|
|
|
|
|
|
by HHad3
814 days ago
|
|
|
Sure, there are solutions presented in the installation guide [1]. It usually involves using the cloud or virtualization platform's out of band channel, which Talos all supports, to securely provision a config on first boot. You can also generate a custom installation medium or cloud image that pulls config from your trusted machines if you cannot use out-of-band provisioning. You can also securely use the insecure maintenance mode when there is a firewall in front of the machine, which prevents access by non-administrator clients to the API ports on IP level. I'm not a fan of Talos booting into insecure maintenance mode without config w/o prompting for at least a PIN displayed on-screen, but the problem you're describing in no way prevents production use. [1] https://www.talos.dev/v1.6/talos-guides/install/ |
|
|