Replies: 2 comments 1 reply
-
I found this helpful thread - #6046 I wonder, why setting this in the machine config machine:
install:
extraKernelArgs:
- sysctl.kernel.kexec_load_disabled=1 that is applied as user_data on the machine boot does not have effect? I can only see this kernel flag applied when I do the |
Beta Was this translation helpful? Give feedback.
-
You can use One thing to note here, that CNIs, even those which require deep kernel networking interactions, like Cilium, work perfectly under Talos Linux. Talos Linux philosophy is being more secure by default, so workloads might need to be adapted to that, and that security enforcement is not something you can turn off. We feel that hardening out of the box is our choice, and unfortunately that might break some workloads in very rare cases. |
Beta Was this translation helpful? Give feedback.
-
Hi, a weird request maybe, but I would like to use Talos to spin up dev/test k8s clusters using its declarative configuration.
Given that my dev/test clusters run privileged pods that emulate network operating systems, some of them are equipped with
CAP_SYS_BOOT
and talos prohibits those.Would it be possible to have an option to whitelist those blocked capabilities and enable talos to support dev/test clusters where security is not as important as the easy of installation?
Beta Was this translation helpful? Give feedback.
All reactions