|
|
|
|
|
|
by mdaniel
1268 days ago
|
|
|
CoreOS (and its spiritual successor Flatcar) are immutable, which gravely limits the silliness that can be done to them post-launch. We use now use Bottlerocket since we're on EKS, but it's even more locked down since to even get an interactive shell is some major hoopjumpery. I believe Talos goes even further and is completely devoid of a shell So, yes, it absolutely matters which OS you use, of course depending on your threat model and tolerance for "no, you don't get to ssh onto a Node and do whateverthehell you want" |
|
|