At TalosCon 2025 in Amsterdam, Sidero Labs discussed their immutable operating system Talos Linux, designed exclusively for Kubernetes, and the cluster management platform Omni. The team highlighted a security-first, minimalist approach to simplify operations amid frustrations with traditional systems. Future plans include expanded hardware support and application deployment capabilities.
Sidero Labs has been developing Talos Linux, an immutable operating system purpose-built for running Kubernetes, alongside Omni, a cluster lifecycle management platform. During conversations at TalosCon 2025 in Amsterdam on October 17, 2025, the Sidero team shared insights into their philosophy, born from enterprise experiences with lengthy annual security audits for traditional operating systems.
The team explained: "We kind of just landed on the idea that we shouldn't have to care about the operating system at all when it comes to all we want to do is run Kubernetes anyways. The idea of it being immutable kind of came out of that and just being the less stuff that can change, the less things that can go wrong."
Talos achieves this by stripping the Linux kernel and implementing the userland in Go, providing just enough functionality to run the kubelet. It boots and runs continuously without unexpected failures from traditional systems. The platform ensures vanilla, upstream Kubernetes with full conformance testing per release, while allowing user control through system extensions for custom hardware without breaking immutability.
Sidero's roadmap focuses on expanding hardware support and hardening Talos. For Omni, the next 12 months emphasize infrastructure provisioners for bare metal, Kubevirt, and Oxide, aiming to eliminate tools like Terraform by enabling direct VM provisioning, Talos deployment, and cluster formation for a cloud-like experience.
Adoption is strong in edge computing for retail, factory automation, and robotics, with plans for an appliance-based model offering certified hardware for single-node Kubernetes. Security features include full Software Bill of Materials (SBOM) integration, signed commits, reproducible builds, CIS benchmarks, and SELinux enforcement, aligning with regulations like the EU's Cyber Resilience Act.
The community grows bottom-up, starting from home labs, leading to enterprise advocacy and hires. Talos differentiates from competitors like Bottlerocket and Flatcar Linux through radical minimalism: only 12 binaries, no SSH, and API-driven management, focusing solely on Kubernetes to run anywhere.
Additionally, Sidero plans to extend Omni with application deployment capabilities for Talos Linux.