What is Talos?
Talos is a modern OS designed to be secure, immutable, and minimal.
Its purpose is to host Kubernetes clusters, so it is tightly
integrated with Kubernetes.
Talos is based on the Linux kernel, and supports most cloud
platforms, bare metal, and most virtualization platforms. All system
management is done via an API, and there is no shell or interactive
Talos reduces your attack surface by practicing the Principle of
Least Privilege (PoLP) and by securing the API with mutual TLS
Talos eliminates unneeded variables and reduces unknown factors in
your environment by employing immutable infrastructure ideology.
Talos simplifies your architecture and increases your ability to
easily accommodate future changes.
Built with Modern Technology
Talos consists of only a handful of binaries and shared libraries:
just enough to run containerd and a small set of system services.
This aligns with NIST's recommendation in the
Application Container Security Guide.
Talos is hardened by design and configuration:
Built with the
Kernel Self Protection Project
All access to the API is secured with Mutual TLS.
Settings and configuration described in the
guidelines are applied by default.
Talos improves its security posture further by mounting the root
filesystem as read-only and removing any host-level access by
traditional means such as a shell and SSH.
Talos runs in memory from a SquashFS, and persists nothing, leaving
the primary disk entirely to Kubernetes.
We are committed to staying current with the latest stable versions
of Kubernetes, and Linux.