Many rely on managed Kubernetes offerings from cloud providers. But what if you want to run on your own hardware? We'll dive into how we at Sidero Labs architected Omni and Talos to solve this challenge, exploring our in-house COSI framework, SideroLink for secure WireGuard connection to Omni, image factory service for OS customization. You'll see how all these components work together to handle cluster lifecycle operations, with insights into architectural patterns and design decisions.


Running Kubernetes clusters on your own hardware brings unique architectural challenges when trying to achieve cloud-like operational experience. This talk shows how we approached this problem with Omni - starting with a high-level overview of how Omni, Talos, and supporting services work together as a system.

We'll examine the overall architecture: how Talos machines connect back to Omni via SideroLink (our WireGuard-based connectivity layer), how Omni coordinates with the image factory service to provide customized OS images, and how cluster operations flow through the system. Then we'll look deeper into the internals, exploring COSI - our in-house framework inspired by Kubernetes controller-runtime that provides the foundation for both Omni and Talos.

Following the architectural overview, we'll demonstrate these patterns in action by following cluster lifecycle operations: from initial machine registration, through cluster creation and scaling, to upgrades. We'll examine how state flows through the system, how components coordinate complex operations, and how we maintain consistency across infrastructure boundaries.

You'll learn about practical approaches to building management systems that span trust boundaries, patterns for coordinating operations across multiple components, and how we solved specific challenges like machine discovery, secure communication, and maintaining cluster state.