TAK-OS is a bundle of Alpine Linux, Kubernetes and some extra components to enable fully automated delpoyment of small scale Kubernetes Clusters without all the usual hassles.
The TAK-OS Installer is based on the Alpine Linux setup-alpine script (and family) with a few small additions to bootstrap Kubernetes and, most importantly, to distribute the keys required to join the cluster.
TAK-OS installs from global resources, including (but not limited to) the Alpine Linux package repositories, Docker Hub, Github Package Repository, and the TAK-OS Package Repository. Also, if you chose to install TLSPU Orbit Deploy, your cluster will access the TLSPU and TAK-OS Git repositories. As such, TAK-OS is not designed to work on “air-gapped” networks that are unable to access the internet.
TAK-OS
BootISO
The first part of TAK-OS most people will see is the ingregrated installer on the BootISO installation media.
TAK-OS BootISO is created to support both CSM (BIOS) and UEFI, CD/DVD, USB Media and virtual infrastructure such as iDRAC/ILO, as well as most types of virtual machine.
Under Active Development
TAK-OS
KubeUP
Create your cluster fully self contained. Cluster up, add, remove or replace nodes transparently.
With the control plane running inside the cluster you don’t have to worry about outages, as kubernetes will take care of itself!
KubeUP also takes care of installing your CNI (Pod Networking), Ingress (TAK-OS Ingress) and Life Cycle Management (TAK-OS Orbit Deploy).
Under Active Development
TAK-OS
Orbit Deploy
The problem with Kubernetes automation, one of the problems with Kubernetes automation, because there are many, is that of whose opinion you are going to choose instead of your own.
I found myself facing this dilema, a while back and I realised that each of the deployment automation or life-cycle management systems had features that I liked, but none had no features I hated.
So, I thought, why not take all the features I like, and produce a tool that embodies how I think automation should work?
TAK-OS
Ingress
With the discontinuation of ingress-nginx, a very real gap has opened up in the Kubernetes ecosystem. Rather than waiting for someone else to fill it, I decided to build something deliberately small, fast, and standards-faithful.
Features Include:
- Live reconfiguration without restarts
- Multiple ingress classes for flexible routing
- Automatic SSL/TLS certificate management with cert-manager
- Prometheus metrics
- HTTP/HTTPS proxy with load balancing
Other
Tools
We’ve also developed a lot of other tools that may be useful for some of your projects.
We use Keycloak a lot for authentication and authorization. One of the challenges with any complex system like Keycloak is initializing it so it will work – keycloak-init will handle this for you
Some people like MySQL (or MariaDB), some like Postgresql. The one thing both of these groups of people have in common is a fear and horror of high availability – We use CrateDB instead – Its self clustering, has a Postgresql compatible interface, is internally NoSQL so it is very fast, and we’ve even created a controller for auto deploying it – crate-operator.
Design Philosophy
The TAK-OS design philosophy is a primarily “move fast and break things”. To this end the OS has limited version linkages between components, so you can work on, upgrade, or replace, any single component in a running cluster and everything should “just work”. This is the Microservices Architecture principle, but applied to all parts of the system, not just the application layer.
Coupled with this, though, is the desire to have a system that works, and supports easy extension.
To this end we encourage using the tested CI/CD templates, which execute tests and builds on our own runners, to ensure consistency and repeatability.
Contributing
We welcome any and all forms of contribution, from extra components, debugging, testing, adding features, anything, even cash 😉
There are a few simple rules:
- Ethics are more important that anything else.
- Philosophy: speed is a feature, safety is non-negotiable
- The Golden Rule: small PRs, always
- Branches are for chaos; main is for adults
- CI is templated. If you copy/paste pipelines, you owe the project an apology
- Tests are the price of admission
- Reproducibility beats heroics
- Release-minded development
- Security is everyone’s job (especially in an internet-facing world)
- Coding standards: boring is good
- Commit & PR hygiene
- Review rules: default to “yes, and…”
- Prefer feature flags and incremental delivery.
- Backwards compatibility: intentional, not accidental
- Documentation is part of the product
- Enforcement: rules are automated whenever possible
Full details here