Search
179 results for “siderolabs”
-
🔐SSH and shell-free
🧱Immutable by default
🔁Trusted Boot out of the boxBecause we believe security starts at the foundation. Here's what makes Talos Linux different.
🔗 https://www.siderolabs.com/blog/mastering-security-in-your-kubernetes-infrastructure/
#Kubernetes #TalosLinux #DevSecOps #CloudNative #SecurityEngineering
-
New in Omni: On-ramp for Talos Linux clusters.
Centralizing infrastructure management shouldn't require a total rebuild of your current environment.
You can now bring established Talos Linux clusters into Omni via a single CLI command and immediately gain visibility and remote management capabilities while reducing the operational risk of manual cluster rebuilds.
Read about this update and more → https://www.siderolabs.com/blog/talos-omni-q4-2025-updates?utm_source=linkedin&utm_medium=social&utm_campaign=q4-2025&utm_content=on_ramp
-
New in Talos Linux:
Out-of-memory handling can proactively identify and evict the relevant, resource-heavy application before it destabilizes the host. This reduces avoidable downtime and ensures the control plane and critical services remain operational.
#TalosLinux #Kubernetes #K8s #BareMetal #PlatformEngineering #DevOps #InfrastructureAsCode #GitOps #SRE #EdgeComputing #CloudNative #BareMetalK8s
-
#CAPI is a great tool for #Kubernetes infrastructures. So, why didn't we use it when we created Omni?
Find out in our next webinar.
🗓 Aug 27 at 18:00 CEST
🎙 Jason DeTiberus & Justin Garrison -
Running air-gapped Kubernetes? Don't miss this #KubeCon talk.
🎙 Declarative Edge Kubernetes: Immutable Clusters with Talos + Zarf
🗓️ Tuesday, March 24 | 17:00 - 17:30
📍 Hall 8 | Room DIf youwant to talk more about air-gapped Kubernetes, come find us at booth 484.
#EdgeComputing #AirGapped #TalosLinux #CyberSecurity #CloudNative
-
If you’re managing air-gapped Kubernetes, here's a #KubeCon talk to add to your list.
Declarative Edge Kubernetes: Immutable Clusters with Talos + Zarf
🗓️ Tuesday, March 24 | 17:00 - 17:30#EdgeComputing #AirGapped #TalosLinux #CyberSecurity #CloudNative
-
So you wanna run Talos Stack air-gapped.
There’s a tutorial for that, featuring every component you need to know (and @jgarr)
-
We know Talos Linux is secure.
But don't take our word for it. Go run the benchmarks. https://oneuptime.com/blog/post/2026-03-03-run-cis-benchmarks-against-talos-linux/view
-
This Wednesday! 🎙
Join our next webinar with Jason DeTiberus (early Cluster API maintainer) and Justin Garrison (Head of Product at Sidero), as they discuss:
- The original goals of #ClusterAPI
- Where it excels and where it doesn't
- Why Sidero chose a different pathCome learn about the tradeoffs, history, and what a modern Kubernetes management interface can look like.
🗓 Wednesday, Aug 27 · 18:00 CEST
👉 Save your seat: https://lnkd.in/eWJRn4xe -
We here at Sidero Labs are not capable of time travel.
If we were, we would send you back in time to KubeCon so you could watch Clément Nussbaumer tell his story of migrating 25 clusters in an air-gapped environment.
But if you have a few minutes, you can watch his talk on YouTube. Check it out for a live migration demo and a look at how Post Finance manages its fleet. It's a great watch. https://www.youtube.com/watch?v=uQ_WN1kuDo0
-
We know #TalosLinux is 🤏 but is it really the smallest?
We ran the tests. We’ve got the data. Check it out if you like numbers.
Watch → https://youtu.be/atPvnJMGdfs
Read → https://www.siderolabs.com/blog/which-kubernetes-is-the-smallest/ -
Complexity can creep into your infrastructure fast, and once it’s there, it slows everything down.
Complex systems mean more effort, more stress, and more things that can break.Simple, on the other hand, is reliable. Simple systems like Talos Linux and Omni can reduce maintenance time by up to 66%, giving time back to technologists and providing clearer oversight of your entire deployment.
https://www.siderolabs.com/blog/cut-kubernetes-infrastructure-costs-with-omni-and-talos-linux/
#Kubernetes #PlatformEngineering #TalosLinux #SRE #CloudOps -
Well, that's a bit of a letdown. I upgraded my machines to Talos 1.8.0 and gvisor broke. Probably due to containerd v2. Thankfully, someone already noticed that a while back and it seems to be an upstream issue.
-
Looking forward to migrate my Kubernetes setup to a micro-vm environment:
https://github.com/siderolabs/extensions/pull/434
Already started to run pods in gvisor and now moving to KVM-based gvisor runtime, will be even more fun.
-
TalosCon 2025 recordings are live! 🍿
We hope you have some free time today, because you’re going to want to check this out. We’ve got everything from an hour-long keynote from Bryan Cantrill on complexity to talks on Hetzner bare metal servers, compliance frameworks, and more.
Grab a snack, your drink of choice and enjoy 👉 https://www.youtube.com/playlist?list=PLSgt7RkT67ffjzZ4dXDYXVU_mmiBvNQ5s
#kubernetes #TalosCon2025 #TalosLinux #CloudNative #DevOps #PlatformEngineering #EdgeComputing #BareMetal #TechTalks
-
Let's continue the Proxmox + Tofu + Talos + Cilium adventure, with two little footnotes. "Devil is in the details!"
First: Talos "inlineManifests" behavior.
When you add some inlineManifests to your Talos MachineConfig and push that MachineConfig, the manifests get applied immediately. Yay!
However, when you update or remove some inlineManifests and push the MachineConfig ... Nothing happens. Talos does a full (potentially destructive!) reconcile only when executing a cluster upgrade. (This is pretty well explained in the Talos docs[1])
This means that our initial installation of CIlium will work immediately, but subsequent configuration changes won't work (the YAML won't be applied) until we run a "talosctl upgrade-k8s". (Pro-tip: make sure to specify "--to" with the current k8s version, otherwise it'll execute a "real" upgrade which implies downloading new images and restarting the whole control plane one component at a time - which takes a while.)
So, are we there yet?
Not quite!
The second issue: each time I'd do a "tofu plan", it would tell me that something had changed. Which is kind of annoying. If you don't change your Tofu configuration, variables, etc, normally, you'd expect "tofu plan" to tell you a reassuring:
No changes. Your infrastructure matches the configuration.
So, what is going on? 🤔
-
5,000 trains. 400+ internal projects. 200-page security manifesto.
And just four months to go cloud native with Talos Linux.https://www.siderolabs.com/case-studies/frances-national-railway-goes-cloud-native-in-four-months/
#kubernetes #CloudNative #K8s #ContainerOrchestration #SNCF #TalosLinux
-
We love this capability, but not everyone knows about it. So here's how Talos Linux can be remotely configured using a simple HTTP endpoint.
→ https://www.youtube.com/watch?v=DaCuzgrQvhU&feature=youtu.be
-
Our community loves Talos Linux because it’s built differently: No SSH. No shell. < 50 binaries. Now, we’re looking for a Senior Software Engineer to help us scale the Talos Platform and change the standard for K8s fleet management.
If you want to work with us and make a big impact, check it out.
🛠️ Go, cloud native, K8s, etcd
🌍 100% Remote (EU time zones preferred)Apply here: https://www.siderolabs.com/careers/senior-software-engineer/?utm_source=mastodon&utm_medium=social
-
New in #TalosLinux & Omni
→ Multi-doc configs for networking
→ Talos Linux cluster imports for Omni
→ Pre-seeded images
→ Built-in OOM handling -
RE: https://hachyderm.io/@siderolabs/115853943771571011
When someone asks me "why Talos and not K3s", I usually simplify and say "I don't want an extra OS layer". Well. This blog post goes beyond my simplistic explanation. I hope it helps.
-
Wondering how France’s national railway uses Talos Linux? Their recent #KubeCon talk has the answer. → https://www.youtube.com/watch?v=rEcTzLdjmJA
-
"🛡️ Mitigation Tips Against Stealthy VBA Macros 📝"**
To protect against these stealthy VBA macros, consider disabling macros in Microsoft Office and restricting execution to trusted sources. 🚫📄
Educate users about the risks associated with enabling macros and employ robust email gateways for scanning attachments. 🎓📧
A YARA rule is also available to flag potential threats without relying on PDF header checks. 🚩🔍
key points:
Malicious Word Document in a PDF-like Header: The malicious Word document is concealed within a PDF-like header that contains the signature %PDF-1.7, typically associated with PDF files.
MIME Encapsulation of HTML Documents: Within the fake PDF structure, there is a MIME encapsulation of aggregate HTML documents (MHTML Web Archive) that contains an embedded Base64 encoded ActiveMIME object. ActiveMIME is an undocumented Microsoft file format often used to store VBA Macros.
Obfuscation Techniques: Various obfuscation techniques are employed to evade detection based on signatures. These include the use of a non-compliant MIME type, fragmentation of Base64 encoded strings, and URL percent-encoded strings to obscure links.
PDF Header Not Required: Interestingly, the embedded MHT document file doesn't actually require a PDF header. Any text preceding the MHT file allows Microsoft Word to open the document file and execute the malicious macro if enabled.
Evasion of Signature-Based Detection: This technique can evade signature-based detection systems that specifically scan for a PDF header. The analysis shows a significant difference in detection rates between samples with and without the fake PDF header.
Mitigation Advice: To protect users from such threats, the summary provides several mitigation recommendations, including configuring Microsoft Office to disable macros by default, restricting macro execution to trusted sources, educating users about macro risks, and using robust email gateways for scanning attachments.
YARA Rule: A YARA rule is provided to identify potential malicious macros embedded in files without conducting PDF header checking. This rule checks for specific strings and patterns within files to flag potential threats.
Source: Trustwave SpiderLabs Blog
Tags: #Cybersecurity #Mitigation #UserEducation #YARARule #Trustwave #SpiderLabs #EmailSecurity 🌐🔐🛡️
-
What happens when you try to mix #openssource with corporate goals? Join industry experts Kim & Amanda at #KubeCon and learn how to craft your plan, communicate with management, and make your project successful.
Learn more 👉https://sched.co/1txHX
#KubeCon #CloudNativeCon #OpenSourceDevelopment #OpenSourceSoftware -
What happens when you try to mix #openssource with corporate goals? Join industry experts Kim & Amanda at #KubeCon and learn how to craft your plan, communicate with management, and make your project successful.
Learn more 👉https://sched.co/1txHX
#KubeCon #CloudNativeCon #OpenSourceDevelopment #OpenSourceSoftware -
What happens when you try to mix #openssource with corporate goals? Join industry experts Kim & Amanda at #KubeCon and learn how to craft your plan, communicate with management, and make your project successful.
Learn more 👉https://sched.co/1txHX
#KubeCon #CloudNativeCon #OpenSourceDevelopment #OpenSourceSoftware -
What happens when you try to mix #openssource with corporate goals? Join industry experts Kim & Amanda at #KubeCon and learn how to craft your plan, communicate with management, and make your project successful.
Learn more 👉https://sched.co/1txHX
#KubeCon #CloudNativeCon #OpenSourceDevelopment #OpenSourceSoftware -
What happens when you try to mix #openssource with corporate goals? Join industry experts Kim & Amanda at #KubeCon and learn how to craft your plan, communicate with management, and make your project successful.
Learn more 👉https://sched.co/1txHX
#KubeCon #CloudNativeCon #OpenSourceDevelopment #OpenSourceSoftware -
New blog post! I just got a Framework Desktop, and I wanted to use it as a node on a Talos Linux Kubernetes cluster. The initial boot was not easy to grasp, and took me a few hours to figure it out, so I wanted to share with you how to make it work. I hope this is useful for someone.
@homelab @siderolabs @frameworkcomputer
#HomeLab #TalosLinux #Framework #FrameworkDesktop #Kubernetes #Blog
https://mteixeira.wordpress.com/2025/09/28/booting-talos-linux-on-a-framework-desktop/
-
What's lurking in your OS?
We give you Kubernetes that's minimal by design, secure by default.
Book a demo to see what multi-cluster management looks like without all the complications. 👉 https://www.siderolabs.com/book-a-demo/