About Sidero, Talos Linux, and Omni

What is Sidero, and how does it fit into the Kubernetes ecosystem?

Sidero builds software to make bare metal Kubernetes easier and more secure. Our core products, Talos Linux and Omni, work together to deliver consistent, automated, and secure Kubernetes infrastructure without the overhead of traditional operating systems or cloud lock-in.

How do Talos Linux and Omni work together?

Talos Linux is an immutable, API-driven operating system designed specifically to run Kubernetes. Omni is the fleet manager that manages and monitors Kubernetes clusters across environments. Together, they form a tightly unified stack for multi-location cluster management and support infrastructure-as-code operations.

How is Sidero different from Rancher, EKS Anywhere, and other solutions?

Most alternatives build Kubernetes and Linux management solutions by adding layers. They build general-purpose tooling that solves general-purpose problems, leading to an inherently complex solution. Omni and Talos Linux are purpose-built and focused on a single purpose, enabling us to remove unnecessary complexity from the ground up. This translates to easier, more reliable management across your infrastructure.

How is Sidero funded and supported for long-term growth?

Sidero is backed by a multibillion-dollar private equity fund and supports mission-critical systems at enterprises like Nokia and Roche. Our products are trusted for production workloads across industries.

Talos Linux is fully open source and free to use. Omni is open code, released under the BuSL, and requires a license to run in production.

Why is there no SSH in Talos Linux?

Removing SSH makes it much easier for teams to follow best practices and keep their infrastructure secure. It eliminates a major attack vector and helps eliminate config drift caused by human intervention through SSH. Instead, all management is done through a secure, authenticated API, ensuring consistency, auditability, and compliance by design. Read more about our SSH-free ethos.

What does “API Managed” mean in Talos Linux and Omni?

Talos Linux and Omni treat all configuration and lifecycle operations, including machines, patches, upgrades, and access, as declarative API resources. You manage machines and clusters with declarative, structured data, making the whole stack reproducible and GitOps-friendly.

How does Talos Linux change the way we manage Kubernetes infrastructure?

Talos Linux flips Kubernetes ops from “log in and fix nodes” to “declare state and let the OS enforce it.” You manage nodes through a secure API and machine configuration, rather than SSH or package installations, so nodes remain consistent and disposable. Upgrades are atomic and automated (OS + Kubernetes), and if a node drifts or breaks, you redeploy it cleanly instead of trying to nurse it back to health. The result is fewer moving parts, a smaller attack surface, and more predictable Day-2 operations.

Why does this sound hard? I just want to SSH.

SSH and ad hoc changes can seem more practical, or even irreplaceable, because they are often the de facto methods for managing infrastructure. They provide quick fixes when things go wrong and offer immediate relief to problems. However, as our users will tell you: the learning curve is worth it. Talos Linux and Omni support the construction of far more reliable and efficient infrastructures that eliminate configuration drift entirely and need much less troubleshooting down the road.

Technical & Operational Questions

How does Omni manage Kubernetes clusters across on-prem and cloud environments?

Omni is a centralized fleet manager that all your Talos machines connect back to, so you can provision, scale, and upgrade clusters from one place, no matter where they run. For cross-site connectivity, you can use KubeSpan’s encrypted mesh or integrate your existing VPN, letting clusters stay consistent without custom scripting.

How does networking between data centers, cloud, and edge work?

KubeSpan automatically establishes encrypted WireGuard tunnels between Talos Linux nodes. It enables secure, peer-to-peer communication across NAT, firewalls, and mixed networks, with no direct connect or complex network routing required.

Can Omni and Talos Linux run in air-gapped environments?

Yes. Talos Linux supports fully air-gapped deployments by pre-seeding installation media or using internal container registries. Omni can operate in disconnected mode, managing clusters via internal APIs without requiring external internet access.

How are upgrades and patches handled?

Upgrades in Talos Linux are atomic and immutable. Nodes are replaced or upgraded in a controlled, reversible process. Omni orchestrates these upgrades declaratively, ensuring cluster consistency and providing automatic rollback if needed.

What monitoring, logging, and integrations are supported?

Talos Linux and Omni integrate with several other tools, including existing observability stacks like Kube-Prometheus-Stack and OpenTelemetry; GitOps tools such as Flux and Argo CD for declarative management and CI/CD integration; and proprietary options like Datadog.

What are infrastructure providers?

Infrastructure providers are a lightweight, optional component of Omni that can manage the full lifecycle of Talos Linux machines. Providers bridge the gap of needing to connect Talos machines to Omni to build clusters. Providers talk to APIs where machines live, no matter if that’s dynamic, VM-based environments like vSphere, or static, pre-provisioned environments like IPMI and bare metal.

What infrastructure providers are available?

We currently have providers for bare metal, KubeVirt, libvirt, Proxmox, vSphere, and Oxide. You can also write your own (and we encourage it!). If you would like to build your own provider or request a provider to be created please join our community slack workspace or open an issue on github.

Security and Compliance

How does Sidero handle Kubernetes security?

Talos Linux is a hardened operating system with an immutable, minimal design. There is no shell and no SSH. Everything is driven by APIs. Omni enforces consistent configuration, access control, and policy enforcement across clusters to reduce human error and drift. Check out these resources to learn more:

• Official security page
• FIPS-compliant OS
• Which Kubernetes is the smallest?
• Which Kubernetes is the most secure?
• Security overview + feature list

What certifications and compliance standards do you support?

Sidero maintains SOC 2 Type II certification, and Talos Linux offers FIPS 140-3 compliant builds and SBOM generation for every release. This ensures traceability and compliance for industries such as finance, healthcare, and defense.

How are secrets and credentials managed?

Talos Linux authenticates users via mutual TLS via the Talos API. TLS certificates can be automatically rotated on a Talos node using unique PKI chains of trust. With bare Talos, it is up to the user to secure client and root certificates.

With Omni, PKI is managed automatically. Omni is the secure vault for cluster certificates and authenticates users via temporary client certificates provisioned via OIDC or SAML authentication.

Pricing and Procurement

How does Sidero pricing work?

Omni uses a simple node-based pricing model, providing predictable costs with no per-core billing. There is a 10-node minimum price for all plans, though users are not required to use all 10 nodes. Additional nodes can also be purchased. Edge solutions start at 50 nodes. See our pricing page. For exact information, please talk to our sales team.

Talos Linux is open source. Support, including SLA-backed assistance and a dedicated account manager, can be purchased separately. Please see the Support & Service FAQs for more information.

What is a “node” for pricing purposes?

A node is any instance, physical or virtual, that runs Talos Linux and is managed by Omni. You only pay for the nodes you manage, not for environments, regions, or clusters.

Adoption and Integration

Can I migrate existing clusters to Omni?

Yes. Omni can import and manage existing Talos Linux-based clusters. For other Kubernetes distributions, migration typically involves rebuilding clusters on Talos Linux to gain its full security and immutability benefits.

Does Omni support mixed architectures (x86, ARM, GPU)?

Yes. Talos Linux supports heterogeneous environments including x86_64, ARM, and GPU-accelerated nodes, enabling high-performance workloads like AI/ML inference or media streaming.

What hardware AI accelerators does Talos Linux support?

Talos Linux has pre-built system extensions for AMD, NVIDIA, Tenstorrent, and Hailo AI accelerators. They can be used with any Talos system by adding the system extensions and enabling the necessary kernel modules.