Build Kubernetes clusters using Sidero Metal & Talos Linux on Raspberry Pi

Part I: Kubernetes Bare Metal Lifecycle Management

Co-Author: Anthony Rabbito

Introduction

This blog series will cover a highly opinionated way to manage bare metal infrastructure, to provision Kubernetes clusters, and life cycle manage these clusters through a collection of open-source software in an automatable and repeatable approach. Also some of the key benefits to using these concepts and overall approaches.

Key Benefits

Managing bare metal with Cluster API and Sidero Metal has many advantages and this is not a definitive list however here are some that I’d like to highlight:

Declarative — The Cluster API with the extension of Sidero Metal provides a way to declaratively define the state of your infrastructure.

Immutable — Provisioning infrastructure that is immutable provides the ability to have repeatability, and also de-risks change management issues that arise due to in-place upgrade and configuration drift.

Secure — Talos Linux provides a secure by default stance. It’s a purpose built OS designed for provisioning Kubernetes. It has a significantly reduced footprint in the OS and all access is via API with strict mTLS.

Part I: Kubernetes Bare Metal Lifecycle Management

Kubernetes as infrastructure

Before discussing both Sidero Metal and Talos Linux, it is important to highlight that this series considers Kubernetes clusters as pieces of “infrastructure”. In cloud-native computing more and more effort is being made to improve the seamlessness of immutable infrastructure; Although what about self-hosted bare metal infrastructure?

Cluster API

source: https://github.com/kubernetes-sigs/cluster-api

What is the Cluster API?

Cluster API is a Kubernetes sub-project focused on providing declarative APIs and tooling to simplify provisioning, upgrading, and operating multiple Kubernetes clusters.

The Cluster API project supports building custom “providers” which extends the functionality across different types of infrastructure and this is where Sidero Metal comes into the picture; Sidero Metal extends the Cluster API to allow Kubernetes Bare Metal Lifecycle Management. This is a game changer!

Sidero Metal

source: https://github.com/talos-systems/sidero

Sidero Metal extending the Cluster API provides the ability to declaratively define your infrastructure; It responsible for managing the bare metal infrastructure to reconcile it to the desired state. Additionally it aligns with providing an immutable infrastructure experience to bare metal which brings reduced complexity and failure, improved security, and an easier troubleshooting experience.

Talos Linux

source: https://github.com/talos-systems/talos

Talos Linux is a modern OS for running Kubernetes: secure, immutable, and minimal. Talos Linux is fully open source, production ready, and supported by the people at Sidero Labs All system management is done via an API — there is no shell or interactive console.

Why Talos Linux?

• Security: Talos Linux reduces your attack surface: It’s minimal, hardened and immutable. All API access is secured with mutual TLS (mTLS) authentication.
• Predictability: Talos Linux eliminates configuration drift, reduces unknown factors by employing immutable infrastructure ideology, and delivers atomic updates.
• Evolvability: Talos Linux simplifies your architecture, increases your agility, and always delivers current stable Kubernetes and Linux versions.

Note: Talos Linux is part of the CNCF!

These projects bring a lot of advantages to running a Kubernetes cluster on Raspberry Pi, as we’ll see in the next part!