Sidero Labs’ Omni makes Kubernetes cluster management effortless

Keith Shaw: Hi everybody, welcome to DEMO, the show where companies come in and show us their latest products and platforms. Today, I’m joined by Steve Francis. He is the CEO of Sidero Labs. Welcome to the show. Steve Francis: Thanks, Keith. Great to be here.

Keith: All right, tell me a little bit about Sidero Labs and what product you're going to be showing on the show today.

Steve: Yeah, so Sidero Labs — our mission is to make distributed systems easier and more secure, specifically with Kubernetes. We have two primary products. One is Talos Linux, a version of Linux designed to do nothing except run Kubernetes.

It consists of the Linux kernel plus some custom Go binaries written from scratch by our team. It has several advantages: it’s more secure, faster, easier to manage, and so forth — we’ll get into that. But I’m not here to show you that.

I’m here to demo Omni, our declarative platform for managing multiple Kubernetes clusters that run Talos Linux.

Keith: OK, and who is this designed for? I’m assuming Kubernetes developers or platform engineers? Steve: Exactly — platform engineers.

Steve: Kubernetes is big in a lot of medium to large enterprises. Even small startups are using it now. Where we specialize is in helping teams run Kubernetes on bare metal. While cloud providers have good support, running on bare metal is more complex. We make that really easy.

So, platform engineers, people building internal developer platforms, and even product managers — especially those managing Kubernetes at the edge — will benefit from Omni.

Keith: I think you just answered my next question: what problem are you solving? Why would someone want to buy this? Steve: Because Kubernetes on bare metal is hard. That’s the bottom line. Setting up the operating system, bootstrapping Kubernetes, making it secure, reliable, and robust — it’s all non-trivial.

Keith: Are you finding that more companies have hybrid setups? I don’t know if “multi-platform” is the right term — but some on bare metal, some in cloud, some hybrid?

Steve: Yeah, and those are actually three distinct use cases: All bare metal Multi-cloud Hybrid—bare metal and cloud within the same cluster And we support all three.

Keith: Without Omni, what would companies be doing to manage this? Manual installs and management? Steve: Yes. There are companies doing it manually. There are also other tools—like Red Hat and IBM products—that work for certain use cases. But they tend to be heavy and don’t fit all environments.

At the edge, especially, you want a lightweight OS and Kubernetes distribution that just does what you need—and does it really well.

Keith: Right, and we're hearing that there are going to be many more edge computing use cases. Steve: Absolutely. Edge is a major market focus for us, and we’re seeing tremendous growth there.

Keith: Let’s check out the demo. What do you have for us with Omni? Steve: This is Omni’s initial screen. It may look like most Kubernetes cluster managers, but I’m going to show how easy it is to deploy Kubernetes on bare metal from scratch.

You download installation media customized for your environment — AWS, Google Cloud, Akamai, bare metal, VMware, even Raspberry Pi. Just pick your platform and enable system extensions — for example, if you want GPU drivers, just check a box. Want secure boot? Done.

When you download the image, it’s preconfigured with kernel parameters that create an encrypted tunnel back to Omni. Boot from that image (ISO, AMI, etc.), and once the machine boots, it appears in Omni as “available.” Now I can create a new cluster.

Let’s say I want this machine to be a control plane node. Omni has intelligence built-in.

If you try to create a single-node cluster, it will ask: “Do you want to override the default and allow workloads on the control plane node?” If I try to set up two control plane nodes, it warns: “That's a bad idea.

You need three nodes for quorum with etcd.” So I’ll go with three control plane nodes and one worker, all on AWS. That’s it.

I click “Create Cluster.” Omni sends commands through the encrypted tunnels, each machine pulls down the OS and Kubernetes version, and the control planes and workers configure themselves accordingly.

Keith: Without Omni, how long would that have taken? Steve: Hours—just to get to this point. And the full cluster might take 3–4 hours to be fully operational.

Keith: And this is still progressing fairly quickly. Steve: Yeah. My part took 30 seconds. It’ll take 3–4 minutes to fully provision the cluster, including node reboots.

Sidero Labs is an API-first company. Talos Linux is API-managed — no SSH, no Bash, no console. Everything is done via APIs. Omni extends this to Kubernetes clusters. Let me show you an existing cluster. Each node’s configuration is managed via a YAML file — just like Kubernetes deployments.

This defines the entire cluster state. It’s great for GitOps-style deployment. Say I want to enable network-level encryption.

I create a patch called “encryption,” apply it to all nodes (or just the control planes/workers), and add this config: machine:   network:     kubespan:       enabled: true Click save, and now there’s a full mesh network with encrypted traffic between all nodes.

Talos and Omni handle all the secure key exchange automatically.

Now I want to scale this cluster up. I’ll add another worker node in AWS. The cluster already spans Vulture (cloud provider) and AWS. Once added, this new node will join the encrypted mesh, seamlessly. Some customers have hundreds of bare metal servers — cheap and fixed cost.

During usage spikes, they temporarily extend the cluster into AWS. Everything is secure and encrypted, and they only pay for the cloud resources when needed.

Keith: So this helps with cloud costs too? Steve: Exactly. Many companies are moving off cloud providers into their own bare metal data centers. Omni gives them the elasticity of the cloud, with full control.

Let me show one last feature — cluster templates. Just like machine configs, entire clusters can be defined via YAML. Here’s a simple one: one control plane node, one worker, specified OS and Kubernetes version, using Cilium as the CNI.

Run omnictl cluster template sync and the cluster appears in the UI and begins provisioning. We can even preconfigure edge sites by specifying device UUIDs in the template. That way, companies can ship devices to remote sites, and once they boot, Omni recognizes them and provisions the correct configuration.

Keith: So you could just ship the box — no one needs to install anything locally? Steve: Exactly. Just plug it in. Omni recognizes the device, reconfigures it, and provisions it. No Kubernetes expertise needed at the edge. Everything is secured and authenticated through your enterprise identity provider.

If I try to run a kubectl command, Omni will prompt me to authenticate first. We’re using Google Workspace, but any IDP works.

Keith: I know you’ve got a lot more features to show, but we’re out of time. Where can people go to try this out? Is there a free trial? Steve: Yes, go to siderolabs.com and sign up for an Omni trial. It’s a two-week trial by default.

We do that to encourage quick engagement. But we’re happy to extend it — just mention you saw us on DEMO. Keith: Perfect.

Steve Francis from Sidero Labs — thanks for joining us and for the demo. Steve: My pleasure. Thanks very much. Keith: That’s going to do it for this week’s episode. Be sure to like the video, subscribe to the channel, and drop your thoughts in the comments.

Join us every week for new episodes of DEMO. I’m Keith Shaw — thanks for watching!