What is Talos?

Talos is a modern OS designed to be secure, immutable, and minimal. Its purpose is to host Kubernetes clusters, so it is tightly integrated with Kubernetes.

Talos is based on the Linux kernel, and supports most cloud platforms, bare metal, and most virtualization platforms. All system management is done via an API, and there is no shell or interactive console.

Certified Kubernetes Logo

Why Talos?

Security

Talos reduces your attack surface by practicing the Principle of Least Privilege (PoLP) and by securing the API with mutual TLS (mTLS) authentication.

Predictability

Talos eliminates unneeded variables and reduces unknown factors in your environment by employing immutable infrastructure ideology.

Evolvability

Talos simplifies your architecture and increases your ability to easily accommodate future changes.

API Driven

Built with Modern Technology

Features

Minimal

Talos consists of only a handful of binaries and shared libraries: just enough to run containerd and a small set of system services.

This aligns with NIST's recommendation in the Application Container Security Guide.

Hardened

Talos is hardened by design and configuration:

  • Built with the Kernel Self Protection Project configuration recommendations.
  • All access to the API is secured with Mutual TLS.
  • Settings and configuration described in the CIS guidelines are applied by default.

Immutable

Talos improves its security posture further by mounting the root filesystem as read-only and removing any host-level access by traditional means such as a shell and SSH.

Ephemeral

Talos runs in memory from a SquashFS, and persists nothing, leaving the primary disk entirely to Kubernetes.

Current

We are committed to staying current with the latest stable versions of Kubernetes, and Linux.