere.
[1]: https://github.com/siderolabs/talos/blob/main/internal/app/m...
[2]: https://www.talos.dev/v1.6/reference/cli/#talosctl-list
-
Show HN: Workout Tracker – self-hosted, single binary web application
Where `kube.cue` sets reasonable defaults (e.g. image is /). The "cluster" runs on a mini PC in my basement, and I have a small Digital Ocean VM with a static IP acting as an ingress (networking via Tailscale). Backups to cloud storage with restic, alerting/monitoring with Prometheus/Grafana, Caddy/Tailscale for local ingress.
[1] https://www.talos.dev/
[2] https://cuelang.org/
-
Google/Gvisor: Application Kernel for Containers
Looks somewhat similar to the talos Linux project[1]
[1] https://www.talos.dev/
-
Gokrazy – Go Appliances
Talos Linux basically implements their entire userspace in Go and its similar to BottleRocketOS, because it is designed to host Kubernetes.
https://www.talos.dev/
-
Old Unix programs running on modern computers
You might be surprised to find that Talos os (linux distro for kubernetes) mostly uses Go: https://github.com/siderolabs/talos
- Talos Linux – a minimal, hardened Linux distro for running Kubernetes
-
K3s – Lightweight Kubernetes
I've been using a 3 nuc (actually Ryzen devices) k3s on SuSE MicroOS https://microos.opensuse.org/ for my homelab for a while, and I really like it. They made some really nice decisions on which parts of k8s to trim down and which Networking / LB / Ingress to use.
The option to use sqlite in place of etcd on an even lighter single node setup makes it super interesting for even lighter weight homelab container environment setups.
I even use it with Longhorn https://longhorn.io/ for shared block storage on the mini cluster.
If anyone uses it with MicroOS, just make sure you switch to kured https://kured.dev/ for the transactional-updates reboot method.
I'd love to compare it against Talos https://www.talos.dev/ but their lack of support for a persistent storage partition (only separate storage device) really hurts most small home / office usage I'd want to try.
-
Bottlerocket – Minimal, immutable Linux OS with verified boot
If you’re interested in something not AWS check out Talos https://www.talos.dev/
It’s been around longer than Bottlerocket
-
What kubernetes platforms do you use in your production environment?
Can't talk about work, but my homelab is Azure and Oracle managed k8s (AKS/OKE), with onprem Talos soon (Turing Pi 2). My Flux monorepo has the details. OKE performs noticably worse (update cycle, features, control plane performance), but it provides 4 ARM cores and 24GB RAM free so I can't complain
-
Help with Kubernetes the hard way V1.26
Talos
What are some alternatives?
nanos - A kernel designed to run one and only one application in a virtualized environment
k3sup - bootstrap K3s over SSH in < 60s 🚀
elvish - Powerful scripting language & Versatile interactive shell
microk8s - MicroK8s is a small, fast, single-package Kubernetes for datacenters and the edge.
mitchellh/cli - A Go library for implementing command-line interfaces.
kubespray - Deploy a Production Ready Kubernetes Cluster
Dnote - A simple command line notebook for programmers
rke2
flag - Flag is a simple but powerful command line option parsing library for Go support infinite level subcommand
ansible-role-k3s - Ansible role for deploying k3s cluster
cobra - A Commander for modern Go CLI interactions
Flatcar - Flatcar project repository for issue tracking, project documentation, etc.