Sidero Labs showcased its open-source Talos Linux at TalosCon in Amsterdam, positioning it as a minimalistic alternative to traditional Kubernetes distributions for private cloud and edge environments. The operating system emphasizes security through a stripped-down design that avoids general-purpose OS foundations. Organizations like SNCF and the Singapore Exchange have adopted it to reduce costs and enhance control.
The shift from public cloud to on-premises and private cloud infrastructure has been driven by rising costs and data sovereignty issues, impacting Kubernetes management. Sidero Labs' Talos Linux counters this by running Kubernetes directly on a minimal host OS, unlike distributions such as Red Hat's OpenShift or SUSE Rancher, which layer it over general-purpose systems.
Andrey Smirnov, engineering lead at Sidero Labs, explained at the mid-October TalosCon event in Amsterdam: “If your goal is to run workloads which come in containers, and as an orchestrator for those workloads, you choose to use Kubernetes, there is not much that you need on the host operating system.” He highlighted Talos' security features, including no user accounts, a read-only immutable root file system, and limited host interactions with containers.
Talos enables best security practices by owning the full stack, Smirnov noted, making implementations like immutable filesystems straightforward. The architecture is flexible, potentially supporting alternatives like Nomad, though Kubernetes remains the focus.
French railway operator SNCF, after migrating 70% of its applications to public clouds like AWS and Azure, built a private cloud platform using OpenStack for the remaining 30%. Thomas Comtet, head of the cloud native platform team, chose Talos to mimic the efficiency of managed services: “We know very well how to operate Bottlerocket with EKS or Azure Linux with AKS clusters... We chose Talos mostly because it can compete with Bottlerocket. What we want to do, as a platform team, is have the same experience in the data center, and we achieved that in a less costly way.”
The Singapore Exchange (SGX) transitioned from Red Hat OpenShift to Talos in under 24 hours for better security and control. Rushan Ratha, head of platform engineering at SGX FX Group, said: “For us, Talos made sense. It was uber lightweight [and] it met our security model... You don’t have SSH access [or] a root user. Everything is tightly controlled that way.”
To scale management, Sidero developed Omni, a SaaS tool that supports a 'bring your own Talos' model for static bare metal setups and dynamic provisioning in environments like AWS, Proxmox, and VMware. This addresses Kubernetes' growing complexity in non-cloud settings.