What is Talos?
Talos is a modern OS designed to be secure, immutable, and minimal.
Its purpose is to host Kubernetes clusters, so it is tightly
integrated with Kubernetes. Talos is based on the Linux kernel, and
supports most cloud platforms, bare metal, and most virtualization
platforms. All system management is done via an API, and there is no
shell or interactive console.
Why Talos?
Security
Talos reduces your attack surface by practicing the Principle of
Least Privilege (PoLP) and by securing the API with mutual TLS
(mTLS) authentication.
Predictability
Talos eliminates unneeded variables and reduces unknown factors in
your environment by employing immutable infrastructure ideology.
Evolvability
Talos simplifies your architecture and increases your ability to
easily accommodate future changes.
API Driven
Built with Modern Technology
Features
Minimal
Talos is a minimalistic distribution that consists of only a
handful of binaries and shared libraries. Just enough to run
containerd and a small set of system services. This aligns with
NIST's recommendation in the
Application Container Security Guide .
Hardened
There are a number of ways that Talos provides added hardening
- employs the recommended configuration and runtime settings outlined in the Kernel Self Protection Project
- enables mutual TLS for the API
- enforces the settings and configurations described in the CIS guidelines
Immutable
Talos improves its security posture further by mounting the root
filesystem as read-only and removing any host-level access by
traditional means such as a shell and SSH.
Ephemeral
Talos runs in memory from a Squashfs, and persists nothing,
leaving the primary disk entirely to Kubernetes.
Current
Stay current with our commitment to an
n-1
adoption rate of upstream Kubernetes. Additionally, the latest LTS
Linux kernel will always be used.