chore: use buildkit for builds (#295)

web/content/components/_index.md

@@ -0,0 +1,7 @@
+---
+title: "Components"
+date: 2018-10-29T19:40:55-07:00
+draft: false
+---
+
+In this section we will discuss the various components that Talos is comprised of.

web/content/components/blockd.md

@@ -0,0 +1,20 @@
+---
+title: "blockd"
+date: 2018-10-30T09:16:35-07:00
+draft: false
+weight: 80
+menu:
+  main:
+    parent: 'components'
+    weight: 80
+---
+
+Talos comes with a reserved block device with three partitions:
+
+- an EFI System Partition (`ESP`)
+- a `ROOT` partition mounted as read-only that contains the minimal set of binaries to operate system services
+- and a `DATA` partion that is mounted as read/write at `/var/run`
+
+These partitions are reserved and cannot be modified.
+The one exception to this is that the `DATA` partition will be resized automatically in the `init` process to the maximum size possible.
+Managing any other block device can be done via the `blockd` service.

web/content/components/init.md

@@ -0,0 +1,27 @@
+---
+title: "init"
+date: 2018-10-29T19:40:55-07:00
+draft: false
+weight: 20
+menu:
+  main:
+    parent: 'components'
+    weight: 20
+---
+
+A common theme throughout the design of Talos is minimalism.
+We believe strongly in the UNIX philosophy that each program should do one job well.
+The `init` included in Talos is one example of this.
+
+We wanted to create a focused `init` that had one job - run Kubernetes.
+There simply is no mechanism in place to do anything else.
+
+To accomplish this, we must address real world operations needs like:
+
+- Orchestration around creating a highly available control plane
+- Log retrieval
+- Restarting system services
+- Rebooting a node
+- and more
+
+In the following sections we will take a closer look at how these needs are addressed, and how services managed by `init` are designed to enhance the Kubernetes experience.

web/content/components/kernel.md

@@ -0,0 +1,12 @@
+---
+title: "kernel"
+date: 2018-10-29T19:40:55-07:00
+draft: false
+weight: 10
+menu:
+  main:
+    parent: 'components'
+    weight: 10
+---
+
+The kernel included with Talos is configured according to the recommendations outlined in the Kernel Self Protection Project ([KSSP](http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project)).

web/content/components/kubeadm.md

@@ -0,0 +1,13 @@
+---
+title: "kubeadm"
+date: 2018-10-29T19:40:55-07:00
+draft: false
+weight: 30
+menu:
+  main:
+    parent: 'components'
+    weight: 30
+---
+
+At the heart of Talos is [`kubeadm`](https://github.com/kubernetes/kubernetes/tree/master/cmd/kubeadm), allowing it to harness the power of the official upstream bootstrap tool.
+By integrating with `kubeadm` natively, Talos stands to gain a strong community of users and developers already familiar with `kubeadm`.

web/content/components/osctl.md

@@ -0,0 +1,21 @@
+---
+title: "osctl"
+date: 2018-10-29T19:40:55-07:00
+draft: false
+weight: 70
+menu:
+  main:
+    parent: 'components'
+    weight: 70
+---
+
+The `osctl` CLI is the client to the `osd` service running on every node.
+With it you can do things like:
+
+- retrieve container logs
+- restart a service
+- reset a node
+- reboot a node
+- retrieve kernel logs
+- generate pki resources
+- inject data into node configuration files

web/content/components/osd.md

@@ -0,0 +1,24 @@
+---
+title: "osd"
+date: 2018-10-29T19:40:55-07:00
+draft: false
+weight: 60
+menu:
+  main:
+    parent: 'components'
+    weight: 60
+---
+
+Talos is unique in that it has no concept of host-level access.
+There are no shells installed.
+No ssh daemon.
+Only what is required to run Kubernetes.
+Furthermore, there is no way to run any custom processes on the host level.
+
+To make this work, we needed an out-of-band tool for managing the nodes.
+In an ideal world, the system would be self-healing and we would never have to touch it.
+But, in the real world, this does not happen.
+We still need a way to handle operational scenarios that may arise.
+
+The `osd` daemon provides a way to do just that.
+Based on the Principle of Least Privilege, `osd` provides operational value for cluster administrators by providing an API for node management.

web/content/components/proxyd.md

@@ -0,0 +1,13 @@
+---
+title: "proxyd"
+date: 2018-10-29T19:40:55-07:00
+draft: false
+weight: 50
+menu:
+  main:
+    parent: 'components'
+    weight: 50
+---
+
+Highly available Kubernetes clusters are crucial for production quality clusters.
+The `proxyd` component is a simple yet powerful reverse proxy that adapts to where Talos is employed and provides load balancing across all API servers.

web/content/components/trustd.md

@@ -0,0 +1,21 @@
+---
+title: "trustd"
+date: 2018-10-29T19:40:55-07:00
+draft: false
+weight: 40
+menu:
+  main:
+    parent: 'components'
+    weight: 40
+---
+
+Security is one of the highest priorities within Autonomy.
+To run a Kubernetes cluster a certain level of trust is required to operate a cluster.
+For example, orchestrating the bootstrap of a highly available control plane requires the distribution of sensitive PKI data.
+
+To that end, we created `trustd`.
+Based on the concept of a Root of Trust, `trustd` is a simple daemon responsible for establishing trust within the system.
+Once trust is established, various methods become available to the trustee.
+It can, for example, accept a write request from another node to place a file on disk.
+
+We imagine that the number available methods will grow as Talos gets tested in the real world.