talos/CHANGELOG.md at da2e81120f7336d9633a98523e05d91f5750434f

mirror of https://github.com/siderolabs/talos.git synced 2026-04-13 17:51:09 +02:00

release(v1.10.0-alpha.0): prepare release

This is the official v1.10.0-alpha.0 release.

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>

2024-12-23 15:15:56 +04:00

1.7 MiB

Raw Blame History

Talos 1.10.0-alpha.0 (2024-12-23)

Welcome to the v1.10.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

cgroups v1

Talos Linux no longer supports cgroupsv1 when running in non-container mode. The kernel argument talos.unified_cgroup_hierarchy is now ignored.

Driver Rebind

Talos 1.10 now supports a new machine config document named PCIDriverRebindConfig that allows rebinding the driver of a PCI device to a different target driver. See the documentation for more information.

Component Updates

Linux: 6.12.6
CNI plugins: 1.6.1

Talos is built with Go 1.23.4.

Contributors

Andrey Smirnov
Noel Georgi
Dmitriy Matrenichev
Dmitry Sharshakov
Nico Berlee
Utku Ozdemir
Alexis La Goutte
Andrew Symington
Christian Luetke-Stetzkamp
Devin Buhl
Justin Garrison
KillianCdP
Marcel Hamer
PRIHLOP
Skyler Mäntysaari
Tine Jozelj
sflotat2607

Changes

63 commits

bd85bd5b7 fix: fix Failed to initialize SELinux labeling handle udev error
73c82e3e5 feat: bring Linux 6.12.6, CNI plugins 1.6.1
c12b52491 docs: document Kubernetes service registry incompat with K8s 1.32
a5660ed77 feat: pcirebind controller
4c3261626 docs: fix several typos
fb3675321 fix: dashboard crash on CPU data
dec0185c8 chore: reduce memory usage for secureboot functions
cee6c60a0 fix: make talosctl time work with PTP time sync
f75604313 chore: support gcr.io auth for cache and image gen
6ef2596da docs: improve Hetzner documentation
7d39b9ec2 feat: remove cgroupsv1 in non-container mode
8003536c7 fix: restore previous disk serial fetching
03116ef9b chore: prepare for Talos 1.10
00682fdd6 docs: activate 1.9 docs as default
bea05f5c9 docs: update deploying-cilium.md
284ab1179 feat: support link altnames/aliases
5bfd829bf docs: fix 'containter' typo
8d151b771 docs: clarify TALOSCONFIG for AWS
0ef19171f fix: renovate typo
c568adc7d fix: renovate config
ec2e24fd9 fix: match MAC addresses case-insensitive (nocloud)
41a0c440a chore: rekres for renovate changes
a49bb9ee4 feat: update Linux to 6.12.5
b15917ecc chore: add more debugging logs for META and volumes
2b1b326f0 docs: mention different paths for OpenEBS
9470e842f test: cleanup failed Kubernetes pods
c9c685150 fix: node identity flip
590c01657 feat: update containerd to v2.0.1
18fa5a258 docs: update image-cache doc for iso
ab5bb6884 fix: generate and serve registries with port
58236066d fix: support image cache on VFAT USB stick
e193a5071 fix: image cache integration test
08ee400fd test: fix flaky test NodeAddressSort
d45e8d1d1 feat: update Kubernetes to 1.32.0
136b12912 chore: drop semicolon for supporting vfat filesystems
3e9e027ef test: add an option to boot from an USB stick
ef8c3e3b3 docs: fix typo in multus.md
d54414add fix: authorization config gen
cce72cfe8 docs: replace deprecated Hetzner server plans
81805103d chore: enable proper parallel usage of TestDepth
e1b824eba docs: update ceph-with-rook.md
470b75563 fix: use mtu network option for podman
61b1489a0 fix: order volume config by the requested size
bc3039acd feat: update runc to 1.2.3
30016a0a8 fix: avoid nil-pointer-panic in RegistriesConfigController
fe0457152 fix: power on the machine on reboot request in qemu power api
10da553ef docs: build what's new for 1.9
d946ccae3 feat: update Linux to 6.12.4
707a77bf6 test: fix user namespace test, TPM2 fixes
c3537b2f5 feat: update Linux to 6.12.3
cb4d9d673 docs: fix a few mistakes in release notes
c4724fc97 chore: add integration tests for image-cache
07220fe7f fix: install iptables-nft to the host
14841750b chore: add version compatibility for Talos 1.10
852baf819 feat: support vlan/bond in v1, vlan in v2 for nocloud
dd61ad861 fix: lock provisioning order of user disk partitions
d0773ff09 chore: update Go to 1.23.4
7d6507189 feat: implement new address sorting algorithm
9081506d6 feat: add process scheduling options
77e9db4ab test: use two workers in qemu tests by default
5a4bdf62a feat: update Kubernetes to 1.32.0-rc.1
d99bcc950 chore: refactor mergeDNSServers func
0cde08d8b docs: add Turing RK1 docs to Single Board Computer section

Changes from siderolabs/pkgs

17 commits

9051c9a feat: update Linux to 6.12.6
6695012 chore: rekres to simplify .kres.yaml defaults
611ca38 chore: rekres to bring renovate under kres
a4c4215 fix: drop cgroupsv1 controllers
28c909d feat: update Linux firmware to 20241210
c40a9e9 feat: update Linux to 6.12.5
d54ca83 feat: update containerd to v2.0.1
86e3755 fix: add CONFIG_INTEL_MEI_GSC_PROXY as module
8c31321 feat: update ZFS to 2.2.7
605f493 feat: update runc to v1.2.3
1a55529 feat: update Linux to 6.12.4
52ba9a5 feat: update Linux 6.12.3
9cf35be feat: build host iptables with nftables support
71003a3 feat: update Go to 1.23.4
5b4d402 feat: build dvb kernel modules and CX23885
b330af9 chore: bring in KSPP recommendations
f81b190 feat: kernel driver support for RK3588 devices (Turing RK1)

Changes from siderolabs/tools

1 commit

fe34fb3 feat: update Go to 1.23.4

Dependency Changes

github.com/containernetworking/plugins v1.6.0 -> v1.6.1
github.com/foxboron/go-uefi fab4fdf2f2f3 -> 19dc140271bf
github.com/opencontainers/runc v1.2.2 -> v1.2.3
github.com/siderolabs/go-blockdevice/v2 v2.0.7 -> v2.0.8
github.com/siderolabs/pkgs v1.9.0-12-g9576b97 -> v1.10.0-alpha.0-16-g9051c9a
github.com/siderolabs/talos/pkg/machinery v1.9.0 -> v1.9.0-alpha.3
github.com/siderolabs/tools v1.9.0-1-geaad82f -> v1.10.0-alpha.0
golang.org/x/net v0.32.0 -> v0.33.0

Previous release can be found at v1.9.0

Talos 1.9.0-alpha.3 (2024-11-25)

Welcome to the v1.9.0-alpha.3 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

AppArmor

Talos Linux starting with v1.9 will ship with SELinux LSM enabled by default. If you need to use AppArmor LSM add the following to the machine configuration:

machine:
  install:
     extraKernelArgs:
      - -selinux
      - lsm=lockdown,capability,yama,apparmor,bpf
      - apparmor=1

Auditd

Talos Linux now starts a auditd service by default. Logs can be read with talosctl logs auditd.

`talosctl cgroups`

The talosctl cgroups command has been added to the talosctl tool. This command allows you to view the cgroup resource consumption and limits for a machine, e.g. talosctl cgroups --preset memory.

Device Selectors

Talos now supports matching on permanent hardware (MAC) address of the network interfaces. This is specifically useful to match bond members, as they change their hardware addresses when they become part of the bond.

Direct Rendering Manager (DRM)

Starting with Talos 1.9, the i915 and amdgpu DRM drivers will be dropped from the Talos squashfs. There will be new system extensions named i915 and amdgpu that would contain both the drivers and firmware packaged together. Upgrades via Image Factory will automatically include the new extensions if previously i915-ucode or amdgpu-firmware were used.

Registry Mirrors

In versions before Talos 1.9, there was a discrepancy between the way Talos itself and CRI plugin resolves registry mirrors: Talos will never fall back to the default registry if endpoints are configured, while CRI plugin will.

Note: Talos Linux pulls images for the installer, kubelet, etcd, while all workload images are pulled by the CRI plugin.

In Talos 1.9 this was fixed, so that by default an upstream registry is used as a fallback in all cases, while new registry mirror configuration option .skipFallback can be used to disable this behavior both for Talos and CRI plugin.

talosctl disks

The command talosctl disks was removed, please use talosctl get disks, talosctl get systemdisk, and talosctl get blockdevices instead.

talosctl wipe

The new command talosctl wipe disk allows to wipe a disk or a partition which is not used as a volume.

udevd

Talos previously used eudev to provide udevd, now it uses systemd-udevd instead.

Component Updates

Linux: 6.6.60
containerd: 2.0.0
Flannel: 0.26.0
Kubernetes: 1.32.0-beta.0
runc: 1.2.1

Talos is built with Go 1.23.3.

User Namespaces

Talos Linux now supports running Kubernetes pods with user namespaces enabled. Refer to the documentation for more information.

Contributors

Andrey Smirnov
Noel Georgi
Dmitry Sharshakov
Dmitriy Matrenichev
Joakim Nohlgård
Jean-Francois Roy
Utku Ozdemir
blablu
Adolfo Ochagavía
Alessio Moiso
Dan Rue
David Backeus
Eddie Wang
Florian Ströger
Hexoplon
Jakob Maležič
KBAegis
Mike Beaumont
Nebula
Nico Berlee
OliviaBarrington
Philip Schmid
Philipp Kleber
Remko Molier
Robby Ciliberto
Roman Ivanov
Ryan Borstelmann
Sam Stelfox
Serge Logvinov
Sergey Melnik
Spencer Smith
SpiReCZ
Steven Cassamajor
Steven Kreitzer
Tim Jones
Variant9
adilTepe
ekarlso
naed3r
nevermarine
solidDoWant
sophia-coldren

Changes

189 commits

af5d6b8c41 fix: show SELinux labels on pseudo-fs
f46922fa9a chore: fix dockerfile warnings
a13f82c594 feat: udev: label device nodes
e899fb37fd feat: label created files in /etc
5f68c17eda feat: implement image cache configuration
0ffb2187a3 feat: registry proxy
77cf84fb57 feat: support generating iso with imagecache
5de6275b8f chore: image cache generator improvements
1a8cc5f8b2 feat: add SELinux labels to volumes
61b9129e0c fix: add directory entries and filemode to tarball
4caeae21e5 refactor: optimize flags and SetLabel
6074a870ad feat: add e2fsprogs to talos rootfs
7ffcf5b932 docs: update getting started
c4c1a0d7c7 fix: make vmware platform common code build on all arches
cc768037f8 feat: implement block device wipe
6fb518ae57 fix: don't activate LVM volumes in agent mode
0e3ed30723 fix: no longer leak Close reader
4dc58cfdf3 chore: small fixes
f400ae911b fix: small fixes for image cache generation
93754b7de6 fix: config and platform manifest generation
95b2fc946e feat: image cache gen
e4c6186c63 chore: remove i915/amdgpu drivers
744ad12a6e docs: update replicated-local-storage-with-openebs.md
fd713e4514 feat: add permanent hardware addr to device selectors
d55a96e8cb refactor: remove SELinux client_u and client_r
3a5b55fd22 fix: allow CEL expressions config merge
f1b15f580e chore: remove replace for safchain/ethtool
f9697a9a07 fix: register controlplane node with NoSchedule taint
30f8b5a9f7 fix: registry mirror fallback handling
0f41e77434 feat: allow for onlink directive (nocloud)
e26d0043e0 chore: code cleanup
43fe3807a8 feat: implement tracking of blockdevice secondaries
8a7476c3ae fix: install on non-empty disk
8b4253d185 feat: update etcd to v3.5.17
5a0fd5b882 refactor: move early initialization functions to pre-initialize phase
9916e2cd8a chore: update pkgs/tools/extras for Go 1.23.3
20bbf02355 docs: update vultr documentation
aea98940b7 fix: arch linux search paths and names for QEMU provisioner
682718d4c9 fix: use imager incoming version for extension validation
9a02ecc49f feat: rewrite install disk selector to use CEL expressions
eba35f4413 docs: add note about PSP in Rook-Ceph guide
38b80fb1da docs: add missing --talosconfig parameter to end of Hetzner guide
a07f66c918 docs: gcp: fix controlplane nodes tags
4fe6dc8a0a chore: clean dns code
0290a38818 release(v1.9.0-alpha.2): prepare release
a309f6aa57 chore: fix nil pointer dereference in AWS uploader
333737f176 test: fix unpriviliged process runner test
2001167058 chore(ci): save support zip always after tests
6a42c3b8ed release(v1.9.0-alpha.1): prepare release
fb72e4b7b7 fix(ci): skip test if UserNamespacesSupport feature gate is not set
11380f933d feat: display current CPU frequency on dashboard
fbce267aee feat: check bridged interfaces should not have addresses
942962bf00 docs: add docs on usernamespace support in k8s
0406a05a98 chore: update pkgs to ones built with gcc 14.2
2e127627dc docs: add apparmor enablement release notes
aa9311f3d8 fix: install disk matcher error
1800f81044 fix: selinux handling and apparmor tests
313bffadfb feat: update Kubernetes to v1.32.0-beta.0
bbfa144510 feat: update containerd to v2.0.0
8e02b9fcbf docs: update manual k8s upgrade docs
474949dc77 feat: add dm-cache dm-cache-smq kernel modules
5112547d6b chore: generate support zip for crashdump
a867f85e4c feat: label system socket and runtime files
398f714cff feat: update Linux 6.6.59, runc 1.2.1
05c620957c feat: allow extra mounts for docker-based talosctl cluster create
cedabeddf7 chore: cleanup code
61d363e1d0 chore: update go-auditlib
960a040491 feat: start enabling SELinux
7f3aaa21cd fix: update permissions for logging directories in /var
0e6c983b84 fix: mount /sys/kernel/security conditionally
74b0e8c371 fix: make route normalization keep family
0a3761c22f fix: talosctl windows arm64
4b10c5328b chore: add Windows ARM64 build for talosctl
9abf16108e feat: add auditd service
d464ca869f chore: drop runc memfd bind added in #9069
b54d26c2c3 fix: mount pseudo sub-mountpoints in init
7aeb15f730 chore: disable coredns cache for cluster domain
d8b652150c docs: add warning about NVMe bus path bug
3e16ab135e feat: update Kubernetes to v1.32.0-alpha.3
0b8b356777 feat: add BridgePort property to network machine configuration
b379506259 fix: use more correct condition to skip generating hosts files
62ec7ec336 refactor: replace the old v1 mount package with new one
0ece13c623 docs: update network-config.md (cont)
93827f0485 docs: update network-config.md
423b1e5fb2 fix: do not trim 0 from process SELinux label
2136358d65 feat: introduce metal agent mode
0e15955fcc chore: small refactoring
66012a7f26 feat: remove wrapperd and launch processes directly
3a0a17ae66 fix: prevent panic in nocloud platform code
dc0c6acbd7 refactor: remove unmaintained github.com/vishvananda/netlink
78353f7918 feat: add parsing of vlanNNNN:ethX style VLAN cmdline args
9db7a36bfc fix: generation of SecureBoot iso
c755b6d7e4 fix: update the CRI sandbox image reference
cec290b354 feat: allow extensions to log to console
b7801df827 fix: wait for udevd to be running before activating LVM
d4cb478a50 docs: improve field description for BridgeSTP, BridgeVLAN
7329824b24 docs: add Mynewsdesk to ADOPTERS.md
a13cf76a34 chore: simplify DNSUpstreamController and DNSUpstream resource
62d185473e fix: talosctl process null character
77d7368eae feat: update containerd to v2.0.0-rc.6
d39393879a fix: rework the 'metal-iso' config acquisition
1993afca9f chore: create /usr/etc in a different step
8680351c13 chore: move system extensions' udev rules
3067f64c84 feat: update Flannel to v0.26.0
8658d6865f docs: typo in deploying cilium
49bbadc4bf docs: add documentation on performance tuning
534b0ce183 feat: update runc to 1.2.0 final
2172535237 docs: fix image factory links
375e3da73f feat: update Kubernetes to 1.32.0-alpha.2
9e6f64df04 fix: improve error messages for invalid bridge/bond configuration
7c8c72c2b2 fix: correct error message for invalid ip=
ead46997c9 chore: rename tpm2.PCRExtent -> tpm2.PCRExtend
867c4b8125 docs: fix typo in prodnotes.md
1b22df48a4 chore: support debug shell for advanced development
c14b446229 feat: update Kubernetes to v1.32.0-alpha.1
29780d35a0 test: add an integration test for verifying process parameters
3d342af447 fix: update incorrect alias for PCIDevice resource
f7d35a5e0b release(v1.9.0-alpha.0): prepare release
e0434d77d7 feat: update dependencies
5c5a248861 feat: add Talos 1.9 compatibility guarantees
bc4c21f41a test: add json logs test environment
71faa32942 docs: nvidia proprietary/oss hardware requirement
59a78da42c chore: add proto-codec/codec
7ff1cedfe3 chore: update siderolabs/crypto module and return proper ALPN
ccbd5aed39 feat: optionally decode hcloud userdata as base64
34f652ce82 feat: add well-known app.kubernetes.io labels to control-plane pods
fc89dc2164 fix: support extra-disks when using iso
f2bff814de chore: add arm64 target for integration-test
5853bb0ea4 fix: json logging panic
a859cff364 chore: use virtio driver for disks in arm64
db248de88d chore(ci): add config for lldpd extension
9f0de9f43d test: update provision upgrade tests for Talos 1.9
39fe285e69 fix: skip ram disks
a9bff3a1d0 test: skip no error test in Cilium
4d902021bb fix: do not use pflag csv comma reader for config-patch
5371788ce1 fix: typo in documentation
8a228ba6bc docs: add egress documentation
182325cb07 test: skip lvm test if not enough user disks available
519a48302e fix: wipe system partitions correctly via kernel args
0a2b4556c5 fix: volume encryption with failing keyslots
6affbd3182 fix: update grpc-go the latest patch release
77a4a4adc7 fix: scaleway metadata
7acadc0c8f fix: do not stop udevd before unmounting volumes
6a081055b0 feat: update Flannel to v0.25.7
2362f6d3ee fix: improve container detection
b67bc73fd3 fix: fix mdadm system extension
f08669c7a9 feat: bring in lpfc kernel module driver
6a014374be feat: enable QEDF driver
f711907e03 fix: make /var/run empty on reboots
7d02eb60f4 docs: fix typo in CloudStack docs
74861573a7 fix: multiple fixes for LVM activation
74c12c20e0 feat: replace eudev with systemd-udevd
0a4df4ef84 docs: fix nvidia CRI config example
afc1e1a46a docs: fix typo in extraMounts directory
a341bdb064 fix: prevent file descriptors leaks to child processes
dec653bfe1 chore: better lvm2 tests
908fd8789c feat: support cgroup deep analysis in talosctl
aa846cc186 feat: add support for CI Network config in nocloud
10f2539f23 chore: disable cloud-images cron workflow
b07a8b36b2 chore: ignore more plugins for system containerd
392c4798f0 feat: prepare for Talos 1.9
ea7bf9fb43 docs: update storage.md
4ab8dee69a fix: build talosctl without tcell_minimal
2fa019bd97 docs: enable 'edit on GitHub' link
d2ccbc2b15 docs: update hetzner documentation for CCM
d498f647cd docs: fix Kernel Self Protection Project (KSPP) references
0ec75463ee docs: make Talos 1.8 current release
9b77698cf2 fix: update blockdevice library to v2.0.2
e46227ab95 docs: fix kubespan name inconsistency
6b15ca19cd fix: audit and fix cgroup reservations
32b5d01ed3 chore: bump lvm2
6484581eb8 feat: allow /sbin/ldconfig in extensions
9fa08e8437 chore: refactor tests
d8ab4981b6 feat: support lvm auto activation
8166a58b36 fix: filter out non-printable characters in process line
806b6aaf52 docs: add SECURITY.md
7bd26df308 docs: document /dev/net/tun compatibility
18daedb511 fix: strategic merge patch delete for map keys
f3370529ac docs: correct typo
8d6884a8e2 test: add a test for inline machine config trusted roots
d4a6d017db fix: ignore invalid NTP responses
869f8379f2 feat: update default Kubernetes version to 1.31.1
780a1f198a fix: update CoreDNS health check
79cd031588 chore: account for resource sorting in dns upstream resource
e17fafaca2 chore: drop activateLogicalVolumes sequencer step
a294b366f2 fix: parse SideroLink API endpoint correctly
a9269ac7b1 fix: remove extra logging on ethtool ioctl failures
5c6277d171 feat: update etcd to 3.5.16
c1ed2984b8 docs: add what's new for Talos 1.8

Changes since v1.9.0-alpha.2

44 commits

af5d6b8c4 fix: show SELinux labels on pseudo-fs
f46922fa9 chore: fix dockerfile warnings
a13f82c59 feat: udev: label device nodes
e899fb37f feat: label created files in /etc
5f68c17ed feat: implement image cache configuration
0ffb2187a feat: registry proxy
77cf84fb5 feat: support generating iso with imagecache
5de6275b8 chore: image cache generator improvements
1a8cc5f8b feat: add SELinux labels to volumes
61b9129e0 fix: add directory entries and filemode to tarball
4caeae21e refactor: optimize flags and SetLabel
6074a870a feat: add e2fsprogs to talos rootfs
7ffcf5b93 docs: update getting started
c4c1a0d7c fix: make vmware platform common code build on all arches
cc768037f feat: implement block device wipe
6fb518ae5 fix: don't activate LVM volumes in agent mode
0e3ed3072 fix: no longer leak Close reader
4dc58cfdf chore: small fixes
f400ae911 fix: small fixes for image cache generation
93754b7de fix: config and platform manifest generation
95b2fc946 feat: image cache gen
e4c6186c6 chore: remove i915/amdgpu drivers
744ad12a6 docs: update replicated-local-storage-with-openebs.md
fd713e451 feat: add permanent hardware addr to device selectors
d55a96e8c refactor: remove SELinux client_u and client_r
3a5b55fd2 fix: allow CEL expressions config merge
f1b15f580 chore: remove replace for safchain/ethtool
f9697a9a0 fix: register controlplane node with NoSchedule taint
30f8b5a9f fix: registry mirror fallback handling
0f41e7743 feat: allow for onlink directive (nocloud)
e26d0043e chore: code cleanup
43fe3807a feat: implement tracking of blockdevice secondaries
8a7476c3a fix: install on non-empty disk
8b4253d18 feat: update etcd to v3.5.17
5a0fd5b88 refactor: move early initialization functions to pre-initialize phase
9916e2cd8 chore: update pkgs/tools/extras for Go 1.23.3
20bbf0235 docs: update vultr documentation
aea98940b fix: arch linux search paths and names for QEMU provisioner
682718d4c fix: use imager incoming version for extension validation
9a02ecc49 feat: rewrite install disk selector to use CEL expressions
eba35f441 docs: add note about PSP in Rook-Ceph guide
38b80fb1d docs: add missing --talosconfig parameter to end of Hetzner guide
a07f66c91 docs: gcp: fix controlplane nodes tags
4fe6dc8a0 chore: clean dns code

Changes from siderolabs/crypto

1 commit

58b2f92 chore: use HTTP/2 ALPN by default

Changes from siderolabs/discovery-api

1 commit

005e92c chore: rekres and regen

Changes from siderolabs/discovery-client

1 commit

b74fb90 fix: allow custom TLS config for the client

Changes from siderolabs/extras

3 commits

78ba66b feat: update Go to 1.23.3
eab6e58 feat: update dependencies
1459d78 feat: update pkgs for 1.9

Changes from siderolabs/gen

3 commits

e847d2a chore: add more utilities to xiter
f3c5a2b chore: add Empty and Empty2 iterators
c53b90b chore: add packages xiter/xstrings/xbytes

Changes from siderolabs/go-blockdevice

1 commit

134c41b fix: fast wipe also last 1MB of the device

Changes from siderolabs/go-circular

1 commit

9a0f7b0 fix: multiple data race issues

Changes from siderolabs/go-cmd

3 commits

d735250 fix: return an error on process nonzero exit code
5662c7f feat: add an equivalent of WaitWrapper for os.Process
71fced6 chore: rekres and move to GHA

Changes from siderolabs/go-kubernetes

4 commits

0f62a7e feat: add one more deprecation/removal for v1.32
87d2e8e feat: add one more deprecation for 1.32.0-beta.0
e56a7f6 fix: update deprecations based on Kubernetes 1.32.0-alpha.3
381f251 feat: update for Kubernetes 1.32

Changes from siderolabs/grpc-proxy

2 commits

de1c628 fix: copy data from big frame msg
ef47ec7 chore: upgrade Codec implementations and usages to Codec2

Changes from siderolabs/pkgs

46 commits

a463a50 feat: add e2fsprogs
bfd88f5 chore: fix make kernel-menuconfig completely
cee356e chore: fix menuconfig build
a5530cf feat: update Linux to 6.6.62, runc to 1.2.2
ac329c9 feat: enable CONFIG_INTEL_HFI_THERMAL + CONFIG_INTEL_TURBO_MAX_3
567a14a fix: do not build unneeded utilities and man for SELinux libraries
b15a3d9 feat: bump dependencies
6bdba41 feat: update Linux to 6.6.60
4699763 feat: update gcc to 14.2
9a98f73 feat: update containerd to v2.0.0
20e1e08 feat: enable CONFIG_DM_CACHE
df45e16 feat: update Linux to 6.6.59
2e733cc feat: bump dependencies
c92e123 fix: enable nvme and 2.5gbit ethernet on nanopi-r5s
b160184 feat: update runc to v1.2.1
e9950d9 chore: drop syslinux
fc2e8dc feat: update containerd to v2.0.0-rc.6
38304a6 feat: update Linux to 6.6.58
84b8df8 chore: do not use /usr/etc/udev
c9282c8 feat: update runc to 1.2.0
38ad08e fix: default IOMMU mode to 'lazy'
be92da0 feat: update Linux to 6.6.57, update Linux firmware
0b67a13 feat: bump dependencies
dd5f928 feat: update Linux 6.6.56 and protect /proc/mem
b1bf972 feat: enable CONFIG_XFRM_STATISTICS
c63beae feat: update Linux to 6.6.54
f474a55 fix: libselinux: support running without /etc/selinux
ba0341e fix: systemd-udevd: search for config in /usr/etc
2b193f1 feat: add lpfc kernel module
1adb946 feat: enable QEDF driver
dbbe3d0 feat: update containerd to v2.0.0-rc.5
f19590e feat: update Go to 1.23.2
e2a561f fix: drop the LVM2 udev lvm rule
ae205aa fix: force LVM to use /run as state directory
232a153 feat: replace eudev with systemd-udevd
40fb82a feat: add libselinux, libsepol, pcre2 and libcap
6f40fbb feat: update xfsprogs 6.10.1
a1709c7 feat: enable module unloading and memory hotplug (for NVIDIA UVM)
2c5785b feat: enable transparent huge pages in madvise mode
ca2e8c8 fix: lvm2 modprobe path
6b334a6 feat: update Linux to 6.6.52
e90ae7e feat: update Linux firmware to 20240909
79a4f92 feat: enable INET_DIAG
c9f7eb9 feat: update Linux to 6.6.51
126b6a4 fix: add mpt3sas UBSAN patches
a09bf93 chore: drop UBSAN patch

Changes from siderolabs/proto-codec

3 commits

0d84c65 chore: add support for gogo protobuf generator
19f8d2e chore: add kres
e038bb4 Initial commit

Changes from siderolabs/siderolink

1 commit

1893385 fix: initialize tls listener properly

Changes from siderolabs/tools

10 commits

e061b6f feat: update dependencies
2704b85 feat: update Go to 1.23.3
3750064 fix: update for musl with close_range
0a443c6 feat: update toolchain for gcc 14.2
63ecd80 feat: bump depedendencies
2058296 feat: bump dependencies
1151610 feat: update Go to 1.23.2
9f2189b fix: bump gettext-tiny to the latest dev version
95069d6 feat: update Go to 1.23.1
eec0656 feat: replace gettext with gettext-tiny

Dependency Changes

cloud.google.com/go/compute/metadata v0.5.0 -> v0.5.2
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 -> v1.16.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 -> v1.8.0
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.1.0 -> v1.3.0
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0 -> v1.3.0
github.com/aws/aws-sdk-go-v2/config v1.27.33 -> v1.28.3
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.13 -> v1.16.19
github.com/aws/aws-sdk-go-v2/service/kms v1.35.7 -> v1.37.5
github.com/aws/smithy-go v1.20.4 -> v1.22.0
github.com/containerd/containerd/api v1.8.0-rc.3 -> v1.8.0
github.com/containerd/containerd/v2 v2.0.0-rc.4 -> v2.0.0
github.com/containerd/errdefs v0.1.0 -> v1.0.0
github.com/containerd/platforms v0.2.1 -> v1.0.0-rc.0
github.com/containerd/typeurl/v2 v2.2.0 -> v2.2.3
github.com/containernetworking/plugins v1.5.1 -> v1.6.0
github.com/cosi-project/runtime v0.5.5 -> v0.7.1
github.com/docker/cli v27.3.1 new
github.com/docker/docker v27.2.0 -> v27.3.1
github.com/elastic/go-libaudit/v2 v2.6.0 new
github.com/fatih/color v1.17.0 -> v1.18.0
github.com/florianl/go-tc v0.4.4 new
github.com/foxboron/go-uefi e2076f0e58ca -> fab4fdf2f2f3
github.com/fsnotify/fsnotify v1.7.0 -> v1.8.0
github.com/google/cadvisor v0.50.0 -> v0.51.0
github.com/google/cel-go v0.22.0 new
github.com/gopacket/gopacket v1.2.0 -> v1.3.1
github.com/hetznercloud/hcloud-go/v2 v2.13.1 -> v2.16.0
github.com/klauspost/compress v1.17.9 -> v1.17.11
github.com/klauspost/cpuid/v2 v2.2.8 -> v2.2.9
github.com/linode/go-metadata v0.2.0 -> v0.2.1
github.com/mdlayher/ethtool v0.1.0 -> v0.2.0
github.com/opencontainers/runc v1.2.0-rc.3 -> v1.2.1
github.com/rivo/tview fd649dbf1223 -> c76f7879f592
github.com/safchain/ethtool v0.4.1 -> 4e3aff457298
github.com/siderolabs/crypto v0.4.4 -> v0.5.0
github.com/siderolabs/discovery-api v0.1.4 -> v0.1.5
github.com/siderolabs/discovery-client v0.1.9 -> v0.1.10
github.com/siderolabs/extras v1.8.0 -> v1.9.0-alpha.0-2-g78ba66b
github.com/siderolabs/gen v0.5.0 -> v0.7.0
github.com/siderolabs/go-blockdevice v0.4.7 -> v0.4.8
github.com/siderolabs/go-blockdevice/v2 v2.0.2 -> v2.0.6
github.com/siderolabs/go-circular v0.2.0 -> v0.2.1
github.com/siderolabs/go-cmd v0.1.1 -> v0.1.3
github.com/siderolabs/go-kubernetes v0.2.12 -> v0.2.16
github.com/siderolabs/grpc-proxy v0.4.1 -> v0.5.1
github.com/siderolabs/pkgs v1.8.0-8-gdf1a1a5 -> v1.9.0-alpha.0-45-ga463a50
github.com/siderolabs/proto-codec v0.1.1 new
github.com/siderolabs/siderolink v0.3.10 -> v0.3.11
github.com/siderolabs/talos/pkg/machinery v1.8.0 -> v1.9.0-alpha.2
github.com/siderolabs/tools v1.8.0-1-ga0c06c6 -> v1.9.0-alpha.0-9-ge061b6f
github.com/thejerf/suture/v4 v4.0.5 new
go.etcd.io/etcd/api/v3 v3.5.16 -> v3.5.17
go.etcd.io/etcd/client/pkg/v3 v3.5.16 -> v3.5.17
go.etcd.io/etcd/client/v3 v3.5.16 -> v3.5.17
go.etcd.io/etcd/etcdutl/v3 v3.5.16 -> v3.5.17
golang.org/x/net v0.29.0 -> v0.31.0
golang.org/x/oauth2 v0.23.0 -> v0.24.0
golang.org/x/sync v0.8.0 -> v0.9.0
golang.org/x/sys v0.25.0 -> v0.27.0
golang.org/x/term v0.24.0 -> v0.26.0
golang.org/x/text v0.18.0 -> v0.20.0
golang.org/x/time v0.6.0 -> v0.8.0
google.golang.org/grpc v1.66.0 -> v1.68.0
google.golang.org/protobuf v1.34.2 -> v1.35.1
k8s.io/api v0.31.1 -> v0.32.0-beta.0
k8s.io/apimachinery v0.31.1 -> v0.32.0-beta.0
k8s.io/apiserver v0.31.1 -> v0.32.0-beta.0
k8s.io/client-go v0.31.1 -> v0.32.0-beta.0
k8s.io/component-base v0.31.1 -> v0.32.0-beta.0
k8s.io/cri-api v0.32.0-alpha.0 -> v0.32.0-beta.0
k8s.io/kube-scheduler v0.31.1 -> v0.32.0-beta.0
k8s.io/kubectl v0.31.1 -> v0.32.0-beta.0
k8s.io/kubelet v0.31.1 -> v0.32.0-beta.0
k8s.io/pod-security-admission v0.31.1 -> v0.32.0-beta.0
kernel.org/pub/linux/libs/security/libcap/cap v1.2.70 -> v1.2.72

Previous release can be found at v1.8.0

Talos 1.9.0-alpha.2 (2024-11-08)

Welcome to the v1.9.0-alpha.2 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

AppArmor

Talos Linux starting with v1.9 will ship with SELinux LSM enabled by default. If you need to use AppArmor LSM add the following to the machine configuration:

machine:
  install:
     extraKernelArgs:
      - -selinux
      - lsm=lockdown,capability,yama,apparmor,bpf
      - apparmor=1

Auditd

Talos Linux now starts a auditd service by default. Logs can be read with talosctl logs auditd.

`talosctl cgroups`

udevd

Talos previously used udevd to provide udevd, now it uses systemd-udevd instead.

Component Updates

Linux: 6.6.59 containerd: 2.0.0 Flannel: 0.26.0 Kubernetes: 1.32.0-beta.0 runc: 1.2.1

Talos is built with Go 1.23.2.

User Namespaces

Talos Linux now supports running Kubernetes pods with user namespaces enabled. Refer to the documentation for more information.

Contributors

Andrey Smirnov
Noel Georgi
Dmitriy Matrenichev
Dmitry Sharshakov
Joakim Nohlgård
Jean-Francois Roy
Utku Ozdemir
blablu
Adolfo Ochagavía
Dan Rue
David Backeus
Eddie Wang
Florian Ströger
Hexoplon
Jakob Maležič
KBAegis
Mike Beaumont
Nebula
Nico Berlee
Philip Schmid
Philipp Kleber
Remko Molier
Robby Ciliberto
Ryan Borstelmann
Serge Logvinov
Spencer Smith
Steven Cassamajor
Tim Jones
adilTepe
ekarlso
naed3r
nevermarine
solidDoWant

Changes

144 commits

a309f6aa57 chore: fix nil pointer dereference in AWS uploader
333737f176 test: fix unpriviliged process runner test
2001167058 chore(ci): save support zip always after tests
6a42c3b8ed release(v1.9.0-alpha.1): prepare release
fb72e4b7b7 fix(ci): skip test if UserNamespacesSupport feature gate is not set
11380f933d feat: display current CPU frequency on dashboard
fbce267aee feat: check bridged interfaces should not have addresses
942962bf00 docs: add docs on usernamespace support in k8s
0406a05a98 chore: update pkgs to ones built with gcc 14.2
2e127627dc docs: add apparmor enablement release notes
aa9311f3d8 fix: install disk matcher error
1800f81044 fix: selinux handling and apparmor tests
313bffadfb feat: update Kubernetes to v1.32.0-beta.0
bbfa144510 feat: update containerd to v2.0.0
8e02b9fcbf docs: update manual k8s upgrade docs
474949dc77 feat: add dm-cache dm-cache-smq kernel modules
5112547d6b chore: generate support zip for crashdump
a867f85e4c feat: label system socket and runtime files
398f714cff feat: update Linux 6.6.59, runc 1.2.1
05c620957c feat: allow extra mounts for docker-based talosctl cluster create
cedabeddf7 chore: cleanup code
61d363e1d0 chore: update go-auditlib
960a040491 feat: start enabling SELinux
7f3aaa21cd fix: update permissions for logging directories in /var
0e6c983b84 fix: mount /sys/kernel/security conditionally
74b0e8c371 fix: make route normalization keep family
0a3761c22f fix: talosctl windows arm64
4b10c5328b chore: add Windows ARM64 build for talosctl
9abf16108e feat: add auditd service
d464ca869f chore: drop runc memfd bind added in #9069
b54d26c2c3 fix: mount pseudo sub-mountpoints in init
7aeb15f730 chore: disable coredns cache for cluster domain
d8b652150c docs: add warning about NVMe bus path bug
3e16ab135e feat: update Kubernetes to v1.32.0-alpha.3
0b8b356777 feat: add BridgePort property to network machine configuration
b379506259 fix: use more correct condition to skip generating hosts files
62ec7ec336 refactor: replace the old v1 mount package with new one
0ece13c623 docs: update network-config.md (cont)
93827f0485 docs: update network-config.md
423b1e5fb2 fix: do not trim 0 from process SELinux label
2136358d65 feat: introduce metal agent mode
0e15955fcc chore: small refactoring
66012a7f26 feat: remove wrapperd and launch processes directly
3a0a17ae66 fix: prevent panic in nocloud platform code
dc0c6acbd7 refactor: remove unmaintained github.com/vishvananda/netlink
78353f7918 feat: add parsing of vlanNNNN:ethX style VLAN cmdline args
9db7a36bfc fix: generation of SecureBoot iso
c755b6d7e4 fix: update the CRI sandbox image reference
cec290b354 feat: allow extensions to log to console
b7801df827 fix: wait for udevd to be running before activating LVM
d4cb478a50 docs: improve field description for BridgeSTP, BridgeVLAN
7329824b24 docs: add Mynewsdesk to ADOPTERS.md
a13cf76a34 chore: simplify DNSUpstreamController and DNSUpstream resource
62d185473e fix: talosctl process null character
77d7368eae feat: update containerd to v2.0.0-rc.6
d39393879a fix: rework the 'metal-iso' config acquisition
1993afca9f chore: create /usr/etc in a different step
8680351c13 chore: move system extensions' udev rules
3067f64c84 feat: update Flannel to v0.26.0
8658d6865f docs: typo in deploying cilium
49bbadc4bf docs: add documentation on performance tuning
534b0ce183 feat: update runc to 1.2.0 final
2172535237 docs: fix image factory links
375e3da73f feat: update Kubernetes to 1.32.0-alpha.2
9e6f64df04 fix: improve error messages for invalid bridge/bond configuration
7c8c72c2b2 fix: correct error message for invalid ip=
ead46997c9 chore: rename tpm2.PCRExtent -> tpm2.PCRExtend
867c4b8125 docs: fix typo in prodnotes.md
1b22df48a4 chore: support debug shell for advanced development
c14b446229 feat: update Kubernetes to v1.32.0-alpha.1
29780d35a0 test: add an integration test for verifying process parameters
3d342af447 fix: update incorrect alias for PCIDevice resource
f7d35a5e0b release(v1.9.0-alpha.0): prepare release
e0434d77d7 feat: update dependencies
5c5a248861 feat: add Talos 1.9 compatibility guarantees
bc4c21f41a test: add json logs test environment
71faa32942 docs: nvidia proprietary/oss hardware requirement
59a78da42c chore: add proto-codec/codec
7ff1cedfe3 chore: update siderolabs/crypto module and return proper ALPN
ccbd5aed39 feat: optionally decode hcloud userdata as base64
34f652ce82 feat: add well-known app.kubernetes.io labels to control-plane pods
fc89dc2164 fix: support extra-disks when using iso
f2bff814de chore: add arm64 target for integration-test
5853bb0ea4 fix: json logging panic
a859cff364 chore: use virtio driver for disks in arm64
db248de88d chore(ci): add config for lldpd extension
9f0de9f43d test: update provision upgrade tests for Talos 1.9
39fe285e69 fix: skip ram disks
a9bff3a1d0 test: skip no error test in Cilium
4d902021bb fix: do not use pflag csv comma reader for config-patch
5371788ce1 fix: typo in documentation
8a228ba6bc docs: add egress documentation
182325cb07 test: skip lvm test if not enough user disks available
519a48302e fix: wipe system partitions correctly via kernel args
0a2b4556c5 fix: volume encryption with failing keyslots
6affbd3182 fix: update grpc-go the latest patch release
77a4a4adc7 fix: scaleway metadata
7acadc0c8f fix: do not stop udevd before unmounting volumes
6a081055b0 feat: update Flannel to v0.25.7
2362f6d3ee fix: improve container detection
b67bc73fd3 fix: fix mdadm system extension
f08669c7a9 feat: bring in lpfc kernel module driver
6a014374be feat: enable QEDF driver
f711907e03 fix: make /var/run empty on reboots
7d02eb60f4 docs: fix typo in CloudStack docs
74861573a7 fix: multiple fixes for LVM activation
74c12c20e0 feat: replace eudev with systemd-udevd
0a4df4ef84 docs: fix nvidia CRI config example
afc1e1a46a docs: fix typo in extraMounts directory
a341bdb064 fix: prevent file descriptors leaks to child processes
dec653bfe1 chore: better lvm2 tests
908fd8789c feat: support cgroup deep analysis in talosctl
aa846cc186 feat: add support for CI Network config in nocloud
10f2539f23 chore: disable cloud-images cron workflow
b07a8b36b2 chore: ignore more plugins for system containerd
392c4798f0 feat: prepare for Talos 1.9
ea7bf9fb43 docs: update storage.md
4ab8dee69a fix: build talosctl without tcell_minimal
2fa019bd97 docs: enable 'edit on GitHub' link
d2ccbc2b15 docs: update hetzner documentation for CCM
d498f647cd docs: fix Kernel Self Protection Project (KSPP) references
0ec75463ee docs: make Talos 1.8 current release
9b77698cf2 fix: update blockdevice library to v2.0.2
e46227ab95 docs: fix kubespan name inconsistency
6b15ca19cd fix: audit and fix cgroup reservations
32b5d01ed3 chore: bump lvm2
6484581eb8 feat: allow /sbin/ldconfig in extensions
9fa08e8437 chore: refactor tests
d8ab4981b6 feat: support lvm auto activation
8166a58b36 fix: filter out non-printable characters in process line
806b6aaf52 docs: add SECURITY.md
7bd26df308 docs: document /dev/net/tun compatibility
18daedb511 fix: strategic merge patch delete for map keys
f3370529ac docs: correct typo
8d6884a8e2 test: add a test for inline machine config trusted roots
d4a6d017db fix: ignore invalid NTP responses
869f8379f2 feat: update default Kubernetes version to 1.31.1
780a1f198a fix: update CoreDNS health check
79cd031588 chore: account for resource sorting in dns upstream resource
e17fafaca2 chore: drop activateLogicalVolumes sequencer step
a294b366f2 fix: parse SideroLink API endpoint correctly
a9269ac7b1 fix: remove extra logging on ethtool ioctl failures
5c6277d171 feat: update etcd to 3.5.16
c1ed2984b8 docs: add what's new for Talos 1.8

Changes since v1.9.0-alpha.1

3 commits

a309f6aa5 chore: fix nil pointer dereference in AWS uploader
333737f17 test: fix unpriviliged process runner test
200116705 chore(ci): save support zip always after tests

Changes from siderolabs/crypto

1 commit

58b2f92 chore: use HTTP/2 ALPN by default

Changes from siderolabs/discovery-api

1 commit

005e92c chore: rekres and regen

Changes from siderolabs/discovery-client

1 commit

b74fb90 fix: allow custom TLS config for the client

Changes from siderolabs/extras

2 commits

eab6e58 feat: update dependencies
1459d78 feat: update pkgs for 1.9

Changes from siderolabs/gen

3 commits

e847d2a chore: add more utilities to xiter
f3c5a2b chore: add Empty and Empty2 iterators
c53b90b chore: add packages xiter/xstrings/xbytes

Changes from siderolabs/go-blockdevice

1 commit

134c41b fix: fast wipe also last 1MB of the device

Changes from siderolabs/go-circular

1 commit

9a0f7b0 fix: multiple data race issues

Changes from siderolabs/go-cmd

3 commits

d735250 fix: return an error on process nonzero exit code
5662c7f feat: add an equivalent of WaitWrapper for os.Process
71fced6 chore: rekres and move to GHA

Changes from siderolabs/go-kubernetes

3 commits

87d2e8e feat: add one more deprecation for 1.32.0-beta.0
e56a7f6 fix: update deprecations based on Kubernetes 1.32.0-alpha.3
381f251 feat: update for Kubernetes 1.32

Changes from siderolabs/grpc-proxy

2 commits

de1c628 fix: copy data from big frame msg
ef47ec7 chore: upgrade Codec implementations and usages to Codec2

Changes from siderolabs/pkgs

38 commits

4699763 feat: update gcc to 14.2
9a98f73 feat: update containerd to v2.0.0
20e1e08 feat: enable CONFIG_DM_CACHE
df45e16 feat: update Linux to 6.6.59
2e733cc feat: bump dependencies
c92e123 fix: enable nvme and 2.5gbit ethernet on nanopi-r5s
b160184 feat: update runc to v1.2.1
e9950d9 chore: drop syslinux
fc2e8dc feat: update containerd to v2.0.0-rc.6
38304a6 feat: update Linux to 6.6.58
84b8df8 chore: do not use /usr/etc/udev
c9282c8 feat: update runc to 1.2.0
38ad08e fix: default IOMMU mode to 'lazy'
be92da0 feat: update Linux to 6.6.57, update Linux firmware
0b67a13 feat: bump dependencies
dd5f928 feat: update Linux 6.6.56 and protect /proc/mem
b1bf972 feat: enable CONFIG_XFRM_STATISTICS
c63beae feat: update Linux to 6.6.54
f474a55 fix: libselinux: support running without /etc/selinux
ba0341e fix: systemd-udevd: search for config in /usr/etc
2b193f1 feat: add lpfc kernel module
1adb946 feat: enable QEDF driver
dbbe3d0 feat: update containerd to v2.0.0-rc.5
f19590e feat: update Go to 1.23.2
e2a561f fix: drop the LVM2 udev lvm rule
ae205aa fix: force LVM to use /run as state directory
232a153 feat: replace eudev with systemd-udevd
40fb82a feat: add libselinux, libsepol, pcre2 and libcap
6f40fbb feat: update xfsprogs 6.10.1
a1709c7 feat: enable module unloading and memory hotplug (for NVIDIA UVM)
2c5785b feat: enable transparent huge pages in madvise mode
ca2e8c8 fix: lvm2 modprobe path
6b334a6 feat: update Linux to 6.6.52
e90ae7e feat: update Linux firmware to 20240909
79a4f92 feat: enable INET_DIAG
c9f7eb9 feat: update Linux to 6.6.51
126b6a4 fix: add mpt3sas UBSAN patches
a09bf93 chore: drop UBSAN patch

Changes from siderolabs/proto-codec

3 commits

0d84c65 chore: add support for gogo protobuf generator
19f8d2e chore: add kres
e038bb4 Initial commit

Changes from siderolabs/siderolink

1 commit

1893385 fix: initialize tls listener properly

Changes from siderolabs/tools

8 commits

3750064 fix: update for musl with close_range
0a443c6 feat: update toolchain for gcc 14.2
63ecd80 feat: bump depedendencies
2058296 feat: bump dependencies
1151610 feat: update Go to 1.23.2
9f2189b fix: bump gettext-tiny to the latest dev version
95069d6 feat: update Go to 1.23.1
eec0656 feat: replace gettext with gettext-tiny

Dependency Changes

cloud.google.com/go/compute/metadata v0.5.0 -> v0.5.2
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 -> v1.16.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 -> v1.8.0
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.1.0 -> v1.2.0
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0 -> v1.2.0
github.com/aws/aws-sdk-go-v2/config v1.27.33 -> v1.28.1
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.13 -> v1.16.18
github.com/aws/aws-sdk-go-v2/service/kms v1.35.7 -> v1.37.3
github.com/aws/smithy-go v1.20.4 -> v1.22.0
github.com/containerd/containerd/api v1.8.0-rc.3 -> v1.8.0
github.com/containerd/containerd/v2 v2.0.0-rc.4 -> v2.0.0
github.com/containerd/errdefs v0.1.0 -> v1.0.0
github.com/containerd/platforms v0.2.1 -> v1.0.0-rc.0
github.com/containerd/typeurl/v2 v2.2.0 -> v2.2.2
github.com/containernetworking/plugins v1.5.1 -> v1.6.0
github.com/cosi-project/runtime v0.5.5 -> v0.7.1
github.com/docker/cli v27.3.1 new
github.com/docker/docker v27.2.0 -> v27.3.1
github.com/elastic/go-libaudit/v2 1df86e79cca7 new
github.com/fatih/color v1.17.0 -> v1.18.0
github.com/florianl/go-tc v0.4.4 new
github.com/foxboron/go-uefi e2076f0e58ca -> fab4fdf2f2f3
github.com/fsnotify/fsnotify v1.7.0 -> v1.8.0
github.com/google/cadvisor v0.50.0 -> v0.51.0
github.com/gopacket/gopacket v1.2.0 -> v1.3.0
github.com/hetznercloud/hcloud-go/v2 v2.13.1 -> v2.15.0
github.com/klauspost/compress v1.17.9 -> v1.17.11
github.com/linode/go-metadata v0.2.0 -> v0.2.1
github.com/mdlayher/ethtool v0.1.0 -> v0.2.0
github.com/opencontainers/runc v1.2.0-rc.3 -> v1.2.1
github.com/rivo/tview fd649dbf1223 -> c76f7879f592
github.com/siderolabs/crypto v0.4.4 -> v0.5.0
github.com/siderolabs/discovery-api v0.1.4 -> v0.1.5
github.com/siderolabs/discovery-client v0.1.9 -> v0.1.10
github.com/siderolabs/extras v1.8.0 -> v1.9.0-alpha.0-1-geab6e58
github.com/siderolabs/gen v0.5.0 -> v0.7.0
github.com/siderolabs/go-blockdevice v0.4.7 -> v0.4.8
github.com/siderolabs/go-blockdevice/v2 v2.0.2 -> v2.0.3
github.com/siderolabs/go-circular v0.2.0 -> v0.2.1
github.com/siderolabs/go-cmd v0.1.1 -> v0.1.3
github.com/siderolabs/go-kubernetes v0.2.12 -> v0.2.15
github.com/siderolabs/grpc-proxy v0.4.1 -> v0.5.1
github.com/siderolabs/pkgs v1.8.0-8-gdf1a1a5 -> v1.9.0-alpha.0-37-g4699763
github.com/siderolabs/proto-codec v0.1.1 new
github.com/siderolabs/siderolink v0.3.10 -> v0.3.11
github.com/siderolabs/talos/pkg/machinery v1.8.0 -> v1.9.0-alpha.1
github.com/siderolabs/tools v1.8.0-1-ga0c06c6 -> v1.9.0-alpha.0-7-g3750064
golang.org/x/net v0.29.0 -> v0.30.0
golang.org/x/sys v0.25.0 -> v0.26.0
golang.org/x/term v0.24.0 -> v0.25.0
golang.org/x/text v0.18.0 -> v0.19.0
golang.org/x/time v0.6.0 -> v0.7.0
google.golang.org/grpc v1.66.0 -> v1.67.1
google.golang.org/protobuf v1.34.2 -> v1.35.1
k8s.io/api v0.31.1 -> v0.32.0-beta.0
k8s.io/apimachinery v0.31.1 -> v0.32.0-beta.0
k8s.io/apiserver v0.31.1 -> v0.32.0-beta.0
k8s.io/client-go v0.31.1 -> v0.32.0-beta.0
k8s.io/component-base v0.31.1 -> v0.32.0-beta.0
k8s.io/cri-api v0.32.0-alpha.0 -> v0.32.0-beta.0
k8s.io/kube-scheduler v0.31.1 -> v0.32.0-beta.0
k8s.io/kubectl v0.31.1 -> v0.32.0-beta.0
k8s.io/kubelet v0.31.1 -> v0.32.0-beta.0
k8s.io/pod-security-admission v0.31.1 -> v0.32.0-beta.0
kernel.org/pub/linux/libs/security/libcap/cap v1.2.70 -> v1.2.71

Previous release can be found at v1.8.0

Talos 1.9.0-alpha.1 (2024-11-08)

Welcome to the v1.9.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

AppArmor

Talos Linux starting with v1.9 will ship with SELinux LSM enabled by default. If you need to use AppArmor LSM add the following to the machine configuration:

machine:
  install:
     extraKernelArgs:
      - -selinux
      - lsm=lockdown,capability,yama,apparmor,bpf
      - apparmor=1

Auditd

Talos Linux now starts a auditd service by default. Logs can be read with talosctl logs auditd.

`talosctl cgroups`

udevd

Talos previously used udevd to provide udevd, now it uses systemd-udevd instead.

Component Updates

Linux: 6.6.59 containerd: 2.0.0 Flannel: 0.26.0 Kubernetes: 1.32.0-beta.0 runc: 1.2.1

Talos is built with Go 1.23.2.

User Namespaces

Talos Linux now supports running Kubernetes pods with user namespaces enabled. Refer to the documentation for more information.

Contributors

Andrey Smirnov
Noel Georgi
Dmitriy Matrenichev
Dmitry Sharshakov
Joakim Nohlgård
Jean-Francois Roy
Utku Ozdemir
blablu
Adolfo Ochagavía
Dan Rue
David Backeus
Eddie Wang
Florian Ströger
Hexoplon
Jakob Maležič
KBAegis
Mike Beaumont
Nebula
Nico Berlee
Philip Schmid
Philipp Kleber
Remko Molier
Robby Ciliberto
Ryan Borstelmann
Serge Logvinov
Spencer Smith
Steven Cassamajor
Tim Jones
adilTepe
ekarlso
naed3r
nevermarine
solidDoWant

Changes

140 commits

fb72e4b7b7 fix(ci): skip test if UserNamespacesSupport feature gate is not set
11380f933d feat: display current CPU frequency on dashboard
fbce267aee feat: check bridged interfaces should not have addresses
942962bf00 docs: add docs on usernamespace support in k8s
0406a05a98 chore: update pkgs to ones built with gcc 14.2
2e127627dc docs: add apparmor enablement release notes
aa9311f3d8 fix: install disk matcher error
1800f81044 fix: selinux handling and apparmor tests
313bffadfb feat: update Kubernetes to v1.32.0-beta.0
bbfa144510 feat: update containerd to v2.0.0
8e02b9fcbf docs: update manual k8s upgrade docs
474949dc77 feat: add dm-cache dm-cache-smq kernel modules
5112547d6b chore: generate support zip for crashdump
a867f85e4c feat: label system socket and runtime files
398f714cff feat: update Linux 6.6.59, runc 1.2.1
05c620957c feat: allow extra mounts for docker-based talosctl cluster create
cedabeddf7 chore: cleanup code
61d363e1d0 chore: update go-auditlib
960a040491 feat: start enabling SELinux
7f3aaa21cd fix: update permissions for logging directories in /var
0e6c983b84 fix: mount /sys/kernel/security conditionally
74b0e8c371 fix: make route normalization keep family
0a3761c22f fix: talosctl windows arm64
4b10c5328b chore: add Windows ARM64 build for talosctl
9abf16108e feat: add auditd service
d464ca869f chore: drop runc memfd bind added in #9069
b54d26c2c3 fix: mount pseudo sub-mountpoints in init
7aeb15f730 chore: disable coredns cache for cluster domain
d8b652150c docs: add warning about NVMe bus path bug
3e16ab135e feat: update Kubernetes to v1.32.0-alpha.3
0b8b356777 feat: add BridgePort property to network machine configuration
b379506259 fix: use more correct condition to skip generating hosts files
62ec7ec336 refactor: replace the old v1 mount package with new one
0ece13c623 docs: update network-config.md (cont)
93827f0485 docs: update network-config.md
423b1e5fb2 fix: do not trim 0 from process SELinux label
2136358d65 feat: introduce metal agent mode
0e15955fcc chore: small refactoring
66012a7f26 feat: remove wrapperd and launch processes directly
3a0a17ae66 fix: prevent panic in nocloud platform code
dc0c6acbd7 refactor: remove unmaintained github.com/vishvananda/netlink
78353f7918 feat: add parsing of vlanNNNN:ethX style VLAN cmdline args
9db7a36bfc fix: generation of SecureBoot iso
c755b6d7e4 fix: update the CRI sandbox image reference
cec290b354 feat: allow extensions to log to console
b7801df827 fix: wait for udevd to be running before activating LVM
d4cb478a50 docs: improve field description for BridgeSTP, BridgeVLAN
7329824b24 docs: add Mynewsdesk to ADOPTERS.md
a13cf76a34 chore: simplify DNSUpstreamController and DNSUpstream resource
62d185473e fix: talosctl process null character
77d7368eae feat: update containerd to v2.0.0-rc.6
d39393879a fix: rework the 'metal-iso' config acquisition
1993afca9f chore: create /usr/etc in a different step
8680351c13 chore: move system extensions' udev rules
3067f64c84 feat: update Flannel to v0.26.0
8658d6865f docs: typo in deploying cilium
49bbadc4bf docs: add documentation on performance tuning
534b0ce183 feat: update runc to 1.2.0 final
2172535237 docs: fix image factory links
375e3da73f feat: update Kubernetes to 1.32.0-alpha.2
9e6f64df04 fix: improve error messages for invalid bridge/bond configuration
7c8c72c2b2 fix: correct error message for invalid ip=
ead46997c9 chore: rename tpm2.PCRExtent -> tpm2.PCRExtend
867c4b8125 docs: fix typo in prodnotes.md
1b22df48a4 chore: support debug shell for advanced development
c14b446229 feat: update Kubernetes to v1.32.0-alpha.1
29780d35a0 test: add an integration test for verifying process parameters
3d342af447 fix: update incorrect alias for PCIDevice resource
f7d35a5e0b release(v1.9.0-alpha.0): prepare release
e0434d77d7 feat: update dependencies
5c5a248861 feat: add Talos 1.9 compatibility guarantees
bc4c21f41a test: add json logs test environment
71faa32942 docs: nvidia proprietary/oss hardware requirement
59a78da42c chore: add proto-codec/codec
7ff1cedfe3 chore: update siderolabs/crypto module and return proper ALPN
ccbd5aed39 feat: optionally decode hcloud userdata as base64
34f652ce82 feat: add well-known app.kubernetes.io labels to control-plane pods
fc89dc2164 fix: support extra-disks when using iso
f2bff814de chore: add arm64 target for integration-test
5853bb0ea4 fix: json logging panic
a859cff364 chore: use virtio driver for disks in arm64
db248de88d chore(ci): add config for lldpd extension
9f0de9f43d test: update provision upgrade tests for Talos 1.9
39fe285e69 fix: skip ram disks
a9bff3a1d0 test: skip no error test in Cilium
4d902021bb fix: do not use pflag csv comma reader for config-patch
5371788ce1 fix: typo in documentation
8a228ba6bc docs: add egress documentation
182325cb07 test: skip lvm test if not enough user disks available
519a48302e fix: wipe system partitions correctly via kernel args
0a2b4556c5 fix: volume encryption with failing keyslots
6affbd3182 fix: update grpc-go the latest patch release
77a4a4adc7 fix: scaleway metadata
7acadc0c8f fix: do not stop udevd before unmounting volumes
6a081055b0 feat: update Flannel to v0.25.7
2362f6d3ee fix: improve container detection
b67bc73fd3 fix: fix mdadm system extension
f08669c7a9 feat: bring in lpfc kernel module driver
6a014374be feat: enable QEDF driver
f711907e03 fix: make /var/run empty on reboots
7d02eb60f4 docs: fix typo in CloudStack docs
74861573a7 fix: multiple fixes for LVM activation
74c12c20e0 feat: replace eudev with systemd-udevd
0a4df4ef84 docs: fix nvidia CRI config example
afc1e1a46a docs: fix typo in extraMounts directory
a341bdb064 fix: prevent file descriptors leaks to child processes
dec653bfe1 chore: better lvm2 tests
908fd8789c feat: support cgroup deep analysis in talosctl
aa846cc186 feat: add support for CI Network config in nocloud
10f2539f23 chore: disable cloud-images cron workflow
b07a8b36b2 chore: ignore more plugins for system containerd
392c4798f0 feat: prepare for Talos 1.9
ea7bf9fb43 docs: update storage.md
4ab8dee69a fix: build talosctl without tcell_minimal
2fa019bd97 docs: enable 'edit on GitHub' link
d2ccbc2b15 docs: update hetzner documentation for CCM
d498f647cd docs: fix Kernel Self Protection Project (KSPP) references
0ec75463ee docs: make Talos 1.8 current release
9b77698cf2 fix: update blockdevice library to v2.0.2
e46227ab95 docs: fix kubespan name inconsistency
6b15ca19cd fix: audit and fix cgroup reservations
32b5d01ed3 chore: bump lvm2
6484581eb8 feat: allow /sbin/ldconfig in extensions
9fa08e8437 chore: refactor tests
d8ab4981b6 feat: support lvm auto activation
8166a58b36 fix: filter out non-printable characters in process line
806b6aaf52 docs: add SECURITY.md
7bd26df308 docs: document /dev/net/tun compatibility
18daedb511 fix: strategic merge patch delete for map keys
f3370529ac docs: correct typo
8d6884a8e2 test: add a test for inline machine config trusted roots
d4a6d017db fix: ignore invalid NTP responses
869f8379f2 feat: update default Kubernetes version to 1.31.1
780a1f198a fix: update CoreDNS health check
79cd031588 chore: account for resource sorting in dns upstream resource
e17fafaca2 chore: drop activateLogicalVolumes sequencer step
a294b366f2 fix: parse SideroLink API endpoint correctly
a9269ac7b1 fix: remove extra logging on ethtool ioctl failures
5c6277d171 feat: update etcd to 3.5.16
c1ed2984b8 docs: add what's new for Talos 1.8

Changes since v1.9.0-alpha.0

68 commits

fb72e4b7b fix(ci): skip test if UserNamespacesSupport feature gate is not set
11380f933 feat: display current CPU frequency on dashboard
fbce267ae feat: check bridged interfaces should not have addresses
942962bf0 docs: add docs on usernamespace support in k8s
0406a05a9 chore: update pkgs to ones built with gcc 14.2
2e127627d docs: add apparmor enablement release notes
aa9311f3d fix: install disk matcher error
1800f8104 fix: selinux handling and apparmor tests
313bffadf feat: update Kubernetes to v1.32.0-beta.0
bbfa14451 feat: update containerd to v2.0.0
8e02b9fcb docs: update manual k8s upgrade docs
474949dc7 feat: add dm-cache dm-cache-smq kernel modules
5112547d6 chore: generate support zip for crashdump
a867f85e4 feat: label system socket and runtime files
398f714cf feat: update Linux 6.6.59, runc 1.2.1
05c620957 feat: allow extra mounts for docker-based talosctl cluster create
cedabeddf chore: cleanup code
61d363e1d chore: update go-auditlib
960a04049 feat: start enabling SELinux
7f3aaa21c fix: update permissions for logging directories in /var
0e6c983b8 fix: mount /sys/kernel/security conditionally
74b0e8c37 fix: make route normalization keep family
0a3761c22 fix: talosctl windows arm64
4b10c5328 chore: add Windows ARM64 build for talosctl
9abf16108 feat: add auditd service
d464ca869 chore: drop runc memfd bind added in #9069
b54d26c2c fix: mount pseudo sub-mountpoints in init
7aeb15f73 chore: disable coredns cache for cluster domain
d8b652150 docs: add warning about NVMe bus path bug
3e16ab135 feat: update Kubernetes to v1.32.0-alpha.3
0b8b35677 feat: add BridgePort property to network machine configuration
b37950625 fix: use more correct condition to skip generating hosts files
62ec7ec33 refactor: replace the old v1 mount package with new one
0ece13c62 docs: update network-config.md (cont)
93827f048 docs: update network-config.md
423b1e5fb fix: do not trim 0 from process SELinux label
2136358d6 feat: introduce metal agent mode
0e15955fc chore: small refactoring
66012a7f2 feat: remove wrapperd and launch processes directly
3a0a17ae6 fix: prevent panic in nocloud platform code
dc0c6acbd refactor: remove unmaintained github.com/vishvananda/netlink
78353f791 feat: add parsing of vlanNNNN:ethX style VLAN cmdline args
9db7a36bf fix: generation of SecureBoot iso
c755b6d7e fix: update the CRI sandbox image reference
cec290b35 feat: allow extensions to log to console
b7801df82 fix: wait for udevd to be running before activating LVM
d4cb478a5 docs: improve field description for BridgeSTP, BridgeVLAN
7329824b2 docs: add Mynewsdesk to ADOPTERS.md
a13cf76a3 chore: simplify DNSUpstreamController and DNSUpstream resource
62d185473 fix: talosctl process null character
77d7368ea feat: update containerd to v2.0.0-rc.6
d39393879 fix: rework the 'metal-iso' config acquisition
1993afca9 chore: create /usr/etc in a different step
8680351c1 chore: move system extensions' udev rules
3067f64c8 feat: update Flannel to v0.26.0
8658d6865 docs: typo in deploying cilium
49bbadc4b docs: add documentation on performance tuning
534b0ce18 feat: update runc to 1.2.0 final
217253523 docs: fix image factory links
375e3da73 feat: update Kubernetes to 1.32.0-alpha.2
9e6f64df0 fix: improve error messages for invalid bridge/bond configuration
7c8c72c2b fix: correct error message for invalid ip=
ead46997c chore: rename tpm2.PCRExtent -> tpm2.PCRExtend
867c4b812 docs: fix typo in prodnotes.md
1b22df48a chore: support debug shell for advanced development
c14b44622 feat: update Kubernetes to v1.32.0-alpha.1
29780d35a test: add an integration test for verifying process parameters
3d342af44 fix: update incorrect alias for PCIDevice resource

Changes from siderolabs/crypto

1 commit

58b2f92 chore: use HTTP/2 ALPN by default

Changes from siderolabs/discovery-api

1 commit

005e92c chore: rekres and regen

Changes from siderolabs/discovery-client

1 commit

b74fb90 fix: allow custom TLS config for the client

Changes from siderolabs/extras

2 commits

eab6e58 feat: update dependencies
1459d78 feat: update pkgs for 1.9

Changes from siderolabs/gen

3 commits

e847d2a chore: add more utilities to xiter
f3c5a2b chore: add Empty and Empty2 iterators
c53b90b chore: add packages xiter/xstrings/xbytes

Changes from siderolabs/go-blockdevice

1 commit

134c41b fix: fast wipe also last 1MB of the device

Changes from siderolabs/go-circular

1 commit

9a0f7b0 fix: multiple data race issues

Changes from siderolabs/go-cmd

3 commits

d735250 fix: return an error on process nonzero exit code
5662c7f feat: add an equivalent of WaitWrapper for os.Process
71fced6 chore: rekres and move to GHA

Changes from siderolabs/go-kubernetes

3 commits

87d2e8e feat: add one more deprecation for 1.32.0-beta.0
e56a7f6 fix: update deprecations based on Kubernetes 1.32.0-alpha.3
381f251 feat: update for Kubernetes 1.32

Changes from siderolabs/grpc-proxy

2 commits

de1c628 fix: copy data from big frame msg
ef47ec7 chore: upgrade Codec implementations and usages to Codec2

Changes from siderolabs/pkgs

38 commits

4699763 feat: update gcc to 14.2
9a98f73 feat: update containerd to v2.0.0
20e1e08 feat: enable CONFIG_DM_CACHE
df45e16 feat: update Linux to 6.6.59
2e733cc feat: bump dependencies
c92e123 fix: enable nvme and 2.5gbit ethernet on nanopi-r5s
b160184 feat: update runc to v1.2.1
e9950d9 chore: drop syslinux
fc2e8dc feat: update containerd to v2.0.0-rc.6
38304a6 feat: update Linux to 6.6.58
84b8df8 chore: do not use /usr/etc/udev
c9282c8 feat: update runc to 1.2.0
38ad08e fix: default IOMMU mode to 'lazy'
be92da0 feat: update Linux to 6.6.57, update Linux firmware
0b67a13 feat: bump dependencies
dd5f928 feat: update Linux 6.6.56 and protect /proc/mem
b1bf972 feat: enable CONFIG_XFRM_STATISTICS
c63beae feat: update Linux to 6.6.54
f474a55 fix: libselinux: support running without /etc/selinux
ba0341e fix: systemd-udevd: search for config in /usr/etc
2b193f1 feat: add lpfc kernel module
1adb946 feat: enable QEDF driver
dbbe3d0 feat: update containerd to v2.0.0-rc.5
f19590e feat: update Go to 1.23.2
e2a561f fix: drop the LVM2 udev lvm rule
ae205aa fix: force LVM to use /run as state directory
232a153 feat: replace eudev with systemd-udevd
40fb82a feat: add libselinux, libsepol, pcre2 and libcap
6f40fbb feat: update xfsprogs 6.10.1
a1709c7 feat: enable module unloading and memory hotplug (for NVIDIA UVM)
2c5785b feat: enable transparent huge pages in madvise mode
ca2e8c8 fix: lvm2 modprobe path
6b334a6 feat: update Linux to 6.6.52
e90ae7e feat: update Linux firmware to 20240909
79a4f92 feat: enable INET_DIAG
c9f7eb9 feat: update Linux to 6.6.51
126b6a4 fix: add mpt3sas UBSAN patches
a09bf93 chore: drop UBSAN patch

Changes from siderolabs/proto-codec

3 commits

0d84c65 chore: add support for gogo protobuf generator
19f8d2e chore: add kres
e038bb4 Initial commit

Changes from siderolabs/siderolink

1 commit

1893385 fix: initialize tls listener properly

Changes from siderolabs/tools

8 commits

3750064 fix: update for musl with close_range
0a443c6 feat: update toolchain for gcc 14.2
63ecd80 feat: bump depedendencies
2058296 feat: bump dependencies
1151610 feat: update Go to 1.23.2
9f2189b fix: bump gettext-tiny to the latest dev version
95069d6 feat: update Go to 1.23.1
eec0656 feat: replace gettext with gettext-tiny

Dependency Changes

cloud.google.com/go/compute/metadata v0.5.0 -> v0.5.2
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 -> v1.16.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 -> v1.8.0
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.1.0 -> v1.2.0
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0 -> v1.2.0
github.com/aws/aws-sdk-go-v2/config v1.27.33 -> v1.28.1
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.13 -> v1.16.18
github.com/aws/aws-sdk-go-v2/service/kms v1.35.7 -> v1.37.3
github.com/aws/smithy-go v1.20.4 -> v1.22.0
github.com/containerd/containerd/api v1.8.0-rc.3 -> v1.8.0
github.com/containerd/containerd/v2 v2.0.0-rc.4 -> v2.0.0
github.com/containerd/errdefs v0.1.0 -> v1.0.0
github.com/containerd/platforms v0.2.1 -> v1.0.0-rc.0
github.com/containerd/typeurl/v2 v2.2.0 -> v2.2.2
github.com/containernetworking/plugins v1.5.1 -> v1.6.0
github.com/cosi-project/runtime v0.5.5 -> v0.7.1
github.com/docker/cli v27.3.1 new
github.com/docker/docker v27.2.0 -> v27.3.1
github.com/elastic/go-libaudit/v2 1df86e79cca7 new
github.com/fatih/color v1.17.0 -> v1.18.0
github.com/florianl/go-tc v0.4.4 new
github.com/foxboron/go-uefi e2076f0e58ca -> fab4fdf2f2f3
github.com/fsnotify/fsnotify v1.7.0 -> v1.8.0
github.com/google/cadvisor v0.50.0 -> v0.51.0
github.com/gopacket/gopacket v1.2.0 -> v1.3.0
github.com/hetznercloud/hcloud-go/v2 v2.13.1 -> v2.15.0
github.com/klauspost/compress v1.17.9 -> v1.17.11
github.com/linode/go-metadata v0.2.0 -> v0.2.1
github.com/mdlayher/ethtool v0.1.0 -> v0.2.0
github.com/opencontainers/runc v1.2.0-rc.3 -> v1.2.1
github.com/rivo/tview fd649dbf1223 -> c76f7879f592
github.com/siderolabs/crypto v0.4.4 -> v0.5.0
github.com/siderolabs/discovery-api v0.1.4 -> v0.1.5
github.com/siderolabs/discovery-client v0.1.9 -> v0.1.10
github.com/siderolabs/extras v1.8.0 -> v1.9.0-alpha.0-1-geab6e58
github.com/siderolabs/gen v0.5.0 -> v0.7.0
github.com/siderolabs/go-blockdevice v0.4.7 -> v0.4.8
github.com/siderolabs/go-blockdevice/v2 v2.0.2 -> v2.0.3
github.com/siderolabs/go-circular v0.2.0 -> v0.2.1
github.com/siderolabs/go-cmd v0.1.1 -> v0.1.3
github.com/siderolabs/go-kubernetes v0.2.12 -> v0.2.15
github.com/siderolabs/grpc-proxy v0.4.1 -> v0.5.1
github.com/siderolabs/pkgs v1.8.0-8-gdf1a1a5 -> v1.9.0-alpha.0-37-g4699763
github.com/siderolabs/proto-codec v0.1.1 new
github.com/siderolabs/siderolink v0.3.10 -> v0.3.11
github.com/siderolabs/talos/pkg/machinery v1.8.0 -> v1.9.0-alpha.0
github.com/siderolabs/tools v1.8.0-1-ga0c06c6 -> v1.9.0-alpha.0-7-g3750064
golang.org/x/net v0.29.0 -> v0.30.0
golang.org/x/sys v0.25.0 -> v0.26.0
golang.org/x/term v0.24.0 -> v0.25.0
golang.org/x/text v0.18.0 -> v0.19.0
golang.org/x/time v0.6.0 -> v0.7.0
google.golang.org/grpc v1.66.0 -> v1.67.1
google.golang.org/protobuf v1.34.2 -> v1.35.1
k8s.io/api v0.31.1 -> v0.32.0-beta.0
k8s.io/apimachinery v0.31.1 -> v0.32.0-beta.0
k8s.io/apiserver v0.31.1 -> v0.32.0-beta.0
k8s.io/client-go v0.31.1 -> v0.32.0-beta.0
k8s.io/component-base v0.31.1 -> v0.32.0-beta.0
k8s.io/cri-api v0.32.0-alpha.0 -> v0.32.0-beta.0
k8s.io/kube-scheduler v0.31.1 -> v0.32.0-beta.0
k8s.io/kubectl v0.31.1 -> v0.32.0-beta.0
k8s.io/kubelet v0.31.1 -> v0.32.0-beta.0
k8s.io/pod-security-admission v0.31.1 -> v0.32.0-beta.0
kernel.org/pub/linux/libs/security/libcap/cap v1.2.70 -> v1.2.71

Previous release can be found at v1.8.0

Talos 1.9.0-alpha.0 (2024-10-18)

Welcome to the v1.9.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

`talosctl cgroups`

udevd

Talos previously used udevd to provide udevd, now it uses systemd-udevd instead.

Component Updates

Linux: 6.6.57 containerd: 2.0.0-rc.5 Flannel: 0.25.7

Talos is built with Go 1.23.2.

Contributors

Andrey Smirnov
Dmitriy Matrenichev
Noel Georgi
Dmitry Sharshakov
Jean-Francois Roy
Adolfo Ochagavía
Dan Rue
Eddie Wang
Florian Ströger
Hexoplon
Mike Beaumont
Philip Schmid
Philipp Kleber
Robby Ciliberto
Ryan Borstelmann
Serge Logvinov
Spencer Smith
Steven Cassamajor
Tim Jones
adilTepe
ekarlso
naed3r

Changes

72 commits

4529cf52d release(v1.9.0-alpha.0): prepare release
e0434d77d feat: update dependencies
5c5a24886 feat: add Talos 1.9 compatibility guarantees
bc4c21f41 test: add json logs test environment
71faa3294 docs: nvidia proprietary/oss hardware requirement
59a78da42 chore: add proto-codec/codec
7ff1cedfe chore: update siderolabs/crypto module and return proper ALPN
ccbd5aed3 feat: optionally decode hcloud userdata as base64
34f652ce8 feat: add well-known app.kubernetes.io labels to control-plane pods
fc89dc216 fix: support extra-disks when using iso
f2bff814d chore: add arm64 target for integration-test
5853bb0ea fix: json logging panic
a859cff36 chore: use virtio driver for disks in arm64
db248de88 chore(ci): add config for lldpd extension
9f0de9f43 test: update provision upgrade tests for Talos 1.9
39fe285e6 fix: skip ram disks
a9bff3a1d test: skip no error test in Cilium
4d902021b fix: do not use pflag csv comma reader for config-patch
5371788ce fix: typo in documentation
8a228ba6b docs: add egress documentation
182325cb0 test: skip lvm test if not enough user disks available
519a48302 fix: wipe system partitions correctly via kernel args
0a2b4556c fix: volume encryption with failing keyslots
6affbd318 fix: update grpc-go the latest patch release
77a4a4adc fix: scaleway metadata
7acadc0c8 fix: do not stop udevd before unmounting volumes
6a081055b feat: update Flannel to v0.25.7
2362f6d3e fix: improve container detection
b67bc73fd fix: fix mdadm system extension
f08669c7a feat: bring in lpfc kernel module driver
6a014374b feat: enable QEDF driver
f711907e0 fix: make /var/run empty on reboots
7d02eb60f docs: fix typo in CloudStack docs
74861573a fix: multiple fixes for LVM activation
74c12c20e feat: replace eudev with systemd-udevd
0a4df4ef8 docs: fix nvidia CRI config example
afc1e1a46 docs: fix typo in extraMounts directory
a341bdb06 fix: prevent file descriptors leaks to child processes
dec653bfe chore: better lvm2 tests
908fd8789 feat: support cgroup deep analysis in talosctl
aa846cc18 feat: add support for CI Network config in nocloud
10f2539f2 chore: disable cloud-images cron workflow
b07a8b36b chore: ignore more plugins for system containerd
392c4798f feat: prepare for Talos 1.9
ea7bf9fb4 docs: update storage.md
4ab8dee69 fix: build talosctl without tcell_minimal
2fa019bd9 docs: enable 'edit on GitHub' link
d2ccbc2b1 docs: update hetzner documentation for CCM
d498f647c docs: fix Kernel Self Protection Project (KSPP) references
0ec75463e docs: make Talos 1.8 current release
9b77698cf fix: update blockdevice library to v2.0.2
e46227ab9 docs: fix kubespan name inconsistency
6b15ca19c fix: audit and fix cgroup reservations
32b5d01ed chore: bump lvm2
6484581eb feat: allow /sbin/ldconfig in extensions
9fa08e843 chore: refactor tests
d8ab4981b feat: support lvm auto activation
8166a58b3 fix: filter out non-printable characters in process line
806b6aaf5 docs: add SECURITY.md
7bd26df30 docs: document /dev/net/tun compatibility
18daedb51 fix: strategic merge patch delete for map keys
f3370529a docs: correct typo
8d6884a8e test: add a test for inline machine config trusted roots
d4a6d017d fix: ignore invalid NTP responses
869f8379f feat: update default Kubernetes version to 1.31.1
780a1f198 fix: update CoreDNS health check
79cd03158 chore: account for resource sorting in dns upstream resource
e17fafaca chore: drop activateLogicalVolumes sequencer step
a294b366f fix: parse SideroLink API endpoint correctly
a9269ac7b fix: remove extra logging on ethtool ioctl failures
5c6277d17 feat: update etcd to 3.5.16
c1ed2984b docs: add what's new for Talos 1.8

Changes from siderolabs/crypto

1 commit

58b2f92 chore: use HTTP/2 ALPN by default

Changes from siderolabs/discovery-client

1 commit

b74fb90 fix: allow custom TLS config for the client

Changes from siderolabs/extras

2 commits

eab6e58 feat: update dependencies
1459d78 feat: update pkgs for 1.9

Changes from siderolabs/go-blockdevice

1 commit

134c41b fix: fast wipe also last 1MB of the device

Changes from siderolabs/go-circular

1 commit

9a0f7b0 fix: multiple data race issues

Changes from siderolabs/go-kubernetes

1 commit

381f251 feat: update for Kubernetes 1.32

Changes from siderolabs/grpc-proxy

2 commits

de1c628 fix: copy data from big frame msg
ef47ec7 chore: upgrade Codec implementations and usages to Codec2

Changes from siderolabs/pkgs

25 commits

be92da0 feat: update Linux to 6.6.57, update Linux firmware
0b67a13 feat: bump dependencies
dd5f928 feat: update Linux 6.6.56 and protect /proc/mem
b1bf972 feat: enable CONFIG_XFRM_STATISTICS
c63beae feat: update Linux to 6.6.54
f474a55 fix: libselinux: support running without /etc/selinux
ba0341e fix: systemd-udevd: search for config in /usr/etc
2b193f1 feat: add lpfc kernel module
1adb946 feat: enable QEDF driver
dbbe3d0 feat: update containerd to v2.0.0-rc.5
f19590e feat: update Go to 1.23.2
e2a561f fix: drop the LVM2 udev lvm rule
ae205aa fix: force LVM to use /run as state directory
232a153 feat: replace eudev with systemd-udevd
40fb82a feat: add libselinux, libsepol, pcre2 and libcap
6f40fbb feat: update xfsprogs 6.10.1
a1709c7 feat: enable module unloading and memory hotplug (for NVIDIA UVM)
2c5785b feat: enable transparent huge pages in madvise mode
ca2e8c8 fix: lvm2 modprobe path
6b334a6 feat: update Linux to 6.6.52
e90ae7e feat: update Linux firmware to 20240909
79a4f92 feat: enable INET_DIAG
c9f7eb9 feat: update Linux to 6.6.51
126b6a4 fix: add mpt3sas UBSAN patches
a09bf93 chore: drop UBSAN patch

Changes from siderolabs/proto-codec

3 commits

0d84c65 chore: add support for gogo protobuf generator
19f8d2e chore: add kres
e038bb4 Initial commit

Changes from siderolabs/siderolink

1 commit

1893385 fix: initialize tls listener properly

Changes from siderolabs/tools

5 commits

2058296 feat: bump dependencies
1151610 feat: update Go to 1.23.2
9f2189b fix: bump gettext-tiny to the latest dev version
95069d6 feat: update Go to 1.23.1
eec0656 feat: replace gettext with gettext-tiny

Dependency Changes

cloud.google.com/go/compute/metadata v0.5.0 -> v0.5.2
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 -> v1.15.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 -> v1.8.0
github.com/aws/aws-sdk-go-v2/config v1.27.33 -> v1.28.0
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.13 -> v1.16.17
github.com/aws/aws-sdk-go-v2/service/kms v1.35.7 -> v1.37.2
github.com/aws/smithy-go v1.20.4 -> v1.22.0
github.com/containerd/containerd/v2 v2.0.0-rc.4 -> v2.0.0-rc.5
github.com/containernetworking/plugins v1.5.1 -> v1.6.0
github.com/cosi-project/runtime v0.5.5 -> v0.6.4
github.com/docker/docker v27.2.0 -> v27.3.1
github.com/gopacket/gopacket v1.2.0 -> v1.3.0
github.com/klauspost/compress v1.17.9 -> v1.17.11
github.com/mdlayher/ethtool v0.1.0 -> v0.2.0
github.com/rivo/tview fd649dbf1223 -> c5e4fb24af13
github.com/siderolabs/crypto v0.4.4 -> v0.5.0
github.com/siderolabs/discovery-client v0.1.9 -> v0.1.10
github.com/siderolabs/extras v1.8.0 -> v1.9.0-alpha.0-1-geab6e58
github.com/siderolabs/go-blockdevice v0.4.7 -> v0.4.8
github.com/siderolabs/go-blockdevice/v2 v2.0.2 -> v2.0.3
github.com/siderolabs/go-circular v0.2.0 -> v0.2.1
github.com/siderolabs/go-kubernetes v0.2.12 -> v0.2.13
github.com/siderolabs/grpc-proxy v0.4.1 -> v0.5.1
github.com/siderolabs/pkgs v1.8.0-8-gdf1a1a5 -> v1.9.0-alpha.0-24-gbe92da0
github.com/siderolabs/proto-codec v0.1.1 new
github.com/siderolabs/siderolink v0.3.10 -> v0.3.11
github.com/siderolabs/talos/pkg/machinery v1.8.0 -> v1.8.1
github.com/siderolabs/tools v1.8.0-1-ga0c06c6 -> v1.9.0-alpha.0-4-g2058296
golang.org/x/net v0.29.0 -> v0.30.0
golang.org/x/sys v0.25.0 -> v0.26.0
golang.org/x/term v0.24.0 -> v0.25.0
golang.org/x/text v0.18.0 -> v0.19.0
golang.org/x/time v0.6.0 -> v0.7.0
google.golang.org/grpc v1.66.0 -> v1.67.1
google.golang.org/protobuf v1.34.2 -> v1.35.1

Previous release can be found at v1.8.0

Talos 1.8.0-alpha.2 (2024-09-02)

Welcome to the v1.8.0-alpha.2 release of Talos!
This is a pre-release of Talos

Starting with Talos v1.8.0, only standard assets would be published as github release assets. These include:

cloud-images.json
talosctl binaries
kernel
initramfs
metal iso and disk images
talosctl-cni-bundle

All other release assets can be downloaded from Image Factory.

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

Node Annotations

Talos Linux now supports configuring Kubernetes node annotations via machine configuration (.machine.nodeAnnotations) in a way similar to node labels.

Workload Apparmor Profile

Talos Linux can now apply the default AppArmor profiles to all workloads started via containerd, if the machine is installed with the AppArmor LSM enforced via the extraKernelArgs.

Eg:

machine:
    install:
        extraKernelArgs:
            - security=apparmor

Bridge Interface

Talos Linux now support configuring 'vlan_filtering' for bridge interfaces.

CNI Plugins

Talos Linux now bundles by default the following standard CNI plugins:

bridge
firewall
flannel
host-local
loopback
portmap

The Talos bundled Flannel manifest was simplified to remove the install-cni step.

Diagnostics

Talos Linux now shows diagnostics information for common problems related to misconfiguration via talosctl health and Talos dashboard.

Extensions in Kubernetes Nodes

Talos Linux now publishes list of installed extensions as Kubernetes node labels/annotations.

The key format is extensions.talos.dev/<name> and the value is the extension version. If the extension name is not valid as a label key, it will be skipped. If the extension version is a valid label value, it will be put to the label; otherwise it will be put to the annotation.

For Talos machines booted of the Image Factory artifacts, this means that the schematic ID will be published as the annotation extensions.talos.dev/schematic (as it is longer than 63 characters).

DNS Forwarding for CoreDNS pods

Usage of the host DNS resolver as upstream for Kubernetes CoreDNS pods is now enabled by default. You can disable it with:

machine:
  features:
    hostDNS:
      enabled: true
      forwardKubeDNSToHost: false

Please note that on running cluster you will have to kill CoreDNS pods for this change to apply.

The IP address used to forward DNS queries has changed to the fixed 169.254.116.108 address. For those upgrading from Talos 1.7 with forwardKubeDNSToHost enabled, the old Kubernetes service can be cleaned up with kubectl delete -n kube-system service host-dns.

Installer

Talos Linux installer now never wipes the system disk on upgrades, which means that the flag --preserve is always set for talosctl upgrade.

`talos.halt_if_installed` kernel argument

Starting with Talos 1.8, ISO's generated from Boot Assets would have a new kernel argument talos.halt_if_installed which would pause the boot sequence until boot timeout if Talos is already installed on the disk. ISO generated for pre 1.8 versions would not have this kernel argument.

This can be also explicitly enabled by setting talos.halt_if_installed=1 in kernel argument.

Slim Kubelet Image

Kubelet container image includes various utilities that kubelet might use to perform various tasks.

Starting with Kubernetes 1.31.0, kubelet image now includes less utilities, as the in-tree CSI plugins were removed in Kubernetes 1.31.0. This reduces kubelet image size and potential attack surface.

For Kubernetes < 1.31.0, there will be two images built:

v1.x.y (default, fat)
v1.x.y-slim (slim)

For Kubernetes >= 1.31.0, there will be same two images built, but the default tag would point to slim image:

v1.x.y (default, slim)
v1.x.y-fat (fat)

Default Node Labels

Talos Linux on config generation now adds a label node.kubernetes.io/exclude-from-external-load-balancers by default for the control plane nodes.

PCI Devices

A list of PCI devices can now be obtained via PCIDevices resource, e.g. talosctl get pcidevices.

Metal images

Starting with Talos 1.8, console=ttyS0 kernel argument is removed from the metal images and installer. If running virtualized in QEMU (For eg: Proxmox), this can be added as an extra kernel argument if needed via Image Factory or using Imager.

This should fix slow boot or no console output issues on most bare metal hardware.

NVIDIA GPU Support

Starting with Talos 1.8.0, SideroLabs would ships extensions for both LTS and Production versions of NVIDIA extensions. For more details see the CHANGELOG of extensions.

Upgrades with an exisiting schematic id from Image Factory would keep the existing LTS version of the NVIDIA extension.

Platform Support

Talos Linux now supports Apache CloudStack platform.

kube-proxy

Talos Linux configures kube-proxy >= v1.31.0 to use 'nftables' backend by default.

Secure Boot

Talos Linux now can optionally include well-known UEFI (Microsoft) SecureBoot keys into the auto-enrollment UEFI database.

Custom Trusted Roots

Talos Linux now supports adding custom trusted roots (CA certificates) via TrustedRootsConfig configuration documents.

Device Extra Settle Timeout

Talos Linux now supports a kernel command line argument talos.device.settle_time=3m to set the device extra settle timeout to workaround issues with broken drivers.

Component Updates

Kubernetes: 1.31.0 Linux: 6.6.47 containerd: 2.0.0-rc.4 runc: 1.2.0-rc.2 etcd: 3.5.15 Flannel: 0.25.6 Flannel CNI plugin: 1.5.1 CoreDNS: 1.1.13

Talos is built with Go 1.22.6.

ZSTD Compression

Talos Linux now compresses kernel and initramfs using ZSTD. Linux arm64 kernel is now compressed (previously it was uncompressed).

Contributors

Andrey Smirnov
Dmitriy Matrenichev
Noel Georgi
Utku Ozdemir
Artem Chernyshev
Dmitry Sharshakov
Justin Garrison
Spencer Smith
Steve Francis
Bernard Gütermann
Jean-Francois Roy
Konrad Eriksson
Serge Logvinov
doctor_ew
Amadeus Mader
Andrew Rynhard
Anthony ARNAUD
Attila Oláh
Birger J. Nordølum
Caleb Woodbine
Claus Albøge
Daniel Höxtermann
David Birks
Dean
Dennis Marttinen
Eddie Zaneski
Enrique Hernández Bello
EricMa
Evan Johnson
Fabian Topfstedt
Fredrik Lundhag
George Gaál
Grzegorz Rozniecki
Grzegorz Rożniecki
Igor Rzegocki
Josia Scheytt
Judah Rand
Marcel Richter
Marco Franssen
Marcus Förster
Matthias Riegler
Matthieu Mottet
Maxime Brunet
Michael Trip
Mike Beaumont
Nick Meyer
Nicklas Frahm
Ole-Magnus Sæther
Roman Ivanov
Ron Olson
Saravanan G
Simon-Boyer
Skyler Mäntysaari
Steve Fan
Steve Martinelli
Steven Fackler
Syoc
Tim Jones
USBAkimbo
Will Bush
cryptk
darox
dhaines-quera
leppeK
looklose

Changes

279 commits

6f7c3a8e5 fix: build of talosctl on non-Linux arches
f0a59cec7 release(v1.8.0-alpha.2): prepare release
c8aed3be4 fix: correctly add console args for ttyS0
b453385bd feat: support volume configuration, provisioning, etc
b6b16b35f chore: pause sequencer when talos installed and iso booted
eade0a9f2 chore: bring in uio modules
81f9fcd9c fix: report errors correctly when pulling, fix EEXIST
b309e87b4 docs: fix invalid input in field user_data
c7474877a docs: kubeProxyReplacement from "disabled" to "false"
be2ebf6b4 chore: bump dependencies
88601bff4 chore: drop calico from interactive installer
106c17d0b chore: aarch64 qemu local secureboot support
da6263506 feat: update Flannel to v0.25.6
19a44c2b0 chore: drop console ttyS0 argument
75cecb421 feat: add Apache Cloudstack support
951cf66fd feat: add Cisco fnic driver
2d3bc94bf fix(ci): fix broken tests
a9551b7ca fix: host DNS access with firewall enabled
4834a61a8 feat: report SELinux labels
8fe39eacb chore: move csi tests as go test
e4f8cb854 fix: merge extension service config files by mountPath
5ba1df469 chore: add java package to protos
823480800 fix: add missing host/nvme-rdma
5b4b64979 fix: bump go-smbios for broken SMIOS tables
f57d1f07e fix: add NVMe target kernel modules
5ff6cf82c fix: drop /opt mount for containers/tink
3c0db34d8 docs: update kubespan docs
3041d9075 fix: always handle PermissionDenied in dashboard resource watches
36f83eea9 chore: make qemu check flag consistent with code
fe52cb074 chore: update protoc-gen-doc
ee4290f68 fix: bind HostDNS to 169.254.x link-local address
c312a46f6 chore: restructure k8s component health checks
e193e7db9 docs: fix incorrect path for openebs in documentation
beadbac21 docs: update Oracle Cloud Talos custom image docs
6f969e364 chore: improve cluster create UX on aarch64
45cc8688a chore: replace if blocks with min/max functions
a5bd770bf fix: retry with another upstream if the previous failed
82e19f38a docs: add high-level overlay development guide
872599c9a chore: drop image assets from release
3c36c41a9 feat: provide device extra settle timeout
9e348ef35 feat: update Kubernetes to 1.31.0
61a1c946b feat: bundle (some) CNI plugins with Talos core
091da163b chore: support arm64 kexec from zboot kernel images
73511c1ef chore: fix release notes
2bf924c7b feat: update ISO VolumeID with Talos version
9a33dce10 docs: fix the VMWare docs
12562c2d5 docs: fix talos version in vmware.sh
ee67da14c feat: scaleway routed ip
eba5dafb9 fix: add dns-resolve-cache to the support bundle
d4f8100bd docs: fix default openebs folder
60e163d54 docs: fix typo in doc
98d9abdd0 chore(ci): fix cilium ci tests
beb9602e3 chore: bump github.com/docker/docker to v27.1.1+incompatible
0698a4921 docs: aws getting started re-write
4d7d7a589 chore(ci): update nvidia integration tests
60e901c1d chore: document slim kubelet image
622d66a98 chore: bump deps
f9f5e0ef5 chore: fix k8s tests
2ac8d2274 chore: support unsupported flag for mkfs
9b9159d1e docs: update support matrix for nvidia drivers
9d3415850 fix: fix graph diffs in dashboard when node aliases are used
9a126d70e chore: generate deepcopy for SecureBootAssets type
dff56d824 chore: remove arch-specific etcd image tag
c9f1dece5 feat: update Kubernetes to 1.31.0-rc.1
49831c56f docs: replace removed Cilium/kubeProxyReplacement value
33a316369 docs: update aws.md for loop
e02bd2093 feat: update Kubernetes to 1.31.0-rc.0
64914b086 chore: add test for crun extension
7a1c62b8b feat: publish installed extensions as node labels/annotations
3f2058aba fix: update containerd configuration and settings
81bd20f5a docs: remove deprecated jiva from openebs instructions
480ffb88a docs: fix the amd64 PXE boot script URL
20fe34dbd docs: fix docker getting started typo
0fd7dfd2a docs: update Equinix Guide
3d1474ac0 feat: update CoreDNS to 1.1.3
50e5f37ef chore: add test for apparmor
96492c097 docs: extend multus configuration for Cilium
19aa44c54 fix: generate kubeconfig using proper types
240104e45 feat: update Linux to 6.6.43
32db8db60 chore: lock microsoft secureboot certs
3ce5492f8 feat: runc memfd-bind service
341b55cd3 docs: update vmware.sh
117628aa6 chore: add test for gvisor extension with platform kvm
fd01571c4 feat: update Linux, enable Broadcom MPI3 driver
b333ec07d feat: update etcd to 3.5.15, Flannel to 0.25.5
087290178 feat: use ethtool ioctl to get link status when netlink api not available
395c64290 docs: update openebs-jiva helm repo
f132d3f40 chore(ci): remove artifacts directory prefix for checksums
fd54dc191 feat(talosctl): append microsoft secure boot certs
fd6ddd11e feat: provide POD_IP env var to scheduler and controller-manager
407347a7a feat: update Kubernetes to 1.31.0-beta.0
1b8c9ccbb fix: enforce secureboot enroll option only for supported releases
d52b89cb9 chore: ensure tls required on s3 buckets
c288ace7b fix: be more smart when merging DNS resolver config
d983e4430 fix: panic on shutdown
01404edff chore: reduce memory requirement for contrplane nodes
980f9ebc0 fix: fix log format in cluster provisioning
ea626a963 feat: add label 'exclude-from-external-load-balancers' for cp nodes
1cf76cfbc docs: fix talosctl spelling
b07338f54 feat: provide machine config document to update trusted CA roots
f14c4795e fix: sort ports and merge adjacent ones in the nft rule
cf5effabb feat: provide an option to enforce SecureBoot for TPM enrollment
736c1485e fix: change the UEFI firmware search path order
a727a1d97 chore: make using action tracker easier
0aebeff35 docs: add missing backslashes
398151e64 fix: remove host bind mount for /tmp for trustd
ce4c404e1 chore: redo FilterMessages as generic function
fbde9c556 chore: bump deps
3bab15214 feat: update Kubernetes to 1.31.0-alpha.3
c2a5213ee docs: add note about mayastor nvme_tcp init container check
dad9c40c7 chore: simplify code
963612bcc chore: redo EncodeString and EncodeBytes using buffer interface
d9db360ab fix: properly output multi-doc machine config in get mc
31af6b3f8 chore: fix the release step to include CNI bundle
d7cd46643 chore: fix the push/tag steps
c9aeeca3d chore: fix the Makefile
48cdbe0de release(v1.8.0-alpha.1): prepare release
2512ef435 test: fix the integrtion tests for apply-config
076f3c4f2 chore: improve link spec controller code
0454130ad feat: suppress controller runtime first N failures on the console
3d35e5468 chore: update hydrophone library
1f28726d4 chore: support version with and without v prefix
9a56b8527 chore(ci): fix parallel runs of tf pipelines
be35f380c chore: update pkgs/tools/extras
93df23444 docs: update opengraph image for main landing pages
d9d62d4da feat: update Linux to 6.6.36
6b0fe5b8c docs: update deploying cilium docs for v1.7 and v1.8
52611a90d feat: update Kubernetes to v1.30.2
c19cc4ccb docs: clarify direct access needed to nodes in insecure mode
b4c871e4b chore: bump dependencies
cc345c8c9 feat: add support for configuring vlan filtering on the bridge
2d054ad35 chore: handle documents diff in apply-config dry run
bd34f71f3 feat: add apparmor pkg
71857fd4d docs: fix typo: messure -> measure
f75f16b0a chore(ci): fix cluster name generation
c603d2bf9 chore: output more info when ExecuteCommandInPod fails
4b5a7445e docs: fix missing Akamai platform in supported matrix
4701498a1 chore(ci): run e2e-aws-nvidia with zfs extension enabled
86a3222ae chore: use new disks api for iscsi tests
5ffc3f14b feat: show siderolink status on dashboard
6f6a5d105 chore: upgrade to rtnetlink/v2 library
1fb8453c2 chore: update Go modules
8e15621e8 chore(ci): add conformance pipelines
7fcb521a6 feat: use hydrophone instead of sonobuoy
d1a0c1f98 test: fix the integration test for no META name
535006334 chore: fix our dns server implementation
c6f90d014 chore: replace sync.Map with concurrent.HashTrieMap
e8ced2c2d chore: drop k8s timeout in the default kubeconfig
7cbdce73f fix: detect CD devices, fix user disks wipe test
aca475c66 chore: small usability fixes
26cf566dc chore: bump our coredns fork
5e66e117e fix: initial assignment of Hetzner Cloud Alias IP
f07b79f4a feat: provide disk detection based on new blockdevices
8ee087268 chore(ci): drop crashdump, save logs as artifacts
7c9a14383 fix: volume discovery improvements
80ca8ff71 fix: update the cgroups for Talos core services
fe317f1e1 docs: fix typo in QEMU guest agent support on Proxmox
8dbe2128a feat: implement Talos diagnostics
357d7754f fix: clean up VM runners on cluster destroy
41f92e0ba chore: update Go to 1.22.4, other updates
4621e9bb7 chore: add stale and lock issue workflows
82d9cd322 fix: add upgrade errata for arm64/zboot kernels
9a23d846c fix: downgrade Azure IMDS required version
30860210c test: fix hardware test not to require PCI devices
9fcc9b841 feat: update Flannel to v0.25.3
9d395b9de chore: use bun instead of npm
a1684bdf8 chore: speed up go generate for enumer
4dd0aa712 feat: implement PCI device bus enumeration
b0466e0ab fix: disable kexec on GCP/Azure
911c25574 chore: fix go.work resolution
2f088ede0 docs: add another example for installing cilium
3967e0777 feat: update etcd to 3.5.14
3367ded9f fix: correct time adjustment in time.SyncController
893e64fcb fix: replace nslookup with dig in integration tests
0359c8537 chore: unify toml packages being used
4feb94ca0 feat: add multidoc check to the Talos quirks module
0b4a9777f docs: update talosctl install instructions for 1.8
da8305ffb test: add a test for watchdog timers
da7f27640 fix: mount tracefs filesystem
7b37e5b63 chore(ci): fix integration extensions
de7553d77 fix(ci): cron jobs
eb510d9fd chore: require enabled bootloader for docker provisioner
a9cf9b789 fix: correctly handle dns messages in our dns implementation
c2b19dcb9 chore: move to containerd 2.0 API
92a274e9a fix: workaround problems with udevd races
31b24ea3d chore(ci): split integration misc
8a1371337 fix: produce stable order of bonds with equinix
6406193f4 test: add Equnix Metal sample metadata with two bonds
01ea82053 fix: time sync over NTP from future era
5aea42427 fix(ci): fix crons by setting up buildx always
84706c3e2 docs: default to brew docs for talosctl
fcd65ff65 feat: enable forwardKubeDNSToHost by default
2e64e9e4e fix: require accepted CAs on worker nodes
23c1c4560 fix(ci): fix crons fby rekres
2d50392c5 feat: update containerd to 2.0.0-rc.2, runc to 1.2.0-rc.1
a12e4bb24 chore(ci): fix github action crons
e7bd9cd2b fix: decrease maximum negative ttl for dns responses
9c3ebad9f chore(ci): kresify gh actions
ff60f6fde refactor: make some of the extensions package public
ce8c86d64 fix: panic in osroot controller
e1711cd3c chore: stop using containerd package for cri namespace
d4307043f fix: update go-tail library to fix 'short read' error
7cd13ef4a docs: add documentation on using Multus with Talos
4784da3ef feat: use new circular buffer compressed chunks feature
78b48eb3a feat: include EDAC drivers
0bf2d69fb feat: update Kubernetes to 1.30.1
53f548913 fix: increase host dns packet ttl for pods
dedb6d360 fix: update github.com/siderolabs/siderolink to v0.3.7
43939f1a6 docs: fix typos, add docker socket info
6663068bb chore: update project in GCP testing
b86edc677 chore: update office hours in talos repo
cfa25d22d chore: remove docs prior to 1.0 from website navigation
120705459 chore: handle I/O error for xfs_repair
b7afe2669 feat: update Linux 6.6.30
26519ceed docs: update proxmox.md
851b91a0e fix: don't enable hostDNS for versions of Talos which do not have it
42ac5cd0c fix: check for nil machine config during installation
1d29111d4 chore: update Go to 1.22.3
f4d7b9d9a feat: gather plaform dns names
0b0f9995a docs: add resource information, some grammar fixes
763dae250 fix: add cluster name to the worker machine config
4aac5b4ec feat: mount /sys/kernel/security into kubelet
817f18153 docs: remove mention of enabling KubePrism after v1.6
c08d79732 docs: fix the variable name typo
478b862b4 fix: do not fail cli action tracker when boot id cannot be read
be510f9eb docs: fix grpc_tunnel value to true
b7b8a8d8f docs: add logs example for the certificate errors troubleshooting
8df5b85ec release(v1.8.0-alpha.0): prepare release
07f78182c fix: use a fresh context for etcd unlock
84cd7dbec feat: update Linux to 6.6.29
70fdca6a4 chore: update minimum hardware requirement for vmware ova
b690ffeb8 test: improve DNS resolver test stability
5aa0299b6 style: use correct capitalization for openstack
4c0c626b7 feat: use zstd compression in place of xz
98906ed6e fix: use reboot delay only in case of error
05fd042bb test: improve the reset integration tests
8cdf0f7cb docs: fix typo in Cilium instructions
dd1d279da fix: allow more flags in talosctl cluster create --input-dir
ef4394e58 chore: update kernel and other packages
ccdb4c8b1 chore: update google.golang.org/grpc to 1.63.2
c5b59df69 fix: wait for devices to be discovered before probing filesystems
0821b9c50 feat: add --non-masquerade-cidrs flag to talosctl cluster create
2bf613ad3 fix: add endpoints for "virtual" host-dns service
f4163aefe fix: bump priority of OpenStack routes if IPv6 and default gateway
6fbd1263c feat: report process MAC labels
d46032821 fix: return proper value from Bridge.STP instead of plain nil
bac1d00c3 chore: prepare for Talos 1.8
d6c8067e1 docs: make 1.7 docs the default
d7c3a0735 docs: add what's new for v1.7
908f67fa1 feat: add host dns support for resolving member addrs
0d20b637d feat: update Kubernetes to 1.30.0
ec69d7a78 chore: replace math/rand with math/rand/v2
89040ce43 chore: update go-blockdevice/v2 library to the latest version
0a785802e fix: overlay installer operations
b1b63f658 fix: mark overlay installer executable
3433fa13b feat: use container DNS when in container mode
5d07ac5a7 fix: close apid inter-backend connections gracefully for real
7ba18555b docs: fix typos in Akamai and AWS platform docs
3dd1f4e88 chore: extract pkg/imager/quirks to pkg/machinery
78bc3a433 docs: update Cilium docs
831f3d39e feat: update Flannel to v0.25.1
ea5b3ff0c feat: update Kubernetes to v1.30.0-rc.2
54dac5ed4 feat: update Linux 6.6.24, containerd 1.7.15
c51f146da docs: update Akamai platform docs
9550f5ff7 docs: fix getAuthenticationMethod and completePathFromNode docs
bfbd02abf fix: assign different priority to IPv6 default gateway on OpenStack
c8f674bd3 test: add a test for 'spin' container runtime
5390ccd48 chore: replace []byte with string and use go:embed for templates
ba7cdc8c8 chore: optimize DNSResolveCacheController
145f24063 fix: don't modify a global map of profiles
6fe91ad9c feat: provide Kubernets/Talos version compatibility for 1.8
909a5800e fix: generate secureboot ISO .der certificate correctly
b0fdc3c8c fix: make static pods check output consistent
c6ad0fcce fix: validate that workers don't get cluster CA key
3735add87 fix: reconnect to the logs stream in dashboard after reboot
9aa1e1b79 fix: present all accepted CAs to the kube-apiserver
336e61174 fix: close the apid connection to other machines gracefully
ff2c427b0 fix: pre-create nftables chain to make kubelet use nftables
5622f0e45 docs: change localDNS to hostDNS in release notes yaml section

Changes since v1.8.0-alpha.1

113 commits

6f7c3a8e5 fix: build of talosctl on non-Linux arches
f0a59cec7 release(v1.8.0-alpha.2): prepare release
c8aed3be4 fix: correctly add console args for ttyS0
b453385bd feat: support volume configuration, provisioning, etc
b6b16b35f chore: pause sequencer when talos installed and iso booted
eade0a9f2 chore: bring in uio modules
81f9fcd9c fix: report errors correctly when pulling, fix EEXIST
b309e87b4 docs: fix invalid input in field user_data
c7474877a docs: kubeProxyReplacement from "disabled" to "false"
be2ebf6b4 chore: bump dependencies
88601bff4 chore: drop calico from interactive installer
106c17d0b chore: aarch64 qemu local secureboot support
da6263506 feat: update Flannel to v0.25.6
19a44c2b0 chore: drop console ttyS0 argument
75cecb421 feat: add Apache Cloudstack support
951cf66fd feat: add Cisco fnic driver
2d3bc94bf fix(ci): fix broken tests
a9551b7ca fix: host DNS access with firewall enabled
4834a61a8 feat: report SELinux labels
8fe39eacb chore: move csi tests as go test
e4f8cb854 fix: merge extension service config files by mountPath
5ba1df469 chore: add java package to protos
823480800 fix: add missing host/nvme-rdma
5b4b64979 fix: bump go-smbios for broken SMIOS tables
f57d1f07e fix: add NVMe target kernel modules
5ff6cf82c fix: drop /opt mount for containers/tink
3c0db34d8 docs: update kubespan docs
3041d9075 fix: always handle PermissionDenied in dashboard resource watches
36f83eea9 chore: make qemu check flag consistent with code
fe52cb074 chore: update protoc-gen-doc
ee4290f68 fix: bind HostDNS to 169.254.x link-local address
c312a46f6 chore: restructure k8s component health checks
e193e7db9 docs: fix incorrect path for openebs in documentation
beadbac21 docs: update Oracle Cloud Talos custom image docs
6f969e364 chore: improve cluster create UX on aarch64
45cc8688a chore: replace if blocks with min/max functions
a5bd770bf fix: retry with another upstream if the previous failed
82e19f38a docs: add high-level overlay development guide
872599c9a chore: drop image assets from release
3c36c41a9 feat: provide device extra settle timeout
9e348ef35 feat: update Kubernetes to 1.31.0
61a1c946b feat: bundle (some) CNI plugins with Talos core
091da163b chore: support arm64 kexec from zboot kernel images
73511c1ef chore: fix release notes
2bf924c7b feat: update ISO VolumeID with Talos version
9a33dce10 docs: fix the VMWare docs
12562c2d5 docs: fix talos version in vmware.sh
ee67da14c feat: scaleway routed ip
eba5dafb9 fix: add dns-resolve-cache to the support bundle
d4f8100bd docs: fix default openebs folder
60e163d54 docs: fix typo in doc
98d9abdd0 chore(ci): fix cilium ci tests
beb9602e3 chore: bump github.com/docker/docker to v27.1.1+incompatible
0698a4921 docs: aws getting started re-write
4d7d7a589 chore(ci): update nvidia integration tests
60e901c1d chore: document slim kubelet image
622d66a98 chore: bump deps
f9f5e0ef5 chore: fix k8s tests
2ac8d2274 chore: support unsupported flag for mkfs
9b9159d1e docs: update support matrix for nvidia drivers
9d3415850 fix: fix graph diffs in dashboard when node aliases are used
9a126d70e chore: generate deepcopy for SecureBootAssets type
dff56d824 chore: remove arch-specific etcd image tag
c9f1dece5 feat: update Kubernetes to 1.31.0-rc.1
49831c56f docs: replace removed Cilium/kubeProxyReplacement value
33a316369 docs: update aws.md for loop
e02bd2093 feat: update Kubernetes to 1.31.0-rc.0
64914b086 chore: add test for crun extension
7a1c62b8b feat: publish installed extensions as node labels/annotations
3f2058aba fix: update containerd configuration and settings
81bd20f5a docs: remove deprecated jiva from openebs instructions
480ffb88a docs: fix the amd64 PXE boot script URL
20fe34dbd docs: fix docker getting started typo
0fd7dfd2a docs: update Equinix Guide
3d1474ac0 feat: update CoreDNS to 1.1.3
50e5f37ef chore: add test for apparmor
96492c097 docs: extend multus configuration for Cilium
19aa44c54 fix: generate kubeconfig using proper types
240104e45 feat: update Linux to 6.6.43
32db8db60 chore: lock microsoft secureboot certs
3ce5492f8 feat: runc memfd-bind service
341b55cd3 docs: update vmware.sh
117628aa6 chore: add test for gvisor extension with platform kvm
fd01571c4 feat: update Linux, enable Broadcom MPI3 driver
b333ec07d feat: update etcd to 3.5.15, Flannel to 0.25.5
087290178 feat: use ethtool ioctl to get link status when netlink api not available
395c64290 docs: update openebs-jiva helm repo
f132d3f40 chore(ci): remove artifacts directory prefix for checksums
fd54dc191 feat(talosctl): append microsoft secure boot certs
fd6ddd11e feat: provide POD_IP env var to scheduler and controller-manager
407347a7a feat: update Kubernetes to 1.31.0-beta.0
1b8c9ccbb fix: enforce secureboot enroll option only for supported releases
d52b89cb9 chore: ensure tls required on s3 buckets
c288ace7b fix: be more smart when merging DNS resolver config
d983e4430 fix: panic on shutdown
01404edff chore: reduce memory requirement for contrplane nodes
980f9ebc0 fix: fix log format in cluster provisioning
ea626a963 feat: add label 'exclude-from-external-load-balancers' for cp nodes
1cf76cfbc docs: fix talosctl spelling
b07338f54 feat: provide machine config document to update trusted CA roots
f14c4795e fix: sort ports and merge adjacent ones in the nft rule
cf5effabb feat: provide an option to enforce SecureBoot for TPM enrollment
736c1485e fix: change the UEFI firmware search path order
a727a1d97 chore: make using action tracker easier
0aebeff35 docs: add missing backslashes
398151e64 fix: remove host bind mount for /tmp for trustd
ce4c404e1 chore: redo FilterMessages as generic function
fbde9c556 chore: bump deps
3bab15214 feat: update Kubernetes to 1.31.0-alpha.3
c2a5213ee docs: add note about mayastor nvme_tcp init container check
dad9c40c7 chore: simplify code
963612bcc chore: redo EncodeString and EncodeBytes using buffer interface
d9db360ab fix: properly output multi-doc machine config in get mc

Changes from siderolabs/discovery-client

2 commits

ca662d2 feat: export default GRPC dial options for the client
7a767fa chore: bump Go, deps and rekres

Changes from siderolabs/extras

7 commits

43a2821 feat: bump deps
6f4a373 chore: use Go 1.22.6
e7d16d8 chore: bump deps
cab51d8 feat: update dependencies
0efb05f feat: update Go to 1.22.4
01ad9f5 feat: update Go to 1.22.3
fa6663c feat: update Go to 1.22.2

Changes from siderolabs/gen

2 commits

7654108 chore: add hashtriemap implementation
8485864 chore: optimize maps.Values and maps.Keys

Changes from siderolabs/go-api-signature

3 commits

1b35ea8 chore: bump deps and fix data race
4bf0f02 fix: get rid of data race in the key sign interceptor
782aac0 chore: bump deps

Changes from siderolabs/go-circular

3 commits

cbce5c3 feat: add persistence support
3c48c53 feat: implement extra compressed chunks
835f04c chore: rekres, update dependencies

Changes from siderolabs/go-debug

1 commit

c8f9b12 chore: add support for Go 1.23

Changes from siderolabs/go-kubernetes

2 commits

ee8c6b8 fix: add one more removed feature gate for 1.31
37dd61f feat: add support for Kubernetes 1.31

Changes from siderolabs/go-loadbalancer

1 commit

0639758 chore: bump deps

Changes from siderolabs/go-pcidb

1 commit

2e79017 feat: rekres, update PCI IDs

Changes from siderolabs/go-smbios

2 commits

e781237 fix: stop decoding without error if EOF encountered during header read
6a719a6 chore: rekres, bump deps

Changes from siderolabs/go-tail

1 commit

7cb7294 fix: remove unexpected short read error

Changes from siderolabs/go-talos-support

3 commits

58f4f0f chore: bump Go dependencies
f9d46fd fix: add dns-resolve-cache to the list of logs gathered
69891cf chore: remove containerd dependency

Changes from siderolabs/grpc-proxy

5 commits

ec3b59c fix: address all gRPC deprecations
02f82db chore: rekres, bump deps
62b29be chore: rekres, update dependencies
2decdd1 chore: add no-op github workflow
77d7adc chore: bump deps

Changes from siderolabs/pkgs

56 commits

4ce5bc6 feat: add uio_pci_generic kernel module
18d3b85 feat: add uinput kernel module
4fd2541 feat: bump dependencies
467d127 feat: enable Cisco FCoE HBA Driver (fnic)
4e6dec2 feat: enable more PCI options
5f919c5 fix: add virtio-net GSO issue patch
7b2e46b feat: update Linux to 6.6.45
a6db229 fix: strip CNI plugins
124d35b chore: bump deps
af6b4e6 chore: bump nvidia drivers
5e8a15a chore: bump deps
99650c8 fix: enable TPROXY for nftables
75adbde feat: support lts and production nvidia modules
a97d58f feat: add Intel management engine modules for Intel Arc support
4e940f8 feat: update Linux to 6.6.43
7f9c802 fix(kernel): array-index-out-of-bounds error on bpf
8cc6455 feat: add driver for Broadcom MPI3
d01fb35 feat: update Linux to 6.6.39
25f3a99 fix: update ca-certificates in pkgs
60a91b2 fix: enable CONFIG_PROC_CHILDREN for amd64 kernel
ce49757 feat: update flannel-cni plugin to v1.5.1
289ed6b feat: bump deps
8d6b19a feat: update Linux to 6.6.36
b671d46 feat: update containerd/runc to the next rc versions
c7e9591 feat: enable CONFIG_X86_AMD_PSTATE
84bad89 feat: add 'apparmor' package
4d9869a feat: update Linux to 6.6.33
e5990e8 feat: enable CONFIG_KSM
a37f382 fix: network for Rockchip boards like Rock64
95218c7 fix: enable PAGE_TABLE_CHECK
cbd9cd7 feat: enable SCTP support
c309452 feat: bump dependencies
3a56032 chore: rekres
db7f60c feat: bump Linux to 6.6.32
c647a05 feat: update ipxe to the latest
f350879 feat: update containerd to 2.0.0-rc.2, runc to 1.2.0-rc.1
f8392fb feat: update Linux firmware to 20240513
f414bbd fix: disable CONFIG_EFI_DISABLE_PCI_DMA option
9ebfd1b feat: enable EDAC drivers
f9559de fix: drbd module installation
492638d feat: update dependencies
bd70572 feat: update Go to 1.22.3
edb600a feat: update zfs package to v2.2.4
6775002 feat: enable NFT FIB lookups
28c5696 feat: update Linux to 6.6.29
9c8a02c feat: update containerd to 1.7.16
ca6249b feat: compress amd64 Linux kernel using zstd
718a7da feat: enable SELinux
207481f feat(intel): add support for power management and ACPI options for Intel CPUs
dfa7dce feat: update Linux to 6.6.28
7b30b61 fix: use proper EFI zBoot image
010913b feat: update Linux 6.6.26, containerd 1.7.15
da397fa feat: enable BFQ IO scheduler
c839801 feat: enable zboot on arm64 with zstd compression
1b28e2c feat: go 1.22.2, Linux 6.6.24
05db2a8 fix: revert musl to 1.2.4

Changes from siderolabs/protoenc

19 commits

684f268 chore: bump deps, add repeated <-> single field example
82f0774 fix: encode (u)int(16|8)s as varints
d8ddbd5 chore: add more tests
dceb5a6 fix: proper order for custom EncoderDecoder
3617e19 fix: add missing test and proper check for map[string]interface{}
647e9da chore: various additions
3e56913 fix: support pointer to structs in marshal/unmarshal
49a85fa chore: add support for map[string]interface{}
bf5e39b chore: support (u)int(8|16) fields ans slices, fix map issues,
d618d0d chore: no longer treat T and *T as the same types in RegisterEncoderDecoder
aa7ee6c chore: add fast path for ints, fixed ints and floats
6427893 chore: bump Go and fix lint issues
94427a5 chore: even more various fixes and small refactorings
76e5695 chore: various fixes and small refactorings
8a48bf0 feat: implement custom encoders/decoders
549761b chore: various embedding fixes
ab9b1ff chore: add side-by-side tests with official proto.Marshal and Unmarshal
2519db3 feat: implement Marshal/Unmarshal functions for protobuf encoding
485db9f Initial commit

Changes from siderolabs/siderolink

4 commits

e76747b chore: migrate to rtnetlink/2
3a587fc fix: do not ever skip updates which have remove flag
be00ff5 chore: redo event filtering as a sequence of iterators
a936b60 chore: handle peer events in batches

Changes from siderolabs/tools

14 commits

50e55e6 feat: bump dependencies
2b8dab4 feat: add policycoreutils for building squashfs with SELinux
ef48079 feat: add fakeroot as a build dependency
86b5363 feat: add secilc
41ed4b2 fix: fix Tcl tag hashes
a764e8d chore: bump deps
7d807bd chore: bump deps
31ad71b feat: update dependencies
d2746e5 feat: update Go to 1.22.4
06ba64e feat: update dependencies
7e5a248 feat: update dependencies
c34ec5b feat: update Go to 1.22.3
3c25a6f fix: update pkg-config configure flag
bd405ff feat: update go to 1.22.2

Dependency Changes

cloud.google.com/go/compute/metadata v0.2.3 -> v0.5.0
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 -> v1.13.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 -> v1.7.0
github.com/aws/aws-sdk-go-v2/config v1.27.10 -> v1.27.31
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 -> v1.16.12
github.com/aws/aws-sdk-go-v2/service/kms v1.30.1 -> v1.35.5
github.com/aws/smithy-go v1.20.2 -> v1.20.4
github.com/beevik/ntp v1.3.1 -> v1.4.3
github.com/containerd/containerd/api v1.8.0-rc.3 new
github.com/containerd/containerd/v2 v2.0.0-rc.4 new
github.com/containerd/errdefs v0.1.0 new
github.com/containerd/platforms v0.2.1 new
github.com/containerd/typeurl/v2 v2.1.1 -> v2.2.0
github.com/containernetworking/cni v1.1.2 -> v1.2.3
github.com/containernetworking/plugins v1.4.1 -> v1.5.1
github.com/coreos/go-iptables v0.7.0 -> v0.8.0
github.com/cosi-project/runtime v0.4.1 -> v0.5.5
github.com/docker/docker v26.0.0 -> v27.2.0
github.com/fatih/color v1.16.0 -> v1.17.0
github.com/foxboron/go-uefi 48be911532c2 -> e2076f0e58ca
github.com/google/go-containerregistry v0.19.1 -> v0.20.2
github.com/google/go-tpm ee6cbcd136f8 -> v0.9.1
github.com/hashicorp/go-getter/v2 v2.2.1 -> v2.2.3
github.com/hetznercloud/hcloud-go/v2 v2.7.0 -> v2.13.1
github.com/insomniacslk/dhcp c728f5dd21c8 -> a3a4c1f04475
github.com/jsimonetti/rtnetlink/v2 v2.0.2 new
github.com/klauspost/compress v1.17.9 new
github.com/klauspost/cpuid/v2 v2.2.7 -> v2.2.8
github.com/miekg/dns v1.1.58 -> v1.1.62
github.com/opencontainers/runc v1.2.0-rc.2 new
github.com/pelletier/go-toml/v2 v2.2.3 new
github.com/pkg/xattr v0.4.10 new
github.com/prometheus/procfs v0.13.0 -> v0.15.1
github.com/rivo/tview a22293bda944 -> fd649dbf1223
github.com/rs/xid v1.5.0 -> v1.6.0
github.com/safchain/ethtool v0.3.0 -> v0.4.1
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.25 -> v1.0.0-beta.29
github.com/siderolabs/discovery-client v0.1.8 -> v0.1.9
github.com/siderolabs/extras v1.7.0-1-gbb76755 -> v1.8.0-alpha.0-6-g43a2821
github.com/siderolabs/gen v0.4.8 -> v0.5.0
github.com/siderolabs/go-api-signature v0.3.2 -> v0.3.5
github.com/siderolabs/go-blockdevice/v2 3265299b0192 -> v2.0.1
github.com/siderolabs/go-circular v0.1.0 -> v0.2.0
github.com/siderolabs/go-debug v0.3.0 -> v0.4.0
github.com/siderolabs/go-kubernetes v0.2.9 -> v0.2.11
github.com/siderolabs/go-loadbalancer v0.3.3 -> v0.3.4
github.com/siderolabs/go-pcidb v0.2.0 -> v0.3.0
github.com/siderolabs/go-smbios v0.3.2 -> v0.3.3
github.com/siderolabs/go-tail v0.1.0 -> v0.1.1
github.com/siderolabs/go-talos-support v0.1.0 -> v0.1.1
github.com/siderolabs/grpc-proxy v0.4.0 -> v0.4.1
github.com/siderolabs/pkgs v1.7.0-6-g29106c0 -> v1.8.0-alpha.0-54-g4ce5bc6
github.com/siderolabs/protoenc v0.2.1 new
github.com/siderolabs/siderolink v0.3.5 -> v0.3.9
github.com/siderolabs/talos/pkg/machinery v1.7.0 -> v1.8.0-alpha.2
github.com/siderolabs/tools v1.7.0-1-g10b2a69 -> v1.8.0
github.com/spf13/cobra v1.8.0 -> v1.8.1
github.com/vishvananda/netlink v1.2.1-beta.2 -> v1.3.0
go.etcd.io/etcd/api/v3 v3.5.13 -> v3.5.15
go.etcd.io/etcd/client/pkg/v3 v3.5.13 -> v3.5.15
go.etcd.io/etcd/client/v3 v3.5.13 -> v3.5.15
go.etcd.io/etcd/etcdutl/v3 v3.5.13 -> v3.5.15
golang.org/x/net v0.23.0 -> v0.28.0
golang.org/x/oauth2 v0.18.0 -> v0.22.0
golang.org/x/sync v0.6.0 -> v0.8.0
golang.org/x/sys v0.18.0 -> v0.24.0
golang.org/x/term v0.18.0 -> v0.23.0
golang.org/x/text v0.14.0 -> v0.17.0
golang.org/x/time v0.5.0 -> v0.6.0
google.golang.org/grpc v1.62.1 -> v1.66.0
google.golang.org/protobuf v1.33.0 -> v1.34.2
k8s.io/api v0.30.0 -> v0.31.0
k8s.io/apimachinery v0.30.0 -> v0.31.0
k8s.io/apiserver v0.30.0 -> v0.31.0
k8s.io/client-go v0.30.0 -> v0.31.0
k8s.io/component-base v0.30.0 -> v0.31.0
k8s.io/cri-api v0.30.0 -> v0.32.0-alpha.0
k8s.io/klog/v2 v2.120.1 -> v2.130.1
k8s.io/kube-scheduler v0.30.0 -> v0.31.0
k8s.io/kubectl v0.30.0 -> v0.31.0
k8s.io/kubelet v0.30.0 -> v0.31.0
k8s.io/pod-security-admission v0.30.0 -> v0.31.0
kernel.org/pub/linux/libs/security/libcap/cap v1.2.69 -> v1.2.70
sigs.k8s.io/hydrophone b92baf7e0b04 new

Previous release can be found at v1.7.0

Talos 1.8.0-alpha.1 (2024-07-05)

Welcome to the v1.8.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

Workload Apparmor Profile

Talos Linux can now apply the default AppArmor profiles to all workloads started via containerd, if the machine is installed with the AppArmor LSM enforced via the extraKernelArgs.

Eg:

machine:
    install:
        extraKernelArgs:
            - security=apparmor

Bridge Interface

Talos Linux now support configuring 'vlan_filtering' for bridge interfaces.

Diagnostics

Talos Linux now shows diagnostics information for common problems related to misconfiguration via talosctl health and Talos dashboard.

DNS Forwarding for CoreDNS pods

Usage of the host DNS resolver as upstream for Kubernetes CoreDNS pods is now enabled by default. You can disable it with:

machine:
  features:
    hostDNS:
      enabled: true
      forwardKubeDNSToHost: false

Please note that on running cluster you will have to kill CoreDNS pods for this change to apply.

PCI Devices

A list of PCI devices can now be obtained via PCIDevices resource, e.g. talosctl get pcidevices.

Component Updates

Kubernetes: 1.30.2 Linux: 6.6.36 containerd: 2.0.0-rc.3 runc: 1.2.0-rc.2 etcd: 3.5.14 Flannel: 0.25.3 Flannel CNI plugin: 1.5.1

Talos is built with Go 1.22.5.

ZSTD Compression

Talos Linux now compresses kernel and initramfs using ZSTD. Linux arm64 kernel is now compressed (previously it was uncompressed).

Contributors

Andrey Smirnov
Dmitriy Matrenichev
Noel Georgi
Utku Ozdemir
Artem Chernyshev
Dmitry Sharshakov
Spencer Smith
Justin Garrison
Steve Francis
Bernard Gütermann
Konrad Eriksson
Andrew Rynhard
Attila Oláh
Birger J. Nordølum
Dennis Marttinen
Enrique Hernández Bello
Evan Johnson
Fabian Topfstedt
Grzegorz Rozniecki
Grzegorz Rożniecki
Igor Rzegocki
Jean-Francois Roy
Marcel Richter
Marco Franssen
Michael Trip
Ron Olson
Serge Logvinov
Simon-Boyer
Steve Fan
USBAkimbo
Will Bush
darox
dhaines-quera
leppeK
looklose

Changes

160 commits

0454130ad feat: suppress controller runtime first N failures on the console
3d35e5468 chore: update hydrophone library
1f28726d4 chore: support version with and without v prefix
9a56b8527 chore(ci): fix parallel runs of tf pipelines
be35f380c chore: update pkgs/tools/extras
93df23444 docs: update opengraph image for main landing pages
d9d62d4da feat: update Linux to 6.6.36
6b0fe5b8c docs: update deploying cilium docs for v1.7 and v1.8
52611a90d feat: update Kubernetes to v1.30.2
c19cc4ccb docs: clarify direct access needed to nodes in insecure mode
b4c871e4b chore: bump dependencies
cc345c8c9 feat: add support for configuring vlan filtering on the bridge
2d054ad35 chore: handle documents diff in apply-config dry run
bd34f71f3 feat: add apparmor pkg
71857fd4d docs: fix typo: messure -> measure
f75f16b0a chore(ci): fix cluster name generation
c603d2bf9 chore: output more info when ExecuteCommandInPod fails
4b5a7445e docs: fix missing Akamai platform in supported matrix
4701498a1 chore(ci): run e2e-aws-nvidia with zfs extension enabled
86a3222ae chore: use new disks api for iscsi tests
5ffc3f14b feat: show siderolink status on dashboard
6f6a5d105 chore: upgrade to rtnetlink/v2 library
1fb8453c2 chore: update Go modules
8e15621e8 chore(ci): add conformance pipelines
7fcb521a6 feat: use hydrophone instead of sonobuoy
d1a0c1f98 test: fix the integration test for no META name
535006334 chore: fix our dns server implementation
c6f90d014 chore: replace sync.Map with concurrent.HashTrieMap
e8ced2c2d chore: drop k8s timeout in the default kubeconfig
7cbdce73f fix: detect CD devices, fix user disks wipe test
aca475c66 chore: small usability fixes
26cf566dc chore: bump our coredns fork
5e66e117e fix: initial assignment of Hetzner Cloud Alias IP
f07b79f4a feat: provide disk detection based on new blockdevices
8ee087268 chore(ci): drop crashdump, save logs as artifacts
7c9a14383 fix: volume discovery improvements
80ca8ff71 fix: update the cgroups for Talos core services
fe317f1e1 docs: fix typo in QEMU guest agent support on Proxmox
8dbe2128a feat: implement Talos diagnostics
357d7754f fix: clean up VM runners on cluster destroy
41f92e0ba chore: update Go to 1.22.4, other updates
4621e9bb7 chore: add stale and lock issue workflows
82d9cd322 fix: add upgrade errata for arm64/zboot kernels
9a23d846c fix: downgrade Azure IMDS required version
30860210c test: fix hardware test not to require PCI devices
9fcc9b841 feat: update Flannel to v0.25.3
9d395b9de chore: use bun instead of npm
a1684bdf8 chore: speed up go generate for enumer
4dd0aa712 feat: implement PCI device bus enumeration
b0466e0ab fix: disable kexec on GCP/Azure
911c25574 chore: fix go.work resolution
2f088ede0 docs: add another example for installing cilium
3967e0777 feat: update etcd to 3.5.14
3367ded9f fix: correct time adjustment in time.SyncController
893e64fcb fix: replace nslookup with dig in integration tests
0359c8537 chore: unify toml packages being used
4feb94ca0 feat: add multidoc check to the Talos quirks module
0b4a9777f docs: update talosctl install instructions for 1.8
da8305ffb test: add a test for watchdog timers
da7f27640 fix: mount tracefs filesystem
7b37e5b63 chore(ci): fix integration extensions
de7553d77 fix(ci): cron jobs
eb510d9fd chore: require enabled bootloader for docker provisioner
a9cf9b789 fix: correctly handle dns messages in our dns implementation
c2b19dcb9 chore: move to containerd 2.0 API
92a274e9a fix: workaround problems with udevd races
31b24ea3d chore(ci): split integration misc
8a1371337 fix: produce stable order of bonds with equinix
6406193f4 test: add Equnix Metal sample metadata with two bonds
01ea82053 fix: time sync over NTP from future era
5aea42427 fix(ci): fix crons by setting up buildx always
84706c3e2 docs: default to brew docs for talosctl
fcd65ff65 feat: enable forwardKubeDNSToHost by default
2e64e9e4e fix: require accepted CAs on worker nodes
23c1c4560 fix(ci): fix crons fby rekres
2d50392c5 feat: update containerd to 2.0.0-rc.2, runc to 1.2.0-rc.1
a12e4bb24 chore(ci): fix github action crons
e7bd9cd2b fix: decrease maximum negative ttl for dns responses
9c3ebad9f chore(ci): kresify gh actions
ff60f6fde refactor: make some of the extensions package public
ce8c86d64 fix: panic in osroot controller
e1711cd3c chore: stop using containerd package for cri namespace
d4307043f fix: update go-tail library to fix 'short read' error
7cd13ef4a docs: add documentation on using Multus with Talos
4784da3ef feat: use new circular buffer compressed chunks feature
78b48eb3a feat: include EDAC drivers
0bf2d69fb feat: update Kubernetes to 1.30.1
53f548913 fix: increase host dns packet ttl for pods
dedb6d360 fix: update github.com/siderolabs/siderolink to v0.3.7
43939f1a6 docs: fix typos, add docker socket info
6663068bb chore: update project in GCP testing
b86edc677 chore: update office hours in talos repo
cfa25d22d chore: remove docs prior to 1.0 from website navigation
120705459 chore: handle I/O error for xfs_repair
b7afe2669 feat: update Linux 6.6.30
26519ceed docs: update proxmox.md
851b91a0e fix: don't enable hostDNS for versions of Talos which do not have it
42ac5cd0c fix: check for nil machine config during installation
1d29111d4 chore: update Go to 1.22.3
f4d7b9d9a feat: gather plaform dns names
0b0f9995a docs: add resource information, some grammar fixes
763dae250 fix: add cluster name to the worker machine config
4aac5b4ec feat: mount /sys/kernel/security into kubelet
817f18153 docs: remove mention of enabling KubePrism after v1.6
c08d79732 docs: fix the variable name typo
478b862b4 fix: do not fail cli action tracker when boot id cannot be read
be510f9eb docs: fix grpc_tunnel value to true
b7b8a8d8f docs: add logs example for the certificate errors troubleshooting
8df5b85ec release(v1.8.0-alpha.0): prepare release
07f78182c fix: use a fresh context for etcd unlock
84cd7dbec feat: update Linux to 6.6.29
70fdca6a4 chore: update minimum hardware requirement for vmware ova
b690ffeb8 test: improve DNS resolver test stability
5aa0299b6 style: use correct capitalization for openstack
4c0c626b7 feat: use zstd compression in place of xz
98906ed6e fix: use reboot delay only in case of error
05fd042bb test: improve the reset integration tests
8cdf0f7cb docs: fix typo in Cilium instructions
dd1d279da fix: allow more flags in talosctl cluster create --input-dir
ef4394e58 chore: update kernel and other packages
ccdb4c8b1 chore: update google.golang.org/grpc to 1.63.2
c5b59df69 fix: wait for devices to be discovered before probing filesystems
0821b9c50 feat: add --non-masquerade-cidrs flag to talosctl cluster create
2bf613ad3 fix: add endpoints for "virtual" host-dns service
f4163aefe fix: bump priority of OpenStack routes if IPv6 and default gateway
6fbd1263c feat: report process MAC labels
d46032821 fix: return proper value from Bridge.STP instead of plain nil
bac1d00c3 chore: prepare for Talos 1.8
d6c8067e1 docs: make 1.7 docs the default
d7c3a0735 docs: add what's new for v1.7
908f67fa1 feat: add host dns support for resolving member addrs
0d20b637d feat: update Kubernetes to 1.30.0
ec69d7a78 chore: replace math/rand with math/rand/v2
89040ce43 chore: update go-blockdevice/v2 library to the latest version
0a785802e fix: overlay installer operations
b1b63f658 fix: mark overlay installer executable
3433fa13b feat: use container DNS when in container mode
5d07ac5a7 fix: close apid inter-backend connections gracefully for real
7ba18555b docs: fix typos in Akamai and AWS platform docs
3dd1f4e88 chore: extract pkg/imager/quirks to pkg/machinery
78bc3a433 docs: update Cilium docs
831f3d39e feat: update Flannel to v0.25.1
ea5b3ff0c feat: update Kubernetes to v1.30.0-rc.2
54dac5ed4 feat: update Linux 6.6.24, containerd 1.7.15
c51f146da docs: update Akamai platform docs
9550f5ff7 docs: fix getAuthenticationMethod and completePathFromNode docs
bfbd02abf fix: assign different priority to IPv6 default gateway on OpenStack
c8f674bd3 test: add a test for 'spin' container runtime
5390ccd48 chore: replace []byte with string and use go:embed for templates
ba7cdc8c8 chore: optimize DNSResolveCacheController
145f24063 fix: don't modify a global map of profiles
6fe91ad9c feat: provide Kubernets/Talos version compatibility for 1.8
909a5800e fix: generate secureboot ISO .der certificate correctly
b0fdc3c8c fix: make static pods check output consistent
c6ad0fcce fix: validate that workers don't get cluster CA key
3735add87 fix: reconnect to the logs stream in dashboard after reboot
9aa1e1b79 fix: present all accepted CAs to the kube-apiserver
336e61174 fix: close the apid connection to other machines gracefully
ff2c427b0 fix: pre-create nftables chain to make kubelet use nftables
5622f0e45 docs: change localDNS to hostDNS in release notes yaml section

Changes since v1.8.0-alpha.0

108 commits

0454130ad feat: suppress controller runtime first N failures on the console
3d35e5468 chore: update hydrophone library
1f28726d4 chore: support version with and without v prefix
9a56b8527 chore(ci): fix parallel runs of tf pipelines
be35f380c chore: update pkgs/tools/extras
93df23444 docs: update opengraph image for main landing pages
d9d62d4da feat: update Linux to 6.6.36
6b0fe5b8c docs: update deploying cilium docs for v1.7 and v1.8
52611a90d feat: update Kubernetes to v1.30.2
c19cc4ccb docs: clarify direct access needed to nodes in insecure mode
b4c871e4b chore: bump dependencies
cc345c8c9 feat: add support for configuring vlan filtering on the bridge
2d054ad35 chore: handle documents diff in apply-config dry run
bd34f71f3 feat: add apparmor pkg
71857fd4d docs: fix typo: messure -> measure
f75f16b0a chore(ci): fix cluster name generation
c603d2bf9 chore: output more info when ExecuteCommandInPod fails
4b5a7445e docs: fix missing Akamai platform in supported matrix
4701498a1 chore(ci): run e2e-aws-nvidia with zfs extension enabled
86a3222ae chore: use new disks api for iscsi tests
5ffc3f14b feat: show siderolink status on dashboard
6f6a5d105 chore: upgrade to rtnetlink/v2 library
1fb8453c2 chore: update Go modules
8e15621e8 chore(ci): add conformance pipelines
7fcb521a6 feat: use hydrophone instead of sonobuoy
d1a0c1f98 test: fix the integration test for no META name
535006334 chore: fix our dns server implementation
c6f90d014 chore: replace sync.Map with concurrent.HashTrieMap
e8ced2c2d chore: drop k8s timeout in the default kubeconfig
7cbdce73f fix: detect CD devices, fix user disks wipe test
aca475c66 chore: small usability fixes
26cf566dc chore: bump our coredns fork
5e66e117e fix: initial assignment of Hetzner Cloud Alias IP
f07b79f4a feat: provide disk detection based on new blockdevices
8ee087268 chore(ci): drop crashdump, save logs as artifacts
7c9a14383 fix: volume discovery improvements
80ca8ff71 fix: update the cgroups for Talos core services
fe317f1e1 docs: fix typo in QEMU guest agent support on Proxmox
8dbe2128a feat: implement Talos diagnostics
357d7754f fix: clean up VM runners on cluster destroy
41f92e0ba chore: update Go to 1.22.4, other updates
4621e9bb7 chore: add stale and lock issue workflows
82d9cd322 fix: add upgrade errata for arm64/zboot kernels
9a23d846c fix: downgrade Azure IMDS required version
30860210c test: fix hardware test not to require PCI devices
9fcc9b841 feat: update Flannel to v0.25.3
9d395b9de chore: use bun instead of npm
a1684bdf8 chore: speed up go generate for enumer
4dd0aa712 feat: implement PCI device bus enumeration
b0466e0ab fix: disable kexec on GCP/Azure
911c25574 chore: fix go.work resolution
2f088ede0 docs: add another example for installing cilium
3967e0777 feat: update etcd to 3.5.14
3367ded9f fix: correct time adjustment in time.SyncController
893e64fcb fix: replace nslookup with dig in integration tests
0359c8537 chore: unify toml packages being used
4feb94ca0 feat: add multidoc check to the Talos quirks module
0b4a9777f docs: update talosctl install instructions for 1.8
da8305ffb test: add a test for watchdog timers
da7f27640 fix: mount tracefs filesystem
7b37e5b63 chore(ci): fix integration extensions
de7553d77 fix(ci): cron jobs
eb510d9fd chore: require enabled bootloader for docker provisioner
a9cf9b789 fix: correctly handle dns messages in our dns implementation
c2b19dcb9 chore: move to containerd 2.0 API
92a274e9a fix: workaround problems with udevd races
31b24ea3d chore(ci): split integration misc
8a1371337 fix: produce stable order of bonds with equinix
6406193f4 test: add Equnix Metal sample metadata with two bonds
01ea82053 fix: time sync over NTP from future era
5aea42427 fix(ci): fix crons by setting up buildx always
84706c3e2 docs: default to brew docs for talosctl
fcd65ff65 feat: enable forwardKubeDNSToHost by default
2e64e9e4e fix: require accepted CAs on worker nodes
23c1c4560 fix(ci): fix crons fby rekres
2d50392c5 feat: update containerd to 2.0.0-rc.2, runc to 1.2.0-rc.1
a12e4bb24 chore(ci): fix github action crons
e7bd9cd2b fix: decrease maximum negative ttl for dns responses
9c3ebad9f chore(ci): kresify gh actions
ff60f6fde refactor: make some of the extensions package public
ce8c86d64 fix: panic in osroot controller
e1711cd3c chore: stop using containerd package for cri namespace
d4307043f fix: update go-tail library to fix 'short read' error
7cd13ef4a docs: add documentation on using Multus with Talos
4784da3ef feat: use new circular buffer compressed chunks feature
78b48eb3a feat: include EDAC drivers
0bf2d69fb feat: update Kubernetes to 1.30.1
53f548913 fix: increase host dns packet ttl for pods
dedb6d360 fix: update github.com/siderolabs/siderolink to v0.3.7
43939f1a6 docs: fix typos, add docker socket info
6663068bb chore: update project in GCP testing
b86edc677 chore: update office hours in talos repo
cfa25d22d chore: remove docs prior to 1.0 from website navigation
120705459 chore: handle I/O error for xfs_repair
b7afe2669 feat: update Linux 6.6.30
26519ceed docs: update proxmox.md
851b91a0e fix: don't enable hostDNS for versions of Talos which do not have it
42ac5cd0c fix: check for nil machine config during installation
1d29111d4 chore: update Go to 1.22.3
f4d7b9d9a feat: gather plaform dns names
0b0f9995a docs: add resource information, some grammar fixes
763dae250 fix: add cluster name to the worker machine config
4aac5b4ec feat: mount /sys/kernel/security into kubelet
817f18153 docs: remove mention of enabling KubePrism after v1.6
c08d79732 docs: fix the variable name typo
478b862b4 fix: do not fail cli action tracker when boot id cannot be read
be510f9eb docs: fix grpc_tunnel value to true
b7b8a8d8f docs: add logs example for the certificate errors troubleshooting

Changes from siderolabs/discovery-client

2 commits

ca662d2 feat: export default GRPC dial options for the client
7a767fa chore: bump Go, deps and rekres

Changes from siderolabs/extras

4 commits

cab51d8 feat: update dependencies
0efb05f feat: update Go to 1.22.4
01ad9f5 feat: update Go to 1.22.3
fa6663c feat: update Go to 1.22.2

Changes from siderolabs/gen

2 commits

7654108 chore: add hashtriemap implementation
8485864 chore: optimize maps.Values and maps.Keys

Changes from siderolabs/go-api-signature

1 commit

782aac0 chore: bump deps

Changes from siderolabs/go-circular

3 commits

cbce5c3 feat: add persistence support
3c48c53 feat: implement extra compressed chunks
835f04c chore: rekres, update dependencies

Changes from siderolabs/go-loadbalancer

1 commit

0639758 chore: bump deps

Changes from siderolabs/go-pcidb

1 commit

2e79017 feat: rekres, update PCI IDs

Changes from siderolabs/go-tail

1 commit

7cb7294 fix: remove unexpected short read error

Changes from siderolabs/go-talos-support

1 commit

69891cf chore: remove containerd dependency

Changes from siderolabs/pkgs

36 commits

ce49757 feat: update flannel-cni plugin to v1.5.1
289ed6b feat: bump deps
8d6b19a feat: update Linux to 6.6.36
b671d46 feat: update containerd/runc to the next rc versions
c7e9591 feat: enable CONFIG_X86_AMD_PSTATE
84bad89 feat: add 'apparmor' package
4d9869a feat: update Linux to 6.6.33
e5990e8 feat: enable CONFIG_KSM
a37f382 fix: network for Rockchip boards like Rock64
95218c7 fix: enable PAGE_TABLE_CHECK
cbd9cd7 feat: enable SCTP support
c309452 feat: bump dependencies
3a56032 chore: rekres
db7f60c feat: bump Linux to 6.6.32
c647a05 feat: update ipxe to the latest
f350879 feat: update containerd to 2.0.0-rc.2, runc to 1.2.0-rc.1
f8392fb feat: update Linux firmware to 20240513
f414bbd fix: disable CONFIG_EFI_DISABLE_PCI_DMA option
9ebfd1b feat: enable EDAC drivers
f9559de fix: drbd module installation
492638d feat: update dependencies
bd70572 feat: update Go to 1.22.3
edb600a feat: update zfs package to v2.2.4
6775002 feat: enable NFT FIB lookups
28c5696 feat: update Linux to 6.6.29
9c8a02c feat: update containerd to 1.7.16
ca6249b feat: compress amd64 Linux kernel using zstd
718a7da feat: enable SELinux
207481f feat(intel): add support for power management and ACPI options for Intel CPUs
dfa7dce feat: update Linux to 6.6.28
7b30b61 fix: use proper EFI zBoot image
010913b feat: update Linux 6.6.26, containerd 1.7.15
da397fa feat: enable BFQ IO scheduler
c839801 feat: enable zboot on arm64 with zstd compression
1b28e2c feat: go 1.22.2, Linux 6.6.24
05db2a8 fix: revert musl to 1.2.4

Changes from siderolabs/siderolink

4 commits

e76747b chore: migrate to rtnetlink/2
3a587fc fix: do not ever skip updates which have remove flag
be00ff5 chore: redo event filtering as a sequence of iterators
a936b60 chore: handle peer events in batches

Changes from siderolabs/tools

7 commits

31ad71b feat: update dependencies
d2746e5 feat: update Go to 1.22.4
06ba64e feat: update dependencies
7e5a248 feat: update dependencies
c34ec5b feat: update Go to 1.22.3
3c25a6f fix: update pkg-config configure flag
bd405ff feat: update go to 1.22.2

Dependency Changes

cloud.google.com/go/compute/metadata v0.2.3 -> v0.4.0
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 -> v1.12.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 -> v1.7.0
github.com/aws/aws-sdk-go-v2/config v1.27.10 -> v1.27.23
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 -> v1.16.9
github.com/aws/aws-sdk-go-v2/service/kms v1.30.1 -> v1.35.1
github.com/aws/smithy-go v1.20.2 -> v1.20.3
github.com/beevik/ntp v1.3.1 -> v1.4.3
github.com/containerd/containerd/api v1.8.0-rc.2 new
github.com/containerd/containerd/v2 v2.0.0-rc.3 new
github.com/containerd/errdefs v0.1.0 new
github.com/containerd/platforms v0.2.1 new
github.com/containernetworking/cni v1.1.2 -> v1.2.2
github.com/containernetworking/plugins v1.4.1 -> v1.5.1
github.com/cosi-project/runtime v0.4.1 -> v0.5.0
github.com/docker/docker v26.0.0 -> v27.0.3
github.com/fatih/color v1.16.0 -> v1.17.0
github.com/foxboron/go-uefi 48be911532c2 -> 205d5597883a
github.com/google/go-containerregistry v0.19.1 -> v0.19.2
github.com/google/go-tpm ee6cbcd136f8 -> v0.9.1
github.com/hashicorp/go-getter/v2 v2.2.1 -> v2.2.2
github.com/hetznercloud/hcloud-go/v2 v2.7.0 -> v2.10.2
github.com/insomniacslk/dhcp c728f5dd21c8 -> bf3278ac95c1
github.com/jsimonetti/rtnetlink/v2 v2.0.2 new
github.com/klauspost/compress v1.17.9 new
github.com/klauspost/cpuid/v2 v2.2.7 -> v2.2.8
github.com/miekg/dns v1.1.58 -> v1.1.61
github.com/pelletier/go-toml/v2 v2.2.2 new
github.com/prometheus/procfs v0.13.0 -> v0.15.1
github.com/rivo/tview a22293bda944 -> b0a7293b8130
github.com/safchain/ethtool v0.3.0 -> v0.4.1
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.25 -> v1.0.0-beta.28
github.com/siderolabs/discovery-client v0.1.8 -> v0.1.9
github.com/siderolabs/extras v1.7.0-1-gbb76755 -> v1.8.0-alpha.0-3-gcab51d8
github.com/siderolabs/gen v0.4.8 -> v0.5.0
github.com/siderolabs/go-api-signature v0.3.2 -> v0.3.3
github.com/siderolabs/go-blockdevice/v2 3265299b0192 -> f4a4030394f4
github.com/siderolabs/go-circular v0.1.0 -> v0.2.0
github.com/siderolabs/go-loadbalancer v0.3.3 -> v0.3.4
github.com/siderolabs/go-pcidb v0.2.0 -> v0.3.0
github.com/siderolabs/go-tail v0.1.0 -> v0.1.1
github.com/siderolabs/go-talos-support v0.1.0 -> 69891cf04662
github.com/siderolabs/pkgs v1.7.0-6-g29106c0 -> v1.8.0-alpha.0-34-gce49757
github.com/siderolabs/siderolink v0.3.5 -> v0.3.9
github.com/siderolabs/talos/pkg/machinery v1.7.0 -> e1711cd3c9
github.com/siderolabs/tools v1.7.0-1-g10b2a69 -> v1.8.0-alpha.0-6-g31ad71b
github.com/spf13/cobra v1.8.0 -> v1.8.1
go.etcd.io/etcd/api/v3 v3.5.13 -> v3.5.14
go.etcd.io/etcd/client/pkg/v3 v3.5.13 -> v3.5.14
go.etcd.io/etcd/client/v3 v3.5.13 -> v3.5.14
go.etcd.io/etcd/etcdutl/v3 v3.5.13 -> v3.5.14
golang.org/x/net v0.23.0 -> v0.26.0
golang.org/x/oauth2 v0.18.0 -> v0.21.0
golang.org/x/sync v0.6.0 -> v0.7.0
golang.org/x/sys v0.18.0 -> v0.21.0
golang.org/x/term v0.18.0 -> v0.21.0
golang.org/x/text v0.14.0 -> v0.16.0
google.golang.org/grpc v1.62.1 -> v1.64.0
google.golang.org/protobuf v1.33.0 -> v1.34.2
k8s.io/api v0.30.0 -> v0.30.2
k8s.io/apiserver v0.30.0 -> v0.30.2
k8s.io/client-go v0.30.0 -> v0.30.2
k8s.io/component-base v0.30.0 -> v0.30.2
k8s.io/cri-api v0.30.0 -> 3a66d9d86654
k8s.io/klog/v2 v2.120.1 -> v2.130.1
k8s.io/kube-scheduler v0.30.0 -> v0.30.2
k8s.io/kubectl v0.30.0 -> v0.30.2
k8s.io/kubelet v0.30.0 -> v0.30.2
k8s.io/pod-security-admission v0.30.0 -> v0.30.2
kernel.org/pub/linux/libs/security/libcap/cap v1.2.69 -> v1.2.70
sigs.k8s.io/hydrophone 91065c9fe3a5 new

Previous release can be found at v1.7.0

Talos 1.8.0-alpha.0 (2024-05-01)

Welcome to the v1.8.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.6.29 containerd: 1.7.16

Talos is built with Go 1.22.2.

ZSTD Compression

Talos Linux now compresses kernel and initramfs using ZSTD. Linux arm64 kernel is now compressed (previously it was uncompressed).

Contributors

Andrey Smirnov
Dmitriy Matrenichev
Utku Ozdemir
Dmitry Sharshakov
Artem Chernyshev
Bernard Gütermann
Birger J. Nordølum
Dennis Marttinen
Evan Johnson
Grzegorz Rożniecki
Igor Rzegocki
Noel Georgi
Spencer Smith
darox
looklose

Changes

51 commits

07f78182c fix: use a fresh context for etcd unlock
84cd7dbec feat: update Linux to 6.6.29
70fdca6a4 chore: update minimum hardware requirement for vmware ova
b690ffeb8 test: improve DNS resolver test stability
5aa0299b6 style: use correct capitalization for openstack
4c0c626b7 feat: use zstd compression in place of xz
98906ed6e fix: use reboot delay only in case of error
05fd042bb test: improve the reset integration tests
8cdf0f7cb docs: fix typo in Cilium instructions
dd1d279da fix: allow more flags in talosctl cluster create --input-dir
ef4394e58 chore: update kernel and other packages
ccdb4c8b1 chore: update google.golang.org/grpc to 1.63.2
c5b59df69 fix: wait for devices to be discovered before probing filesystems
0821b9c50 feat: add --non-masquerade-cidrs flag to talosctl cluster create
2bf613ad3 fix: add endpoints for "virtual" host-dns service
f4163aefe fix: bump priority of OpenStack routes if IPv6 and default gateway
6fbd1263c feat: report process MAC labels
d46032821 fix: return proper value from Bridge.STP instead of plain nil
bac1d00c3 chore: prepare for Talos 1.8
d6c8067e1 docs: make 1.7 docs the default
d7c3a0735 docs: add what's new for v1.7
908f67fa1 feat: add host dns support for resolving member addrs
0d20b637d feat: update Kubernetes to 1.30.0
ec69d7a78 chore: replace math/rand with math/rand/v2
89040ce43 chore: update go-blockdevice/v2 library to the latest version
0a785802e fix: overlay installer operations
b1b63f658 fix: mark overlay installer executable
3433fa13b feat: use container DNS when in container mode
5d07ac5a7 fix: close apid inter-backend connections gracefully for real
7ba18555b docs: fix typos in Akamai and AWS platform docs
3dd1f4e88 chore: extract pkg/imager/quirks to pkg/machinery
78bc3a433 docs: update Cilium docs
831f3d39e feat: update Flannel to v0.25.1
ea5b3ff0c feat: update Kubernetes to v1.30.0-rc.2
54dac5ed4 feat: update Linux 6.6.24, containerd 1.7.15
c51f146da docs: update Akamai platform docs
9550f5ff7 docs: fix getAuthenticationMethod and completePathFromNode docs
bfbd02abf fix: assign different priority to IPv6 default gateway on OpenStack
c8f674bd3 test: add a test for 'spin' container runtime
5390ccd48 chore: replace []byte with string and use go:embed for templates
ba7cdc8c8 chore: optimize DNSResolveCacheController
145f24063 fix: don't modify a global map of profiles
6fe91ad9c feat: provide Kubernets/Talos version compatibility for 1.8
909a5800e fix: generate secureboot ISO .der certificate correctly
b0fdc3c8c fix: make static pods check output consistent
c6ad0fcce fix: validate that workers don't get cluster CA key
3735add87 fix: reconnect to the logs stream in dashboard after reboot
9aa1e1b79 fix: present all accepted CAs to the kube-apiserver
336e61174 fix: close the apid connection to other machines gracefully
ff2c427b0 fix: pre-create nftables chain to make kubelet use nftables
5622f0e45 docs: change localDNS to hostDNS in release notes yaml section

Changes from siderolabs/discovery-client

2 commits

ca662d2 feat: export default GRPC dial options for the client
7a767fa chore: bump Go, deps and rekres

Changes from siderolabs/extras

1 commit

fa6663c feat: update Go to 1.22.2

Changes from siderolabs/pkgs

12 commits

28c5696 feat: update Linux to 6.6.29
9c8a02c feat: update containerd to 1.7.16
ca6249b feat: compress amd64 Linux kernel using zstd
718a7da feat: enable SELinux
207481f feat(intel): add support for power management and ACPI options for Intel CPUs
dfa7dce feat: update Linux to 6.6.28
7b30b61 fix: use proper EFI zBoot image
010913b feat: update Linux 6.6.26, containerd 1.7.15
da397fa feat: enable BFQ IO scheduler
c839801 feat: enable zboot on arm64 with zstd compression
1b28e2c feat: go 1.22.2, Linux 6.6.24
05db2a8 fix: revert musl to 1.2.4

Changes from siderolabs/tools

1 commit

bd405ff feat: update go to 1.22.2

Dependency Changes

cloud.google.com/go/compute/metadata v0.2.3 -> v0.3.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 -> v1.5.2
github.com/aws/aws-sdk-go-v2/config v1.27.10 -> v1.27.11
github.com/aws/aws-sdk-go-v2/service/kms v1.30.1 -> v1.31.0
github.com/containerd/containerd v1.7.14 -> v1.7.16
github.com/containernetworking/cni v1.1.2 -> v1.2.0
github.com/docker/docker v26.0.0 -> v26.0.2
github.com/google/go-tpm ee6cbcd136f8 -> 1fb84445f623
github.com/hetznercloud/hcloud-go/v2 v2.7.0 -> v2.7.2
github.com/insomniacslk/dhcp c728f5dd21c8 -> f1cffa2c0c49
github.com/klauspost/compress v1.17.7 new
github.com/miekg/dns v1.1.58 -> v1.1.59
github.com/prometheus/procfs v0.13.0 -> v0.14.0
github.com/rivo/tview a22293bda944 -> e119d15762fe
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.25 -> v1.0.0-beta.26
github.com/siderolabs/discovery-client v0.1.8 -> v0.1.9
github.com/siderolabs/extras v1.7.0-1-gbb76755 -> v1.8.0-alpha.0
github.com/siderolabs/pkgs v1.7.0-6-g29106c0 -> v1.8.0-alpha.0-10-g28c5696
github.com/siderolabs/talos/pkg/machinery v1.7.0 -> v1.7.0-alpha.1
github.com/siderolabs/tools v1.7.0-1-g10b2a69 -> v1.8.0-alpha.0
golang.org/x/net v0.23.0 -> v0.24.0
golang.org/x/oauth2 v0.18.0 -> v0.19.0
golang.org/x/sync v0.6.0 -> v0.7.0
golang.org/x/sys v0.18.0 -> v0.19.0
golang.org/x/term v0.18.0 -> v0.19.0
google.golang.org/grpc v1.62.1 -> v1.63.2

Previous release can be found at v1.7.0

Talos 1.7.0-alpha.1 (2024-03-14)

Welcome to the v1.7.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

Device Selectors

Talos Linux now supports physical: true qualifier for device selectors, it selects non-virtual network interfaces (i.e. en0 is selected, while bond0 is not).

DNS Caching

Talos Linux now provides a caching DNS resolver for host workloads (including host networking pods). It can be disabled with:

machine:
   features:
       localDNS: false

Extension Services Config

Talos now supports supplying configuration files and environment variables for extension services. The extension service configuration is a separate config document. An example is shown below:

---
apiVersion: v1alpha1
kind: ExtensionServiceConfig
name: nut-client
configFiles:
  - content: MONITOR ${upsmonHost} 1 remote pass password
    mountPath: /usr/local/etc/nut/upsmon.conf
environment:
  - UPS_NAME=ups

For documentation, see Extension Services Config Files.

Note: The use of environmentFile in extension service spec is now deprecated and will be removed in a future release of Talos. Use ExtensionServiceConfig instead.

Kubernetes Upgrade

The command talosctl upgrade-k8s now supports specifying custom image references for Kubernetes components via --*-image flags. The default behavior is unchanged, and the flags are optional.

KubeSpan

Talos Linux disables by default a KubeSpan feature to harvest additional endpoints from KubeSpan members. This feature turned out to be less helpful than expected and caused unnecessary performance issues.

Previous behavior can be restored with:

machine:
  network:
    kubespan:
        harvestExtraEndpoints: true

NTP

Default NTP server was updated to be time.cloudflare.com instead of pool.ntp.org. Default server is only used if the user does not specify any NTP servers in the configuration.

OpenNebula

Talos Linux now supports OpenNebula platform.

Known Problems

DRBD extension is disabled in this release due to incompatibility with the latest Linux kernel.

Kubernetes API Server Service Account Key

Talos Linux starting from this release uses RSA key for Kubernetes API Server Service Account instead of ECDSA key to provide better compatibility with external OpenID Connect implementations.

SBC

Talos core will drop support for SBC's and will not include the SBC binaries in the release. Overlays are being developed to support SBC's.

Secure Boot Image

Talos Linux now provides a way to configure systemd-boot ISO 'secure-boot-enroll' option while generating a SecureBoot ISO image:

output:
    kind: iso
    isoOptions:
        sdBootEnrollKeys: force # default is still if-safe
    outFormat: raw

Syslog

Talos Linux now starts a basic syslog receiver listening on /dev/log. The receiver can mostly parse both RFC3164 and RFC5424 messages and writes them as JSON formatted message. The logs can be viewed via talosctl logs syslogd.

This is mostly implemented for extension services that log to syslog.

Component Updates

Linux: 6.6.21 etcd: 3.5.11 Kubernetes: 1.30.0-beta.0 containerd: 1.7.14 runc: 1.1.12 Flannel: 0.24.1

Talos is built with Go 1.22.1.

Contributors

Andrey Smirnov
Noel Georgi
Dmitriy Matrenichev
Utku Ozdemir
Andrey Smirnov
Artem Chernyshev
Radosław Piliszek
Spencer Smith
Anthony ARNAUD
Justin Garrison
Steve Francis
Anastasios Papagiannis
Andrei Kvapil
Andrian Zubovic
AvnarJakob
Cas de Reuver
Christian Mohn
Christian WALDBILLIG
Dmitry Sharshakov
Dmitry Sharshakov
Drew Hess
ExtraClock
Fabiano Fidêncio
Henno Schooljan
Hervé Werner
JJGadgets
Jacob McSwain
Jonomir
Kai Hanssen
Louis SCHNEIDER
Matthieu S
Michael Stephenson
Nico Berlee
Pip Oomen
Saiyam Pathak
Sebastiaan Gerritsen
Sebastian Gaiser
Serge Logvinov
Tim Jones
bri
ebcrypto
edwinavalos
fazledyn-or
james-dreebot
pardomue
shurkys
stereobutter

Changes

162 commits

403ad93c3 feat: update dependencies
7376f34e8 fix: remove maintenance config when maintenance service is shut down
952801d8b fix: handle overlay partition options
465b9a4e6 fix: update discovery client with the fix for keepalive interval
1e9f866ac feat: update Kubernetes to v1.30.0-beta.0
d118a852b feat: implement Install for imager overlays
cd5a5a447 chore: migrate to go-grpc-middleware/v2
e3c2a6398 feat: set default NTP server to time.cloudflare.com
32e087760 chore: print all available logs containers in logs command completions
e89d755c5 fix: etcd config validation for worker
1aa3c9182 docs: add DreeBot to ADOPTERS.md
1bb6027cc fix: fix nil panic on maintenance upgrade with partial config
aa70bfb9d docs: add Redpill Linpro to adopters list
f02aeec92 fix: do not fail cluster create when input dir does not contain talosconfig
1ec6683e0 chore: use go-copy
3c8f51d70 chore: move cli formatters and version modules to machinery
8152a6dd6 feat: update Go to 1.22.1
8c7953991 docs: update replicated-local-storage-with-openebs-jiva.md
f23bd8144 fix: syslog parser
bbed07e03 feat: update Linux to 6.6.18
8125e754b feat: imager overlay
0b9b4da12 feat: update Kubernetes to 1.30.0-alpha.3
3a764029e docs: fix typo in word governor
d81d49000 chore: update CoreDNS renovate source
b2ad5dc5f fix: workaround a race in CNI setup (talosctl cluster create)
457507803 fix: provide auth when pulling images in the imager
e707175ab docs: update config patch in cilium docs
f8c556a1c chore: listen for dns requests on 127.0.0.53
8872a7a21 fix: ignore 'no such device' in addition to 'no such file'
1cb544353 chore: uki der certs in iso
67ac6933d fix: handle errors to watch apid/trustd certs
c79d69c2e fix: only set gateway if set in context (opennebula)
4575dd8e7 chore: allow not preallocated disks for QEMU cluster
0bddfea81 chore: add oceanbox.io to adopters
136427592 chore: use proper talos_version_contract for TF tests
6bf50fdc1 chore: disable x/net/trace in gRPC to enable dead code elimination
815a8e9cc feat: add partial config support to talosctl cluster create
64e9703f8 chore: add tests for the Kata Containers extension
9b6291925 feat: update pkgs
66f3ffdd4 fix: ensure that Talos runs in a pod (container)
9dbc33972 feat: add basic syslog implementation
0b7a27e6a feat: allow access to all resources over siderolink in maintenance mode
53721883d feat: support AWS KMS for the SecureBoot signing
7ee999f8a fix: disable KubeSpan endpoint harvesting by default
7b87c7fe9 chore: bump Go dependencies
8e9596d3c docs: rpi talosctl install update
493bb60f8 fix: correctly handle partial configs in DNSUpstreamController
6deb10ae2 chore: deprecate environmentFile for extensions
f8b4ee82a chore: update extensions test
1366ce14a feat: update Kubernetes to v1.30.0-alpha.2
559308ef7 fix: use MachineStatus resource to check for boot done
15e8bca2b feat: support environment in ExtensionServicesConfig
3fe82ec46 feat: custom image settings for k8s upgrade
fa3b93370 chore: replace fmt.Errorf with errors.New where possible
d4521ee9c feat: update kernel with sfc driver and LSM updates
2f0421b40 fix: run xfs_repair on invalid argument error
f868fb8e8 docs: update vmware tools url
fa2d34dd8 chore: enable v6 support on the same port
83e0b0c19 chore: adjust dns sockets settings
a1ec1705b chore: update Go to 1.22.0
76b50fcd4 chore: add Ænix to the Adopters list
5324d3916 chore: bump stuff
087b50f42 feat: support systemd-boot ISO enroll keys option
afa71d6b0 chore: use "handle-like" resource in DNSResolveCacheController
013e13070 fix: error with decoding config document with wrong apiVersion
1e77bb1c3 chore: allow custom pkgs to build talos
3f8a85f1b fix: unlock the upgrade mutex properly
61c3331b1 docs: update indentation in vip.md
383e528df chore: allow uuid-based hostnames in talosctl cluster create
1e6c8c4de feat: extensions services config
989ca3ade feat: add OpenNebula platform support
914f88778 docs: update nocloud.md Proxmox information
a04cc8015 fix: pass TTL when generating client certificate
3fe8c12ca fix: add log line about controller runtime failing
ddbabc7e5 fix: use a separate cgroup for each extension service
6ccdd2c09 chore: fix markdown-lint call
4184e617a chore: add test for wasmedge runtime extension
95ea3a6c6 chore: bump timeout in acquire tests
c19a505d8 chore: bump docker dind image
d7d4154d5 chore: remove channel blocking in qemu launch
029d7f7b9 release(v1.7.0-alpha.0): prepare release
2ff81c06b feat: update runc 1.1.12, containerd 1.7.13
9d8cd4d05 chore: drop deprecated method EtcdRemoveMember
17567f19b fix: take into account the moment seen when cleaning up CRI images
aa03204b8 docs: document the process of building custom kernel packages
7af48bd55 feat: use RSA key for kube-apiserver service account key
a5e13c696 fix: retry blockdevice open in the installer
593afeea3 fix: run the interactive installer loop to report errors
87be76b87 fix: be more tolerant to error handling in Mounts API
03add7503 docs: add section on using imager with extensions from tarball
ee0fb5eff docs: consolidate certificate management articles
9c14dea20 chore: bump coredns
ebeef2852 feat: implement local caching dns server
4a3691a27 docs: fix broken links in metal-network-configuration.md
c4ed189a6 docs: provide sane defaults for each release series in vmware script
8138d54c6 docs: clarify node taints/labels for worker nodes
b44551ccd feat: update Linux to 6.6.13
385707c5f docs: update vmware.sh
d1a79b845 docs: fix small typo in etcd maintenance guide
cf0603330 docs: copy generated JSON schema to host
f11139c22 docs: document local path provisioner install
e0dfbb8fb fix: allow META encoded values to be compressed
d677901b6 feat: implement device selector for 'physical'
7d1117289 docs: add missing talosconfig flag
8a1732bcb fix: pull in mptspi driver
c1e45071f refactor: use etcd configuration from the EtcdSpec resource
4e9b688d3 fix: use correct TTL for talosconfig in talosctl config new
fb5ad0555 feat: update Kubernetes default to 1.29.1
fe24139f3 docs: fork docs for v1.7
1c2d10ccc chore: bump dependencies
a599e3867 chore: allow custom registry to build installer/imager
3911ddf7b docs: add how-to for cert management
b0ee0bfba fix: strategic patch merging for audit policy
474eccdc4 fix: watch bufer overrun for RouteStatus
cc06b5d7a fix: fix .der output in talosctl gen secureboot
1dbb4abf4 fix: update discovery service client to v0.1.6
9782319c3 fix: support KubePrism settings in Kubernetes Discovery
6c5a0c281 feat: generate a single JSON schema for multidoc config
f70b47ddd fix: force KubePrism to connect using IPv4
d5321e085 fix: update kmsg with utf-8 fix
7fa7362dd fix: fix nodes on dashboard footer when node names are used in --nodes
ba88678f1 fix: merge ports and ingress configs correctly in NetworkRuleConfig
dea9bda2d fix: disk UUID & WWID always empty in talosctl disks
8dc112f36 chore: pull in NBD modules
f6926faab fix: default priority for ipv6
e8758dcba chore: support http downloads for assets in talosctl cluster create
265f21be0 fix: replace the filemap implementation to not buffer in memory
8db3c5b3c fix: pick correctly base installer image layers
0a30ef784 fix: imager should support different Talos versions
d6342cda5 docs: update latest version to v1.6.1
e6e422b92 chore: bump dependencies
5a19d078a fix: properly overwrite files on install
9eb6cea78 docs: secureboot sd-boot menu clarification
01f0cbe61 feat: support iPXE direct booting in talosctl cluster create
3ba84701d feat: pull in kernel modules for mlx Infiniband and VFIO
ba993e0ed docs: announce that SecureBoot is available
241bc9312 fix: update the way secureboot signer fetches certificate (azure)
59b62398f chore: modernize machined/pkg/controllers/k8s
760f793d5 fix: use correct prefix when installing SBC files
0b94550c4 chore: fix the gvisor test
3a787c1d6 docs: update 1.6 docs with Noel's feedback
d803e40ef docs: provide documentation for Talos 1.6
9a185a30f feat: update Kubernetes to v1.29.0
5934815d2 chore: split more kernel modules on amd64
10c59a6b9 fix: leave discovery service later in the reset sequence
0c86ca1cc chore: enable kubespan+firewall for cilium tests
98fd722d5 feat: provide compatibility for future Talos 1.7
131a1b167 fix: add a KubeSpan option to disable extra endpoint harvesting
4547ad9af feat: send actor id to the SideroLink events sink
04e774547 docs: cap max heading level
6bb1e99aa chore: optimize pcap dump
4f9d3b975 feat: update Kubernetes to v1.29.0-rc.2
46121c9fe docs: rework machine config documentation generation
e128d3c82 fix: talosctl cluster create not to enforce kubeprism always
320064c5a feat: update Go 1.21.5, Linux 6.1.65, etcd 3.5.11
270604bea fix: support user disks via symlinks
4f195dd27 chore: fix the release.toml
474fa0480 fix: store and execute desired action on emergency action
515ae2a18 docs: extend hetzner-cloud docs for arm64
eecc4dbd5 fix: trim leading spaces\newlines in inline manifest contents
dbf274ddf fix: skip writing the file if the contents haven't changed
6329222bd fix: do not panic in merge.Merge if map value is nil

Changes since v1.7.0-alpha.0

80 commits

403ad93c3 feat: update dependencies
7376f34e8 fix: remove maintenance config when maintenance service is shut down
952801d8b fix: handle overlay partition options
465b9a4e6 fix: update discovery client with the fix for keepalive interval
1e9f866ac feat: update Kubernetes to v1.30.0-beta.0
d118a852b feat: implement Install for imager overlays
cd5a5a447 chore: migrate to go-grpc-middleware/v2
e3c2a6398 feat: set default NTP server to time.cloudflare.com
32e087760 chore: print all available logs containers in logs command completions
e89d755c5 fix: etcd config validation for worker
1aa3c9182 docs: add DreeBot to ADOPTERS.md
1bb6027cc fix: fix nil panic on maintenance upgrade with partial config
aa70bfb9d docs: add Redpill Linpro to adopters list
f02aeec92 fix: do not fail cluster create when input dir does not contain talosconfig
1ec6683e0 chore: use go-copy
3c8f51d70 chore: move cli formatters and version modules to machinery
8152a6dd6 feat: update Go to 1.22.1
8c7953991 docs: update replicated-local-storage-with-openebs-jiva.md
f23bd8144 fix: syslog parser
bbed07e03 feat: update Linux to 6.6.18
8125e754b feat: imager overlay
0b9b4da12 feat: update Kubernetes to 1.30.0-alpha.3
3a764029e docs: fix typo in word governor
d81d49000 chore: update CoreDNS renovate source
b2ad5dc5f fix: workaround a race in CNI setup (talosctl cluster create)
457507803 fix: provide auth when pulling images in the imager
e707175ab docs: update config patch in cilium docs
f8c556a1c chore: listen for dns requests on 127.0.0.53
8872a7a21 fix: ignore 'no such device' in addition to 'no such file'
1cb544353 chore: uki der certs in iso
67ac6933d fix: handle errors to watch apid/trustd certs
c79d69c2e fix: only set gateway if set in context (opennebula)
4575dd8e7 chore: allow not preallocated disks for QEMU cluster
0bddfea81 chore: add oceanbox.io to adopters
136427592 chore: use proper talos_version_contract for TF tests
6bf50fdc1 chore: disable x/net/trace in gRPC to enable dead code elimination
815a8e9cc feat: add partial config support to talosctl cluster create
64e9703f8 chore: add tests for the Kata Containers extension
9b6291925 feat: update pkgs
66f3ffdd4 fix: ensure that Talos runs in a pod (container)
9dbc33972 feat: add basic syslog implementation
0b7a27e6a feat: allow access to all resources over siderolink in maintenance mode
53721883d feat: support AWS KMS for the SecureBoot signing
7ee999f8a fix: disable KubeSpan endpoint harvesting by default
7b87c7fe9 chore: bump Go dependencies
8e9596d3c docs: rpi talosctl install update
493bb60f8 fix: correctly handle partial configs in DNSUpstreamController
6deb10ae2 chore: deprecate environmentFile for extensions
f8b4ee82a chore: update extensions test
1366ce14a feat: update Kubernetes to v1.30.0-alpha.2
559308ef7 fix: use MachineStatus resource to check for boot done
15e8bca2b feat: support environment in ExtensionServicesConfig
3fe82ec46 feat: custom image settings for k8s upgrade
fa3b93370 chore: replace fmt.Errorf with errors.New where possible
d4521ee9c feat: update kernel with sfc driver and LSM updates
2f0421b40 fix: run xfs_repair on invalid argument error
f868fb8e8 docs: update vmware tools url
fa2d34dd8 chore: enable v6 support on the same port
83e0b0c19 chore: adjust dns sockets settings
a1ec1705b chore: update Go to 1.22.0
76b50fcd4 chore: add Ænix to the Adopters list
5324d3916 chore: bump stuff
087b50f42 feat: support systemd-boot ISO enroll keys option
afa71d6b0 chore: use "handle-like" resource in DNSResolveCacheController
013e13070 fix: error with decoding config document with wrong apiVersion
1e77bb1c3 chore: allow custom pkgs to build talos
3f8a85f1b fix: unlock the upgrade mutex properly
61c3331b1 docs: update indentation in vip.md
383e528df chore: allow uuid-based hostnames in talosctl cluster create
1e6c8c4de feat: extensions services config
989ca3ade feat: add OpenNebula platform support
914f88778 docs: update nocloud.md Proxmox information
a04cc8015 fix: pass TTL when generating client certificate
3fe8c12ca fix: add log line about controller runtime failing
ddbabc7e5 fix: use a separate cgroup for each extension service
6ccdd2c09 chore: fix markdown-lint call
4184e617a chore: add test for wasmedge runtime extension
95ea3a6c6 chore: bump timeout in acquire tests
c19a505d8 chore: bump docker dind image
d7d4154d5 chore: remove channel blocking in qemu launch

Changes from siderolabs/crypto

1 commit

1c94bb3 chore: bump dependencies

Changes from siderolabs/discovery-api

1 commit

e1dc7bb chore: rekres, update dependencies

Changes from siderolabs/discovery-client

3 commits

f4095a1 chore: bump discovery API to v0.1.4
fbb1cea fix: keepalive interval calculation
ff8f4be fix: enable gRPC keepalives

Changes from siderolabs/extras

4 commits

47bb718 chore: update base pkgs
60793cd feat: update Go to 1.22.1
c4934e1 feat: update Go to 1.22
8909d6f chore: update Go to 1.21.5

Changes from siderolabs/gen

1 commit

238baf9 chore: add typesafe SyncMap and bump stuff

Changes from siderolabs/go-api-signature

21 commits

cf2bd06 chore: bump dependencies
370cebf fix: always print the login URL on key renew flow
d28609a feat: move in the cli grpc interceptor logic, support service account in env
4602acc chore: add a dummy workflow
cfd21b6 fix: support validating signatures generated with the time in the future
74dd3dc chore: bump deps
d78bedb chore: bump deps
a034e9f feat: replace scopes with roles
5b4f3bb chore: run rekres
9dba116 chore: remove time.Sleep hack
e84e686 chore: bump dependencies
8baaf8a chore: bump deps
5f27e1e chore: add renovate bot and bump deps
69886dc feat: allow custom validations on PGP key
63d4da3 fix: limit clock skew for short-lived keys
cdb9722 feat: add support for +-5 min clock skew
7b80a50 refactor: use options pattern in RegisterPGPPublicKey
c647861 feat: add scopes to RegisterPublicKeyRequest
5d3647e feat: provide more client PGP functions
2b682ec feat: initial version
a4c2943 chore: initial commit

Changes from siderolabs/go-copy

2 commits

aa4ade4 chore: add initial code
52a6d48 chore: go-copy repo

Changes from siderolabs/go-debug

1 commit

0c2be80 chore: run rekres (update to Go 1.22)

Changes from siderolabs/go-kmsg

2 commits

e358d13 fix: decode escape sequences while reading from kmsg
4297bd5 feat: add BSD support

Changes from siderolabs/go-kubernetes

1 commit

ddd4c69 feat: add support for Kubernetes 1.30

Changes from siderolabs/go-loadbalancer

1 commit

aab4671 chore: rekres, update dependencies

Changes from siderolabs/pkgs

37 commits

8804a60 chore: update dependencies
a587b42 feat: enable most common amd64 watchdog drivers
3aacf03 feat: update releases
e5c0c79 feat: build NVMe target module
cb39126 chore: re-enable zfs pkg
d9c1540 feat: update releases
1904994 feat: enable VRF module
87eb013 feat: disable PCI busmastering on bridges during boot
30f18c8 chore: remove symlinks and broken binaries
7811e5e chore: set PREEMPT_NONE as recommended for servers
65006ed fix: enable KFD support in kernel
510a3f9 feat: add support for Solarflare SFC9100 and SFC9200 family
4340508 feat: enable CONFIG_SECURITY_PATH and CONFIG_BPF_LSM
0ec4cc3 feat: update Go to 1.22
36c08ae feat: enable PSI (pressure stall information)
0853224 feat: update Linux to 6.6.16
96cc841 chore: bump deps
064fd58 feat: update Linux to 6.6.14, enable XDP
efbbd23 feat: update Linux to 6.6.13
dfb5026 chore: switch to git ref for raspberrypi firmware
4af2d0f feat: update Linux to 6.1.74
2358efe fix: enable FUSION_SPI driver
f376a53 chore: bump dependencies
583e519 feat: add v4l usb video class (webcam) drivers
2d3ca68 feat: enable NBD
f647edd feat: update Linux to 6.1.69
6af1691 feat: enable VFIO also on amd64
d633cd6 feat: enable modules for mlx infiniband
4c59641 fix: zfs module build
e325097 feat: enable nct6683 sensors as module
d6185ec feat: enable IRQ remapping on amd64
814dc60 feat: update containerd to 1.7.11
dd71790 chore: rekres to fix 'failed' build on main
a36dec4 feat: split more device drivers into modules
97270a2 feat: update Linux to 6.1.67
8a73907 feat: update Go to 1.21.5
8f0ffb9 feat: update zfs to v2.2.2

Changes from siderolabs/tools

12 commits

cb5fd56 chore: update xz to 5.6.1
14bf457 fix: use musl 1.2.4 in tools, revert kmod back to 32
6c1f73d fix: revert kmod to version 31
59fd552 feat: update releases
eff5d16 feat: update Go to 1.22.1
b6b4d9e feat: update Go to 1.22
f4b41d1 fix: rust toolchain
8cc79e6 feat: update dependencies
c7076eb chore: bump dependencies
a80a2aa feat: update Go to 1.21.6
b677a2b feat: add rust build stage
1659d82 feat: update Go to 1.21.5

Dependency Changes

github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0 -> v1.10.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 -> v1.5.1
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.0.0 -> v1.1.0
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 -> v1.1.0
github.com/alexflint/go-filemutex v1.3.0 new
github.com/aws/aws-sdk-go-v2/config v1.25.6 -> v1.27.7
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.5 -> v1.15.3
github.com/aws/aws-sdk-go-v2/service/kms v1.29.2 new
github.com/aws/smithy-go v1.17.0 -> v1.20.1
github.com/beevik/ntp v1.3.0 -> v1.3.1
github.com/containerd/cgroups/v3 v3.0.2 -> v3.0.3
github.com/containerd/containerd v1.7.9 -> v1.7.14
github.com/containernetworking/plugins v1.3.0 -> v1.4.1
github.com/coredns/coredns v1.11.1 new
github.com/cosi-project/runtime v0.3.19 -> v0.4.0-alpha.9
github.com/docker/docker v24.0.7 -> v25.0.4
github.com/docker/go-connections v0.4.0 -> v0.5.0
github.com/foxboron/go-uefi 18b9ba9cd4c3 -> 48be911532c2
github.com/gdamore/tcell/v2 v2.6.0 -> v2.7.4
github.com/google/go-containerregistry v0.16.1 -> v0.19.0
github.com/google/go-tpm v0.9.0 -> ee6cbcd136f8
github.com/google/nftables v0.1.0 -> v0.2.0
github.com/google/uuid v1.4.0 -> v1.6.0
github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0 new
github.com/hetznercloud/hcloud-go/v2 v2.4.0 -> v2.6.0
github.com/insomniacslk/dhcp b0416c0f187a -> c728f5dd21c8
github.com/jeromer/syslogparser v1.1.0 new
github.com/jsimonetti/rtnetlink v1.4.0 -> v1.4.1
github.com/miekg/dns v1.1.58 new
github.com/opencontainers/image-spec v1.1.0-rc4 -> v1.1.0
github.com/opencontainers/runtime-spec v1.1.0-rc.1 -> v1.2.0
github.com/packethost/packngo v0.30.0 -> v0.31.0
github.com/pmorjan/kmod v1.1.0 -> v1.1.1
github.com/prometheus/procfs v0.12.0 -> v0.13.0
github.com/rivo/tview 33a1d271f2b6 -> e804876934a1
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.21 -> v1.0.0-beta.25
github.com/siderolabs/crypto v0.4.1 -> v0.4.2
github.com/siderolabs/discovery-api v0.1.3 -> v0.1.4
github.com/siderolabs/discovery-client v0.1.5 -> v0.1.8
github.com/siderolabs/extras v1.6.0-1-g113887a -> v1.7.0-alpha.0-3-g47bb718
github.com/siderolabs/gen v0.4.7 -> v0.4.8
github.com/siderolabs/go-api-signature v0.3.2 new
github.com/siderolabs/go-copy v0.1.0 new
github.com/siderolabs/go-debug v0.2.3 -> v0.3.0
github.com/siderolabs/go-kmsg v0.1.3 -> v0.1.4
github.com/siderolabs/go-kubernetes v0.2.8 -> v0.2.9
github.com/siderolabs/go-loadbalancer v0.3.2 -> v0.3.3
github.com/siderolabs/pkgs v1.6.0-5-g3ae2450 -> v1.7.0-alpha.0-35-g8804a60
github.com/siderolabs/talos/pkg/machinery v1.6.0 -> v1.7.0-alpha.0
github.com/siderolabs/tools v1.6.0-1-g336d248 -> v1.7.0-alpha.0-11-gcb5fd56
github.com/stretchr/testify v1.8.4 -> v1.9.0
github.com/u-root/u-root v0.11.0 -> v0.14.0
go.etcd.io/etcd/api/v3 v3.5.11 -> v3.5.12
go.etcd.io/etcd/client/pkg/v3 v3.5.11 -> v3.5.12
go.etcd.io/etcd/client/v3 v3.5.11 -> v3.5.12
go.etcd.io/etcd/etcdutl/v3 v3.5.11 -> v3.5.12
go.uber.org/zap v1.26.0 -> v1.27.0
go4.org/netipx 6213f710f925 -> fdeea329fbba
golang.org/x/net v0.19.0 -> v0.22.0
golang.org/x/oauth2 v0.15.0 -> v0.18.0
golang.org/x/sync v0.5.0 -> v0.6.0
golang.org/x/sys v0.15.0 -> v0.18.0
golang.org/x/term v0.15.0 -> v0.18.0
google.golang.org/grpc v1.59.0 -> v1.62.1
google.golang.org/protobuf v1.31.0 -> v1.33.0
k8s.io/api v0.29.0 -> v0.30.0-beta.0
k8s.io/apimachinery v0.29.0 -> v0.30.0-beta.0
k8s.io/apiserver v0.29.0 -> v0.30.0-beta.0
k8s.io/client-go v0.29.0 -> v0.30.0-beta.0
k8s.io/component-base v0.29.0 -> v0.30.0-beta.0
k8s.io/cri-api v0.29.0 -> v0.30.0-beta.0
k8s.io/klog/v2 v2.110.1 -> v2.120.1
k8s.io/kube-scheduler v0.29.0 -> v0.30.0-beta.0
k8s.io/kubectl v0.29.0 -> v0.30.0-beta.0
k8s.io/kubelet v0.29.0 -> v0.30.0-beta.0
k8s.io/pod-security-admission v0.30.0-beta.0 new

Previous release can be found at v1.6.0

Talos 1.7.0-alpha.0 (2024-02-01)

Welcome to the v1.7.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

Device Selectors

Talos Linux now supports physical: true qualifier for device selectors, it selects non-virtual network interfaces (i.e. en0 is selected, while bond0 is not).

DNS Caching

Talos Linux now provides a caching DNS resolver for host workloads (including host networking pods). It can be disabled with:

machine:
   features:
       localDNS: false

Known Problems

ZFS and DRBD extensions are disabled in this release due to incompatibility with the latest Linux kernel.

Kubernetes API Server Service Account Key

Talos Linux starting from this release uses RSA key for Kubernetes API Server Service Account instead of ECDSA key to provide better compatibility with external OpenID Connect implementations.

Component Updates

Linux: 6.6.14 etcd: 3.5.11 Kubernetes: 1.29.1 containerd: 1.7.13 runc: 1.1.12 Flannel: 0.24.1

Talos is built with Go 1.21.6.

Contributors

Andrey Smirnov
Dmitriy Matrenichev
Utku Ozdemir
Noel Georgi
Andrey Smirnov
Radosław Piliszek
Artem Chernyshev
Spencer Smith
Steve Francis
Anthony ARNAUD
Cas de Reuver
Christian Mohn
Drew Hess
ExtraClock
Hervé Werner
JJGadgets
Jacob McSwain
Jonomir
Sebastian Gaiser
Serge Logvinov
Tim Jones
edwinavalos
stereobutter

Changes

81 commits

2ff81c06b feat: update runc 1.1.12, containerd 1.7.13
9d8cd4d05 chore: drop deprecated method EtcdRemoveMember
17567f19b fix: take into account the moment seen when cleaning up CRI images
aa03204b8 docs: document the process of building custom kernel packages
7af48bd55 feat: use RSA key for kube-apiserver service account key
a5e13c696 fix: retry blockdevice open in the installer
593afeea3 fix: run the interactive installer loop to report errors
87be76b87 fix: be more tolerant to error handling in Mounts API
03add7503 docs: add section on using imager with extensions from tarball
ee0fb5eff docs: consolidate certificate management articles
9c14dea20 chore: bump coredns
ebeef2852 feat: implement local caching dns server
4a3691a27 docs: fix broken links in metal-network-configuration.md
c4ed189a6 docs: provide sane defaults for each release series in vmware script
8138d54c6 docs: clarify node taints/labels for worker nodes
b44551ccd feat: update Linux to 6.6.13
385707c5f docs: update vmware.sh
d1a79b845 docs: fix small typo in etcd maintenance guide
cf0603330 docs: copy generated JSON schema to host
f11139c22 docs: document local path provisioner install
e0dfbb8fb fix: allow META encoded values to be compressed
d677901b6 feat: implement device selector for 'physical'
7d1117289 docs: add missing talosconfig flag
8a1732bcb fix: pull in mptspi driver
c1e45071f refactor: use etcd configuration from the EtcdSpec resource
4e9b688d3 fix: use correct TTL for talosconfig in talosctl config new
fb5ad0555 feat: update Kubernetes default to 1.29.1
fe24139f3 docs: fork docs for v1.7
1c2d10ccc chore: bump dependencies
a599e3867 chore: allow custom registry to build installer/imager
3911ddf7b docs: add how-to for cert management
b0ee0bfba fix: strategic patch merging for audit policy
474eccdc4 fix: watch bufer overrun for RouteStatus
cc06b5d7a fix: fix .der output in talosctl gen secureboot
1dbb4abf4 fix: update discovery service client to v0.1.6
9782319c3 fix: support KubePrism settings in Kubernetes Discovery
6c5a0c281 feat: generate a single JSON schema for multidoc config
f70b47ddd fix: force KubePrism to connect using IPv4
d5321e085 fix: update kmsg with utf-8 fix
7fa7362dd fix: fix nodes on dashboard footer when node names are used in --nodes
ba88678f1 fix: merge ports and ingress configs correctly in NetworkRuleConfig
dea9bda2d fix: disk UUID & WWID always empty in talosctl disks
8dc112f36 chore: pull in NBD modules
f6926faab fix: default priority for ipv6
e8758dcba chore: support http downloads for assets in talosctl cluster create
265f21be0 fix: replace the filemap implementation to not buffer in memory
8db3c5b3c fix: pick correctly base installer image layers
0a30ef784 fix: imager should support different Talos versions
d6342cda5 docs: update latest version to v1.6.1
e6e422b92 chore: bump dependencies
5a19d078a fix: properly overwrite files on install
9eb6cea78 docs: secureboot sd-boot menu clarification
01f0cbe61 feat: support iPXE direct booting in talosctl cluster create
3ba84701d feat: pull in kernel modules for mlx Infiniband and VFIO
ba993e0ed docs: announce that SecureBoot is available
241bc9312 fix: update the way secureboot signer fetches certificate (azure)
59b62398f chore: modernize machined/pkg/controllers/k8s
760f793d5 fix: use correct prefix when installing SBC files
0b94550c4 chore: fix the gvisor test
3a787c1d6 docs: update 1.6 docs with Noel's feedback
d803e40ef docs: provide documentation for Talos 1.6
9a185a30f feat: update Kubernetes to v1.29.0
5934815d2 chore: split more kernel modules on amd64
10c59a6b9 fix: leave discovery service later in the reset sequence
0c86ca1cc chore: enable kubespan+firewall for cilium tests
98fd722d5 feat: provide compatibility for future Talos 1.7
131a1b167 fix: add a KubeSpan option to disable extra endpoint harvesting
4547ad9af feat: send actor id to the SideroLink events sink
04e774547 docs: cap max heading level
6bb1e99aa chore: optimize pcap dump
4f9d3b975 feat: update Kubernetes to v1.29.0-rc.2
46121c9fe docs: rework machine config documentation generation
e128d3c82 fix: talosctl cluster create not to enforce kubeprism always
320064c5a feat: update Go 1.21.5, Linux 6.1.65, etcd 3.5.11
270604bea fix: support user disks via symlinks
4f195dd27 chore: fix the release.toml
474fa0480 fix: store and execute desired action on emergency action
515ae2a18 docs: extend hetzner-cloud docs for arm64
eecc4dbd5 fix: trim leading spaces\newlines in inline manifest contents
dbf274ddf fix: skip writing the file if the contents haven't changed
6329222bd fix: do not panic in merge.Merge if map value is nil

Changes from siderolabs/discovery-client

1 commit

ff8f4be fix: enable gRPC keepalives

Changes from siderolabs/extras

1 commit

8909d6f chore: update Go to 1.21.5

Changes from siderolabs/go-api-signature

20 commits

370cebf fix: always print the login URL on key renew flow
d28609a feat: move in the cli grpc interceptor logic, support service account in env
4602acc chore: add a dummy workflow
cfd21b6 fix: support validating signatures generated with the time in the future
74dd3dc chore: bump deps
d78bedb chore: bump deps
a034e9f feat: replace scopes with roles
5b4f3bb chore: run rekres
9dba116 chore: remove time.Sleep hack
e84e686 chore: bump dependencies
8baaf8a chore: bump deps
5f27e1e chore: add renovate bot and bump deps
69886dc feat: allow custom validations on PGP key
63d4da3 fix: limit clock skew for short-lived keys
cdb9722 feat: add support for +-5 min clock skew
7b80a50 refactor: use options pattern in RegisterPGPPublicKey
c647861 feat: add scopes to RegisterPublicKeyRequest
5d3647e feat: provide more client PGP functions
2b682ec feat: initial version
a4c2943 chore: initial commit

Changes from siderolabs/go-kmsg

2 commits

e358d13 fix: decode escape sequences while reading from kmsg
4297bd5 feat: add BSD support

Changes from siderolabs/pkgs

21 commits

96cc841 chore: bump deps
064fd58 feat: update Linux to 6.6.14, enable XDP
efbbd23 feat: update Linux to 6.6.13
dfb5026 chore: switch to git ref for raspberrypi firmware
4af2d0f feat: update Linux to 6.1.74
2358efe fix: enable FUSION_SPI driver
f376a53 chore: bump dependencies
583e519 feat: add v4l usb video class (webcam) drivers
2d3ca68 feat: enable NBD
f647edd feat: update Linux to 6.1.69
6af1691 feat: enable VFIO also on amd64
d633cd6 feat: enable modules for mlx infiniband
4c59641 fix: zfs module build
e325097 feat: enable nct6683 sensors as module
d6185ec feat: enable IRQ remapping on amd64
814dc60 feat: update containerd to 1.7.11
dd71790 chore: rekres to fix 'failed' build on main
a36dec4 feat: split more device drivers into modules
97270a2 feat: update Linux to 6.1.67
8a73907 feat: update Go to 1.21.5
8f0ffb9 feat: update zfs to v2.2.2

Changes from siderolabs/tools

6 commits

f4b41d1 fix: rust toolchain
8cc79e6 feat: update dependencies
c7076eb chore: bump dependencies
a80a2aa feat: update Go to 1.21.6
b677a2b feat: add rust build stage
1659d82 feat: update Go to 1.21.5

Dependency Changes

github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0 -> v1.9.1
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 -> v1.5.1
github.com/aws/aws-sdk-go-v2/config v1.25.6 -> v1.26.6
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.5 -> v1.14.11
github.com/aws/smithy-go v1.17.0 -> v1.19.0
github.com/beevik/ntp v1.3.0 -> v1.3.1
github.com/containerd/cgroups/v3 v3.0.2 -> v3.0.3
github.com/containerd/containerd v1.7.9 -> v1.7.13
github.com/containernetworking/plugins v1.3.0 -> v1.4.0
github.com/coredns/coredns v1.11.1 new
github.com/cosi-project/runtime v0.3.19 -> v0.3.20
github.com/docker/docker v24.0.7 -> v25.0.2
github.com/docker/go-connections v0.4.0 -> v0.5.0
github.com/emicklei/dot v1.6.0 -> v1.6.1
github.com/foxboron/go-uefi 18b9ba9cd4c3 -> 48be911532c2
github.com/gdamore/tcell/v2 v2.6.0 -> v2.7.0
github.com/google/go-containerregistry v0.16.1 -> v0.19.0
github.com/google/go-tpm v0.9.0 -> ee6cbcd136f8
github.com/google/uuid v1.4.0 -> v1.6.0
github.com/hetznercloud/hcloud-go/v2 v2.4.0 -> v2.6.0
github.com/insomniacslk/dhcp b0416c0f187a -> 15c9b8791914
github.com/jsimonetti/rtnetlink v1.4.0 -> v1.4.1
github.com/miekg/dns v1.1.58 new
github.com/opencontainers/image-spec v1.1.0-rc4 -> v1.1.0-rc6
github.com/opencontainers/runtime-spec v1.1.0-rc.1 -> v1.1.0
github.com/packethost/packngo v0.30.0 -> v0.31.0
github.com/pin/tftp 2f79be2dba4e new
github.com/pmorjan/kmod v1.1.0 -> v1.1.1
github.com/rivo/tview 33a1d271f2b6 -> 8526c9fe1b54
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.21 -> v1.0.0-beta.22
github.com/siderolabs/discovery-client v0.1.5 -> v0.1.6
github.com/siderolabs/extras v1.6.0-1-g113887a -> v1.7.0-alpha.0
github.com/siderolabs/go-api-signature v0.3.1 new
github.com/siderolabs/go-kmsg v0.1.3 -> v0.1.4
github.com/siderolabs/pkgs v1.6.0-5-g3ae2450 -> v1.7.0-alpha.0-19-g96cc841
github.com/siderolabs/talos/pkg/machinery v1.6.0 -> v1.6.0-alpha.2
github.com/siderolabs/tools v1.6.0-1-g336d248 -> v1.7.0-alpha.0-5-gf4b41d1
github.com/u-root/u-root v0.11.0 -> v0.12.0
go.etcd.io/etcd/api/v3 v3.5.11 -> v3.5.12
go.etcd.io/etcd/client/pkg/v3 v3.5.11 -> v3.5.12
go.etcd.io/etcd/client/v3 v3.5.11 -> v3.5.12
go.etcd.io/etcd/etcdutl/v3 v3.5.11 -> v3.5.12
go4.org/netipx 6213f710f925 -> fdeea329fbba
golang.org/x/net v0.19.0 -> v0.20.0
golang.org/x/oauth2 v0.15.0 -> v0.16.0
golang.org/x/sync v0.5.0 -> v0.6.0
golang.org/x/sys v0.15.0 -> v0.16.0
golang.org/x/term v0.15.0 -> v0.16.0
google.golang.org/grpc v1.59.0 -> v1.61.0
google.golang.org/protobuf v1.31.0 -> v1.32.0
k8s.io/api v0.29.0 -> v0.29.1
k8s.io/apimachinery v0.29.0 -> v0.29.1
k8s.io/apiserver v0.29.0 -> v0.29.1
k8s.io/client-go v0.29.0 -> v0.29.1
k8s.io/component-base v0.29.0 -> v0.29.1
k8s.io/cri-api v0.29.0 -> v0.29.1
k8s.io/klog/v2 v2.110.1 -> v2.120.1
k8s.io/kube-scheduler v0.29.0 -> v0.29.1
k8s.io/kubectl v0.29.0 -> v0.29.1
k8s.io/kubelet v0.29.0 -> v0.29.1

Previous release can be found at v1.6.0

Talos 1.6.0-alpha.2 (2023-11-21)

Welcome to the v1.6.0-alpha.2 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

Kubelet Credential Provider Configuration

Talos now supports specifying the kubelet credential provider configuration in the Talos configuration file. It can be set under machine.kubelet.credentialProviderConfig and kubelet will be automatically configured to with the correct flags. The credential binaries are expected to be present under /usr/local/lib/kubelet/credentialproviders. Talos System Extensions can be used to install the credential binaries.

Network Device Selectors

Previously, network device selectors only matched the first link, now the configuration is applied to all matching links.

Linux Firmware

Starting with Talos 1.6, there is no Linux firmware included in the initramfs. Customers who need Linux firmware can pull them as extension during install time using the image factory service. If the initial boot requires firmware, a custom iso can be built with the firmware included using the image factory service. This also ensures that the linux-firmware is not tied to a specific Talos version.

Kube-Scheduler Configuration

Talos now supports specifying the kube-scheduler configuration in the Talos configuration file. It can be set under cluster.scheduler.config and kube-scheduler will be automatically configured to with the correct flags.

KubePrism

KubePrism is enabled by default on port 7445.

Sysctl

Talos now handles sysctl/sysfs key names in line with sysctl.conf(5):

if the first separator is '/', no conversion is done
if the first separator is '.', dots and slashes are remapped

Example (both sysctls are equivalent):

machine:
  sysctls:
    net/ipv6/conf/eth0.100/disable_ipv6: "1"
    net.ipv6.conf.eth0/100.disable_ipv6: "1"

talosctl CLI

The command images deprecated in Talos 1.5 was removed, please use talosctl images default instead.

Component Updates

Linux: 6.1.63 containerd: 1.7.9 CoreDNS: 1.11.1 Kubernetes: 1.29.0-alpha.3 Flannel: 0.22.3 etcd: 3.5.10 runc: 1.1.10

Talos is built with Go 1.21.4.

Contributors

Andrey Smirnov
Noel Georgi
Dmitriy Matrenichev
Andrey Smirnov
Oscar Utbult
Serge Logvinov
Utku Ozdemir
Artem Chernyshev
Nico Berlee
Radosław Piliszek
Steve Francis
Thomas Way
ndbrew
Andrei Kvapil
Christian Rolland
Drew Hess
Enno Boland
Florian Berchtold
Henry Sachs
Jacob McSwain
Jacob McSwain
Jared Davenport
Mans Matulewicz
Nebula
Sascha Desch
Spencer Smith
Thomas Lemarchand
Tim Jones
Zachary Milonas
budimanjojo
guoguangwu
mikucat0309

Changes

177 commits

514e514ba feat: update Linux 6.1.63, containerd 1.7.9
aca8b5e17 fix: ignore kernel command line in container mode
020a0eb63 docs: fix table formatting for bootstraprequest
0eb245e04 docs: fix talosctl pcap example indentation
de6caf534 docs: fix table formatting for machineservice api
27d208c26 feat: implement OAuth2 device flow for machine config
5c8fa2a80 chore: start containerd early in boot
95a252cfc docs: fix link in what is new page
0d3c3ed71 feat: support kube scheduler config
06941b7e5 fix: allow rootfs propagation configuration for extension services
57dc796f3 docs: update lastRelease to v1.5.5 in _index.md
21d944a64 docs: add timezone information
4f1ad16c7 feat: support kubelet credentialprovider config
71a3bf0e3 fix: allow extra kernel args for secureboot installer
f38eaaab8 feat: rework secureboot and PCR signing key
6eade3d5e chore: add ability to rewrite uuids and set unique tokens for Talos
e9c7ac17a fix: set max msg recv size when proxying
e22ab440d feat: update Linux 6.1.61, containerd 1.7.8, runc 1.1.10
8245361f9 feat: show first 32 bytes of response body on download error
75d3987c0 chore: drop sha1 from genereated pcr json
6f32d2990 feat: add .der output talosctl gen secureboot pcr
87c40da6c fix: proper logging in machined on startup
a54da5f64 fix: image build for nanopi_4s
6f3cd0593 refactor: update packet capture to use 'afpacket' interface
813442dd7 fix: don't validate machine.install if installed
dff60069c feat: update Kubernetes to 1.29.0-alpha.3
c97db5dfe chore: bump Go dependencies
807a9950a fix: use custom Talos/kernel version when generating UKI
eb94468a6 docs: add documentation for Image Factory
2e78513e1 refactor: drop the dependency link platform -> network ctrl
6dc776b8a fix: when writing to META in the installer/imager, use fixed name
3703041e9 chore: remove uneeded code
cbe6e7622 fix: generate images for SBCs using imager
5dff164f1 fix: fix error output of cli action tracker
ef5056122 feat: update etcd to 3.5.10
45ae80873 chore: bump go-api-signature dependency to v0.3.1
ffa5e05cb fix: make Talos work on Rockpi 4c boards again
8eba4c599 feat: generate secrets bundle from the machine config
c7de745f6 chore: drop deprecated code
cc0c3ab69 docs: update rpi_generic.md
a009f5c60 fix: accept sysctl paths with dots
4919f6ee2 feat: add GOMEMLIMIT to shipped manifests with memory limits
73ee576ea chore: update sonobuouy library, drop the fork
c23bc2f4a chore: support OCI layout as a source for profile input
154bbd70f docs: fix talos version in guide for docker
11d1f6163 release(v1.6.0-alpha.1): prepare release
9dfae8467 chore: update dependencies
38ce3c827 feat: nocloud prefer mac address
401e89411 feat: customize image size
865f08f86 docs: kubeadm migration guide improvements
c3e418200 refactor: use COSI runtime with new controller runtime DB
c1ee24465 feat: update Kubernetes to v1.29.0-alpha.2
0ff7350ab fix: oracle integration fixes
675bada45 test: add config generation stability tests
f9639fb53 test: fix 'talosctl gen' tests
6142d87a0 feat: hostname configuration improvements on the NoCloud platform
7bb205ebe fix: don't use runtime-specs Mount struct in machine config
d1b27926c feat: update Go to 1.21.3
b87092ab6 fix: handle secure boot state policy pcr digest error
498aeb8c3 docs: fix incorrect image suffix
c14a5d4f7 feat: support service account auth in cli
336aee0fd fix: use tpm2 hash algorithm constants and allow non-SHA-256 PCRs
69d8054c9 chore: drop UpdateEndpointSuite
ef7be16c8 fix: clear the encryption config in META when STATE is reset
5fc60d2ca feat: add Solarflare SFC9000 support
9b5cfdd0b chore: add tests for iscsi
b897764f8 docs: update proxmox.md
159f45bde docs: fix typos in CLI calls to endpoints
0bd1bdd74 chore: allow insecure access to installer base image (imager)
10ed13067 fix: the node IP for kubelet shouldn't change if nothing matches
e7575ecaa feat: support n-5 latest Kubernetes versions
e71508ec1 chore: update dependencies
6d7fa4668 docs: add metal network configuration guide
2b548ad0d feat: update containerd to 1.7.x
62dcfe81e fix: update kubernetes library to support 1.29 upgrades
52caf0763 feat: update Kubernetes to 1.29.0-alpha.1
390137447 feat: enable KubePrism by default
1beb5e86e docs: add KubePrism video
a52d3cda3 chore: update gen and COSI runtime
29b201d61 feat: enable common h/w sensors
9c2ba7c6f chore: add tests for chelsio drivers
5ca4d58dc fix: generate of modules.dep when on the machine
5efcccb6b chore: bump kernel to 6.1.54
29c767a02 docs: add control plane nodes as users of apid also for control plane nodes
4874cfb95 chore: fix typo
96f2a62ea test: update upgrade tests versions
f3a370acb feat: update Flannel to 0.22.3
efdee6965 feat: update Kubernetes to 1.28.2
e3b494058 fix: build CPU ucode correctly for early loader
c5bd0ac5c refactor: reimplement the depmod extension rebuilder
0b883f52a docs: add notes about stable addressing
3ef670a9e chore: pull in dm modules
8f4a36b0d docs: update aws to add command to allow KubeSpan wireguard port
a7edd0523 fix: set default route priority for hcloud platform
87c1b3ddd fix: calculate UKI ISO size dynamically
9698e4547 fix: handle correctly change of listen address for maintenance service
a096f05a5 chore: update gRPC library and enable shared write buffers
9e78fecca chore: improve image signing process
f00567e20 chore: add PKG_KERNEL arg to customize used kernel
2960f93ba feat: add readonly information to the disks API response
735bf9ed0 feat: bring in Google vNIC driver
3f5232075 feat: upgrade-k8s without comments
e44875106 docs: update deploying-cilium.md
7046cae43 chore: update gopacket to reduce init memory allocs
da73b563d chore: update Go to 1.21.1
5e11f08a6 fix: trim file path in the container image
3d2dad4e6 chore: show securtiystate on dashboard
b48510874 chore: e2e-aws cleanup
1eebbce35 chore: add output flag for talosctl config info
3fbed806c chore: add tests for util-linux extensions
7c514a1a6 docs: update header links
6058c3602 fix: shorten VLAN link names to fit into the limit of 15 characters
9c2f765c8 fix: allow network device selector to match multiple links
a04b98637 fix: update kubernetes library for 1.28 upgrade pre-checks
f7473e477 feat: update default Kubernetes to 1.28.1
d693604a1 chore: fix default image list in the release notes
d91b5b3a3 feat: set environment variables early in the boot
c918c0855 fix: set correct (1 year) talosconfig expiration
79bbdf454 fix: set proper timeouts for KubePrism loadbalancer
b8fb55d5c fix: use a mount prefix when installing a bootloader
44f59a804 feat: improve imager APIs
2d3ac925e refactor: update NTP spike detector
af0cc70e3 test: update e2e-aws to use worker groups
d03dc7a8a chore: validate new system extensions
bbeb489aa chore: drop firmware from initramfs
3c9f7a7de chore: re-enable nolintlint and typecheck linters
c51e2c9b4 feat: update CoreDNS to 1.11.1
8670450d2 release(v1.6.0-alpha.0): prepare release
6778ded29 feat: add e2e-aws for nvidia extensions
74c07ed71 chore: update Go to 1.21
a28d72e9c fix: ova contents to be named disk.*
c0ea4d7ba fix: properly calculate overal of node address with subnet filters
d6b2719e2 chore: drone: move extensions step to a function
9608ef56d chore: allow bridge traffic with DHCP broadcast traffic
c99316457 docs: fix the installing system extensions doc
833895940 chore: add tests for zfs extension
cb468c41c fix: copy proper modules to arm64 squashfs
ea0d6e8c6 fix: prevent dashboard crashes when process info is not available
e9077a6fb feat: filter the hostname to produce nodename
dc8361c1d fix: properly GC images supplied with both tag and digest
ccfa8de11 fix: automatically change rpi_4 board on upgrade
b56e8b7d9 fix: support 'List' type manifests
574d48e54 fix: use image digest when starting a container
175747cea fix: ntp query error with bare IPv6 address
c8b507fb2 docs: fix kubeprism typo
0cdcb2e0e docs: restructure docs for nvidia drivers for v1.4
676db9768 docs: fork docs for Talos 1.6
92ad18c18 fix: write correct capacity to the ovf
6b0373ebe chore: move bash tests to integration
52b3d8d37 docs: make Talos 1.5 documentation the default one
dc873df9b chore: fix the filenames of openstack images
b5c0e7b24 docs: update nvidia docs
9606e871e docs: update Jiva Pod Security Policy
a86ed4362 chore: update Kubernetes Go modules to 0.28.0
97b4e3e91 feat: update Kubernetes to 1.28.0
79ca1a3df feat: e2e-aws using tf code
bf3a5e011 chore: add version compatibility for Talos 1.6
969e8097c feat: update Kubernetes to 1.28.0-rc.1
ca41b611e chore: drone jsonnet cleanup
bc198e98e docs: retain cilium autoMount pending upstream hostPath fix
86c94eff8 refactor: docgen and config examples
ee6d639f6 fix: match routes on the priority properly
bff0d8f32 chore: fix dependencies in the release pipeline
e1b288679 refactor: compile regex in validation method on the first use
daa4c185a docs: add what's new and documentation for Talos 1.5
c4a1ca8d6 chore: remove <-errCh where possible in grpc methods
e0f383598 chore: clean up the output of the imager
fb536af4d chore: optimize memory usage of tcell library on init
7c86a365e chore: publish systemd-boot and systemd-stub assets
7d688ccfe fix: make encryption config provider default to luks2 if not set
80238a05a chore: unify semver under github.com/blang/semver/v4
0f1920bdd chore: provide a resource to peek into Linux clock adjustments
4eab3017b fix: calculate log2i properly
bcf284530 fix: update providerid prefix for aws
ac2aff5cc fix: fix azure portion of cloud uploader
793dcedc9 fix: fast-wipe the system disk on talosctl reset
76fa45afb docs: update cilium instructions

Changes since v1.6.0-alpha.1

45 commits

514e514ba feat: update Linux 6.1.63, containerd 1.7.9
aca8b5e17 fix: ignore kernel command line in container mode
020a0eb63 docs: fix table formatting for bootstraprequest
0eb245e04 docs: fix talosctl pcap example indentation
de6caf534 docs: fix table formatting for machineservice api
27d208c26 feat: implement OAuth2 device flow for machine config
5c8fa2a80 chore: start containerd early in boot
95a252cfc docs: fix link in what is new page
0d3c3ed71 feat: support kube scheduler config
06941b7e5 fix: allow rootfs propagation configuration for extension services
57dc796f3 docs: update lastRelease to v1.5.5 in _index.md
21d944a64 docs: add timezone information
4f1ad16c7 feat: support kubelet credentialprovider config
71a3bf0e3 fix: allow extra kernel args for secureboot installer
f38eaaab8 feat: rework secureboot and PCR signing key
6eade3d5e chore: add ability to rewrite uuids and set unique tokens for Talos
e9c7ac17a fix: set max msg recv size when proxying
e22ab440d feat: update Linux 6.1.61, containerd 1.7.8, runc 1.1.10
8245361f9 feat: show first 32 bytes of response body on download error
75d3987c0 chore: drop sha1 from genereated pcr json
6f32d2990 feat: add .der output talosctl gen secureboot pcr
87c40da6c fix: proper logging in machined on startup
a54da5f64 fix: image build for nanopi_4s
6f3cd0593 refactor: update packet capture to use 'afpacket' interface
813442dd7 fix: don't validate machine.install if installed
dff60069c feat: update Kubernetes to 1.29.0-alpha.3
c97db5dfe chore: bump Go dependencies
807a9950a fix: use custom Talos/kernel version when generating UKI
eb94468a6 docs: add documentation for Image Factory
2e78513e1 refactor: drop the dependency link platform -> network ctrl
6dc776b8a fix: when writing to META in the installer/imager, use fixed name
3703041e9 chore: remove uneeded code
cbe6e7622 fix: generate images for SBCs using imager
5dff164f1 fix: fix error output of cli action tracker
ef5056122 feat: update etcd to 3.5.10
45ae80873 chore: bump go-api-signature dependency to v0.3.1
ffa5e05cb fix: make Talos work on Rockpi 4c boards again
8eba4c599 feat: generate secrets bundle from the machine config
c7de745f6 chore: drop deprecated code
cc0c3ab69 docs: update rpi_generic.md
a009f5c60 fix: accept sysctl paths with dots
4919f6ee2 feat: add GOMEMLIMIT to shipped manifests with memory limits
73ee576ea chore: update sonobuouy library, drop the fork
c23bc2f4a chore: support OCI layout as a source for profile input
154bbd70f docs: fix talos version in guide for docker

Changes from siderolabs/extras

7 commits

e8e801b feat: update Go to 1.21.4
d816a02 chore: move project to using kres
3893789 chore: move to github workflows
6d48418 feat: update Go to 1.21.3
09d7c3e chore: update releases
a011245 feat: update Go to 1.21.1
d3f54c7 feat: update Go to 1.20.8

Changes from siderolabs/gen

2 commits

efca710 chore: add FilterInPlace method to maps and update module
36a3ae3 feat: update module

Changes from siderolabs/go-kubernetes

7 commits

fa05430 chore: support kube-scheduler config version
68bf392 feat: add dropped API resource for 1.29
09fa006 fix: retry Windows connection errors
3aa47a4 feat: support Kubernetes 1.29 upgrades
ae33a4a feat: introduce support for Kubernetes version compatibility checks
cf2754e chore: update to use GHA
44e26b3 feat: update removed feature gates for 1.28

Changes from siderolabs/go-retry

1 commit

23b6fc2 fix: provider modern error unwrapping

Changes from siderolabs/pkgs

32 commits

3aea711 feat: bump dependencies
d59cb3e feat(lvm2): configure thin support
252a59f feat: bump dependencies
0bb2a79 feat: update Go to 1.21.4
f57b0a9 chore: fix kernel target to honor PLATFORM
5f84302 chore: move to using kres
d7509f1 chore: bump deps
3a66437 chore: add gh workflows
2e892fd feat: update versions
37348d6 feat: update Go to 1.21.3
34f3c41 feat: add Solarflare SFC9000 support
0c84090 feat: update releases
19cdf71 feat: enable common sensors
acee18e chore: bump kernel to 6.1.54
1d16fd2 feat: add Chelsio support
4504f83 chore: rename kconfig-hardened-check
847a9c3 chore: enable dm thin provisioning
1401505 chore: drop -pkgs for upstream kernel modules
a62471d feat: add binfmt_misc support
518c441 feat: add gVNIC support
7d9e60e feat: update Go to 1.21.1
d3d7d29 chore: bump deps
3b70656 chore: fix cacert perms
cca80b7 feat: update Linux to 6.1.46
2e1c0b9 fix: nonfree kmod pkg name
cff5beb feat: add btrfs support
7717b7e chore: bump deps
2f19f18 feat: update containerd to 1.6.23
30d4b74 feat: update Go to 1.21
eda123d feat: update runc to 1.1.9
30cd584 chore: enable pushing of non-free packages
fb247b5 chore: update kernel and microcode

Changes from siderolabs/siderolink

5 commits

5ab8f9d feat: allow persistent keepalive to be set for the peer
71dd308 chore: provide unique_token and Talos version in ProvisionRequest
0ee5425 chore: revert sys moduel to 0.13.0
6be9ba7 chore: bump deps
448cbe1 chore: bump golang.org/x/net to 0.8.0

Changes from siderolabs/tools

13 commits

ff7fe96 feat: update Go to 1.21.4
6216d64 fix: org name
4334b92 chore: move to using kres
024ef25 chore: bump deps
5a22409 chore: refactor github actions
9a05d12 feat: move to gh workflow
a4a52e2 chore: add dummy gh workflow
9c09b00 feat: update dependencies
35948af feat: update Go to 1.21.3
09023c1 feat: update OpenSSL to 3.1.3
7fa8bb5 feat: update releases
fa388de feat: update Go to 1.21.1
33fb4b3 feat: update Go to 1.21

Dependency Changes

github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0 new
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 new
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.0.0 new
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 new
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.0.1 new
github.com/aws/aws-sdk-go-v2/config v1.18.32 -> v1.25.4
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.7 -> v1.14.5
github.com/aws/smithy-go v1.14.0 -> v1.17.0
github.com/beevik/ntp v1.2.0 -> v1.3.0
github.com/blang/semver/v4 v4.0.0 new
github.com/containerd/cgroups/v3 v3.0.2 new
github.com/containerd/containerd v1.6.23 -> v1.7.9
github.com/cosi-project/runtime v0.3.1 -> v0.3.17
github.com/distribution/reference v0.5.0 new
github.com/docker/docker v24.0.5 -> v24.0.7
github.com/fatih/color v1.15.0 -> v1.16.0
github.com/foxboron/go-uefi 32187aa193d0 -> 18b9ba9cd4c3
github.com/fsnotify/fsnotify v1.6.0 -> v1.7.0
github.com/google/go-cmp v0.5.9 -> v0.6.0
github.com/google/go-containerregistry v0.15.2 -> v0.16.1
github.com/google/uuid v1.3.0 -> v1.4.0
github.com/gopacket/gopacket v1.1.1 -> e79bddbcb4a7
github.com/hetznercloud/hcloud-go/v2 v2.0.0 -> v2.4.0
github.com/insomniacslk/dhcp 0f9eb93a696c -> 6a2c8fbdcc1c
github.com/jsimonetti/rtnetlink v1.3.4 -> v1.3.5
github.com/mattn/go-isatty v0.0.19 -> v0.0.20
github.com/mdp/qrterminal/v3 v3.2.0 new
github.com/opencontainers/runtime-spec 1c3f411f0417 -> v1.1.0-rc.1
github.com/prometheus/procfs v0.11.1 -> v0.12.0
github.com/rivo/tview 6cc0565babaf -> 7c9e464bac02
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.20 -> v1.0.0-beta.21
github.com/siderolabs/extras v1.5.0 -> v1.6.0-alpha.0-5-ge8e801b
github.com/siderolabs/gen v0.4.5 -> v0.4.7
github.com/siderolabs/go-kubernetes v0.2.2 -> v0.2.8
github.com/siderolabs/go-retry v0.3.2 -> v0.3.3
github.com/siderolabs/pkgs v1.5.0-6-g2f2c9cd -> v1.6.0-alpha.0-31-g3aea711
github.com/siderolabs/siderolink v0.3.1 -> v0.3.2
github.com/siderolabs/talos/pkg/machinery v1.5.0 -> v1.6.0-alpha.1
github.com/siderolabs/tools v1.5.0 -> v1.6.0-alpha.0-12-gff7fe96
github.com/spf13/cobra v1.7.0 -> v1.8.0
github.com/vmware-tanzu/sonobuoy v0.56.17 -> v0.57.1
go.etcd.io/etcd/api/v3 v3.5.9 -> v3.5.10
go.etcd.io/etcd/client/pkg/v3 v3.5.9 -> v3.5.10
go.etcd.io/etcd/client/v3 v3.5.9 -> v3.5.10
go.etcd.io/etcd/etcdutl/v3 v3.5.9 -> v3.5.10
go.uber.org/zap v1.25.0 -> v1.26.0
go4.org/netipx ec4c8b891b28 -> 6213f710f925
golang.org/x/net v0.13.0 -> v0.18.0
golang.org/x/oauth2 v0.14.0 new
golang.org/x/sync v0.3.0 -> v0.5.0
golang.org/x/sys v0.10.0 -> v0.14.0
golang.org/x/term v0.10.0 -> v0.14.0
golang.org/x/text v0.11.0 -> v0.14.0
golang.org/x/time v0.3.0 -> v0.4.0
google.golang.org/grpc v1.57.0 -> v1.59.0
k8s.io/api v0.28.0 -> v0.29.0-alpha.3
k8s.io/apimachinery v0.28.0 -> v0.29.0-alpha.3
k8s.io/apiserver v0.28.0 -> v0.29.0-alpha.3
k8s.io/client-go v0.28.0 -> v0.29.0-alpha.3
k8s.io/component-base v0.28.0 -> v0.29.0-alpha.3
k8s.io/cri-api v0.28.0 -> v0.29.0-alpha.3
k8s.io/klog/v2 v2.100.1 -> v2.110.1
k8s.io/kube-scheduler v0.29.0-alpha.3 new
k8s.io/kubectl v0.28.0 -> v0.29.0-alpha.3
k8s.io/kubelet v0.28.0 -> v0.29.0-alpha.3
sigs.k8s.io/yaml v1.3.0 -> v1.4.0

Previous release can be found at v1.5.0

Talos 1.6.0-alpha.1 (2023-10-17)

Welcome to the v1.6.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

Network Device Selectors

Previously, network device selectors only matched the first link, now the configuration is applied to all matching links.

Linux Firmware

KubePrism

KubePrism is enabled by default on port 7445.

talosctl CLI

The command images deprecated in Talos 1.5 was removed, please use talosctl images default instead.

Component Updates

Linux: 6.1.58 containerd: 1.7.7 CoreDNS: 1.11.1 Kubernetes: 1.29.0-alpha.2 Flannel: 0.22.3

Talos is built with Go 1.21.3.

Contributors

Andrey Smirnov
Noel Georgi
Andrey Smirnov
Dmitriy Matrenichev
Serge Logvinov
Radosław Piliszek
Artem Chernyshev
Thomas Way
Utku Ozdemir
Andrei Kvapil
Christian Rolland
Drew Hess
Enno Boland
Henry Sachs
Jacob McSwain
Jacob McSwain
Jared Davenport
Mans Matulewicz
Nebula
Nico Berlee
Sascha Desch
Spencer Smith
Steve Francis
Thomas Lemarchand
Tim Jones
Zachary Milonas
guoguangwu
mikucat0309
ndbrew

Changes

131 commits

9dfae8467 chore: update dependencies
38ce3c827 feat: nocloud prefer mac address
401e89411 feat: customize image size
865f08f86 docs: kubeadm migration guide improvements
c3e418200 refactor: use COSI runtime with new controller runtime DB
c1ee24465 feat: update Kubernetes to v1.29.0-alpha.2
0ff7350ab fix: oracle integration fixes
675bada45 test: add config generation stability tests
f9639fb53 test: fix 'talosctl gen' tests
6142d87a0 feat: hostname configuration improvements on the NoCloud platform
7bb205ebe fix: don't use runtime-specs Mount struct in machine config
d1b27926c feat: update Go to 1.21.3
b87092ab6 fix: handle secure boot state policy pcr digest error
498aeb8c3 docs: fix incorrect image suffix
c14a5d4f7 feat: support service account auth in cli
336aee0fd fix: use tpm2 hash algorithm constants and allow non-SHA-256 PCRs
69d8054c9 chore: drop UpdateEndpointSuite
ef7be16c8 fix: clear the encryption config in META when STATE is reset
5fc60d2ca feat: add Solarflare SFC9000 support
9b5cfdd0b chore: add tests for iscsi
b897764f8 docs: update proxmox.md
159f45bde docs: fix typos in CLI calls to endpoints
0bd1bdd74 chore: allow insecure access to installer base image (imager)
10ed13067 fix: the node IP for kubelet shouldn't change if nothing matches
e7575ecaa feat: support n-5 latest Kubernetes versions
e71508ec1 chore: update dependencies
6d7fa4668 docs: add metal network configuration guide
2b548ad0d feat: update containerd to 1.7.x
62dcfe81e fix: update kubernetes library to support 1.29 upgrades
52caf0763 feat: update Kubernetes to 1.29.0-alpha.1
390137447 feat: enable KubePrism by default
1beb5e86e docs: add KubePrism video
a52d3cda3 chore: update gen and COSI runtime
29b201d61 feat: enable common h/w sensors
9c2ba7c6f chore: add tests for chelsio drivers
5ca4d58dc fix: generate of modules.dep when on the machine
5efcccb6b chore: bump kernel to 6.1.54
29c767a02 docs: add control plane nodes as users of apid also for control plane nodes
4874cfb95 chore: fix typo
96f2a62ea test: update upgrade tests versions
f3a370acb feat: update Flannel to 0.22.3
efdee6965 feat: update Kubernetes to 1.28.2
e3b494058 fix: build CPU ucode correctly for early loader
c5bd0ac5c refactor: reimplement the depmod extension rebuilder
0b883f52a docs: add notes about stable addressing
3ef670a9e chore: pull in dm modules
8f4a36b0d docs: update aws to add command to allow KubeSpan wireguard port
a7edd0523 fix: set default route priority for hcloud platform
87c1b3ddd fix: calculate UKI ISO size dynamically
9698e4547 fix: handle correctly change of listen address for maintenance service
a096f05a5 chore: update gRPC library and enable shared write buffers
9e78fecca chore: improve image signing process
f00567e20 chore: add PKG_KERNEL arg to customize used kernel
2960f93ba feat: add readonly information to the disks API response
735bf9ed0 feat: bring in Google vNIC driver
3f5232075 feat: upgrade-k8s without comments
e44875106 docs: update deploying-cilium.md
7046cae43 chore: update gopacket to reduce init memory allocs
da73b563d chore: update Go to 1.21.1
5e11f08a6 fix: trim file path in the container image
3d2dad4e6 chore: show securtiystate on dashboard
b48510874 chore: e2e-aws cleanup
1eebbce35 chore: add output flag for talosctl config info
3fbed806c chore: add tests for util-linux extensions
7c514a1a6 docs: update header links
6058c3602 fix: shorten VLAN link names to fit into the limit of 15 characters
9c2f765c8 fix: allow network device selector to match multiple links
a04b98637 fix: update kubernetes library for 1.28 upgrade pre-checks
f7473e477 feat: update default Kubernetes to 1.28.1
d693604a1 chore: fix default image list in the release notes
d91b5b3a3 feat: set environment variables early in the boot
c918c0855 fix: set correct (1 year) talosconfig expiration
79bbdf454 fix: set proper timeouts for KubePrism loadbalancer
b8fb55d5c fix: use a mount prefix when installing a bootloader
44f59a804 feat: improve imager APIs
2d3ac925e refactor: update NTP spike detector
af0cc70e3 test: update e2e-aws to use worker groups
d03dc7a8a chore: validate new system extensions
bbeb489aa chore: drop firmware from initramfs
3c9f7a7de chore: re-enable nolintlint and typecheck linters
c51e2c9b4 feat: update CoreDNS to 1.11.1
8670450d2 release(v1.6.0-alpha.0): prepare release
6778ded29 feat: add e2e-aws for nvidia extensions
74c07ed71 chore: update Go to 1.21
a28d72e9c fix: ova contents to be named disk.*
c0ea4d7ba fix: properly calculate overal of node address with subnet filters
d6b2719e2 chore: drone: move extensions step to a function
9608ef56d chore: allow bridge traffic with DHCP broadcast traffic
c99316457 docs: fix the installing system extensions doc
833895940 chore: add tests for zfs extension
cb468c41c fix: copy proper modules to arm64 squashfs
ea0d6e8c6 fix: prevent dashboard crashes when process info is not available
e9077a6fb feat: filter the hostname to produce nodename
dc8361c1d fix: properly GC images supplied with both tag and digest
ccfa8de11 fix: automatically change rpi_4 board on upgrade
b56e8b7d9 fix: support 'List' type manifests
574d48e54 fix: use image digest when starting a container
175747cea fix: ntp query error with bare IPv6 address
c8b507fb2 docs: fix kubeprism typo
0cdcb2e0e docs: restructure docs for nvidia drivers for v1.4
676db9768 docs: fork docs for Talos 1.6
92ad18c18 fix: write correct capacity to the ovf
6b0373ebe chore: move bash tests to integration
52b3d8d37 docs: make Talos 1.5 documentation the default one
dc873df9b chore: fix the filenames of openstack images
b5c0e7b24 docs: update nvidia docs
9606e871e docs: update Jiva Pod Security Policy
a86ed4362 chore: update Kubernetes Go modules to 0.28.0
97b4e3e91 feat: update Kubernetes to 1.28.0
79ca1a3df feat: e2e-aws using tf code
bf3a5e011 chore: add version compatibility for Talos 1.6
969e8097c feat: update Kubernetes to 1.28.0-rc.1
ca41b611e chore: drone jsonnet cleanup
bc198e98e docs: retain cilium autoMount pending upstream hostPath fix
86c94eff8 refactor: docgen and config examples
ee6d639f6 fix: match routes on the priority properly
bff0d8f32 chore: fix dependencies in the release pipeline
e1b288679 refactor: compile regex in validation method on the first use
daa4c185a docs: add what's new and documentation for Talos 1.5
c4a1ca8d6 chore: remove <-errCh where possible in grpc methods
e0f383598 chore: clean up the output of the imager
fb536af4d chore: optimize memory usage of tcell library on init
7c86a365e chore: publish systemd-boot and systemd-stub assets
7d688ccfe fix: make encryption config provider default to luks2 if not set
80238a05a chore: unify semver under github.com/blang/semver/v4
0f1920bdd chore: provide a resource to peek into Linux clock adjustments
4eab3017b fix: calculate log2i properly
bcf284530 fix: update providerid prefix for aws
ac2aff5cc fix: fix azure portion of cloud uploader
793dcedc9 fix: fast-wipe the system disk on talosctl reset
76fa45afb docs: update cilium instructions

Changes since v1.6.0-alpha.0

81 commits

9dfae8467 chore: update dependencies
38ce3c827 feat: nocloud prefer mac address
401e89411 feat: customize image size
865f08f86 docs: kubeadm migration guide improvements
c3e418200 refactor: use COSI runtime with new controller runtime DB
c1ee24465 feat: update Kubernetes to v1.29.0-alpha.2
0ff7350ab fix: oracle integration fixes
675bada45 test: add config generation stability tests
f9639fb53 test: fix 'talosctl gen' tests
6142d87a0 feat: hostname configuration improvements on the NoCloud platform
7bb205ebe fix: don't use runtime-specs Mount struct in machine config
d1b27926c feat: update Go to 1.21.3
b87092ab6 fix: handle secure boot state policy pcr digest error
498aeb8c3 docs: fix incorrect image suffix
c14a5d4f7 feat: support service account auth in cli
336aee0fd fix: use tpm2 hash algorithm constants and allow non-SHA-256 PCRs
69d8054c9 chore: drop UpdateEndpointSuite
ef7be16c8 fix: clear the encryption config in META when STATE is reset
5fc60d2ca feat: add Solarflare SFC9000 support
9b5cfdd0b chore: add tests for iscsi
b897764f8 docs: update proxmox.md
159f45bde docs: fix typos in CLI calls to endpoints
0bd1bdd74 chore: allow insecure access to installer base image (imager)
10ed13067 fix: the node IP for kubelet shouldn't change if nothing matches
e7575ecaa feat: support n-5 latest Kubernetes versions
e71508ec1 chore: update dependencies
6d7fa4668 docs: add metal network configuration guide
2b548ad0d feat: update containerd to 1.7.x
62dcfe81e fix: update kubernetes library to support 1.29 upgrades
52caf0763 feat: update Kubernetes to 1.29.0-alpha.1
390137447 feat: enable KubePrism by default
1beb5e86e docs: add KubePrism video
a52d3cda3 chore: update gen and COSI runtime
29b201d61 feat: enable common h/w sensors
9c2ba7c6f chore: add tests for chelsio drivers
5ca4d58dc fix: generate of modules.dep when on the machine
5efcccb6b chore: bump kernel to 6.1.54
29c767a02 docs: add control plane nodes as users of apid also for control plane nodes
4874cfb95 chore: fix typo
96f2a62ea test: update upgrade tests versions
f3a370acb feat: update Flannel to 0.22.3
efdee6965 feat: update Kubernetes to 1.28.2
e3b494058 fix: build CPU ucode correctly for early loader
c5bd0ac5c refactor: reimplement the depmod extension rebuilder
0b883f52a docs: add notes about stable addressing
3ef670a9e chore: pull in dm modules
8f4a36b0d docs: update aws to add command to allow KubeSpan wireguard port
a7edd0523 fix: set default route priority for hcloud platform
87c1b3ddd fix: calculate UKI ISO size dynamically
9698e4547 fix: handle correctly change of listen address for maintenance service
a096f05a5 chore: update gRPC library and enable shared write buffers
9e78fecca chore: improve image signing process
f00567e20 chore: add PKG_KERNEL arg to customize used kernel
2960f93ba feat: add readonly information to the disks API response
735bf9ed0 feat: bring in Google vNIC driver
3f5232075 feat: upgrade-k8s without comments
e44875106 docs: update deploying-cilium.md
7046cae43 chore: update gopacket to reduce init memory allocs
da73b563d chore: update Go to 1.21.1
5e11f08a6 fix: trim file path in the container image
3d2dad4e6 chore: show securtiystate on dashboard
b48510874 chore: e2e-aws cleanup
1eebbce35 chore: add output flag for talosctl config info
3fbed806c chore: add tests for util-linux extensions
7c514a1a6 docs: update header links
6058c3602 fix: shorten VLAN link names to fit into the limit of 15 characters
9c2f765c8 fix: allow network device selector to match multiple links
a04b98637 fix: update kubernetes library for 1.28 upgrade pre-checks
f7473e477 feat: update default Kubernetes to 1.28.1
d693604a1 chore: fix default image list in the release notes
d91b5b3a3 feat: set environment variables early in the boot
c918c0855 fix: set correct (1 year) talosconfig expiration
79bbdf454 fix: set proper timeouts for KubePrism loadbalancer
b8fb55d5c fix: use a mount prefix when installing a bootloader
44f59a804 feat: improve imager APIs
2d3ac925e refactor: update NTP spike detector
af0cc70e3 test: update e2e-aws to use worker groups
d03dc7a8a chore: validate new system extensions
bbeb489aa chore: drop firmware from initramfs
3c9f7a7de chore: re-enable nolintlint and typecheck linters
c51e2c9b4 feat: update CoreDNS to 1.11.1

Changes from siderolabs/extras

4 commits

6d48418 feat: update Go to 1.21.3
09d7c3e chore: update releases
a011245 feat: update Go to 1.21.1
d3f54c7 feat: update Go to 1.20.8

Changes from siderolabs/gen

2 commits

efca710 chore: add FilterInPlace method to maps and update module
36a3ae3 feat: update module

Changes from siderolabs/go-kubernetes

5 commits

09fa006 fix: retry Windows connection errors
3aa47a4 feat: support Kubernetes 1.29 upgrades
ae33a4a feat: introduce support for Kubernetes version compatibility checks
cf2754e chore: update to use GHA
44e26b3 feat: update removed feature gates for 1.28

Changes from siderolabs/pkgs

24 commits

2e892fd feat: update versions
37348d6 feat: update Go to 1.21.3
34f3c41 feat: add Solarflare SFC9000 support
0c84090 feat: update releases
19cdf71 feat: enable common sensors
acee18e chore: bump kernel to 6.1.54
1d16fd2 feat: add Chelsio support
4504f83 chore: rename kconfig-hardened-check
847a9c3 chore: enable dm thin provisioning
1401505 chore: drop -pkgs for upstream kernel modules
a62471d feat: add binfmt_misc support
518c441 feat: add gVNIC support
7d9e60e feat: update Go to 1.21.1
d3d7d29 chore: bump deps
3b70656 chore: fix cacert perms
cca80b7 feat: update Linux to 6.1.46
2e1c0b9 fix: nonfree kmod pkg name
cff5beb feat: add btrfs support
7717b7e chore: bump deps
2f19f18 feat: update containerd to 1.6.23
30d4b74 feat: update Go to 1.21
eda123d feat: update runc to 1.1.9
30cd584 chore: enable pushing of non-free packages
fb247b5 chore: update kernel and microcode

Changes from siderolabs/tools

6 commits

9c09b00 feat: update dependencies
35948af feat: update Go to 1.21.3
09023c1 feat: update OpenSSL to 3.1.3
7fa8bb5 feat: update releases
fa388de feat: update Go to 1.21.1
33fb4b3 feat: update Go to 1.21

Dependency Changes

github.com/aws/aws-sdk-go-v2/config v1.18.32 -> v1.19.0
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.7 -> v1.13.13
github.com/aws/smithy-go v1.14.0 -> v1.15.0
github.com/beevik/ntp v1.2.0 -> v1.3.0
github.com/blang/semver/v4 v4.0.0 new
github.com/containerd/cgroups/v3 v3.0.2 new
github.com/containerd/containerd v1.6.23 -> v1.7.7
github.com/cosi-project/runtime v0.3.1 -> v0.3.13
github.com/distribution/reference v0.5.0 new
github.com/docker/docker v24.0.5 -> v24.0.6
github.com/foxboron/go-uefi 32187aa193d0 -> 18b9ba9cd4c3
github.com/google/go-cmp v0.5.9 -> v0.6.0
github.com/google/go-containerregistry v0.15.2 -> v0.16.1
github.com/google/uuid v1.3.0 -> v1.3.1
github.com/gopacket/gopacket v1.1.1 -> 4769cf270e9e
github.com/hetznercloud/hcloud-go/v2 v2.0.0 -> v2.4.0
github.com/insomniacslk/dhcp 0f9eb93a696c -> 6a2c8fbdcc1c
github.com/jsimonetti/rtnetlink v1.3.4 -> v1.3.5
github.com/opencontainers/runtime-spec 1c3f411f0417 -> v1.1.0-rc.1
github.com/prometheus/procfs v0.11.1 -> v0.12.0
github.com/rivo/tview 6cc0565babaf -> 6c844bdc5f7a
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.20 -> v1.0.0-beta.21
github.com/siderolabs/extras v1.5.0 -> v1.6.0-alpha.0-2-g6d48418
github.com/siderolabs/gen v0.4.5 -> v0.4.7
github.com/siderolabs/go-kubernetes v0.2.2 -> v0.2.6
github.com/siderolabs/pkgs v1.5.0-6-g2f2c9cd -> v1.6.0-alpha.0-23-g2e892fd
github.com/siderolabs/talos/pkg/machinery v1.5.0 -> v1.6.0-alpha.0
github.com/siderolabs/tools v1.5.0 -> v1.6.0-alpha.0-5-g9c09b00
go.uber.org/zap v1.25.0 -> v1.26.0
go4.org/netipx ec4c8b891b28 -> 6213f710f925
golang.org/x/net v0.13.0 -> v0.17.0
golang.org/x/sync v0.3.0 -> v0.4.0
golang.org/x/sys v0.10.0 -> v0.13.0
golang.org/x/term v0.10.0 -> v0.13.0
golang.org/x/text v0.11.0 -> v0.13.0
google.golang.org/grpc v1.57.0 -> v1.58.3
k8s.io/api v0.28.0 -> v0.29.0-alpha.2
k8s.io/apimachinery v0.28.0 -> v0.29.0-alpha.2
k8s.io/apiserver v0.28.0 -> v0.29.0-alpha.2
k8s.io/client-go v0.28.0 -> v0.29.0-alpha.2
k8s.io/component-base v0.28.0 -> v0.29.0-alpha.2
k8s.io/cri-api v0.28.0 -> v0.29.0-alpha.2
k8s.io/kubectl v0.28.0 -> v0.29.0-alpha.2
k8s.io/kubelet v0.28.0 -> v0.29.0-alpha.2

Previous release can be found at v1.5.0

Talos 1.6.0-alpha.0 (2023-08-24)

Welcome to the v1.6.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

talosctl CLI

The command images deprecated in Talos 1.5 was removed, please use talosctl images default instead.

Component Updates

Linux: 6.1.46

Talos is built with Go 1.21.

Contributors

Andrey Smirnov
Noel Georgi
Andrey Smirnov
Dmitriy Matrenichev
Artem Chernyshev
Christian Rolland
Enno Boland
Henry Sachs
Jared Davenport
Nico Berlee
Sascha Desch
Tim Jones
Utku Ozdemir

Changes

48 commits

74c07ed71 chore: update Go to 1.21
a28d72e9c fix: ova contents to be named disk.*
c0ea4d7ba fix: properly calculate overal of node address with subnet filters
d6b2719e2 chore: drone: move extensions step to a function
9608ef56d chore: allow bridge traffic with DHCP broadcast traffic
c99316457 docs: fix the installing system extensions doc
833895940 chore: add tests for zfs extension
cb468c41c fix: copy proper modules to arm64 squashfs
ea0d6e8c6 fix: prevent dashboard crashes when process info is not available
e9077a6fb feat: filter the hostname to produce nodename
dc8361c1d fix: properly GC images supplied with both tag and digest
ccfa8de11 fix: automatically change rpi_4 board on upgrade
b56e8b7d9 fix: support 'List' type manifests
574d48e54 fix: use image digest when starting a container
175747cea fix: ntp query error with bare IPv6 address
c8b507fb2 docs: fix kubeprism typo
0cdcb2e0e docs: restructure docs for nvidia drivers for v1.4
676db9768 docs: fork docs for Talos 1.6
92ad18c18 fix: write correct capacity to the ovf
6b0373ebe chore: move bash tests to integration
52b3d8d37 docs: make Talos 1.5 documentation the default one
dc873df9b chore: fix the filenames of openstack images
b5c0e7b24 docs: update nvidia docs
9606e871e docs: update Jiva Pod Security Policy
a86ed4362 chore: update Kubernetes Go modules to 0.28.0
97b4e3e91 feat: update Kubernetes to 1.28.0
79ca1a3df feat: e2e-aws using tf code
bf3a5e011 chore: add version compatibility for Talos 1.6
969e8097c feat: update Kubernetes to 1.28.0-rc.1
ca41b611e chore: drone jsonnet cleanup
bc198e98e docs: retain cilium autoMount pending upstream hostPath fix
86c94eff8 refactor: docgen and config examples
ee6d639f6 fix: match routes on the priority properly
bff0d8f32 chore: fix dependencies in the release pipeline
e1b288679 refactor: compile regex in validation method on the first use
daa4c185a docs: add what's new and documentation for Talos 1.5
c4a1ca8d6 chore: remove <-errCh where possible in grpc methods
e0f383598 chore: clean up the output of the imager
fb536af4d chore: optimize memory usage of tcell library on init
7c86a365e chore: publish systemd-boot and systemd-stub assets
7d688ccfe fix: make encryption config provider default to luks2 if not set
80238a05a chore: unify semver under github.com/blang/semver/v4
0f1920bdd chore: provide a resource to peek into Linux clock adjustments
4eab3017b fix: calculate log2i properly
bcf284530 fix: update providerid prefix for aws
ac2aff5cc fix: fix azure portion of cloud uploader
793dcedc9 fix: fast-wipe the system disk on talosctl reset
76fa45afb docs: update cilium instructions

Changes from siderolabs/pkgs

8 commits

2e1c0b9 fix: nonfree kmod pkg name
cff5beb feat: add btrfs support
7717b7e chore: bump deps
2f19f18 feat: update containerd to 1.6.23
30d4b74 feat: update Go to 1.21
eda123d feat: update runc to 1.1.9
30cd584 chore: enable pushing of non-free packages
fb247b5 chore: update kernel and microcode

Changes from siderolabs/tools

1 commit

33fb4b3 feat: update Go to 1.21

Dependency Changes

github.com/aws/aws-sdk-go-v2/config v1.18.32 -> v1.18.36
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.7 -> v1.13.11
github.com/aws/smithy-go v1.14.0 -> v1.14.2
github.com/beevik/ntp v1.2.0 -> v1.3.0
github.com/blang/semver/v4 v4.0.0 new
github.com/containerd/containerd v1.6.23 -> v1.6.22
github.com/foxboron/go-uefi 32187aa193d0 -> 18b9ba9cd4c3
github.com/google/go-containerregistry v0.15.2 -> v0.16.1
github.com/google/uuid v1.3.0 -> v1.3.1
github.com/hetznercloud/hcloud-go/v2 v2.0.0 -> v2.1.1
github.com/insomniacslk/dhcp 0f9eb93a696c -> b3ca2534940d
github.com/jsimonetti/rtnetlink v1.3.4 -> v1.3.5
github.com/rivo/tview 6cc0565babaf -> ccc2c8119703
github.com/siderolabs/pkgs v1.5.0-6-g2f2c9cd -> v1.6.0-alpha.0-7-g2e1c0b9
github.com/siderolabs/talos/pkg/machinery v1.5.0 -> v1.5.0-alpha.3
github.com/siderolabs/tools v1.5.0 -> v1.6.0-alpha.0
golang.org/x/net v0.13.0 -> v0.14.0
golang.org/x/sys v0.10.0 -> v0.11.0
golang.org/x/term v0.10.0 -> v0.11.0
golang.org/x/text v0.11.0 -> v0.12.0

Previous release can be found at v1.5.0

Talos 1.5.0-alpha.3 (2023-07-25)

Welcome to the v1.5.0-alpha.3 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

Extension Services

Talos now supports setting environmentFile for an extension service container spec. Refer: https://www.talos.dev/v1.5/advanced/extension-services/#container The extension waits for the file to be present before starting the service.

Predictable Network Interface Names

Starting with version Talos 1.5, network interfaces are renamed to predictable names same way as systemd does that in other Linux distributions.

The naming schema enx78e7d1ea46da (based on MAC addresses) is enabled by default, the order of interface naming decisions is:

firmware/BIOS provided index numbers for on-board devices (example: eno1)
firmware/BIOS provided PCI Express hotplug slot index numbers (example: ens1)
physical/geographical location of the connector of the hardware (example: enp2s0)
interfaces's MAC address (example: enx78e7d1ea46da)

The predictable network interface names features can be disabled by specifying net.ifnames=0 in the kernel command line. Talos automatically adds the net.ifnames=0 kernel argument when upgrading from Talos versions before 1.5.

This change doesn't affect "cloud" platforms, like AWS, as Talos automatically adds net.ifnames=0 to the kernel command line.

Network KMS Disk Encryption

Talos now supports new type of encryption keys which are sealed/unsealed with an external KMS server:

systemDiskEncryption:
  ephemeral:
    keys:
      - kms:
          endpoint: https://1.2.3.4:443
        slot: 0

gRPC API definitions and a simple reference implementation of the KMS server can be found in this repository.

KubePrism - Kubernetes API Server In-Cluster Load Balancer

Talos now supports configuring the KubePrism - Kubernetes API Server in-cluster load balancer with machine config features.kubePrism.port and features.kubePrism.enabled fields.

If enabled, KubePrism binds to localhost and runs on the same port on every machine in the cluster. The default value for KubePrism endpoint is https://localhost:7445.

The KubePrism is used by the kubelet, kube-scheduler, kube-controller-manager and kube-proxy by default and can be passed to the CNIs like Cilium and Calico.

The KubePrism provides access to the Kubernetes API endpoint even if the external loadbalancer is not healthy, provided that the worker nodes can reach to the controlplane machine addresses directly.

Machine Config option `.machine.install.bootloader`

The .machine.install.bootloader option in the machine config is deprecated and will be removed in Talos 1.6. This was a no-op for a long time. The bootloader is always installed.

XFS Quota

Talos 1.5+ enables XFS project quota support by default, also enabling by default kubelet feature gate LocalStorageCapacityIsolationFSQuotaMonitoring to use xfs quotas to monitor volume usage instead of du.

This feature is controlled by the .machine.features.diskQuotaSupport field in the machine config, it is set to true for new clusters.

When upgrading from a previous version, the feature can be enabled by setting the field to true. On the first mount of a volume, the quota information will be recalculated, which may take some time.

RDMA/RoCE support

Talos no longer loads by default rdma_rxe Linux driver, which is required for RoCE support. If the driver is required, it can be enabled by specifying rdma_rxe in the .machine.kernel.modules field in the machine config.

SecureBoot

Talos now supports generating a custom iso that can be used with SecureBoot. Key generation and enrolling has to be done manually.

`talosctl image` Command

A new set of commands was introduced to manage container images in the CRI:

talosctl image list shows list of available images
talosctl image pull allows to pre-pull an image into the CRI

Both new commands accept --namespace flag with two possible values:

cri (default): images managed by the CRI (Kubernetes workloads)
system: images managed by Talos (etcd and kubelet)



### `talosctl images` Command

The command `talosctl images` was renamed to `talosctl image default`.

The backward-compatible alias is kept in Talos 1.5, but it will be dropped in Talos 1.6.


### TPM Disk Encryption

Talos now supports encrypting STATE/EPHEMERAL with keys bound to a TPM device. The TPM device must be TPM2.0 compatible.
This is ideally supported when booting with new Talos SecureBoot UKI ISOs/Metal images. This feature would still work if SecureBoot
is not enabled for UKI images, but not recommended since there is no way to verify the trust of the bootloader.

Example machine config:

systemDiskEncryption: ephemeral: keys: - slot: 0 tpm: {} state: keys: - slot: 0 tpm: {}



### Component Updates

* Linux: 6.1.39
* containerd: 1.6.21
* runc: 1.1.8
* etcd: 3.5.9
* Kubernetes: 1.28.0-beta.0
* Flannel: 0.22.0

Talos is built with Go 1.20.6.


### `talosctl upgrade-k8s` Image Pre-pulling

The command `talosctl upgrade-k8s` now by default pre-pulls images for Kubernetes controlplane components
and kubelet. This provides an early check for missing images, and minimizes downtime during Kubernetes
rolling component update.


### Contributors

* Andrey Smirnov
* Noel Georgi
* Dmitriy Matrenichev
* Utku Ozdemir
* Artem Chernyshev
* Christian Rolland
* Steve Francis
* Nanfei Chen
* Nico Berlee
* Spencer Smith
* Alex Corcoles
* Alex Corcoles
* Alex Lubbock
* Andrei Kvapil
* Artem Chernyshev
* Budiman Jojo
* Chris Hoffman
* DJAlPee
* Dennis Marttinen
* Eirik Askheim
* Florian Klink
* Henk Kraal
* Igor Rzegocki
* James Callahan
* LukasAuerbeck
* Markus Reiter
* Michael A. Davis
* Michael Fornaro
* Niklas Wik
* Piotr Maksymiuk
* Ricky Sadowski
* Roee Klinger
* Sacha Trémoureux
* Scott Cariss
* Serge Logvinov
* Thomas Lemarchand
* Thomas Perronin
* Tim Jones
* Victor Bajada
* Walt Chen
* bdronneau

### Changes
<details><summary>194 commits</summary>
<p>

* [`d2f64af86`](https://github.com/siderolabs/talos/commit/d2f64af863e14b1d111bbeeaa6d9077aadaf6085) chore: disable cloud-images, pull in new kernel and gre module
* [`8edce4906`](https://github.com/siderolabs/talos/commit/8edce490639c213cd8c45989a5a87e3388179d37) docs: improve proxmox install guide
* [`c783458be`](https://github.com/siderolabs/talos/commit/c783458be0c90b779bcc2fe3c10e37fd3dfe01db) docs: typo dhcp -> dhcp
* [`003cbd161`](https://github.com/siderolabs/talos/commit/003cbd161196375edc8ee5033be62014eb88202e) docs: warn about secretboxEncryptionSecret in kubeadm migration guide
* [`786e86f5b`](https://github.com/siderolabs/talos/commit/786e86f5b8219ef37c5c6480d97c440cbbd53e30) refactor: rewrite the way Talos acquires the machine configuration
* [`5e13cafe5`](https://github.com/siderolabs/talos/commit/5e13cafe5b506039fdd652372b1d1f71a1c1c10b) feat: enforce kernel lockdown for UKI
* [`4d96d642f`](https://github.com/siderolabs/talos/commit/4d96d642fd9c462db2c084afee1428009d454a9e) feat: update default Kubernetes version to 1.28.0-beta.0
* [`170a73e16`](https://github.com/siderolabs/talos/commit/170a73e161eacb0e21ce95e7a7e406533552bf1d) chore: support creating qemu guest socket
* [`59ac38a6b`](https://github.com/siderolabs/talos/commit/59ac38a6bffe943fa634b124b8ec2a907f95a006) docs: add docs for installing azure ccm and csi
* [`6288cd970`](https://github.com/siderolabs/talos/commit/6288cd970e83f18e8b1cadca777deabe3ff9fc91) release(v1.5.0-alpha.2): prepare release
* [`60c304126`](https://github.com/siderolabs/talos/commit/60c304126fce95fd4995c416e7757f85505b90fb) chore: bump dependencies
* [`9ef4e5efc`](https://github.com/siderolabs/talos/commit/9ef4e5efca4b537a550a5e902fc2479ebb5e53e3) fix: log explicitly when kubelet has no nodeIP match
* [`6b39c6a4d`](https://github.com/siderolabs/talos/commit/6b39c6a4d326752f92d98388bbb418f2e50d3ddb) fix: enable compression and bump gRPC max msg size
* [`2f2eca861`](https://github.com/siderolabs/talos/commit/2f2eca86175fe98b3bf491f38ff907599333b139) chore: basic support for shutdown/poweroff flags
* [`b84277d7d`](https://github.com/siderolabs/talos/commit/b84277d7dc50b196b7cd27e7f2ceff6bf8f58a8d) docs: fix wrong capability name
* [`59d7d9344`](https://github.com/siderolabs/talos/commit/59d7d9344b27529af420ec31c7b599027cda044f) chore: use machined for `shutdown`, `poweroff`
* [`2439bfb71`](https://github.com/siderolabs/talos/commit/2439bfb719d9f50107cee500d03c90bd50649e05) chore: explicitly add timestamps to machined logs
* [`14966e718`](https://github.com/siderolabs/talos/commit/14966e718a07906ff389ecdda063fd16b22baab9) fix: skip over tpm2 1.2 devices
* [`6716e7bc0`](https://github.com/siderolabs/talos/commit/6716e7bc0ba6da31b8bc19aa4bd5edb7749b39a1) docs: update cilium documentation about KubePrism usage
* [`166d75fe8`](https://github.com/siderolabs/talos/commit/166d75fe888d334349f57dcf405b6867ca5305e2) fix: tpm2 encrypt/decrypt flow
* [`130518de7`](https://github.com/siderolabs/talos/commit/130518de71ae96cdf7d733a35e4c306940e1b845) chore: change missing renames of KubePrism
* [`5f34f5b41`](https://github.com/siderolabs/talos/commit/5f34f5b41f03d6d455d7b843084d2951c365a7ee) chore: rename api load balancer to KubePrism
* [`c8b7095c0`](https://github.com/siderolabs/talos/commit/c8b7095c01f597cd8b41964b42aa7e35c85ae307) refactor: use tpm2 library to calculate policy hash
* [`078aac92e`](https://github.com/siderolabs/talos/commit/078aac92ee30c9666235219d4623b82d66362d4d) chore: bump deps
* [`53873b844`](https://github.com/siderolabs/talos/commit/53873b8444acaa97d85c50caec625b9dbfdfef93) refactor: move ukify into Talos code
* [`d5f6fb9ff`](https://github.com/siderolabs/talos/commit/d5f6fb9ff2980df03365719d9e2690cb5ac788af) chore: add vendor info
* [`79365d9ba`](https://github.com/siderolabs/talos/commit/79365d9bacf0e8a6660cdc6b7172c79edf5f3ba3) feat: tpm2 based disk encryption
* [`06369e819`](https://github.com/siderolabs/talos/commit/06369e8195e76f96d232d077efb2bfb059b7aa96) fix: retry CRI pod removal, fix upgrade flow in the tests
* [`d32dd3a82`](https://github.com/siderolabs/talos/commit/d32dd3a820b07d58ca89c4226c986d87ff0e2b65) chore: update Go to 1.20.6
* [`8017afb10`](https://github.com/siderolabs/talos/commit/8017afb107b901a8785bccaac65d63f34e506568) feat: implement CRI image management and pre-pull on K8s upgrade
* [`1c2f19b36`](https://github.com/siderolabs/talos/commit/1c2f19b367af8b04fc49174540e5b141f4b34156) feat: update Kubernetes to 1.28.0-alpha.4
* [`94e9891c1`](https://github.com/siderolabs/talos/commit/94e9891c1bb44a1e7c285b4ccf1fad59ea05aa62) chore: bump sd-boot to v254-rc1
* [`936111ce0`](https://github.com/siderolabs/talos/commit/936111ce062d23ed11b30ea35585c0519260f9c5) fix: properly set up tls for KMS endpoint
* [`cb226eec4`](https://github.com/siderolabs/talos/commit/cb226eec46b59372c684c3946e0ba0910066573d) fix: rewrite encryption system information flow
* [`3206db528`](https://github.com/siderolabs/talos/commit/3206db52895416d1eb936caa4e953312b34b8549) feat: drop tpm simulator for ukify measure
* [`bd4f89f63`](https://github.com/siderolabs/talos/commit/bd4f89f6338423a79b7ce89bda1bd6704caaae59) fix: disable dashboard on Azure, GCP and Scaleway
* [`bdb96189f`](https://github.com/siderolabs/talos/commit/bdb96189faadc48e93146f9fd7b03e006bf1dd75) refactor: make maintenance service controller-based
* [`d23d04de2`](https://github.com/siderolabs/talos/commit/d23d04de2a5dee30ccf21efe767daf229de78bdb) feat: seed the kernel random pool from the TPM
* [`c81ce8cfb`](https://github.com/siderolabs/talos/commit/c81ce8cfb0bc7df66ffd1e1819b64dad6357d890) feat: support controlplane resources configuration
* [`74de562b2`](https://github.com/siderolabs/talos/commit/74de562b29c748fda3140871ea3fab99698341ef) fix: mount hugepages with nosuid + nodev
* [`ce63abb21`](https://github.com/siderolabs/talos/commit/ce63abb219a2fd4a9d3fdd93a13c343af123efc2) feat: add KMS assisted encryption key handler
* [`dafbe9deb`](https://github.com/siderolabs/talos/commit/dafbe9debdee2b015ed574ac4f5f722bce997b31) chore: optimize dockerfile instructions
* [`a4289e870`](https://github.com/siderolabs/talos/commit/a4289e8703d9f9e52b739b19b5b38e30a75a1454) chore: fix CLI docs generation stability
* [`2fec8388f`](https://github.com/siderolabs/talos/commit/2fec8388fc2fe3058b7b6f141ce9eae2c6a8268f) chore: bump dependencies
* [`c1b4262dd`](https://github.com/siderolabs/talos/commit/c1b4262dd60f6cbea6d46a8d0433499bf6365b36) docs: split simple and more complex getting started guides
* [`c9a9f9561`](https://github.com/siderolabs/talos/commit/c9a9f95611e38cf5c298f0d9fb0890a9bc0f8b98) refactor: extract secure boot certificate generation
* [`6be5a13d5`](https://github.com/siderolabs/talos/commit/6be5a13d5d8341c58d0d2fe75c49ba1de9bf7316) feat: implement machine config documents for event and log streaming
* [`e241be85b`](https://github.com/siderolabs/talos/commit/e241be85ba748163268eaeed2a88c8e295f84b28) fix: properly handle YAML comment stripping for multi-doc
* [`c02ada7d9`](https://github.com/siderolabs/talos/commit/c02ada7d952255bffe67b3c84f1f832253e1a3b5) fix: capabilities including `ALL` should be uppercase
* [`cbdf96d46`](https://github.com/siderolabs/talos/commit/cbdf96d461ec0cf8929c2c76614081ef042dda31) feat: support environment file for extensions
* [`35d6adcb9`](https://github.com/siderolabs/talos/commit/35d6adcb9ad7e9420a5bcdfcf3378a05c0b65d46) fix: provide stashed META values before installation
* [`258f07449`](https://github.com/siderolabs/talos/commit/258f07449050d69c369fdc71ac613a1a225807bf) fix: ukify cert generation
* [`bf3febb7e`](https://github.com/siderolabs/talos/commit/bf3febb7e2bf3ebf1bd66ee088f3885a178c953c) fix: refine OVMF search paths
* [`fbebc17f8`](https://github.com/siderolabs/talos/commit/fbebc17f8be7a3ca6c45c3c84d306e52c47d441d) fix: disable LVM backups/archive
* [`e5306ef26`](https://github.com/siderolabs/talos/commit/e5306ef2637dd2eb7464691b55159a43933c7419) chore: format and cleanup test scripts
* [`bc371ecfd`](https://github.com/siderolabs/talos/commit/bc371ecfdafe51f8cf34461caf9e6f51c0a93108) chore: add `/sbin/shutdown`
* [`0d313b973`](https://github.com/siderolabs/talos/commit/0d313b973367906b2fd4bcad4b2def79344dbd67) feat: add `reboot-mode` flag to `talosctl upgrade`
* [`7ce87f20c`](https://github.com/siderolabs/talos/commit/7ce87f20c39c615f4d23a3be23780a36008dcb19) fix: compare only basename of `os.Args[0]` in machined
* [`53389b1e7`](https://github.com/siderolabs/talos/commit/53389b1e724751e28046167b44f05c6ecf06f184) feat: auto-enroll secure boot keys
* [`d77f0bc7b`](https://github.com/siderolabs/talos/commit/d77f0bc7bbe01b7fc8efa21a7c57d73ecb94a01f) docs: fix broken link to powershell module
* [`e1b150a11`](https://github.com/siderolabs/talos/commit/e1b150a11014ddd0c60585d320dd7cd556cf2a0c) release(v1.5.0-alpha.1): prepare release
* [`8daf432b2`](https://github.com/siderolabs/talos/commit/8daf432b2957a8f9d5c59970cf68e7e8414038f5) chore: bump deps
* [`e3f3f5794`](https://github.com/siderolabs/talos/commit/e3f3f5794d276433748d0e677ed8476a54f8a98e) feat: implement revert for sd-boot
* [`d8b0903d7`](https://github.com/siderolabs/talos/commit/d8b0903d70181afc901d8ddb71bdfa964d4df2cd) docs: vagrant setup document fix
* [`fe0f46980`](https://github.com/siderolabs/talos/commit/fe0f46980f348852907218d6f49581efe4b45d49) feat: implement secure boot from disk
* [`445f5ad54`](https://github.com/siderolabs/talos/commit/445f5ad5426b125e29d86ff096695399bd01eb32) feat: support API server load balancer
* [`19bc223de`](https://github.com/siderolabs/talos/commit/19bc223de8ad878bffe539bda617d5f861af3cfe) refactor: bootloader interface, labels
* [`665702ddd`](https://github.com/siderolabs/talos/commit/665702ddd351e902336e6ab81108ea94d61db5c1) chore: fix cilium e2e tests
* [`71a548d18`](https://github.com/siderolabs/talos/commit/71a548d18013ee16394921759e819b0fabb43758) chore: generic boootloader implementation
* [`e9dbc9311`](https://github.com/siderolabs/talos/commit/e9dbc9311bcbbbcaab2c7eb7f7128013194c234a) test: bump versions for upgrade tests
* [`0a99965ef`](https://github.com/siderolabs/talos/commit/0a99965efbdd5dc0d927eb2cbae209dc143c9541) refactor: replace `uncordonNode` with controllers
* [`e858bca3a`](https://github.com/siderolabs/talos/commit/e858bca3a2f75d5035710d52229c8142f3eb6982) test: fix cilium integration tests
* [`455328d05`](https://github.com/siderolabs/talos/commit/455328d058fba3a5a8b3358820a02e2b4fabad95) fix: allow time skew for generated kubeconfig
* [`3ae05648a`](https://github.com/siderolabs/talos/commit/3ae05648ae0a2f79bebd678f85d63d4e5dafde0a) fix: usage of custom kernels
* [`0797b0d16`](https://github.com/siderolabs/talos/commit/0797b0d16808d115649a9e0e37b355bbbc2a30b5) chore: add a pipeline to test cloud-images step without a release
* [`e5a36268b`](https://github.com/siderolabs/talos/commit/e5a36268b63e588ea6cd2439bf0de356ee07d752) docs: include `allowSchedulingOnControlPlanes` on `talosctl gen config` output
* [`c74d93728`](https://github.com/siderolabs/talos/commit/c74d937280c2ec707936a72d07dc2a5dd252c5d2) chore: bump github.com/cosi-project/runtime
* [`dbaf5c699`](https://github.com/siderolabs/talos/commit/dbaf5c69978fd1d22737385ddd096798d408254c) refactor: task `labelControlPlane` into controllers
* [`1865a0c29`](https://github.com/siderolabs/talos/commit/1865a0c29663a1a78db7ef6e901d450d67a3cbe1) chore: modify some usages that are not recommended
* [`3816318b9`](https://github.com/siderolabs/talos/commit/3816318b9e2e205da0c949c0ec59a087decd0b78) chore: wrap config.Provider in atomic wrapper
* [`d04cf1978`](https://github.com/siderolabs/talos/commit/d04cf19788df20c802eadb9678570a4f15d339b2) chore: clean up unnecessary self assignment
* [`a34a94898`](https://github.com/siderolabs/talos/commit/a34a948985fed7c3054c4342c48e0e0620569625) fix: copy missing modules.* files
* [`f5e3272fc`](https://github.com/siderolabs/talos/commit/f5e3272fce641a878eefa66437d28d3ed9917ab6) refactor: task 'updateBootLoader' as controller
* [`e7be6ee7c`](https://github.com/siderolabs/talos/commit/e7be6ee7c3636eebd557d93e440e9749c8093360) refactor: make event log streaming fully reactive
* [`aef2192a6`](https://github.com/siderolabs/talos/commit/aef2192a6584e7934086eae0caab6faba52a8ac1) chore: use fixed module list
* [`c719aa231`](https://github.com/siderolabs/talos/commit/c719aa2316bffa3b614d27d630ea3d8731684f4e) fix: allow http:// for discovery service URL
* [`39134d8d5`](https://github.com/siderolabs/talos/commit/39134d8d5304cec5e1a1c5fe23f62ed957241213) chore: fix cron pipeline
* [`a61dcdbbd`](https://github.com/siderolabs/talos/commit/a61dcdbbd5c917b49c810108ff96854ad51269b1) fix: don't load RDMA over Ethernet driver by default
* [`aac441f61`](https://github.com/siderolabs/talos/commit/aac441f618ac60f2298d9e17a2044916f7da9d69) chore: update Go to 1.20.5, bump dependencies
* [`1c0c7933d`](https://github.com/siderolabs/talos/commit/1c0c7933dfef23544e2fb0fc04c4c5ad7d5b5d9b) chore: cleanup partition code
* [`31b988281`](https://github.com/siderolabs/talos/commit/31b988281efb9d0c66975bbfc20b893ad32c161d) docs: add some words about certifcates
* [`e912c0dfc`](https://github.com/siderolabs/talos/commit/e912c0dfcf515c5a6c852f4b935c9b48e61b13f1) chore: use go-blockdevice for zeroing partitions
* [`e6dde8ffc`](https://github.com/siderolabs/talos/commit/e6dde8ffc50e435a42d11eb96cf6aea2cf3520ca) feat: add network chaos to qemu development environment
* [`47986cb79`](https://github.com/siderolabs/talos/commit/47986cb79eb30c6e9c0d091ee37b2b1c2f20885c) chore: unify kexec phase
* [`3a865370f`](https://github.com/siderolabs/talos/commit/3a865370f5152243e08a69626de023f924e22689) feat: qemu secureboot
* [`5dab45e86`](https://github.com/siderolabs/talos/commit/5dab45e86917837b0991a62ab94a7b96b3ef777e) refactor: allow kmsg log streaming to be reconfigured on the fly
* [`8a02ecd4c`](https://github.com/siderolabs/talos/commit/8a02ecd4cb97bcaafe5761d464fec8a4e44b672f) chore: add endpoints balancer controller
* [`423a31ac9`](https://github.com/siderolabs/talos/commit/423a31ac9d8f28c2bcf00794bacf5446e43fc0b7) chore: deprectae `bootloader` installer option
* [`cdfece7d6`](https://github.com/siderolabs/talos/commit/cdfece7d64a9269afcc213f8d604d0b7e525cb8a) chore: optimize image compression
* [`bfc341937`](https://github.com/siderolabs/talos/commit/bfc34193762cb309ef2230f4d79673c4a56f4db5) chore: add default console args
* [`2749aeeda`](https://github.com/siderolabs/talos/commit/2749aeeda0451b286369d911696070e2cf4359e9) feat: add support for multi-doc strategic merge patching
* [`3f68485e4`](https://github.com/siderolabs/talos/commit/3f68485e44800a0c50b5855531ec10507e7d0df9) feat: add uki iso generation
* [`bab484a40`](https://github.com/siderolabs/talos/commit/bab484a405cb598d1c5f35f7602c2ac27e6efa97) feat: use stable network interface names
* [`196dfb99b`](https://github.com/siderolabs/talos/commit/196dfb99b0329d5c52fd7089e62fbfa1b09df3c6) fix: do not probe kernel args in dashboard if not needed
* [`8c071b579`](https://github.com/siderolabs/talos/commit/8c071b5796db05ecb17e46295eb2140827a58ca8) fix: skip DHCP RENEW if server IP in the lease is all zeroes
* [`badbc51e6`](https://github.com/siderolabs/talos/commit/badbc51e63b685e22fffb82ae294a35cd9f65922) refactor: rewrite code to include preliminary support for multi-doc
* [`ecce29dee`](https://github.com/siderolabs/talos/commit/ecce29dee9625842e419496e18560291ef90b1b5) fix: upgrade-k8s use internal IP first, external IP fallback
* [`3c64a5ffb`](https://github.com/siderolabs/talos/commit/3c64a5ffba2109ccf5102f71652e54def52f8dbf) chore: optimize image generation time
* [`2292f36d9`](https://github.com/siderolabs/talos/commit/2292f36d970d3edcf39b5d5f12d0051d7d75f390) chore: registry.k8s.io for coredns image
* [`f2b258b37`](https://github.com/siderolabs/talos/commit/f2b258b3733a8fcc34bccde3bf01855a512d519a) docs: document talosctl version for upgrades
* [`a0773f783`](https://github.com/siderolabs/talos/commit/a0773f783cfb3cfab8cbbeffb6449159754d785e) chore: add ukify Go script
* [`b69e38d1f`](https://github.com/siderolabs/talos/commit/b69e38d1ff069ba8fac7a6524621f8b3c7256238) chore: bump dependencies
* [`adce65103`](https://github.com/siderolabs/talos/commit/adce65103424f9f895e6b8c4858b27b3eb6bd74b) docs: add piraeus/drbd to storage documentation
* [`a982cabe7`](https://github.com/siderolabs/talos/commit/a982cabe7011c87e863f7bb0829921e927ddf782) docs: link support matrix in k8s update doc
* [`1fb29a56a`](https://github.com/siderolabs/talos/commit/1fb29a56a8abe5d72b8a3a336693e798424c63e0) fix: fail quickly if upgrade-k8s is used with multiple nodes
* [`51d931c47`](https://github.com/siderolabs/talos/commit/51d931c4705fc7ca0bdadc59d732e56fae318dda) chore: faster dev cycle
* [`dc6764871`](https://github.com/siderolabs/talos/commit/dc6764871c9e732b88f7cddc1784e943e9d952bb) refactor: move around config interfaces, make RawV1Alpha1 typed
* [`ea9a97dba`](https://github.com/siderolabs/talos/commit/ea9a97dba38c6ab2de830e3b0c3d202d22bdb668) fix: fall back to external IP when discovering nodes in upgrade-k8s
* [`0bb7e8a5c`](https://github.com/siderolabs/talos/commit/0bb7e8a5cf8b8f3bf31d9f8c3a85b4153921c126) refactor: split config.Provider into Config & Container
* [`85d8a1619`](https://github.com/siderolabs/talos/commit/85d8a1619431989eb05cb15ad01a1bc06b0f63e9) chore: bump deps
* [`39b7a56f0`](https://github.com/siderolabs/talos/commit/39b7a56f01d41d33eb96a0feb6e34d43965a99fd) chore: use 8GiB instead of 10GiB for cloud images
* [`ff11fd39c`](https://github.com/siderolabs/talos/commit/ff11fd39c723a40c01abe6348f64b1f892856175) fix: race with `udevd` and `mountUserDisks`
* [`c3fabb982`](https://github.com/siderolabs/talos/commit/c3fabb9829d12353770d6436a1d726b15820ebce) chore: update default image sizes to 10GB for all "cloud" images
* [`10155c390`](https://github.com/siderolabs/talos/commit/10155c390e87898098426600709657fbd51e02e8) feat: enable xfs project quota support, kubelet feature
* [`eba818564`](https://github.com/siderolabs/talos/commit/eba81856427dd3f6c0cf317f027e63d65a079029) release(v1.5.0-alpha.0): prepare release
* [`383471c3e`](https://github.com/siderolabs/talos/commit/383471c3e956ff6e077a1de75b02a50835fbf352) feat: update default Kubernetes to v1.27.2
* [`8f68d1abe`](https://github.com/siderolabs/talos/commit/8f68d1abeff83c3ff0e6c5d9f61cb14807b44ca5) chore: bump deps
* [`e0c1585d3`](https://github.com/siderolabs/talos/commit/e0c1585d3047ef213134331dc57f8e2e8c23a93d) feat: create azure community gallery image version on release
* [`dd8336c9e`](https://github.com/siderolabs/talos/commit/dd8336c9ee7f8a3a44d45c9f9e3cbbf741f84c44) fix: refresh kubelet self-issued serving certificates
* [`bb02dd263`](https://github.com/siderolabs/talos/commit/bb02dd263cbc5e7e3839148d86a4a0a5f7ea998b) chore: drop deprecated stuff for Talos 1.5
* [`61cad8673`](https://github.com/siderolabs/talos/commit/61cad86731e5c0aa80d7df41ea02d0b7ff579c45) chore: bump deps
* [`01dfd3af7`](https://github.com/siderolabs/talos/commit/01dfd3af7d64dacd179d17d9d5eaf4bc44cf72af) feat: update etcd to v3.5.9
* [`aa65fbb8a`](https://github.com/siderolabs/talos/commit/aa65fbb8a1752a70e7bac4e4e9872f35e88d1cc9) chore: update KUBECTL_URL to reflect the community bucket
* [`cc3128d94`](https://github.com/siderolabs/talos/commit/cc3128d944abacfb633bc783b7fed6d0a6f80661) chore: bump kernel to 6.1.28
* [`97fffaf78`](https://github.com/siderolabs/talos/commit/97fffaf78a0b9a1dc67709de11d37ea20aefde59) chore: use ctest.UpdateWithConflicts instead of plain UpdateWithConflicts
* [`3b36993b9`](https://github.com/siderolabs/talos/commit/3b36993b9926392f4290e6fabc82e635f4c98149) fix: rlimit nofile test
* [`45e6e27af`](https://github.com/siderolabs/talos/commit/45e6e27af75746fd0cc8b0f98a2d14579eb0ed40) chore: bump runtime
* [`4f720d465`](https://github.com/siderolabs/talos/commit/4f720d46532af39165fc5051052d5c42595d91af) fix: revert: set rlimit explicitly in wrapperd
* [`a2565f674`](https://github.com/siderolabs/talos/commit/a2565f67416e9b9bc22f2d5506df9ea7771c0c8c) fix: set rlimit explicitly in wrapperd
* [`cdfc242b8`](https://github.com/siderolabs/talos/commit/cdfc242b8354f4cc4e7ce51bbe3a8fb20b35995d) chore: re-enable Go buildid
* [`e67f3f5c5`](https://github.com/siderolabs/talos/commit/e67f3f5c5453f947355194ea9656c15ff008c35e) feat: linux 6.1.27, containerd 1.6.21, go 1.20.4
* [`55ae59a0a`](https://github.com/siderolabs/talos/commit/55ae59a0ad71293676b3efed461f5ab98101401a) fix: properly skip/cleanup controlplane configs for workers
* [`64eade9bd`](https://github.com/siderolabs/talos/commit/64eade9bde271bce4e629e6ac09407c8c42e01be) chore: clean up unused constant
* [`62c6e9655`](https://github.com/siderolabs/talos/commit/62c6e9655cb639d4993aaa4c9b364342688599cb) feat: introduce siderolink config resource & reconnect
* [`860002c73`](https://github.com/siderolabs/talos/commit/860002c7352bedd10845e11da37c80685ff0e720) fix: don't reload control plane pods on cert SANs changes
* [`d43c61e80`](https://github.com/siderolabs/talos/commit/d43c61e80f5b05b81f2a021cdfe012e500c3d98e) fix: enforce nolock option for all NFS mounts by default
* [`339986db9`](https://github.com/siderolabs/talos/commit/339986db9d3675b78ce0d268f799ad654862fb0f) fix: inhibit timer to follow kubelet timer
* [`cbf6dc100`](https://github.com/siderolabs/talos/commit/cbf6dc1009ad47a2804774839e4e0301efa8ac78) fix: set timeout for unmount calls
* [`b58f913d5`](https://github.com/siderolabs/talos/commit/b58f913d5f4b8ecf39be183d0bafe1109f0f0737) fix: set the static pod priority as values
* [`f8a7a5b6b`](https://github.com/siderolabs/talos/commit/f8a7a5b6bf4138a33cbe5c9afe85db99de167aec) docs: add information about KubeSpan ports and topology
* [`2bad74d64`](https://github.com/siderolabs/talos/commit/2bad74d6423c083ec34f1b422f23b0024d5f8798) docs: add how to on scaling down
* [`7442ff8b0`](https://github.com/siderolabs/talos/commit/7442ff8b095ef1337f54332a71d08053a2832144) chore: fix typos inteface -> interface (docs and tests)
* [`d4e94f7a1`](https://github.com/siderolabs/talos/commit/d4e94f7a15acf7f3c9e7532b067cdacd0e805bec) fix: add back required TARGETARCH for installer
* [`e6fffda01`](https://github.com/siderolabs/talos/commit/e6fffda01385a2daaa901a5742f30a4edc9186a7) chore: linux 6.1.26, runc 1.1.7
* [`344746ae2`](https://github.com/siderolabs/talos/commit/344746ae2fa038b704d02fec04c3d358762fe938) fix: bump max inhibit delay to 20 min
* [`d9bdea2b5`](https://github.com/siderolabs/talos/commit/d9bdea2b54772f067783ee64eb85c834957d386a) chore: fork docs and compatibility modules for Talos 1.5
* [`3d99610fc`](https://github.com/siderolabs/talos/commit/3d99610fc9b0d0084be822be29bb1bf2fbe85833) docs: document building, verifying image and process caps
* [`014008ea2`](https://github.com/siderolabs/talos/commit/014008ea25208afbeabb42ef89238802705ad4e0) fix: udevd rules trigger
* [`9b36bb613`](https://github.com/siderolabs/talos/commit/9b36bb613b44f182e47ae63bc74e4a8b6342d68d) feat: update Linux to 6.1.25, fix virtio on arm64
* [`08ec66c55`](https://github.com/siderolabs/talos/commit/08ec66c55ccca3f9aa82a9703ebf183913b19a7e) feat: clean up (garbage collect) system images which are not referenced
* [`b097efcde`](https://github.com/siderolabs/talos/commit/b097efcde29c20cdc4fed23fe8366bd683db634c) fix: display correct number of machines on dashboard
* [`cad43f0ad`](https://github.com/siderolabs/talos/commit/cad43f0ad3bc2ede8a6ae81767c9226b6bc69f19) chore: remove k8s master label
* [`e296a566e`](https://github.com/siderolabs/talos/commit/e296a566e6efb0cbdd119e73aff1feaa772d38bd) fix: support kernel userspace module loading
* [`103f0ffdd`](https://github.com/siderolabs/talos/commit/103f0ffdd3ebd57a5086852f3502a8a7d4428faa) feat: add startup probes to controller-manager and scheduler
* [`5a1ae8aae`](https://github.com/siderolabs/talos/commit/5a1ae8aae89e54d5540586d6f2e99ef3e80a72eb) chore: bump dependences
* [`ec8c8dbaf`](https://github.com/siderolabs/talos/commit/ec8c8dbafcdaf63d036bdba92fa153d4d1c90100) chore: fix container image reproducibility
* [`f661d8487`](https://github.com/siderolabs/talos/commit/f661d84877e6db5bc8856b982990926dcbfe949c) fix: allow `talosctl cp` to handle special files in `/proc`
* [`2d824b563`](https://github.com/siderolabs/talos/commit/2d824b5639a4b8c3b673d13b08b2b97c69aafe0d) fix: do not show control plane status for workers on dashboard
* [`e5491ddad`](https://github.com/siderolabs/talos/commit/e5491ddadeb1776bd5c17dd35917e05ec4847d0f) docs: update documentation for nocloud
* [`7a004a6f7`](https://github.com/siderolabs/talos/commit/7a004a6f7f47fa5d17e855eb02650754d8411574) fix: parse errors correctly
* [`374ef5385`](https://github.com/siderolabs/talos/commit/374ef53853947811dc221d99751cf0e16294508c) test: submit verbose flag to e2e tests
* [`e1d38b6fe`](https://github.com/siderolabs/talos/commit/e1d38b6febf26fe31a6b9d6ed8f9b6bdba29aa3b) feat: show template URL in dashboard config URL tab
* [`45d7f0ce9`](https://github.com/siderolabs/talos/commit/45d7f0ce95454ce85c403fc493ddb97e4d478238) docs: fix the latest url
* [`96efbf147`](https://github.com/siderolabs/talos/commit/96efbf14769579d514ef9c75d01d9f44d276113a) docs: activate 1.4.0 docs by default
* [`8c1f515b1`](https://github.com/siderolabs/talos/commit/8c1f515b1b8e40bce42e2fc04755afe5bf8a56aa) feat: update Linux to 6.1.24
* [`8689bef5f`](https://github.com/siderolabs/talos/commit/8689bef5f10839091cf131edb6c8efad4ccba034) docs: update documentation for Talos 1.4
* [`a781dfb8e`](https://github.com/siderolabs/talos/commit/a781dfb8e3ded67edcb2a6a1048bfe76c6bd0d24) feat: update Kubernetes to 1.27.1
* [`a737dd83a`](https://github.com/siderolabs/talos/commit/a737dd83a4cd7549f85f8df0882f1c9a4446060d) chore: typo in `compatibility.ParseKubernetesVersion`
* [`f14928b0a`](https://github.com/siderolabs/talos/commit/f14928b0a9dd3d85664605f4f6a206236ea94614) fix: fix dashboard crash when a non-existent node is specified
* [`3e406d9b0`](https://github.com/siderolabs/talos/commit/3e406d9b07c0e67a2fb61e612bc3f378f3c35247) feat: update etcd to v3.5.8
* [`bd1cff3e8`](https://github.com/siderolabs/talos/commit/bd1cff3e83530b9b89b27d8083ea8f3f0cf6ede4) chore: remove Go buildid
* [`e31f7f50b`](https://github.com/siderolabs/talos/commit/e31f7f50b1b455beb98cd25859a44bbbccc1ff64) feat: update Kubernetes to 1.27.0
* [`aa3640d74`](https://github.com/siderolabs/talos/commit/aa3640d74ce2e3619476453381909fa3520eb87d) docs: update storage.md
* [`07bb61e60`](https://github.com/siderolabs/talos/commit/07bb61e60c53b267756dc97874b9c9554f2b1486) chore: module-sig-verify cleanup
* [`5e9d836c3`](https://github.com/siderolabs/talos/commit/5e9d836c3d075c3edb2d48b2868c31a1c963e2de) chore: add kernel module signtaure verification
* [`3cd1c6bb0`](https://github.com/siderolabs/talos/commit/3cd1c6bb0b83e5747a7356140a44b16deb4727e6) fix: send 'STOP' event on phase end
* [`5176d27dc`](https://github.com/siderolabs/talos/commit/5176d27dc566d8689bb305398da7250269ebe9a3) feat: update Kubernetes to 1.27.0-rc.1
* [`2c55550a6`](https://github.com/siderolabs/talos/commit/2c55550a66b49b49d8dc95b83516b7c0f8107300) fix: quote ISO kernel args for GRUB
* [`319d76e38`](https://github.com/siderolabs/talos/commit/319d76e38978406d8d37e89ada2c403969d6c972) fix: respect BROWSER=echo in client auth interceptor
* [`4e4ace839`](https://github.com/siderolabs/talos/commit/4e4ace839c0f558e7b00979fa4c64c32985aa3ce) chore: update Go to 1.20.3
* [`170f73899`](https://github.com/siderolabs/talos/commit/170f73899a3bf29e9c6f76fdc5e510be08edf4aa) fix: correctly parse static pod phase
* [`c3a595d5b`](https://github.com/siderolabs/talos/commit/c3a595d5b7d3c7c3091229caef6b2553416edb56) fix: improve action tracking post checks
* [`eb01edbc8`](https://github.com/siderolabs/talos/commit/eb01edbc8a0ef5810693afe450861d5b63877b72) fix: rework DHCP flow
* [`e095150a6`](https://github.com/siderolabs/talos/commit/e095150a6e34cbdc805a2cac85ec7f28f98629b4) test: bump CAPI components versions
</p>
</details>

### Changes since v1.5.0-alpha.2
<details><summary>9 commits</summary>
<p>

* [`d2f64af86`](https://github.com/siderolabs/talos/commit/d2f64af863e14b1d111bbeeaa6d9077aadaf6085) chore: disable cloud-images, pull in new kernel and gre module
* [`8edce4906`](https://github.com/siderolabs/talos/commit/8edce490639c213cd8c45989a5a87e3388179d37) docs: improve proxmox install guide
* [`c783458be`](https://github.com/siderolabs/talos/commit/c783458be0c90b779bcc2fe3c10e37fd3dfe01db) docs: typo dhcp -> dhcp
* [`003cbd161`](https://github.com/siderolabs/talos/commit/003cbd161196375edc8ee5033be62014eb88202e) docs: warn about secretboxEncryptionSecret in kubeadm migration guide
* [`786e86f5b`](https://github.com/siderolabs/talos/commit/786e86f5b8219ef37c5c6480d97c440cbbd53e30) refactor: rewrite the way Talos acquires the machine configuration
* [`5e13cafe5`](https://github.com/siderolabs/talos/commit/5e13cafe5b506039fdd652372b1d1f71a1c1c10b) feat: enforce kernel lockdown for UKI
* [`4d96d642f`](https://github.com/siderolabs/talos/commit/4d96d642fd9c462db2c084afee1428009d454a9e) feat: update default Kubernetes version to 1.28.0-beta.0
* [`170a73e16`](https://github.com/siderolabs/talos/commit/170a73e161eacb0e21ce95e7a7e406533552bf1d) chore: support creating qemu guest socket
* [`59ac38a6b`](https://github.com/siderolabs/talos/commit/59ac38a6bffe943fa634b124b8ec2a907f95a006) docs: add docs for installing azure ccm and csi
</p>
</details>

### Changes from siderolabs/crypto
<details><summary>2 commits</summary>
<p>

* [`8f77da3`](https://github.com/siderolabs/crypto/commit/8f77da30a5193d207a6660b562a273a06d73aae0) feat: add a method to load PEM key from file
* [`c03ff58`](https://github.com/siderolabs/crypto/commit/c03ff58af5051acb9b56e08377200324a3ea1d5e) feat: add a way to represent redacted x509 private keys
</p>
</details>

### Changes from siderolabs/discovery-api
<details><summary>1 commit</summary>
<p>

* [`5e3db3c`](https://github.com/siderolabs/discovery-api/commit/5e3db3c1a656ebdc717494e5384f10c7b11eef0f) chore: app optional ControlPlane data
</p>
</details>

### Changes from siderolabs/discovery-client
<details><summary>1 commit</summary>
<p>

* [`9ba5f03`](https://github.com/siderolabs/discovery-client/commit/9ba5f033a47d41448153962c5fe22db2d9a8a00c) chore: app optional ControlPlane data
</p>
</details>

### Changes from siderolabs/extras
<details><summary>3 commits</summary>
<p>

* [`f415aac`](https://github.com/siderolabs/extras/commit/f415aac20c245592612a02157d247cb2dd4a5d45) feat: update Go to 1.20.6
* [`a73d524`](https://github.com/siderolabs/extras/commit/a73d5243f443fd32376780bf2a4f97b08f28917c) feat: update Go to 1.20.5
* [`36c8ac4`](https://github.com/siderolabs/extras/commit/36c8ac4ab98300059acaad501c2adc8abd39179f) chore: update to Go 1.20.3
</p>
</details>

### Changes from siderolabs/gen
<details><summary>3 commits</summary>
<p>

* [`f9f5805`](https://github.com/siderolabs/gen/commit/f9f5805973d30fe6bbac2f4a79ad4197fe59970e) chore: bump rekres and add functions from exp
* [`b968d21`](https://github.com/siderolabs/gen/commit/b968d21c9671d97e54317f80cdf781d6f963e44b) feat: add `TryRecv` and `RecvWithContext` functions
* [`476dfea`](https://github.com/siderolabs/gen/commit/476dfeae70882e1ca6e5cfed3d6e12dc36841a26) feat: add foreach and clear to lazymap
</p>
</details>

### Changes from siderolabs/go-blockdevice
<details><summary>4 commits</summary>
<p>

* [`fbb01f7`](https://github.com/siderolabs/go-blockdevice/commit/fbb01f714bdc9c32ea3459345b730b1043ce10c0) fix: properly detect token not found error
* [`3e08968`](https://github.com/siderolabs/go-blockdevice/commit/3e089682439e885c6386f833e35728ce54daff44) fix: do not attach token to a key slot
* [`f2c419e`](https://github.com/siderolabs/go-blockdevice/commit/f2c419e81dcba3c5be007130f677d2075e2aec3c) feat: support LUKS token management
* [`076874a`](https://github.com/siderolabs/go-blockdevice/commit/076874a155ad44d764d25081125f950e8194d023) chore: resolve blockdevice symlinks
</p>
</details>

### Changes from siderolabs/go-debug
<details><summary>1 commit</summary>
<p>

* [`43d9100`](https://github.com/siderolabs/go-debug/commit/43d9100eba3a30ff0d7f1bed0058e6631243cc47) chore: allow enabling pprof manually
</p>
</details>

### Changes from siderolabs/go-kubernetes
<details><summary>2 commits</summary>
<p>

* [`69fea5b`](https://github.com/siderolabs/go-kubernetes/commit/69fea5b840fb51aa08e5fbf380fa924b9d444094) feat: support upgrades to Kubernetes 1.28
* [`5a3df5b`](https://github.com/siderolabs/go-kubernetes/commit/5a3df5b002d74ba9f4d773dc1278047481b1d4ba) fix: remove removed APIs for 1.27 upgrade
</p>
</details>

### Changes from siderolabs/go-loadbalancer
<details><summary>6 commits</summary>
<p>

* [`574126c`](https://github.com/siderolabs/go-loadbalancer/commit/574126cbf0e1e45a06cabaf602e5070dd7d441e2) chore: add 0.1ms tier and fix tiers
* [`5301800`](https://github.com/siderolabs/go-loadbalancer/commit/5301800a874e853d97f8e12195558f79c97c0beb) chore: fix logging and tests
* [`b23a173`](https://github.com/siderolabs/go-loadbalancer/commit/b23a1733aa9b303bda82175b4f5e9f8a4765a27b) chore: replace std log with zap
* [`1a2f374`](https://github.com/siderolabs/go-loadbalancer/commit/1a2f374df7804dffe683e8be90e9829f2dfb5e95) feat: add multi-tier scoring based for generic List
* [`56a27da`](https://github.com/siderolabs/go-loadbalancer/commit/56a27da7083139b71898f4f9207dc40088e8c815) chore: move to siderolabs/tcpproxy of inet.af/tcpproxy
* [`f3a0e24`](https://github.com/siderolabs/go-loadbalancer/commit/f3a0e2411e08eef9c79876f3dc6e09e770710379) fix: use SO_LINGER option when doing TCP healthchecks
</p>
</details>

### Changes from siderolabs/kms-client
<details><summary>3 commits</summary>
<p>

* [`50064b6`](https://github.com/siderolabs/kms-client/commit/50064b67ac73c0a3f6f89c6a44ef914711107df0) fix: pass context to the key handler in the server wrapper
* [`83e0a2e`](https://github.com/siderolabs/kms-client/commit/83e0a2ec6b06668940ec31d64491d9b8a630524b) feat: define API and add reference implementation for KMS server
* [`8c37ee8`](https://github.com/siderolabs/kms-client/commit/8c37ee83099a6563197c89166b0ea596eebf0598) Initial commit
</p>
</details>

### Changes from siderolabs/pkgs
<details><summary>41 commits</summary>
<p>

* [`fedfafa`](https://github.com/siderolabs/pkgs/commit/fedfafa77de930ae7945e16ace61c13568024ac5) feat: add thunderbolt/USB4 module
* [`17d5b94`](https://github.com/siderolabs/pkgs/commit/17d5b94cc7b3e9f9c86a9f5080dcc70f095659fe) feat: enable NET_IPGRE kernel config
* [`84cdfb6`](https://github.com/siderolabs/pkgs/commit/84cdfb6d270201b166dacdcd928669d028e12deb) feat: add 'zfs' package
* [`d0eaedc`](https://github.com/siderolabs/pkgs/commit/d0eaedcb5cd2510925e4609369e25c3e3572d5fe) feat: enable DM_RAID kernel config
* [`d5e0fad`](https://github.com/siderolabs/pkgs/commit/d5e0fad0d59dfb8d2386ab2ad6c7df749e0b9413) feat: update dependencies
* [`c644633`](https://github.com/siderolabs/pkgs/commit/c644633324ed1e56ab19f146c04ed3984736a88a) feat: enable multi-gen lru by default
* [`75696ba`](https://github.com/siderolabs/pkgs/commit/75696ba81581ef0f1af668db565a08950145e45d) feat: update Go to 1.20.6
* [`205cab6`](https://github.com/siderolabs/pkgs/commit/205cab6d0e6be2721c5338bef232e3345d3a299f) chore: feat use new sd-boot
* [`fb817fe`](https://github.com/siderolabs/pkgs/commit/fb817fe20789ca48895275e1877808a9206630dd) fix: enable USB attached SCSI driver on x86 systems
* [`43451e6`](https://github.com/siderolabs/pkgs/commit/43451e68a0ddf634b90c7c12cca9437faa52d183) chore: bump dependencies
* [`eca94f8`](https://github.com/siderolabs/pkgs/commit/eca94f8f1b9c3ceb62efb53fd1260d49ce17f1dd) feat: enable sriov
* [`5a8e8e5`](https://github.com/siderolabs/pkgs/commit/5a8e8e594248847bb606ca07b3ea29e187e20d26) feat: enable VMWARE/HYPERV vsockets
* [`edd725a`](https://github.com/siderolabs/pkgs/commit/edd725a0f9d07d39256d98a67be5dc4c56631078) chore: bump deps
* [`c0ac69b`](https://github.com/siderolabs/pkgs/commit/c0ac69b70cfac3cdcf100a35f6d766c5ae47d950) feat: enable CONFIG_NVME_{MULTIPATH|AUTH}
* [`f7cd916`](https://github.com/siderolabs/pkgs/commit/f7cd916b47975e61c6732079c1c5c4684dfb8c96) fix: bump drbd to 9.2.4
* [`a56d15a`](https://github.com/siderolabs/pkgs/commit/a56d15ad626b6e76a137636d6088361be9a73a9f) fix: copy missing `modules.*` files
* [`1eefa66`](https://github.com/siderolabs/pkgs/commit/1eefa664fc7c65491e956a6f403ada774e73a7d3) feat: build isb modem drivers as module
* [`a859f4f`](https://github.com/siderolabs/pkgs/commit/a859f4fb257e17fa19b1c10efcae594d33a86618) fix: build RDMA_RXE as a module
* [`5fb5e95`](https://github.com/siderolabs/pkgs/commit/5fb5e9517de9fe35e383b96e92fa873aa045a845) feat: bump dependencies
* [`39a64b2`](https://github.com/siderolabs/pkgs/commit/39a64b23e2c8689c44b9891b1e70149b8d003655) feat: update Linux to 6.1.31, add GENEVE for arm64
* [`97177be`](https://github.com/siderolabs/pkgs/commit/97177be803cc91c8fabccfec575b7d920bc78c38) feat: update Linux to 6.1.30
* [`b1f9d4e`](https://github.com/siderolabs/pkgs/commit/b1f9d4e717fbd0132b820d45c226ca643d7f577e) chore: prevent unsigned kexec with secureboot
* [`9232a42`](https://github.com/siderolabs/pkgs/commit/9232a425b85b1058cd38eab30304f6cf243ab32c) feat: add reproducibility pipelines
* [`702d7a7`](https://github.com/siderolabs/pkgs/commit/702d7a7e90099d8fdc9cc4ba50e86c8ba6e91d77) chore: bump deps
* [`7958db1`](https://github.com/siderolabs/pkgs/commit/7958db1549a7c7560eeeb8f9c06d3be9487d8804) chore: copy over sd-boot and sd-stub from tools
* [`813b3c3`](https://github.com/siderolabs/pkgs/commit/813b3c3d3276d0d9156919307e9ffe521925d40b) chore: revert xfsprogs
* [`0cc78ab`](https://github.com/siderolabs/pkgs/commit/0cc78ab82ce920c8fa5654c73738050107e190bb) chore: bump kernel to 6.1.28
* [`70189e3`](https://github.com/siderolabs/pkgs/commit/70189e3df555fed4afade93798d72cd31aad99c5) chore: bump deps
* [`c5d3bf1`](https://github.com/siderolabs/pkgs/commit/c5d3bf1985b49e688d29d06db6730834f65ee480) feat: add sd-stub and sd-boot
* [`30a7ac2`](https://github.com/siderolabs/pkgs/commit/30a7ac2974fb7580e83819c76502fde77d777ea0) feat: update Linux 6.1.27, containerd 1.6.21
* [`fbc6ee5`](https://github.com/siderolabs/pkgs/commit/fbc6ee55b6ffae44c117255901ab0fbecae79cc3) chore: bump deps
* [`82b9489`](https://github.com/siderolabs/pkgs/commit/82b9489b88b108f144b45fb55432576bfd767f91) chore: bump dependencies
* [`f37e520`](https://github.com/siderolabs/pkgs/commit/f37e5205cf10fe10296e86565fa018d149f5d8c4) feat: update Linux to 6.1.25
* [`3920b16`](https://github.com/siderolabs/pkgs/commit/3920b163a5c6a6d7c7969155a909a7b2122e65f6) feat: add multi-gen LRU kernel support
* [`988f1ec`](https://github.com/siderolabs/pkgs/commit/988f1ecf95536fb259cbd79e044a556728bc7332) feat: update Linux to 6.1.24
* [`5327d12`](https://github.com/siderolabs/pkgs/commit/5327d1263680f76706ea667906ca08222c8398da) fix: remove FB_NVIDIA drivers, Linux 6.1.23
* [`4eae958`](https://github.com/siderolabs/pkgs/commit/4eae958770573613bc29568d130be7aaa775e530) chore: copy over the kernel signing public key
* [`174f8fc`](https://github.com/siderolabs/pkgs/commit/174f8fc9c80d871f1c03ea0a53dc8b6eb7112ccf) chore: update Go to 1.20.3
* [`41629b0`](https://github.com/siderolabs/pkgs/commit/41629b03e82bfb77623a812000ef8e98d15d56fa) chore: reorder pkgs for better kernel caching
* [`b483a6b`](https://github.com/siderolabs/pkgs/commit/b483a6b01f539b0da13ca09882015044bff24e41) feat: build 'snp.efi' for iPXE
* [`fb853ff`](https://github.com/siderolabs/pkgs/commit/fb853ff6b1194cdc1f2412c776347cf4b55c3336) feat: update containerd to 1.6.20
</p>
</details>

### Changes from siderolabs/tools
<details><summary>20 commits</summary>
<p>

* [`dc7dd9e`](https://github.com/siderolabs/tools/commit/dc7dd9e5b949f6f5d7626f11cb3b001526e8d1de) chore: remove libseccomp
* [`e27c249`](https://github.com/siderolabs/tools/commit/e27c249c3213af6d12be4fb440a8f896c8e1b3d4) feat: update Go to 1.20.6
* [`9b6d512`](https://github.com/siderolabs/tools/commit/9b6d5123fa1e28160019a4b6e8b0f04482c49dc0) feat: use systemd 254-rc1
* [`cd3b692`](https://github.com/siderolabs/tools/commit/cd3b692b0cf5c663548cbe75db43036e11ee1014) chore: bump deps
* [`c1027a6`](https://github.com/siderolabs/tools/commit/c1027a63d058b77f6cce7351fa7b63d4c94883ad) chore: remove sbsign
* [`e0c76c0`](https://github.com/siderolabs/tools/commit/e0c76c096d06ef11afdb54287d5f15add108399b) chore: bump dependencies
* [`7d0cd58`](https://github.com/siderolabs/tools/commit/7d0cd58b34bba6b9415db5e39bed351e7f00d44d) feat: update Go to 1.20.5
* [`150efc2`](https://github.com/siderolabs/tools/commit/150efc22508043bfadc9d84a8c3c5fee6c2aac5f) chore: remove non needed tools
* [`88ebb40`](https://github.com/siderolabs/tools/commit/88ebb40dd348b6c9e4dc5551b616e4a1892b4e42) feat: add swtpm
* [`4c5d7fe`](https://github.com/siderolabs/tools/commit/4c5d7feb88dcbae2f7bf45f51f9e5e1ba339abac) chore: use same source epoch everywhere
* [`2e46e5b`](https://github.com/siderolabs/tools/commit/2e46e5be764f8180a0762a5ab080ccff04534a8a) feat: add reproducibility pipelines
* [`c6a41b6`](https://github.com/siderolabs/tools/commit/c6a41b6c5108d676f8573d3dd47ee29ae46e5cc0) fix: add sd-stub assertion patch
* [`d2dde48`](https://github.com/siderolabs/tools/commit/d2dde48f72343aa3c541336f5319b8e649e80c87) chore: bump deps
* [`8e45ad7`](https://github.com/siderolabs/tools/commit/8e45ad75ea78e353ca3eae21b18da9a42d1edf49) feat: add sbsign
* [`271c4a6`](https://github.com/siderolabs/tools/commit/271c4a66b6987d9de2c0d1d69891b5ff277ebd43) feat: add sd-tools
* [`eedc294`](https://github.com/siderolabs/tools/commit/eedc294967d415cca40d4c427d3521cd198661d7) chore: bump deps
* [`81b09a5`](https://github.com/siderolabs/tools/commit/81b09a5ab204f16306c980eeff518a0d1a37ddf2) feat: add libcap and gnuefi
* [`47b0fd3`](https://github.com/siderolabs/tools/commit/47b0fd3e364d4fbcfffe10965f740db7acd82f70) chore: bump go to 1.20.4
* [`ff4cf2b`](https://github.com/siderolabs/tools/commit/ff4cf2beabab310365ad9887abb6234570f5092a) chore: bump deps
* [`1563556`](https://github.com/siderolabs/tools/commit/1563556b8f8fdf20d8aa58ac5340104c7ffe732e) feat: update Go to 1.20.3
</p>
</details>

### Dependency Changes

* **github.com/BurntSushi/toml**                     v1.2.1 -> v1.3.2
* **github.com/aws/aws-sdk-go**                      v1.44.232 -> v1.44.304
* **github.com/beevik/ntp**                          v0.3.0 -> v1.2.0
* **github.com/benbjohnson/clock**                   v1.1.0 -> v1.3.5
* **github.com/cenkalti/backoff/v4**                 v4.2.0 -> v4.2.1
* **github.com/containerd/containerd**               v1.6.19 -> v1.6.21
* **github.com/containerd/typeurl/v2**               v2.1.1 **_new_**
* **github.com/containernetworking/plugins**         v1.2.0 -> v1.3.0
* **github.com/cosi-project/runtime**                v0.3.0 -> v0.3.1-alpha.8
* **github.com/docker/distribution**                 v2.8.1 -> v2.8.2
* **github.com/docker/docker**                       v23.0.2 -> v24.0.4
* **github.com/ecks/uefi**                           caef65d070eb **_new_**
* **github.com/emicklei/dot**                        v1.4.2 -> v1.5.0
* **github.com/foxboron/go-uefi**                    32187aa193d0 **_new_**
* **github.com/google/go-tpm**                       v0.9.0 **_new_**
* **github.com/hashicorp/go-envparse**               v0.1.0 **_new_**
* **github.com/hetznercloud/hcloud-go**              v1.41.0 -> v1.48.0
* **github.com/insomniacslk/dhcp**                   74ae03f2425e -> 5648422c16cd
* **github.com/jsimonetti/rtnetlink**                v1.3.1 -> v1.3.4
* **github.com/mattn/go-isatty**                     v0.0.18 -> v0.0.19
* **github.com/mdlayher/ethtool**                    ba3b4bc2e02c -> v0.1.0
* **github.com/mdlayher/genetlink**                  v1.3.1 -> v1.3.2
* **github.com/mdlayher/netlink**                    v1.7.1 -> v1.7.2
* **github.com/mdlayher/netx**                       c711c2f8512f -> 7e21880baee8
* **github.com/nberlee/go-netstat**                  v0.1.1 -> v0.1.2
* **github.com/opencontainers/go-digest**            v1.0.0 **_new_**
* **github.com/opencontainers/image-spec**           v1.1.0-rc2 -> v1.1.0-rc4
* **github.com/packethost/packngo**                  v0.29.0 -> v0.30.0
* **github.com/prometheus/procfs**                   v0.9.0 -> v0.11.0
* **github.com/rivo/tview**                          281d14d896d7 -> 6cc0565babaf
* **github.com/rs/xid**                              v1.4.0 -> v1.5.0
* **github.com/scaleway/scaleway-sdk-go**            v1.0.0-beta.15 -> v1.0.0-beta.19
* **github.com/siderolabs/crypto**                   v0.4.0 -> v0.4.1
* **github.com/siderolabs/discovery-api**            v0.1.2 -> v0.1.3
* **github.com/siderolabs/discovery-client**         v0.1.4 -> v0.1.5
* **github.com/siderolabs/extras**                   v1.4.0-1-g9b07505 -> v1.5.0-alpha.0-2-gf415aac
* **github.com/siderolabs/gen**                      v0.4.3 -> v0.4.5
* **github.com/siderolabs/go-blockdevice**           v0.4.4 -> v0.4.6
* **github.com/siderolabs/go-debug**                 v0.2.2 -> v0.2.3
* **github.com/siderolabs/go-kubernetes**            v0.2.0 -> v0.2.2
* **github.com/siderolabs/go-loadbalancer**          v0.2.1 -> v0.3.2
* **github.com/siderolabs/kms-client**               v0.1.0 **_new_**
* **github.com/siderolabs/pkgs**                     v1.4.1-5-ga333a84 -> v1.5.0-alpha.0-40-gfedfafa
* **github.com/siderolabs/talos/pkg/machinery**      v1.4.0 -> v1.5.0-alpha.2
* **github.com/siderolabs/tools**                    v1.4.0-1-g955aabc -> v1.5.0-alpha.0-19-gdc7dd9e
* **github.com/spf13/cobra**                         v1.6.1 -> v1.7.0
* **github.com/stretchr/testify**                    v1.8.2 -> v1.8.4
* **github.com/vmware-tanzu/sonobuoy**               v0.56.16 -> v0.56.17
* **github.com/vmware/govmomi**                      v0.30.4 -> v0.30.6
* **go.etcd.io/etcd/api/v3**                         v3.5.8 -> v3.5.9
* **go.etcd.io/etcd/client/pkg/v3**                  v3.5.8 -> v3.5.9
* **go.etcd.io/etcd/client/v3**                      v3.5.8 -> v3.5.9
* **go.etcd.io/etcd/etcdutl/v3**                     v3.5.8 -> v3.5.9
* **golang.org/x/net**                               v0.8.0 -> v0.12.0
* **golang.org/x/sync**                              v0.1.0 -> v0.3.0
* **golang.org/x/sys**                               v0.6.0 -> v0.10.0
* **golang.org/x/term**                              v0.6.0 -> v0.10.0
* **golang.org/x/text**                              v0.11.0 **_new_**
* **golang.zx2c4.com/wireguard/wgctrl**              9c5414ab4bde -> 925a1e7659e6
* **google.golang.org/grpc**                         v1.54.0 -> v1.56.2
* **google.golang.org/protobuf**                     v1.30.0 -> v1.31.0
* **k8s.io/api**                                     v0.27.1 -> v0.28.0-alpha.4
* **k8s.io/apimachinery**                            v0.27.1 -> v0.28.0-alpha.4
* **k8s.io/apiserver**                               v0.27.1 -> v0.28.0-alpha.4
* **k8s.io/client-go**                               v0.27.1 -> v0.28.0-alpha.4
* **k8s.io/component-base**                          v0.27.1 -> v0.28.0-alpha.4
* **k8s.io/cri-api**                                 v0.27.1 -> v0.28.0-alpha.4
* **k8s.io/klog/v2**                                 v2.90.1 -> v2.100.1
* **k8s.io/kubectl**                                 v0.27.1 -> v0.28.0-alpha.4
* **k8s.io/kubelet**                                 v0.27.1 -> v0.28.0-alpha.4
* **kernel.org/pub/linux/libs/security/libcap/cap**  v1.2.68 -> v1.2.69

Previous release can be found at [v1.4.0](https://github.com/siderolabs/talos/releases/tag/v1.4.0)

## [Talos 1.5.0-alpha.2](https://github.com/siderolabs/talos/releases/tag/v1.5.0-alpha.2) (2023-07-20)

Welcome to the v1.5.0-alpha.2 release of Talos!  
*This is a pre-release of Talos*



Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

### Extension Services

Talos now supports setting `environmentFile` for an extension service container spec. Refer: https://www.talos.dev/v1.5/advanced/extension-services/#container
The extension waits for the file to be present before starting the service.


### Predictable Network Interface Names

Starting with version Talos 1.5, network interfaces are renamed to [predictable names](https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/)
same way as `systemd` does that in other Linux distributions.

The naming schema `enx78e7d1ea46da` (based on MAC addresses) is enabled by default, the order of interface naming decisions is:

* firmware/BIOS provided index numbers for on-board devices (example: `eno1`)
* firmware/BIOS provided PCI Express hotplug slot index numbers (example: `ens1`)
* physical/geographical location of the connector of the hardware (example: `enp2s0`)
* interfaces's MAC address (example: `enx78e7d1ea46da`)

The predictable network interface names features can be disabled by specifying `net.ifnames=0` in the kernel command line.
Talos automatically adds the `net.ifnames=0` kernel argument when upgrading from Talos versions before 1.5.

This change doesn't affect "cloud" platforms, like AWS, as Talos automatically adds `net.ifnames=0` to the kernel command line.


### Network KMS Disk Encryption

Talos now supports new type of encryption keys which are sealed/unsealed with an external KMS server:

systemDiskEncryption: ephemeral: keys: - kms: endpoint: https://1.2.3.4:443 slot: 0

gRPC API definitions and a simple reference implementation of the KMS server can be found in this
[repository](https://github.com/siderolabs/kms-client/blob/main/cmd/kms-server/main.go).


### KubePrism - Kubernetes API Server In-Cluster Load Balancer

Talos now supports configuring the KubePrism - Kubernetes API Server in-cluster load balancer with machine config
`features.kubePrism.port` and `features.kubePrism.enabled` fields.

If enabled, KubePrism binds to `localhost` and runs on the same port on every machine in the cluster.
The default value for KubePrism endpoint is https://localhost:7445.

The KubePrism is used by the `kubelet`, `kube-scheduler`, `kube-controller-manager`
and `kube-proxy` by default and can be passed to the CNIs like Cilium and Calico.

The KubePrism provides access to the Kubernetes API endpoint even if the external loadbalancer
is not healthy, provided that the worker nodes can reach to the controlplane machine addresses directly.


### Machine Config option `.machine.install.bootloader`

The `.machine.install.bootloader` option in the machine config is deprecated and will be removed in Talos 1.6.
This was a no-op for a long time. The bootloader is always installed.


### XFS Quota

Talos 1.5+ enables XFS project quota support by default, also enabling by default
kubelet feature gate `LocalStorageCapacityIsolationFSQuotaMonitoring` to use xfs quotas
to monitor volume usage instead of `du`.

This feature is controlled by the `.machine.features.diskQuotaSupport` field in the machine config,
it is set to true for new clusters.

When upgrading from a previous version, the feature can be enabled by setting the field to true.
On the first mount of a volume, the quota information will be recalculated, which may take some time.


### RDMA/RoCE support

Talos no longer loads by default `rdma_rxe` Linux driver, which is required for RoCE support.
If the driver is required, it can be enabled by specifying `rdma_rxe` in the `.machine.kernel.modules` field in the machine config.


### SecureBoot

Talos now supports generating a custom iso that can be used with SecureBoot. Key generation and enrolling has to be done manually.


### `talosctl image` Command

A new set of commands was introduced to manage container images in the CRI:

* `talosctl image list` shows list of available images
* `talosctl image pull` allows to pre-pull an image into the CRI

Both new commands accept `--namespace` flag with two possible values:

* `cri` (default): images managed by the CRI (Kubernetes workloads)
* `system`: images managed by Talos (`etcd` and `kubelet`)

`talosctl images` Command

The command talosctl images was renamed to talosctl image default.

The backward-compatible alias is kept in Talos 1.5, but it will be dropped in Talos 1.6.

TPM Disk Encryption

Talos now supports encrypting STATE/EPHEMERAL with keys bound to a TPM device. The TPM device must be TPM2.0 compatible. This is ideally supported when booting with new Talos SecureBoot UKI ISOs/Metal images. This feature would still work if SecureBoot is not enabled for UKI images, but not recommended since there is no way to verify the trust of the bootloader.

Example machine config:

systemDiskEncryption:
  ephemeral:
    keys:
      - slot: 0
        tpm: {}
  state:
    keys:
      - slot: 0
        tpm: {}

Component Updates

Linux: 6.1.39
containerd: 1.6.21
runc: 1.1.8
etcd: 3.5.9
Kubernetes: 1.28.0-alpha.4
Flannel: 0.22.0

Talos is built with Go 1.20.6.

`talosctl upgrade-k8s` Image Pre-pulling

The command talosctl upgrade-k8s now by default pre-pulls images for Kubernetes controlplane components and kubelet. This provides an early check for missing images, and minimizes downtime during Kubernetes rolling component update.

Contributors

Andrey Smirnov
Noel Georgi
Dmitriy Matrenichev
Utku Ozdemir
Artem Chernyshev
Steve Francis
Christian Rolland
Nanfei Chen
Nico Berlee
Spencer Smith
Alex Corcoles
Alex Corcoles
Alex Lubbock
Artem Chernyshev
Budiman Jojo
Chris Hoffman
DJAlPee
Dennis Marttinen
Eirik Askheim
Florian Klink
Henk Kraal
James Callahan
LukasAuerbeck
Markus Reiter
Michael A. Davis
Michael Fornaro
Niklas Wik
Piotr Maksymiuk
Ricky Sadowski
Roee Klinger
Serge Logvinov
Thomas Perronin
Tim Jones
Victor Bajada
Walt Chen
bdronneau

Changes

184 commits

60c304126 chore: bump dependencies
9ef4e5efc fix: log explicitly when kubelet has no nodeIP match
6b39c6a4d fix: enable compression and bump gRPC max msg size
2f2eca861 chore: basic support for shutdown/poweroff flags
b84277d7d docs: fix wrong capability name
59d7d9344 chore: use machined for shutdown, poweroff
2439bfb71 chore: explicitly add timestamps to machined logs
14966e718 fix: skip over tpm2 1.2 devices
6716e7bc0 docs: update cilium documentation about KubePrism usage
166d75fe8 fix: tpm2 encrypt/decrypt flow
130518de7 chore: change missing renames of KubePrism
5f34f5b41 chore: rename api load balancer to KubePrism
c8b7095c0 refactor: use tpm2 library to calculate policy hash
078aac92e chore: bump deps
53873b844 refactor: move ukify into Talos code
d5f6fb9ff chore: add vendor info
79365d9ba feat: tpm2 based disk encryption
06369e819 fix: retry CRI pod removal, fix upgrade flow in the tests
d32dd3a82 chore: update Go to 1.20.6
8017afb10 feat: implement CRI image management and pre-pull on K8s upgrade
1c2f19b36 feat: update Kubernetes to 1.28.0-alpha.4
94e9891c1 chore: bump sd-boot to v254-rc1
936111ce0 fix: properly set up tls for KMS endpoint
cb226eec4 fix: rewrite encryption system information flow
3206db528 feat: drop tpm simulator for ukify measure
bd4f89f63 fix: disable dashboard on Azure, GCP and Scaleway
bdb96189f refactor: make maintenance service controller-based
d23d04de2 feat: seed the kernel random pool from the TPM
c81ce8cfb feat: support controlplane resources configuration
74de562b2 fix: mount hugepages with nosuid + nodev
ce63abb21 feat: add KMS assisted encryption key handler
dafbe9deb chore: optimize dockerfile instructions
a4289e870 chore: fix CLI docs generation stability
2fec8388f chore: bump dependencies
c1b4262dd docs: split simple and more complex getting started guides
c9a9f9561 refactor: extract secure boot certificate generation
6be5a13d5 feat: implement machine config documents for event and log streaming
e241be85b fix: properly handle YAML comment stripping for multi-doc
c02ada7d9 fix: capabilities including ALL should be uppercase
cbdf96d46 feat: support environment file for extensions
35d6adcb9 fix: provide stashed META values before installation
258f07449 fix: ukify cert generation
bf3febb7e fix: refine OVMF search paths
fbebc17f8 fix: disable LVM backups/archive
e5306ef26 chore: format and cleanup test scripts
bc371ecfd chore: add /sbin/shutdown
0d313b973 feat: add reboot-mode flag to talosctl upgrade
7ce87f20c fix: compare only basename of os.Args[0] in machined
53389b1e7 feat: auto-enroll secure boot keys
d77f0bc7b docs: fix broken link to powershell module
e1b150a11 release(v1.5.0-alpha.1): prepare release
8daf432b2 chore: bump deps
e3f3f5794 feat: implement revert for sd-boot
d8b0903d7 docs: vagrant setup document fix
fe0f46980 feat: implement secure boot from disk
445f5ad54 feat: support API server load balancer
19bc223de refactor: bootloader interface, labels
665702ddd chore: fix cilium e2e tests
71a548d18 chore: generic boootloader implementation
e9dbc9311 test: bump versions for upgrade tests
0a99965ef refactor: replace uncordonNode with controllers
e858bca3a test: fix cilium integration tests
455328d05 fix: allow time skew for generated kubeconfig
3ae05648a fix: usage of custom kernels
0797b0d16 chore: add a pipeline to test cloud-images step without a release
e5a36268b docs: include allowSchedulingOnControlPlanes on talosctl gen config output
c74d93728 chore: bump github.com/cosi-project/runtime
dbaf5c699 refactor: task labelControlPlane into controllers
1865a0c29 chore: modify some usages that are not recommended
3816318b9 chore: wrap config.Provider in atomic wrapper
d04cf1978 chore: clean up unnecessary self assignment
a34a94898 fix: copy missing modules.* files
f5e3272fc refactor: task 'updateBootLoader' as controller
e7be6ee7c refactor: make event log streaming fully reactive
aef2192a6 chore: use fixed module list
c719aa231 fix: allow http:// for discovery service URL
39134d8d5 chore: fix cron pipeline
a61dcdbbd fix: don't load RDMA over Ethernet driver by default
aac441f61 chore: update Go to 1.20.5, bump dependencies
1c0c7933d chore: cleanup partition code
31b988281 docs: add some words about certifcates
e912c0dfc chore: use go-blockdevice for zeroing partitions
e6dde8ffc feat: add network chaos to qemu development environment
47986cb79 chore: unify kexec phase
3a865370f feat: qemu secureboot
5dab45e86 refactor: allow kmsg log streaming to be reconfigured on the fly
8a02ecd4c chore: add endpoints balancer controller
423a31ac9 chore: deprectae bootloader installer option
cdfece7d6 chore: optimize image compression
bfc341937 chore: add default console args
2749aeeda feat: add support for multi-doc strategic merge patching
3f68485e4 feat: add uki iso generation
bab484a40 feat: use stable network interface names
196dfb99b fix: do not probe kernel args in dashboard if not needed
8c071b579 fix: skip DHCP RENEW if server IP in the lease is all zeroes
badbc51e6 refactor: rewrite code to include preliminary support for multi-doc
ecce29dee fix: upgrade-k8s use internal IP first, external IP fallback
3c64a5ffb chore: optimize image generation time
2292f36d9 chore: registry.k8s.io for coredns image
f2b258b37 docs: document talosctl version for upgrades
a0773f783 chore: add ukify Go script
b69e38d1f chore: bump dependencies
adce65103 docs: add piraeus/drbd to storage documentation
a982cabe7 docs: link support matrix in k8s update doc
1fb29a56a fix: fail quickly if upgrade-k8s is used with multiple nodes
51d931c47 chore: faster dev cycle
dc6764871 refactor: move around config interfaces, make RawV1Alpha1 typed
ea9a97dba fix: fall back to external IP when discovering nodes in upgrade-k8s
0bb7e8a5c refactor: split config.Provider into Config & Container
85d8a1619 chore: bump deps
39b7a56f0 chore: use 8GiB instead of 10GiB for cloud images
ff11fd39c fix: race with udevd and mountUserDisks
c3fabb982 chore: update default image sizes to 10GB for all "cloud" images
10155c390 feat: enable xfs project quota support, kubelet feature
eba818564 release(v1.5.0-alpha.0): prepare release
383471c3e feat: update default Kubernetes to v1.27.2
8f68d1abe chore: bump deps
e0c1585d3 feat: create azure community gallery image version on release
dd8336c9e fix: refresh kubelet self-issued serving certificates
bb02dd263 chore: drop deprecated stuff for Talos 1.5
61cad8673 chore: bump deps
01dfd3af7 feat: update etcd to v3.5.9
aa65fbb8a chore: update KUBECTL_URL to reflect the community bucket
cc3128d94 chore: bump kernel to 6.1.28
97fffaf78 chore: use ctest.UpdateWithConflicts instead of plain UpdateWithConflicts
3b36993b9 fix: rlimit nofile test
45e6e27af chore: bump runtime
4f720d465 fix: revert: set rlimit explicitly in wrapperd
a2565f674 fix: set rlimit explicitly in wrapperd
cdfc242b8 chore: re-enable Go buildid
e67f3f5c5 feat: linux 6.1.27, containerd 1.6.21, go 1.20.4
55ae59a0a fix: properly skip/cleanup controlplane configs for workers
64eade9bd chore: clean up unused constant
62c6e9655 feat: introduce siderolink config resource & reconnect
860002c73 fix: don't reload control plane pods on cert SANs changes
d43c61e80 fix: enforce nolock option for all NFS mounts by default
339986db9 fix: inhibit timer to follow kubelet timer
cbf6dc100 fix: set timeout for unmount calls
b58f913d5 fix: set the static pod priority as values
f8a7a5b6b docs: add information about KubeSpan ports and topology
2bad74d64 docs: add how to on scaling down
7442ff8b0 chore: fix typos inteface -> interface (docs and tests)
d4e94f7a1 fix: add back required TARGETARCH for installer
e6fffda01 chore: linux 6.1.26, runc 1.1.7
344746ae2 fix: bump max inhibit delay to 20 min
d9bdea2b5 chore: fork docs and compatibility modules for Talos 1.5
3d99610fc docs: document building, verifying image and process caps
014008ea2 fix: udevd rules trigger
9b36bb613 feat: update Linux to 6.1.25, fix virtio on arm64
08ec66c55 feat: clean up (garbage collect) system images which are not referenced
b097efcde fix: display correct number of machines on dashboard
cad43f0ad chore: remove k8s master label
e296a566e fix: support kernel userspace module loading
103f0ffdd feat: add startup probes to controller-manager and scheduler
5a1ae8aae chore: bump dependences
ec8c8dbaf chore: fix container image reproducibility
f661d8487 fix: allow talosctl cp to handle special files in /proc
2d824b563 fix: do not show control plane status for workers on dashboard
e5491ddad docs: update documentation for nocloud
7a004a6f7 fix: parse errors correctly
374ef5385 test: submit verbose flag to e2e tests
e1d38b6fe feat: show template URL in dashboard config URL tab
45d7f0ce9 docs: fix the latest url
96efbf147 docs: activate 1.4.0 docs by default
8c1f515b1 feat: update Linux to 6.1.24
8689bef5f docs: update documentation for Talos 1.4
a781dfb8e feat: update Kubernetes to 1.27.1
a737dd83a chore: typo in compatibility.ParseKubernetesVersion
f14928b0a fix: fix dashboard crash when a non-existent node is specified
3e406d9b0 feat: update etcd to v3.5.8
bd1cff3e8 chore: remove Go buildid
e31f7f50b feat: update Kubernetes to 1.27.0
aa3640d74 docs: update storage.md
07bb61e60 chore: module-sig-verify cleanup
5e9d836c3 chore: add kernel module signtaure verification
3cd1c6bb0 fix: send 'STOP' event on phase end
5176d27dc feat: update Kubernetes to 1.27.0-rc.1
2c55550a6 fix: quote ISO kernel args for GRUB
319d76e38 fix: respect BROWSER=echo in client auth interceptor
4e4ace839 chore: update Go to 1.20.3
170f73899 fix: correctly parse static pod phase
c3a595d5b fix: improve action tracking post checks
eb01edbc8 fix: rework DHCP flow
e095150a6 test: bump CAPI components versions

Changes since v1.5.0-alpha.1

50 commits

60c304126 chore: bump dependencies
9ef4e5efc fix: log explicitly when kubelet has no nodeIP match
6b39c6a4d fix: enable compression and bump gRPC max msg size
2f2eca861 chore: basic support for shutdown/poweroff flags
b84277d7d docs: fix wrong capability name
59d7d9344 chore: use machined for shutdown, poweroff
2439bfb71 chore: explicitly add timestamps to machined logs
14966e718 fix: skip over tpm2 1.2 devices
6716e7bc0 docs: update cilium documentation about KubePrism usage
166d75fe8 fix: tpm2 encrypt/decrypt flow
130518de7 chore: change missing renames of KubePrism
5f34f5b41 chore: rename api load balancer to KubePrism
c8b7095c0 refactor: use tpm2 library to calculate policy hash
078aac92e chore: bump deps
53873b844 refactor: move ukify into Talos code
d5f6fb9ff chore: add vendor info
79365d9ba feat: tpm2 based disk encryption
06369e819 fix: retry CRI pod removal, fix upgrade flow in the tests
d32dd3a82 chore: update Go to 1.20.6
8017afb10 feat: implement CRI image management and pre-pull on K8s upgrade
1c2f19b36 feat: update Kubernetes to 1.28.0-alpha.4
94e9891c1 chore: bump sd-boot to v254-rc1
936111ce0 fix: properly set up tls for KMS endpoint
cb226eec4 fix: rewrite encryption system information flow
3206db528 feat: drop tpm simulator for ukify measure
bd4f89f63 fix: disable dashboard on Azure, GCP and Scaleway
bdb96189f refactor: make maintenance service controller-based
d23d04de2 feat: seed the kernel random pool from the TPM
c81ce8cfb feat: support controlplane resources configuration
74de562b2 fix: mount hugepages with nosuid + nodev
ce63abb21 feat: add KMS assisted encryption key handler
dafbe9deb chore: optimize dockerfile instructions
a4289e870 chore: fix CLI docs generation stability
2fec8388f chore: bump dependencies
c1b4262dd docs: split simple and more complex getting started guides
c9a9f9561 refactor: extract secure boot certificate generation
6be5a13d5 feat: implement machine config documents for event and log streaming
e241be85b fix: properly handle YAML comment stripping for multi-doc
c02ada7d9 fix: capabilities including ALL should be uppercase
cbdf96d46 feat: support environment file for extensions
35d6adcb9 fix: provide stashed META values before installation
258f07449 fix: ukify cert generation
bf3febb7e fix: refine OVMF search paths
fbebc17f8 fix: disable LVM backups/archive
e5306ef26 chore: format and cleanup test scripts
bc371ecfd chore: add /sbin/shutdown
0d313b973 feat: add reboot-mode flag to talosctl upgrade
7ce87f20c fix: compare only basename of os.Args[0] in machined
53389b1e7 feat: auto-enroll secure boot keys
d77f0bc7b docs: fix broken link to powershell module

Changes from siderolabs/crypto

2 commits

8f77da3 feat: add a method to load PEM key from file
c03ff58 feat: add a way to represent redacted x509 private keys

Changes from siderolabs/discovery-api

1 commit

5e3db3c chore: app optional ControlPlane data

Changes from siderolabs/discovery-client

1 commit

9ba5f03 chore: app optional ControlPlane data

Changes from siderolabs/extras

3 commits

f415aac feat: update Go to 1.20.6
a73d524 feat: update Go to 1.20.5
36c8ac4 chore: update to Go 1.20.3

Changes from siderolabs/gen

3 commits

f9f5805 chore: bump rekres and add functions from exp
b968d21 feat: add TryRecv and RecvWithContext functions
476dfea feat: add foreach and clear to lazymap

Changes from siderolabs/go-blockdevice

4 commits

fbb01f7 fix: properly detect token not found error
3e08968 fix: do not attach token to a key slot
f2c419e feat: support LUKS token management
076874a chore: resolve blockdevice symlinks

Changes from siderolabs/go-debug

1 commit

43d9100 chore: allow enabling pprof manually

Changes from siderolabs/go-kubernetes

2 commits

69fea5b feat: support upgrades to Kubernetes 1.28
5a3df5b fix: remove removed APIs for 1.27 upgrade

Changes from siderolabs/go-loadbalancer

6 commits

574126c chore: add 0.1ms tier and fix tiers
5301800 chore: fix logging and tests
b23a173 chore: replace std log with zap
1a2f374 feat: add multi-tier scoring based for generic List
56a27da chore: move to siderolabs/tcpproxy of inet.af/tcpproxy
f3a0e24 fix: use SO_LINGER option when doing TCP healthchecks

Changes from siderolabs/kms-client

3 commits

50064b6 fix: pass context to the key handler in the server wrapper
83e0a2e feat: define API and add reference implementation for KMS server
8c37ee8 Initial commit

Changes from siderolabs/pkgs

38 commits

d0eaedc feat: enable DM_RAID kernel config
d5e0fad feat: update dependencies
c644633 feat: enable multi-gen lru by default
75696ba feat: update Go to 1.20.6
205cab6 chore: feat use new sd-boot
fb817fe fix: enable USB attached SCSI driver on x86 systems
43451e6 chore: bump dependencies
eca94f8 feat: enable sriov
5a8e8e5 feat: enable VMWARE/HYPERV vsockets
edd725a chore: bump deps
c0ac69b feat: enable CONFIG_NVME_{MULTIPATH|AUTH}
f7cd916 fix: bump drbd to 9.2.4
a56d15a fix: copy missing modules.* files
1eefa66 feat: build isb modem drivers as module
a859f4f fix: build RDMA_RXE as a module
5fb5e95 feat: bump dependencies
39a64b2 feat: update Linux to 6.1.31, add GENEVE for arm64
97177be feat: update Linux to 6.1.30
b1f9d4e chore: prevent unsigned kexec with secureboot
9232a42 feat: add reproducibility pipelines
702d7a7 chore: bump deps
7958db1 chore: copy over sd-boot and sd-stub from tools
813b3c3 chore: revert xfsprogs
0cc78ab chore: bump kernel to 6.1.28
70189e3 chore: bump deps
c5d3bf1 feat: add sd-stub and sd-boot
30a7ac2 feat: update Linux 6.1.27, containerd 1.6.21
fbc6ee5 chore: bump deps
82b9489 chore: bump dependencies
f37e520 feat: update Linux to 6.1.25
3920b16 feat: add multi-gen LRU kernel support
988f1ec feat: update Linux to 6.1.24
5327d12 fix: remove FB_NVIDIA drivers, Linux 6.1.23
4eae958 chore: copy over the kernel signing public key
174f8fc chore: update Go to 1.20.3
41629b0 chore: reorder pkgs for better kernel caching
b483a6b feat: build 'snp.efi' for iPXE
fb853ff feat: update containerd to 1.6.20

Changes from siderolabs/tools

20 commits

dc7dd9e chore: remove libseccomp
e27c249 feat: update Go to 1.20.6
9b6d512 feat: use systemd 254-rc1
cd3b692 chore: bump deps
c1027a6 chore: remove sbsign
e0c76c0 chore: bump dependencies
7d0cd58 feat: update Go to 1.20.5
150efc2 chore: remove non needed tools
88ebb40 feat: add swtpm
4c5d7fe chore: use same source epoch everywhere
2e46e5b feat: add reproducibility pipelines
c6a41b6 fix: add sd-stub assertion patch
d2dde48 chore: bump deps
8e45ad7 feat: add sbsign
271c4a6 feat: add sd-tools
eedc294 chore: bump deps
81b09a5 feat: add libcap and gnuefi
47b0fd3 chore: bump go to 1.20.4
ff4cf2b chore: bump deps
1563556 feat: update Go to 1.20.3

Dependency Changes

github.com/BurntSushi/toml v1.2.1 -> v1.3.2
github.com/aws/aws-sdk-go v1.44.232 -> v1.44.304
github.com/beevik/ntp v0.3.0 -> v1.2.0
github.com/benbjohnson/clock v1.1.0 -> v1.3.5
github.com/cenkalti/backoff/v4 v4.2.0 -> v4.2.1
github.com/containerd/containerd v1.6.19 -> v1.6.21
github.com/containerd/typeurl/v2 v2.1.1 new
github.com/containernetworking/plugins v1.2.0 -> v1.3.0
github.com/cosi-project/runtime v0.3.0 -> v0.3.1-alpha.8
github.com/docker/distribution v2.8.1 -> v2.8.2
github.com/docker/docker v23.0.2 -> v24.0.4
github.com/ecks/uefi caef65d070eb new
github.com/emicklei/dot v1.4.2 -> v1.5.0
github.com/foxboron/go-uefi 32187aa193d0 new
github.com/google/go-tpm v0.9.0 new
github.com/hashicorp/go-envparse v0.1.0 new
github.com/hetznercloud/hcloud-go v1.41.0 -> v1.48.0
github.com/insomniacslk/dhcp 74ae03f2425e -> 5648422c16cd
github.com/jsimonetti/rtnetlink v1.3.1 -> v1.3.4
github.com/mattn/go-isatty v0.0.18 -> v0.0.19
github.com/mdlayher/ethtool ba3b4bc2e02c -> v0.1.0
github.com/mdlayher/genetlink v1.3.1 -> v1.3.2
github.com/mdlayher/netlink v1.7.1 -> v1.7.2
github.com/mdlayher/netx c711c2f8512f -> 7e21880baee8
github.com/nberlee/go-netstat v0.1.1 -> v0.1.2
github.com/opencontainers/go-digest v1.0.0 new
github.com/opencontainers/image-spec v1.1.0-rc2 -> v1.1.0-rc4
github.com/packethost/packngo v0.29.0 -> v0.30.0
github.com/prometheus/procfs v0.9.0 -> v0.11.0
github.com/rivo/tview 281d14d896d7 -> 6cc0565babaf
github.com/rs/xid v1.4.0 -> v1.5.0
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.15 -> v1.0.0-beta.19
github.com/siderolabs/crypto v0.4.0 -> v0.4.1
github.com/siderolabs/discovery-api v0.1.2 -> v0.1.3
github.com/siderolabs/discovery-client v0.1.4 -> v0.1.5
github.com/siderolabs/extras v1.4.0-1-g9b07505 -> v1.5.0-alpha.0-2-gf415aac
github.com/siderolabs/gen v0.4.3 -> v0.4.5
github.com/siderolabs/go-blockdevice v0.4.4 -> v0.4.6
github.com/siderolabs/go-debug v0.2.2 -> v0.2.3
github.com/siderolabs/go-kubernetes v0.2.0 -> v0.2.2
github.com/siderolabs/go-loadbalancer v0.2.1 -> v0.3.2
github.com/siderolabs/kms-client v0.1.0 new
github.com/siderolabs/pkgs v1.4.1-5-ga333a84 -> v1.5.0-alpha.0-37-gd0eaedc
github.com/siderolabs/talos/pkg/machinery v1.4.0 -> v1.5.0-alpha.1
github.com/siderolabs/tools v1.4.0-1-g955aabc -> v1.5.0-alpha.0-19-gdc7dd9e
github.com/spf13/cobra v1.6.1 -> v1.7.0
github.com/stretchr/testify v1.8.2 -> v1.8.4
github.com/vmware-tanzu/sonobuoy v0.56.16 -> v0.56.17
github.com/vmware/govmomi v0.30.4 -> v0.30.6
go.etcd.io/etcd/api/v3 v3.5.8 -> v3.5.9
go.etcd.io/etcd/client/pkg/v3 v3.5.8 -> v3.5.9
go.etcd.io/etcd/client/v3 v3.5.8 -> v3.5.9
go.etcd.io/etcd/etcdutl/v3 v3.5.8 -> v3.5.9
golang.org/x/net v0.8.0 -> v0.12.0
golang.org/x/sync v0.1.0 -> v0.3.0
golang.org/x/sys v0.6.0 -> v0.10.0
golang.org/x/term v0.6.0 -> v0.10.0
golang.org/x/text v0.11.0 new
golang.zx2c4.com/wireguard/wgctrl 9c5414ab4bde -> 925a1e7659e6
google.golang.org/grpc v1.54.0 -> v1.56.2
google.golang.org/protobuf v1.30.0 -> v1.31.0
k8s.io/api v0.27.1 -> v0.28.0-alpha.4
k8s.io/apimachinery v0.27.1 -> v0.28.0-alpha.4
k8s.io/apiserver v0.27.1 -> v0.28.0-alpha.4
k8s.io/client-go v0.27.1 -> v0.28.0-alpha.4
k8s.io/component-base v0.27.1 -> v0.28.0-alpha.4
k8s.io/cri-api v0.27.1 -> v0.28.0-alpha.4
k8s.io/klog/v2 v2.90.1 -> v2.100.1
k8s.io/kubectl v0.27.1 -> v0.28.0-alpha.4
k8s.io/kubelet v0.27.1 -> v0.28.0-alpha.4
kernel.org/pub/linux/libs/security/libcap/cap v1.2.68 -> v1.2.69

Previous release can be found at v1.4.0

Talos 1.5.0-alpha.1 (2023-06-22)

Welcome to the v1.5.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

Kubernetes API Server In-Cluster Load Balancer

Talos now supports configuring the Kubernetes API Server in-cluster load balancer with machine config features.apiServerBalancerSupport.port and features.apiServerBalancerSupport.enabled fields.

If enabled, the loadbalancer binds to localhost and runs on the same port on every machine in the cluster. The default value for loadbalancer endpoint is https://localhost:7445.

The in-cluster loadbalancer endpoint is used by the kubelet, kube-scheduler, kube-controller-manager and kube-proxy by default and can be passed to the CNIs like Cilium and Calico.

The in-cluster loadbalancer provides access to the Kubernetes API endpoint even if the external loadbalancer is not healthy, provided that the worker nodes can reach to the controlplane machine addresses directly.

Predictable Network Interface Names

Starting with version Talos 1.5, network interfaces are renamed to predictable names same way as systemd does that in other Linux distributions.

The naming schema enx78e7d1ea46da (based on MAC addresses) is enabled by default, the order of interface naming decisions is:

firmware/BIOS provided index numbers for on-board devices (example: eno1)
firmware/BIOS provided PCI Express hotplug slot index numbers (example: ens1)
physical/geographical location of the connector of the hardware (example: enp2s0)
interfaces's MAC address (example: enx78e7d1ea46da)

This change doesn't affect "cloud" platforms, like AWS, as Talos automatically adds net.ifnames=0 to the kernel command line.

Machine Config option `.machine.install.bootloader`

The .machine.install.bootloader option in the machine config is deprecated and will be removed in Talos 1.6. This was a no-op for a long time. The bootloader is always installed.

XFS Quota

This feature is controlled by the .machine.features.diskQuotaSupport field in the machine config, it is set to true for new clusters.

When upgrading from a previous version, the feature can be enabled by setting the field to true. On the first mount of a volume, the quota information will be recalculated, which may take some time.

RDMA/RoCE support

SecureBoot

Talos now supports generating a custom iso that can be used with SecureBoot. Key generation and enrolling has to be done manually.

Component Updates

Linux: 6.1.35
containerd: 1.6.21
runc: 1.1.7
etcd: 3.5.9
Kubernetes: 1.27.3
Flannel: 0.22.0

Talos is built with Go 1.20.5.

Contributors

Andrey Smirnov
Noel Georgi
Dmitriy Matrenichev
Utku Ozdemir
Christian Rolland
Nanfei Chen
Spencer Smith
Steve Francis
Alex Corcoles
Alex Corcoles
Alex Lubbock
Budiman Jojo
DJAlPee
Eirik Askheim
Henk Kraal
Michael A. Davis
Michael Fornaro
Nico Berlee
Niklas Wik
Piotr Maksymiuk
Ricky Sadowski
Roee Klinger
Thomas Perronin
Walt Chen
bdronneau

Changes

133 commits

8daf432b2 chore: bump deps
e3f3f5794 feat: implement revert for sd-boot
d8b0903d7 docs: vagrant setup document fix
fe0f46980 feat: implement secure boot from disk
445f5ad54 feat: support API server load balancer
19bc223de refactor: bootloader interface, labels
665702ddd chore: fix cilium e2e tests
71a548d18 chore: generic boootloader implementation
e9dbc9311 test: bump versions for upgrade tests
0a99965ef refactor: replace uncordonNode with controllers
e858bca3a test: fix cilium integration tests
455328d05 fix: allow time skew for generated kubeconfig
3ae05648a fix: usage of custom kernels
0797b0d16 chore: add a pipeline to test cloud-images step without a release
e5a36268b docs: include allowSchedulingOnControlPlanes on talosctl gen config output
c74d93728 chore: bump github.com/cosi-project/runtime
dbaf5c699 refactor: task labelControlPlane into controllers
1865a0c29 chore: modify some usages that are not recommended
3816318b9 chore: wrap config.Provider in atomic wrapper
d04cf1978 chore: clean up unnecessary self assignment
a34a94898 fix: copy missing modules.* files
f5e3272fc refactor: task 'updateBootLoader' as controller
e7be6ee7c refactor: make event log streaming fully reactive
aef2192a6 chore: use fixed module list
c719aa231 fix: allow http:// for discovery service URL
39134d8d5 chore: fix cron pipeline
a61dcdbbd fix: don't load RDMA over Ethernet driver by default
aac441f61 chore: update Go to 1.20.5, bump dependencies
1c0c7933d chore: cleanup partition code
31b988281 docs: add some words about certifcates
e912c0dfc chore: use go-blockdevice for zeroing partitions
e6dde8ffc feat: add network chaos to qemu development environment
47986cb79 chore: unify kexec phase
3a865370f feat: qemu secureboot
5dab45e86 refactor: allow kmsg log streaming to be reconfigured on the fly
8a02ecd4c chore: add endpoints balancer controller
423a31ac9 chore: deprectae bootloader installer option
cdfece7d6 chore: optimize image compression
bfc341937 chore: add default console args
2749aeeda feat: add support for multi-doc strategic merge patching
3f68485e4 feat: add uki iso generation
bab484a40 feat: use stable network interface names
196dfb99b fix: do not probe kernel args in dashboard if not needed
8c071b579 fix: skip DHCP RENEW if server IP in the lease is all zeroes
badbc51e6 refactor: rewrite code to include preliminary support for multi-doc
ecce29dee fix: upgrade-k8s use internal IP first, external IP fallback
3c64a5ffb chore: optimize image generation time
2292f36d9 chore: registry.k8s.io for coredns image
f2b258b37 docs: document talosctl version for upgrades
a0773f783 chore: add ukify Go script
b69e38d1f chore: bump dependencies
adce65103 docs: add piraeus/drbd to storage documentation
a982cabe7 docs: link support matrix in k8s update doc
1fb29a56a fix: fail quickly if upgrade-k8s is used with multiple nodes
51d931c47 chore: faster dev cycle
dc6764871 refactor: move around config interfaces, make RawV1Alpha1 typed
ea9a97dba fix: fall back to external IP when discovering nodes in upgrade-k8s
0bb7e8a5c refactor: split config.Provider into Config & Container
85d8a1619 chore: bump deps
39b7a56f0 chore: use 8GiB instead of 10GiB for cloud images
ff11fd39c fix: race with udevd and mountUserDisks
c3fabb982 chore: update default image sizes to 10GB for all "cloud" images
10155c390 feat: enable xfs project quota support, kubelet feature
eba818564 release(v1.5.0-alpha.0): prepare release
383471c3e feat: update default Kubernetes to v1.27.2
8f68d1abe chore: bump deps
e0c1585d3 feat: create azure community gallery image version on release
dd8336c9e fix: refresh kubelet self-issued serving certificates
bb02dd263 chore: drop deprecated stuff for Talos 1.5
61cad8673 chore: bump deps
01dfd3af7 feat: update etcd to v3.5.9
aa65fbb8a chore: update KUBECTL_URL to reflect the community bucket
cc3128d94 chore: bump kernel to 6.1.28
97fffaf78 chore: use ctest.UpdateWithConflicts instead of plain UpdateWithConflicts
3b36993b9 fix: rlimit nofile test
45e6e27af chore: bump runtime
4f720d465 fix: revert: set rlimit explicitly in wrapperd
a2565f674 fix: set rlimit explicitly in wrapperd
cdfc242b8 chore: re-enable Go buildid
e67f3f5c5 feat: linux 6.1.27, containerd 1.6.21, go 1.20.4
55ae59a0a fix: properly skip/cleanup controlplane configs for workers
64eade9bd chore: clean up unused constant
62c6e9655 feat: introduce siderolink config resource & reconnect
860002c73 fix: don't reload control plane pods on cert SANs changes
d43c61e80 fix: enforce nolock option for all NFS mounts by default
339986db9 fix: inhibit timer to follow kubelet timer
cbf6dc100 fix: set timeout for unmount calls
b58f913d5 fix: set the static pod priority as values
f8a7a5b6b docs: add information about KubeSpan ports and topology
2bad74d64 docs: add how to on scaling down
7442ff8b0 chore: fix typos inteface -> interface (docs and tests)
d4e94f7a1 fix: add back required TARGETARCH for installer
e6fffda01 chore: linux 6.1.26, runc 1.1.7
344746ae2 fix: bump max inhibit delay to 20 min
d9bdea2b5 chore: fork docs and compatibility modules for Talos 1.5
3d99610fc docs: document building, verifying image and process caps
014008ea2 fix: udevd rules trigger
9b36bb613 feat: update Linux to 6.1.25, fix virtio on arm64
08ec66c55 feat: clean up (garbage collect) system images which are not referenced
b097efcde fix: display correct number of machines on dashboard
cad43f0ad chore: remove k8s master label
e296a566e fix: support kernel userspace module loading
103f0ffdd feat: add startup probes to controller-manager and scheduler
5a1ae8aae chore: bump dependences
ec8c8dbaf chore: fix container image reproducibility
f661d8487 fix: allow talosctl cp to handle special files in /proc
2d824b563 fix: do not show control plane status for workers on dashboard
e5491ddad docs: update documentation for nocloud
7a004a6f7 fix: parse errors correctly
374ef5385 test: submit verbose flag to e2e tests
e1d38b6fe feat: show template URL in dashboard config URL tab
45d7f0ce9 docs: fix the latest url
96efbf147 docs: activate 1.4.0 docs by default
8c1f515b1 feat: update Linux to 6.1.24
8689bef5f docs: update documentation for Talos 1.4
a781dfb8e feat: update Kubernetes to 1.27.1
a737dd83a chore: typo in compatibility.ParseKubernetesVersion
f14928b0a fix: fix dashboard crash when a non-existent node is specified
3e406d9b0 feat: update etcd to v3.5.8
bd1cff3e8 chore: remove Go buildid
e31f7f50b feat: update Kubernetes to 1.27.0
aa3640d74 docs: update storage.md
07bb61e60 chore: module-sig-verify cleanup
5e9d836c3 chore: add kernel module signtaure verification
3cd1c6bb0 fix: send 'STOP' event on phase end
5176d27dc feat: update Kubernetes to 1.27.0-rc.1
2c55550a6 fix: quote ISO kernel args for GRUB
319d76e38 fix: respect BROWSER=echo in client auth interceptor
4e4ace839 chore: update Go to 1.20.3
170f73899 fix: correctly parse static pod phase
c3a595d5b fix: improve action tracking post checks
eb01edbc8 fix: rework DHCP flow
e095150a6 test: bump CAPI components versions

Changes since v1.5.0-alpha.0

63 commits

8daf432b2 chore: bump deps
e3f3f5794 feat: implement revert for sd-boot
d8b0903d7 docs: vagrant setup document fix
fe0f46980 feat: implement secure boot from disk
445f5ad54 feat: support API server load balancer
19bc223de refactor: bootloader interface, labels
665702ddd chore: fix cilium e2e tests
71a548d18 chore: generic boootloader implementation
e9dbc9311 test: bump versions for upgrade tests
0a99965ef refactor: replace uncordonNode with controllers
e858bca3a test: fix cilium integration tests
455328d05 fix: allow time skew for generated kubeconfig
3ae05648a fix: usage of custom kernels
0797b0d16 chore: add a pipeline to test cloud-images step without a release
e5a36268b docs: include allowSchedulingOnControlPlanes on talosctl gen config output
c74d93728 chore: bump github.com/cosi-project/runtime
dbaf5c699 refactor: task labelControlPlane into controllers
1865a0c29 chore: modify some usages that are not recommended
3816318b9 chore: wrap config.Provider in atomic wrapper
d04cf1978 chore: clean up unnecessary self assignment
a34a94898 fix: copy missing modules.* files
f5e3272fc refactor: task 'updateBootLoader' as controller
e7be6ee7c refactor: make event log streaming fully reactive
aef2192a6 chore: use fixed module list
c719aa231 fix: allow http:// for discovery service URL
39134d8d5 chore: fix cron pipeline
a61dcdbbd fix: don't load RDMA over Ethernet driver by default
aac441f61 chore: update Go to 1.20.5, bump dependencies
1c0c7933d chore: cleanup partition code
31b988281 docs: add some words about certifcates
e912c0dfc chore: use go-blockdevice for zeroing partitions
e6dde8ffc feat: add network chaos to qemu development environment
47986cb79 chore: unify kexec phase
3a865370f feat: qemu secureboot
5dab45e86 refactor: allow kmsg log streaming to be reconfigured on the fly
8a02ecd4c chore: add endpoints balancer controller
423a31ac9 chore: deprectae bootloader installer option
cdfece7d6 chore: optimize image compression
bfc341937 chore: add default console args
2749aeeda feat: add support for multi-doc strategic merge patching
3f68485e4 feat: add uki iso generation
bab484a40 feat: use stable network interface names
196dfb99b fix: do not probe kernel args in dashboard if not needed
8c071b579 fix: skip DHCP RENEW if server IP in the lease is all zeroes
badbc51e6 refactor: rewrite code to include preliminary support for multi-doc
ecce29dee fix: upgrade-k8s use internal IP first, external IP fallback
3c64a5ffb chore: optimize image generation time
2292f36d9 chore: registry.k8s.io for coredns image
f2b258b37 docs: document talosctl version for upgrades
a0773f783 chore: add ukify Go script
b69e38d1f chore: bump dependencies
adce65103 docs: add piraeus/drbd to storage documentation
a982cabe7 docs: link support matrix in k8s update doc
1fb29a56a fix: fail quickly if upgrade-k8s is used with multiple nodes
51d931c47 chore: faster dev cycle
dc6764871 refactor: move around config interfaces, make RawV1Alpha1 typed
ea9a97dba fix: fall back to external IP when discovering nodes in upgrade-k8s
0bb7e8a5c refactor: split config.Provider into Config & Container
85d8a1619 chore: bump deps
39b7a56f0 chore: use 8GiB instead of 10GiB for cloud images
ff11fd39c fix: race with udevd and mountUserDisks
c3fabb982 chore: update default image sizes to 10GB for all "cloud" images
10155c390 feat: enable xfs project quota support, kubelet feature

Changes from siderolabs/discovery-api

1 commit

5e3db3c chore: app optional ControlPlane data

Changes from siderolabs/discovery-client

1 commit

9ba5f03 chore: app optional ControlPlane data

Changes from siderolabs/extras

2 commits

a73d524 feat: update Go to 1.20.5
36c8ac4 chore: update to Go 1.20.3

Changes from siderolabs/gen

3 commits

f9f5805 chore: bump rekres and add functions from exp
b968d21 feat: add TryRecv and RecvWithContext functions
476dfea feat: add foreach and clear to lazymap

Changes from siderolabs/go-blockdevice

1 commit

076874a chore: resolve blockdevice symlinks

Changes from siderolabs/go-kubernetes

1 commit

5a3df5b fix: remove removed APIs for 1.27 upgrade

Changes from siderolabs/go-loadbalancer

5 commits

5301800 chore: fix logging and tests
b23a173 chore: replace std log with zap
1a2f374 feat: add multi-tier scoring based for generic List
56a27da chore: move to siderolabs/tcpproxy of inet.af/tcpproxy
f3a0e24 fix: use SO_LINGER option when doing TCP healthchecks

Changes from siderolabs/pkgs

29 commits

edd725a chore: bump deps
c0ac69b feat: enable CONFIG_NVME_{MULTIPATH|AUTH}
f7cd916 fix: bump drbd to 9.2.4
a56d15a fix: copy missing modules.* files
1eefa66 feat: build isb modem drivers as module
a859f4f fix: build RDMA_RXE as a module
5fb5e95 feat: bump dependencies
39a64b2 feat: update Linux to 6.1.31, add GENEVE for arm64
97177be feat: update Linux to 6.1.30
b1f9d4e chore: prevent unsigned kexec with secureboot
9232a42 feat: add reproducibility pipelines
702d7a7 chore: bump deps
7958db1 chore: copy over sd-boot and sd-stub from tools
813b3c3 chore: revert xfsprogs
0cc78ab chore: bump kernel to 6.1.28
70189e3 chore: bump deps
c5d3bf1 feat: add sd-stub and sd-boot
30a7ac2 feat: update Linux 6.1.27, containerd 1.6.21
fbc6ee5 chore: bump deps
82b9489 chore: bump dependencies
f37e520 feat: update Linux to 6.1.25
3920b16 feat: add multi-gen LRU kernel support
988f1ec feat: update Linux to 6.1.24
5327d12 fix: remove FB_NVIDIA drivers, Linux 6.1.23
4eae958 chore: copy over the kernel signing public key
174f8fc chore: update Go to 1.20.3
41629b0 chore: reorder pkgs for better kernel caching
b483a6b feat: build 'snp.efi' for iPXE
fb853ff feat: update containerd to 1.6.20

Changes from siderolabs/tools

15 commits

e0c76c0 chore: bump dependencies
7d0cd58 feat: update Go to 1.20.5
150efc2 chore: remove non needed tools
88ebb40 feat: add swtpm
4c5d7fe chore: use same source epoch everywhere
2e46e5b feat: add reproducibility pipelines
c6a41b6 fix: add sd-stub assertion patch
d2dde48 chore: bump deps
8e45ad7 feat: add sbsign
271c4a6 feat: add sd-tools
eedc294 chore: bump deps
81b09a5 feat: add libcap and gnuefi
47b0fd3 chore: bump go to 1.20.4
ff4cf2b chore: bump deps
1563556 feat: update Go to 1.20.3

Dependency Changes

github.com/BurntSushi/toml v1.2.1 -> v1.3.2
github.com/aws/aws-sdk-go v1.44.232 -> v1.44.287
github.com/beevik/ntp v0.3.0 -> v1.1.1
github.com/benbjohnson/clock v1.1.0 -> v1.3.5
github.com/cenkalti/backoff/v4 v4.2.0 -> v4.2.1
github.com/containerd/containerd v1.6.19 -> v1.6.21
github.com/containerd/typeurl/v2 v2.1.1 new
github.com/containernetworking/plugins v1.2.0 -> v1.3.0
github.com/cosi-project/runtime v0.3.0 -> v0.3.1-alpha.5
github.com/docker/distribution v2.8.1 -> v2.8.2
github.com/docker/docker v23.0.2 -> v24.0.2
github.com/ecks/uefi caef65d070eb new
github.com/emicklei/dot v1.4.2 -> v1.5.0
github.com/hetznercloud/hcloud-go v1.41.0 -> v1.47.0
github.com/insomniacslk/dhcp 74ae03f2425e -> b20c9ba983df
github.com/jsimonetti/rtnetlink v1.3.1 -> v1.3.3
github.com/mattn/go-isatty v0.0.18 -> v0.0.19
github.com/mdlayher/ethtool ba3b4bc2e02c -> v0.1.0
github.com/mdlayher/genetlink v1.3.1 -> v1.3.2
github.com/mdlayher/netlink v1.7.1 -> v1.7.2
github.com/mdlayher/netx c711c2f8512f -> 7e21880baee8
github.com/nberlee/go-netstat v0.1.1 -> v0.1.2
github.com/opencontainers/image-spec v1.1.0-rc2 -> v1.1.0-rc3
github.com/packethost/packngo v0.29.0 -> v0.30.0
github.com/prometheus/procfs v0.9.0 -> v0.11.0
github.com/rivo/tview 281d14d896d7 -> 6cc0565babaf
github.com/rs/xid v1.4.0 -> v1.5.0
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.15 -> v1.0.0-beta.17
github.com/siderolabs/discovery-api v0.1.2 -> v0.1.3
github.com/siderolabs/discovery-client v0.1.4 -> v0.1.5
github.com/siderolabs/extras v1.4.0-1-g9b07505 -> v1.5.0-alpha.0-1-ga73d524
github.com/siderolabs/gen v0.4.3 -> v0.4.5
github.com/siderolabs/go-blockdevice v0.4.4 -> v0.4.5
github.com/siderolabs/go-kubernetes v0.2.0 -> v0.2.1
github.com/siderolabs/go-loadbalancer v0.2.1 -> v0.3.1
github.com/siderolabs/pkgs v1.4.1-5-ga333a84 -> v1.5.0-alpha.0-28-gedd725a
github.com/siderolabs/talos/pkg/machinery v1.4.0 -> v1.5.0-alpha.0
github.com/siderolabs/tools v1.4.0-1-g955aabc -> v1.5.0-alpha.0-14-ge0c76c0
github.com/spf13/cobra v1.6.1 -> v1.7.0
github.com/stretchr/testify v1.8.2 -> v1.8.4
github.com/vmware-tanzu/sonobuoy v0.56.16 -> v0.56.17
go.etcd.io/etcd/api/v3 v3.5.8 -> v3.5.9
go.etcd.io/etcd/client/pkg/v3 v3.5.8 -> v3.5.9
go.etcd.io/etcd/client/v3 v3.5.8 -> v3.5.9
go.etcd.io/etcd/etcdutl/v3 v3.5.8 -> v3.5.9
golang.org/x/net v0.8.0 -> v0.11.0
golang.org/x/sync v0.1.0 -> v0.3.0
golang.org/x/sys v0.6.0 -> v0.9.0
golang.org/x/term v0.6.0 -> v0.9.0
golang.org/x/text v0.10.0 new
golang.zx2c4.com/wireguard/wgctrl 9c5414ab4bde -> 925a1e7659e6
google.golang.org/grpc v1.54.0 -> v1.56.1
k8s.io/api v0.27.1 -> v0.27.3
k8s.io/apimachinery v0.27.1 -> v0.27.3
k8s.io/apiserver v0.27.1 -> v0.27.3
k8s.io/client-go v0.27.1 -> v0.27.3
k8s.io/component-base v0.27.1 -> v0.27.3
k8s.io/cri-api v0.27.1 -> v0.27.3
k8s.io/klog/v2 v2.90.1 -> v2.100.1
k8s.io/kubectl v0.27.1 -> v0.27.3
k8s.io/kubelet v0.27.1 -> v0.27.3
kernel.org/pub/linux/libs/security/libcap/cap v1.2.68 -> v1.2.69

Previous release can be found at v1.4.0

Talos 1.5.0-alpha.0 (2023-05-19)

Welcome to the v1.5.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.1.28
containerd: 1.6.21
runc: 1.1.7
etcd: 3.5.9
Kubernetes: 1.27.2

Talos is built with Go 1.20.4.

Contributors

Andrey Smirnov
Noel Georgi
Utku Ozdemir
Dmitriy Matrenichev
Steve Francis
Budiman Jojo
Christian Rolland
Henk Kraal
Michael A. Davis
Michael Fornaro
Nico Berlee
Niklas Wik
Ricky Sadowski
Thomas Perronin

Changes

69 commits

383471c3e feat: update default Kubernetes to v1.27.2
8f68d1abe chore: bump deps
e0c1585d3 feat: create azure community gallery image version on release
dd8336c9e fix: refresh kubelet self-issued serving certificates
bb02dd263 chore: drop deprecated stuff for Talos 1.5
61cad8673 chore: bump deps
01dfd3af7 feat: update etcd to v3.5.9
aa65fbb8a chore: update KUBECTL_URL to reflect the community bucket
cc3128d94 chore: bump kernel to 6.1.28
97fffaf78 chore: use ctest.UpdateWithConflicts instead of plain UpdateWithConflicts
3b36993b9 fix: rlimit nofile test
45e6e27af chore: bump runtime
4f720d465 fix: revert: set rlimit explicitly in wrapperd
a2565f674 fix: set rlimit explicitly in wrapperd
cdfc242b8 chore: re-enable Go buildid
e67f3f5c5 feat: linux 6.1.27, containerd 1.6.21, go 1.20.4
55ae59a0a fix: properly skip/cleanup controlplane configs for workers
64eade9bd chore: clean up unused constant
62c6e9655 feat: introduce siderolink config resource & reconnect
860002c73 fix: don't reload control plane pods on cert SANs changes
d43c61e80 fix: enforce nolock option for all NFS mounts by default
339986db9 fix: inhibit timer to follow kubelet timer
cbf6dc100 fix: set timeout for unmount calls
b58f913d5 fix: set the static pod priority as values
f8a7a5b6b docs: add information about KubeSpan ports and topology
2bad74d64 docs: add how to on scaling down
7442ff8b0 chore: fix typos inteface -> interface (docs and tests)
d4e94f7a1 fix: add back required TARGETARCH for installer
e6fffda01 chore: linux 6.1.26, runc 1.1.7
344746ae2 fix: bump max inhibit delay to 20 min
d9bdea2b5 chore: fork docs and compatibility modules for Talos 1.5
3d99610fc docs: document building, verifying image and process caps
014008ea2 fix: udevd rules trigger
9b36bb613 feat: update Linux to 6.1.25, fix virtio on arm64
08ec66c55 feat: clean up (garbage collect) system images which are not referenced
b097efcde fix: display correct number of machines on dashboard
cad43f0ad chore: remove k8s master label
e296a566e fix: support kernel userspace module loading
103f0ffdd feat: add startup probes to controller-manager and scheduler
5a1ae8aae chore: bump dependences
ec8c8dbaf chore: fix container image reproducibility
f661d8487 fix: allow talosctl cp to handle special files in /proc
2d824b563 fix: do not show control plane status for workers on dashboard
e5491ddad docs: update documentation for nocloud
7a004a6f7 fix: parse errors correctly
374ef5385 test: submit verbose flag to e2e tests
e1d38b6fe feat: show template URL in dashboard config URL tab
45d7f0ce9 docs: fix the latest url
96efbf147 docs: activate 1.4.0 docs by default
8c1f515b1 feat: update Linux to 6.1.24
8689bef5f docs: update documentation for Talos 1.4
a781dfb8e feat: update Kubernetes to 1.27.1
a737dd83a chore: typo in compatibility.ParseKubernetesVersion
f14928b0a fix: fix dashboard crash when a non-existent node is specified
3e406d9b0 feat: update etcd to v3.5.8
bd1cff3e8 chore: remove Go buildid
e31f7f50b feat: update Kubernetes to 1.27.0
aa3640d74 docs: update storage.md
07bb61e60 chore: module-sig-verify cleanup
5e9d836c3 chore: add kernel module signtaure verification
3cd1c6bb0 fix: send 'STOP' event on phase end
5176d27dc feat: update Kubernetes to 1.27.0-rc.1
2c55550a6 fix: quote ISO kernel args for GRUB
319d76e38 fix: respect BROWSER=echo in client auth interceptor
4e4ace839 chore: update Go to 1.20.3
170f73899 fix: correctly parse static pod phase
c3a595d5b fix: improve action tracking post checks
eb01edbc8 fix: rework DHCP flow
e095150a6 test: bump CAPI components versions

Changes from siderolabs/extras

1 commit

36c8ac4 chore: update to Go 1.20.3

Changes from siderolabs/gen

3 commits

f9f5805 chore: bump rekres and add functions from exp
b968d21 feat: add TryRecv and RecvWithContext functions
476dfea feat: add foreach and clear to lazymap

Changes from siderolabs/go-blockdevice

1 commit

076874a chore: resolve blockdevice symlinks

Changes from siderolabs/go-loadbalancer

1 commit

f3a0e24 fix: use SO_LINGER option when doing TCP healthchecks

Changes from siderolabs/pkgs

18 commits

702d7a7 chore: bump deps
7958db1 chore: copy over sd-boot and sd-stub from tools
813b3c3 chore: revert xfsprogs
0cc78ab chore: bump kernel to 6.1.28
70189e3 chore: bump deps
c5d3bf1 feat: add sd-stub and sd-boot
30a7ac2 feat: update Linux 6.1.27, containerd 1.6.21
fbc6ee5 chore: bump deps
82b9489 chore: bump dependencies
f37e520 feat: update Linux to 6.1.25
3920b16 feat: add multi-gen LRU kernel support
988f1ec feat: update Linux to 6.1.24
5327d12 fix: remove FB_NVIDIA drivers, Linux 6.1.23
4eae958 chore: copy over the kernel signing public key
174f8fc chore: update Go to 1.20.3
41629b0 chore: reorder pkgs for better kernel caching
b483a6b feat: build 'snp.efi' for iPXE
fb853ff feat: update containerd to 1.6.20

Changes from siderolabs/tools

8 commits

d2dde48 chore: bump deps
8e45ad7 feat: add sbsign
271c4a6 feat: add sd-tools
eedc294 chore: bump deps
81b09a5 feat: add libcap and gnuefi
47b0fd3 chore: bump go to 1.20.4
ff4cf2b chore: bump deps
1563556 feat: update Go to 1.20.3

Dependency Changes

github.com/aws/aws-sdk-go v1.44.232 -> v1.44.264
github.com/beevik/ntp v0.3.0 -> v1.0.0
github.com/benbjohnson/clock v1.1.0 -> v1.3.5
github.com/cenkalti/backoff/v4 v4.2.0 -> v4.2.1
github.com/containerd/containerd v1.6.19 -> v1.6.20
github.com/containerd/typeurl/v2 v2.1.1 new
github.com/containernetworking/plugins v1.2.0 -> v1.3.0
github.com/cosi-project/runtime v0.3.0 -> 82b69d862a7a
github.com/docker/docker v23.0.2 -> v23.0.6
github.com/hetznercloud/hcloud-go v1.41.0 -> v1.45.1
github.com/insomniacslk/dhcp 74ae03f2425e -> 49801966e6cb
github.com/jsimonetti/rtnetlink v1.3.1 -> v1.3.3
github.com/mdlayher/genetlink v1.3.1 -> v1.3.2
github.com/mdlayher/netlink v1.7.1 -> v1.7.2
github.com/mdlayher/netx c711c2f8512f -> 7e21880baee8
github.com/nberlee/go-netstat v0.1.1 -> v0.1.2
github.com/opencontainers/image-spec v1.1.0-rc2 -> v1.1.0-rc3
github.com/rivo/tview 281d14d896d7 -> 822bd067b165
github.com/rs/xid v1.4.0 -> v1.5.0
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.15 -> v1.0.0-beta.16
github.com/siderolabs/extras v1.4.0-1-g9b07505 -> v1.5.0-alpha.0
github.com/siderolabs/gen v0.4.3 -> v0.4.5
github.com/siderolabs/go-blockdevice v0.4.4 -> v0.4.5
github.com/siderolabs/go-loadbalancer v0.2.1 -> v0.2.2
github.com/siderolabs/pkgs v1.4.1-5-ga333a84 -> v1.5.0-alpha.0-17-g702d7a7
github.com/siderolabs/talos/pkg/machinery v1.4.0 -> v1.4.4
github.com/siderolabs/tools v1.4.0-1-g955aabc -> v1.5.0-alpha.0-7-gd2dde48
github.com/spf13/cobra v1.6.1 -> v1.7.0
go.etcd.io/etcd/api/v3 v3.5.8 -> v3.5.9
go.etcd.io/etcd/client/pkg/v3 v3.5.8 -> v3.5.9
go.etcd.io/etcd/client/v3 v3.5.8 -> v3.5.9
go.etcd.io/etcd/etcdutl/v3 v3.5.8 -> v3.5.9
golang.org/x/net v0.8.0 -> v0.10.0
golang.org/x/sync v0.1.0 -> v0.2.0
golang.org/x/sys v0.6.0 -> v0.8.0
golang.org/x/term v0.6.0 -> v0.8.0
golang.zx2c4.com/wireguard/wgctrl 9c5414ab4bde -> 925a1e7659e6
google.golang.org/grpc v1.54.0 -> v1.55.0
k8s.io/api v0.27.1 -> v0.27.2
k8s.io/apimachinery v0.27.1 -> v0.27.2
k8s.io/apiserver v0.27.1 -> v0.27.2
k8s.io/client-go v0.27.1 -> v0.27.2
k8s.io/component-base v0.27.1 -> v0.27.2
k8s.io/klog/v2 v2.90.1 -> v2.100.1
k8s.io/kubectl v0.27.1 -> v0.27.2
k8s.io/kubelet v0.27.1 -> v0.27.2
kernel.org/pub/linux/libs/security/libcap/cap v1.2.68 -> v1.2.69

Previous release can be found at v1.4.0

Talos 1.4.0-alpha.4 (2023-03-31)

Welcome to the v1.4.0-alpha.4 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

Bond Device Selectors

Bond links can now be described using device selectors instead of explicit device names:

machine:
  network:
    interfaces:
      - interface: bond0
        bond:
          deviceSelectors:
            - hardwareAddr: '00:50:56:*'
            - hardwareAddr: '00:50:57:9c:2c:2d'

talosctl containers

talosctl logs -k and talosctl containers -k now support and output container display names with their ids. This allows to distinguish between containers with the same name.

Registry Mirror Catch-All Option

Talos now supports a catch-all option for registry mirrors:

machine:
    registries:
        mirrors:
            docker.io:
                - https://registry-1.docker.io/
            "*":
                - https://my-registry.example.com/

Talos Dashboard on TTY2

Talos now starts a text-based UI dashboard on virtual console /dev/tty2 and switches to it by default upon boot. Kernel logs remain available on /dev/tty1.

To switch TTYs, use the Alt+F1 through Alt+F2 keys.

You can disable this behavior by setting the kernel parameter talos.dashboard.disabled=1.

This behavior is disabled by default on SBCs.

Kernel Argument `talos.environment`

Talos now supports passing environment variables via talos.environment kernel argument.

Example:

talos.environment=http_proxy=http://proxy.example.com:8080 talos.environment=https_proxy=http://proxy.example.com:8080

etcd Maintenance

Talos adds new APIs to make it easier to perform etcd maintenance operations.

These APIs are available via new talosctl etcd sub-commands:

talosctl etcd alarm list|disarm
talosctl etcd defrag
talosctl etcd status

See also etcd maintenance guide.

Kernel Modules

Talos now supports automatically loading kernel drivers built as modules. If any system extensions or the Talos base kernel build provides kernel modules and if they matches the system hardware (via PCI IDs), they will be loaded automatically. Modules can still be loaded explicitly by defining it in machine configuration.

Kernel Modules Tree

Talos now supports re-building the kernel modules dependency tree information on upgrades. This allows modules of same name to co-exist as in-tree and external modules. System Extensions can provide modules installed into extras directory and when loading it'll take precendence over the in-tree module.

Kernel Reset Argument

Talos now supports talos.experimental.wipe=system:EPHEMERAL,STATE kernel argument. Talos now also supports the new GRUB boot option - "Reset Talos installation and return to maintenance mode". Both of this options will reset EPHEMERAL and STATE partitions and will return Talos into maintenance mode after the reboot.

Machine Configuration

Strategic merge config patches correctly support merging .vlans sections of the network interface.

talosctl netstat

Talos API was extended to support retrieving a list of network connections (sockets) from the node and pods. talosctl netstat command was added to retrieve the list of network connections.

Reset API Enhancements

Talos now supports resetting user disks through the Reset API, the list of disks to wipe is set using the --user-disks-to-wipe parameter in talosctl. Additionally, the Reset API can now function in maintenance mode and has the capability to wipe the node's system disk (partial wipe is not supported).

New Talos API os:operator role

Talos now supports a new os:operator role for the Talos API. This role allows everything os:reader role allows plus access to maintenance APIs: rebooting, shutting down a node, accessing packet capture, etcd alarm APIs, etcd backup, etc.

Component Updates

Linux: 6.1.22
containerd: v1.6.20
runc: v1.1.5
Kubernetes: v1.27.0-rc.0
etcd: v3.5.7
CoreDNS: v1.10.1
Flannel: v0.21.4

Talos is built with Go 1.20.2.

VMware Platform

Talos now supports loading network configuration on VMWare platform from the metadata key. See CAPV IPAM Support and Talos issue 6708 for details.

Contributors

Andrey Smirnov
Noel Georgi
Dmitriy Matrenichev
Utku Ozdemir
Spencer Smith
Artem Chernyshev
Serge Logvinov
Steve Francis
Nico Berlee
Tim Jones
Seán C McCord
Steffen Windoffer
Andrey Smirnov
Cees-Jan Kiewiet
Chris van de Sande
Dennis Marttinen
Dzerom Dzenkins
Erik Lund
Jori Huisman
Lance R. Vick
Matthias Riegler
Michael Vorburger
Murtaza Udaipurwala
Niklas Wik
Rowan Smith
Samuel Kees
Sander Maijers
Thomas Way
Tim van Druenen
Victor Seva
budimanjojo
xyhhx

Changes

200 commits

7ffabe0f1 feat: support network bond device selectors
cbab12e3a refactor: rename outbound to connectivity on dashboard
07c3c5d59 feat: return disk subsystem in the Disks API
b8497b99e feat: update containerd to 1.6.20
aa1499353 feat: introduce network probes
9dc1150e3 docs: update nvidia instructions
7967ccfc1 feat: add config code entry screen to dashboard
ddb014cfd fix: udevd rules trigger
0af8fe2fb feat: netstat pod support
52e857f55 feat: linux 6.1.22, runc 1.1.5
aa662ff63 fix: apply small fixes on dashboard
188560a33 fix: add a link-scope route if the cmdline gateway is not reachable
45c5b47a5 feat: dhcpv4: send current hostname, fix spec compliance of renewals
289b41fe4 fix: output of talosctl logs might be corruped
02f0a4526 feat: allow writing initial META values into the image
ea0e9bdbe feat: environment variables via the kernel arguments
94c24ca64 chore: add machine config version contract for v1.4
cefa9c3ec feat: update Kubernetes to 1.27.0-rc.0
9e8603f53 feat: implement new download URL variable ${code}
d30cf9c86 test: fix misprint in e2e scripts
0d0bb31cf fix: use stripped kernel modules
3583eea98 release(v1.4.0-alpha.3): prepare release
a7b79ef1b feat: add network config screen to dashboard
cf2ccc521 fix: always shutdown maintenance API service
a0a5db590 feat: update Flannel to 0.21.4
d1a61fd34 chore: bump golangci-lint
36a9a208e chore: bump deps
c63cf90e3 feat: update k8s to v1.27.0-beta.0
b246c90ab fix: add uint32 to Magic1 and Magic2
777c8d6f6 chore: update COSI to watch aggregated version
bec89bf6e fix: use 'no block' etcd dial with multiple endpoints
28713c2c4 feat: update Kubernetes to 1.26.3
a3cf41647 docs: add InstallConfig ignored notice to doc
df9b851fb chore: load all external artifacts earlier
2dd0964c5 refactor: use resource watches on dashboard
9933ebb6a chore: fix loaded artifacts file permission
a14a0aba0 fix: nil pointer exception in syncLink
cf101e56f fix: add --force flag for talosctl gen
ea2aa0611 fix: fix data race on network config read
64e3d24c6 feat: provide platform network config for 'metal' in META
442cb9c1b feat: implement APIs to write to META
9e07832db feat: implement summary dashboard
1df841bb5 refactor: change the interface of META
e9962bc3e chore: update CI to tag azure buckets
9f5f5cf9b feat: update Flannel to v0.21.3
02b0ff35e feat: generate Flannel CNI manifest from upstream
6656d35ec docs: fix Talos version to use template
72a6d1d70 docs: update nocloud
9948a646d feat: coredns node uninitialized toleration
e03902b54 feat: update Go to 1.20.2
c8f8579f2 fix: upgrade-k8s to flag should not be required since there is a default
230cfaf80 feat: use network information from guestinfo.metadata
97048f7c3 feat: netstat in API and client
fda6da692 fix: successful ACPI shutdown in maintenance mode
b97e1abaa feat: set default image, validate empty image
121220a3b chore: bump dependencies via renovate bot
ebc92f3c1 chore: add container id to talosctl -k containers and talosctl -k logs
22ef81c1e feat: add grub option to drop to maintenance mode
642fe0c90 feat: update pkgs with framebuffer console
69cb414f0 docs: update cilium install instructions
e71cc6619 fix: redo assertHostnames in HostnameMergeSuite.TestMerge
8ea4bfad8 refactor: improve the kubernetes upgrade flow
81879fc0c docs: add how tos for workloads on control planes, and scaling up
05b0b721c chore: move blob storage to azure for builds
a78281214 feat: add cilium e2e tests
061640ccc feat: add pod ip to kube-proxy spec
dea17d723 feat: update Kubernetes to v1.26.2
337aaba7a feat: add 'os:operator' role
40e69af22 fix: improve etcd leave on reset process
638dc9128 fix: fix "defer" leak in ResetUserDisks
bfba3677b chore: handle grub option - "wipe"
594f27d87 release(v1.4.0-alpha.2): prepare release
b52071081 feat: introduce new flag in reset API that makes Talos reset user disks
f55f5df73 feat: move dashboard package & run it in tty2
36e077ead chore: bump deps
5a01d5fd4 chore: run extension build as downstream
426fe9687 fix: extension base folder permission
609d3a8a6 feat: support strategic merge patches on VLAN configuration
7e19f32d7 chore: provide version compatibility data for Talos 1.2.x
230e46e56 refactor: extract parts of kubernetes libraries
f3d3f0f26 fix: update go-smbios library with Hyper-V data fix
8711eea96 fix: use passed --context in talosctl config cmd
5ac9f43e4 feat: start machined earlier & in maintenance mode
36ab414a1 docs: fix the endpoints in the libvirt guide
3d55bd80f fix: add --force flag to talosctl gen config
660b8874d feat: cmdline integer netmask
1e3daacc4 docs: update nvidia component versions
b5c03a7fa fix: docker talosctl cluster create provisioner
6e8f13529 fix: add support for a fallback '*' mirror configuration
dcd4eb1a9 fix: improve error message on single node upgrade
ed5af3f78 chore: bump deps
0dc6858e5 chore: bump cosi-project/runtime
da2edb9de chore: bump dependencies
e51a110f0 chore: bump dependencies
2d0148018 feat: automatically load modules based on hw info
7b75cd8b9 fix: kernel module dependency tree generation
65d02e5ad fix: dbus shutdown when it's not initialized
a7079ce85 fix: quote the ampersand character in GRUB config
933ba2d82 fix: display correct blockdevice size
c449cb736 fix: talosctl reboot command passing mode in wait mode
34ab0007a docs: port is needed for wireguard endpoint
1e1aa84f6 fix: kubernetes removed resource version check
dcbcf5a93 fix: wait for network and retry in platform get config funcs
3d7566ec7 test: update Canal CNI manifest URL
e09e10666 fix: default dns domain to 'cluster.local' in local case
cc6e37a47 feat: use process wrapper for dropping capabilities
0c6c88874 fix: trackable action flag usage text. --no-wait does not exist
5cb2915d8 feat: use wrapper for starting processes
56d945326 fix: panic in talosctl cluster show
38a51191e fix: correctly expand parameters in the URL
af21860a2 fix: return proper error if download attempts time out
54f7d4c92 fix: correctly quote and unquote strings in GRUB config
54cf0672a fix: omit zero MTU in the machine config
bdc53ac25 docs: add hyperlink to Docker API docs about config.json
b3bc06dd1 chore: bump vtprotobuf to v0.4.0
0ba5e59f6 fix: drone config for renovate PR's
590a393de fix: udevd healthcheck
2b6b6deac docs: simplify and clarify digital ocean docs
92bc15f7f release(v1.4.0-alpha.1): prepare release
e3da4754e feat: update Linux to 6.1.7
006449e46 test: build integration test early in the pipeline
09aa71264 fix: renovate config
2d136f187 feat: set markdown and html descriptions in config json schema
f0804027a fix: renovate config
812a2877c chore: bump deps + renovate cleanup
aa9f66c1c fix: mark DigitalOcean anchor IP as scope link
bb4937f1b feat: enable renovate
3e0057162 fix: unwrap gRPC errors on stop/remove pods check
00e52ae07 fix: build correctly etcd initial cluster URL
ae83b10ae feat: create JSON schema for v1alpha1.Config
703d96595 feat: update Kubernetes to 1.26.1, etcd to 3.5.7
965e64591 docs: update to use talosctl install script
c5954f434 chore: bump deps
bb50f6a56 chore: preallocate disk images for QEMU VMs
d4b8b35de feat: generate kernel module dependency tree
18122ae73 fix: service restart (including extension services)
680fd5e45 fix: bump COSI runtime with the panic controller restart fix
0b65bbfc8 fix: handle overwriting tags in syslinux ADV
70d9428a1 fix: kubespan MSS clamping
683b4ccb4 chore: update Go to 1.19.5 and kernel to 6.1.4
062c7d754 test: fix integration test on cp endpoint update
8e9fc13d7 feat: implement enum generator for proto files
771b0dc06 docs: update left over rpi_4 ref to rpi_generic
6c04b5f79 chore: bump dependencies
0a5a8802e feat: use 'localhost' endpoint for controlplane nodes
b0775ebf2 feat: add ISO wipe GRUB boot option
29020cb9c fix: report fatal sequence errors as reboots
96629d5ba feat: implement etcd maintenance commands
80fed3194 feat: include Kubernetes controlplane endpoint as one of the endpoints
c6cb36cc1 docs: fix auditpolicy example typo
ba8265bc5 feat: new talosctl config remove to remove context
fcb19ff51 fix: implement upgrade version checks for Talos 1.4
80f150ac8 feat: enable ipv6 on gcp
8db622f3d docs: add Vandebron to adopters list
f6a86ae90 fix: oralce cloud zone
89dbb0ecf release(v1.4.0-alpha.0): prepare release
31fb90535 feat: update Linux 6.1.1, containerd 1.6.14
a0c0352dd fix: send diagnostic output to stderr consistently
9a5f4c08a fix: default the manifest namespace if not set
3c6cce5fe docs: update last release for Talos 1.2.x
703624c43 docs: fix the 1.3 release date
386c9293a docs: update nvidia-container-runtime version
ff83d9fd7 fix: improve talosctl completion
31ff431fa chore: add schulz systemtechnik to the list
97bef7c47 docs: vsphere.sh > vmware.sh
34babe858 chore: make organization selection an interface
a9643b477 fix: use proper key usage for apid client certificate
171aa9467 fix: disable Wireless Lan using dtoverlay
2e84d2ab3 chore: update conformance product.yaml
b7763843a feat: add install script that improves talosctl installation user experience This install script detects the platform and architecture, and downloads the correct talosctl, and checks the gpg checksums. It also installs and chmods the binary.
afc45ad63 docs: mark Talos 1.3 docs as default
873bd3807 fix: redact service account key in config in RedactSecrets method
b3aebfadf feat: validate Talos API access roles in machine config
40761e17d docs: fork docs for Talos 1.4
474604cd2 docs: update documentation for Talos 1.3
faf49218c feat: add more checks for K8s upgrade
5b992bd86 fix: allow empty dnsDomain in machine config
eb332cfcb feat: add health check for a minimal memory / disk size
d04970dfa fix: ignore k8s additional addresses if nil
63c17104c feat: update Kubernets to 1.26.0
f7a9a90db chore: update pkgs/tools (Go 1.19.4, containerd 1.6.11)
cf7adc51c feat: add RedactSecrets method to v1alpha1.Config
4c31b9b1a docs: clarify what the deal is with /var
a8ebcca4a chore: remove watchErr from metal.getResource
1253513bd fix: fix nil pointer panic and incorrect error output
82e8c9e1f fix: workaround panic in the kubelet service controller
a505b8909 fix: update COSI and reset restart backoff on success
e92fdcbad chore: bump kernel to 5.15.81
f0dddca2a docs: expand help for 'talosctl get'
fcffc8879 fix: add ext4 filesystem detection
5b2960eff fix: introduce 'overridePath' setting and fix Talos resolver
0219d1124 fix: use only kube-apiserver endpoints for Talos API access endpoints
dc5e0f4af fix: report errors to Equinix Metal event API
7ab140a94 feat: add talosctl machineconfig patch command
d3cf06114 fix: ignore many more filesystems in IMA
44e2799b8 feat: add stdout and single config type support to talosctl gen config
4452f0e17 docs: bump talos version
38e57bd12 feat: update Kubernetes to v1.26.0-rc.1
4cd125d49 fix: correctly handle new watch event types
881b84152 feat: update Flannel to 0.20.2

Changes since v1.4.0-alpha.3

21 commits

7ffabe0f1 feat: support network bond device selectors
cbab12e3a refactor: rename outbound to connectivity on dashboard
07c3c5d59 feat: return disk subsystem in the Disks API
b8497b99e feat: update containerd to 1.6.20
aa1499353 feat: introduce network probes
9dc1150e3 docs: update nvidia instructions
7967ccfc1 feat: add config code entry screen to dashboard
ddb014cfd fix: udevd rules trigger
0af8fe2fb feat: netstat pod support
52e857f55 feat: linux 6.1.22, runc 1.1.5
aa662ff63 fix: apply small fixes on dashboard
188560a33 fix: add a link-scope route if the cmdline gateway is not reachable
45c5b47a5 feat: dhcpv4: send current hostname, fix spec compliance of renewals
289b41fe4 fix: output of talosctl logs might be corruped
02f0a4526 feat: allow writing initial META values into the image
ea0e9bdbe feat: environment variables via the kernel arguments
94c24ca64 chore: add machine config version contract for v1.4
cefa9c3ec feat: update Kubernetes to 1.27.0-rc.0
9e8603f53 feat: implement new download URL variable ${code}
d30cf9c86 test: fix misprint in e2e scripts
0d0bb31cf fix: use stripped kernel modules

Changes from siderolabs/discovery-api

1 commit

ac75538 chore: regen the proto definitions with vtprotobuf v0.4.0

Changes from siderolabs/discovery-client

1 commit

269a832 chore: rekres, update discovery api

Changes from siderolabs/extras

9 commits

7faf14a chore: bump pkgs to v1.4.0
343956e feat: update Go to 1.20.2
6209d87 chore: bump tc-redirect-tap
8b28b6b chore: bump deps
5ab4f59 chore: disable renovate builds
ddeddbd chore: update packages, tc_redirect_tap
8cb4792 chore: update Go to 1.19.5
3ca2df3 chore: disable provenance in buildx
55d8452 feat: update releases

Changes from siderolabs/gen

2 commits

214c1ef chore: set slice.Filter result slice cap to len
8e89b1e feat: add GetOrCreate and GetOrCall methods

Changes from siderolabs/go-blockdevice

2 commits

b4386f3 feat: make disk utils read subsystem information from the /sys/block
8c7ea19 fix: blockdevice size is reported by Linux in 512 blocks always

Changes from siderolabs/go-kmsg

1 commit

7a51094 fix: exit properly on context cancel

Changes from siderolabs/go-kubernetes

4 commits

81887dc feat: add kubelet flag checks
fe473c0 refactor: make sync easier to consume without CLI
570819b feat: initial version of the library
fb79215 Initial commit

Changes from siderolabs/go-smbios

1 commit

c526764 feat: fix reading "broken" Hyper-V DMI data

Changes from siderolabs/pkgs

39 commits

aadb943 feat: update containerd to 1.6.20
5a7b33e chore: bump deps
5d77814 fix: strip kernel modules when installing
c26b0b5 chore: bump deps
7d8f5bd feat: enable Hyper-V dynamic memory driver
ea40205 chore: bump deps
21e5a68 feat: update Go 1.20.2, Linux 6.1.15 and other
1d7e60c feat: enable framebuffer drivers and console fonts
0e63e95 chore: bump deps
5dbce6b fix: xz url
0097233 chore: re-enable drbd
7493721 fix: sourcefourge url shasums
185f482 feat: update containerd to 1.6.18
e3cab6c chore: bump deps
18661b0 chore: bump deps
885a68b chore: bump deps
c3a6e18 chore: bump dependencies
1fae0b2 feat: virtio drivers as modules
61d8ff4 chore: bump deps and disable un-needed kconfig
15fe6d8 fix: kernel module tree files missing
987d24a feat: mellanox drivers are modules
b82a015 feat: mellanox oped
057d4f9 chore: bump deps
4ac4138 feat: enable nvme support for raspberrypi cm4
ccb9d39 fix: disable magic sysrq
d33202d chore: bump u-boot to 2023.01
cb83e16 chore: bump dependencies
e561dcb feat: bump Go to 1.19.5
c7797c7 feat: update Linux to 6.1.4, restore RPi support
5e8ebb0 feat: add AMD K10 sensor support
73ac37d chore: disable provenance in buildx
8965bee chore: use default symlinks to /bin in base
325c9bf feat: bump dependencies
165dff6 fix: patch ipmitool IANA URL
c542f39 feat: add kernel support for usb setrial console
f564f45 chore: bump tools, containerd
268ea7c chore: bump deps
dcf3ceb feat: add nitro enclave support in kernel
17ea5e6 chore: bump kernel to 5.15.81

Changes from siderolabs/tools

31 commits

95f814a feat: cmake 3.26.2
a3d5bac chore: bump deps
2d710f9 chore: bump deps
9bea7d0 chore: skip rc versions for util-linux
a94850e chore: bump deps
e6b2956 fix: protoc install
601e347 feat: go 1.20.2 + other bumps
ca67d0b chore: bump deps
662a906 feat: add libnl
a8440a9 fix: partially revert e6c98fdf54425e6382f226e33bccca6f3875aad3a
e6c98fd chore: remove swig
cd9687b fix: renovate config
977e3fc chore: bump go to 1.20.1
15748aa chore: bump deps
d4b719a chore: bump deps
8c36dbd chore: bump toolchain, bump protoc-gen-go-grpc
a62e365 feat: update Go to 1.20
28d4a57 chore: reduce renovate noise
e130fd5 chore: bump deps
37612fe fix: revert enabling provenance
e0b01e3 chore: bump deps
d0e6bd0 feat: add gnutls
3d34b5d chore: bump dependencies
763c1d9 feat: update Go to 1.19.5
136958f chore: disable provenance in buildx
e2a8692 feat: update releases
0e48f37 chore: bump protobuf
a21aa1c chore: bump toolchain and mpc versions
1a75d0f chore: bump deps
55bd185 feat: update Go to 1.19.4
f291f46 chore: bump tools

Dependency Changes

cloud.google.com/go/compute/metadata v0.2.1 -> v0.2.3
github.com/aws/aws-sdk-go v1.44.147 -> v1.44.232
github.com/benbjohnson/clock v1.1.0 new
github.com/containerd/cgroups v1.0.4 -> v1.1.0
github.com/containerd/containerd v1.6.12 -> v1.6.19
github.com/containernetworking/plugins v1.1.1 -> v1.2.0
github.com/coreos/go-semver v0.3.0 -> v0.3.1
github.com/cosi-project/runtime v0.2.0 -> v0.3.0
github.com/docker/docker v20.10.21 -> v23.0.2
github.com/dustin/go-humanize v1.0.0 -> v1.0.1
github.com/emicklei/dot v1.2.0 -> v1.4.2
github.com/fatih/color v1.13.0 -> v1.15.0
github.com/freddierice/go-losetup/v2 v2.0.1 new
github.com/gdamore/tcell/v2 v2.5.3 -> v2.6.0
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 -> v1.4.0
github.com/hashicorp/go-getter v1.6.2 -> v1.7.1
github.com/hetznercloud/hcloud-go v1.37.0 -> v1.41.0
github.com/insomniacslk/dhcp f26e6d78f622 -> 74ae03f2425e
github.com/jsimonetti/rtnetlink v1.3.0 -> v1.3.1
github.com/mattn/go-isatty v0.0.16 -> v0.0.18
github.com/mdlayher/ethtool 0e16326d06d1 -> ba3b4bc2e02c
github.com/mdlayher/genetlink v1.3.0 -> v1.3.1
github.com/mdlayher/netlink v1.7.0 -> v1.7.1
github.com/nberlee/go-netstat v0.1.1 new
github.com/prometheus/procfs v0.8.0 -> v0.9.0
github.com/rivo/tview db36428c92d9 -> 281d14d896d7
github.com/safchain/ethtool v0.2.0 -> v0.3.0
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.10 -> v1.0.0-beta.15
github.com/siderolabs/discovery-api v0.1.1 -> v0.1.2
github.com/siderolabs/discovery-client v0.1.3 -> v0.1.4
github.com/siderolabs/extras v1.3.0-1-g3773d71 -> v1.4.0
github.com/siderolabs/gen v0.4.1 -> v0.4.3
github.com/siderolabs/go-blockdevice v0.4.2 -> v0.4.4
github.com/siderolabs/go-kmsg v0.1.2 -> v0.1.3
github.com/siderolabs/go-kubernetes v0.2.0 new
github.com/siderolabs/go-smbios v0.3.1 -> v0.3.2
github.com/siderolabs/pkgs v1.3.0-5-g6509d23 -> v1.4.0-1-gaadb943
github.com/siderolabs/talos/pkg/machinery v1.3.0 -> v1.4.0-alpha.3
github.com/siderolabs/tools v1.3.0-1-g712379c -> v1.4.0
github.com/stretchr/testify v1.8.1 -> v1.8.2
github.com/u-root/u-root v0.10.0 -> v0.11.0
github.com/ulikunitz/xz v0.5.11 new
github.com/vmware-tanzu/sonobuoy v0.56.12 -> v0.56.16
github.com/vmware/govmomi v0.29.0 -> v0.30.4
go.etcd.io/etcd/api/v3 v3.5.6 -> v3.5.7
go.etcd.io/etcd/client/pkg/v3 v3.5.6 -> v3.5.7
go.etcd.io/etcd/client/v3 v3.5.6 -> v3.5.7
go.etcd.io/etcd/etcdutl/v3 v3.5.6 -> v3.5.7
go.uber.org/zap v1.23.0 -> v1.24.0
go4.org/netipx 797b0c90d8ab -> f1b76eb4bb35
golang.org/x/net v0.4.0 -> v0.8.0
golang.org/x/sys v0.3.0 -> v0.6.0
golang.org/x/term v0.3.0 -> v0.6.0
golang.org/x/time v0.2.0 -> v0.3.0
golang.zx2c4.com/wireguard/wgctrl 97bc4ad4a1cb -> 9c5414ab4bde
google.golang.org/grpc v1.51.0 -> v1.54.0
google.golang.org/protobuf v1.28.1 -> v1.30.0
k8s.io/api v0.26.0 -> v0.27.0-rc.0
k8s.io/apimachinery v0.26.0 -> v0.27.0-rc.0
k8s.io/apiserver v0.26.0 -> v0.27.0-rc.0
k8s.io/client-go v0.26.0 -> v0.27.0-rc.0
k8s.io/component-base v0.26.0 -> v0.27.0-rc.0
k8s.io/cri-api v0.26.0 -> v0.27.0-rc.0
k8s.io/klog/v2 v2.80.1 -> v2.90.1
k8s.io/kubectl v0.26.0 -> v0.27.0-rc.0
k8s.io/kubelet v0.26.0 -> v0.27.0-rc.0
kernel.org/pub/linux/libs/security/libcap/cap v1.2.66 -> v1.2.68

Previous release can be found at v1.3.0

Talos 1.4.0-alpha.3 (2023-03-23)

Welcome to the v1.4.0-alpha.3 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

talosctl containers

talosctl logs -k and talosctl containers -k now support and output container display names with their ids. This allows to distinguish between containers with the same name.

Registry Mirror Catch-All Option

Talos now supports a catch-all option for registry mirrors:

machine:
    registries:
        mirrors:
            docker.io:
                - https://registry-1.docker.io/
            "*":
                - https://my-registry.example.com/

Talos Dashboard on TTY2

Talos now starts a text-based UI dashboard on virtual console /dev/tty2 and switches to it by default upon boot. Kernel logs remain available on /dev/tty1.

To switch TTYs, use the Alt+F1 through Alt+F2 keys.

You can disable this behavior by setting the kernel parameter talos.dashboard.disabled=1.

This behavior is disabled by default on SBCs.

etcd Maintenance

Talos adds new APIs to make it easier to perform etcd maintenance operations.

These APIs are available via new talosctl etcd sub-commands:

talosctl etcd alarm list|disarm
talosctl etcd defrag
talosctl etcd status

See also etcd maintenance guide.

Kernel Modules

Kernel Modules Tree

Kernel Reset Argument

Machine Configuration

Strategic merge config patches correctly support merging .vlans sections of the network interface.

talosctl netstat

Talos API was extended to support retrieving a list of network connections (sockets) from the node. talosctl netstat command was added to retrieve the list of network connections.

Reset API Enhancements

New Talos API os:operator role

Component Updates

Linux: 6.1.20
containerd: v1.6.19
Kubernetes: v1.27.0-beta.0
etcd: v3.5.7
CoreDNS: v1.10.1
Flannel: v0.21.4

Talos is built with Go 1.20.2.

VMware Platform

Talos now supports loading network configuration on VMWare platform from the metadata key. See CAPV IPAM Support and Talos issue 6708 for details.

Contributors

Andrey Smirnov
Noel Georgi
Dmitriy Matrenichev
Utku Ozdemir
Spencer Smith
Serge Logvinov
Artem Chernyshev
Steve Francis
Tim Jones
Nico Berlee
Seán C McCord
Steffen Windoffer
Andrey Smirnov
Cees-Jan Kiewiet
Chris van de Sande
Dzerom Dzenkins
Erik Lund
Jori Huisman
Lance R. Vick
Matthias Riegler
Michael Vorburger
Murtaza Udaipurwala
Niklas Wik
Rowan Smith
Samuel Kees
Sander Maijers
Tim van Druenen
Victor Seva
budimanjojo
xyhhx

Changes

178 commits

a7b79ef1b feat: add network config screen to dashboard
cf2ccc521 fix: always shutdown maintenance API service
a0a5db590 feat: update Flannel to 0.21.4
d1a61fd34 chore: bump golangci-lint
36a9a208e chore: bump deps
c63cf90e3 feat: update k8s to v1.27.0-beta.0
b246c90ab fix: add uint32 to Magic1 and Magic2
777c8d6f6 chore: update COSI to watch aggregated version
bec89bf6e fix: use 'no block' etcd dial with multiple endpoints
28713c2c4 feat: update Kubernetes to 1.26.3
a3cf41647 docs: add InstallConfig ignored notice to doc
df9b851fb chore: load all external artifacts earlier
2dd0964c5 refactor: use resource watches on dashboard
9933ebb6a chore: fix loaded artifacts file permission
a14a0aba0 fix: nil pointer exception in syncLink
cf101e56f fix: add --force flag for talosctl gen
ea2aa0611 fix: fix data race on network config read
64e3d24c6 feat: provide platform network config for 'metal' in META
442cb9c1b feat: implement APIs to write to META
9e07832db feat: implement summary dashboard
1df841bb5 refactor: change the interface of META
e9962bc3e chore: update CI to tag azure buckets
9f5f5cf9b feat: update Flannel to v0.21.3
02b0ff35e feat: generate Flannel CNI manifest from upstream
6656d35ec docs: fix Talos version to use template
72a6d1d70 docs: update nocloud
9948a646d feat: coredns node uninitialized toleration
e03902b54 feat: update Go to 1.20.2
c8f8579f2 fix: upgrade-k8s to flag should not be required since there is a default
230cfaf80 feat: use network information from guestinfo.metadata
97048f7c3 feat: netstat in API and client
fda6da692 fix: successful ACPI shutdown in maintenance mode
b97e1abaa feat: set default image, validate empty image
121220a3b chore: bump dependencies via renovate bot
ebc92f3c1 chore: add container id to talosctl -k containers and talosctl -k logs
22ef81c1e feat: add grub option to drop to maintenance mode
642fe0c90 feat: update pkgs with framebuffer console
69cb414f0 docs: update cilium install instructions
e71cc6619 fix: redo assertHostnames in HostnameMergeSuite.TestMerge
8ea4bfad8 refactor: improve the kubernetes upgrade flow
81879fc0c docs: add how tos for workloads on control planes, and scaling up
05b0b721c chore: move blob storage to azure for builds
a78281214 feat: add cilium e2e tests
061640ccc feat: add pod ip to kube-proxy spec
dea17d723 feat: update Kubernetes to v1.26.2
337aaba7a feat: add 'os:operator' role
40e69af22 fix: improve etcd leave on reset process
638dc9128 fix: fix "defer" leak in ResetUserDisks
bfba3677b chore: handle grub option - "wipe"
594f27d87 release(v1.4.0-alpha.2): prepare release
b52071081 feat: introduce new flag in reset API that makes Talos reset user disks
f55f5df73 feat: move dashboard package & run it in tty2
36e077ead chore: bump deps
5a01d5fd4 chore: run extension build as downstream
426fe9687 fix: extension base folder permission
609d3a8a6 feat: support strategic merge patches on VLAN configuration
7e19f32d7 chore: provide version compatibility data for Talos 1.2.x
230e46e56 refactor: extract parts of kubernetes libraries
f3d3f0f26 fix: update go-smbios library with Hyper-V data fix
8711eea96 fix: use passed --context in talosctl config cmd
5ac9f43e4 feat: start machined earlier & in maintenance mode
36ab414a1 docs: fix the endpoints in the libvirt guide
3d55bd80f fix: add --force flag to talosctl gen config
660b8874d feat: cmdline integer netmask
1e3daacc4 docs: update nvidia component versions
b5c03a7fa fix: docker talosctl cluster create provisioner
6e8f13529 fix: add support for a fallback '*' mirror configuration
dcd4eb1a9 fix: improve error message on single node upgrade
ed5af3f78 chore: bump deps
0dc6858e5 chore: bump cosi-project/runtime
da2edb9de chore: bump dependencies
e51a110f0 chore: bump dependencies
2d0148018 feat: automatically load modules based on hw info
7b75cd8b9 fix: kernel module dependency tree generation
65d02e5ad fix: dbus shutdown when it's not initialized
a7079ce85 fix: quote the ampersand character in GRUB config
933ba2d82 fix: display correct blockdevice size
c449cb736 fix: talosctl reboot command passing mode in wait mode
34ab0007a docs: port is needed for wireguard endpoint
1e1aa84f6 fix: kubernetes removed resource version check
dcbcf5a93 fix: wait for network and retry in platform get config funcs
3d7566ec7 test: update Canal CNI manifest URL
e09e10666 fix: default dns domain to 'cluster.local' in local case
cc6e37a47 feat: use process wrapper for dropping capabilities
0c6c88874 fix: trackable action flag usage text. --no-wait does not exist
5cb2915d8 feat: use wrapper for starting processes
56d945326 fix: panic in talosctl cluster show
38a51191e fix: correctly expand parameters in the URL
af21860a2 fix: return proper error if download attempts time out
54f7d4c92 fix: correctly quote and unquote strings in GRUB config
54cf0672a fix: omit zero MTU in the machine config
bdc53ac25 docs: add hyperlink to Docker API docs about config.json
b3bc06dd1 chore: bump vtprotobuf to v0.4.0
0ba5e59f6 fix: drone config for renovate PR's
590a393de fix: udevd healthcheck
2b6b6deac docs: simplify and clarify digital ocean docs
92bc15f7f release(v1.4.0-alpha.1): prepare release
e3da4754e feat: update Linux to 6.1.7
006449e46 test: build integration test early in the pipeline
09aa71264 fix: renovate config
2d136f187 feat: set markdown and html descriptions in config json schema
f0804027a fix: renovate config
812a2877c chore: bump deps + renovate cleanup
aa9f66c1c fix: mark DigitalOcean anchor IP as scope link
bb4937f1b feat: enable renovate
3e0057162 fix: unwrap gRPC errors on stop/remove pods check
00e52ae07 fix: build correctly etcd initial cluster URL
ae83b10ae feat: create JSON schema for v1alpha1.Config
703d96595 feat: update Kubernetes to 1.26.1, etcd to 3.5.7
965e64591 docs: update to use talosctl install script
c5954f434 chore: bump deps
bb50f6a56 chore: preallocate disk images for QEMU VMs
d4b8b35de feat: generate kernel module dependency tree
18122ae73 fix: service restart (including extension services)
680fd5e45 fix: bump COSI runtime with the panic controller restart fix
0b65bbfc8 fix: handle overwriting tags in syslinux ADV
70d9428a1 fix: kubespan MSS clamping
683b4ccb4 chore: update Go to 1.19.5 and kernel to 6.1.4
062c7d754 test: fix integration test on cp endpoint update
8e9fc13d7 feat: implement enum generator for proto files
771b0dc06 docs: update left over rpi_4 ref to rpi_generic
6c04b5f79 chore: bump dependencies
0a5a8802e feat: use 'localhost' endpoint for controlplane nodes
b0775ebf2 feat: add ISO wipe GRUB boot option
29020cb9c fix: report fatal sequence errors as reboots
96629d5ba feat: implement etcd maintenance commands
80fed3194 feat: include Kubernetes controlplane endpoint as one of the endpoints
c6cb36cc1 docs: fix auditpolicy example typo
ba8265bc5 feat: new talosctl config remove to remove context
fcb19ff51 fix: implement upgrade version checks for Talos 1.4
80f150ac8 feat: enable ipv6 on gcp
8db622f3d docs: add Vandebron to adopters list
f6a86ae90 fix: oralce cloud zone
89dbb0ecf release(v1.4.0-alpha.0): prepare release
31fb90535 feat: update Linux 6.1.1, containerd 1.6.14
a0c0352dd fix: send diagnostic output to stderr consistently
9a5f4c08a fix: default the manifest namespace if not set
3c6cce5fe docs: update last release for Talos 1.2.x
703624c43 docs: fix the 1.3 release date
386c9293a docs: update nvidia-container-runtime version
ff83d9fd7 fix: improve talosctl completion
31ff431fa chore: add schulz systemtechnik to the list
97bef7c47 docs: vsphere.sh > vmware.sh
34babe858 chore: make organization selection an interface
a9643b477 fix: use proper key usage for apid client certificate
171aa9467 fix: disable Wireless Lan using dtoverlay
2e84d2ab3 chore: update conformance product.yaml
b7763843a feat: add install script that improves talosctl installation user experience This install script detects the platform and architecture, and downloads the correct talosctl, and checks the gpg checksums. It also installs and chmods the binary.
afc45ad63 docs: mark Talos 1.3 docs as default
873bd3807 fix: redact service account key in config in RedactSecrets method
b3aebfadf feat: validate Talos API access roles in machine config
40761e17d docs: fork docs for Talos 1.4
474604cd2 docs: update documentation for Talos 1.3
faf49218c feat: add more checks for K8s upgrade
5b992bd86 fix: allow empty dnsDomain in machine config
eb332cfcb feat: add health check for a minimal memory / disk size
d04970dfa fix: ignore k8s additional addresses if nil
63c17104c feat: update Kubernets to 1.26.0
f7a9a90db chore: update pkgs/tools (Go 1.19.4, containerd 1.6.11)
cf7adc51c feat: add RedactSecrets method to v1alpha1.Config
4c31b9b1a docs: clarify what the deal is with /var
a8ebcca4a chore: remove watchErr from metal.getResource
1253513bd fix: fix nil pointer panic and incorrect error output
82e8c9e1f fix: workaround panic in the kubelet service controller
a505b8909 fix: update COSI and reset restart backoff on success
e92fdcbad chore: bump kernel to 5.15.81
f0dddca2a docs: expand help for 'talosctl get'
fcffc8879 fix: add ext4 filesystem detection
5b2960eff fix: introduce 'overridePath' setting and fix Talos resolver
0219d1124 fix: use only kube-apiserver endpoints for Talos API access endpoints
dc5e0f4af fix: report errors to Equinix Metal event API
7ab140a94 feat: add talosctl machineconfig patch command
d3cf06114 fix: ignore many more filesystems in IMA
44e2799b8 feat: add stdout and single config type support to talosctl gen config
4452f0e17 docs: bump talos version
38e57bd12 feat: update Kubernetes to v1.26.0-rc.1
4cd125d49 fix: correctly handle new watch event types
881b84152 feat: update Flannel to 0.20.2

Changes since v1.4.0-alpha.2

50 commits

a7b79ef1b feat: add network config screen to dashboard
cf2ccc521 fix: always shutdown maintenance API service
a0a5db590 feat: update Flannel to 0.21.4
d1a61fd34 chore: bump golangci-lint
36a9a208e chore: bump deps
c63cf90e3 feat: update k8s to v1.27.0-beta.0
b246c90ab fix: add uint32 to Magic1 and Magic2
777c8d6f6 chore: update COSI to watch aggregated version
bec89bf6e fix: use 'no block' etcd dial with multiple endpoints
28713c2c4 feat: update Kubernetes to 1.26.3
a3cf41647 docs: add InstallConfig ignored notice to doc
df9b851fb chore: load all external artifacts earlier
2dd0964c5 refactor: use resource watches on dashboard
9933ebb6a chore: fix loaded artifacts file permission
a14a0aba0 fix: nil pointer exception in syncLink
cf101e56f fix: add --force flag for talosctl gen
ea2aa0611 fix: fix data race on network config read
64e3d24c6 feat: provide platform network config for 'metal' in META
442cb9c1b feat: implement APIs to write to META
9e07832db feat: implement summary dashboard
1df841bb5 refactor: change the interface of META
e9962bc3e chore: update CI to tag azure buckets
9f5f5cf9b feat: update Flannel to v0.21.3
02b0ff35e feat: generate Flannel CNI manifest from upstream
6656d35ec docs: fix Talos version to use template
72a6d1d70 docs: update nocloud
9948a646d feat: coredns node uninitialized toleration
e03902b54 feat: update Go to 1.20.2
c8f8579f2 fix: upgrade-k8s to flag should not be required since there is a default
230cfaf80 feat: use network information from guestinfo.metadata
97048f7c3 feat: netstat in API and client
fda6da692 fix: successful ACPI shutdown in maintenance mode
b97e1abaa feat: set default image, validate empty image
121220a3b chore: bump dependencies via renovate bot
ebc92f3c1 chore: add container id to talosctl -k containers and talosctl -k logs
22ef81c1e feat: add grub option to drop to maintenance mode
642fe0c90 feat: update pkgs with framebuffer console
69cb414f0 docs: update cilium install instructions
e71cc6619 fix: redo assertHostnames in HostnameMergeSuite.TestMerge
8ea4bfad8 refactor: improve the kubernetes upgrade flow
81879fc0c docs: add how tos for workloads on control planes, and scaling up
05b0b721c chore: move blob storage to azure for builds
a78281214 feat: add cilium e2e tests
061640ccc feat: add pod ip to kube-proxy spec
dea17d723 feat: update Kubernetes to v1.26.2
337aaba7a feat: add 'os:operator' role
40e69af22 fix: improve etcd leave on reset process
638dc9128 fix: fix "defer" leak in ResetUserDisks
bfba3677b chore: handle grub option - "wipe"
594f27d87 release(v1.4.0-alpha.2): prepare release

Changes from siderolabs/discovery-api

1 commit

ac75538 chore: regen the proto definitions with vtprotobuf v0.4.0

Changes from siderolabs/discovery-client

1 commit

269a832 chore: rekres, update discovery api

Changes from siderolabs/extras

8 commits

343956e feat: update Go to 1.20.2
6209d87 chore: bump tc-redirect-tap
8b28b6b chore: bump deps
5ab4f59 chore: disable renovate builds
ddeddbd chore: update packages, tc_redirect_tap
8cb4792 chore: update Go to 1.19.5
3ca2df3 chore: disable provenance in buildx
55d8452 feat: update releases

Changes from siderolabs/gen

2 commits

214c1ef chore: set slice.Filter result slice cap to len
8e89b1e feat: add GetOrCreate and GetOrCall methods

Changes from siderolabs/go-blockdevice

1 commit

8c7ea19 fix: blockdevice size is reported by Linux in 512 blocks always

Changes from siderolabs/go-kmsg

1 commit

7a51094 fix: exit properly on context cancel

Changes from siderolabs/go-kubernetes

4 commits

81887dc feat: add kubelet flag checks
fe473c0 refactor: make sync easier to consume without CLI
570819b feat: initial version of the library
fb79215 Initial commit

Changes from siderolabs/go-smbios

1 commit

c526764 feat: fix reading "broken" Hyper-V DMI data

Changes from siderolabs/pkgs

36 commits

c26b0b5 chore: bump deps
7d8f5bd feat: enable Hyper-V dynamic memory driver
ea40205 chore: bump deps
21e5a68 feat: update Go 1.20.2, Linux 6.1.15 and other
1d7e60c feat: enable framebuffer drivers and console fonts
0e63e95 chore: bump deps
5dbce6b fix: xz url
0097233 chore: re-enable drbd
7493721 fix: sourcefourge url shasums
185f482 feat: update containerd to 1.6.18
e3cab6c chore: bump deps
18661b0 chore: bump deps
885a68b chore: bump deps
c3a6e18 chore: bump dependencies
1fae0b2 feat: virtio drivers as modules
61d8ff4 chore: bump deps and disable un-needed kconfig
15fe6d8 fix: kernel module tree files missing
987d24a feat: mellanox drivers are modules
b82a015 feat: mellanox oped
057d4f9 chore: bump deps
4ac4138 feat: enable nvme support for raspberrypi cm4
ccb9d39 fix: disable magic sysrq
d33202d chore: bump u-boot to 2023.01
cb83e16 chore: bump dependencies
e561dcb feat: bump Go to 1.19.5
c7797c7 feat: update Linux to 6.1.4, restore RPi support
5e8ebb0 feat: add AMD K10 sensor support
73ac37d chore: disable provenance in buildx
8965bee chore: use default symlinks to /bin in base
325c9bf feat: bump dependencies
165dff6 fix: patch ipmitool IANA URL
c542f39 feat: add kernel support for usb setrial console
f564f45 chore: bump tools, containerd
268ea7c chore: bump deps
dcf3ceb feat: add nitro enclave support in kernel
17ea5e6 chore: bump kernel to 5.15.81

Changes from siderolabs/tools

29 commits

2d710f9 chore: bump deps
9bea7d0 chore: skip rc versions for util-linux
a94850e chore: bump deps
e6b2956 fix: protoc install
601e347 feat: go 1.20.2 + other bumps
ca67d0b chore: bump deps
662a906 feat: add libnl
a8440a9 fix: partially revert e6c98fdf54425e6382f226e33bccca6f3875aad3a
e6c98fd chore: remove swig
cd9687b fix: renovate config
977e3fc chore: bump go to 1.20.1
15748aa chore: bump deps
d4b719a chore: bump deps
8c36dbd chore: bump toolchain, bump protoc-gen-go-grpc
a62e365 feat: update Go to 1.20
28d4a57 chore: reduce renovate noise
e130fd5 chore: bump deps
37612fe fix: revert enabling provenance
e0b01e3 chore: bump deps
d0e6bd0 feat: add gnutls
3d34b5d chore: bump dependencies
763c1d9 feat: update Go to 1.19.5
136958f chore: disable provenance in buildx
e2a8692 feat: update releases
0e48f37 chore: bump protobuf
a21aa1c chore: bump toolchain and mpc versions
1a75d0f chore: bump deps
55bd185 feat: update Go to 1.19.4
f291f46 chore: bump tools

Dependency Changes

cloud.google.com/go/compute/metadata v0.2.1 -> v0.2.3
github.com/aws/aws-sdk-go v1.44.147 -> v1.44.226
github.com/containerd/cgroups v1.0.4 -> v1.1.0
github.com/containerd/containerd v1.6.12 -> v1.6.19
github.com/containernetworking/plugins v1.1.1 -> v1.2.0
github.com/coreos/go-semver v0.3.0 -> v0.3.1
github.com/cosi-project/runtime v0.2.0 -> v0.3.0-alpha.10
github.com/docker/docker v20.10.21 -> v23.0.1
github.com/dustin/go-humanize v1.0.0 -> v1.0.1
github.com/emicklei/dot v1.2.0 -> v1.3.1
github.com/fatih/color v1.13.0 -> v1.15.0
github.com/freddierice/go-losetup/v2 v2.0.1 new
github.com/gdamore/tcell/v2 v2.5.3 -> v2.6.0
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 -> v1.4.0
github.com/hashicorp/go-getter v1.6.2 -> v1.7.1
github.com/hetznercloud/hcloud-go v1.37.0 -> v1.41.0
github.com/insomniacslk/dhcp f26e6d78f622 -> e252950ab961
github.com/jsimonetti/rtnetlink v1.3.0 -> v1.3.1
github.com/mattn/go-isatty v0.0.16 -> v0.0.17
github.com/mdlayher/ethtool 0e16326d06d1 -> ba3b4bc2e02c
github.com/mdlayher/genetlink v1.3.0 -> v1.3.1
github.com/mdlayher/netlink v1.7.0 -> v1.7.1
github.com/nberlee/go-netstat 19cc338ee40a new
github.com/prometheus/procfs v0.8.0 -> v0.9.0
github.com/rivo/tview db36428c92d9 -> 84f9c0ff9de8
github.com/safchain/ethtool v0.2.0 -> v0.3.0
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.10 -> v1.0.0-beta.15
github.com/siderolabs/discovery-api v0.1.1 -> v0.1.2
github.com/siderolabs/discovery-client v0.1.3 -> v0.1.4
github.com/siderolabs/extras v1.3.0-1-g3773d71 -> v1.4.0-alpha.0-7-g343956e
github.com/siderolabs/gen v0.4.1 -> v0.4.3
github.com/siderolabs/go-blockdevice v0.4.2 -> v0.4.3
github.com/siderolabs/go-kmsg v0.1.2 -> v0.1.3
github.com/siderolabs/go-kubernetes v0.2.0 new
github.com/siderolabs/go-smbios v0.3.1 -> v0.3.2
github.com/siderolabs/pkgs v1.3.0-5-g6509d23 -> v1.4.0-alpha.0-35-gc26b0b5
github.com/siderolabs/talos/pkg/machinery v1.3.0 -> v1.4.0-alpha.2
github.com/siderolabs/tools v1.3.0-1-g712379c -> v1.4.0-alpha.0-26-g2d710f9
github.com/stretchr/testify v1.8.1 -> v1.8.2
github.com/u-root/u-root v0.10.0 -> v0.11.0
github.com/ulikunitz/xz v0.5.11 new
github.com/vmware-tanzu/sonobuoy v0.56.12 -> v0.56.16
github.com/vmware/govmomi v0.29.0 -> v0.30.4
go.etcd.io/etcd/api/v3 v3.5.6 -> v3.5.7
go.etcd.io/etcd/client/pkg/v3 v3.5.6 -> v3.5.7
go.etcd.io/etcd/client/v3 v3.5.6 -> v3.5.7
go.etcd.io/etcd/etcdutl/v3 v3.5.6 -> v3.5.7
go.uber.org/zap v1.23.0 -> v1.24.0
go4.org/netipx 797b0c90d8ab -> f1b76eb4bb35
golang.org/x/net v0.4.0 -> v0.8.0
golang.org/x/sys v0.3.0 -> v0.6.0
golang.org/x/term v0.3.0 -> v0.6.0
golang.org/x/time v0.2.0 -> v0.3.0
golang.zx2c4.com/wireguard/wgctrl 97bc4ad4a1cb -> 9c5414ab4bde
google.golang.org/grpc v1.51.0 -> v1.54.0
google.golang.org/protobuf v1.28.1 -> v1.30.0
k8s.io/api v0.26.0 -> v0.27.0-beta.0
k8s.io/apimachinery v0.26.0 -> v0.27.0-beta.0
k8s.io/apiserver v0.26.0 -> v0.27.0-beta.0
k8s.io/client-go v0.26.0 -> v0.27.0-beta.0
k8s.io/component-base v0.26.0 -> v0.27.0-beta.0
k8s.io/cri-api v0.26.0 -> v0.27.0-beta.0
k8s.io/klog/v2 v2.80.1 -> v2.90.1
k8s.io/kubectl v0.26.0 -> v0.27.0-beta.0
k8s.io/kubelet v0.26.0 -> v0.27.0-beta.0
kernel.org/pub/linux/libs/security/libcap/cap v1.2.66 -> v1.2.67

Previous release can be found at v1.3.0

Talos 1.4.0-alpha.2 (2023-02-28)

Welcome to the v1.4.0-alpha.2 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

Registry Mirror Catch-All Option

Talos now supports a catch-all option for registry mirrors:

machine:
    registries:
        mirrors:
            docker.io:
                - https://registry-1.docker.io/
            "*":
                - https://my-registry.example.com/

Talos Dashboard on TTY2

Talos now starts a text-based UI dashboard on virtual console /dev/tty2 and switches to it by default upon boot. Kernel logs remain available on /dev/tty1.

To switch TTYs, use the Alt+F1 through Alt+F2 keys.

You can disable this behavior by setting the kernel parameter talos.dashboard.disabled=1.

This behavior is disabled by default on SBCs.

etcd Maintenance

Talos adds new APIs to make it easier to perform etcd maintenance operations.

These APIs are available via new talosctl etcd sub-commands:

talosctl etcd alarm list|disarm
talosctl etcd defrag
talosctl etcd status

See also etcd maintenance guide.

Kernel Modules

Kernel Modules Tree

Machine Configuration

Strategic merge config patches correctly support merging .vlans sections of the network interface.

Reset API Enhancements

Component Updates

Linux: 6.1.12
containerd: v1.6.18
Kubernetes: v1.26.1
etcd: v3.5.7
CoreDNS: v1.10.1

Talos is built with Go 1.20.1.

Contributors

Andrey Smirnov
Noel Georgi
Dmitriy Matrenichev
Utku Ozdemir
Spencer Smith
Serge Logvinov
Steve Francis
Artem Chernyshev
Tim Jones
Andrey Smirnov
Cees-Jan Kiewiet
Chris van de Sande
Lance R. Vick
Matthias Riegler
Michael Vorburger
Murtaza Udaipurwala
Nico Berlee
Niklas Wik
Rowan Smith
Samuel Kees
Sander Maijers
Seán C McCord
Steffen Windoffer
Tim van Druenen
Victor Seva
budimanjojo

Changes

128 commits

b52071081 feat: introduce new flag in reset API that makes Talos reset user disks
f55f5df73 feat: move dashboard package & run it in tty2
36e077ead chore: bump deps
5a01d5fd4 chore: run extension build as downstream
426fe9687 fix: extension base folder permission
609d3a8a6 feat: support strategic merge patches on VLAN configuration
7e19f32d7 chore: provide version compatibility data for Talos 1.2.x
230e46e56 refactor: extract parts of kubernetes libraries
f3d3f0f26 fix: update go-smbios library with Hyper-V data fix
8711eea96 fix: use passed --context in talosctl config cmd
5ac9f43e4 feat: start machined earlier & in maintenance mode
36ab414a1 docs: fix the endpoints in the libvirt guide
3d55bd80f fix: add --force flag to talosctl gen config
660b8874d feat: cmdline integer netmask
1e3daacc4 docs: update nvidia component versions
b5c03a7fa fix: docker talosctl cluster create provisioner
6e8f13529 fix: add support for a fallback '*' mirror configuration
dcd4eb1a9 fix: improve error message on single node upgrade
ed5af3f78 chore: bump deps
0dc6858e5 chore: bump cosi-project/runtime
da2edb9de chore: bump dependencies
e51a110f0 chore: bump dependencies
2d0148018 feat: automatically load modules based on hw info
7b75cd8b9 fix: kernel module dependency tree generation
65d02e5ad fix: dbus shutdown when it's not initialized
a7079ce85 fix: quote the ampersand character in GRUB config
933ba2d82 fix: display correct blockdevice size
c449cb736 fix: talosctl reboot command passing mode in wait mode
34ab0007a docs: port is needed for wireguard endpoint
1e1aa84f6 fix: kubernetes removed resource version check
dcbcf5a93 fix: wait for network and retry in platform get config funcs
3d7566ec7 test: update Canal CNI manifest URL
e09e10666 fix: default dns domain to 'cluster.local' in local case
cc6e37a47 feat: use process wrapper for dropping capabilities
0c6c88874 fix: trackable action flag usage text. --no-wait does not exist
5cb2915d8 feat: use wrapper for starting processes
56d945326 fix: panic in talosctl cluster show
38a51191e fix: correctly expand parameters in the URL
af21860a2 fix: return proper error if download attempts time out
54f7d4c92 fix: correctly quote and unquote strings in GRUB config
54cf0672a fix: omit zero MTU in the machine config
bdc53ac25 docs: add hyperlink to Docker API docs about config.json
b3bc06dd1 chore: bump vtprotobuf to v0.4.0
0ba5e59f6 fix: drone config for renovate PR's
590a393de fix: udevd healthcheck
2b6b6deac docs: simplify and clarify digital ocean docs
92bc15f7f release(v1.4.0-alpha.1): prepare release
e3da4754e feat: update Linux to 6.1.7
006449e46 test: build integration test early in the pipeline
09aa71264 fix: renovate config
2d136f187 feat: set markdown and html descriptions in config json schema
f0804027a fix: renovate config
812a2877c chore: bump deps + renovate cleanup
aa9f66c1c fix: mark DigitalOcean anchor IP as scope link
bb4937f1b feat: enable renovate
3e0057162 fix: unwrap gRPC errors on stop/remove pods check
00e52ae07 fix: build correctly etcd initial cluster URL
ae83b10ae feat: create JSON schema for v1alpha1.Config
703d96595 feat: update Kubernetes to 1.26.1, etcd to 3.5.7
965e64591 docs: update to use talosctl install script
c5954f434 chore: bump deps
bb50f6a56 chore: preallocate disk images for QEMU VMs
d4b8b35de feat: generate kernel module dependency tree
18122ae73 fix: service restart (including extension services)
680fd5e45 fix: bump COSI runtime with the panic controller restart fix
0b65bbfc8 fix: handle overwriting tags in syslinux ADV
70d9428a1 fix: kubespan MSS clamping
683b4ccb4 chore: update Go to 1.19.5 and kernel to 6.1.4
062c7d754 test: fix integration test on cp endpoint update
8e9fc13d7 feat: implement enum generator for proto files
771b0dc06 docs: update left over rpi_4 ref to rpi_generic
6c04b5f79 chore: bump dependencies
0a5a8802e feat: use 'localhost' endpoint for controlplane nodes
b0775ebf2 feat: add ISO wipe GRUB boot option
29020cb9c fix: report fatal sequence errors as reboots
96629d5ba feat: implement etcd maintenance commands
80fed3194 feat: include Kubernetes controlplane endpoint as one of the endpoints
c6cb36cc1 docs: fix auditpolicy example typo
ba8265bc5 feat: new talosctl config remove to remove context
fcb19ff51 fix: implement upgrade version checks for Talos 1.4
80f150ac8 feat: enable ipv6 on gcp
8db622f3d docs: add Vandebron to adopters list
f6a86ae90 fix: oralce cloud zone
89dbb0ecf release(v1.4.0-alpha.0): prepare release
31fb90535 feat: update Linux 6.1.1, containerd 1.6.14
a0c0352dd fix: send diagnostic output to stderr consistently
9a5f4c08a fix: default the manifest namespace if not set
3c6cce5fe docs: update last release for Talos 1.2.x
703624c43 docs: fix the 1.3 release date
386c9293a docs: update nvidia-container-runtime version
ff83d9fd7 fix: improve talosctl completion
31ff431fa chore: add schulz systemtechnik to the list
97bef7c47 docs: vsphere.sh > vmware.sh
34babe858 chore: make organization selection an interface
a9643b477 fix: use proper key usage for apid client certificate
171aa9467 fix: disable Wireless Lan using dtoverlay
2e84d2ab3 chore: update conformance product.yaml
b7763843a feat: add install script that improves talosctl installation user experience This install script detects the platform and architecture, and downloads the correct talosctl, and checks the gpg checksums. It also installs and chmods the binary.
afc45ad63 docs: mark Talos 1.3 docs as default
873bd3807 fix: redact service account key in config in RedactSecrets method
b3aebfadf feat: validate Talos API access roles in machine config
40761e17d docs: fork docs for Talos 1.4
474604cd2 docs: update documentation for Talos 1.3
faf49218c feat: add more checks for K8s upgrade
5b992bd86 fix: allow empty dnsDomain in machine config
eb332cfcb feat: add health check for a minimal memory / disk size
d04970dfa fix: ignore k8s additional addresses if nil
63c17104c feat: update Kubernets to 1.26.0
f7a9a90db chore: update pkgs/tools (Go 1.19.4, containerd 1.6.11)
cf7adc51c feat: add RedactSecrets method to v1alpha1.Config
4c31b9b1a docs: clarify what the deal is with /var
a8ebcca4a chore: remove watchErr from metal.getResource
1253513bd fix: fix nil pointer panic and incorrect error output
82e8c9e1f fix: workaround panic in the kubelet service controller
a505b8909 fix: update COSI and reset restart backoff on success
e92fdcbad chore: bump kernel to 5.15.81
f0dddca2a docs: expand help for 'talosctl get'
fcffc8879 fix: add ext4 filesystem detection
5b2960eff fix: introduce 'overridePath' setting and fix Talos resolver
0219d1124 fix: use only kube-apiserver endpoints for Talos API access endpoints
dc5e0f4af fix: report errors to Equinix Metal event API
7ab140a94 feat: add talosctl machineconfig patch command
d3cf06114 fix: ignore many more filesystems in IMA
44e2799b8 feat: add stdout and single config type support to talosctl gen config
4452f0e17 docs: bump talos version
38e57bd12 feat: update Kubernetes to v1.26.0-rc.1
4cd125d49 fix: correctly handle new watch event types
881b84152 feat: update Flannel to 0.20.2

Changes since v1.4.0-alpha.1

46 commits

b52071081 feat: introduce new flag in reset API that makes Talos reset user disks
f55f5df73 feat: move dashboard package & run it in tty2
36e077ead chore: bump deps
5a01d5fd4 chore: run extension build as downstream
426fe9687 fix: extension base folder permission
609d3a8a6 feat: support strategic merge patches on VLAN configuration
7e19f32d7 chore: provide version compatibility data for Talos 1.2.x
230e46e56 refactor: extract parts of kubernetes libraries
f3d3f0f26 fix: update go-smbios library with Hyper-V data fix
8711eea96 fix: use passed --context in talosctl config cmd
5ac9f43e4 feat: start machined earlier & in maintenance mode
36ab414a1 docs: fix the endpoints in the libvirt guide
3d55bd80f fix: add --force flag to talosctl gen config
660b8874d feat: cmdline integer netmask
1e3daacc4 docs: update nvidia component versions
b5c03a7fa fix: docker talosctl cluster create provisioner
6e8f13529 fix: add support for a fallback '*' mirror configuration
dcd4eb1a9 fix: improve error message on single node upgrade
ed5af3f78 chore: bump deps
0dc6858e5 chore: bump cosi-project/runtime
da2edb9de chore: bump dependencies
e51a110f0 chore: bump dependencies
2d0148018 feat: automatically load modules based on hw info
7b75cd8b9 fix: kernel module dependency tree generation
65d02e5ad fix: dbus shutdown when it's not initialized
a7079ce85 fix: quote the ampersand character in GRUB config
933ba2d82 fix: display correct blockdevice size
c449cb736 fix: talosctl reboot command passing mode in wait mode
34ab0007a docs: port is needed for wireguard endpoint
1e1aa84f6 fix: kubernetes removed resource version check
dcbcf5a93 fix: wait for network and retry in platform get config funcs
3d7566ec7 test: update Canal CNI manifest URL
e09e10666 fix: default dns domain to 'cluster.local' in local case
cc6e37a47 feat: use process wrapper for dropping capabilities
0c6c88874 fix: trackable action flag usage text. --no-wait does not exist
5cb2915d8 feat: use wrapper for starting processes
56d945326 fix: panic in talosctl cluster show
38a51191e fix: correctly expand parameters in the URL
af21860a2 fix: return proper error if download attempts time out
54f7d4c92 fix: correctly quote and unquote strings in GRUB config
54cf0672a fix: omit zero MTU in the machine config
bdc53ac25 docs: add hyperlink to Docker API docs about config.json
b3bc06dd1 chore: bump vtprotobuf to v0.4.0
0ba5e59f6 fix: drone config for renovate PR's
590a393de fix: udevd healthcheck
2b6b6deac docs: simplify and clarify digital ocean docs

Changes from siderolabs/discovery-api

1 commit

ac75538 chore: regen the proto definitions with vtprotobuf v0.4.0

Changes from siderolabs/discovery-client

1 commit

269a832 chore: rekres, update discovery api

Changes from siderolabs/extras

6 commits

8b28b6b chore: bump deps
5ab4f59 chore: disable renovate builds
ddeddbd chore: update packages, tc_redirect_tap
8cb4792 chore: update Go to 1.19.5
3ca2df3 chore: disable provenance in buildx
55d8452 feat: update releases

Changes from siderolabs/gen

2 commits

214c1ef chore: set slice.Filter result slice cap to len
8e89b1e feat: add GetOrCreate and GetOrCall methods

Changes from siderolabs/go-blockdevice

1 commit

8c7ea19 fix: blockdevice size is reported by Linux in 512 blocks always

Changes from siderolabs/go-kubernetes

2 commits

570819b feat: initial version of the library
fb79215 Initial commit

Changes from siderolabs/go-smbios

1 commit

c526764 feat: fix reading "broken" Hyper-V DMI data

Changes from siderolabs/pkgs

30 commits

5dbce6b fix: xz url
0097233 chore: re-enable drbd
7493721 fix: sourcefourge url shasums
185f482 feat: update containerd to 1.6.18
e3cab6c chore: bump deps
18661b0 chore: bump deps
885a68b chore: bump deps
c3a6e18 chore: bump dependencies
1fae0b2 feat: virtio drivers as modules
61d8ff4 chore: bump deps and disable un-needed kconfig
15fe6d8 fix: kernel module tree files missing
987d24a feat: mellanox drivers are modules
b82a015 feat: mellanox oped
057d4f9 chore: bump deps
4ac4138 feat: enable nvme support for raspberrypi cm4
ccb9d39 fix: disable magic sysrq
d33202d chore: bump u-boot to 2023.01
cb83e16 chore: bump dependencies
e561dcb feat: bump Go to 1.19.5
c7797c7 feat: update Linux to 6.1.4, restore RPi support
5e8ebb0 feat: add AMD K10 sensor support
73ac37d chore: disable provenance in buildx
8965bee chore: use default symlinks to /bin in base
325c9bf feat: bump dependencies
165dff6 fix: patch ipmitool IANA URL
c542f39 feat: add kernel support for usb setrial console
f564f45 chore: bump tools, containerd
268ea7c chore: bump deps
dcf3ceb feat: add nitro enclave support in kernel
17ea5e6 chore: bump kernel to 5.15.81

Changes from siderolabs/tools

20 commits

cd9687b fix: renovate config
977e3fc chore: bump go to 1.20.1
15748aa chore: bump deps
d4b719a chore: bump deps
8c36dbd chore: bump toolchain, bump protoc-gen-go-grpc
a62e365 feat: update Go to 1.20
28d4a57 chore: reduce renovate noise
e130fd5 chore: bump deps
37612fe fix: revert enabling provenance
e0b01e3 chore: bump deps
d0e6bd0 feat: add gnutls
3d34b5d chore: bump dependencies
763c1d9 feat: update Go to 1.19.5
136958f chore: disable provenance in buildx
e2a8692 feat: update releases
0e48f37 chore: bump protobuf
a21aa1c chore: bump toolchain and mpc versions
1a75d0f chore: bump deps
55bd185 feat: update Go to 1.19.4
f291f46 chore: bump tools

Dependency Changes

cloud.google.com/go/compute/metadata v0.2.1 -> v0.2.3
github.com/aws/aws-sdk-go v1.44.147 -> v1.44.209
github.com/containerd/cgroups v1.0.4 -> v1.1.0
github.com/containerd/containerd v1.6.12 -> v1.6.18
github.com/containernetworking/plugins v1.1.1 -> v1.2.0
github.com/coreos/go-semver v0.3.0 -> v0.3.1
github.com/cosi-project/runtime v0.2.0 -> v0.3.0-alpha.7
github.com/docker/docker v20.10.21 -> v23.0.1
github.com/dustin/go-humanize v1.0.0 -> v1.0.1
github.com/emicklei/dot v1.2.0 -> v1.3.1
github.com/fatih/color v1.13.0 -> v1.14.1
github.com/freddierice/go-losetup/v2 v2.0.1 new
github.com/gdamore/tcell/v2 v2.5.3 -> v2.6.0
github.com/hashicorp/go-getter v1.6.2 -> v1.7.0
github.com/hetznercloud/hcloud-go v1.37.0 -> v1.40.0
github.com/insomniacslk/dhcp f26e6d78f622 -> 5369909a5de7
github.com/jsimonetti/rtnetlink v1.3.0 -> v1.3.1
github.com/mattn/go-isatty v0.0.16 -> v0.0.17
github.com/mdlayher/ethtool 0e16326d06d1 -> ba3b4bc2e02c
github.com/mdlayher/genetlink v1.3.0 -> v1.3.1
github.com/mdlayher/netlink v1.7.0 -> v1.7.1
github.com/prometheus/procfs v0.8.0 -> v0.9.0
github.com/rivo/tview db36428c92d9 -> 47e7db7885b4
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.10 -> v1.0.0-beta.13
github.com/siderolabs/discovery-api v0.1.1 -> v0.1.2
github.com/siderolabs/discovery-client v0.1.3 -> v0.1.4
github.com/siderolabs/extras v1.3.0-1-g3773d71 -> v1.4.0-alpha.0-5-g8b28b6b
github.com/siderolabs/gen v0.4.1 -> v0.4.3
github.com/siderolabs/go-blockdevice v0.4.2 -> v0.4.3
github.com/siderolabs/go-kubernetes v0.1.0 new
github.com/siderolabs/go-smbios v0.3.1 -> v0.3.2
github.com/siderolabs/pkgs v1.3.0-5-g6509d23 -> v1.4.0-alpha.0-29-g5dbce6b
github.com/siderolabs/talos/pkg/machinery v1.3.0 -> v1.4.0-alpha.1
github.com/siderolabs/tools v1.3.0-1-g712379c -> v1.4.0-alpha.0-17-gcd9687b
github.com/stretchr/testify v1.8.1 -> v1.8.2
github.com/u-root/u-root v0.10.0 -> v0.11.0
github.com/ulikunitz/xz v0.5.11 new
github.com/vmware-tanzu/sonobuoy v0.56.12 -> v0.56.15
github.com/vmware/govmomi v0.29.0 -> v0.30.2
go.etcd.io/etcd/api/v3 v3.5.6 -> v3.5.7
go.etcd.io/etcd/client/pkg/v3 v3.5.6 -> v3.5.7
go.etcd.io/etcd/client/v3 v3.5.6 -> v3.5.7
go.etcd.io/etcd/etcdutl/v3 v3.5.6 -> v3.5.7
go.uber.org/zap v1.23.0 -> v1.24.0
go4.org/netipx 797b0c90d8ab -> 8449b0a6169f
golang.org/x/net v0.4.0 -> v0.7.0
golang.org/x/sys v0.3.0 -> v0.5.0
golang.org/x/term v0.3.0 -> v0.5.0
golang.org/x/time v0.2.0 -> v0.3.0
golang.zx2c4.com/wireguard/wgctrl 97bc4ad4a1cb -> 9c5414ab4bde
google.golang.org/grpc v1.51.0 -> v1.53.0
k8s.io/api v0.26.0 -> v0.26.1
k8s.io/apimachinery v0.26.0 -> v0.26.1
k8s.io/apiserver v0.26.0 -> v0.26.1
k8s.io/client-go v0.26.0 -> v0.26.1
k8s.io/component-base v0.26.0 -> v0.26.1
k8s.io/klog/v2 v2.80.1 -> v2.90.0
k8s.io/kubectl v0.26.0 -> v0.26.1
k8s.io/kubelet v0.26.0 -> v0.26.1
kernel.org/pub/linux/libs/security/libcap/cap v1.2.66 -> v1.2.67

Previous release can be found at v1.3.0

Talos 1.4.0-alpha.1 (2023-01-25)

Welcome to the v1.4.0-alpha.1 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

etcd Maintenance

Talos adds new APIs to make it easier to perform etcd maintenance operations.

These APIs are available via new talosctl etcd sub-commands:

talosctl etcd alarm list|disarm
talosctl etcd defrag
talosctl etcd status

See also etcd maintenance guide.

Component Updates

Linux: 6.1.7
containerd: v1.6.15
Kubernetes: v1.26.1
etcd: v3.5.7

Talos is built with Go 1.19.5.

Contributors

Andrey Smirnov
Noel Georgi
Dmitriy Matrenichev
Utku Ozdemir
Serge Logvinov
Spencer Smith
Steve Francis
Cees-Jan Kiewiet
Chris van de Sande
Lance R. Vick
Matthias Riegler
Michael Vorburger
Murtaza Udaipurwala
Nico Berlee
Niklas Wik
Rowan Smith
Samuel Kees
Seán C McCord
Tim Jones
Tim van Druenen
Victor Seva

Changes

81 commits

e3da4754e feat: update Linux to 6.1.7
006449e46 test: build integration test early in the pipeline
09aa71264 fix: renovate config
2d136f187 feat: set markdown and html descriptions in config json schema
f0804027a fix: renovate config
812a2877c chore: bump deps + renovate cleanup
aa9f66c1c fix: mark DigitalOcean anchor IP as scope link
bb4937f1b feat: enable renovate
3e0057162 fix: unwrap gRPC errors on stop/remove pods check
00e52ae07 fix: build correctly etcd initial cluster URL
ae83b10ae feat: create JSON schema for v1alpha1.Config
703d96595 feat: update Kubernetes to 1.26.1, etcd to 3.5.7
965e64591 docs: update to use talosctl install script
c5954f434 chore: bump deps
bb50f6a56 chore: preallocate disk images for QEMU VMs
d4b8b35de feat: generate kernel module dependency tree
18122ae73 fix: service restart (including extension services)
680fd5e45 fix: bump COSI runtime with the panic controller restart fix
0b65bbfc8 fix: handle overwriting tags in syslinux ADV
70d9428a1 fix: kubespan MSS clamping
683b4ccb4 chore: update Go to 1.19.5 and kernel to 6.1.4
062c7d754 test: fix integration test on cp endpoint update
8e9fc13d7 feat: implement enum generator for proto files
771b0dc06 docs: update left over rpi_4 ref to rpi_generic
6c04b5f79 chore: bump dependencies
0a5a8802e feat: use 'localhost' endpoint for controlplane nodes
b0775ebf2 feat: add ISO wipe GRUB boot option
29020cb9c fix: report fatal sequence errors as reboots
96629d5ba feat: implement etcd maintenance commands
80fed3194 feat: include Kubernetes controlplane endpoint as one of the endpoints
c6cb36cc1 docs: fix auditpolicy example typo
ba8265bc5 feat: new talosctl config remove to remove context
fcb19ff51 fix: implement upgrade version checks for Talos 1.4
80f150ac8 feat: enable ipv6 on gcp
8db622f3d docs: add Vandebron to adopters list
f6a86ae90 fix: oralce cloud zone
89dbb0ecf release(v1.4.0-alpha.0): prepare release
31fb90535 feat: update Linux 6.1.1, containerd 1.6.14
a0c0352dd fix: send diagnostic output to stderr consistently
9a5f4c08a fix: default the manifest namespace if not set
3c6cce5fe docs: update last release for Talos 1.2.x
703624c43 docs: fix the 1.3 release date
386c9293a docs: update nvidia-container-runtime version
ff83d9fd7 fix: improve talosctl completion
31ff431fa chore: add schulz systemtechnik to the list
97bef7c47 docs: vsphere.sh > vmware.sh
34babe858 chore: make organization selection an interface
a9643b477 fix: use proper key usage for apid client certificate
171aa9467 fix: disable Wireless Lan using dtoverlay
2e84d2ab3 chore: update conformance product.yaml
b7763843a feat: add install script that improves talosctl installation user experience This install script detects the platform and architecture, and downloads the correct talosctl, and checks the gpg checksums. It also installs and chmods the binary.
afc45ad63 docs: mark Talos 1.3 docs as default
873bd3807 fix: redact service account key in config in RedactSecrets method
b3aebfadf feat: validate Talos API access roles in machine config
40761e17d docs: fork docs for Talos 1.4
474604cd2 docs: update documentation for Talos 1.3
faf49218c feat: add more checks for K8s upgrade
5b992bd86 fix: allow empty dnsDomain in machine config
eb332cfcb feat: add health check for a minimal memory / disk size
d04970dfa fix: ignore k8s additional addresses if nil
63c17104c feat: update Kubernets to 1.26.0
f7a9a90db chore: update pkgs/tools (Go 1.19.4, containerd 1.6.11)
cf7adc51c feat: add RedactSecrets method to v1alpha1.Config
4c31b9b1a docs: clarify what the deal is with /var
a8ebcca4a chore: remove watchErr from metal.getResource
1253513bd fix: fix nil pointer panic and incorrect error output
82e8c9e1f fix: workaround panic in the kubelet service controller
a505b8909 fix: update COSI and reset restart backoff on success
e92fdcbad chore: bump kernel to 5.15.81
f0dddca2a docs: expand help for 'talosctl get'
fcffc8879 fix: add ext4 filesystem detection
5b2960eff fix: introduce 'overridePath' setting and fix Talos resolver
0219d1124 fix: use only kube-apiserver endpoints for Talos API access endpoints
dc5e0f4af fix: report errors to Equinix Metal event API
7ab140a94 feat: add talosctl machineconfig patch command
d3cf06114 fix: ignore many more filesystems in IMA
44e2799b8 feat: add stdout and single config type support to talosctl gen config
4452f0e17 docs: bump talos version
38e57bd12 feat: update Kubernetes to v1.26.0-rc.1
4cd125d49 fix: correctly handle new watch event types
881b84152 feat: update Flannel to 0.20.2

Changes since v1.4.0-alpha.0

36 commits

e3da4754e feat: update Linux to 6.1.7
006449e46 test: build integration test early in the pipeline
09aa71264 fix: renovate config
2d136f187 feat: set markdown and html descriptions in config json schema
f0804027a fix: renovate config
812a2877c chore: bump deps + renovate cleanup
aa9f66c1c fix: mark DigitalOcean anchor IP as scope link
bb4937f1b feat: enable renovate
3e0057162 fix: unwrap gRPC errors on stop/remove pods check
00e52ae07 fix: build correctly etcd initial cluster URL
ae83b10ae feat: create JSON schema for v1alpha1.Config
703d96595 feat: update Kubernetes to 1.26.1, etcd to 3.5.7
965e64591 docs: update to use talosctl install script
c5954f434 chore: bump deps
bb50f6a56 chore: preallocate disk images for QEMU VMs
d4b8b35de feat: generate kernel module dependency tree
18122ae73 fix: service restart (including extension services)
680fd5e45 fix: bump COSI runtime with the panic controller restart fix
0b65bbfc8 fix: handle overwriting tags in syslinux ADV
70d9428a1 fix: kubespan MSS clamping
683b4ccb4 chore: update Go to 1.19.5 and kernel to 6.1.4
062c7d754 test: fix integration test on cp endpoint update
8e9fc13d7 feat: implement enum generator for proto files
771b0dc06 docs: update left over rpi_4 ref to rpi_generic
6c04b5f79 chore: bump dependencies
0a5a8802e feat: use 'localhost' endpoint for controlplane nodes
b0775ebf2 feat: add ISO wipe GRUB boot option
29020cb9c fix: report fatal sequence errors as reboots
96629d5ba feat: implement etcd maintenance commands
80fed3194 feat: include Kubernetes controlplane endpoint as one of the endpoints
c6cb36cc1 docs: fix auditpolicy example typo
ba8265bc5 feat: new talosctl config remove to remove context
fcb19ff51 fix: implement upgrade version checks for Talos 1.4
80f150ac8 feat: enable ipv6 on gcp
8db622f3d docs: add Vandebron to adopters list
f6a86ae90 fix: oralce cloud zone

Changes from siderolabs/extras

3 commits

8cb4792 chore: update Go to 1.19.5
3ca2df3 chore: disable provenance in buildx
55d8452 feat: update releases

Changes from siderolabs/gen

2 commits

214c1ef chore: set slice.Filter result slice cap to len
8e89b1e feat: add GetOrCreate and GetOrCall methods

Changes from siderolabs/pkgs

19 commits

987d24a feat: mellanox drivers are modules
b82a015 feat: mellanox oped
057d4f9 chore: bump deps
4ac4138 feat: enable nvme support for raspberrypi cm4
ccb9d39 fix: disable magic sysrq
d33202d chore: bump u-boot to 2023.01
cb83e16 chore: bump dependencies
e561dcb feat: bump Go to 1.19.5
c7797c7 feat: update Linux to 6.1.4, restore RPi support
5e8ebb0 feat: add AMD K10 sensor support
73ac37d chore: disable provenance in buildx
8965bee chore: use default symlinks to /bin in base
325c9bf feat: bump dependencies
165dff6 fix: patch ipmitool IANA URL
c542f39 feat: add kernel support for usb setrial console
f564f45 chore: bump tools, containerd
268ea7c chore: bump deps
dcf3ceb feat: add nitro enclave support in kernel
17ea5e6 chore: bump kernel to 5.15.81

Changes from siderolabs/tools

14 commits

28d4a57 chore: reduce renovate noise
e130fd5 chore: bump deps
37612fe fix: revert enabling provenance
e0b01e3 chore: bump deps
d0e6bd0 feat: add gnutls
3d34b5d chore: bump dependencies
763c1d9 feat: update Go to 1.19.5
136958f chore: disable provenance in buildx
e2a8692 feat: update releases
0e48f37 chore: bump protobuf
a21aa1c chore: bump toolchain and mpc versions
1a75d0f chore: bump deps
55bd185 feat: update Go to 1.19.4
f291f46 chore: bump tools

Dependency Changes

cloud.google.com/go/compute/metadata v0.2.1 -> v0.2.3
github.com/aws/aws-sdk-go v1.44.147 -> v1.44.184
github.com/containerd/containerd v1.6.12 -> v1.6.15
github.com/containernetworking/plugins v1.1.1 -> v1.2.0
github.com/coreos/go-semver v0.3.0 -> v0.3.1
github.com/cosi-project/runtime v0.2.0 -> v0.3.0-alpha.4
github.com/docker/docker v20.10.21 -> v20.10.23
github.com/dustin/go-humanize v1.0.0 -> v1.0.1
github.com/fatih/color v1.13.0 -> v1.14.1
github.com/freddierice/go-losetup/v2 v2.0.1 new
github.com/gdamore/tcell/v2 v2.5.3 -> v2.5.4
github.com/hetznercloud/hcloud-go v1.37.0 -> v1.39.0
github.com/insomniacslk/dhcp f26e6d78f622 -> de60144f33f8
github.com/mattn/go-isatty v0.0.16 -> v0.0.17
github.com/mdlayher/ethtool 0e16326d06d1 -> ba3b4bc2e02c
github.com/mdlayher/genetlink v1.3.0 -> v1.3.1
github.com/mdlayher/netlink v1.7.0 -> v1.7.1
github.com/prometheus/procfs v0.8.0 -> v0.9.0
github.com/rivo/tview db36428c92d9 -> 892d1a2eb0da
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.10 -> v1.0.0-beta.12
github.com/siderolabs/extras v1.3.0-1-g3773d71 -> v1.4.0-alpha.0-2-g8cb4792
github.com/siderolabs/gen v0.4.1 -> v0.4.3
github.com/siderolabs/pkgs v1.3.0-5-g6509d23 -> v1.4.0-alpha.0-18-g987d24a
github.com/siderolabs/talos/pkg/machinery v1.3.0 -> v1.4.0-alpha.0
github.com/siderolabs/tools v1.3.0-1-g712379c -> v1.4.0-alpha.0-11-g28d4a57
github.com/ulikunitz/xz v0.5.11 new
github.com/vmware-tanzu/sonobuoy v0.56.12 -> v0.56.14
github.com/vmware/govmomi v0.29.0 -> v0.30.0
go.etcd.io/etcd/api/v3 v3.5.6 -> v3.5.7
go.etcd.io/etcd/client/pkg/v3 v3.5.6 -> v3.5.7
go.etcd.io/etcd/client/v3 v3.5.6 -> v3.5.7
go.etcd.io/etcd/etcdutl/v3 v3.5.6 -> v3.5.7
go.uber.org/zap v1.23.0 -> v1.24.0
go4.org/netipx 797b0c90d8ab -> 987e16ee2705
golang.org/x/net v0.4.0 -> v0.5.0
golang.org/x/sys v0.3.0 -> v0.4.0
golang.org/x/term v0.3.0 -> v0.4.0
golang.org/x/time v0.2.0 -> v0.3.0
google.golang.org/grpc v1.51.0 -> v1.52.0
k8s.io/api v0.26.0 -> v0.26.1
k8s.io/apimachinery v0.26.0 -> v0.26.1
k8s.io/apiserver v0.26.0 -> v0.26.1
k8s.io/client-go v0.26.0 -> v0.26.1
k8s.io/component-base v0.26.0 -> v0.26.1
k8s.io/klog/v2 v2.80.1 -> v2.90.0
k8s.io/kubectl v0.26.0 -> v0.26.1
k8s.io/kubelet v0.26.0 -> v0.26.1

Previous release can be found at v1.3.0

Talos 1.4.0-alpha.0 (2022-12-23)

Welcome to the v1.4.0-alpha.0 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.1.1
containerd: v1.6.14

Talos is built with Go 1.19.4.

Contributors

Andrey Smirnov
Noel Georgi
Utku Ozdemir
Dmitriy Matrenichev
Spencer Smith
Lance R. Vick
Michael Vorburger
Nico Berlee
Niklas Wik
Rowan Smith
Samuel Kees
Steve Francis
Victor Seva

Changes

44 commits

31fb90535 feat: update Linux 6.1.1, containerd 1.6.14
a0c0352dd fix: send diagnostic output to stderr consistently
9a5f4c08a fix: default the manifest namespace if not set
3c6cce5fe docs: update last release for Talos 1.2.x
703624c43 docs: fix the 1.3 release date
386c9293a docs: update nvidia-container-runtime version
ff83d9fd7 fix: improve talosctl completion
31ff431fa chore: add schulz systemtechnik to the list
97bef7c47 docs: vsphere.sh > vmware.sh
34babe858 chore: make organization selection an interface
a9643b477 fix: use proper key usage for apid client certificate
171aa9467 fix: disable Wireless Lan using dtoverlay
2e84d2ab3 chore: update conformance product.yaml
b7763843a feat: add install script that improves talosctl installation user experience This install script detects the platform and architecture, and downloads the correct talosctl, and checks the gpg checksums. It also installs and chmods the binary.
afc45ad63 docs: mark Talos 1.3 docs as default
873bd3807 fix: redact service account key in config in RedactSecrets method
b3aebfadf feat: validate Talos API access roles in machine config
40761e17d docs: fork docs for Talos 1.4
474604cd2 docs: update documentation for Talos 1.3
faf49218c feat: add more checks for K8s upgrade
5b992bd86 fix: allow empty dnsDomain in machine config
eb332cfcb feat: add health check for a minimal memory / disk size
d04970dfa fix: ignore k8s additional addresses if nil
63c17104c feat: update Kubernets to 1.26.0
f7a9a90db chore: update pkgs/tools (Go 1.19.4, containerd 1.6.11)
cf7adc51c feat: add RedactSecrets method to v1alpha1.Config
4c31b9b1a docs: clarify what the deal is with /var
a8ebcca4a chore: remove watchErr from metal.getResource
1253513bd fix: fix nil pointer panic and incorrect error output
82e8c9e1f fix: workaround panic in the kubelet service controller
a505b8909 fix: update COSI and reset restart backoff on success
e92fdcbad chore: bump kernel to 5.15.81
f0dddca2a docs: expand help for 'talosctl get'
fcffc8879 fix: add ext4 filesystem detection
5b2960eff fix: introduce 'overridePath' setting and fix Talos resolver
0219d1124 fix: use only kube-apiserver endpoints for Talos API access endpoints
dc5e0f4af fix: report errors to Equinix Metal event API
7ab140a94 feat: add talosctl machineconfig patch command
d3cf06114 fix: ignore many more filesystems in IMA
44e2799b8 feat: add stdout and single config type support to talosctl gen config
4452f0e17 docs: bump talos version
38e57bd12 feat: update Kubernetes to v1.26.0-rc.1
4cd125d49 fix: correctly handle new watch event types
881b84152 feat: update Flannel to 0.20.2

Changes from siderolabs/extras

1 commit

55d8452 feat: update releases

Changes from siderolabs/gen

1 commit

8e89b1e feat: add GetOrCreate and GetOrCall methods

Changes from siderolabs/pkgs

7 commits

325c9bf feat: bump dependencies
165dff6 fix: patch ipmitool IANA URL
c542f39 feat: add kernel support for usb setrial console
f564f45 chore: bump tools, containerd
268ea7c chore: bump deps
dcf3ceb feat: add nitro enclave support in kernel
17ea5e6 chore: bump kernel to 5.15.81

Changes from siderolabs/tools

6 commits

e2a8692 feat: update releases
0e48f37 chore: bump protobuf
a21aa1c chore: bump toolchain and mpc versions
1a75d0f chore: bump deps
55bd185 feat: update Go to 1.19.4
f291f46 chore: bump tools

Dependency Changes

cloud.google.com/go/compute/metadata v0.2.1 -> v0.2.3
github.com/aws/aws-sdk-go v1.44.147 -> v1.44.166
github.com/containerd/containerd v1.6.12 -> v1.6.14
github.com/cosi-project/runtime v0.2.0 -> v0.3.0-alpha.2
github.com/docker/docker v20.10.21 -> v20.10.22
github.com/hetznercloud/hcloud-go v1.37.0 -> v1.38.0
github.com/insomniacslk/dhcp f26e6d78f622 -> de60144f33f8
github.com/mdlayher/ethtool 0e16326d06d1 -> ba3b4bc2e02c
github.com/mdlayher/genetlink v1.3.0 -> v1.3.1
github.com/mdlayher/netlink v1.7.0 -> v1.7.1
github.com/prometheus/procfs v0.8.0 -> v0.9.0
github.com/rivo/tview db36428c92d9 -> 02e38ea9604c
github.com/siderolabs/extras v1.3.0-1-g3773d71 -> v1.4.0-alpha.0
github.com/siderolabs/gen v0.4.1 -> v0.4.2
github.com/siderolabs/pkgs v1.3.0-5-g6509d23 -> v1.4.0-alpha.0-6-g325c9bf
github.com/siderolabs/talos/pkg/machinery v1.3.0 -> v1.3.0-alpha.2
github.com/siderolabs/tools v1.3.0-1-g712379c -> v1.4.0-alpha.0-3-ge2a8692
github.com/vmware-tanzu/sonobuoy v0.56.12 -> v0.56.14
github.com/vmware/govmomi v0.29.0 -> v0.30.0
go.uber.org/zap v1.23.0 -> v1.24.0
golang.org/x/time v0.2.0 -> v0.3.0

Previous release can be found at v1.3.0

Talos 1.3.0-alpha.2 (2022-11-16)

Welcome to the v1.3.0-alpha.2 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

kube-apiserver Audit Policy

Talos now supports setting custom audit policy for kube-apiserver in the machine configuration.

cgroups v1

Talos defaults to using cgroups v2 when Talos doesn't run in a container (when running in a container Talos follows host cgroups mode). Talos can now be forced to use cgroups v1 by setting boot kernel argument talos.unified_cgroup_hierarchy=0:

machine:
  install:
    extraKernelArgs:
      - "talos.unified_cgroup_hierarchy=0"

Current cgroups mode can be checked with talosctl ls /sys/fs/cgroup:

cgroups v1:

blkio
cpu
cpuacct
cpuset
devices
freezer
hugetlb
memory
net_cls
net_prio
perf_event
pids

cgroups v2:

cgroup.controllers
cgroup.max.depth
cgroup.max.descendants
cgroup.procs
cgroup.stat
cgroup.subtree_control
cgroup.threads
cpu.stat
cpuset.cpus.effective
cpuset.mems.effective
init
io.stat
kubepods
memory.numa_stat
memory.stat
podruntime
system

Note: cgroupsv1 is deprecated and it should be used only for compatibility with workloads which don't support cgroupsv2 yet.

Kernel Command Line ip= Argument

Talos now supports referencing interface name via enxMAC address notation:

ip=172.20.0.2::172.20.0.1:255.255.255.0::enx7085c2dfbc59

CRI Configuration Overrides

Talos no longer supports CRI config overrides placed in /var/cri/conf.d directory.

New way correctly handles merging of containerd/CRI plugin configuration.

etcd Consistency Check

Talos enables --experimental-compact-hash-check-enabled option by default to improve etcd store consistency guarantees.

This options is only available with etcd >= v3.5.5, so Talos doesn't support version of etcd before v3.5.5.

etcd Member ID

Talos now internally handles etcd member removal by member ID instead of member name (hostname). This resolves the case when member name is not accurate or empty (eg: when etcd hasn't fully joined yet).

Command talosctl etcd remove-member now accepts member IDs instead of member names.

New resource can be used to get member ID of the Talos node:

talosctl get etcdmember

Exocale Platform

Talos now supports new platform: Exoscale.

Exoscale provides a firewall, TCP load balancer and autoscale groups. It works well with CCM and Kubernetes node autoscaler.

Kernel Modules

Talos now supports settings kernel module parameters.

Eg:

machine:
  kernel:
    modules:
      - name: "br_netfilter"
        parameters:
          - nf_conntrack_max=131072

KubeSpan

KubeSpan MTU link size is now configurable via network.kubespan.mtu setting in the machine configuration.

Node Labels

Talos now supports specifying node labels in the machine configuration:

machine:
  nodeLabels:
    rack: rack1a
    zone: us-east-1a

Changes to the node labels will be applied immediately without kubelet restart.

Talos keeps track of the owned node labels in the talos.dev/owned-labels annotation.

Routes

Talos now supports setting MTU for a specific route.

Nano Pi R4S

Talos now supports the Nano Pi R4S SBC.

Raspberry Generic Images

The Raspberry Pi 4 specific image has been deprecated and will be removed in the v1.4 release of Talos. Talos now ships a generic Raspberry Pi image that should support more Raspberry Pi variants. Refer to the docs at https://www.talos.dev/v1.3/talos-guides/install/single-board-computers/rpi_generic/ to find which ones are supported.

Encryption with secretbox

By default new clusters will use secretbox for encryption instead of AESCBC. If both are configured secretbox will take precedence. Old clusters may keep using AESCBC. To enable secretbox you may add an encryption secret at cluster.secretboxEncryptionSecret. You should keep aescbcEncryptionSecret however, even if secretbox is enabled older data will still be encrypted with AESCBC.

How to generate the secret:

dd if=/dev/random of=/dev/stdout bs=32 count=1 | base64

Static Pod Manifests

The directory "/etc/kubernetes/manifests" is now deprecated. Static pods should always be configured in machine.pods. To reenable support you may set machine.kubelet.disableManifestsDirectory.

Eg:

machine:
  kubelet:
    disableManifestsDirectory: no

Component Updates

Kubernetes: v1.26.0-rc.0
Flannel: v0.20.1
CoreDNS: v1.10.0
etcd: v3.5.5
Linux: 5.15.77
containerd: v1.6.9

Talos is built with Go 1.19.3.

Contributors

Andrey Smirnov
Noel Georgi
Andrey Smirnov
Michal Witkowski
Artem Chernyshev
Artem Chernyshev
Dmitriy Matrenichev
Alexey Palazhchenko
Serge Logvinov
Andrey Smirnov
Philipp Sauter
Andrew Rynhard
Steve Francis
Utku Ozdemir
Andrew Rynhard
Tim Jones
Seán C McCord
Kris Reeves
Marvin Drees
Spencer Smith
Branden Cash
Brandon Nason
Cameron Brunner
DJAlPee
Daniel Low
Gerard de Leeuw
Jack Wink
Jon Stelly
Martin Stone
Matt Zahorik
Maxim Makarov
Olli Janatuinen
Pau Campana
Rubens Farias
Sander Maijers
Spencer Smith
ankitm123
emattiza
killcity

Changes

173 commits

aa56aed79 feat: publish discovered public IP as one of the KubeSpan endpoint
9382443ba feat: update Kubernetes to v1.26.0-rc.0
6ffc381c5 feat: implement CRI configuration customization
e1e340bdd feat: expose Talos node labels as a machine configuration field
c78bbbfda docs: specify that only XFS partitions are detected
b881a9a79 chore: bump dependencies
5bfd7dbfa test: fix assertion on reboot test
1cfb6188b feat: implement support for cgroupsv1
3866d0e33 feat: update Kubernetes to v1.26.0-beta.0
e1590ba7b fix: lifecycle action tracking
804762c59 feat: add timeout to cli action tracking, track by default & refactor
4e114ca12 feat: use the etcd member id for etcd operations instead of hostname
06fea2441 feat: expand platform metadata resources
03a20da9d fix: filter up duplicate IPs out of NodeAddresses
6b771bc73 chore: bump deps
96aa9638f chore: rename talos-systems/talos to siderolabs/talos
30bbf6463 refactor: use siderolabs/net version with netip.Addr
343c55762 chore: replace talos-systems Go modules with siderolabs
0301bbe93 fix: check if processes is nil to avoid panic
08e7e49a2 test: update versions for upgrade tests
0b41923c3 fix: restore the StaticPodStatus resource
1947092ae chore: introduce a healthcheck for machined service
3333cd93c fix: generate correct Flannel config for IPv6-only clusters
d7070f5e7 release(v1.3.0-alpha.1): prepare release
869f3b5a5 feat: network configuration improvements on the OpenStack platform
29f2195e1 feat: support exoscale cloud
8b4ae08d1 fix: etcd snapshot command on Windows
8bfa7ac1d feat: platform metadata resource
7e50e24c0 fix: properly cleanup legacy static pod manifests directory
6ee47bcc6 fix: support serving config for qemu launcher on IPv6
6c3d11b49 docs: admission control patch note
4ea3b99b5 fix: serve static pod files on 127.0.0.1 instead of localhost
23842114f feat: support encryption with secretbox
f6773c472 docs: talos support on equinix metal
b307160f6 chore: bump dependencies
d7edd0e2e refactor: use go-circular, go-kubeconfig, and go-tail
c6e1702ec feat: use URL-based manifests to present static pods to the kubelet
136a795e5 docs: update system requirements to mention dedicated disk usage
879e8c0bf chore: update kernel with BTF support
ceb0cd99a feat: implement Talos API auth using SideroV1 signatures
e6fba7d3b chore: update dependencies
93e55b85f chore: bump golangci-lint to v1.50.0
aa3d9b4ca fix: regenerate cert on node labeling retry
021c73c35 fix: lowercase nodename
b902036e1 docs: update office hours time link
7fcb8c681 feat: update Flannel to v0.20.0
dc70d892a fix: support setting KubeSpan link MTU
7d52bad37 feat: update Linux to 5.15.73
9c78b3aff feat: update Kubernetes to v1.26.0-alpha.2
94913a672 docs: add lofty to talos adopters
0a0bdfe16 docs: add Tremor Video to adopters
b7b1d4fd6 feat: use readonly containers
d210338e3 fix: skip protobuf full unmarshaling for some talosctl commands
b3c679d18 chore: bump dependencies
993743f63 fix: skip hostname via DHCP on OpenStack platform
db076e7b5 feat: pin interface by mac address in cmdline args
63de93722 fix: update go-smbios to v0.3.1
49e9f808e chore: bump kernel and go
c7372144d docs: add constraints to upgrade docs
c71c8ca18 docs: consolidate, simplify and correct various docs
06f76bfeb chore: bump dependencies
b1c421b9a chore: publish ami's with imds v2 enabled
195c40ab5 docs: add information about applicable use cases of disk encryption
54a687fb8 docs: consolidate and expand on discovery service
139c62d76 feat: allow upgrades in maintenance mode (only over SideroLink)
48dee4805 feat: support mtu for routes
1c43c72ae docs: fix talos required kernel params
67cc45ae3 release(v1.3.0-alpha.0): prepare release
18c377a4d feat: customize audit policy
23c9ea46b fix: raspberry pi install
f17cdee16 feat: jsonpath filter for talosctl get outputs
6bd3cca1a chore: generic raspberry pi images
d914ab8bb chore: add vulncheck tool as a linter
a0151aa13 feat: add generic rpi u-boot support
30f851d09 chore: bump dependences
8b2235c3b fix: lookup Equinix Metal bond slaves using 'permanent addr'
b3257ebb1 chore: bump kernel to 5.15.70
0b2767c16 feat: implement 'permanent addr' in link statuses
c90e20251 fix: kubeconfig permission
fc48849d0 chore: move maps/slices/ordered to gen module
8b09bd4b0 feat: update Kubernetes to v1.26.0-alpha.1
276d4175b chore: bump extension versions in testing
357b770cb fix: cryptsetup delete slot
711128839 fix: continue applying bootstrap manifests on some errors
ce12c7b38 chore: update COSI runtime to v0.2.0-alpha.1
1b435c0b3 chore: bump kernel + ice drivers
18e041f1e docs: fix typo in patching example
0ad6452ca feat: update CoreDNS to v1.10.0
479f3f52e chore: bump dependencies
e07c6ae99 feat: update Kubernetes to v1.25.1
13fdfaffc test: fix up default branch name
ef181321a docs: add component diagram; K8s & Talos Linux
aade73643 docs: fix missing variable in OpenEBS docs
472590aa8 chore: return InvalidArgument on invalid config in maintenance mode
e5cabd42c feat: enable etcd consistency hashcheck
015535d90 fix: update discovery client with the redirect fix
d0c8e7699 chore: bump kernel and go
985b0c2e7 chore: remove go.work.sum
69124f102 feat: update etcd to v3.5.5
1985a796c docs: update docs for pod security
94b088f02 fix: set etcd options consistently
92ae7ef4b fix: fix protoenc encoding for enums and types with custom encoders
93809017c docs: cpu scaling governor knowledgebase
7b270ff33 test: fix api controller test
2dadcd669 fix: stop worker nodes from acting as apid routers
9eaf33f3f fix: never sign client certificate requests in trustd
436749124 feat: environment vars for extension service
0c0cb671e chore: mark machine configuration validation failure as InvalidArgument
f424e5340 fix: stop containers more thoroughly
12827b861 chore: move "implements" checks to compile time
3a67c42cb fix: kill the task processes when cleaning up stale task
14a79e325 chore: bump dependencies
9beee92e7 docs: fix double vv in Kubernetes version
688272515 fix: use different username for Talos Kubernetes API access
161a52a9e feat: check apid client certificate extended key usage
9dadc4a59 fix: include all node addresses into etcd cert SANs
71bfd3e43 feat: update CoreDNS to 1.9.4
9df8f1ff1 fix: list COSI APIs for the apid authenticator
31462450f fix: pass a pointer to specs.Mount into protoenc.Marshal
e626540df chore: avoid double API request logging in trustd
f62d17125 chore: update crypto to use new import path siderolabs/crypto
ef27dd855 chore: bump dependencies
6472ae00b fix: automatically discard VIPs for etcd advertised addresses
5e21cca52 feat: support setting kernel parameters
bd56621cd feat: add structprotogen tool
cdb6bb2cc feat: add Nano Pi R4S support
36c1f1d6e fix: flip the client-server version check
cd6c53a97 docs: fork docs for v1.3
0847400f7 fix: prevent panic on health check if a member has no IPs
7471d7f01 feat: update Flannel to v0.19.2
148c75cfb docs: consolidate the control-plane documentation
353154281 fix: drop kube-system SA default binding
4f37b668b chore: remove capi hacks
1369afea8 docs: make 1.2.0 docs default ones
7627cb0e3 docs: add new talosctl gen secrets
8aa60a37a chore: bump kernel to 5.15.64
a798dbd5d docs: update docs for upcoming 1.2.0 release
b2fec3c97 fix: properly handle configContext being nil in Talos client
1c0977b3a fix: change the type of returned gRPC connection object from the client
41848e421 fix: expose Talos client gRPC connection via the function Conn
2e9be4af8 chore: bump dependencies
d283aba3a test: fix cli reboot test
0b339a9dc feat: track progress of action API calls
072349812 fix: update COSI to the version with gRPC Wait fix
89d57aa81 fix: always abort the maintenance service
f6fa74619 fix: limit apid backoff max delay
d7ef346db fix: get command in the case 'nodes' are not set in the context
4e9c32256 fix: correctly render hosts.toml with multiple endpoints
cdd0f08bc feat: check client <> server version in some Talos commands
446b0af58 chore: bump kernel and runc
8c203ce9b feat: remove the machine from the discovery service on reset
b59ca5810 chore: move from inet.af/netaddr to net/netip and go4.org/netipx
053af1d59 fix: update etcd certificates when node addresses changes
11edb2c6f test: re-enable upgrade tests
0310e2089 chore: bump github.com/siderolabs/protoenc to v0.1.5
29bd63240 chore: remove old build tags syntax
b500d0aa9 chore: bump k8s to v1.25.0
29e574be7 docs: update to v1.2.0-beta.1
26b549f2a chore: bump dependencies
8c3ac4c42 chore: limit GOMAXPROCS for Talos services
361e85b74 fix: properly read kexec disabled sysctl
cfe6c2bc2 docs: nvidia oss drivers
2f2d97b6b fix: don't wait for the hostname in maintenance mode
b15a63924 chore: bump kernel to 5.15.62
a0d94be30 fix: stable default hostname bias
da4cd34ef feat: update etcd advertised peer addresses on the fly
faf92ce01 chore: bump kubernetes to v1.25.0-rc.1
52de919e3 chore: bump containerd to v1.6.8
7d43fc79b fix: make 'ca', 'crt' and 'key' flags optional for 'talosctl config add'
fd467e02c fix: handle grub config being empty in the Revert function
9492aca65 fix: clean up cancelCtxMu leftovers in PriorityLock
61e3eb2ea fix: talosctl edit mc loop
32db7a7f5 fix: surround cancelCtx with the mutex

Changes since v1.3.0-alpha.1

23 commits

aa56aed79 feat: publish discovered public IP as one of the KubeSpan endpoint
9382443ba feat: update Kubernetes to v1.26.0-rc.0
6ffc381c5 feat: implement CRI configuration customization
e1e340bdd feat: expose Talos node labels as a machine configuration field
c78bbbfda docs: specify that only XFS partitions are detected
b881a9a79 chore: bump dependencies
5bfd7dbfa test: fix assertion on reboot test
1cfb6188b feat: implement support for cgroupsv1
3866d0e33 feat: update Kubernetes to v1.26.0-beta.0
e1590ba7b fix: lifecycle action tracking
804762c59 feat: add timeout to cli action tracking, track by default & refactor
4e114ca12 feat: use the etcd member id for etcd operations instead of hostname
06fea2441 feat: expand platform metadata resources
03a20da9d fix: filter up duplicate IPs out of NodeAddresses
6b771bc73 chore: bump deps
96aa9638f chore: rename talos-systems/talos to siderolabs/talos
30bbf6463 refactor: use siderolabs/net version with netip.Addr
343c55762 chore: replace talos-systems Go modules with siderolabs
0301bbe93 fix: check if processes is nil to avoid panic
08e7e49a2 test: update versions for upgrade tests
0b41923c3 fix: restore the StaticPodStatus resource
1947092ae chore: introduce a healthcheck for machined service
3333cd93c fix: generate correct Flannel config for IPv6-only clusters

Changes from siderolabs/crypto

27 commits

c3225ee feat: allow CSR template subject field to be overridden
8570669 chore: rename to siderolabs/crypto
e9df1b8 feat: add support for generating keys from RSA-SHA256 CAs
510b0d2 chore: add json tags
6fa2d93 fix: deepcopy nil fields as nil
9a63cba fix: add back support for generating ECDSA keys with P-256 and SHA512
893bc66 fix: use SHA256 for ECDSA-P256
deec8d4 chore: implement DeepCopy methods for PEMEncoded* types
d3cb772 feat: make possible to change KeyUsage
6bc5bb5 chore: remove unused argument
cd18ef6 feat: add support for several organizations
97c888b chore: add options to CSR
7776057 chore: fix typos
80df078 chore: remove named result parameters
15bdd28 chore: minor updates
4f80b97 fix: verify CSR signature before issuing a certificate
39584f1 feat: support for key/certificate types RSA, Ed25519, ECDSA
cf75519 fix: function NewKeyPair should create certificate with proper subject
751c95a feat: add 'PEMEncodedKey' which allows to transport keys in YAML
562c3b6 feat: add support for public RSA key in RSAKey
bda0e9c feat: enable more conversions between encoded and raw versions
e0dd56a feat: add NotBefore option for x509 cert creation
12a4897 feat: add support for SPKI fingerprint generation and matching
d0c3eef fix: implement NewKeyPair
196679e feat: move pkg/grpc/tls from github.com/talos-systems/talos as ./tls
1ff6242 chore: initial version as imported from talos-systems/talos
835063e chore: initial commit

Changes from siderolabs/discovery-api

3 commits

5b0c5e7 chore: rename to siderolabs, rekres, etc
db279ef feat: initial set of APIs and generated files
ac52a37 chore: initial commit

Changes from siderolabs/discovery-client

2 commits

a5c19c6 feat: provide public IP discovered from the server
230f317 fix: reconnect the client on update failure

Changes from siderolabs/extras

3 commits

b155fa0 chore: enable renovate
8f00d77 feat: update tc-redirect-tap to the latest version
7c91844 chore: bump go to 1.19.2

Changes from siderolabs/gen

6 commits

b3b6db8 fix: fix Copy documentation and implementation
521f737 feat: add xerrors package which contains additions to the std errors
726e066 fix: rename tuples.go to pair.go and set proper package name
d8d7d25 chore: minor additions
338a650 chore: add initial implementation and documentation
4fd8667 Initial commit

Changes from siderolabs/go-blockdevice

56 commits

694ac62 chore: update imports to siderolabs, rekres
dcf6044 chore: rekres and rename
9c4af49 fix: cryptsetup remove slot
74ea471 feat: add freebsd stubs
9fa801c feat: add ReadOnly attribute to Disk
fccee8b chore: rekres the source, fix issues
d9c3a27 feat: support probing FAT12/FAT16 filesystems
b374eb4 fix: align partition to 1M boundary by default
ec428fe fix: lookup filesystem labels on the actual device path
7b9de26 feat: read symlink fullpath in block device list function
6928ee4 refactor: rewrite GPT serialize/deserialize functions
0c7e429 refactor: simplify middle endian functions
15b182d fix: return partition table not exist when trying to read an empty dev
b9517d5 fix: resize partition
70d2865 fix: try to find cdrom disks
667bf53 fix: revert gpt partition not found
d7d4cdd fix: gpt partition not found
33afba3 fix: also open in readonly mode when running All lookup method
e367f9d feat: make probe always open blockdevices in readonly mode
d981156 fix: allow Build for Windows
fe24303 fix: perform correct PMBR partition calculations
2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
87816a8 feat: align partition to minimum I/O size
c34b59f feat: expose more encryption options in the LUKS module
30c2bc3 feat: mark MBR bootable
1292574 fix: make disk type matcher parser case insensitive
b77400e fix: properly detect nvme and sd card disk types
1d830a2 fix: revert mark the EFI partition in PMBR as bootable
bec914f fix: mark the EFI partition in PMBR as bootable
776b37d feat: add options to probe disk by various sysblock parameters
bb3ad73 fix: align partition start to physical sector size
8f976c2 feat: replace exec.Command with go-cmd module
1cf7f25 fix: properly handle no child processes error from cmd.Wait
04a9851 feat: implement luks encryption provider
b0375e4 feat: add an option to open block device with exclusive flock
5a1c7f7 refactor: add devname into gpt.Partition, refactor probe package
f2728a5 fix: keep contents of PMBR when writing it
2878460 fix: write second copy of partition entries
943b08b fix: blockdevice reset should read partition table from disk
5b4ee44 fix: ignore /dev/ram devices
98754ec refactor: rewrite GPT library
2a1baad fix: correctly build paths for mmcblk devices
8076344 fix: return proper disk size from GetDisks function
8742133 chore: add common method to list available disks using /sys/block
c4b5833 feat: implement "fast" wipe
b4e67d7 feat: return resize status from Resize() function
ceae64e fix: sync kernel partition table incrementally
2cb9516 fix: return correct error value from blkpg functions
cebe43d refactor: expose InsertAt method via interface
c40dcd8 fix: properly inform kernel about partition deletion
bb8ac5d feat: implement disk wiping via several methods
23fb7dc feat: expose partition name (label)
ff3a821 feat: implement 'InsertAt' method to insert partitions at any position
3d1ce4f fix: calculate last lba of partition correctly
b71540f feat: copy initial version from talos-systems/talos
ca3c078 Initial commit

Changes from siderolabs/go-circular

2 commits

507e0ec refactor: extract circular Go module
2234b3a docs: add README

Changes from siderolabs/go-cmd

5 commits

0aea518 chore: rekres and update
68eb006 feat: return typed error for exit error
333ccf1 feat: add stdin support into the Run methods
c5c8f1c feat: extract cmd module from Talos into a separate module
77685fc Initial commit

Changes from siderolabs/go-debug

6 commits

c1bc4bf chore: rekres, rename, etc
3d0a6e1 feat: race build tag flag detector
5b292e5 feat: disable memory profiling by default
c6d0ae2 fix: linters and CI
d969f95 feat: initial implementation
b2044b7 Initial commit

Changes from siderolabs/go-kmsg

4 commits

e2a0000 chore: rekres, rename
b08e4d3 feat: replace tab character with space in console output
2edcd3a feat: add initial version
53cdd8d chore: initial commit

Changes from siderolabs/go-kubeconfig

2 commits

e7fdd94 refactor: extract kubeconfig library as a Go module
50e91b8 docs: add REAMDE

Changes from siderolabs/go-loadbalancer

12 commits

f54e3c9 chore: update dependencies to siderolabs, rekres
438b71d chore: update package path and rekres
5341eec feat: implement public method to check if the route is Healthy
b578d47 feat: add a way to configure loadbalancer options
c54d95d feat: implement control plane loadbalancer
4a6e29e refactor: clean up names, fix the lingering goroutines
af87d1c chore: apply new Kres rules
a445702 feat: allow dial timeout and keep alive period to be configurable
3c8f347 feat: provide a way to configure logger for the loadbalancer
da8e987 feat: implement Reconcile - ability to change upstream list on the fly
8b1dfa6 feat: copy initial version from talos-systems/talos
c2f6a8f Initial commit

Changes from siderolabs/go-procfs

10 commits

a062a4c chore: rekres, rename
8cbc42d feat: provide an option to overwrite some args in AppendAll
24d06a9 refactor: remove talos kernel default args
a82654e feat: implement SetAll method
16ce2ef fix: update cmdline.Set() to drop the value being overwritten
5a9a4a7 feat: update kernel args for new KSPP requirements
57c7311 refactor: change directory layout
a077c96 fix: fix go module name
698666f chore: move package to new repo
dabb425 Initial commit

Changes from siderolabs/go-retry

9 commits

6d45449 chore: rekres, rename
c78cc95 fix: implement errors.Is for all errors in the set
7885e16 feat: add ExpectedErrorf
3d83f61 feat: deprecate UnexpectedError
b9dc1a9 feat: add support for context.Context in Retry
8c63d29 fix: correctly implement error interfaces on wrapped errors
752f081 feat: add an option to log errors being retried
073067b feat: copy initial version from talos-systems/talos
c7968c5 Initial commit

Changes from siderolabs/go-smbios

11 commits

10c1dd8 fix: check for end of the slice properly
9ca8ce7 chore: treat invalid strings as empty
dbc5f79 chore: rekres+rename
3f1e775 feat: rework destructuring of SMBIOS information and added some tests
fd5ec8c fix: remove useless (?) goroutines leading to data race error
d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6
fb425d4 feat: add memory device
0bb4f96 feat: add physical memory array
8019619 feat: supply wake-up type in SMBIOS info
94b8c4e feat: initial implementation
864ed80 Initial commit

Changes from siderolabs/go-tail

2 commits

962ae43 refactor: extract go-tail module
359c3cb docs: initial commit

Changes from siderolabs/grpc-proxy

51 commits

4cc7bbe chore: rename to siderolabs/grpc-proxy, rekres
2c586db feat: pass fullMethodName to GetConnection
6dfa2cc fix: ignore errors on duplicate SetHeader calls
b076302 fix: use io.EOF error when no backend connections are available
82daca0 docs: update README
fa6843a chore: fix spelling
c0a87d9 chore: major cleanup of the code and build
ca3bc61 fix: ignore some errors so that we don't spam the logs
5c579a7 feat: allow different formats for messages streaming/unary
6c9f7b3 fix: allow mode to be set for each request being proxied
cc91c09 refactor: provide better public API, enforce proxying mode
d8d3a75 chore: update import paths after repo move
dbf07a4 Merge pull request #7 from smira/one2many-4
fc0d27d More tests, small code fixes, updated README.
d9ce0b1 Merge pull request #6 from smira/one2many-3
2d37ba4 Support for one2many streaming calls, tests.
817b035 Merge pull request #5 from smira/one2many-2
436b338 More unary one-2-many tests, error propagation.
1f0cb46 Merge pull request #4 from smira/one2many-1
992a975 Proxying one to many: first iteration
a0988ff Merge pull request #3 from smira/small-fixups
e3111ef Small fixups in preparation to add one-to-many proxying.
6d76ffc Merge pull request #2 from smira/backend-concept
2aad63a Add concept of a 'Backend', but still one to one proxying
7cc4610 Merge pull request #1 from smira/build
37f01f3 Rework build to use GitHub Actions, linting updates.
0f1106e Move error checking further up (#34)
d5b35f6 Update gRPC and fix tests (#27)
67591eb Break StreamDirector interface, fix metadata propagation for gRPC-Go>1.5. (#20)
97396d9 Merge pull request #11 from mwitkow/fix-close-bug
3fcbd37 fixup closing conns
a8f5f87 fixup tests, extend readme
428fa1c Fix a channel closing bug
af55d61 Merge pull request #10 from mwitkow/bugfix/streaming-fix
de4d3db remove spurious printfs
84242c4 fix the "i don't know who finished" case
9b22f41 fix full duplex streaming
c2f7c98 update readme
d654141 update README
f457856 move to proxy subdirectory
4889d78 Add fixup scripts
ef60a37 version 2 of the grpc-proxy, this time with fewer grpc upstream deps
07aeac1 Merge pull request #2 from daniellowtw/master
e5c3df5 Fix compatibility with latest grpc library
52be0a5 bugfix: fix gRPC Java deadlock, due to different dispatch logic
822df7d Fix reference to mwitkow.
28341d1 move out forward logic to method, allowing for use as grpc.Server not found handler.
89e28b4 add reference to upstream grpc bug
00dd588 merge upstream grpc.Server changes changing the dispatch logic
77edc97 move to upstream protobuf from gogo
db71c3e initial commit, tested and working.

Changes from siderolabs/net

12 commits

19eb1c4 feat: switch to use netip.Addr instead of net.IP
5b21171 chore: rename, rekres
409926a fix: parse correctly some IPv6 CIDRs
b4b7181 feat: add a way to filter list of IPs for the machine
0abe5bd feat: implement FilterIPs function
0519054 feat: add ParseCIDR
52c7509 feat: add a function to format IPs in CIDR notation
005a94f feat: add methods to manage CIDR list, check for non-local IPv6
8b56890 feat: add ValidateEndpointURI
402fa79 chore: apply kres to get the latest build scripts
c7bc477 chore: initial version of the package
393246a chore: initial commit

Changes from siderolabs/pkgs

39 commits

8b975a7 chore: bump deps
b153ce6 chore: bump deps
535b8f9 chore: update packages version
66c77e9 feat: re-enable build kernel with BTF enabled
98ef073 feat: enable INET_DIAG and FANOTFY_PERMISSIONS
8fe5cbc chore: update dependencies
554c0fe feat: add fanotify and kprobes kernel options
54d7e5c fix: drbd package name
b4cb9e2 feat: add 'drbd' package
91e73b3 feat: update dependencies
b6d0d96 chore: bump kernel to 5.15.72
b16dfe9 chore: bump go to 1.19.2
861cc32 chore: bump kernel to 5.15.71
0ac7773 chore: use generic raspberry pi u-boot
d5633d4 chore: bump kernel to 5.15.70
39c0d43 feat: add generic rpi_arm64_defconfig configuration
ed269ca chore: bump kernel to 5.15.69
f2f8333 fix: no slack notifications on failure
6f0af33 chore: disable drone slack pipeline for renovate
32aea3f chore: disable drone for renovate/dependabot
44579f0 fix: rollback xfsprogs to 5.18.0
792c0e3 feat: add gasket driver package
07f1898 chore: update deps
f78f410 chore: enable conntrack zones and timestamps
049b3c6 chore: enable intel ice drivers
606ff32 chore: bump deps
eee5c8a chore: disable irc in conntrack
70e6c46 chore: bump kernel to 5.15.64
e510321 chore: update renovate config
d1fa510 feat: enable renovate bot
e427a77 chore: bump runc to v1.1.4
40e1215 chore: enable nfsv4.2 client support
15efada chore: bump kernel to 5.15.63
e70e3c1 fix: nvidia oss pkg name
30b8d79 chore: bump kernel to 5.15.62
862c392 chore: bump gcc to 12.2.0
2ecd14e fix: containerd version
01df058 feat: add NanoPi R4S configuration
d4cb33b chore: bump containerd to v1.6.8

Changes from siderolabs/siderolink

19 commits

575c5cc refactor: drop dependency on Talos machinery package
61ab1c4 fix: include MachineStatusEvent into the list of supported events
16a84eb chore: rename to siderolabs/siderolink
ca470c7 chore: update Talos to the latest master, migrate netaddr -> netip/x
93b65f0 fix: ignore 'exist' error on interface managmeent
3c4d9e0 chore: move IP to interface binding into NewDevice
f0b5e39 feat: use kernel wireguard implementation when available
1d2b7e1 feat: allow setting peer endpoint using peer event
5d085d6 feat: expose wgDevice.Peers from the wireguard.Device wrapper
3a5be65 fix: use correct method to generate Wireguard private key
8318a7e feat: accept join token in Provision payload
b38c192 fix: build on Windows
9902ad2 feat: pass request context and node address to the events sink adapter
d0612a7 refactor: pass in listener to the log receiver
d86cdd5 feat: implement logreceiver for kernel logs
f7cadbc fix: handle duplicate peer updates
0755b24 feat: initial implementation of SideroLink
ee73ea9 feat: add Talos events sink proto files and the reference implementation
1e2cd9d Initial commit

Changes from siderolabs/tools

22 commits

e8f92b3 chore: bump tools
3b5f89a chore: update dependencies
6402b99 feat: update OpenSSL to 1.1.1r
00e91b1 feat: update releases
a264809 chore: bump go to 1.19.2
858cfe7 fix: no slack notifications on failure
ed85950 chore: disable drone slack pipeline for renovate
5df6589 chore: disable drone for renovate/dependabot
1f00d2e fix: revert gawk to 5.1.1
feeda1f chore: bump grpc-go
8542014 chore: bump deps
e5c4968 chore: update renovate config
f34f94d chore: update renovate config
cef4cc6 chore: update renovate config
bab8e9e chore: add libbpf to tools
0a15f7b chore: build pahole properly
a322d06 chore: remove img
c7ff47b feat: enable renovate dependency updates (3/3)
6e095cf feat: enable renovate dependency updates (2/n)
bad1ad1 feat: add renovatebot
7d6f9c3 chore: bump gcc to 12.2.0
2719b4b chore: bump toolchain

Dependency Changes

cloud.google.com/go/compute/metadata v0.2.1 new
github.com/BurntSushi/toml v1.2.0 -> v1.2.1
github.com/aws/aws-sdk-go v1.44.76 -> v1.44.136
github.com/containerd/containerd v1.6.8 -> v1.6.9
github.com/cosi-project/runtime v0.1.1 -> v0.2.0-alpha.3
github.com/docker/docker v20.10.17 -> v20.10.21
github.com/emicklei/dot v1.0.0 -> v1.1.0
github.com/fsnotify/fsnotify v1.5.4 -> v1.6.0
github.com/gdamore/tcell/v2 v2.5.2 -> v2.5.3
github.com/google/go-cmp v0.5.8 -> v0.5.9
github.com/google/nftables 2eca00135732 -> 130caa4c31c9
github.com/hetznercloud/hcloud-go v1.35.2 -> v1.37.0
github.com/insomniacslk/dhcp 509691fd59ec -> 5308ebe5334c
github.com/jsimonetti/rtnetlink v1.2.2 -> v1.2.3
github.com/mdlayher/ethtool 856bd6cb8a38 -> 0e16326d06d1
github.com/mdlayher/genetlink v1.2.0 -> v1.3.0
github.com/mdlayher/netlink v1.6.0 -> v1.7.0
github.com/opencontainers/image-spec c5a74bcca799 -> v1.1.0-rc2
github.com/packethost/packngo v0.25.0 -> v0.29.0
github.com/pmorjan/kmod v1.0.0 -> v1.1.0
github.com/rivo/tview 0e6b21a48e96 -> 04a46906d2e9
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.9 -> v1.0.0-beta.10
github.com/siderolabs/crypto v0.4.0 new
github.com/siderolabs/discovery-api v0.1.1 new
github.com/siderolabs/discovery-client v0.1.1 -> v0.1.3
github.com/siderolabs/extras v1.2.0 -> v1.3.0-alpha.0-2-gb155fa0
github.com/siderolabs/gen v0.4.0 new
github.com/siderolabs/go-blockdevice v0.4.1 new
github.com/siderolabs/go-circular v0.1.0 new
github.com/siderolabs/go-cmd v0.1.1 new
github.com/siderolabs/go-debug v0.2.2 new
github.com/siderolabs/go-kmsg v0.1.2 new
github.com/siderolabs/go-kubeconfig v0.1.0 new
github.com/siderolabs/go-loadbalancer v0.2.1 new
github.com/siderolabs/go-procfs v0.1.1 new
github.com/siderolabs/go-retry v0.3.2 new
github.com/siderolabs/go-smbios v0.3.1 new
github.com/siderolabs/go-tail v0.1.0 new
github.com/siderolabs/grpc-proxy v0.4.0 new
github.com/siderolabs/net v0.4.0 new
github.com/siderolabs/pkgs v1.2.0-8-g970860d -> v1.3.0-alpha.0-38-g8b975a7
github.com/siderolabs/siderolink v0.3.0 new
github.com/siderolabs/talos/pkg/machinery v1.3.0-alpha.1 new
github.com/siderolabs/tools v1.2.0 -> v1.3.0-alpha.0-21-ge8f92b3
github.com/spf13/cobra v1.5.0 -> v1.6.1
github.com/stretchr/testify v1.8.0 -> v1.8.1
github.com/u-root/u-root v0.9.0 -> v0.10.0
github.com/vmware-tanzu/sonobuoy v0.56.9 -> v0.56.11
go.etcd.io/etcd/api/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/client/pkg/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/client/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/etcdutl/v3 v3.5.4 -> v3.5.5
go.uber.org/atomic v1.9.0 -> v1.10.0
go.uber.org/zap v1.22.0 -> v1.23.0
go4.org/netipx 797b0c90d8ab new
golang.org/x/net 3211cb980234 -> v0.2.0
golang.org/x/sync 886fb9371eb4 -> v0.1.0
golang.org/x/sys fbc7d0a398ab -> v0.2.0
golang.org/x/term a9ba230a4035 -> v0.2.0
golang.org/x/time e5dcc9cfc0b9 -> v0.2.0
golang.zx2c4.com/wireguard/wgctrl 3d4a969bb56b -> 97bc4ad4a1cb
google.golang.org/grpc v1.48.0 -> v1.50.1
k8s.io/api v0.25.0 -> v0.26.0-beta.0
k8s.io/apimachinery v0.25.0 -> v0.26.0-beta.0
k8s.io/apiserver v0.25.0 -> v0.26.0-beta.0
k8s.io/client-go v0.25.0 -> v0.26.0-beta.0
k8s.io/component-base v0.25.0 -> v0.26.0-beta.0
k8s.io/cri-api v0.25.0 -> v0.26.0-beta.0
k8s.io/klog/v2 v2.70.1 -> v2.80.1
k8s.io/kubectl v0.25.0 -> v0.26.0-beta.0
k8s.io/kubelet v0.25.0 -> v0.26.0-beta.0
kernel.org/pub/linux/libs/security/libcap/cap v1.2.65 -> v1.2.66

Previous release can be found at v1.2.0

Talos 1.3.0-alpha.1 (2022-10-28)

Welcome to the v1.3.0-alpha.1 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

kube-apiserver Audit Policy

Talos now supports setting custom audit policy for kube-apiserver in the machine configuration.

Kernel Command Line ip= Argument

Talos now supports referencing interface name via enxMAC address notation:

ip=172.20.0.2::172.20.0.1:255.255.255.0::enx7085c2dfbc59

etcd Consistency Check

Talos enables --experimental-compact-hash-check-enabled option by default to improve etcd store consistency guarantees.

This options is only available with etcd >= v3.5.5, so Talos doesn't support version of etcd before v3.5.5.

Exocale Platform

Talos now supports new platform: Exoscale.

Exoscale provides a firewall, TCP load balancer and autoscale groups. It works well with CCM and Kubernetes node autoscaler.

Kernel Modules

Talos now supports settings kernel module parameters.

Eg:

machine:
  kernel:
    modules:
      - name: "br_netfilter"
        parameters:
          - nf_conntrack_max=131072

KubeSpan

KubeSpan MTU link size is now configurable via network.kubespan.mtu setting in the machine configuration.

Routes

Talos now supports setting MTU for a specific route.

Nano Pi R4S

Talos now supports the Nano Pi R4S SBC.

Raspberry Generic Images

Encryption with secretbox

How to generate the secret:

dd if=/dev/random of=/dev/stdout bs=32 count=1 | base64

Static Pod Manifests

The directory "/etc/kubernetes/manifests" is now deprecated. Static pods should always be configured in machine.pods. To reenable support you may set machine.kubelet.disableManifestsDirectory.

Eg:

machine:
  kubelet:
    disableManifestsDirectory: no

Component Updates

Kubernetes: v1.26.0-alpha.2
Flannel: v0.20.0
CoreDNS: v1.10.0
etcd: v3.5.5
Linux: 5.15.74

Talos is built with Go 1.19.2.

Contributors

Andrey Smirnov
Noel Georgi
Andrey Smirnov
Michal Witkowski
Artem Chernyshev
Dmitriy Matrenichev
Artem Chernyshev
Serge Logvinov
Andrey Smirnov
Philipp Sauter
Steve Francis
Alexey Palazhchenko
Andrew Rynhard
Tim Jones
Utku Ozdemir
Andrew Rynhard
Kris Reeves
Marvin Drees
Spencer Smith
Branden Cash
Brandon Nason
Cameron Brunner
DJAlPee
Daniel Low
Gerard de Leeuw
Jack Wink
Jon Stelly
Matt Zahorik
Maxim Makarov
Olli Janatuinen
Pau Campana
Rubens Farias
Sander Maijers
Seán C McCord
Spencer Smith
emattiza
killcity

Changes

149 commits

869f3b5a5 feat: network configuration improvements on the OpenStack platform
29f2195e1 feat: support exoscale cloud
8b4ae08d1 fix: etcd snapshot command on Windows
8bfa7ac1d feat: platform metadata resource
7e50e24c0 fix: properly cleanup legacy static pod manifests directory
6ee47bcc6 fix: support serving config for qemu launcher on IPv6
6c3d11b49 docs: admission control patch note
4ea3b99b5 fix: serve static pod files on 127.0.0.1 instead of localhost
23842114f feat: support encryption with secretbox
f6773c472 docs: talos support on equinix metal
b307160f6 chore: bump dependencies
d7edd0e2e refactor: use go-circular, go-kubeconfig, and go-tail
c6e1702ec feat: use URL-based manifests to present static pods to the kubelet
136a795e5 docs: update system requirements to mention dedicated disk usage
879e8c0bf chore: update kernel with BTF support
ceb0cd99a feat: implement Talos API auth using SideroV1 signatures
e6fba7d3b chore: update dependencies
93e55b85f chore: bump golangci-lint to v1.50.0
aa3d9b4ca fix: regenerate cert on node labeling retry
021c73c35 fix: lowercase nodename
b902036e1 docs: update office hours time link
7fcb8c681 feat: update Flannel to v0.20.0
dc70d892a fix: support setting KubeSpan link MTU
7d52bad37 feat: update Linux to 5.15.73
9c78b3aff feat: update Kubernetes to v1.26.0-alpha.2
94913a672 docs: add lofty to talos adopters
0a0bdfe16 docs: add Tremor Video to adopters
b7b1d4fd6 feat: use readonly containers
d210338e3 fix: skip protobuf full unmarshaling for some talosctl commands
b3c679d18 chore: bump dependencies
993743f63 fix: skip hostname via DHCP on OpenStack platform
db076e7b5 feat: pin interface by mac address in cmdline args
63de93722 fix: update go-smbios to v0.3.1
49e9f808e chore: bump kernel and go
c7372144d docs: add constraints to upgrade docs
c71c8ca18 docs: consolidate, simplify and correct various docs
06f76bfeb chore: bump dependencies
b1c421b9a chore: publish ami's with imds v2 enabled
195c40ab5 docs: add information about applicable use cases of disk encryption
54a687fb8 docs: consolidate and expand on discovery service
139c62d76 feat: allow upgrades in maintenance mode (only over SideroLink)
48dee4805 feat: support mtu for routes
1c43c72ae docs: fix talos required kernel params
67cc45ae3 release(v1.3.0-alpha.0): prepare release
18c377a4d feat: customize audit policy
23c9ea46b fix: raspberry pi install
f17cdee16 feat: jsonpath filter for talosctl get outputs
6bd3cca1a chore: generic raspberry pi images
d914ab8bb chore: add vulncheck tool as a linter
a0151aa13 feat: add generic rpi u-boot support
30f851d09 chore: bump dependences
8b2235c3b fix: lookup Equinix Metal bond slaves using 'permanent addr'
b3257ebb1 chore: bump kernel to 5.15.70
0b2767c16 feat: implement 'permanent addr' in link statuses
c90e20251 fix: kubeconfig permission
fc48849d0 chore: move maps/slices/ordered to gen module
8b09bd4b0 feat: update Kubernetes to v1.26.0-alpha.1
276d4175b chore: bump extension versions in testing
357b770cb fix: cryptsetup delete slot
711128839 fix: continue applying bootstrap manifests on some errors
ce12c7b38 chore: update COSI runtime to v0.2.0-alpha.1
1b435c0b3 chore: bump kernel + ice drivers
18e041f1e docs: fix typo in patching example
0ad6452ca feat: update CoreDNS to v1.10.0
479f3f52e chore: bump dependencies
e07c6ae99 feat: update Kubernetes to v1.25.1
13fdfaffc test: fix up default branch name
ef181321a docs: add component diagram; K8s & Talos Linux
aade73643 docs: fix missing variable in OpenEBS docs
472590aa8 chore: return InvalidArgument on invalid config in maintenance mode
e5cabd42c feat: enable etcd consistency hashcheck
015535d90 fix: update discovery client with the redirect fix
d0c8e7699 chore: bump kernel and go
985b0c2e7 chore: remove go.work.sum
69124f102 feat: update etcd to v3.5.5
1985a796c docs: update docs for pod security
94b088f02 fix: set etcd options consistently
92ae7ef4b fix: fix protoenc encoding for enums and types with custom encoders
93809017c docs: cpu scaling governor knowledgebase
7b270ff33 test: fix api controller test
2dadcd669 fix: stop worker nodes from acting as apid routers
9eaf33f3f fix: never sign client certificate requests in trustd
436749124 feat: environment vars for extension service
0c0cb671e chore: mark machine configuration validation failure as InvalidArgument
f424e5340 fix: stop containers more thoroughly
12827b861 chore: move "implements" checks to compile time
3a67c42cb fix: kill the task processes when cleaning up stale task
14a79e325 chore: bump dependencies
9beee92e7 docs: fix double vv in Kubernetes version
688272515 fix: use different username for Talos Kubernetes API access
161a52a9e feat: check apid client certificate extended key usage
9dadc4a59 fix: include all node addresses into etcd cert SANs
71bfd3e43 feat: update CoreDNS to 1.9.4
9df8f1ff1 fix: list COSI APIs for the apid authenticator
31462450f fix: pass a pointer to specs.Mount into protoenc.Marshal
e626540df chore: avoid double API request logging in trustd
f62d17125 chore: update crypto to use new import path siderolabs/crypto
ef27dd855 chore: bump dependencies
6472ae00b fix: automatically discard VIPs for etcd advertised addresses
5e21cca52 feat: support setting kernel parameters
bd56621cd feat: add structprotogen tool
cdb6bb2cc feat: add Nano Pi R4S support
36c1f1d6e fix: flip the client-server version check
cd6c53a97 docs: fork docs for v1.3
0847400f7 fix: prevent panic on health check if a member has no IPs
7471d7f01 feat: update Flannel to v0.19.2
148c75cfb docs: consolidate the control-plane documentation
353154281 fix: drop kube-system SA default binding
4f37b668b chore: remove capi hacks
1369afea8 docs: make 1.2.0 docs default ones
7627cb0e3 docs: add new talosctl gen secrets
8aa60a37a chore: bump kernel to 5.15.64
a798dbd5d docs: update docs for upcoming 1.2.0 release
b2fec3c97 fix: properly handle configContext being nil in Talos client
1c0977b3a fix: change the type of returned gRPC connection object from the client
41848e421 fix: expose Talos client gRPC connection via the function Conn
2e9be4af8 chore: bump dependencies
d283aba3a test: fix cli reboot test
0b339a9dc feat: track progress of action API calls
072349812 fix: update COSI to the version with gRPC Wait fix
89d57aa81 fix: always abort the maintenance service
f6fa74619 fix: limit apid backoff max delay
d7ef346db fix: get command in the case 'nodes' are not set in the context
4e9c32256 fix: correctly render hosts.toml with multiple endpoints
cdd0f08bc feat: check client <> server version in some Talos commands
446b0af58 chore: bump kernel and runc
8c203ce9b feat: remove the machine from the discovery service on reset
b59ca5810 chore: move from inet.af/netaddr to net/netip and go4.org/netipx
053af1d59 fix: update etcd certificates when node addresses changes
11edb2c6f test: re-enable upgrade tests
0310e2089 chore: bump github.com/siderolabs/protoenc to v0.1.5
29bd63240 chore: remove old build tags syntax
b500d0aa9 chore: bump k8s to v1.25.0
29e574be7 docs: update to v1.2.0-beta.1
26b549f2a chore: bump dependencies
8c3ac4c42 chore: limit GOMAXPROCS for Talos services
361e85b74 fix: properly read kexec disabled sysctl
cfe6c2bc2 docs: nvidia oss drivers
2f2d97b6b fix: don't wait for the hostname in maintenance mode
b15a63924 chore: bump kernel to 5.15.62
a0d94be30 fix: stable default hostname bias
da4cd34ef feat: update etcd advertised peer addresses on the fly
faf92ce01 chore: bump kubernetes to v1.25.0-rc.1
52de919e3 chore: bump containerd to v1.6.8
7d43fc79b fix: make 'ca', 'crt' and 'key' flags optional for 'talosctl config add'
fd467e02c fix: handle grub config being empty in the Revert function
9492aca65 fix: clean up cancelCtxMu leftovers in PriorityLock
61e3eb2ea fix: talosctl edit mc loop
32db7a7f5 fix: surround cancelCtx with the mutex

Changes since v1.3.0-alpha.0

43 commits

869f3b5a5 feat: network configuration improvements on the OpenStack platform
29f2195e1 feat: support exoscale cloud
8b4ae08d1 fix: etcd snapshot command on Windows
8bfa7ac1d feat: platform metadata resource
7e50e24c0 fix: properly cleanup legacy static pod manifests directory
6ee47bcc6 fix: support serving config for qemu launcher on IPv6
6c3d11b49 docs: admission control patch note
4ea3b99b5 fix: serve static pod files on 127.0.0.1 instead of localhost
23842114f feat: support encryption with secretbox
f6773c472 docs: talos support on equinix metal
b307160f6 chore: bump dependencies
d7edd0e2e refactor: use go-circular, go-kubeconfig, and go-tail
c6e1702ec feat: use URL-based manifests to present static pods to the kubelet
136a795e5 docs: update system requirements to mention dedicated disk usage
879e8c0bf chore: update kernel with BTF support
ceb0cd99a feat: implement Talos API auth using SideroV1 signatures
e6fba7d3b chore: update dependencies
93e55b85f chore: bump golangci-lint to v1.50.0
aa3d9b4ca fix: regenerate cert on node labeling retry
021c73c35 fix: lowercase nodename
b902036e1 docs: update office hours time link
7fcb8c681 feat: update Flannel to v0.20.0
dc70d892a fix: support setting KubeSpan link MTU
7d52bad37 feat: update Linux to 5.15.73
9c78b3aff feat: update Kubernetes to v1.26.0-alpha.2
94913a672 docs: add lofty to talos adopters
0a0bdfe16 docs: add Tremor Video to adopters
b7b1d4fd6 feat: use readonly containers
d210338e3 fix: skip protobuf full unmarshaling for some talosctl commands
b3c679d18 chore: bump dependencies
993743f63 fix: skip hostname via DHCP on OpenStack platform
db076e7b5 feat: pin interface by mac address in cmdline args
63de93722 fix: update go-smbios to v0.3.1
49e9f808e chore: bump kernel and go
c7372144d docs: add constraints to upgrade docs
c71c8ca18 docs: consolidate, simplify and correct various docs
06f76bfeb chore: bump dependencies
b1c421b9a chore: publish ami's with imds v2 enabled
195c40ab5 docs: add information about applicable use cases of disk encryption
54a687fb8 docs: consolidate and expand on discovery service
139c62d76 feat: allow upgrades in maintenance mode (only over SideroLink)
48dee4805 feat: support mtu for routes
1c43c72ae docs: fix talos required kernel params

Changes from siderolabs/crypto

27 commits

c3225ee feat: allow CSR template subject field to be overridden
8570669 chore: rename to siderolabs/crypto
e9df1b8 feat: add support for generating keys from RSA-SHA256 CAs
510b0d2 chore: add json tags
6fa2d93 fix: deepcopy nil fields as nil
9a63cba fix: add back support for generating ECDSA keys with P-256 and SHA512
893bc66 fix: use SHA256 for ECDSA-P256
deec8d4 chore: implement DeepCopy methods for PEMEncoded* types
d3cb772 feat: make possible to change KeyUsage
6bc5bb5 chore: remove unused argument
cd18ef6 feat: add support for several organizations
97c888b chore: add options to CSR
7776057 chore: fix typos
80df078 chore: remove named result parameters
15bdd28 chore: minor updates
4f80b97 fix: verify CSR signature before issuing a certificate
39584f1 feat: support for key/certificate types RSA, Ed25519, ECDSA
cf75519 fix: function NewKeyPair should create certificate with proper subject
751c95a feat: add 'PEMEncodedKey' which allows to transport keys in YAML
562c3b6 feat: add support for public RSA key in RSAKey
bda0e9c feat: enable more conversions between encoded and raw versions
e0dd56a feat: add NotBefore option for x509 cert creation
12a4897 feat: add support for SPKI fingerprint generation and matching
d0c3eef fix: implement NewKeyPair
196679e feat: move pkg/grpc/tls from github.com/talos-systems/talos as ./tls
1ff6242 chore: initial version as imported from talos-systems/talos
835063e chore: initial commit

Changes from siderolabs/discovery-api

3 commits

5b0c5e7 chore: rename to siderolabs, rekres, etc
db279ef feat: initial set of APIs and generated files
ac52a37 chore: initial commit

Changes from siderolabs/discovery-client

1 commit

230f317 fix: reconnect the client on update failure

Changes from siderolabs/extras

2 commits

8f00d77 feat: update tc-redirect-tap to the latest version
7c91844 chore: bump go to 1.19.2

Changes from siderolabs/gen

6 commits

b3b6db8 fix: fix Copy documentation and implementation
521f737 feat: add xerrors package which contains additions to the std errors
726e066 fix: rename tuples.go to pair.go and set proper package name
d8d7d25 chore: minor additions
338a650 chore: add initial implementation and documentation
4fd8667 Initial commit

Changes from siderolabs/go-blockdevice

55 commits

dcf6044 chore: rekres and rename
9c4af49 fix: cryptsetup remove slot
74ea471 feat: add freebsd stubs
9fa801c feat: add ReadOnly attribute to Disk
fccee8b chore: rekres the source, fix issues
d9c3a27 feat: support probing FAT12/FAT16 filesystems
b374eb4 fix: align partition to 1M boundary by default
ec428fe fix: lookup filesystem labels on the actual device path
7b9de26 feat: read symlink fullpath in block device list function
6928ee4 refactor: rewrite GPT serialize/deserialize functions
0c7e429 refactor: simplify middle endian functions
15b182d fix: return partition table not exist when trying to read an empty dev
b9517d5 fix: resize partition
70d2865 fix: try to find cdrom disks
667bf53 fix: revert gpt partition not found
d7d4cdd fix: gpt partition not found
33afba3 fix: also open in readonly mode when running All lookup method
e367f9d feat: make probe always open blockdevices in readonly mode
d981156 fix: allow Build for Windows
fe24303 fix: perform correct PMBR partition calculations
2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
87816a8 feat: align partition to minimum I/O size
c34b59f feat: expose more encryption options in the LUKS module
30c2bc3 feat: mark MBR bootable
1292574 fix: make disk type matcher parser case insensitive
b77400e fix: properly detect nvme and sd card disk types
1d830a2 fix: revert mark the EFI partition in PMBR as bootable
bec914f fix: mark the EFI partition in PMBR as bootable
776b37d feat: add options to probe disk by various sysblock parameters
bb3ad73 fix: align partition start to physical sector size
8f976c2 feat: replace exec.Command with go-cmd module
1cf7f25 fix: properly handle no child processes error from cmd.Wait
04a9851 feat: implement luks encryption provider
b0375e4 feat: add an option to open block device with exclusive flock
5a1c7f7 refactor: add devname into gpt.Partition, refactor probe package
f2728a5 fix: keep contents of PMBR when writing it
2878460 fix: write second copy of partition entries
943b08b fix: blockdevice reset should read partition table from disk
5b4ee44 fix: ignore /dev/ram devices
98754ec refactor: rewrite GPT library
2a1baad fix: correctly build paths for mmcblk devices
8076344 fix: return proper disk size from GetDisks function
8742133 chore: add common method to list available disks using /sys/block
c4b5833 feat: implement "fast" wipe
b4e67d7 feat: return resize status from Resize() function
ceae64e fix: sync kernel partition table incrementally
2cb9516 fix: return correct error value from blkpg functions
cebe43d refactor: expose InsertAt method via interface
c40dcd8 fix: properly inform kernel about partition deletion
bb8ac5d feat: implement disk wiping via several methods
23fb7dc feat: expose partition name (label)
ff3a821 feat: implement 'InsertAt' method to insert partitions at any position
3d1ce4f fix: calculate last lba of partition correctly
b71540f feat: copy initial version from talos-systems/talos
ca3c078 Initial commit

Changes from siderolabs/go-circular

2 commits

507e0ec refactor: extract circular Go module
2234b3a docs: add README

Changes from siderolabs/go-kubeconfig

2 commits

e7fdd94 refactor: extract kubeconfig library as a Go module
50e91b8 docs: add REAMDE

Changes from siderolabs/go-loadbalancer

11 commits

438b71d chore: update package path and rekres
5341eec feat: implement public method to check if the route is Healthy
b578d47 feat: add a way to configure loadbalancer options
c54d95d feat: implement control plane loadbalancer
4a6e29e refactor: clean up names, fix the lingering goroutines
af87d1c chore: apply new Kres rules
a445702 feat: allow dial timeout and keep alive period to be configurable
3c8f347 feat: provide a way to configure logger for the loadbalancer
da8e987 feat: implement Reconcile - ability to change upstream list on the fly
8b1dfa6 feat: copy initial version from talos-systems/talos
c2f6a8f Initial commit

Changes from siderolabs/go-smbios

11 commits

10c1dd8 fix: check for end of the slice properly
9ca8ce7 chore: treat invalid strings as empty
dbc5f79 chore: rekres+rename
3f1e775 feat: rework destructuring of SMBIOS information and added some tests
fd5ec8c fix: remove useless (?) goroutines leading to data race error
d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6
fb425d4 feat: add memory device
0bb4f96 feat: add physical memory array
8019619 feat: supply wake-up type in SMBIOS info
94b8c4e feat: initial implementation
864ed80 Initial commit

Changes from siderolabs/go-tail

2 commits

962ae43 refactor: extract go-tail module
359c3cb docs: initial commit

Changes from siderolabs/grpc-proxy

51 commits

4cc7bbe chore: rename to siderolabs/grpc-proxy, rekres
2c586db feat: pass fullMethodName to GetConnection
6dfa2cc fix: ignore errors on duplicate SetHeader calls
b076302 fix: use io.EOF error when no backend connections are available
82daca0 docs: update README
fa6843a chore: fix spelling
c0a87d9 chore: major cleanup of the code and build
ca3bc61 fix: ignore some errors so that we don't spam the logs
5c579a7 feat: allow different formats for messages streaming/unary
6c9f7b3 fix: allow mode to be set for each request being proxied
cc91c09 refactor: provide better public API, enforce proxying mode
d8d3a75 chore: update import paths after repo move
dbf07a4 Merge pull request #7 from smira/one2many-4
fc0d27d More tests, small code fixes, updated README.
d9ce0b1 Merge pull request #6 from smira/one2many-3
2d37ba4 Support for one2many streaming calls, tests.
817b035 Merge pull request #5 from smira/one2many-2
436b338 More unary one-2-many tests, error propagation.
1f0cb46 Merge pull request #4 from smira/one2many-1
992a975 Proxying one to many: first iteration
a0988ff Merge pull request #3 from smira/small-fixups
e3111ef Small fixups in preparation to add one-to-many proxying.
6d76ffc Merge pull request #2 from smira/backend-concept
2aad63a Add concept of a 'Backend', but still one to one proxying
7cc4610 Merge pull request #1 from smira/build
37f01f3 Rework build to use GitHub Actions, linting updates.
0f1106e Move error checking further up (#34)
d5b35f6 Update gRPC and fix tests (#27)
67591eb Break StreamDirector interface, fix metadata propagation for gRPC-Go>1.5. (#20)
97396d9 Merge pull request #11 from mwitkow/fix-close-bug
3fcbd37 fixup closing conns
a8f5f87 fixup tests, extend readme
428fa1c Fix a channel closing bug
af55d61 Merge pull request #10 from mwitkow/bugfix/streaming-fix
de4d3db remove spurious printfs
84242c4 fix the "i don't know who finished" case
9b22f41 fix full duplex streaming
c2f7c98 update readme
d654141 update README
f457856 move to proxy subdirectory
4889d78 Add fixup scripts
ef60a37 version 2 of the grpc-proxy, this time with fewer grpc upstream deps
07aeac1 Merge pull request #2 from daniellowtw/master
e5c3df5 Fix compatibility with latest grpc library
52be0a5 bugfix: fix gRPC Java deadlock, due to different dispatch logic
822df7d Fix reference to mwitkow.
28341d1 move out forward logic to method, allowing for use as grpc.Server not found handler.
89e28b4 add reference to upstream grpc bug
00dd588 merge upstream grpc.Server changes changing the dispatch logic
77edc97 move to upstream protobuf from gogo
db71c3e initial commit, tested and working.

Changes from siderolabs/pkgs

36 commits

66c77e9 feat: re-enable build kernel with BTF enabled
98ef073 feat: enable INET_DIAG and FANOTFY_PERMISSIONS
8fe5cbc chore: update dependencies
554c0fe feat: add fanotify and kprobes kernel options
54d7e5c fix: drbd package name
b4cb9e2 feat: add 'drbd' package
91e73b3 feat: update dependencies
b6d0d96 chore: bump kernel to 5.15.72
b16dfe9 chore: bump go to 1.19.2
861cc32 chore: bump kernel to 5.15.71
0ac7773 chore: use generic raspberry pi u-boot
d5633d4 chore: bump kernel to 5.15.70
39c0d43 feat: add generic rpi_arm64_defconfig configuration
ed269ca chore: bump kernel to 5.15.69
f2f8333 fix: no slack notifications on failure
6f0af33 chore: disable drone slack pipeline for renovate
32aea3f chore: disable drone for renovate/dependabot
44579f0 fix: rollback xfsprogs to 5.18.0
792c0e3 feat: add gasket driver package
07f1898 chore: update deps
f78f410 chore: enable conntrack zones and timestamps
049b3c6 chore: enable intel ice drivers
606ff32 chore: bump deps
eee5c8a chore: disable irc in conntrack
70e6c46 chore: bump kernel to 5.15.64
e510321 chore: update renovate config
d1fa510 feat: enable renovate bot
e427a77 chore: bump runc to v1.1.4
40e1215 chore: enable nfsv4.2 client support
15efada chore: bump kernel to 5.15.63
e70e3c1 fix: nvidia oss pkg name
30b8d79 chore: bump kernel to 5.15.62
862c392 chore: bump gcc to 12.2.0
2ecd14e fix: containerd version
01df058 feat: add NanoPi R4S configuration
d4cb33b chore: bump containerd to v1.6.8

Changes from siderolabs/siderolink

18 commits

61ab1c4 fix: include MachineStatusEvent into the list of supported events
16a84eb chore: rename to siderolabs/siderolink
ca470c7 chore: update Talos to the latest master, migrate netaddr -> netip/x
93b65f0 fix: ignore 'exist' error on interface managmeent
3c4d9e0 chore: move IP to interface binding into NewDevice
f0b5e39 feat: use kernel wireguard implementation when available
1d2b7e1 feat: allow setting peer endpoint using peer event
5d085d6 feat: expose wgDevice.Peers from the wireguard.Device wrapper
3a5be65 fix: use correct method to generate Wireguard private key
8318a7e feat: accept join token in Provision payload
b38c192 fix: build on Windows
9902ad2 feat: pass request context and node address to the events sink adapter
d0612a7 refactor: pass in listener to the log receiver
d86cdd5 feat: implement logreceiver for kernel logs
f7cadbc fix: handle duplicate peer updates
0755b24 feat: initial implementation of SideroLink
ee73ea9 feat: add Talos events sink proto files and the reference implementation
1e2cd9d Initial commit

Changes from siderolabs/tools

21 commits

3b5f89a chore: update dependencies
6402b99 feat: update OpenSSL to 1.1.1r
00e91b1 feat: update releases
a264809 chore: bump go to 1.19.2
858cfe7 fix: no slack notifications on failure
ed85950 chore: disable drone slack pipeline for renovate
5df6589 chore: disable drone for renovate/dependabot
1f00d2e fix: revert gawk to 5.1.1
feeda1f chore: bump grpc-go
8542014 chore: bump deps
e5c4968 chore: update renovate config
f34f94d chore: update renovate config
cef4cc6 chore: update renovate config
bab8e9e chore: add libbpf to tools
0a15f7b chore: build pahole properly
a322d06 chore: remove img
c7ff47b feat: enable renovate dependency updates (3/3)
6e095cf feat: enable renovate dependency updates (2/n)
bad1ad1 feat: add renovatebot
7d6f9c3 chore: bump gcc to 12.2.0
2719b4b chore: bump toolchain

Dependency Changes

cloud.google.com/go/compute v1.8.0 -> v1.10.0
github.com/BurntSushi/toml v1.2.0 -> v1.2.1
github.com/aws/aws-sdk-go v1.44.76 -> v1.44.122
github.com/containerd/containerd v1.6.8 -> v1.6.9
github.com/cosi-project/runtime v0.1.1 -> e8a8fdcc7548
github.com/docker/docker v20.10.17 -> v20.10.20
github.com/fsnotify/fsnotify v1.5.4 -> v1.6.0
github.com/google/go-cmp v0.5.8 -> v0.5.9
github.com/google/nftables 2eca00135732 -> 4f5cd5826fbd
github.com/hetznercloud/hcloud-go v1.35.2 -> v1.35.3
github.com/insomniacslk/dhcp 509691fd59ec -> 5308ebe5334c
github.com/jsimonetti/rtnetlink v1.2.2 -> v1.2.3
github.com/mdlayher/ethtool 856bd6cb8a38 -> 0e16326d06d1
github.com/mdlayher/netlink v1.6.0 -> v1.6.2
github.com/opencontainers/image-spec c5a74bcca799 -> v1.1.0-rc2
github.com/packethost/packngo v0.25.0 -> v0.28.1
github.com/rivo/tview 0e6b21a48e96 -> 2e69b7385a37
github.com/siderolabs/crypto v0.4.0 new
github.com/siderolabs/discovery-api v0.1.1 new
github.com/siderolabs/discovery-client v0.1.1 -> v0.1.2
github.com/siderolabs/extras v1.2.0 -> v1.3.0-alpha.0-1-g8f00d77
github.com/siderolabs/gen v0.4.0 new
github.com/siderolabs/go-blockdevice v0.4.0 new
github.com/siderolabs/go-circular v0.1.0 new
github.com/siderolabs/go-kubeconfig v0.1.0 new
github.com/siderolabs/go-loadbalancer v0.2.0 new
github.com/siderolabs/go-smbios v0.3.1 new
github.com/siderolabs/go-tail v0.1.0 new
github.com/siderolabs/grpc-proxy v0.4.0 new
github.com/siderolabs/pkgs v1.2.0-8-g970860d -> v1.3.0-alpha.0-35-g66c77e9
github.com/siderolabs/siderolink v0.2.0 new
github.com/siderolabs/tools v1.2.0 -> v1.3.0-alpha.0-20-g3b5f89a
github.com/spf13/cobra v1.5.0 -> v1.6.1
github.com/stretchr/testify v1.8.0 -> v1.8.1
github.com/u-root/u-root v0.9.0 -> v0.10.0
github.com/vmware-tanzu/sonobuoy v0.56.9 -> v0.56.10
go.etcd.io/etcd/api/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/client/pkg/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/client/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/etcdutl/v3 v3.5.4 -> v3.5.5
go.uber.org/atomic v1.9.0 -> v1.10.0
go.uber.org/zap v1.22.0 -> v1.23.0
go4.org/netipx 797b0c90d8ab new
golang.org/x/net 3211cb980234 -> v0.1.0
golang.org/x/sync 886fb9371eb4 -> v0.1.0
golang.org/x/sys fbc7d0a398ab -> v0.1.0
golang.org/x/term a9ba230a4035 -> v0.1.0
golang.org/x/time e5dcc9cfc0b9 -> v0.1.0
golang.zx2c4.com/wireguard/wgctrl 3d4a969bb56b -> 473347a5e6e3
google.golang.org/grpc v1.48.0 -> v1.50.1
k8s.io/api v0.25.0 -> v0.26.0-alpha.2
k8s.io/apimachinery v0.25.0 -> v0.26.0-alpha.2
k8s.io/apiserver v0.25.0 -> v0.26.0-alpha.2
k8s.io/client-go v0.25.0 -> v0.26.0-alpha.2
k8s.io/component-base v0.25.0 -> v0.26.0-alpha.2
k8s.io/cri-api v0.25.0 -> v0.26.0-alpha.2
k8s.io/kubectl v0.25.0 -> v0.26.0-alpha.2
k8s.io/kubelet v0.25.0 -> v0.26.0-alpha.2
kernel.org/pub/linux/libs/security/libcap/cap v1.2.65 -> v1.2.66

Previous release can be found at v1.2.0

Talos 1.3.0-alpha.0 (2022-09-28)

Welcome to the v1.3.0-alpha.0 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

kube-apiserver Audit Policy

Talos now supports setting custom audit policy for kube-apiserver in the machine configuration.

etcd Consistency Check

Talos enables --experimental-compact-hash-check-enabled option by default to improve etcd store consistency guarantees.

This options is only available with etcd >= v3.5.5, so Talos doesn't support version of etcd before v3.5.5.

Kernel Modules

Talos now supports settings kernel module parameters.

Eg:

machine:
  kernel:
    modules:
      - name: "br_netfilter"
        parameters:
          - nf_conntrack_max=131072

Nano Pi R4S

Talos now supports the Nano Pi R4S SBC.

Raspberry Generic Images

Component Updates

Kubernetes: v1.26.0-alpha.1
Flannel: v0.19.2
CoreDNS: v1.10.0
etcd: v3.5.5
Linux: 5.15.70

Contributors

Andrey Smirnov
Noel Georgi
Andrey Smirnov
Artem Chernyshev
Dmitriy Matrenichev
Artem Chernyshev
Alexey Palazhchenko
Serge Logvinov
Andrew Rynhard
Utku Ozdemir
Kris Reeves
Marvin Drees
Philipp Sauter
Andrew Rynhard
Branden Cash
Matt Zahorik
Olli Janatuinen
Pau Campana
Sander Maijers
Seán C McCord
Spencer Smith
Steve Francis
Tim Jones

Changes

105 commits

18c377a4d feat: customize audit policy
23c9ea46b fix: raspberry pi install
f17cdee16 feat: jsonpath filter for talosctl get outputs
6bd3cca1a chore: generic raspberry pi images
d914ab8bb chore: add vulncheck tool as a linter
a0151aa13 feat: add generic rpi u-boot support
30f851d09 chore: bump dependences
8b2235c3b fix: lookup Equinix Metal bond slaves using 'permanent addr'
b3257ebb1 chore: bump kernel to 5.15.70
0b2767c16 feat: implement 'permanent addr' in link statuses
c90e20251 fix: kubeconfig permission
fc48849d0 chore: move maps/slices/ordered to gen module
8b09bd4b0 feat: update Kubernetes to v1.26.0-alpha.1
276d4175b chore: bump extension versions in testing
357b770cb fix: cryptsetup delete slot
711128839 fix: continue applying bootstrap manifests on some errors
ce12c7b38 chore: update COSI runtime to v0.2.0-alpha.1
1b435c0b3 chore: bump kernel + ice drivers
18e041f1e docs: fix typo in patching example
0ad6452ca feat: update CoreDNS to v1.10.0
479f3f52e chore: bump dependencies
e07c6ae99 feat: update Kubernetes to v1.25.1
13fdfaffc test: fix up default branch name
ef181321a docs: add component diagram; K8s & Talos Linux
aade73643 docs: fix missing variable in OpenEBS docs
472590aa8 chore: return InvalidArgument on invalid config in maintenance mode
e5cabd42c feat: enable etcd consistency hashcheck
015535d90 fix: update discovery client with the redirect fix
d0c8e7699 chore: bump kernel and go
985b0c2e7 chore: remove go.work.sum
69124f102 feat: update etcd to v3.5.5
1985a796c docs: update docs for pod security
94b088f02 fix: set etcd options consistently
92ae7ef4b fix: fix protoenc encoding for enums and types with custom encoders
93809017c docs: cpu scaling governor knowledgebase
7b270ff33 test: fix api controller test
2dadcd669 fix: stop worker nodes from acting as apid routers
9eaf33f3f fix: never sign client certificate requests in trustd
436749124 feat: environment vars for extension service
0c0cb671e chore: mark machine configuration validation failure as InvalidArgument
f424e5340 fix: stop containers more thoroughly
12827b861 chore: move "implements" checks to compile time
3a67c42cb fix: kill the task processes when cleaning up stale task
14a79e325 chore: bump dependencies
9beee92e7 docs: fix double vv in Kubernetes version
688272515 fix: use different username for Talos Kubernetes API access
161a52a9e feat: check apid client certificate extended key usage
9dadc4a59 fix: include all node addresses into etcd cert SANs
71bfd3e43 feat: update CoreDNS to 1.9.4
9df8f1ff1 fix: list COSI APIs for the apid authenticator
31462450f fix: pass a pointer to specs.Mount into protoenc.Marshal
e626540df chore: avoid double API request logging in trustd
f62d17125 chore: update crypto to use new import path siderolabs/crypto
ef27dd855 chore: bump dependencies
6472ae00b fix: automatically discard VIPs for etcd advertised addresses
5e21cca52 feat: support setting kernel parameters
bd56621cd feat: add structprotogen tool
cdb6bb2cc feat: add Nano Pi R4S support
36c1f1d6e fix: flip the client-server version check
cd6c53a97 docs: fork docs for v1.3
0847400f7 fix: prevent panic on health check if a member has no IPs
7471d7f01 feat: update Flannel to v0.19.2
148c75cfb docs: consolidate the control-plane documentation
353154281 fix: drop kube-system SA default binding
4f37b668b chore: remove capi hacks
1369afea8 docs: make 1.2.0 docs default ones
7627cb0e3 docs: add new talosctl gen secrets
8aa60a37a chore: bump kernel to 5.15.64
a798dbd5d docs: update docs for upcoming 1.2.0 release
b2fec3c97 fix: properly handle configContext being nil in Talos client
1c0977b3a fix: change the type of returned gRPC connection object from the client
41848e421 fix: expose Talos client gRPC connection via the function Conn
2e9be4af8 chore: bump dependencies
d283aba3a test: fix cli reboot test
0b339a9dc feat: track progress of action API calls
072349812 fix: update COSI to the version with gRPC Wait fix
89d57aa81 fix: always abort the maintenance service
f6fa74619 fix: limit apid backoff max delay
d7ef346db fix: get command in the case 'nodes' are not set in the context
4e9c32256 fix: correctly render hosts.toml with multiple endpoints
cdd0f08bc feat: check client <> server version in some Talos commands
446b0af58 chore: bump kernel and runc
8c203ce9b feat: remove the machine from the discovery service on reset
b59ca5810 chore: move from inet.af/netaddr to net/netip and go4.org/netipx
053af1d59 fix: update etcd certificates when node addresses changes
11edb2c6f test: re-enable upgrade tests
0310e2089 chore: bump github.com/siderolabs/protoenc to v0.1.5
29bd63240 chore: remove old build tags syntax
b500d0aa9 chore: bump k8s to v1.25.0
29e574be7 docs: update to v1.2.0-beta.1
26b549f2a chore: bump dependencies
8c3ac4c42 chore: limit GOMAXPROCS for Talos services
361e85b74 fix: properly read kexec disabled sysctl
cfe6c2bc2 docs: nvidia oss drivers
2f2d97b6b fix: don't wait for the hostname in maintenance mode
b15a63924 chore: bump kernel to 5.15.62
a0d94be30 fix: stable default hostname bias
da4cd34ef feat: update etcd advertised peer addresses on the fly
faf92ce01 chore: bump kubernetes to v1.25.0-rc.1
52de919e3 chore: bump containerd to v1.6.8
7d43fc79b fix: make 'ca', 'crt' and 'key' flags optional for 'talosctl config add'
fd467e02c fix: handle grub config being empty in the Revert function
9492aca65 fix: clean up cancelCtxMu leftovers in PriorityLock
61e3eb2ea fix: talosctl edit mc loop
32db7a7f5 fix: surround cancelCtx with the mutex

Changes from siderolabs/crypto

27 commits

c3225ee feat: allow CSR template subject field to be overridden
8570669 chore: rename to siderolabs/crypto
e9df1b8 feat: add support for generating keys from RSA-SHA256 CAs
510b0d2 chore: add json tags
6fa2d93 fix: deepcopy nil fields as nil
9a63cba fix: add back support for generating ECDSA keys with P-256 and SHA512
893bc66 fix: use SHA256 for ECDSA-P256
deec8d4 chore: implement DeepCopy methods for PEMEncoded* types
d3cb772 feat: make possible to change KeyUsage
6bc5bb5 chore: remove unused argument
cd18ef6 feat: add support for several organizations
97c888b chore: add options to CSR
7776057 chore: fix typos
80df078 chore: remove named result parameters
15bdd28 chore: minor updates
4f80b97 fix: verify CSR signature before issuing a certificate
39584f1 feat: support for key/certificate types RSA, Ed25519, ECDSA
cf75519 fix: function NewKeyPair should create certificate with proper subject
751c95a feat: add 'PEMEncodedKey' which allows to transport keys in YAML
562c3b6 feat: add support for public RSA key in RSAKey
bda0e9c feat: enable more conversions between encoded and raw versions
e0dd56a feat: add NotBefore option for x509 cert creation
12a4897 feat: add support for SPKI fingerprint generation and matching
d0c3eef fix: implement NewKeyPair
196679e feat: move pkg/grpc/tls from github.com/talos-systems/talos as ./tls
1ff6242 chore: initial version as imported from talos-systems/talos
835063e chore: initial commit

Changes from siderolabs/discovery-api

3 commits

5b0c5e7 chore: rename to siderolabs, rekres, etc
db279ef feat: initial set of APIs and generated files
ac52a37 chore: initial commit

Changes from siderolabs/discovery-client

1 commit

230f317 fix: reconnect the client on update failure

Changes from siderolabs/gen

4 commits

726e066 fix: rename tuples.go to pair.go and set proper package name
d8d7d25 chore: minor additions
338a650 chore: add initial implementation and documentation
4fd8667 Initial commit

Changes from siderolabs/go-blockdevice

55 commits

dcf6044 chore: rekres and rename
9c4af49 fix: cryptsetup remove slot
74ea471 feat: add freebsd stubs
9fa801c feat: add ReadOnly attribute to Disk
fccee8b chore: rekres the source, fix issues
d9c3a27 feat: support probing FAT12/FAT16 filesystems
b374eb4 fix: align partition to 1M boundary by default
ec428fe fix: lookup filesystem labels on the actual device path
7b9de26 feat: read symlink fullpath in block device list function
6928ee4 refactor: rewrite GPT serialize/deserialize functions
0c7e429 refactor: simplify middle endian functions
15b182d fix: return partition table not exist when trying to read an empty dev
b9517d5 fix: resize partition
70d2865 fix: try to find cdrom disks
667bf53 fix: revert gpt partition not found
d7d4cdd fix: gpt partition not found
33afba3 fix: also open in readonly mode when running All lookup method
e367f9d feat: make probe always open blockdevices in readonly mode
d981156 fix: allow Build for Windows
fe24303 fix: perform correct PMBR partition calculations
2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
87816a8 feat: align partition to minimum I/O size
c34b59f feat: expose more encryption options in the LUKS module
30c2bc3 feat: mark MBR bootable
1292574 fix: make disk type matcher parser case insensitive
b77400e fix: properly detect nvme and sd card disk types
1d830a2 fix: revert mark the EFI partition in PMBR as bootable
bec914f fix: mark the EFI partition in PMBR as bootable
776b37d feat: add options to probe disk by various sysblock parameters
bb3ad73 fix: align partition start to physical sector size
8f976c2 feat: replace exec.Command with go-cmd module
1cf7f25 fix: properly handle no child processes error from cmd.Wait
04a9851 feat: implement luks encryption provider
b0375e4 feat: add an option to open block device with exclusive flock
5a1c7f7 refactor: add devname into gpt.Partition, refactor probe package
f2728a5 fix: keep contents of PMBR when writing it
2878460 fix: write second copy of partition entries
943b08b fix: blockdevice reset should read partition table from disk
5b4ee44 fix: ignore /dev/ram devices
98754ec refactor: rewrite GPT library
2a1baad fix: correctly build paths for mmcblk devices
8076344 fix: return proper disk size from GetDisks function
8742133 chore: add common method to list available disks using /sys/block
c4b5833 feat: implement "fast" wipe
b4e67d7 feat: return resize status from Resize() function
ceae64e fix: sync kernel partition table incrementally
2cb9516 fix: return correct error value from blkpg functions
cebe43d refactor: expose InsertAt method via interface
c40dcd8 fix: properly inform kernel about partition deletion
bb8ac5d feat: implement disk wiping via several methods
23fb7dc feat: expose partition name (label)
ff3a821 feat: implement 'InsertAt' method to insert partitions at any position
3d1ce4f fix: calculate last lba of partition correctly
b71540f feat: copy initial version from talos-systems/talos
ca3c078 Initial commit

Changes from siderolabs/pkgs

26 commits

0ac7773 chore: use generic raspberry pi u-boot
d5633d4 chore: bump kernel to 5.15.70
39c0d43 feat: add generic rpi_arm64_defconfig configuration
ed269ca chore: bump kernel to 5.15.69
f2f8333 fix: no slack notifications on failure
6f0af33 chore: disable drone slack pipeline for renovate
32aea3f chore: disable drone for renovate/dependabot
44579f0 fix: rollback xfsprogs to 5.18.0
792c0e3 feat: add gasket driver package
07f1898 chore: update deps
f78f410 chore: enable conntrack zones and timestamps
049b3c6 chore: enable intel ice drivers
606ff32 chore: bump deps
eee5c8a chore: disable irc in conntrack
70e6c46 chore: bump kernel to 5.15.64
e510321 chore: update renovate config
d1fa510 feat: enable renovate bot
e427a77 chore: bump runc to v1.1.4
40e1215 chore: enable nfsv4.2 client support
15efada chore: bump kernel to 5.15.63
e70e3c1 fix: nvidia oss pkg name
30b8d79 chore: bump kernel to 5.15.62
862c392 chore: bump gcc to 12.2.0
2ecd14e fix: containerd version
01df058 feat: add NanoPi R4S configuration
d4cb33b chore: bump containerd to v1.6.8

Changes from siderolabs/tools

15 commits

5df6589 chore: disable drone for renovate/dependabot
1f00d2e fix: revert gawk to 5.1.1
feeda1f chore: bump grpc-go
8542014 chore: bump deps
e5c4968 chore: update renovate config
f34f94d chore: update renovate config
cef4cc6 chore: update renovate config
bab8e9e chore: add libbpf to tools
0a15f7b chore: build pahole properly
a322d06 chore: remove img
c7ff47b feat: enable renovate dependency updates (3/3)
6e095cf feat: enable renovate dependency updates (2/n)
bad1ad1 feat: add renovatebot
7d6f9c3 chore: bump gcc to 12.2.0
2719b4b chore: bump toolchain

Dependency Changes

cloud.google.com/go/compute v1.8.0 -> v1.10.0
github.com/aws/aws-sdk-go v1.44.76 -> v1.44.105
github.com/cosi-project/runtime v0.1.1 -> v0.2.0-alpha.1
github.com/docker/docker v20.10.17 -> v20.10.18
github.com/google/go-cmp v0.5.8 -> v0.5.9
github.com/google/nftables 2eca00135732 -> cbeb0fb1eccf
github.com/hetznercloud/hcloud-go v1.35.2 -> v1.35.3
github.com/insomniacslk/dhcp 509691fd59ec -> 043f1726f02e
github.com/mdlayher/ethtool 856bd6cb8a38 -> 0e16326d06d1
github.com/mdlayher/netlink v1.6.0 -> v1.6.2
github.com/opencontainers/image-spec c5a74bcca799 -> v1.1.0-rc1
github.com/packethost/packngo v0.25.0 -> v0.26.0
github.com/rivo/tview 0e6b21a48e96 -> 2e69b7385a37
github.com/siderolabs/crypto v0.4.0 new
github.com/siderolabs/discovery-api v0.1.1 new
github.com/siderolabs/discovery-client v0.1.1 -> v0.1.2
github.com/siderolabs/gen v0.2.0 new
github.com/siderolabs/go-blockdevice v0.4.0 new
github.com/siderolabs/pkgs v1.2.0-8-g970860d -> v1.3.0-alpha.0-25-g0ac7773
github.com/siderolabs/tools v1.2.0 -> v1.3.0-alpha.0-14-g5df6589
github.com/vmware-tanzu/sonobuoy v0.56.9 -> v0.56.10
go.etcd.io/etcd/api/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/client/pkg/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/client/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/etcdutl/v3 v3.5.4 -> v3.5.5
go.uber.org/atomic v1.9.0 -> v1.10.0
go.uber.org/zap v1.22.0 -> v1.23.0
go4.org/netipx 797b0c90d8ab new
golang.org/x/net 3211cb980234 -> 8be639271d50
golang.org/x/sync 886fb9371eb4 -> 7f9b1623fab7
golang.org/x/sys fbc7d0a398ab -> fb04ddd9f9c8
golang.org/x/term a9ba230a4035 -> 7a66f970e087
golang.org/x/time e5dcc9cfc0b9 -> f3bd1da661af
golang.zx2c4.com/wireguard/wgctrl 3d4a969bb56b -> 473347a5e6e3
google.golang.org/grpc v1.48.0 -> v1.49.0
k8s.io/api v0.25.0 -> v0.26.0-alpha.1
k8s.io/apimachinery v0.25.0 -> v0.26.0-alpha.1
k8s.io/apiserver v0.25.0 -> v0.26.0-alpha.1
k8s.io/client-go v0.25.0 -> v0.26.0-alpha.1
k8s.io/component-base v0.25.0 -> v0.26.0-alpha.1
k8s.io/cri-api v0.25.0 -> v0.26.0-alpha.1
k8s.io/kubectl v0.25.0 -> v0.26.0-alpha.1
k8s.io/kubelet v0.25.0 -> v0.26.0-alpha.1
kernel.org/pub/linux/libs/security/libcap/cap v1.2.65 -> v1.2.66

Previous release can be found at v1.2.0

Talos 1.2.0-alpha.2 (2022-08-10)

Welcome to the v1.2.0-alpha.2 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

Talos API access from Kubernetes

Talos now supports access to its API from within Kubernetes. It can be configured in the machine config as below:

machine:
  features:
    kubernetesTalosAPIAccess:
      enabled: true
      allowedRoles:
        - os:reader
      allowedKubernetesNamespaces:
        - kube-system

This feature introduces a new custom resource definition, serviceaccounts.talos.dev. Creating custom resources of this type will provide credentials to access Talos API from within Kubernetes.

The new CLI subcommand talosctl inject serviceaccount can be used to configure Kubernetes manifests with Talos service accounts as below:

talosctl inject serviceaccount -f manifests.yaml > manifests-injected.yaml
kubectl apply -f manifests-injected.yaml

See documentation for more details.

Generating Talos secrets from PKI directory

It is now possible to generate a secrets bundle from a Kubernetes PKI directory (e.g. /etc/kubernetes/pki).

You can also specify a bootstrap token to be used in the secrets bundle.

This secrets bundle can then be used to generate a machine config.

This facilitates migrating clusters (e.g. created using kubeadm) to Talos.

talosctl gen secrets --kubernetes-bootstrap-token znzio1.1ifu15frz7jd59pv --from-kubernetes-pki /etc/kubernetes/pki
talosctl gen config --with-secrets secrets.yaml my-cluster https://172.20.0.1:6443

Kubernetes ControlPlane Components

Talos now run all Kubernetes Control Plane Components with the CRI default Seccomp Profile and other recommendations as described in KEP-2568.

Kubelet Default Runtime Seccomp Profile

Talos now runs Kubelet with the CRI default Seccomp Profile enabled. This can be disabled by setting .machine.kubelet.defaultRuntimeSeccompProfileEnabled to false.

This is not enabled automatically on upgrades, so upgrading to Talos v1.2 needs this to be explicitly enabled.

Kubernetes Control Plane labels and taints

Talos now defaults to node-role.kubernetes.io/control-plane label/taint. On upgrades Talos now removes the node-role.kubernetes.io/master label/taint on control-plane nodes and replaces it with the node-role.kubernetes.io/control-plane label/taint. Workloads that tolerate the old taints or having node selectors with the old labels will need to be updated.

Kubernetes Discovery Backend

Kubernetes cluster discovery backend is now disabled by default for new clusters. This backend doesn't provide any benefits over the Discovery Service based backend, while it causes issues for KubeSpan enabled clusters when control plane endpoint is KubeSpan-routed.

For air-gapped installations when the Discovery Service is not enabled, Kubernetes Discovery Backend can be enabled by applying the following machine configuration patch:

cluster:
  discovery:
    registries:
      kubernetes:
        disabled: false

KubeSpan Kubernetes Network Advertisement

KubeSpan no longer by default advertises Kubernetes pod networks of the node over KubeSpan. This means that CNI should handle encapsulation of pod-to-pod traffic into the node-to-node tunnel, and node-to-node traffic will be handled by KubeSpan. This provides better compatibility with popular CNIs like Calico and Cilium.

Old behavior can be restored by setting .machine.kubespan.advertiseKubernetesNetworks = true in the machine config.

MachineConfig `.cluster.allowSchedulingOnMasters` deprecated

The .cluster.allowSchedulingOnMasters is deprecated and replaced by .cluster.allowSchedulingOnControlPlanes. The .cluster.allowSchedulingOnMasters will be removed in a future release of Talos. If both .cluster.allowSchedulingOnMasters and .cluster.allowSchedulingOnControlPlanes are set to true, the .cluster.allowSchedulingOnControlPlanes will be used.

`k8s.gcr.io` mirror configuration

Talos now defaults to adding a registry mirror configuration in the machineconfig for k8s.gcr.io pointing to both registry.k8s.io and k8s.gcr.io unless overridden. This is in line with the Kubernetes 1.25 release having the new registry.k8s.io registry endpoint.

This is only enabled by default on newly generated configurations and not on upgrades. This can be enabled with a machine configuration as follows:

machine:
  registries:
    mirrors:
      k8s.gcr.io:
        endpoints:
          - https://registry.k8s.io
          - https://k8s.gcr.io

Network bridge support

Talos now supports configuring Linux bridges. It can be configured in the machine config like the following:

machine:
  network:
    interfaces:
      - interface: br0
        bridge:
          stp:
            enabled: true
          interfaces:
            - eth0
            - eth1

See documentation for more details.

VLAN support in cmdline arguments

Talos now supports dracut-style vlan kernel argument to allow installing Talos Linux in networks where ports are not tagged with a default VLAN:

vlan=eth1.5:eth1 ip=172.20.0.2::172.20.0.1:255.255.255.0::eth1.5:::::

Packet Capture

Talos now supports capturing packets on a network interface with talosctl pcap command:

talosctl pcap --interface eth0

Seccomp Profiles

Talos now supports creating custom seccomp profiles on the host machine which in turn can be used by Kubernetes workloads. It can be configured in the machine config as below:

machine:
  seccompProfiles:
    - name: audit.json
      value:
        defaultAction: SCMP_ACT_LOG
    - name: deny.json
      value: {"defaultAction":"SCMP_ACT_LOG"}

This profile data can be either configured as a YAML definition or as a JSON string.

The profiles are created on the host under /var/lib/seccomp/profiles and bind mounted at /var/lib/kubelet/seccomp/profiles so Kubelet can use it.

See documentation for more details.

Stable Default Hostname

Talos now generates the default hostname (when there is no explicitly specified hostname) for the nodes based on the node id (e.g. talos-2gd-76y) instead of using the DHCP assigned IP address (e.g. talos-172-20-0-2).

This ensures that the node hostname is not changed when DHCP assigns a new IP to a node.

Strategic merge machine configuration patching

In addition to JSON (RFC6902) patches Talos now supports strategic merge patching.

For example, machine hostname can be set with the following patch:

machine:
  network:
    hostname: worker1

Patch format is detected automatically.

Variable substitution for URL query parameter in the talos.config kernel parameter

The kernel parameter talos.config can now substitute system information into placeholders inside its URL query values. This example shows all supported variables:

http://example.com/metadata?h=${hostname}&m=${mac}&s=${serial}&u=${uuid}

talosctl

--masters flag on talosctl cluster create is deprecated. Use --controlplanes instead.

Component Updates

Linux: 5.15.59
Flannel 0.19.1
containerd 1.16.7
Kubernetes: v1.25.0-beta.0

Talos is built with Go 1.19.

Contributors

Andrey Smirnov
Noel Georgi
Utku Ozdemir
Dmitriy Matrenichev
Philipp Sauter
Tim Jones
Artem Chernyshev
Spencer Smith
Davincible
Eirik Askheim
AMet
Alex Wied
Bermi Ferrer
Christoph Schmatzler
Dennis Marttinen
Eng Zer Jun
Flightkick
Florian Klink
Gwyn
Han Cen
Larry Rosenman
Markus Reiter
Matthew Richardson
Nico Berlee
Rio Kierkels
RyanSquared
Serge Logvinov
Seán C McCord
Steve Francis
Tommy Botten Jensen
hobyte
nett_hier
zebernst

Changes

164 commits

5dd1b4002 feat: disable Kubernetes discovery backend by default
b62b18a97 feat: bump k8s to v1.25.0-beta.0
7b80a747b feat: add protobuf encoding/decoding for Go structs
00c3ee3ac docs: remove obsolete references to init nodes
6eefa9d9c fix: properly filter resources in maintenance server
fa5aad01a docs: fix issues in GCP docs
98f056603 chore: bump dependencies
84e712a9f feat: introduce Talos API access from Kubernetes
d7be30892 chore: bump kernel to 5.15.59
c2c2d65bc refactor: use COSI access filter for resource access
1dee0579e feat: add support for proxying one-to-one to apid
86eb01cd6 docs: add missing dev tools
4fd676c04 docs: fix typo in theila name
856beb21c feat: containerd 1.6.7, Flannel 1.19.1
e97b9f6d3 feat: support dhcp options for vlan
92314e47b refactor: use controllers/resources to feed trustd with data
80d298abf feat: support skipping node registration
7795de313 fix: use controllers/resources for etcd configuration
f9b664c94 fix: reload trusted CA list when client is recreated
8847ccd03 fix: shutdown some streaming API calls when machined API is shuting down
f95b53726 fix: allow files in extension spec
1a8f6ec8e fix: don't advertise Kubernetes pod networks over KubeSpan by default
e3d4a0e4d fix: make reset work even if the node is not bootstrapped/not joined
a6b010a8b chore: update Go to 1.19, Linux to 5.15.58
fb058a7c9 test: use T.TempDir to create temporary test directory
6fc38bae6 fix: iterate over etcd members endpoints for member promotion
c70b692fb fix: update default address if removed from the host
cf620d473 feat: read talosconfig from secrets directory
1ad8e6122 fix: keep entire vlan id when parsing cmdline
fe2ee3b10 feat: implement MachineStatus resource
670d274c4 chore: bump dependencies
08d2612e0 docs: bond devices are comma separated
c3c3e14db chore: add gotagsrewrite tool and use it to add tags to resources
2e790526f refactor: make apid stop gracefully and be stopped late
0cdf22243 fix: retry Conflict errors when upgrading k8s manifests
1db097f50 release(v1.2.0-alpha.1): prepare release
5ac4947b6 feat: enable default seccomp profile for kubelet
e5994ff7a fix: skip ResetDuringBoot test if the Cluster config is unknown
8028e1074 fix: wait for boot done when rebooting a node in the integration tests
ae1bec59e feat: allow running only one sequence at a time
ec05aee04 fix: correctly unwrap errors when streaming
7c7f2d8c3 feat: refactor disk size matcher to be compatible with DeepEqual
3addea83b feat: introduce support for Talos API access from Kubernetes
34d3a4164 docs: add missing <> to relref
c4d2d20c4 fix: enable stable hostnames for worker configs as well
0326bac1f chore: bump kernel to 5.15.57
86820c33f chore: bump dependencies
6e7dfeeb3 fix: data race in packet capture (part 2)
c11e1dae7 docs: fix spelling and grammar errors
30f7851d2 chore: bump golangci-lint from 1.45.2 to 1.47.2
2cce9112d chore: bump goimports from 0.1.10 to 0.1.11
18756c7ff fix: folder permissions of overlay mounted folders
47c35dc47 feat: set stable default hostname based on machine-id
1ed3df295 chore: support glibc apps extension spec
a2aea9726 fix: write etcd PKI files in a controller
bb4abc096 fix: regenerate kubelet certs when hostname changes
d650afb6c chore: fix typo in powercycle
644e803ad fix: use masks and different firewall mark for KubeSpan
80444a43d fix: remove data race in pcap capture
04a45dff2 docs: remove katacoda links
065b59276 feat: implement packet capture API
7c006cabc feat: update Kubernetes to 1.24.3
551290195 chore: bump dependencies
1677bcc4b fix: skip bond itself when matching interface (Equinix Metal)
f1c2b5c55 feat: implement strategic merge patching for API server admission config
be98cb82b feat: follow KEP-2568 non-root enhancements
87ea1d961 fix: update kubelet kubeconfig when cluster control plane endpoint changes
a75fe7600 feat: gen secrets from kubernetes pki dir
a1d7b535a docs: add kubeadm migration guide
9e0c56581 docs: guide for setting up synology-csi driver
f0b8eea5e refactor: remove bootstrap sequence
89c7da899 docs: add documentation for vagrant & libvirt
014b85fdc docs: improve talos kubernetes upgrade note
88bb017ed docs: remove old docs from site
c92c90655 feat: build talosctl for FreeBSD
616da3069 docs: update last release for 1.1
091e6ef0e feat: resubstitute talos.config url variables on retry
ec74ab38a feat: update Go to 1.18.4, Linux to 5.15.54
641f6a1e4 feat: expose strategic merge config patches
6e3d2d647 docs: fix disk encryption params
c43d6a31d docs: fix typos
551887528 chore: bump dependencies
626ef05e6 fix: correct SANs for etcd certs
83ce92c5f docs: fix theila docs
8a038d40e fix: stabilize etcd join and promote sequences
136122556 fix: use correct etcd cert path
c170ec0b0 chore: bump kernel to 5.15.53
d924901b7 feat: add cli subcommand to generate secrets
34aabedd8 feat: more circular pkg from internal to pkg
4f044e466 feat: implement strategic merge machine config patching
c2a512608 fix: avoid double append of talos.platform kernel argument
27dfe7c03 fix: perform accurate conflict resolution on overal (kubespan)
e437445b4 chore: bump kernel to 5.15.52
d27a6a4ac feat: add vlan support to cmdline
fdca5d8a9 chore: bump dependencies
ae3840dbc refactor: move kubeconfig package under public api
184e113f3 chore: disable systeminfo controller in container
86a0a7bdf refactor: use pointer types more in machine config structs
3a1eb10e6 docs: update the Proxmox kvm64 note
30e220fcd docs: kernel cmdline params updated on upgrades
915de9cf9 docs: fix bridge documentation
52cd12951 test: bump Talos versions in upgrade tests
022581d80 release(v1.2.0-alpha.0): prepare release
643e81cfe feat: add SenseLabs to ADOPTERS.md
bdfee2b3b chore: bump kernel to 5.15.51
36c44a651 fix: provide CA certificates in /etc/ssl/certs/ca-certificates.crt
7ebd9bcce docs: fix pod security talos resource name
57b625e0a refactor: avoid recreating grpc clients in service health checks
a68a00f1b docs: recommend setting "host" Processor Type on proxmox
923600a73 chore: bump kernel to 5.15.50
758a9bf59 docs: add theila ui
b81016e62 chore: update blockdevice library to v0.3.3
284a2f959 fix: filter static pods correctly and optimize fetching
61abf3111 docs: change command for cluster create to keep $HOME with sudo
6ae1e9bf2 chore: bump dependencies
2deff6b6e feat: add support for variable substitution in talos.config kernel parameter
103c94225 fix: update crypto library with support for RSA-SHA*
448de7194 docs: add UpCloud installation guide
07014e0a8 fix: generate correct bootstrap manifests when only IPv6 CIDR is used
465edbb47 fix: look for qemu-kvm binary
63caa281a fix: create native image format for DigitalOcean
f15ce549e fix: siderlink api assume port 443 with https schema
797596229 feat: add support for configuring network bridges
2b23fabcc docs: use SVG image for K8s conformance
d4606c33e chore: bump kernel to 5.15.49
cfb640222 docs: update docs for release 1.1
b816d0b60 docs: fix the vendor information for Kubernetes conformance tests
a167a5402 test: fix CLI nodes discovery without provisioner data
916a30682 docs: add twitter meta info
80090a3ed test: fix health endpoint cli test when discovery is disabled
3c263bb44 chore: bump dependencies
e8113527f chore: bump kubernetes to v1.24.2
068f1b6d0 feat: add ctest package and base for test suite
2aad3a1e4 chore: bump kernel to 5.15.48
a31a858e0 docs: snippets for logging api server audit logs
89aaaef9f chore: bump kernel to 5.15.47
6759fcd4a feat: use discovery service on cluster health checks
f54d90787 fix: enable orderly poweroff in hyper-v on Azure
35475ce45 docs: openebs jiva example with iscsi-tools extension
8d2be5e31 feat: extend node definition used in health checks
7a11b4def fix: make talosctl bootstrap accept only single node
217fba288 test: fix csi tests
90bf34fed docs: fork docs for Talos 1.2
a0dd010a8 docs: add link to discovery service in kubespan
c0371410e fix: support SideroLink "secure" gRPC connection
b03709620 feat: build Talos images with system extensions included
43def7490 chore: bump kernel and runc
4dbbf4ac5 chore: add generic methods and use them part #2
7114292b6 docs: fix latest release version in docs
da2985fe1 fix: respect local API server port
e03266667 fix: correctly validate reboot mode in CLI
70fc42409 chore: add generic methods and use them
3ae8bdd92 chore: run xfs_repair on xfs filesystem returing EUCLEAN
0c91c89f4 chore: revert day-two tests for csi tests
f71b58312 feat: disallow anonymous requests by default (kube-apiserver)
c19dd1b89 feat: add 'etcd members should be control plane nodes' health check
f2997c0f2 chore: bump dependencies
f3efec4b5 feat: update containerd 1.6.6, Linux 5.15.45, Flannel 0.18.1
27f8e50ce fix: add ovmf image path for rhel
87e7de30c docs: fix required ports
c126f2ee8 chore: bump golang to 1.18.3
c1aed6240 fix: wait for /var to be mounted in kubelet service controller
d7a64f5d2 fix: improve vip operator shutdown sequence
7b9dfcb85 chore: add 'make go-mod-outdated'

Changes since v1.2.0-alpha.1

35 commits

5dd1b4002 feat: disable Kubernetes discovery backend by default
b62b18a97 feat: bump k8s to v1.25.0-beta.0
7b80a747b feat: add protobuf encoding/decoding for Go structs
00c3ee3ac docs: remove obsolete references to init nodes
6eefa9d9c fix: properly filter resources in maintenance server
fa5aad01a docs: fix issues in GCP docs
98f056603 chore: bump dependencies
84e712a9f feat: introduce Talos API access from Kubernetes
d7be30892 chore: bump kernel to 5.15.59
c2c2d65bc refactor: use COSI access filter for resource access
1dee0579e feat: add support for proxying one-to-one to apid
86eb01cd6 docs: add missing dev tools
4fd676c04 docs: fix typo in theila name
856beb21c feat: containerd 1.6.7, Flannel 1.19.1
e97b9f6d3 feat: support dhcp options for vlan
92314e47b refactor: use controllers/resources to feed trustd with data
80d298abf feat: support skipping node registration
7795de313 fix: use controllers/resources for etcd configuration
f9b664c94 fix: reload trusted CA list when client is recreated
8847ccd03 fix: shutdown some streaming API calls when machined API is shuting down
f95b53726 fix: allow files in extension spec
1a8f6ec8e fix: don't advertise Kubernetes pod networks over KubeSpan by default
e3d4a0e4d fix: make reset work even if the node is not bootstrapped/not joined
a6b010a8b chore: update Go to 1.19, Linux to 5.15.58
fb058a7c9 test: use T.TempDir to create temporary test directory
6fc38bae6 fix: iterate over etcd members endpoints for member promotion
c70b692fb fix: update default address if removed from the host
cf620d473 feat: read talosconfig from secrets directory
1ad8e6122 fix: keep entire vlan id when parsing cmdline
fe2ee3b10 feat: implement MachineStatus resource
670d274c4 chore: bump dependencies
08d2612e0 docs: bond devices are comma separated
c3c3e14db chore: add gotagsrewrite tool and use it to add tags to resources
2e790526f refactor: make apid stop gracefully and be stopped late
0cdf22243 fix: retry Conflict errors when upgrading k8s manifests

Changes from siderolabs/extras

3 commits

da35a63 feat: update Go to 1.19
17a319f chore: update Go to 1.18.4
892407f chore: bump golang to 1.18.3

Changes from siderolabs/pkgs

28 commits

7783ee3 chore: bump kernel to 5.15.59
360d596 feat: update containerd to 1.6.7
6feece4 feat: update Go to 1.19
9ad3aeb chore: bump kernel to 5.15.58
dcc0311 chore: bump kernel to 5.15.57
b943a9d chore: update Go to 1.18.4
a44e324 chore: bump kernel to 5.15.54
247f567 chore: bump kernel to 5.15.53
4fe9867 chore: bump openssl to 1.1.1q
9ee662c chore: bump kernel to 5.15.52
4412db8 chore: bump kernel to 5.15.51
6fedbdc chore: bump tools
f1f44e6 chore: bump kernel to 5.15.50
388af5e chore: bump openssl to 1.1.1p
ed75c50 chore: enable RANDOM_TRUST_BOOTLOADER by default
7c243f6 chore: bump kernel to 5.15.49
6e1269e chore: bump kernel to 5.15.48
5d671a3 chore: bump nvidia drivers to 515.48.07
b35d835 chore: bump kernel to 5.15.47
6604d6b feat: hyperv arm64
c474058 chore: bump nvidia driver to 515.43.04
5bc7e34 feat: update runc to 1.1.3, libseccomp to 2.5.4
c02cd7a chore: bump kernel to 5.15.46
b9c72a5 feat: update containerd to 1.6.6
f7786a3 chore: bump kernel to 5.15.45
b1c207d feat: update containerd to 1.6.5
4d47830 chore: bump golang to 1.18.3
dc21e30 chore: bump kernel to 5.15.44

Changes from siderolabs/tools

7 commits

cd35510 feat: update Go to 1.19
e83198d chore: bump git to v2.37.1
0d669dd feat: update Go 1.18.4
26b32d5 chore: bump openssl to 1.1.1q
d8015e7 chore: bump curl to 7.84.0
3ec03ed chore: bump openssl to 1.1.1p
3df9e13 chore: bump golang to 1.18.3

Changes from talos-systems/crypto

1 commit

e9df1b8 feat: add support for generating keys from RSA-SHA256 CAs

Changes from talos-systems/go-blockdevice

2 commits

74ea471 feat: add freebsd stubs
9fa801c feat: add ReadOnly attribute to Disk

Changes from talos-systems/grpc-proxy

1 commit

6dfa2cc fix: ignore errors on duplicate SetHeader calls

Dependency Changes

cloud.google.com/go/compute v1.6.1 -> v1.7.0
github.com/BurntSushi/toml v1.1.0 -> v1.2.0
github.com/aws/aws-sdk-go v1.44.24 -> v1.44.71
github.com/containerd/containerd v1.6.4 -> v1.6.8
github.com/containernetworking/cni v1.1.0 -> v1.1.2
github.com/cosi-project/runtime 95d06feaf8b5 -> cd5f564066ad
github.com/docker/docker v20.10.16 -> v20.10.17
github.com/emicklei/dot v0.16.0 -> v1.0.0
github.com/google/gopacket v1.1.19 new
github.com/google/nftables a9775fb167d2 -> 2eca00135732
github.com/hashicorp/go-getter v1.6.1 -> v1.6.2
github.com/hashicorp/go-version v1.5.0 -> v1.6.0
github.com/hetznercloud/hcloud-go v1.33.2 -> v1.35.2
github.com/jsimonetti/rtnetlink v1.2.0 -> v1.2.1
github.com/martinlindhe/base36 v1.1.1 new
github.com/packethost/packngo v0.24.0 -> v0.25.0
github.com/prometheus/procfs v0.7.3 -> v0.8.0
github.com/rivo/tview 9994674d60a8 -> 37ad0bb93703
github.com/siderolabs/extras v1.1.0-1-g5800284 -> v1.2.0-alpha.0-2-gda35a63
github.com/siderolabs/pkgs v1.1.0-8-gfa9a488 -> v1.2.0-alpha.0-27-g7783ee3
github.com/siderolabs/tools v1.1.0-1-g134974c -> v1.2.0-alpha.0-6-gcd35510
github.com/spf13/cobra v1.4.0 -> v1.5.0
github.com/stretchr/testify v1.7.1 -> v1.8.0
github.com/talos-systems/crypto v0.3.5 -> e9df1b8ca74c
github.com/talos-systems/go-blockdevice v0.3.2 -> v0.3.4
github.com/talos-systems/grpc-proxy v0.3.0 -> v0.3.1
github.com/u-root/u-root v0.8.0 -> v0.9.0
github.com/vishvananda/netlink v1.2.0-beta -> v1.2.1-beta.2
github.com/vmware-tanzu/sonobuoy v0.56.6 -> v0.56.9
github.com/vmware/govmomi v0.28.0 -> v0.29.0
golang.org/x/net 5463443f8c37 -> a33c5aa5df48
golang.org/x/sync 0976fa681c29 -> 886fb9371eb4
golang.org/x/sys bc2c85ada10a -> 1c4a2a72c664
golang.org/x/term 065cf7ba2467 -> a9ba230a4035
golang.org/x/time 583f2d630306 -> e5dcc9cfc0b9
google.golang.org/grpc v1.46.2 -> v1.48.0
google.golang.org/protobuf v1.28.0 -> v1.28.1
gopkg.in/yaml.v3 496545a6307b -> v3.0.1
inet.af/netaddr c74959edd3b6 -> 097006376321
k8s.io/api v0.24.2 -> v0.25.0-beta.0
k8s.io/apimachinery v0.24.2 -> v0.25.0-beta.0
k8s.io/apiserver v0.24.2 -> v0.25.0-beta.0
k8s.io/client-go v0.24.2 -> v0.25.0-beta.0
k8s.io/component-base v0.24.2 -> v0.25.0-beta.0
k8s.io/cri-api v0.24.2 -> v0.25.0-beta.0
k8s.io/kubectl v0.24.2 -> v0.25.0-beta.0
k8s.io/kubelet v0.24.2 -> v0.25.0-beta.0
kernel.org/pub/linux/libs/security/libcap/cap v1.2.64 -> v1.2.65

Previous release can be found at v1.1.0

Talos 1.2.0-alpha.1 (2022-07-28)

Welcome to the v1.2.0-alpha.1 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

Generating Talos secrets from PKI directory

It is now possible to generate a secrets bundle from a Kubernetes PKI directory (e.g. /etc/kubernetes/pki).

You can also specify a bootstrap token to be used in the secrets bundle.

This secrets bundle can then be used to generate a machine config.

This facilitates migrating clusters (e.g. created using kubeadm) to Talos.

talosctl gen secrets --kubernetes-bootstrap-token znzio1.1ifu15frz7jd59pv --from-kubernetes-pki /etc/kubernetes/pki
talosctl gen config --with-secrets secrets.yaml my-cluster https://172.20.0.1:6443

Kubernetes ControlPlane Components

Talos now run all Kubernetes Control Plane Components with the CRI default Seccomp Profile and other recommendations as described in KEP-2568.

Kubelet Default Runtime Seccomp Profile

Talos now runs Kubelet with the CRI default Seccomp Profile enabled. This can be disabled by setting .machine.kubelet.defaultRuntimeSeccompProfileEnabled to false.

This is not enabled automatically on upgrades, so upgrading to Talos v1.2 needs this to be explicitly enabled.

Network bridge support

Talos now supports configuring Linux bridges. It can be configured in the machine config like the following:

machine:
  network:
    interfaces:
      - interface: br0
        bridge:
          stp:
            enabled: true
          interfaces:
            - eth0
            - eth1

See documentation for more details.

VLAN support in cmdline arguments

Talos now supports dracut-style vlan kernel argument to allow installing Talos Linux in networks where ports are not tagged with a default VLAN:

vlan=eth1.5:eth1 ip=172.20.0.2::172.20.0.1:255.255.255.0::eth1.5:::::

Packet Capture

Talos now supports capturing packets on a network interface with talosctl pcap command:

talosctl pcap --interface eth0

Seccomp Profiles

Talos now supports creating custom seccomp profiles on the host machine which in turn can be used by Kubernetes workloads. It can be configured in the machine config as below:

machine:
  seccompProfiles:
    - name: audit.json
      value:
        defaultAction: SCMP_ACT_LOG
    - name: deny.json
      value: {"defaultAction":"SCMP_ACT_LOG"}

This profile data can be either configured as a YAML definition or as a JSON string.

The profiles are created on the host under /var/lib/seccomp/profiles and bind mounted at /var/lib/kubelet/seccomp/profiles so Kubelet can use it.

See documentation for more details.

Stable Default Hostname

This ensures that the node hostname is not changed when DHCP assigns a new IP to a node.

Strategic merge machine configuration patching

In addition to JSON (RFC6902) patches Talos now supports strategic merge patching.

For example, machine hostname can be set with the following patch:

machine:
  network:
    hostname: worker1

Patch format is detected automatically.

Variable substitution for URL query parameter in the talos.config kernel parameter

The kernel parameter talos.config can now substitute system information into placeholders inside its URL query values. This example shows all supported variables:

http://example.com/metadata?h=${hostname}&m=${mac}&s=${serial}&u=${uuid}

Component Updates

Linux: 5.15.57

Talos is built with Go 1.18.4.

Contributors

Andrey Smirnov
Noel Georgi
Utku Ozdemir
Dmitriy Matrenichev
Philipp Sauter
Tim Jones
Spencer Smith
Artem Chernyshev
Davincible
AMet
Alex Wied
Bermi Ferrer
Christoph Schmatzler
Dennis Marttinen
Eirik Askheim
Florian Klink
Han Cen
Larry Rosenman
Markus Reiter
Matthew Richardson
Nico Berlee
Rio Kierkels
RyanSquared
Serge Logvinov
Seán C McCord
hobyte
nett_hier
zebernst

Changes

128 commits

5ac4947b6 feat: enable default seccomp profile for kubelet
e5994ff7a fix: skip ResetDuringBoot test if the Cluster config is unknown
8028e1074 fix: wait for boot done when rebooting a node in the integration tests
ae1bec59e feat: allow running only one sequence at a time
ec05aee04 fix: correctly unwrap errors when streaming
7c7f2d8c3 feat: refactor disk size matcher to be compatible with DeepEqual
3addea83b feat: introduce support for Talos API access from Kubernetes
34d3a4164 docs: add missing <> to relref
c4d2d20c4 fix: enable stable hostnames for worker configs as well
0326bac1f chore: bump kernel to 5.15.57
86820c33f chore: bump dependencies
6e7dfeeb3 fix: data race in packet capture (part 2)
c11e1dae7 docs: fix spelling and grammar errors
30f7851d2 chore: bump golangci-lint from 1.45.2 to 1.47.2
2cce9112d chore: bump goimports from 0.1.10 to 0.1.11
18756c7ff fix: folder permissions of overlay mounted folders
47c35dc47 feat: set stable default hostname based on machine-id
1ed3df295 chore: support glibc apps extension spec
a2aea9726 fix: write etcd PKI files in a controller
bb4abc096 fix: regenerate kubelet certs when hostname changes
d650afb6c chore: fix typo in powercycle
644e803ad fix: use masks and different firewall mark for KubeSpan
80444a43d fix: remove data race in pcap capture
04a45dff2 docs: remove katacoda links
065b59276 feat: implement packet capture API
7c006cabc feat: update Kubernetes to 1.24.3
551290195 chore: bump dependencies
1677bcc4b fix: skip bond itself when matching interface (Equinix Metal)
f1c2b5c55 feat: implement strategic merge patching for API server admission config
be98cb82b feat: follow KEP-2568 non-root enhancements
87ea1d961 fix: update kubelet kubeconfig when cluster control plane endpoint changes
a75fe7600 feat: gen secrets from kubernetes pki dir
a1d7b535a docs: add kubeadm migration guide
9e0c56581 docs: guide for setting up synology-csi driver
f0b8eea5e refactor: remove bootstrap sequence
89c7da899 docs: add documentation for vagrant & libvirt
014b85fdc docs: improve talos kubernetes upgrade note
88bb017ed docs: remove old docs from site
c92c90655 feat: build talosctl for FreeBSD
616da3069 docs: update last release for 1.1
091e6ef0e feat: resubstitute talos.config url variables on retry
ec74ab38a feat: update Go to 1.18.4, Linux to 5.15.54
641f6a1e4 feat: expose strategic merge config patches
6e3d2d647 docs: fix disk encryption params
c43d6a31d docs: fix typos
551887528 chore: bump dependencies
626ef05e6 fix: correct SANs for etcd certs
83ce92c5f docs: fix theila docs
8a038d40e fix: stabilize etcd join and promote sequences
136122556 fix: use correct etcd cert path
c170ec0b0 chore: bump kernel to 5.15.53
d924901b7 feat: add cli subcommand to generate secrets
34aabedd8 feat: more circular pkg from internal to pkg
4f044e466 feat: implement strategic merge machine config patching
c2a512608 fix: avoid double append of talos.platform kernel argument
27dfe7c03 fix: perform accurate conflict resolution on overal (kubespan)
e437445b4 chore: bump kernel to 5.15.52
d27a6a4ac feat: add vlan support to cmdline
fdca5d8a9 chore: bump dependencies
ae3840dbc refactor: move kubeconfig package under public api
184e113f3 chore: disable systeminfo controller in container
86a0a7bdf refactor: use pointer types more in machine config structs
3a1eb10e6 docs: update the Proxmox kvm64 note
30e220fcd docs: kernel cmdline params updated on upgrades
915de9cf9 docs: fix bridge documentation
52cd12951 test: bump Talos versions in upgrade tests
022581d80 release(v1.2.0-alpha.0): prepare release
643e81cfe feat: add SenseLabs to ADOPTERS.md
bdfee2b3b chore: bump kernel to 5.15.51
36c44a651 fix: provide CA certificates in /etc/ssl/certs/ca-certificates.crt
7ebd9bcce docs: fix pod security talos resource name
57b625e0a refactor: avoid recreating grpc clients in service health checks
a68a00f1b docs: recommend setting "host" Processor Type on proxmox
923600a73 chore: bump kernel to 5.15.50
758a9bf59 docs: add theila ui
b81016e62 chore: update blockdevice library to v0.3.3
284a2f959 fix: filter static pods correctly and optimize fetching
61abf3111 docs: change command for cluster create to keep $HOME with sudo
6ae1e9bf2 chore: bump dependencies
2deff6b6e feat: add support for variable substitution in talos.config kernel parameter
103c94225 fix: update crypto library with support for RSA-SHA*
448de7194 docs: add UpCloud installation guide
07014e0a8 fix: generate correct bootstrap manifests when only IPv6 CIDR is used
465edbb47 fix: look for qemu-kvm binary
63caa281a fix: create native image format for DigitalOcean
f15ce549e fix: siderlink api assume port 443 with https schema
797596229 feat: add support for configuring network bridges
2b23fabcc docs: use SVG image for K8s conformance
d4606c33e chore: bump kernel to 5.15.49
cfb640222 docs: update docs for release 1.1
b816d0b60 docs: fix the vendor information for Kubernetes conformance tests
a167a5402 test: fix CLI nodes discovery without provisioner data
916a30682 docs: add twitter meta info
80090a3ed test: fix health endpoint cli test when discovery is disabled
3c263bb44 chore: bump dependencies
e8113527f chore: bump kubernetes to v1.24.2
068f1b6d0 feat: add ctest package and base for test suite
2aad3a1e4 chore: bump kernel to 5.15.48
a31a858e0 docs: snippets for logging api server audit logs
89aaaef9f chore: bump kernel to 5.15.47
6759fcd4a feat: use discovery service on cluster health checks
f54d90787 fix: enable orderly poweroff in hyper-v on Azure
35475ce45 docs: openebs jiva example with iscsi-tools extension
8d2be5e31 feat: extend node definition used in health checks
7a11b4def fix: make talosctl bootstrap accept only single node
217fba288 test: fix csi tests
90bf34fed docs: fork docs for Talos 1.2
a0dd010a8 docs: add link to discovery service in kubespan
c0371410e fix: support SideroLink "secure" gRPC connection
b03709620 feat: build Talos images with system extensions included
43def7490 chore: bump kernel and runc
4dbbf4ac5 chore: add generic methods and use them part #2
7114292b6 docs: fix latest release version in docs
da2985fe1 fix: respect local API server port
e03266667 fix: correctly validate reboot mode in CLI
70fc42409 chore: add generic methods and use them
3ae8bdd92 chore: run xfs_repair on xfs filesystem returing EUCLEAN
0c91c89f4 chore: revert day-two tests for csi tests
f71b58312 feat: disallow anonymous requests by default (kube-apiserver)
c19dd1b89 feat: add 'etcd members should be control plane nodes' health check
f2997c0f2 chore: bump dependencies
f3efec4b5 feat: update containerd 1.6.6, Linux 5.15.45, Flannel 0.18.1
27f8e50ce fix: add ovmf image path for rhel
87e7de30c docs: fix required ports
c126f2ee8 chore: bump golang to 1.18.3
c1aed6240 fix: wait for /var to be mounted in kubelet service controller
d7a64f5d2 fix: improve vip operator shutdown sequence
7b9dfcb85 chore: add 'make go-mod-outdated'

Changes since v1.2.0-alpha.0

66 commits

5ac4947b6 feat: enable default seccomp profile for kubelet
e5994ff7a fix: skip ResetDuringBoot test if the Cluster config is unknown
8028e1074 fix: wait for boot done when rebooting a node in the integration tests
ae1bec59e feat: allow running only one sequence at a time
ec05aee04 fix: correctly unwrap errors when streaming
7c7f2d8c3 feat: refactor disk size matcher to be compatible with DeepEqual
3addea83b feat: introduce support for Talos API access from Kubernetes
34d3a4164 docs: add missing <> to relref
c4d2d20c4 fix: enable stable hostnames for worker configs as well
0326bac1f chore: bump kernel to 5.15.57
86820c33f chore: bump dependencies
6e7dfeeb3 fix: data race in packet capture (part 2)
c11e1dae7 docs: fix spelling and grammar errors
30f7851d2 chore: bump golangci-lint from 1.45.2 to 1.47.2
2cce9112d chore: bump goimports from 0.1.10 to 0.1.11
18756c7ff fix: folder permissions of overlay mounted folders
47c35dc47 feat: set stable default hostname based on machine-id
1ed3df295 chore: support glibc apps extension spec
a2aea9726 fix: write etcd PKI files in a controller
bb4abc096 fix: regenerate kubelet certs when hostname changes
d650afb6c chore: fix typo in powercycle
644e803ad fix: use masks and different firewall mark for KubeSpan
80444a43d fix: remove data race in pcap capture
04a45dff2 docs: remove katacoda links
065b59276 feat: implement packet capture API
7c006cabc feat: update Kubernetes to 1.24.3
551290195 chore: bump dependencies
1677bcc4b fix: skip bond itself when matching interface (Equinix Metal)
f1c2b5c55 feat: implement strategic merge patching for API server admission config
be98cb82b feat: follow KEP-2568 non-root enhancements
87ea1d961 fix: update kubelet kubeconfig when cluster control plane endpoint changes
a75fe7600 feat: gen secrets from kubernetes pki dir
a1d7b535a docs: add kubeadm migration guide
9e0c56581 docs: guide for setting up synology-csi driver
f0b8eea5e refactor: remove bootstrap sequence
89c7da899 docs: add documentation for vagrant & libvirt
014b85fdc docs: improve talos kubernetes upgrade note
88bb017ed docs: remove old docs from site
c92c90655 feat: build talosctl for FreeBSD
616da3069 docs: update last release for 1.1
091e6ef0e feat: resubstitute talos.config url variables on retry
ec74ab38a feat: update Go to 1.18.4, Linux to 5.15.54
641f6a1e4 feat: expose strategic merge config patches
6e3d2d647 docs: fix disk encryption params
c43d6a31d docs: fix typos
551887528 chore: bump dependencies
626ef05e6 fix: correct SANs for etcd certs
83ce92c5f docs: fix theila docs
8a038d40e fix: stabilize etcd join and promote sequences
136122556 fix: use correct etcd cert path
c170ec0b0 chore: bump kernel to 5.15.53
d924901b7 feat: add cli subcommand to generate secrets
34aabedd8 feat: more circular pkg from internal to pkg
4f044e466 feat: implement strategic merge machine config patching
c2a512608 fix: avoid double append of talos.platform kernel argument
27dfe7c03 fix: perform accurate conflict resolution on overal (kubespan)
e437445b4 chore: bump kernel to 5.15.52
d27a6a4ac feat: add vlan support to cmdline
fdca5d8a9 chore: bump dependencies
ae3840dbc refactor: move kubeconfig package under public api
184e113f3 chore: disable systeminfo controller in container
86a0a7bdf refactor: use pointer types more in machine config structs
3a1eb10e6 docs: update the Proxmox kvm64 note
30e220fcd docs: kernel cmdline params updated on upgrades
915de9cf9 docs: fix bridge documentation
52cd12951 test: bump Talos versions in upgrade tests

Changes from siderolabs/extras

2 commits

17a319f chore: update Go to 1.18.4
892407f chore: bump golang to 1.18.3

Changes from siderolabs/pkgs

24 commits

dcc0311 chore: bump kernel to 5.15.57
b943a9d chore: update Go to 1.18.4
a44e324 chore: bump kernel to 5.15.54
247f567 chore: bump kernel to 5.15.53
4fe9867 chore: bump openssl to 1.1.1q
9ee662c chore: bump kernel to 5.15.52
4412db8 chore: bump kernel to 5.15.51
6fedbdc chore: bump tools
f1f44e6 chore: bump kernel to 5.15.50
388af5e chore: bump openssl to 1.1.1p
ed75c50 chore: enable RANDOM_TRUST_BOOTLOADER by default
7c243f6 chore: bump kernel to 5.15.49
6e1269e chore: bump kernel to 5.15.48
5d671a3 chore: bump nvidia drivers to 515.48.07
b35d835 chore: bump kernel to 5.15.47
6604d6b feat: hyperv arm64
c474058 chore: bump nvidia driver to 515.43.04
5bc7e34 feat: update runc to 1.1.3, libseccomp to 2.5.4
c02cd7a chore: bump kernel to 5.15.46
b9c72a5 feat: update containerd to 1.6.6
f7786a3 chore: bump kernel to 5.15.45
b1c207d feat: update containerd to 1.6.5
4d47830 chore: bump golang to 1.18.3
dc21e30 chore: bump kernel to 5.15.44

Changes from siderolabs/tools

5 commits

0d669dd feat: update Go 1.18.4
26b32d5 chore: bump openssl to 1.1.1q
d8015e7 chore: bump curl to 7.84.0
3ec03ed chore: bump openssl to 1.1.1p
3df9e13 chore: bump golang to 1.18.3

Changes from talos-systems/crypto

1 commit

e9df1b8 feat: add support for generating keys from RSA-SHA256 CAs

Changes from talos-systems/go-blockdevice

2 commits

74ea471 feat: add freebsd stubs
9fa801c feat: add ReadOnly attribute to Disk

Changes from talos-systems/grpc-proxy

1 commit

6dfa2cc fix: ignore errors on duplicate SetHeader calls

Dependency Changes

cloud.google.com/go/compute v1.6.1 -> v1.7.0
github.com/BurntSushi/toml v1.1.0 -> v1.2.0
github.com/aws/aws-sdk-go v1.44.24 -> v1.44.61
github.com/containerd/containerd v1.6.4 -> v1.6.6
github.com/containernetworking/cni v1.1.0 -> v1.1.1
github.com/cosi-project/runtime 95d06feaf8b5 -> 22c6aa1ca7ec
github.com/docker/docker v20.10.16 -> v20.10.17
github.com/emicklei/dot v0.16.0 -> v1.0.0
github.com/google/gopacket v1.1.19 new
github.com/google/nftables a9775fb167d2 -> a346d51f53b3
github.com/hashicorp/go-getter v1.6.1 -> v1.6.2
github.com/hashicorp/go-version v1.5.0 -> v1.6.0
github.com/hetznercloud/hcloud-go v1.33.2 -> v1.35.1
github.com/martinlindhe/base36 v1.1.1 new
github.com/packethost/packngo v0.24.0 -> v0.25.0
github.com/rivo/tview 9994674d60a8 -> 73bf2902b59a
github.com/siderolabs/extras v1.1.0-1-g5800284 -> v1.2.0-alpha.0-1-g17a319f
github.com/siderolabs/pkgs v1.1.0-8-gfa9a488 -> v1.2.0-alpha.0-23-gdcc0311
github.com/siderolabs/tools v1.1.0-1-g134974c -> v1.2.0-alpha.0-4-g0d669dd
github.com/spf13/cobra v1.4.0 -> v1.5.0
github.com/stretchr/testify v1.7.1 -> v1.8.0
github.com/talos-systems/crypto v0.3.5 -> e9df1b8ca74c
github.com/talos-systems/go-blockdevice v0.3.2 -> v0.3.4
github.com/talos-systems/grpc-proxy v0.3.0 -> v0.3.1
github.com/vishvananda/netlink v1.2.0-beta -> v1.2.1-beta.2
github.com/vmware-tanzu/sonobuoy v0.56.6 -> v0.56.8
github.com/vmware/govmomi v0.28.0 -> v0.29.0
golang.org/x/net 5463443f8c37 -> a158d28d115b
golang.org/x/sync 0976fa681c29 -> 886fb9371eb4
golang.org/x/sys bc2c85ada10a -> 8c9f86f7a55f
golang.org/x/term 065cf7ba2467 -> a9ba230a4035
golang.org/x/time 583f2d630306 -> e5dcc9cfc0b9
google.golang.org/grpc v1.46.2 -> v1.48.0
gopkg.in/yaml.v3 496545a6307b -> v3.0.1
inet.af/netaddr c74959edd3b6 -> 097006376321
k8s.io/api v0.24.2 -> v0.24.3
k8s.io/apiserver v0.24.2 -> v0.24.3
k8s.io/client-go v0.24.2 -> v0.24.3
k8s.io/component-base v0.24.2 -> v0.24.3
k8s.io/kubectl v0.24.2 -> v0.24.3
k8s.io/kubelet v0.24.2 -> v0.24.3
kernel.org/pub/linux/libs/security/libcap/cap v1.2.64 -> v1.2.65

Previous release can be found at v1.1.0

Talos 1.2.0-alpha.0 (2022-06-30)

Welcome to the v1.2.0-alpha.0 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

Network bridge support

Talos now supports configuring Linux bridges. It can be configured in the machine config like the following:

spec:
  machine:
    network:
      interfaces:
        - interface: br0
          bridge:
            stp:
              enabled: true
            interfaces:
              - eth0
              - eth1

See documentation for more details.

Variable substitution for URL query parameter in the talos.config kernel parameter

The kernel parameter talos.config can now substitute system information into placeholders inside its URL query values. This example shows all supported variables:

http://example.com/metadata?h=${hostname}&m=${mac}&s=${serial}&u=${uuid}

Component Updates

Linux: 5.15.51

Contributors

Noel Georgi
Andrey Smirnov
Utku Ozdemir
Philipp Sauter
Tim Jones
Dmitriy Matrenichev
Davincible
Han Cen
Rio Kierkels
RyanSquared
Serge Logvinov
Spencer Smith
hobyte
nett_hier

Changes

61 commits

643e81cfe feat: add SenseLabs to ADOPTERS.md
bdfee2b3b chore: bump kernel to 5.15.51
36c44a651 fix: provide CA certificates in /etc/ssl/certs/ca-certificates.crt
7ebd9bcce docs: fix pod security talos resource name
57b625e0a refactor: avoid recreating grpc clients in service health checks
a68a00f1b docs: recommend setting "host" Processor Type on proxmox
923600a73 chore: bump kernel to 5.15.50
758a9bf59 docs: add theila ui
b81016e62 chore: update blockdevice library to v0.3.3
284a2f959 fix: filter static pods correctly and optimize fetching
61abf3111 docs: change command for cluster create to keep $HOME with sudo
6ae1e9bf2 chore: bump dependencies
2deff6b6e feat: add support for variable substitution in talos.config kernel parameter
103c94225 fix: update crypto library with support for RSA-SHA*
448de7194 docs: add UpCloud installation guide
07014e0a8 fix: generate correct bootstrap manifests when only IPv6 CIDR is used
465edbb47 fix: look for qemu-kvm binary
63caa281a fix: create native image format for DigitalOcean
f15ce549e fix: siderlink api assume port 443 with https schema
797596229 feat: add support for configuring network bridges
2b23fabcc docs: use SVG image for K8s conformance
d4606c33e chore: bump kernel to 5.15.49
cfb640222 docs: update docs for release 1.1
b816d0b60 docs: fix the vendor information for Kubernetes conformance tests
a167a5402 test: fix CLI nodes discovery without provisioner data
916a30682 docs: add twitter meta info
80090a3ed test: fix health endpoint cli test when discovery is disabled
3c263bb44 chore: bump dependencies
e8113527f chore: bump kubernetes to v1.24.2
068f1b6d0 feat: add ctest package and base for test suite
2aad3a1e4 chore: bump kernel to 5.15.48
a31a858e0 docs: snippets for logging api server audit logs
89aaaef9f chore: bump kernel to 5.15.47
6759fcd4a feat: use discovery service on cluster health checks
f54d90787 fix: enable orderly poweroff in hyper-v on Azure
35475ce45 docs: openebs jiva example with iscsi-tools extension
8d2be5e31 feat: extend node definition used in health checks
7a11b4def fix: make talosctl bootstrap accept only single node
217fba288 test: fix csi tests
90bf34fed docs: fork docs for Talos 1.2
a0dd010a8 docs: add link to discovery service in kubespan
c0371410e fix: support SideroLink "secure" gRPC connection
b03709620 feat: build Talos images with system extensions included
43def7490 chore: bump kernel and runc
4dbbf4ac5 chore: add generic methods and use them part #2
7114292b6 docs: fix latest release version in docs
da2985fe1 fix: respect local API server port
e03266667 fix: correctly validate reboot mode in CLI
70fc42409 chore: add generic methods and use them
3ae8bdd92 chore: run xfs_repair on xfs filesystem returing EUCLEAN
0c91c89f4 chore: revert day-two tests for csi tests
f71b58312 feat: disallow anonymous requests by default (kube-apiserver)
c19dd1b89 feat: add 'etcd members should be control plane nodes' health check
f2997c0f2 chore: bump dependencies
f3efec4b5 feat: update containerd 1.6.6, Linux 5.15.45, Flannel 0.18.1
27f8e50ce fix: add ovmf image path for rhel
87e7de30c docs: fix required ports
c126f2ee8 chore: bump golang to 1.18.3
c1aed6240 fix: wait for /var to be mounted in kubelet service controller
d7a64f5d2 fix: improve vip operator shutdown sequence
7b9dfcb85 chore: add 'make go-mod-outdated'

Changes from siderolabs/extras

1 commit

892407f chore: bump golang to 1.18.3

Changes from siderolabs/pkgs

18 commits

4412db8 chore: bump kernel to 5.15.51
6fedbdc chore: bump tools
f1f44e6 chore: bump kernel to 5.15.50
388af5e chore: bump openssl to 1.1.1p
ed75c50 chore: enable RANDOM_TRUST_BOOTLOADER by default
7c243f6 chore: bump kernel to 5.15.49
6e1269e chore: bump kernel to 5.15.48
5d671a3 chore: bump nvidia drivers to 515.48.07
b35d835 chore: bump kernel to 5.15.47
6604d6b feat: hyperv arm64
c474058 chore: bump nvidia driver to 515.43.04
5bc7e34 feat: update runc to 1.1.3, libseccomp to 2.5.4
c02cd7a chore: bump kernel to 5.15.46
b9c72a5 feat: update containerd to 1.6.6
f7786a3 chore: bump kernel to 5.15.45
b1c207d feat: update containerd to 1.6.5
4d47830 chore: bump golang to 1.18.3
dc21e30 chore: bump kernel to 5.15.44

Changes from siderolabs/tools

1 commit

3df9e13 chore: bump golang to 1.18.3

Changes from talos-systems/crypto

1 commit

e9df1b8 feat: add support for generating keys from RSA-SHA256 CAs

Changes from talos-systems/grpc-proxy

1 commit

6dfa2cc fix: ignore errors on duplicate SetHeader calls

Dependency Changes

cloud.google.com/go/compute v1.6.1 -> v1.7.0
github.com/aws/aws-sdk-go v1.44.24 -> v1.44.42
github.com/containerd/containerd v1.6.4 -> v1.6.6
github.com/containernetworking/cni v1.1.0 -> v1.1.1
github.com/cosi-project/runtime 95d06feaf8b5 -> ee09cee2aab7
github.com/docker/docker v20.10.16 -> v20.10.17
github.com/emicklei/dot v0.16.0 -> v1.0.0
github.com/google/nftables a9775fb167d2 -> a346d51f53b3
github.com/hashicorp/go-getter v1.6.1 -> v1.6.2
github.com/hetznercloud/hcloud-go v1.33.2 -> v1.34.0
github.com/packethost/packngo v0.24.0 -> v0.25.0
github.com/rivo/tview 9994674d60a8 -> 691f46d6f500
github.com/siderolabs/extras v1.1.0-1-g5800284 -> v1.2.0-alpha.0
github.com/siderolabs/pkgs v1.1.0-8-gfa9a488 -> v1.2.0-alpha.0-17-g4412db8
github.com/siderolabs/tools v1.1.0-1-g134974c -> v1.2.0-alpha.0
github.com/spf13/cobra v1.4.0 -> v1.5.0
github.com/stretchr/testify v1.7.1 -> v1.7.5
github.com/talos-systems/crypto v0.3.5 -> e9df1b8ca74c
github.com/talos-systems/grpc-proxy v0.3.0 -> v0.3.1
github.com/vishvananda/netlink v1.2.0-beta -> v1.2.1-beta.2
github.com/vmware-tanzu/sonobuoy v0.56.6 -> v0.56.7
golang.org/x/net 5463443f8c37 -> 1bab6f366d9e
golang.org/x/sync 0976fa681c29 -> 0de741cfad7f
golang.org/x/sys bc2c85ada10a -> 87e55d714810
golang.org/x/time 583f2d630306 -> 579cf78fd858
google.golang.org/grpc v1.46.2 -> v1.47.0
gopkg.in/yaml.v3 496545a6307b -> v3.0.1
inet.af/netaddr c74959edd3b6 -> 097006376321

Previous release can be found at v1.1.0

Talos 1.1.0-alpha.2 (2022-05-12)

Welcome to the v1.1.0-alpha.2 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

Apply Config `--dry-run`

The commands talosctl apply-config, talosctl patch mc and talosctl edit mc now support --dry-run flag. If enabled it just prints out the selected config application mode and the configuration diff.

Apply Config `--mode=try`

The commands talosctl apply-config, talosctl patch mc and talosctl edit mc now support the new mode called try. In this mode the config change is applied for a period of time and then reverted back to the state it was before the change. --timeout parameter can be used to customize the config rollback timeout. This new mode can be used only with the parts of the config that can be changed without a reboot and can help to check that the new configuration doesn't break the node. Can be especially useful to check network interfaces changes that may lead to the loss of connectivity to the node.

IPv6 in Docker-based Talos Clusters

The command talosctl cluster create now enables IPv6 by default for the Docker containers created for Talos nodes. This allows to use IPv6 addresses in Kubernetes networking.

If talosctl cluster create fails to work on Linux due to the lack of IPv6 support, please use the flag --disable-docker-ipv6 to revert the change.

drop some default rules shipped by eudev

Drops some default eudev rules that doesn't make sense in the context of Talos OS. Especially the ones around sound devices, cd-roms and renaming the network interfaces to be predictable

Pod Security Admission

Pod Security Admission controller is enabled by default with the following policy:

apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
- configuration:
    apiVersion: pod-security.admission.config.k8s.io/v1alpha1
    defaults:
      audit: restricted
      audit-version: latest
      enforce: baseline
      enforce-version: latest
      warn: restricted
      warn-version: latest
    exemptions:
      namespaces:
      - kube-system
      runtimeClasses: []
      usernames: []
    kind: PodSecurityConfiguration
  name: PodSecurity
  path: ""

The policy is part of the Talos machine configuration, and it can be modified to suite your needs.

Support RockPi 4 variants A and B

Talos now supports RockPi variants A and B in addition to RockPi 4C

Raspberry Pi PoE hat fan

Talos now enables the Raspberry Pi PoE fan control by pulling in the poe overlay that works with upstream kernel

Component Updates

Linux: 5.15.39
Containerd: v1.6.4
Kubernetes: 1.24.0
Flannel: 0.17.0
runc: 1.1.2
CoreDNS: v1.9.2

Talos is built with Go 1.18.2

x86-64 Architecture

Talos is built for x86-64 architecture with support for x86-64-v2 microarchitecture level, so Talos no longer runs on processors supporting only baseline x86-64 microarchitecture (before 2009).

Contributors

Andrey Smirnov
Noel Georgi
Tim Jones
Dmitriy Matrenichev
Spencer Smith
Artem Chernyshev
Andrew Rynhard
Serge Logvinov
Steve Francis
Philipp Sauter
Steve Francis
Andrei Dobre
Bastiaan Schaap
Caleb Woodbine
Daniel Höxtermann
Jori Huisman
Jorik Jonker
Nico Berlee
Philipp Sauter
Sebastian Hasler
Seán C McCord
Suraj Shirvankar
Tames McTigue
Tim Jones
Tomasz Zurkowski
William Ashton

Changes

211 commits

91a49c4e7 fix: dhcpv6 leasetime segfault loop
afb679586 fix: reset certificate SANs on update
c87432fe1 fix: detect WSL for talosctl cluster create on Docker
166d2585c chore: bump kernel and runc
8d9b0cde0 chore: update deps to go 1.18.2
86741d998 fix: append hostname to cluster SANs when port is not specified
9885bbe17 docs: fix typos, edited for clarity
7fd1c80c3 fix: ignore failures to dial wireguard client
b8e7cdb70 docs: add vultr guide
c2be65b66 fix: openstack unable to parseIP
2ae0e3a56 test: add a test for version of Go Talos was built with
bef1a13fa docs: update latest Talos in 1.0 docs to 1.0.4
b52962c44 chore: bump dependencies
79ae76a6f fix: properly set allowSchedulingOnMasters in the interactive install
2b7e7d4dc feat: print the status of services during boot
802d4a23c fix: load kubelet system service in StartAllServices task
67019c434 fix: add source path for ovmf flash image
da7b24ba5 chore: bump kernel to 5.15.38
8ca8effd6 chore: add Equinix Managed Services NL to adopters
8bc97a30f fix: remove D-Bus sockets before listen attempts
54cfa039a fix: use json.Unmarshal instead of yaml.Unmarshal
6d30c4822 docs: update networking resource documentation
bc88de729 chore: bump coredns to v1.9.2
c6722b637 docs: when mentioning partitions, link to partition docs
b189e8426 chore: fix incorrect ManifestSpec.MarshalYAML signature
5d5280200 feat: add more hardware information to the link status resources
2ff6db749 chore: add Nedap Security Atlas as adopter
89cab200b chore: bump kubernetes to v1.24.0
09d16349f chore: refactor StaticPod and StaticPodStatus into typed.Resource
d2935f98c chore: refactor LinkRefresh and LinkStatus into typed.Resource
b52e0b9b9 fix: talosctl throws error if gen option and --input-dir flags are combined
0e15de3a8 docs: add adopters file
bb932c297 chore: bump containerd to v1.6.4
4eaaa2d59 chore: bump kernel to 5.15.37
89dde8f2c chore: refactor remaining resources into typed.Resource
bd089e702 chore: bump dependencies
3136334b9 docs: fix links in VMware documentation
403df0e18 docs: provide example on using config generation package
635192861 chore: redo pointer with github.com/siderolabs/go-pointer module
a269f740c docs: copy knowledge base to v1.0 docs
483201026 fix: return an error if there is no byte slice in ReadonlyProvider
6e7486f09 fix: allow graceful node shutdown to be overridden
867d38f28 feat: add bond slaves ordering
03ef62ad8 fix: include Go primitive types into unstructured deepcopy
f06e6acf2 chore: bump kernel to 5.15.36
c0d386abb fix: don't mount D-Bus socket via mount under recursive bind mount
9a8ff76df refactor: rewrite perf resource to use typed.Resource
71d04c4d5 refactor: rewrite runtime resources to use typed.Resource
7568d51fc fix: trigger CRI config merge on correct resource update
c456dbcb9 docs: remove references to init nodes
1973095d1 feat: update containerd to 1.6.3
b51292d88 docs: reformat config reference
c0709d970 feat: increase aio-max-nr and inotify.max_user_instances
85b328e99 refactor: convert secrets resources to use typed.Resource
e91350acd refactor: convert time & v1alpha1 resources to use typed.Resource
45464412e chore: bump dependencies
0af6b35a6 feat: update etcd to 3.5.4
7ad27751c docs: fix analytics and sitemap
55ff876dc chore: bump K8s Go modules to 1.24.0-rc.0
f1f43131f fix: strip 'v' prefix from versions on Kubernetes upgrade
ec621477b chore: tune QEMU disk provisioner options
b085343dc feat: use discovery information for etcd join (and other etcd calls)
2b03057b9 feat: implement a new mode try in the config manipulation commands
51a68c31f chore: allow mounting files from the host
f3e330a0a docs: fix network dependency
7ba39bd60 docs: clarify discovery service
8057d076a release(v1.1.0-alpha.1): prepare release
1d5c08e74 chore: bump kernel to 5.15.35
9bf23e516 feat: update Kubernetes to 1.24.0-rc.0
d78ed320b docs: fix the docs reference to star registry redirects
257dfb870 fix: run the 'post' stage of the service always
992e23023 fix: correctly handle stopping services with reverse dependencies
bb7a50bd5 docs: fix netlify redirects
486f79bc7 docs: fix netlify deploy url
e8cbedb05 docs: add canonical link ref
0fe4a7832 docs: improve latest-version banner
23984efcd fix: detect lingering mounts in the installer correctly
54dba925f chore: refactor network resource to use typed resource
4eb9f45cc refactor: split polymorphic K8sControlPlane into typed resources
68dfdd331 fix: provide logger to the etcd snapshot restore
f190403f0 docs: add how to get config after interactive setup
fac7b9466 docs: improve vip caveats documentation
250df9e67 docs: improve rook-ceph description
b5c1d868d docs: add talos/kubernetes config faq
39721ee93 chore: bump dependencies
610945774 chore: bump tools and pkgs
2b68c8b67 fix: enable long timestamps for xfs
be00d7749 chore: implement cluster resources using cosi typed resource
460d5ab13 docs: fix extension services alias
bbdfda2dd chore: xfs quota support in kernel
8ff8fc77f chore: enable rpi4 poe hat fan control
2b9722d1f feat: add dry-run flag in apply-config and edit commands
8af50fcd2 fix: correct cri package import path
ce09ede83 feat: update etcd to 3.5.3
13f41badd chore: bump kernel to 5.15.34
fa57b5d92 docs: reorganize documentation
a91eb9358 chore: bump deps
0aad0df2e refactor: remove String() for resource implementation
a4060513c feat: build Talos with support for x86-64-v2 microarchitecture
8faebd410 chore: bump tools and pkgs
8499b7e7d chore: bump dependencies
a7ba7ea67 feat: migrate to go 1.18
9dace93b5 feat: enable Pod Security Admission by default
c382cb8cd docs: update vmware docs
da0e638f0 docs: stableize tools versioning
f2d2267e7 docs: use template for netlify redirects
88f1d8fcc docs: update sitemap to point to direct url
a6eebee36 chore: update eudev
0cb84e8c1 fix: correctly parse tags out of images
17d09739f docs: enable nested arrow
1e4320b64 chore: add support for rockpi 4A and 4B
d1869d948 docs: update to Sidero Metal, mention clusterctl
18d0038ec fix: avoid panic in DHCPv6 operator on nil dereference
9e3d438db docs: fix code fence formatting
b3f1bb2cf fix: add support for FAT12/16 filesystems
8619f95c5 chore: bump dependencies
8c4f72004 docs: override sitemap.xml to only include latest results
5192ba4e2 docs: fix a typo in QEMU VM setup guide
663e3e879 refactor: change the stages for embed files generation
19bf12af0 fix: enable IPv6 in Docker-based Talos clusters
3889a5839 docs: update config.yaml, storage.md, digital-rebar.md
25d19131d release(v1.1.0-alpha.0): prepare release
2ca5279e5 fix: retry manifest updates in upgrade-k8s
eeb756168 feat: use kexec when resetting a node
1ed1f73e5 test: bump CAPI to 1.1.3
2ee1d2c72 feat: update Kuberentes to 1.24.0-beta.0
c26fa4ccc test: push GITHUB_TOKEN to the e2e-aws/gcp steps
95d900de7 feat: use kubeconfig env var
0b407dd17 feat: add dhcp-v6 NTP/DHCP-DUID
a140a6bad docs: update releases shortcode in upgrade guide
12931dced fix: align partitions on 1M boundary
37f868e37 fix: validate empty TLS config for registries
ca8b9c0a3 feat: update Kubernetes to 1.24.0-alpha.4
d9ec6b215 chore: drop dirty from abbreviated tag
08624fd0b docs: add banner to main page
fc23c7a59 test: bump versions for upgrade tests
4bfe68610 feat: update runc to 1.1.1
b315ed953 chore: use go:embed instead of ldflags
a5d64fc81 feat: update Flannel to 0.17.0
6d6eb3f6a docs: fork docs for 1.1
1d55f05d1 docs: update index page
ad6b7ec1a fix: enable etcd consistency on check startup
65a31f753 docs: re-add GA token
741c04832 docs: mark 1.0 docs as latest
e97433c8a docs: update jetson nano
6665e0f00 docs: code block copying
c41f2b216 docs: update whats-new-v1.0
0a36fbbf3 docs: add release notes for 1.0
bd0035f6a docs: add NVIDIA docs
efa3f2898 fix: correctly find partitions with config data (metal-iso)
9ebeec0d0 docs: fix incorrect path for talosconfig
9fef4540e docs: fix non-latest download links
f8ef6a081 docs: add rook ceph configuration guide
e2666f58f chore: bump kernel to 5.15.32
957b2f233 chore: bump dependencies
0fd2aa08b fix: correctly escape '.' in volume names
108fd03a7 fix: give up virtual IPs before the kubelet workloads are shut down
856e1333d fix: use 'localhost' endpoint in docker provisioner on Windows
c5da38609 docs: use variables and templates in the docs
4c83847b9 docs: target search results
67fb72d96 docs: add algolia versions to all content
5344d6e7c docs: fix extension service path dependency
9b9191c5e fix: increase intiial window and connection window sizes
7a88a0224 docs: show archived/pre-release banner based on version
e403470bf docs: filter algolia results by latest
0497d5f9f docs: tag latest docs for search
a25425483 feat: update containerd to 1.6.2, Linux to 5.15.31
9b6422fcc feat: update CoreDNS to 1.9.1
020856f80 docs: remove second search bar
5f27f4c63 docs: update asset links
9ff42b432 docs: fix redirects for /docs URLs
7283efd56 chore: update the talosctl CNI download url
e0eee7fcc test: use clusterctl.yaml overrides after org rename
73966f51e docs: fix extensions
f9766edb5 docs: remove empty doc file
e06e1473b feat: update golangci-lint to 1.45.0 and gofumpt to 0.3.0
a92c614b2 docs: add enterprise link to docs header
0ae7174ba docs: update search settings and redirects
883d401f9 chore: rename github organization to siderolabs
d1294d014 chore: add day-two tests for e2e-qemu
a6240e4b6 feat: update Linux to 5.15.30
e3fda049f docs: overhaul all the docs
f47750726 fix: the etcd recovery client and tests
69e07cddc fix: trigger properly udevd on types and actions
47d0e629d fix: clean up custom udev rules if the config is cleared
b6691b350 chore: bump dependencies
27af5d41c feat: pause the boot process on some failures instead of rebooting
58cb9db1e feat: allow hardlinks in the system extension images
1e982808f fix: ignore pod CIDRs for kubelet node IPs
5e0c80f61 fix: ignore connection reset errors on k8s upgrade
c156580a3 fix: split regular network operation configuration and virtual IP
cd4d4c605 feat: relax extensions file structure validation
50594ab1a fix: ignore terminated pods in pod health checks
9d69fb6b4 feat: update Kubernetes to 1.23.5
327ce5aba fix: invert the condition to skip kubelet kernel checks
cf85b3f07 docs: update cilium inline install
84ee1795d docs: update logo
cc7719c9d docs: improve comments in security proto
caf800fe8 feat: implement D-Bus systemd-compatible shutdown for kubelet
6bec08429 feat: add talosctl completions to copy, usage, logs, restart and service
355b1a4be fix: refresh etcd certs on startup/join
d256b5c5e docs: fix spelling mistakes
5fdedae20 chore: bump kernel to 5.15.28
18a21b5f2 chore: add dependency images-essential -> images
714e5eca6 chore: bump dependencies
58be4067e docs: update README.md
c5fb20930 docs: add loki note
f448cb4f3 feat: bump boot partition size to 1000 MiB
a095acb09 chore: fix equinixMetal platform name
2a7f9a445 fix: check for IPv6 before applying accept_ra
59681b8c9 fix: backport fixes from release-1.0 branch

Changes since v1.1.0-alpha.1

66 commits

91a49c4e7 fix: dhcpv6 leasetime segfault loop
afb679586 fix: reset certificate SANs on update
c87432fe1 fix: detect WSL for talosctl cluster create on Docker
166d2585c chore: bump kernel and runc
8d9b0cde0 chore: update deps to go 1.18.2
86741d998 fix: append hostname to cluster SANs when port is not specified
9885bbe17 docs: fix typos, edited for clarity
7fd1c80c3 fix: ignore failures to dial wireguard client
b8e7cdb70 docs: add vultr guide
c2be65b66 fix: openstack unable to parseIP
2ae0e3a56 test: add a test for version of Go Talos was built with
bef1a13fa docs: update latest Talos in 1.0 docs to 1.0.4
b52962c44 chore: bump dependencies
79ae76a6f fix: properly set allowSchedulingOnMasters in the interactive install
2b7e7d4dc feat: print the status of services during boot
802d4a23c fix: load kubelet system service in StartAllServices task
67019c434 fix: add source path for ovmf flash image
da7b24ba5 chore: bump kernel to 5.15.38
8ca8effd6 chore: add Equinix Managed Services NL to adopters
8bc97a30f fix: remove D-Bus sockets before listen attempts
54cfa039a fix: use json.Unmarshal instead of yaml.Unmarshal
6d30c4822 docs: update networking resource documentation
bc88de729 chore: bump coredns to v1.9.2
c6722b637 docs: when mentioning partitions, link to partition docs
b189e8426 chore: fix incorrect ManifestSpec.MarshalYAML signature
5d5280200 feat: add more hardware information to the link status resources
2ff6db749 chore: add Nedap Security Atlas as adopter
89cab200b chore: bump kubernetes to v1.24.0
09d16349f chore: refactor StaticPod and StaticPodStatus into typed.Resource
d2935f98c chore: refactor LinkRefresh and LinkStatus into typed.Resource
b52e0b9b9 fix: talosctl throws error if gen option and --input-dir flags are combined
0e15de3a8 docs: add adopters file
bb932c297 chore: bump containerd to v1.6.4
4eaaa2d59 chore: bump kernel to 5.15.37
89dde8f2c chore: refactor remaining resources into typed.Resource
bd089e702 chore: bump dependencies
3136334b9 docs: fix links in VMware documentation
403df0e18 docs: provide example on using config generation package
635192861 chore: redo pointer with github.com/siderolabs/go-pointer module
a269f740c docs: copy knowledge base to v1.0 docs
483201026 fix: return an error if there is no byte slice in ReadonlyProvider
6e7486f09 fix: allow graceful node shutdown to be overridden
867d38f28 feat: add bond slaves ordering
03ef62ad8 fix: include Go primitive types into unstructured deepcopy
f06e6acf2 chore: bump kernel to 5.15.36
c0d386abb fix: don't mount D-Bus socket via mount under recursive bind mount
9a8ff76df refactor: rewrite perf resource to use typed.Resource
71d04c4d5 refactor: rewrite runtime resources to use typed.Resource
7568d51fc fix: trigger CRI config merge on correct resource update
c456dbcb9 docs: remove references to init nodes
1973095d1 feat: update containerd to 1.6.3
b51292d88 docs: reformat config reference
c0709d970 feat: increase aio-max-nr and inotify.max_user_instances
85b328e99 refactor: convert secrets resources to use typed.Resource
e91350acd refactor: convert time & v1alpha1 resources to use typed.Resource
45464412e chore: bump dependencies
0af6b35a6 feat: update etcd to 3.5.4
7ad27751c docs: fix analytics and sitemap
55ff876dc chore: bump K8s Go modules to 1.24.0-rc.0
f1f43131f fix: strip 'v' prefix from versions on Kubernetes upgrade
ec621477b chore: tune QEMU disk provisioner options
b085343dc feat: use discovery information for etcd join (and other etcd calls)
2b03057b9 feat: implement a new mode try in the config manipulation commands
51a68c31f chore: allow mounting files from the host
f3e330a0a docs: fix network dependency
7ba39bd60 docs: clarify discovery service

Changes from siderolabs/extras

3 commits

a77a6f4 chore: bump Go to 1.18.2
ac3b9a4 chore: bump pkgs
d4f8e88 chore: update references after org rename

Changes from siderolabs/go-pointer

2 commits

71ccdf0 chore: implement main functionality
c1c3b23 Initial commit

Changes from siderolabs/pkgs

44 commits

7add479 chore: bump kernel to 5.15.39
0886699 chore: bump runc to v1.1.2
dd06fa9 chore: bump nvidia drivers to 510.68.02
91bb939 chore: bump Go to 1.18.2
8bd8397 chore: bump kernel to 5.15.38
de96a44 chore: bump containerd to v1.6.4
45906c1 chore: bump ca-certificates to 2022-04-26
d847adc chore: bump kernel to 5.15.37
c4cfa72 chore: bump util-linux to 2.38
e22317d chore: bump tools
422ed8e chore: bump kernel to 5.15.36
1e833c6 chore: enable nvme hardware monitor
fe7c46f feat: update containerd to 1.6.3
95f4418 chore: bump kernel to 5.15.35
201af71 chore: bump tools and bldr
3de14d7 chore: enable xfs quota support
6955fd0 chore: bump raspberrypi-firmware to 1.20220331
5b498d8 chore: bump linux-firmware 20220401
9cda5c0 chore: bump kernel to 5.15.34
8b48af6 chore: bump tools
ff13660 chore: bump kernel to 5.15.33
415020f chore: bump eudev, remove non-relevant default rules
6691342 chore: add rockpi4c
5bd5fad chore: build u-boot spi image for rockpi
4dace49 fix: ipxe prompt arm64
6041fd7 chore: update to use latest tools (specifically go 1.18)
4b3e70e chore: upstream u-boot for jetson nano
cc1c8c7 feat: update runc to 1.1.1
3baf4e4 chore: enable random trust CPU
df31920 chore: disable sound
c27751b chore: bump nvidia drivers to 510.60.02
ba98e20 chore: bump kernel to 5.15.32
a76edfd feat: update containerd to 1.6.2
0c38670 chore: bump kernel to 5.15.31
bc4fb0c chore: org update
41f291d feat: update Flannel CNI to 1.0.1
58603ba chore: bump kernel to 5.15.30
d3bb262 chore: bump kernel to 5.15.29
76a24b5 chore: update openssl to 1.1.1n
490c7b7 chore: enable aarch64 NVIDIA drivers
b794b7a chore: bump linux-firmware to 20220310
acda207 chore: bump kernel to 5.15.28
e0fec11 chore: bump nvidia driver to 510.54
0407f05 chore: bump kernel to 5.15.27

Changes from siderolabs/tools

18 commits

967ebd9 chore: bump curl to 7.83.1
e61f856 chore: bump go to 1.18.2
315890f chore: bump ca-certificates to 2022-04-26
a1d3530 chore: bump util-linux to 2.38
d229fe1 chore: update bldr
e9f123c chore: bump curl to 7.83.0
8473ef2 chore: bump git to 2.36.0
8c1f801 chore: bump coreutils to 9.1
533d5c9 chore: bump git to 2.35.2
a15cbee chore: bump go to 1.18.1
718ec10 chore: enable conform
a60a332 chore: bump xz and gzip
c8a3d4d chore: update go to 1.18
1684fdc chore: bump expat to 2.4.8
7f5e44c chore: bump zlib to 1.2.12
bfc99ca chore: rename org
99be089 chore: update openssl to 1.1.1n
b63872b chore: update golang to 1.17.8

Changes from talos-systems/go-blockdevice

2 commits

d9c3a27 feat: support probing FAT12/FAT16 filesystems
b374eb4 fix: align partition to 1M boundary by default

Dependency Changes

cloud.google.com/go/compute v1.5.0 -> v1.6.1
github.com/BurntSushi/toml v1.0.0 -> v1.1.0
github.com/aws/aws-sdk-go v1.43.8 -> v1.44.11
github.com/containerd/containerd v1.6.2 -> v1.6.4
github.com/containernetworking/cni v1.0.1 -> v1.1.0
github.com/containernetworking/plugins v1.1.0 -> v1.1.1
github.com/cosi-project/runtime 264f8fcd1a4f -> e22a85955e81
github.com/docker/distribution v2.8.0 -> v2.8.1
github.com/docker/docker v20.10.12 -> v20.10.15
github.com/fsnotify/fsnotify v1.5.1 -> v1.5.4
github.com/gdamore/tcell/v2 f057f0a857a1 -> v2.5.1
github.com/google/go-cmp v0.5.7 -> v0.5.8
github.com/google/nftables 211824995dcb -> eeaebcf55295
github.com/hetznercloud/hcloud-go v1.33.1 -> v1.33.2
github.com/insomniacslk/dhcp 3c283ff8b7dd -> 1ca156eafb9f
github.com/jsimonetti/rtnetlink v1.1.0 -> v1.2.0
github.com/mdlayher/netx 669a06fde734 -> c711c2f8512f
github.com/opencontainers/image-spec v1.0.2 -> c5a74bcca799
github.com/packethost/packngo v0.22.0 -> v0.24.0
github.com/pelletier/go-toml v1.9.4 -> v1.9.5
github.com/rivo/tview 96063d6082f3 -> 9994674d60a8
github.com/rs/xid v1.3.0 -> v1.4.0
github.com/siderolabs/extras v1.0.0 -> v1.1.0-alpha.0-2-ga77a6f4
github.com/siderolabs/go-pointer v1.0.0 new
github.com/siderolabs/pkgs v1.0.0-6-g7c293d5 -> v1.1.0-alpha.0-41-g7add479
github.com/siderolabs/tools v1.0.0-1-g4c77d96 -> v1.1.0-alpha.0-17-g967ebd9
github.com/spf13/cobra v1.3.0 -> v1.4.0
github.com/spf13/pflag v1.0.5 new
github.com/stretchr/testify v1.7.0 -> v1.7.1
github.com/talos-systems/go-blockdevice v0.3.1 -> d9c3a2738861
github.com/vishvananda/netlink 650dca95af54 -> v1.2.0-beta
github.com/vmware-tanzu/sonobuoy v0.56.2 -> v0.56.5
github.com/vmware/govmomi v0.27.4 -> v0.28.0
github.com/vmware/vmw-guestinfo cc1fd90d572c -> 510905f0efa3
go.etcd.io/etcd/api/v3 v3.5.2 -> v3.5.4
go.etcd.io/etcd/client/pkg/v3 v3.5.2 -> v3.5.4
go.etcd.io/etcd/client/v3 v3.5.2 -> v3.5.4
go.etcd.io/etcd/etcdutl/v3 v3.5.2 -> v3.5.4
golang.org/x/net 27dd8689420f -> 2871e0cb64e4
golang.org/x/sys 4e6760a101f9 -> 988cb79eb6c6
golang.org/x/term 03fcf44c2211 -> e5f449aeb171
golang.org/x/time 0e9765cccd65 -> 583f2d630306
golang.zx2c4.com/wireguard/wgctrl fde48d68ee68 -> 3d4a969bb56b
google.golang.org/grpc v1.44.0 -> v1.46.0
google.golang.org/protobuf v1.27.1 -> v1.28.0
k8s.io/api v0.23.5 -> v0.24.0
k8s.io/apimachinery v0.23.5 -> v0.24.0
k8s.io/apiserver v0.23.5 -> v0.24.0
k8s.io/client-go v0.23.5 -> v0.24.0
k8s.io/component-base v0.23.5 -> v0.24.0
k8s.io/cri-api v0.23.5 -> v0.24.0
k8s.io/klog/v2 v2.60.1 new
k8s.io/kubectl v0.23.5 -> v0.24.0
k8s.io/kubelet v0.23.5 -> v0.24.0
kernel.org/pub/linux/libs/security/libcap/cap v1.2.63 -> v1.2.64

Previous release can be found at v1.0.0

Talos 1.1.0-alpha.1 (2022-04-20)

Welcome to the v1.1.0-alpha.1 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

Apply Config `--dry-run`

IPv6 in Docker-based Talos Clusters

The command talosctl cluster create now enables IPv6 by default for the Docker containers created for Talos nodes. This allows to use IPv6 addresses in Kubernetes networking.

If talosctl cluster create fails to work on Linux due to the lack of IPv6 support, please use the flag --disable-docker-ipv6 to revert the change.

drop some default rules shipped by eudev

Drops some default eudev rules that doesn't make sense in the context of Talos OS. Especially the ones around sound devices, cd-roms and renaming the network interfaces to be predictable

Pod Security Admission

Pod Security Admission controller is enabled by default with the following policy:

apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
- configuration:
    apiVersion: pod-security.admission.config.k8s.io/v1alpha1
    defaults:
      audit: restricted
      audit-version: latest
      enforce: baseline
      enforce-version: latest
      warn: restricted
      warn-version: latest
    exemptions:
      namespaces:
      - kube-system
      runtimeClasses: []
      usernames: []
    kind: PodSecurityConfiguration
  name: PodSecurity
  path: ""

The policy is part of the Talos machine configuration, and it can be modified to suite your needs.

Support RockPi 4 variants A and B

Talos now supports RockPi variants A and B in addition to RockPi 4C

Raspberry Pi PoE hat fan

Talos now enables the Raspberry Pi PoE fan control by pulling in the poe overlay that works with upstream kernel

Component Updates

Linux: 5.15.35
Kubernetes: 1.24.0-rc.0
Flannel: 0.17.0
runc: 1.1.1

Talos is built with Go 1.18.1.

x86-64 Architecture

Talos is built for x86-64 architecture with support for x86-64-v2 microarchitecture level, so Talos no longer runs on processors supporting only baseline x86-64 microarchitecture (before 2009).

Contributors

Andrey Smirnov
Noel Georgi
Tim Jones
Spencer Smith
Dmitriy Matrenichev
Andrew Rynhard
Artem Chernyshev
Steve Francis
Andrei Dobre
Caleb Woodbine
Daniel Höxtermann
Jori Huisman
Nico Berlee
Serge Logvinov
Seán C McCord
Steve Francis
Suraj Shirvankar
Tim Jones
Tomasz Zurkowski
William Ashton

Changes

144 commits

1d5c08e74 chore: bump kernel to 5.15.35
9bf23e516 feat: update Kubernetes to 1.24.0-rc.0
d78ed320b docs: fix the docs reference to star registry redirects
257dfb870 fix: run the 'post' stage of the service always
992e23023 fix: correctly handle stopping services with reverse dependencies
bb7a50bd5 docs: fix netlify redirects
486f79bc7 docs: fix netlify deploy url
e8cbedb05 docs: add canonical link ref
0fe4a7832 docs: improve latest-version banner
23984efcd fix: detect lingering mounts in the installer correctly
54dba925f chore: refactor network resource to use typed resource
4eb9f45cc refactor: split polymorphic K8sControlPlane into typed resources
68dfdd331 fix: provide logger to the etcd snapshot restore
f190403f0 docs: add how to get config after interactive setup
fac7b9466 docs: improve vip caveats documentation
250df9e67 docs: improve rook-ceph description
b5c1d868d docs: add talos/kubernetes config faq
39721ee93 chore: bump dependencies
610945774 chore: bump tools and pkgs
2b68c8b67 fix: enable long timestamps for xfs
be00d7749 chore: implement cluster resources using cosi typed resource
460d5ab13 docs: fix extension services alias
bbdfda2dd chore: xfs quota support in kernel
8ff8fc77f chore: enable rpi4 poe hat fan control
2b9722d1f feat: add dry-run flag in apply-config and edit commands
8af50fcd2 fix: correct cri package import path
ce09ede83 feat: update etcd to 3.5.3
13f41badd chore: bump kernel to 5.15.34
fa57b5d92 docs: reorganize documentation
a91eb9358 chore: bump deps
0aad0df2e refactor: remove String() for resource implementation
a4060513c feat: build Talos with support for x86-64-v2 microarchitecture
8faebd410 chore: bump tools and pkgs
8499b7e7d chore: bump dependencies
a7ba7ea67 feat: migrate to go 1.18
9dace93b5 feat: enable Pod Security Admission by default
c382cb8cd docs: update vmware docs
da0e638f0 docs: stableize tools versioning
f2d2267e7 docs: use template for netlify redirects
88f1d8fcc docs: update sitemap to point to direct url
a6eebee36 chore: update eudev
0cb84e8c1 fix: correctly parse tags out of images
17d09739f docs: enable nested arrow
1e4320b64 chore: add support for rockpi 4A and 4B
d1869d948 docs: update to Sidero Metal, mention clusterctl
18d0038ec fix: avoid panic in DHCPv6 operator on nil dereference
9e3d438db docs: fix code fence formatting
b3f1bb2cf fix: add support for FAT12/16 filesystems
8619f95c5 chore: bump dependencies
8c4f72004 docs: override sitemap.xml to only include latest results
5192ba4e2 docs: fix a typo in QEMU VM setup guide
663e3e879 refactor: change the stages for embed files generation
19bf12af0 fix: enable IPv6 in Docker-based Talos clusters
3889a5839 docs: update config.yaml, storage.md, digital-rebar.md
25d19131d release(v1.1.0-alpha.0): prepare release
2ca5279e5 fix: retry manifest updates in upgrade-k8s
eeb756168 feat: use kexec when resetting a node
1ed1f73e5 test: bump CAPI to 1.1.3
2ee1d2c72 feat: update Kuberentes to 1.24.0-beta.0
c26fa4ccc test: push GITHUB_TOKEN to the e2e-aws/gcp steps
95d900de7 feat: use kubeconfig env var
0b407dd17 feat: add dhcp-v6 NTP/DHCP-DUID
a140a6bad docs: update releases shortcode in upgrade guide
12931dced fix: align partitions on 1M boundary
37f868e37 fix: validate empty TLS config for registries
ca8b9c0a3 feat: update Kubernetes to 1.24.0-alpha.4
d9ec6b215 chore: drop dirty from abbreviated tag
08624fd0b docs: add banner to main page
fc23c7a59 test: bump versions for upgrade tests
4bfe68610 feat: update runc to 1.1.1
b315ed953 chore: use go:embed instead of ldflags
a5d64fc81 feat: update Flannel to 0.17.0
6d6eb3f6a docs: fork docs for 1.1
1d55f05d1 docs: update index page
ad6b7ec1a fix: enable etcd consistency on check startup
65a31f753 docs: re-add GA token
741c04832 docs: mark 1.0 docs as latest
e97433c8a docs: update jetson nano
6665e0f00 docs: code block copying
c41f2b216 docs: update whats-new-v1.0
0a36fbbf3 docs: add release notes for 1.0
bd0035f6a docs: add NVIDIA docs
efa3f2898 fix: correctly find partitions with config data (metal-iso)
9ebeec0d0 docs: fix incorrect path for talosconfig
9fef4540e docs: fix non-latest download links
f8ef6a081 docs: add rook ceph configuration guide
e2666f58f chore: bump kernel to 5.15.32
957b2f233 chore: bump dependencies
0fd2aa08b fix: correctly escape '.' in volume names
108fd03a7 fix: give up virtual IPs before the kubelet workloads are shut down
856e1333d fix: use 'localhost' endpoint in docker provisioner on Windows
c5da38609 docs: use variables and templates in the docs
4c83847b9 docs: target search results
67fb72d96 docs: add algolia versions to all content
5344d6e7c docs: fix extension service path dependency
9b9191c5e fix: increase intiial window and connection window sizes
7a88a0224 docs: show archived/pre-release banner based on version
e403470bf docs: filter algolia results by latest
0497d5f9f docs: tag latest docs for search
a25425483 feat: update containerd to 1.6.2, Linux to 5.15.31
9b6422fcc feat: update CoreDNS to 1.9.1
020856f80 docs: remove second search bar
5f27f4c63 docs: update asset links
9ff42b432 docs: fix redirects for /docs URLs
7283efd56 chore: update the talosctl CNI download url
e0eee7fcc test: use clusterctl.yaml overrides after org rename
73966f51e docs: fix extensions
f9766edb5 docs: remove empty doc file
e06e1473b feat: update golangci-lint to 1.45.0 and gofumpt to 0.3.0
a92c614b2 docs: add enterprise link to docs header
0ae7174ba docs: update search settings and redirects
883d401f9 chore: rename github organization to siderolabs
d1294d014 chore: add day-two tests for e2e-qemu
a6240e4b6 feat: update Linux to 5.15.30
e3fda049f docs: overhaul all the docs
f47750726 fix: the etcd recovery client and tests
69e07cddc fix: trigger properly udevd on types and actions
47d0e629d fix: clean up custom udev rules if the config is cleared
b6691b350 chore: bump dependencies
27af5d41c feat: pause the boot process on some failures instead of rebooting
58cb9db1e feat: allow hardlinks in the system extension images
1e982808f fix: ignore pod CIDRs for kubelet node IPs
5e0c80f61 fix: ignore connection reset errors on k8s upgrade
c156580a3 fix: split regular network operation configuration and virtual IP
cd4d4c605 feat: relax extensions file structure validation
50594ab1a fix: ignore terminated pods in pod health checks
9d69fb6b4 feat: update Kubernetes to 1.23.5
327ce5aba fix: invert the condition to skip kubelet kernel checks
cf85b3f07 docs: update cilium inline install
84ee1795d docs: update logo
cc7719c9d docs: improve comments in security proto
caf800fe8 feat: implement D-Bus systemd-compatible shutdown for kubelet
6bec08429 feat: add talosctl completions to copy, usage, logs, restart and service
355b1a4be fix: refresh etcd certs on startup/join
d256b5c5e docs: fix spelling mistakes
5fdedae20 chore: bump kernel to 5.15.28
18a21b5f2 chore: add dependency images-essential -> images
714e5eca6 chore: bump dependencies
58be4067e docs: update README.md
c5fb20930 docs: add loki note
f448cb4f3 feat: bump boot partition size to 1000 MiB
a095acb09 chore: fix equinixMetal platform name
2a7f9a445 fix: check for IPv6 before applying accept_ra
59681b8c9 fix: backport fixes from release-1.0 branch

Changes since v1.1.0-alpha.0

54 commits

1d5c08e74 chore: bump kernel to 5.15.35
9bf23e516 feat: update Kubernetes to 1.24.0-rc.0
d78ed320b docs: fix the docs reference to star registry redirects
257dfb870 fix: run the 'post' stage of the service always
992e23023 fix: correctly handle stopping services with reverse dependencies
bb7a50bd5 docs: fix netlify redirects
486f79bc7 docs: fix netlify deploy url
e8cbedb05 docs: add canonical link ref
0fe4a7832 docs: improve latest-version banner
23984efcd fix: detect lingering mounts in the installer correctly
54dba925f chore: refactor network resource to use typed resource
4eb9f45cc refactor: split polymorphic K8sControlPlane into typed resources
68dfdd331 fix: provide logger to the etcd snapshot restore
f190403f0 docs: add how to get config after interactive setup
fac7b9466 docs: improve vip caveats documentation
250df9e67 docs: improve rook-ceph description
b5c1d868d docs: add talos/kubernetes config faq
39721ee93 chore: bump dependencies
610945774 chore: bump tools and pkgs
2b68c8b67 fix: enable long timestamps for xfs
be00d7749 chore: implement cluster resources using cosi typed resource
460d5ab13 docs: fix extension services alias
bbdfda2dd chore: xfs quota support in kernel
8ff8fc77f chore: enable rpi4 poe hat fan control
2b9722d1f feat: add dry-run flag in apply-config and edit commands
8af50fcd2 fix: correct cri package import path
ce09ede83 feat: update etcd to 3.5.3
13f41badd chore: bump kernel to 5.15.34
fa57b5d92 docs: reorganize documentation
a91eb9358 chore: bump deps
0aad0df2e refactor: remove String() for resource implementation
a4060513c feat: build Talos with support for x86-64-v2 microarchitecture
8faebd410 chore: bump tools and pkgs
8499b7e7d chore: bump dependencies
a7ba7ea67 feat: migrate to go 1.18
9dace93b5 feat: enable Pod Security Admission by default
c382cb8cd docs: update vmware docs
da0e638f0 docs: stableize tools versioning
f2d2267e7 docs: use template for netlify redirects
88f1d8fcc docs: update sitemap to point to direct url
a6eebee36 chore: update eudev
0cb84e8c1 fix: correctly parse tags out of images
17d09739f docs: enable nested arrow
1e4320b64 chore: add support for rockpi 4A and 4B
d1869d948 docs: update to Sidero Metal, mention clusterctl
18d0038ec fix: avoid panic in DHCPv6 operator on nil dereference
9e3d438db docs: fix code fence formatting
b3f1bb2cf fix: add support for FAT12/16 filesystems
8619f95c5 chore: bump dependencies
8c4f72004 docs: override sitemap.xml to only include latest results
5192ba4e2 docs: fix a typo in QEMU VM setup guide
663e3e879 refactor: change the stages for embed files generation
19bf12af0 fix: enable IPv6 in Docker-based Talos clusters
3889a5839 docs: update config.yaml, storage.md, digital-rebar.md

Changes from siderolabs/extras

2 commits

ac3b9a4 chore: bump pkgs
d4f8e88 chore: update references after org rename

Changes from siderolabs/pkgs

31 commits

95f4418 chore: bump kernel to 5.15.35
201af71 chore: bump tools and bldr
3de14d7 chore: enable xfs quota support
6955fd0 chore: bump raspberrypi-firmware to 1.20220331
5b498d8 chore: bump linux-firmware 20220401
9cda5c0 chore: bump kernel to 5.15.34
8b48af6 chore: bump tools
ff13660 chore: bump kernel to 5.15.33
415020f chore: bump eudev, remove non-relevant default rules
6691342 chore: add rockpi4c
5bd5fad chore: build u-boot spi image for rockpi
4dace49 fix: ipxe prompt arm64
6041fd7 chore: update to use latest tools (specifically go 1.18)
4b3e70e chore: upstream u-boot for jetson nano
cc1c8c7 feat: update runc to 1.1.1
3baf4e4 chore: enable random trust CPU
df31920 chore: disable sound
c27751b chore: bump nvidia drivers to 510.60.02
ba98e20 chore: bump kernel to 5.15.32
a76edfd feat: update containerd to 1.6.2
0c38670 chore: bump kernel to 5.15.31
bc4fb0c chore: org update
41f291d feat: update Flannel CNI to 1.0.1
58603ba chore: bump kernel to 5.15.30
d3bb262 chore: bump kernel to 5.15.29
76a24b5 chore: update openssl to 1.1.1n
490c7b7 chore: enable aarch64 NVIDIA drivers
b794b7a chore: bump linux-firmware to 20220310
acda207 chore: bump kernel to 5.15.28
e0fec11 chore: bump nvidia driver to 510.54
0407f05 chore: bump kernel to 5.15.27

Changes from siderolabs/tools

11 commits

8c1f801 chore: bump coreutils to 9.1
533d5c9 chore: bump git to 2.35.2
a15cbee chore: bump go to 1.18.1
718ec10 chore: enable conform
a60a332 chore: bump xz and gzip
c8a3d4d chore: update go to 1.18
1684fdc chore: bump expat to 2.4.8
7f5e44c chore: bump zlib to 1.2.12
bfc99ca chore: rename org
99be089 chore: update openssl to 1.1.1n
b63872b chore: update golang to 1.17.8

Changes from talos-systems/go-blockdevice

2 commits

d9c3a27 feat: support probing FAT12/FAT16 filesystems
b374eb4 fix: align partition to 1M boundary by default

Dependency Changes

cloud.google.com/go/compute v1.5.0 -> v1.6.0
github.com/BurntSushi/toml v1.0.0 -> v1.1.0
github.com/aws/aws-sdk-go v1.43.8 -> v1.43.41
github.com/containernetworking/plugins v1.1.0 -> v1.1.1
github.com/cosi-project/runtime 264f8fcd1a4f -> 639b4a2e6120
github.com/docker/distribution v2.8.0 -> v2.8.1
github.com/docker/docker v20.10.12 -> v20.10.14
github.com/gdamore/tcell/v2 f057f0a857a1 -> v2.5.1
github.com/google/nftables 211824995dcb -> 950e408d48c6
github.com/insomniacslk/dhcp 3c283ff8b7dd -> 12fbdcb11b41
github.com/jsimonetti/rtnetlink v1.1.0 -> v1.2.0
github.com/rivo/tview 96063d6082f3 -> 9994674d60a8
github.com/rs/xid v1.3.0 -> v1.4.0
github.com/siderolabs/extras v1.0.0 -> v1.1.0-alpha.0-1-gac3b9a4
github.com/siderolabs/pkgs v1.0.0-6-g7c293d5 -> v1.1.0-alpha.0-28-g95f4418
github.com/siderolabs/tools v1.0.0-1-g4c77d96 -> v1.1.0-alpha.0-10-g8c1f801
github.com/spf13/cobra v1.3.0 -> v1.4.0
github.com/stretchr/testify v1.7.0 -> v1.7.1
github.com/talos-systems/go-blockdevice v0.3.1 -> d9c3a2738861
github.com/vishvananda/netlink 650dca95af54 -> v1.2.0-beta
github.com/vmware-tanzu/sonobuoy v0.56.2 -> v0.56.4
github.com/vmware/vmw-guestinfo cc1fd90d572c -> 510905f0efa3
go.etcd.io/etcd/api/v3 v3.5.2 -> v3.5.3
go.etcd.io/etcd/client/pkg/v3 v3.5.2 -> v3.5.3
go.etcd.io/etcd/client/v3 v3.5.2 -> v3.5.3
go.etcd.io/etcd/etcdutl/v3 v3.5.2 -> v3.5.3
golang.org/x/net 27dd8689420f -> 290c469a71a5
golang.org/x/sys 4e6760a101f9 -> 33da011f77ad
golang.org/x/term 03fcf44c2211 -> e5f449aeb171
golang.org/x/time 0e9765cccd65 -> 583f2d630306
golang.zx2c4.com/wireguard/wgctrl fde48d68ee68 -> fec8f2be4827
google.golang.org/grpc v1.44.0 -> v1.45.0
google.golang.org/protobuf v1.27.1 -> v1.28.0
k8s.io/api v0.23.5 -> v0.24.0-beta.0
k8s.io/apimachinery v0.23.5 -> v0.24.0-beta.0
k8s.io/apiserver v0.23.5 -> v0.24.0-beta.0
k8s.io/client-go v0.23.5 -> v0.24.0-beta.0
k8s.io/component-base v0.23.5 -> v0.24.0-beta.0
k8s.io/cri-api v0.23.5 -> v0.24.0-beta.0
k8s.io/kubectl v0.23.5 -> v0.24.0-beta.0
k8s.io/kubelet v0.23.5 -> v0.24.0-beta.0
kernel.org/pub/linux/libs/security/libcap/cap v1.2.63 -> v1.2.64

Previous release can be found at v1.0.0

Talos 1.1.0-alpha.0 (2022-04-01)

Welcome to the v1.1.0-alpha.0 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

Component Updates

Kubernetes: 1.24.0-beta.0
Flannel: 0.17.0
runc: 1.1.1

Contributors

Andrey Smirnov
Noel Georgi
Spencer Smith
Tim Jones
Andrew Rynhard
Dmitriy Matrenichev
Steve Francis
Artem Chernyshev
Caleb Woodbine
Daniel Höxtermann
Jori Huisman
Nico Berlee
Serge Logvinov
Seán C McCord
Suraj Shirvankar
Tomasz Zurkowski

Changes

90 commits

e860312df release(v1.1.0-alpha.0): prepare release
2ca5279e5 fix: retry manifest updates in upgrade-k8s
eeb756168 feat: use kexec when resetting a node
1ed1f73e5 test: bump CAPI to 1.1.3
2ee1d2c72 feat: update Kuberentes to 1.24.0-beta.0
c26fa4ccc test: push GITHUB_TOKEN to the e2e-aws/gcp steps
95d900de7 feat: use kubeconfig env var
0b407dd17 feat: add dhcp-v6 NTP/DHCP-DUID
a140a6bad docs: update releases shortcode in upgrade guide
12931dced fix: align partitions on 1M boundary
37f868e37 fix: validate empty TLS config for registries
ca8b9c0a3 feat: update Kubernetes to 1.24.0-alpha.4
d9ec6b215 chore: drop dirty from abbreviated tag
08624fd0b docs: add banner to main page
fc23c7a59 test: bump versions for upgrade tests
4bfe68610 feat: update runc to 1.1.1
b315ed953 chore: use go:embed instead of ldflags
a5d64fc81 feat: update Flannel to 0.17.0
6d6eb3f6a docs: fork docs for 1.1
1d55f05d1 docs: update index page
ad6b7ec1a fix: enable etcd consistency on check startup
65a31f753 docs: re-add GA token
741c04832 docs: mark 1.0 docs as latest
e97433c8a docs: update jetson nano
6665e0f00 docs: code block copying
c41f2b216 docs: update whats-new-v1.0
0a36fbbf3 docs: add release notes for 1.0
bd0035f6a docs: add NVIDIA docs
efa3f2898 fix: correctly find partitions with config data (metal-iso)
9ebeec0d0 docs: fix incorrect path for talosconfig
9fef4540e docs: fix non-latest download links
f8ef6a081 docs: add rook ceph configuration guide
e2666f58f chore: bump kernel to 5.15.32
957b2f233 chore: bump dependencies
0fd2aa08b fix: correctly escape '.' in volume names
108fd03a7 fix: give up virtual IPs before the kubelet workloads are shut down
856e1333d fix: use 'localhost' endpoint in docker provisioner on Windows
c5da38609 docs: use variables and templates in the docs
4c83847b9 docs: target search results
67fb72d96 docs: add algolia versions to all content
5344d6e7c docs: fix extension service path dependency
9b9191c5e fix: increase intiial window and connection window sizes
7a88a0224 docs: show archived/pre-release banner based on version
e403470bf docs: filter algolia results by latest
0497d5f9f docs: tag latest docs for search
a25425483 feat: update containerd to 1.6.2, Linux to 5.15.31
9b6422fcc feat: update CoreDNS to 1.9.1
020856f80 docs: remove second search bar
5f27f4c63 docs: update asset links
9ff42b432 docs: fix redirects for /docs URLs
7283efd56 chore: update the talosctl CNI download url
e0eee7fcc test: use clusterctl.yaml overrides after org rename
73966f51e docs: fix extensions
f9766edb5 docs: remove empty doc file
e06e1473b feat: update golangci-lint to 1.45.0 and gofumpt to 0.3.0
a92c614b2 docs: add enterprise link to docs header
0ae7174ba docs: update search settings and redirects
883d401f9 chore: rename github organization to siderolabs
d1294d014 chore: add day-two tests for e2e-qemu
a6240e4b6 feat: update Linux to 5.15.30
e3fda049f docs: overhaul all the docs
f47750726 fix: the etcd recovery client and tests
69e07cddc fix: trigger properly udevd on types and actions
47d0e629d fix: clean up custom udev rules if the config is cleared
b6691b350 chore: bump dependencies
27af5d41c feat: pause the boot process on some failures instead of rebooting
58cb9db1e feat: allow hardlinks in the system extension images
1e982808f fix: ignore pod CIDRs for kubelet node IPs
5e0c80f61 fix: ignore connection reset errors on k8s upgrade
c156580a3 fix: split regular network operation configuration and virtual IP
cd4d4c605 feat: relax extensions file structure validation
50594ab1a fix: ignore terminated pods in pod health checks
9d69fb6b4 feat: update Kubernetes to 1.23.5
327ce5aba fix: invert the condition to skip kubelet kernel checks
cf85b3f07 docs: update cilium inline install
84ee1795d docs: update logo
cc7719c9d docs: improve comments in security proto
caf800fe8 feat: implement D-Bus systemd-compatible shutdown for kubelet
6bec08429 feat: add talosctl completions to copy, usage, logs, restart and service
355b1a4be fix: refresh etcd certs on startup/join
d256b5c5e docs: fix spelling mistakes
5fdedae20 chore: bump kernel to 5.15.28
18a21b5f2 chore: add dependency images-essential -> images
714e5eca6 chore: bump dependencies
58be4067e docs: update README.md
c5fb20930 docs: add loki note
f448cb4f3 feat: bump boot partition size to 1000 MiB
a095acb09 chore: fix equinixMetal platform name
2a7f9a445 fix: check for IPv6 before applying accept_ra
59681b8c9 fix: backport fixes from release-1.0 branch

Changes from siderolabs/extras

1 commit

d4f8e88 chore: update references after org rename

Changes from siderolabs/pkgs

18 commits

4b3e70e chore: upstream u-boot for jetson nano
cc1c8c7 feat: update runc to 1.1.1
3baf4e4 chore: enable random trust CPU
df31920 chore: disable sound
c27751b chore: bump nvidia drivers to 510.60.02
ba98e20 chore: bump kernel to 5.15.32
a76edfd feat: update containerd to 1.6.2
0c38670 chore: bump kernel to 5.15.31
bc4fb0c chore: org update
41f291d feat: update Flannel CNI to 1.0.1
58603ba chore: bump kernel to 5.15.30
d3bb262 chore: bump kernel to 5.15.29
76a24b5 chore: update openssl to 1.1.1n
490c7b7 chore: enable aarch64 NVIDIA drivers
b794b7a chore: bump linux-firmware to 20220310
acda207 chore: bump kernel to 5.15.28
e0fec11 chore: bump nvidia driver to 510.54
0407f05 chore: bump kernel to 5.15.27

Changes from siderolabs/tools

2 commits

99be089 chore: update openssl to 1.1.1n
b63872b chore: update golang to 1.17.8

Changes from talos-systems/go-blockdevice

1 commit

b374eb4 fix: align partition to 1M boundary by default

Dependency Changes

github.com/aws/aws-sdk-go v1.43.8 -> v1.43.26
github.com/containernetworking/plugins v1.1.0 -> v1.1.1
github.com/docker/distribution v2.8.0 -> v2.8.1
github.com/docker/docker v20.10.12 -> v20.10.14
github.com/jsimonetti/rtnetlink v1.1.0 -> v1.1.1
github.com/rivo/tview 96063d6082f3 -> 9994674d60a8
github.com/rs/xid v1.3.0 -> v1.4.0
github.com/siderolabs/extras v1.0.0 -> v1.1.0-alpha.0
github.com/siderolabs/pkgs v1.0.0-6-g7c293d5 -> v1.1.0-alpha.0-15-g4b3e70e
github.com/siderolabs/tools v1.0.0-1-g4c77d96 -> v1.1.0-alpha.0-1-g99be089
github.com/spf13/cobra v1.3.0 -> v1.4.0
github.com/stretchr/testify v1.7.0 -> v1.7.1
github.com/talos-systems/go-blockdevice v0.3.1 -> b374eb48148d
github.com/vmware-tanzu/sonobuoy v0.56.2 -> v0.56.3
github.com/vmware/vmw-guestinfo cc1fd90d572c -> 510905f0efa3
golang.org/x/net 27dd8689420f -> de3da57026de
golang.org/x/sys 4e6760a101f9 -> 530d0810a4d0
golang.zx2c4.com/wireguard/wgctrl fde48d68ee68 -> 056925b7df31
google.golang.org/grpc v1.44.0 -> v1.45.0
google.golang.org/protobuf v1.27.1 -> v1.28.0
k8s.io/api v0.23.5 -> v0.24.0-beta.0
k8s.io/apimachinery v0.23.5 -> v0.24.0-beta.0
k8s.io/apiserver v0.23.5 -> v0.24.0-beta.0
k8s.io/client-go v0.23.5 -> v0.24.0-beta.0
k8s.io/component-base v0.23.5 -> v0.24.0-beta.0
k8s.io/cri-api v0.23.5 -> v0.24.0-beta.0
k8s.io/kubectl v0.23.5 -> v0.24.0-beta.0
k8s.io/kubelet v0.23.5 -> v0.24.0-beta.0

Previous release can be found at v1.0.0

Talos 0.15.0-alpha.2 (2022-02-11)

Welcome to the v0.15.0-alpha.2 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Apply Config Enhancements

talosctl apply/patch/edit cli commands got revamped. Separate flags --on-reboot, --immediate, --interactive were replaced with a single --mode flag that can take the following values:

auto new mode that automatically applies the configuration in immediate/reboot mode.
no-reboot force apply immediately, if not possible, then fail.
reboot force reboot with apply config.
staged write new machine configuration to STATE, but don't apply it (it will be applied after a reboot).
interactive starts interactive installer, only for apply.

Pinned Kubernets Version

Command talosctl gen config now defaults to Kubernetes version pinning in the generate machine configuration. Previously default was to omit explicit Kubernetes version, so Talos picked up the default version it was built against. Old behavior can be achieved by specifying empty flag value: --kubernetes-version=.

Machine Configuration

Talos now preserves machine configuration as it was submitted to the node.

Machine Configuration Patching

talosctl commands which accept JSON patches (gen config, cluster create, patch machineconfig) now support multiple patches, loading patches from files with @file.json syntax, and support loading from YAML format.

Platform Support

Talos now supports Oracle Cloud.

Platform network configuration was rewritten to avoid modifying Talos machine configuration. Network configuration is performed independent of the machine configuration presence, so it works even if Talos is booted in maintenance mode (without machine configuration is platform userdata).

SBC Support

Talos now supports Jetson Nano SBC.

Static Pods in the Machine Configuration

Talos now accepts static pod definitions in the .machine.pods key of the machine configuration. Please note that static pod definitions are not validated by Talos. Static pod definitions can be updated without a node reboot.

System Extensions

System extensions allow extending Talos root filesystem, which enables a set of different features, including custom container runtimes, additional firmware, etc.

System extensions are only activated during Talos installation (or upgrade), and with system extensions installed, Talos root filesystem is still immutable and read-only.

Please see extensions repository and documentation for more information.

Component Updates

Linux: 5.15.23
Kubernetes: 1.23.3
CoreDNS: 1.8.7
etcd: 3.5.2
containerd: 1.6.0-rc.0
runc: 1.1.0

Talos is built with Go 1.17.7

Wipe System Kernel Parameter

Added new kernel parameter talos.experimental.wipe=system which can help resetting system disk for the machine and start over with a fresh installation. See Resetting a Machine on how to use it.

Contributors

Andrey Smirnov
Noel Georgi
Artem Chernyshev
Spencer Smith
Serge Logvinov
Seán C McCord
Florian Klink
Steve Francis
Andrew Rynhard
Anthony Rabbito
Bernard Sébastien
Charlie Haley
Eric Wohltman
Niklas Metje
Philipp Sauter
Shahar Naveh
Tim Jones
nebulait

Changes

137 commits

1e9f0ad4c feat: update Go to 1.17.7, Linux to 5.15.23
fef99892d chore: pin kubernetes version to talosctl gen config
bcf928134 feat: udev extensions support
47619f832 docs: update system extensions guide with grammar fixes
2bcceb6e4 chore: disable TIPC and B.A.T.M.A.N
c6bca1b33 docs: add guide on system extensions
492b156da feat: implement static pods via machine configuration
6fadfa8db fix: parse properly IPv6 address in the cmdline ip= arg
d991f3982 chore: update the kernel with IGC driver enabled
cbc9610be feat: sysctl system optimization
8b6d6220d fix: parse interface ip correctly (nocloud)
54632b1be docs: fix developing Talos docs
0da370dfe test: unlock CABPT/CACPPT provider versions
df0e388a4 feat: extract firmware part of system extensions into initramfs
8899dd349 chore: add json-tags for SecretsBundle
4f391cd5c chore: bump kernel to 5.15.22
6bd07406e feat: disable reboots via kexec
1e3f2f952 fix: validate kubelet node IP subnets correctly
d211bff47 feat: enable accept_ra when IPv6 forwarding
930205831 chore: update kernel to 5.15.21
c7186ed08 chore: bump dependencies
9ee470f95 feat: set /etc/localtime to UTC
c34768367 fix: disable auto-tls for etcd
9bffc7e8d fix: pass proper sequence to shutdown sequence on ACPI shutdown
e47387e41 chore: bump CAPI to 1.0.4
5462f5ed1 feat: update etcd to 3.5.2
f6fa12e53 docs: update upgrading Talos, Kubernetes, and Docker guides
5484579c1 feat: allow link scope routes in the machine config
56b83b087 feat: enable persistence for docker provider
949464e4b fix: use leaf certificate in the apid RBAC check
446972f21 chore: bump kernel to 5.15.19
fe40e7b1b feat: drain node on shutdown
7f0b3aae0 feat: add multiple config patches, patches from files, YAML support
202290be7 docs: update Kubernetes upgrade video
036644f7a chore: bump kernel to 5.15.18
dcde2c4f6 chore: update k8s upgrade message
1c949335c docs: add documentation for Hyper-V
7f9790912 fix: clean up containerd state on installer run/validate
8b98d8eb3 docs: clarify Filebeat example
74c03120c docs: replace Talos upgrades video
65e64d425 chore: update kernel to stable 5.15.17
4245f72d3 feat: add --extra-uefi-search-paths option
7ffeb6c2e docs: update oracle cloud example
151c9df09 chore: add CSI tests for e2e-qemu
cdb621c82 feat: provide a way to list installed system extensions
abfb25812 feat: share /lib/firmware across initramfs and rootfs
ebec5d4a0 feat: support full disk path in the diskSelector
831f65a07 fix: close client provider instead of Talos client in the upgrade module
0bf161dff test: add integration test for system extensions
7b3962745 fix: handle 404 errors from AWS IMDS correctly
85782faa2 feat: update Kubernetes to 1.23.3
c5e5922e5 chore: bump dependencies
b3c3ef29b feat: install system extensions
a0889600f chore: fix golangci-lint install
a50c42980 fix: use #!/usr/bin/env bash as shebang instead of #!/bin/bash
4464b725c fix: qemu: always use runtime.GOARCH for CNI bundle
e7379c81b release(v0.15.0-alpha.1): prepare release
58eb3600f fix: enforce reasonable TLS min tls-min-version
b8d4c5dfa fix: use correct error in kernel_param_spec Modify call handling
4961d6867 docs: drop talos.interface kernel arg
b1e61fa5b chore: update Linux to 5.15.16
d4b844593 feat: support CRI configuration merging and reimplement registry config
f94c8c6e1 feat: update Kubernetes to 1.23.2
21f497b3e feat: install readonly overlay mounts during talos chroot sequence
9ad5a67d2 feat: inject platform network configuration as network resources
907f8cbfb docs: fix patch flag
caa434426 docs: add documentation on developing Talos
16eeb6776 docs: readme updates
3c0737027 chore: update release notes
6d8bea5d5 feat: jetson nano SoC
1d8955ebe feat: update CoreDNS to 1.8.7
6af83afd5 fix: handle multiple-IP cluster nodes
43b2d8137 chore: bump dependencies
529e80f4f docs: update home page and footer
37630e70c Update twitter link
af440919b fix: avoid panic in config loading/validation
4b8e9de59 docs: add guide on adding proprietary kernel modules
833dc4169 docs: rework vmware assets
2869b5eea feat: add oraclecloud.com platform support
f3ec24beb fix: vmware documentation typo
2f2bdb26a feat: replace flags with --mode in apply, edit and patch commands
b09be2a69 docs: update index.md and sync across versions
ca65b918a docs: add nocloud documentation
59437d6d8 fix: filter down nameservers for docker-based cluster create
194eaa6f2 chore: clean up /usr/bin from unneeded files
74e727240 docs: update office office
539af338c docs: update vmware docs
279a3fda7 feat: update Go to 1.17.6, containerd to 1.5.9
3d3088941 chore: bump Go dependencies
d02d944ec chore: provide umarshal from YAML methods for network resource specs
2e735714d fix: derive machine-id from node identity
d8a2721e1 test: update CAPI components to latest
7dff8a53e fix: ignore missing init.yaml for cluster create
f4516c7d8 chore: bump dependencies
944f13221 chore: fix release pipeline
cb548a368 release(v0.15.0-alpha.0): prepare release
da0b36e61 feat: introduce talos.exp.wipe kernel param to wipe system disk
c079eb32b refactor: use AWS SDK to access AWS metadata service
2f4b9d8d6 feat: make machine configuration read-only in Talos (almost)
524f83d3d feat: use official Go SDK to fetch GCP instance metadata
d2a7e082c test: retry in discovery tests
f4219e530 chore: remove unused methods in AWS platform
35bc2940e fix: kexec on RPI4
f235cfbae fix: multiple usability fixes
b3fbb2f31 test: don't build all images in the default CI pipeline
dac550a50 docs: fix troubleshooting guide
83e8bec6b feat: update Linux to 5.15.11
d5a82b37e feat: remove ApplyDynamicConfig
3623da136 feat: provide a way to load Linux kernel modules
4d1514add docs: update Mayastor deployment process
cff1ff6d5 feat: shell completion for list, read
19728437e feat: output IPs when etcd needs to be bootstrapped
c297d66a1 test: attempt number on two on proper retries in CLI time tests
dc299da9e docs: add arm64 option to talosctl download
f49f40a33 fix: pass path to conformance retrieve results
942c8074f docs: fork docs for 0.15
880a7782c docs: update documentation for 0.14.0 release
dc9a0cfe9 chore: bump Go dependencies
773496935 fix: config apply immediate
17c147488 test: retry talosctl time call in the tests
acf1ac0f1 feat: show human-readable aliases in talosctl get rd
5532867b0 refactor: rewrite the implementation of Processes API
80350861a feat: update Kubernetes to 1.23.1
4c96e936e docs: add cilium guide
e3f2acb5e refactor: rewrite the check for unknown keys in the machine configuration
4175396a8 refactor: use update go-blockdevice library with allocation fixes
b58f567a1 refactor: optimize Runtime config interface to avoid config marshaling
bb355c9ab chore: remove govalidator library
3af56bd2e test: update capi templates to v1beta1
936b4c4ce fix: update DHCP library with the panic fix
ab42886bf fix: allow kubelet to be started via the API
ec641f729 fix: use default time servers in time API if none are configured
79f213eec fix: cleanup affiliates
2dd0b5b68 chore: update Go to 1.17.5
97ffa7a64 feat: upgrade kubelet version in talosctl upgrade-k8s
5bc5123eb docs: document ip= kernel argument
8e1d0bfb5 feat: update Kubernetes to 1.23.0

Changes since v0.15.0-alpha.1

56 commits

1e9f0ad4c feat: update Go to 1.17.7, Linux to 5.15.23
fef99892d chore: pin kubernetes version to talosctl gen config
bcf928134 feat: udev extensions support
47619f832 docs: update system extensions guide with grammar fixes
2bcceb6e4 chore: disable TIPC and B.A.T.M.A.N
c6bca1b33 docs: add guide on system extensions
492b156da feat: implement static pods via machine configuration
6fadfa8db fix: parse properly IPv6 address in the cmdline ip= arg
d991f3982 chore: update the kernel with IGC driver enabled
cbc9610be feat: sysctl system optimization
8b6d6220d fix: parse interface ip correctly (nocloud)
54632b1be docs: fix developing Talos docs
0da370dfe test: unlock CABPT/CACPPT provider versions
df0e388a4 feat: extract firmware part of system extensions into initramfs
8899dd349 chore: add json-tags for SecretsBundle
4f391cd5c chore: bump kernel to 5.15.22
6bd07406e feat: disable reboots via kexec
1e3f2f952 fix: validate kubelet node IP subnets correctly
d211bff47 feat: enable accept_ra when IPv6 forwarding
930205831 chore: update kernel to 5.15.21
c7186ed08 chore: bump dependencies
9ee470f95 feat: set /etc/localtime to UTC
c34768367 fix: disable auto-tls for etcd
9bffc7e8d fix: pass proper sequence to shutdown sequence on ACPI shutdown
e47387e41 chore: bump CAPI to 1.0.4
5462f5ed1 feat: update etcd to 3.5.2
f6fa12e53 docs: update upgrading Talos, Kubernetes, and Docker guides
5484579c1 feat: allow link scope routes in the machine config
56b83b087 feat: enable persistence for docker provider
949464e4b fix: use leaf certificate in the apid RBAC check
446972f21 chore: bump kernel to 5.15.19
fe40e7b1b feat: drain node on shutdown
7f0b3aae0 feat: add multiple config patches, patches from files, YAML support
202290be7 docs: update Kubernetes upgrade video
036644f7a chore: bump kernel to 5.15.18
dcde2c4f6 chore: update k8s upgrade message
1c949335c docs: add documentation for Hyper-V
7f9790912 fix: clean up containerd state on installer run/validate
8b98d8eb3 docs: clarify Filebeat example
74c03120c docs: replace Talos upgrades video
65e64d425 chore: update kernel to stable 5.15.17
4245f72d3 feat: add --extra-uefi-search-paths option
7ffeb6c2e docs: update oracle cloud example
151c9df09 chore: add CSI tests for e2e-qemu
cdb621c82 feat: provide a way to list installed system extensions
abfb25812 feat: share /lib/firmware across initramfs and rootfs
ebec5d4a0 feat: support full disk path in the diskSelector
831f65a07 fix: close client provider instead of Talos client in the upgrade module
0bf161dff test: add integration test for system extensions
7b3962745 fix: handle 404 errors from AWS IMDS correctly
85782faa2 feat: update Kubernetes to 1.23.3
c5e5922e5 chore: bump dependencies
b3c3ef29b feat: install system extensions
a0889600f chore: fix golangci-lint install
a50c42980 fix: use #!/usr/bin/env bash as shebang instead of #!/bin/bash
4464b725c fix: qemu: always use runtime.GOARCH for CNI bundle

Changes from talos-systems/crypto

2 commits

510b0d2 chore: add json tags
6fa2d93 fix: deepcopy nil fields as nil

Changes from talos-systems/extras

3 commits

8f607fc chore: bump to Go 1.17.7
7c1f3cc feat: update Go to 1.17.6
495a5b2 feat: update Go to 1.17.5

Changes from talos-systems/go-blockdevice

3 commits

7b9de26 feat: read symlink fullpath in block device list function
6928ee4 refactor: rewrite GPT serialize/deserialize functions
0c7e429 refactor: simplify middle endian functions

Changes from talos-systems/net

1 commit

409926a fix: parse correctly some IPv6 CIDRs

Changes from talos-systems/pkgs

25 commits

6019223 chore: bump kernel to 5.15.23
ff4b2d8 chore: bump tools for Go 1.17.7
e34f883 chore: disable TIPC and B.A.T.M.A.N
2b8cd88 feat: add Intel Ethernet Controller I225-V driver
407459d feat: enable zstd squashfs compression and firmware (xz) compression
81a4b1c chore: bump kernel to 5.15.22
c9a6415 chore: bump kernel to 5.15.21
90dcd00 chore: bump kernel to 5.15.19
d457b87 chore: bump kernel to 5.15.18
dd69678 chore: disable ATA-over-Ethernet driver for arm64
388ce13 chore: bump kernel to 5.15.17
c14eb99 feat: update Linux to 5.15.16
5d4d8d6 feat: bump containerd to 1.6.0-rc.0, runc to 1.1.0
5dd08a7 feat: jetson nano SoC
402b960 chore: bump u-boot to 2022.01
6ce1a40 feat: update Go to 1.17.6
08f2519 feat: update containerd to 1.5.9
fbb5c5c feat: add qlcnic drivers to kernel
0505e01 chore: fix =m kernel build options
54aa902 feat: enable amdgpu in kernel
2779c3f fix: kexec on rpi4
950361f feat: update Linux to 5.15.11
ad611bc feat: provide build instructions for NVIDIA kernel module
b22723d feat: update iPXE to the latest available version
a675c67 feat: update Go to 1.17.5

Changes from talos-systems/tools

4 commits

4c9e7a4 chore: bump go to 1.17.7
d33b4b6 feat: support zstd compression
67314b1 feat: update Go to 1.17.6
9c2b9df feat: update Go to 1.17.5

Dependency Changes

cloud.google.com/go/compute v1.2.0 new
github.com/BurntSushi/toml v0.4.1 -> v1.0.0
github.com/aws/aws-sdk-go v1.42.47 new
github.com/containerd/cgroups v1.0.2 -> v1.0.3
github.com/containerd/containerd v1.5.8 -> v1.6.0-rc.2
github.com/docker/docker v20.10.11 -> v20.10.12
github.com/google/go-cmp v0.5.6 -> v0.5.7
github.com/google/nftables 16a134723a96 -> 91d3b4571db1
github.com/hashicorp/go-getter v1.5.9 -> v1.5.11
github.com/hashicorp/go-version v1.4.0 new
github.com/insomniacslk/dhcp 5297eed8f489 -> 3c283ff8b7dd
github.com/jsimonetti/rtnetlink fd9a11f42291 -> v1.1.0
github.com/jxskiss/base62 v1.0.0 -> v1.1.0
github.com/mdlayher/ethtool 288d040e9d60 -> 81c2608dd90e
github.com/mdlayher/genetlink v1.0.0 -> v1.2.0
github.com/mdlayher/netlink v1.4.2 -> v1.6.0
github.com/opencontainers/image-spec v1.0.2 new
github.com/packethost/packngo v0.20.0 -> v0.21.0
github.com/pelletier/go-toml v1.9.4 new
github.com/pmorjan/kmod v1.0.0 new
github.com/rivo/tview 2a6de950f73b -> 1f7581b67bd1
github.com/spf13/cobra v1.2.1 -> v1.3.0
github.com/talos-systems/crypto v0.3.4 -> 510b0d2753a8
github.com/talos-systems/extras v0.7.0-1-gd6b73a7 -> v0.8.0-alpha.0-2-g8f607fc
github.com/talos-systems/go-blockdevice v0.2.5 -> 7b9de26bc6bc
github.com/talos-systems/net v0.3.1 -> 409926aec1c3
github.com/talos-systems/pkgs v0.9.0-1-g7a3419a -> v0.10.0-alpha.0-24-g6019223
github.com/talos-systems/tools v0.9.0-1-gb1146f9 -> v0.10.0-alpha.0-3-g4c9e7a4
github.com/u-root/u-root v7.0.0 -> v0.8.0
github.com/vishvananda/netlink f5de75959ad5 -> 650dca95af54
github.com/vmware-tanzu/sonobuoy v0.55.1 -> v0.56.0
github.com/vmware/govmomi v0.27.2 -> v0.27.3
go.etcd.io/etcd/api/v3 v3.5.1 -> v3.5.2
go.etcd.io/etcd/client/pkg/v3 v3.5.1 -> v3.5.2
go.etcd.io/etcd/client/v3 v3.5.1 -> v3.5.2
go.etcd.io/etcd/etcdutl/v3 v3.5.1 -> v3.5.2
go.uber.org/zap v1.19.1 -> v1.20.0
golang.org/x/net 491a49abca63 -> cd36cc0744dd
golang.org/x/sys 97ca703d548d -> 1c1b9b1eba6a
golang.zx2c4.com/wireguard/wgctrl dd7407c86d22 -> daad0b7ba671
google.golang.org/grpc v1.42.0 -> v1.44.0
k8s.io/api v0.23.1 -> v0.23.3
k8s.io/apimachinery v0.23.1 -> v0.23.3
k8s.io/client-go v0.23.1 -> v0.23.3
k8s.io/component-base v0.23.1 -> v0.23.3
k8s.io/kubectl v0.23.1 -> v0.23.3
k8s.io/kubelet v0.23.1 -> v0.23.3
kernel.org/pub/linux/libs/security/libcap/cap v1.2.61 -> v1.2.63

Previous release can be found at v0.14.0

Talos 0.15.0-alpha.1 (2022-01-24)

Welcome to the v0.15.0-alpha.1 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Apply Config Enhancements

talosctl apply/patch/edit cli commands got revamped. Separate flags --on-reboot, --immediate, --interactive were replaced with a single --mode flag that can take the following values:

auto new mode that automatically applies the configuration in immediate/reboot mode.
no-reboot force apply immediately, if not possible, then fail.
reboot force reboot with apply config.
staged write new machine configuration to STATE, but don't apply it (it will be applied after a reboot).
interactive starts interactive installer, only for apply.

Machine Configuration

Talos now preserves machine configuration as it was submitted to the node.

Platform Support

Talos now supports Oracle Cloud.

SBC Support

Talos now supports Jetson Nano SBC.

Component Updates

Linux: 5.15.16
containerd: 1.5.9
CoreDNS: 1.8.7
containerd: 1.6.0-rc.0
runc: 1.1.0

Talos is built with Go 1.17.6

Wipe System Kernel Parameter

Added new kernel parameter talos.experimental.wipe=system which can help resetting system disk for the machine and start over with a fresh installation. See Resetting a Machine on how to use it.

Contributors

Andrey Smirnov
Noel Georgi
Spencer Smith
Artem Chernyshev
Seán C McCord
Steve Francis
Serge Logvinov
Andrew Rynhard
Anthony Rabbito
Eric Wohltman
Niklas Metje
Shahar Naveh

Changes

80 commits

58eb3600f fix: enforce reasonable TLS min tls-min-version
b8d4c5dfa fix: use correct error in kernel_param_spec Modify call handling
4961d6867 docs: drop talos.interface kernel arg
b1e61fa5b chore: update Linux to 5.15.16
d4b844593 feat: support CRI configuration merging and reimplement registry config
f94c8c6e1 feat: update Kubernetes to 1.23.2
21f497b3e feat: install readonly overlay mounts during talos chroot sequence
9ad5a67d2 feat: inject platform network configuration as network resources
907f8cbfb docs: fix patch flag
caa434426 docs: add documentation on developing Talos
16eeb6776 docs: readme updates
3c0737027 chore: update release notes
6d8bea5d5 feat: jetson nano SoC
1d8955ebe feat: update CoreDNS to 1.8.7
6af83afd5 fix: handle multiple-IP cluster nodes
43b2d8137 chore: bump dependencies
529e80f4f docs: update home page and footer
37630e70c Update twitter link
af440919b fix: avoid panic in config loading/validation
4b8e9de59 docs: add guide on adding proprietary kernel modules
833dc4169 docs: rework vmware assets
2869b5eea feat: add oraclecloud.com platform support
f3ec24beb fix: vmware documentation typo
2f2bdb26a feat: replace flags with --mode in apply, edit and patch commands
b09be2a69 docs: update index.md and sync across versions
ca65b918a docs: add nocloud documentation
59437d6d8 fix: filter down nameservers for docker-based cluster create
194eaa6f2 chore: clean up /usr/bin from unneeded files
74e727240 docs: update office office
539af338c docs: update vmware docs
279a3fda7 feat: update Go to 1.17.6, containerd to 1.5.9
3d3088941 chore: bump Go dependencies
d02d944ec chore: provide umarshal from YAML methods for network resource specs
2e735714d fix: derive machine-id from node identity
d8a2721e1 test: update CAPI components to latest
7dff8a53e fix: ignore missing init.yaml for cluster create
f4516c7d8 chore: bump dependencies
944f13221 chore: fix release pipeline
cb548a368 release(v0.15.0-alpha.0): prepare release
da0b36e61 feat: introduce talos.exp.wipe kernel param to wipe system disk
c079eb32b refactor: use AWS SDK to access AWS metadata service
2f4b9d8d6 feat: make machine configuration read-only in Talos (almost)
524f83d3d feat: use official Go SDK to fetch GCP instance metadata
d2a7e082c test: retry in discovery tests
f4219e530 chore: remove unused methods in AWS platform
35bc2940e fix: kexec on RPI4
f235cfbae fix: multiple usability fixes
b3fbb2f31 test: don't build all images in the default CI pipeline
dac550a50 docs: fix troubleshooting guide
83e8bec6b feat: update Linux to 5.15.11
d5a82b37e feat: remove ApplyDynamicConfig
3623da136 feat: provide a way to load Linux kernel modules
4d1514add docs: update Mayastor deployment process
cff1ff6d5 feat: shell completion for list, read
19728437e feat: output IPs when etcd needs to be bootstrapped
c297d66a1 test: attempt number on two on proper retries in CLI time tests
dc299da9e docs: add arm64 option to talosctl download
f49f40a33 fix: pass path to conformance retrieve results
942c8074f docs: fork docs for 0.15
880a7782c docs: update documentation for 0.14.0 release
dc9a0cfe9 chore: bump Go dependencies
773496935 fix: config apply immediate
17c147488 test: retry talosctl time call in the tests
acf1ac0f1 feat: show human-readable aliases in talosctl get rd
5532867b0 refactor: rewrite the implementation of Processes API
80350861a feat: update Kubernetes to 1.23.1
4c96e936e docs: add cilium guide
e3f2acb5e refactor: rewrite the check for unknown keys in the machine configuration
4175396a8 refactor: use update go-blockdevice library with allocation fixes
b58f567a1 refactor: optimize Runtime config interface to avoid config marshaling
bb355c9ab chore: remove govalidator library
3af56bd2e test: update capi templates to v1beta1
936b4c4ce fix: update DHCP library with the panic fix
ab42886bf fix: allow kubelet to be started via the API
ec641f729 fix: use default time servers in time API if none are configured
79f213eec fix: cleanup affiliates
2dd0b5b68 chore: update Go to 1.17.5
97ffa7a64 feat: upgrade kubelet version in talosctl upgrade-k8s
5bc5123eb docs: document ip= kernel argument
8e1d0bfb5 feat: update Kubernetes to 1.23.0

Changes since v0.15.0-alpha.0

37 commits

58eb3600f fix: enforce reasonable TLS min tls-min-version
b8d4c5dfa fix: use correct error in kernel_param_spec Modify call handling
4961d6867 docs: drop talos.interface kernel arg
b1e61fa5b chore: update Linux to 5.15.16
d4b844593 feat: support CRI configuration merging and reimplement registry config
f94c8c6e1 feat: update Kubernetes to 1.23.2
21f497b3e feat: install readonly overlay mounts during talos chroot sequence
9ad5a67d2 feat: inject platform network configuration as network resources
907f8cbfb docs: fix patch flag
caa434426 docs: add documentation on developing Talos
16eeb6776 docs: readme updates
3c0737027 chore: update release notes
6d8bea5d5 feat: jetson nano SoC
1d8955ebe feat: update CoreDNS to 1.8.7
6af83afd5 fix: handle multiple-IP cluster nodes
43b2d8137 chore: bump dependencies
529e80f4f docs: update home page and footer
37630e70c Update twitter link
af440919b fix: avoid panic in config loading/validation
4b8e9de59 docs: add guide on adding proprietary kernel modules
833dc4169 docs: rework vmware assets
2869b5eea feat: add oraclecloud.com platform support
f3ec24beb fix: vmware documentation typo
2f2bdb26a feat: replace flags with --mode in apply, edit and patch commands
b09be2a69 docs: update index.md and sync across versions
ca65b918a docs: add nocloud documentation
59437d6d8 fix: filter down nameservers for docker-based cluster create
194eaa6f2 chore: clean up /usr/bin from unneeded files
74e727240 docs: update office office
539af338c docs: update vmware docs
279a3fda7 feat: update Go to 1.17.6, containerd to 1.5.9
3d3088941 chore: bump Go dependencies
d02d944ec chore: provide umarshal from YAML methods for network resource specs
2e735714d fix: derive machine-id from node identity
d8a2721e1 test: update CAPI components to latest
7dff8a53e fix: ignore missing init.yaml for cluster create
f4516c7d8 chore: bump dependencies

Changes from talos-systems/crypto

1 commit

6fa2d93 fix: deepcopy nil fields as nil

Changes from talos-systems/extras

2 commits

7c1f3cc feat: update Go to 1.17.6
495a5b2 feat: update Go to 1.17.5

Changes from talos-systems/go-blockdevice

2 commits

6928ee4 refactor: rewrite GPT serialize/deserialize functions
0c7e429 refactor: simplify middle endian functions

Changes from talos-systems/pkgs

14 commits

c14eb99 feat: update Linux to 5.15.16
5d4d8d6 feat: bump containerd to 1.6.0-rc.0, runc to 1.1.0
5dd08a7 feat: jetson nano SoC
402b960 chore: bump u-boot to 2022.01
6ce1a40 feat: update Go to 1.17.6
08f2519 feat: update containerd to 1.5.9
fbb5c5c feat: add qlcnic drivers to kernel
0505e01 chore: fix =m kernel build options
54aa902 feat: enable amdgpu in kernel
2779c3f fix: kexec on rpi4
950361f feat: update Linux to 5.15.11
ad611bc feat: provide build instructions for NVIDIA kernel module
b22723d feat: update iPXE to the latest available version
a675c67 feat: update Go to 1.17.5

Changes from talos-systems/tools

2 commits

67314b1 feat: update Go to 1.17.6
9c2b9df feat: update Go to 1.17.5

Dependency Changes

cloud.google.com/go/compute v1.0.0 new
github.com/BurntSushi/toml v0.4.1 -> v1.0.0
github.com/aws/aws-sdk-go v1.42.35 new
github.com/containerd/containerd v1.5.8 -> v1.6.0-rc.0
github.com/containerd/containerd/api v1.6.0-beta.3 new
github.com/docker/docker v20.10.11 -> v20.10.12
github.com/google/nftables 16a134723a96 -> 6f19c4381e13
github.com/hashicorp/go-getter v1.5.9 -> v1.5.11
github.com/jsimonetti/rtnetlink fd9a11f42291 -> 9dff439f7e79
github.com/jxskiss/base62 v1.0.0 -> v1.1.0
github.com/mdlayher/ethtool 288d040e9d60 -> bc8fdcf6e99c
github.com/mdlayher/genetlink v1.0.0 -> v1.1.0
github.com/mdlayher/netlink v1.4.2 -> v1.5.0
github.com/packethost/packngo v0.20.0 -> v0.21.0
github.com/pelletier/go-toml v1.9.4 new
github.com/pmorjan/kmod v1.0.0 new
github.com/rivo/tview 2a6de950f73b -> 90d72bc664f5
github.com/spf13/cobra v1.2.1 -> v1.3.0
github.com/talos-systems/crypto v0.3.4 -> 6fa2d93d0382
github.com/talos-systems/extras v0.7.0-1-gd6b73a7 -> v0.8.0-alpha.0-1-g7c1f3cc
github.com/talos-systems/go-blockdevice v0.2.5 -> 6928ee43c303
github.com/talos-systems/pkgs v0.9.0-1-g7a3419a -> v0.10.0-alpha.0-13-gc14eb99
github.com/talos-systems/tools v0.9.0-1-gb1146f9 -> v0.10.0-alpha.0-1-g67314b1
github.com/u-root/u-root v7.0.0 -> v0.8.0
github.com/vishvananda/netlink f5de75959ad5 -> 650dca95af54
go.uber.org/zap v1.19.1 -> v1.20.0
golang.org/x/net 491a49abca63 -> 0dd24b26b47d
golang.org/x/sys 97ca703d548d -> da31bd327af9
golang.zx2c4.com/wireguard/wgctrl dd7407c86d22 -> daad0b7ba671
google.golang.org/grpc v1.42.0 -> v1.43.0
k8s.io/api v0.23.1 -> v0.23.2
k8s.io/apimachinery v0.23.1 -> v0.23.2
k8s.io/client-go v0.23.1 -> v0.23.2
k8s.io/component-base v0.23.1 -> v0.23.2
k8s.io/kubectl v0.23.1 -> v0.23.2
k8s.io/kubelet v0.23.1 -> v0.23.2
kernel.org/pub/linux/libs/security/libcap/cap v1.2.61 -> v1.2.62

Previous release can be found at v0.14.0

Talos 0.15.0-alpha.0 (2021-12-30)

Welcome to the v0.15.0-alpha.0 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Machine Configuration

Talos now preserves machine configuration as it was submitted to the node. There is some work still going on various cloud platforms to stop modifying machine configuration on the fly.

Component Updates

Linux: 5.15.11

Wipe System Kernel Parameter

Added new kernel parameter talos.experimental.wipe=system which can help resetting system disk for the machine and start over with a fresh installation. See Resetting a Machine on how to use it.

Contributors

Andrey Smirnov
Noel Georgi
Spencer Smith
Artem Chernyshev
Niklas Metje

Changes

41 commits

da0b36e61 feat: introduce talos.exp.wipe kernel param to wipe system disk
c079eb32b refactor: use AWS SDK to access AWS metadata service
2f4b9d8d6 feat: make machine configuration read-only in Talos (almost)
524f83d3d feat: use official Go SDK to fetch GCP instance metadata
d2a7e082c test: retry in discovery tests
f4219e530 chore: remove unused methods in AWS platform
35bc2940e fix: kexec on RPI4
f235cfbae fix: multiple usability fixes
b3fbb2f31 test: don't build all images in the default CI pipeline
dac550a50 docs: fix troubleshooting guide
83e8bec6b feat: update Linux to 5.15.11
d5a82b37e feat: remove ApplyDynamicConfig
3623da136 feat: provide a way to load Linux kernel modules
4d1514add docs: update Mayastor deployment process
cff1ff6d5 feat: shell completion for list, read
19728437e feat: output IPs when etcd needs to be bootstrapped
c297d66a1 test: attempt number on two on proper retries in CLI time tests
dc299da9e docs: add arm64 option to talosctl download
f49f40a33 fix: pass path to conformance retrieve results
942c8074f docs: fork docs for 0.15
880a7782c docs: update documentation for 0.14.0 release
dc9a0cfe9 chore: bump Go dependencies
773496935 fix: config apply immediate
17c147488 test: retry talosctl time call in the tests
acf1ac0f1 feat: show human-readable aliases in talosctl get rd
5532867b0 refactor: rewrite the implementation of Processes API
80350861a feat: update Kubernetes to 1.23.1
4c96e936e docs: add cilium guide
e3f2acb5e refactor: rewrite the check for unknown keys in the machine configuration
4175396a8 refactor: use update go-blockdevice library with allocation fixes
b58f567a1 refactor: optimize Runtime config interface to avoid config marshaling
bb355c9ab chore: remove govalidator library
3af56bd2e test: update capi templates to v1beta1
936b4c4ce fix: update DHCP library with the panic fix
ab42886bf fix: allow kubelet to be started via the API
ec641f729 fix: use default time servers in time API if none are configured
79f213eec fix: cleanup affiliates
2dd0b5b68 chore: update Go to 1.17.5
97ffa7a64 feat: upgrade kubelet version in talosctl upgrade-k8s
5bc5123eb docs: document ip= kernel argument
8e1d0bfb5 feat: update Kubernetes to 1.23.0

Changes from talos-systems/crypto

1 commit

6fa2d93 fix: deepcopy nil fields as nil

Changes from talos-systems/extras

1 commit

495a5b2 feat: update Go to 1.17.5

Changes from talos-systems/go-blockdevice

2 commits

6928ee4 refactor: rewrite GPT serialize/deserialize functions
0c7e429 refactor: simplify middle endian functions

Changes from talos-systems/pkgs

5 commits

2779c3f fix: kexec on rpi4
950361f feat: update Linux to 5.15.11
ad611bc feat: provide build instructions for NVIDIA kernel module
b22723d feat: update iPXE to the latest available version
a675c67 feat: update Go to 1.17.5

Changes from talos-systems/tools

1 commit

9c2b9df feat: update Go to 1.17.5

Dependency Changes

cloud.google.com/go v0.99.0 new
github.com/aws/aws-sdk-go v1.42.25 new
github.com/docker/docker v20.10.11 -> v20.10.12
github.com/google/nftables 16a134723a96 -> 6f19c4381e13
github.com/jsimonetti/rtnetlink fd9a11f42291 -> 9dff439f7e79
github.com/mdlayher/ethtool 288d040e9d60 -> bc8fdcf6e99c
github.com/mdlayher/genetlink v1.0.0 -> v1.1.0
github.com/mdlayher/netlink v1.4.2 -> v1.5.0
github.com/pmorjan/kmod v1.0.0 new
github.com/spf13/cobra v1.2.1 -> v1.3.0
github.com/talos-systems/crypto v0.3.4 -> 6fa2d93d0382
github.com/talos-systems/extras v0.7.0-1-gd6b73a7 -> v0.8.0-alpha.0
github.com/talos-systems/go-blockdevice v0.2.5 -> 6928ee43c303
github.com/talos-systems/pkgs v0.9.0-1-g7a3419a -> v0.10.0-alpha.0-4-g2779c3f
github.com/talos-systems/tools v0.9.0-1-gb1146f9 -> v0.10.0-alpha.0
golang.org/x/net 491a49abca63 -> fe4d6282115f
golang.org/x/sys 97ca703d548d -> 1d35b9e2eb4e
golang.zx2c4.com/wireguard/wgctrl dd7407c86d22 -> 7a385b3431de
google.golang.org/grpc v1.42.0 -> v1.43.0
kernel.org/pub/linux/libs/security/libcap/cap v1.2.61 -> v1.2.62

Previous release can be found at v0.14.0

Talos 0.14.0-alpha.2 (2021-11-30)

Welcome to the v0.14.0-alpha.2 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Kexec and capabilities

When kexec support is disabled Talos no longer drops Linux capabilities (CAP_SYS_BOOT and CAP_SYS_MODULES) for child processes. That is helpful for advanced use-cases like Docker-in-Docker.

If you want to permanently disable kexec and capabilities dropping, pass kexec_load_disabled=1 argument to the kernel.

For example:

install:
  extraKernelArgs:
    - sysctl.kernel.kexec_load_disabled=1

Please note that capabilities are dropped before machine configuration is loaded, so disabling kexec via machine.sysctls will not be enough.

Cluster Discovery

Cluster Discovery is enabled by default for Talos 0.14. Cluster Discovery can be disabled with talosctl gen config --with-cluster-discovery=false.

Kubelet

Kubelet service can now be restarted with talosctl service kubelet restart.

Kubelet node IP configuration (.machine.kubelet.nodeIP.validSubnets) can now include negative subnet matches (prefixed with !).

Log Shipping

Talos can now ship system logs to the configured destination using either JSON-over-UDP or JSON-over-TCP: see .machine.logging machine configuration option.

NTP Sync

Talos NTP sync process was improved to align better with kernel time adjustment periods and to filter out spikes.

SideroLink

A set of Talos ehancements is going to unlock a number of exciting features in the upcoming release of Sidero:

SideroLink: a point-to-point Wireguard tunnel connecting Talos node back to the provisioning platform (Sidero).
event sink (kernel arg talos.event.sink=http://10.0.0.1:4000) delivers Talos internal events to the specified destination.
kmsg log delivery (kernel arg talos.logging.kernel=tcp://10.0.0.1:4001) sends kernel logs as JSON lines over TCP or UDP.

`talosctl support`

talosctl CLI tool now has a new subcommand called support, that can gather all cluster information that could help with future debugging in a single run.

Output of the command is a zip archive with all talos service logs, kubernetes pod logs and manifests, talos resources manifests and so on. Generated archive does not contain any secret information so it is safe to send it for analysis to a third party.

Component Updates

Linux: 5.15.5
etcd: 3.5.1
containerd: 1.5.8
Kubernetes: 1.23.0-rc.0
CoreDNS: 1.8.6

Talos is built with Go 1.17.3

Kubernetes Upgrade Enhancements

talosctl upgrade-k8s now syncs all Talos manifest resources generated from templates.

So there is no need to update CoreDNS, Flannel container manually after running upgrade-k8s anymore.

Contributors

Andrey Smirnov
Alexey Palazhchenko
Artem Chernyshev
Serge Logvinov
Noel Georgi
Nico Berlee
Spencer Smith
Alex Zero
Andrew Rynhard
Branden Cash
David Haines
Gerard de Leeuw
Michael Fornaro
Rui Lopes

Changes

136 commits

e9f4b7b2 feat: update Linux to 5.15.5
4d0a75a3 docs: add documentation about logging
8d1cbeef chore: add API breaking changes detector
ed7fb9db feat: move kubelet proccesses to /podruntime cgroup
2cd3f9be feat: filter out SideroLink addresses by default
0f169bf9 chore: add API deprecations mechanism
eaf6d472 refactor: use random port listener in kernel log delivery tests
bf4c81e7 feat: kernel log (kmsg) delivery controller
f3149780 feat: update Kubernetes to 1.23.0-rc.0
b824909d fix: disable kexec on RPi4
3257751b fix: initialize Drainer properly
e4bc68bf fix: leave only a single IPv4/IPv6 address as kubelet's node IP
e6d00741 feat: update pkgs - Linux 5.15.4, LibreSSL 3.2.7
d5cbc364 feat: add GCP ccm
7433150f feat: implement events sink controller
b4a406ae test: pin cluster API templates version to tag v1alpha4
9427e78d fix: catch panics in network operator runs
d1f55f90 fix: update blockdevice library to properly handle absent GPT
5ac64b2d chore: set version in unit-tests
20d39c0b chore: format .proto files
852bf4a7 feat: talosctl fish completion support
6bb75150 fix: allow add_key and request_key in kubelet seccomp profile
6487b21f feat: update pkgs for u-boot, containerd, etc
f7d1e777 feat: provide SideroLink client implementation
58892cd6 fix: unblock events watch on context cancel
caa76be2 fix: containerd failed to load plugin
1ffa8e04 feat: add ULA prefix for SideroLink
c6a67b86 fix: ignore not existing nodes on cordoning
f7302525 feat: add new event types
7c9b082f feat: update Kubernetes to 1.23.0-beta.0
750e31c4 fix: ignore EBUSY from kexec_file_load
2d11b595 fix: ignore virtual IP as kubelet node IPs
030fd349 fix: don't run kexec prepare on shutdown and reset
6dcce20e test: set proper pod CIDR for Cilium tests
695300da release(v0.14.0-alpha.1): prepare release
753a8218 refactor: move pkg/resources to machinery
0102a64a refactor: remove pkg/resources dependencies on wgtypes, netx
7462733b chore: update golangci-lint
032c99a0 refactor: remove pkg/resources dependencies on k8s and base62
4a5cff45 perf: raspberry PIs clockspeed as fast as firmware allows
a76f6d69 feat: allow kubelet to be restarted and provide negative nodeIP subnets
189221d5 chore: update dependencies
41f0aecc docs: update partition info
95105071 chore: fix simple issues found by golangci-lint
d4b0ca21 test: retry upgrade mutex lock failures
4357e9a8 docs: add Talos partions info
8e8687d7 fix: use temporary sonobuoy version
e4e8e873 test: disable e2e-misc test with Canal CNI
897da2f6 docs: common typos
a50483dd feat: update Linux to 5.15.1
a2233bfe fix: improve NTP sync process
7efc1238 fix: parse partition size correctly
d6147eb1 chore: update sonobuoy
efbae785 fix: use etc folder for du cli tests
198eea51 fix: wait for follow reader to start before writing to the file
e7f715eb chore: log KubeSpan IPs overlaps
82a1ad16 chore: bump dependencies
e8fccbf5 fix: clear time adjustment error when setting time to specific value
e6f90bb4 chore: remove unused parameters
785161d1 feat: update k8s to 1.23.0-alpha.4
fe228d7c fix: do not use yaml.v2 in the support cmd
9b48ca21 fix: endpoints and nodes in generated talosconfig
6e16fd2f chore: update tools, pkgs, and extras
261c497c feat: implement talosctl support command
fc7dc454 chore: check our API idiosyncrasies
b1584429 feat: use GCP deployment manager
3e7d4df9 chore: bump dependencies
88f24229 refactor: get rid of prometheus/procfs dependency in pkg/resources
dd196d30 refactor: prepare for move of pkg/resources to machinery
f6110f80 fix: remove listening socket to fix Talos in a container restart
53bbb13e docs: update docs with emmc boot guide
8329d211 chore: split polymorphic RootSecret resource into specific types
c97becdd chore: remove interfaces and routes APIs
d798635d feat: automatically limit kubelet node IP family based on service CIDRs
205a8d6d chore: make nethelpers build on all OSes
5b5dd49f feat: extract JSON fields from more log messages
eb4f1182 docs: create cluster in hetzner cloud
728164e2 docs: fix kexec_load_disabled param name in release notes
f6328f09 fix: fix filename typo
01b0f0ab release(v0.14.0-alpha.0): prepare release
8b620653 fix: skip generating empty .machine.logging
60ad0063 fix: don't drop ability to use ambient capabilities
b6b78e7f test: add cluster discovery integration tests
97d64d16 fix: hcloud network config changes
4c76865d feat: multiple logging improvements
1d1e1df6 fix: handle skipped mounts correctly
0a964d92 test: fix openstack unit-test stability
72f62ac2 chore: bump Go and Docker dependencies
9c48ebe8 fix: gcp fetching externalIP
6c297268 test: fix e2e k8s version
ae5af9d3 feat: update Kubernetes to 1.23.0-alpha.3
28d3a69e feat: openstack config-drive support
2258bc49 test: update GCP e2e script to work with new templates
36b6ace2 feat: update Linux to 5.10.75
38516a54 test: update Talos versions in upgrade tests
cff20ec7 fix: change services OOM score
666a2b62 feat: azure platform ipv6 support
d32814e3 feat: extract JSON fields from log lines
e77d81ff fix: treat literal 'unknown' as a valid machine type
c8e404e3 test: update vars for AWS cluster
ad23891b feat: update CoreDNS version 1.8.6
41299cae feat: udev rules support
5237fdc9 feat: send JSON logs over UDP
6d44587a feat: coredns service dualstack
12f7888b feat: feed control plane endpoints on workers from cluster discovery
431e4fb4 chore: bump Go and Docker dependencies
89f3b9f8 feat: update etcd to 3.5.1
e60469a3 feat: initial support for JSON logging
68c420e3 feat: enable cluster discovery by default
3e100aa9 test: workaround EventsWatch test flakiness
9bd4838a chore: stop using sonobuoy CLI
6ad45951 docs: fix field names for bonding configuration
d7a3b7b5 chore: use discovery-client and discovery-api modules
d6309eed docs: create docs for Talos 0.14
c0fda643 fix: attempt to clean up tasks in containerd runner
8cf442da chore: bump tools, pkgs, extras
0dad5f4d chore: small cleanup
e3e2113a feat: upgrade CoreDNS during upgrade-k8s call
d92c98e1 docs: fix discovery service documentation link
e44b11c5 feat: update containerd to 1.5.7, bump Go dependencies
24129307 docs: make Talos 0.13 docs latest, update documentation
31b6e39e fix: delete expired affiliates from the discovery service
877a2b6f test: bump CAPI components to v1alpha4
2ba0e0ac docs: add KubeSpan documentation
997873b6 fix: use ECDSA-SHA512 when generating certs for Talos < 0.13
7137166d fix: allow overriding audit-policy-file in kube-apiserver static pod
8fcd4219 chore: fix integration-qemu-race
91a858b5 fix: sort output of the argument builder
657f7a56 fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs
983d2459 feat: suppress logging NTP sync to the console
022c7335 fix: add interface route if DHCP4 router is not directly routeable
66a1579e fix: don't enable 'no new privs' on the system level
423861cf feat: don't drop capabilities if kexec is disabled
facc8c38 docs: fix documentation for cluster discovery
ce65ca4e chore: build using only amd64 builders
e9b0f010 chore: update docker image in the pipeline

Changes since v0.14.0-alpha.1

34 commits

e9f4b7b2 feat: update Linux to 5.15.5
4d0a75a3 docs: add documentation about logging
8d1cbeef chore: add API breaking changes detector
ed7fb9db feat: move kubelet proccesses to /podruntime cgroup
2cd3f9be feat: filter out SideroLink addresses by default
0f169bf9 chore: add API deprecations mechanism
eaf6d472 refactor: use random port listener in kernel log delivery tests
bf4c81e7 feat: kernel log (kmsg) delivery controller
f3149780 feat: update Kubernetes to 1.23.0-rc.0
b824909d fix: disable kexec on RPi4
3257751b fix: initialize Drainer properly
e4bc68bf fix: leave only a single IPv4/IPv6 address as kubelet's node IP
e6d00741 feat: update pkgs - Linux 5.15.4, LibreSSL 3.2.7
d5cbc364 feat: add GCP ccm
7433150f feat: implement events sink controller
b4a406ae test: pin cluster API templates version to tag v1alpha4
9427e78d fix: catch panics in network operator runs
d1f55f90 fix: update blockdevice library to properly handle absent GPT
5ac64b2d chore: set version in unit-tests
20d39c0b chore: format .proto files
852bf4a7 feat: talosctl fish completion support
6bb75150 fix: allow add_key and request_key in kubelet seccomp profile
6487b21f feat: update pkgs for u-boot, containerd, etc
f7d1e777 feat: provide SideroLink client implementation
58892cd6 fix: unblock events watch on context cancel
caa76be2 fix: containerd failed to load plugin
1ffa8e04 feat: add ULA prefix for SideroLink
c6a67b86 fix: ignore not existing nodes on cordoning
f7302525 feat: add new event types
7c9b082f feat: update Kubernetes to 1.23.0-beta.0
750e31c4 fix: ignore EBUSY from kexec_file_load
2d11b595 fix: ignore virtual IP as kubelet node IPs
030fd349 fix: don't run kexec prepare on shutdown and reset
6dcce20e test: set proper pod CIDR for Cilium tests

Changes from talos-systems/discovery-api

2 commits

db279ef feat: initial set of APIs and generated files
ac52a37 chore: initial commit

Changes from talos-systems/discovery-client

2 commits

a9a5e9b feat: initial client code
98eb999 chore: initial commit

Changes from talos-systems/extras

2 commits

2bb2efc chore: update pkgs and tools
d6e8b3a chore: update pkgs and tools

Changes from talos-systems/go-blockdevice

2 commits

15b182d fix: return partition table not exist when trying to read an empty dev
b9517d5 fix: resize partition

Changes from talos-systems/go-smbios

1 commit

fd5ec8c fix: remove useless (?) goroutines leading to data race error

Changes from talos-systems/net

2 commits

b4b7181 feat: add a way to filter list of IPs for the machine
0abe5bd feat: implement FilterIPs function

Changes from talos-systems/pkgs

22 commits

422276d feat: update Linux to 5.15.5
d385e24 chore: update LibreSSL to 3.2.7
39a3b76 feat: update Linux to 5.15.4
ca30b50 feat: update u-boot to 2021.10
cea93f1 chore: add conformance
79d16b8 feat: update containerd to 1.5.8
1c76107 feat: add mdraid 1/0/10
740da24 feat: bump raspberrypi-firmware to 1.20211029
832dae4 fix: enable CONFIG_DM_SNAPSHOT
f307e64 feat: update Linux to 5.15.1
4f0f238 chore: update tools
932c3cf feat: update libseccomp to 2.5.3
7f3311e feat: update cpu governor to schedutil
b4cdb99 fix: update containerd shas
80a63d4 feat: update Linux to 5.10.75
5c98efd feat: add QLogic QED 25/40/100Gb Ethernet NIC driver
bfb2365 feat: enable driver for SuperMicro raid controller
657e16b feat: enable Intel VMD driver
f7d9d72 feat: enable smarpqi driver and related options
bca3be0 feat: enable aqtion device driver
b88127a chore: update tools
971735f feat: update containerd to 1.5.7

Changes from talos-systems/siderolink

6 commits

d0612a7 refactor: pass in listener to the log receiver
d86cdd5 feat: implement logreceiver for kernel logs
f7cadbc fix: handle duplicate peer updates
0755b24 feat: initial implementation of SideroLink
ee73ea9 feat: add Talos events sink proto files and the reference implementation
1e2cd9d Initial commit

Changes from talos-systems/tools

6 commits

96e0231 feat: update squashfs-tools to 4.5
2c9c826 feat: update libseccomp to 2.5.3
f713a7c feat: update protobuf to 3.19.1, grpc-go to 1.42.0
972c5ef feat: update Go to 1.17.3
f63848c feat: update PCRE version and source host
fab7532 feat: update Go to 1.17.2

Dependency Changes

github.com/AlekSi/pointer v1.1.0 -> v1.2.0
github.com/cenkalti/backoff/v4 v4.1.2 new
github.com/containerd/cgroups v1.0.1 -> v1.0.2
github.com/containerd/containerd v1.5.5 -> v1.5.8
github.com/docker/docker v20.10.8 -> v20.10.11
github.com/evanphx/json-patch v4.11.0 -> v5.6.0
github.com/gosuri/uiprogress v0.0.1 new
github.com/hashicorp/go-getter v1.5.8 -> v1.5.9
github.com/hetznercloud/hcloud-go v1.32.0 -> v1.33.1
github.com/insomniacslk/dhcp b95caade3eac -> ad197bcd36fd
github.com/jsimonetti/rtnetlink 435639c8e6a8 -> 93da33804786
github.com/jxskiss/base62 4f11678b909b -> v1.0.0
github.com/mdlayher/ethtool 2b88debcdd43 -> 288d040e9d60
github.com/rivo/tview ee97a7ab3975 -> badfa0f0b301
github.com/talos-systems/discovery-api v0.1.0 new
github.com/talos-systems/discovery-client v0.1.0 new
github.com/talos-systems/extras v0.6.0 -> v0.7.0-alpha.0-1-g2bb2efc
github.com/talos-systems/go-blockdevice v0.2.4 -> 15b182db0cd2
github.com/talos-systems/go-smbios v0.1.0 -> fd5ec8ce4873
github.com/talos-systems/net v0.3.0 -> b4b718179a1a
github.com/talos-systems/pkgs v0.8.0 -> v0.9.0-alpha.0-21-g422276d
github.com/talos-systems/siderolink v0.1.0 new
github.com/talos-systems/talos/pkg/machinery v0.13.0 -> 1ffa8e0480
github.com/talos-systems/tools v0.8.0 -> v0.9.0-alpha.0-5-g96e0231
github.com/vmware-tanzu/sonobuoy v0.53.2 -> v0.55.1
github.com/vmware/govmomi v0.26.1 -> v0.27.2
github.com/vmware/vmw-guestinfo 687661b8bd8e -> cc1fd90d572c
go.etcd.io/etcd/api/v3 v3.5.0 -> v3.5.1
go.etcd.io/etcd/client/pkg/v3 v3.5.0 -> v3.5.1
go.etcd.io/etcd/client/v3 v3.5.0 -> v3.5.1
go.etcd.io/etcd/etcdutl/v3 v3.5.0 -> v3.5.1
go.uber.org/atomic v1.7.0 new
golang.org/x/net 3ad01bbaa167 -> d83791d6bcd9
golang.org/x/sys 39ccf1dd6fa6 -> fe61309f8881
golang.org/x/term 140adaaadfaf -> 03fcf44c2211
golang.org/x/time 1f47c861a9ac -> f0f3c7e86c11
golang.zx2c4.com/wireguard/wgctrl 0a2f4901cba6 -> dd7407c86d22
google.golang.org/grpc v1.41.0 -> v1.42.0
inet.af/netaddr 85fa6c94624e -> c74959edd3b6
k8s.io/api v0.22.2 -> v0.23.0-alpha.4
k8s.io/apimachinery v0.22.2 -> v0.23.0-alpha.4
k8s.io/client-go v0.22.2 -> v0.23.0-alpha.4
k8s.io/cri-api v0.22.2 -> v0.23.0-alpha.4
k8s.io/kubectl v0.22.2 -> v0.23.0-alpha.4
k8s.io/kubelet v0.22.2 -> v0.23.0-alpha.4
kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 -> v1.2.61
sigs.k8s.io/yaml v1.3.0 new

Previous release can be found at v0.13.0

Talos 0.14.0-alpha.1 (2021-11-15)

Welcome to the v0.14.0-alpha.1 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Kexec and capabilities

When kexec support is disabled Talos no longer drops Linux capabilities (CAP_SYS_BOOT and CAP_SYS_MODULES) for child processes. That is helpful for advanced use-cases like Docker-in-Docker.

If you want to permanently disable kexec and capabilities dropping, pass kexec_load_disabled=1 argument to the kernel.

For example:

install:
  extraKernelArgs:
    - sysctl.kernel.kexec_load_disabled=1

Please note that capabilities are dropped before machine configuration is loaded, so disabling kexec via machine.sysctls will not be enough.

Cluster Discovery

Cluster Discovery is enabled by default for Talos 0.14. Cluster Discovery can be disabled with talosctl gen config --with-cluster-discovery=false.

Kubelet

Kubelet service can now be restarted with talosctl service kubelet restart.

Kubelet node IP configuration (.machine.kubelet.nodeIP.validSubnets) can now include negative subnet matches (prefixed with !).

Log Shipping

Talos can now ship system logs to the configured destination using either JSON-over-UDP or JSON-over-TCP: see .machine.logging machine configuration option.

`talosctl support`

talosctl CLI tool now has a new subcommand called support, that can gather all cluster information that could help with future debugging in a single run.

Component Updates

Linux: 5.15.1
etcd: 3.5.1
containerd: 1.5.7
Kubernetes: 1.23.0-alpha.4
CoreDNS: 1.8.6

Talos is built with Go 1.17.2

Kubernetes Upgrade Enhancements

talosctl upgrade-k8s now syncs all Talos manifest resources generated from templates.

So there is no need to update CoreDNS, Flannel container manually after running upgrade-k8s anymore.

Contributors

Andrey Smirnov
Alexey Palazhchenko
Artem Chernyshev
Serge Logvinov
Noel Georgi
Spencer Smith
Nico Berlee
Alex Zero
Andrew Rynhard
Branden Cash
David Haines
Gerard de Leeuw
Michael Fornaro
Rui Lopes

Changes

101 commits

753a8218 refactor: move pkg/resources to machinery
0102a64a refactor: remove pkg/resources dependencies on wgtypes, netx
7462733b chore: update golangci-lint
032c99a0 refactor: remove pkg/resources dependencies on k8s and base62
4a5cff45 perf: raspberry PIs clockspeed as fast as firmware allows
a76f6d69 feat: allow kubelet to be restarted and provide negative nodeIP subnets
189221d5 chore: update dependencies
41f0aecc docs: update partition info
95105071 chore: fix simple issues found by golangci-lint
d4b0ca21 test: retry upgrade mutex lock failures
4357e9a8 docs: add Talos partions info
8e8687d7 fix: use temporary sonobuoy version
e4e8e873 test: disable e2e-misc test with Canal CNI
897da2f6 docs: common typos
a50483dd feat: update Linux to 5.15.1
a2233bfe fix: improve NTP sync process
7efc1238 fix: parse partition size correctly
d6147eb1 chore: update sonobuoy
efbae785 fix: use etc folder for du cli tests
198eea51 fix: wait for follow reader to start before writing to the file
e7f715eb chore: log KubeSpan IPs overlaps
82a1ad16 chore: bump dependencies
e8fccbf5 fix: clear time adjustment error when setting time to specific value
e6f90bb4 chore: remove unused parameters
785161d1 feat: update k8s to 1.23.0-alpha.4
fe228d7c fix: do not use yaml.v2 in the support cmd
9b48ca21 fix: endpoints and nodes in generated talosconfig
6e16fd2f chore: update tools, pkgs, and extras
261c497c feat: implement talosctl support command
fc7dc454 chore: check our API idiosyncrasies
b1584429 feat: use GCP deployment manager
3e7d4df9 chore: bump dependencies
88f24229 refactor: get rid of prometheus/procfs dependency in pkg/resources
dd196d30 refactor: prepare for move of pkg/resources to machinery
f6110f80 fix: remove listening socket to fix Talos in a container restart
53bbb13e docs: update docs with emmc boot guide
8329d211 chore: split polymorphic RootSecret resource into specific types
c97becdd chore: remove interfaces and routes APIs
d798635d feat: automatically limit kubelet node IP family based on service CIDRs
205a8d6d chore: make nethelpers build on all OSes
5b5dd49f feat: extract JSON fields from more log messages
eb4f1182 docs: create cluster in hetzner cloud
728164e2 docs: fix kexec_load_disabled param name in release notes
f6328f09 fix: fix filename typo
01b0f0ab release(v0.14.0-alpha.0): prepare release
8b620653 fix: skip generating empty .machine.logging
60ad0063 fix: don't drop ability to use ambient capabilities
b6b78e7f test: add cluster discovery integration tests
97d64d16 fix: hcloud network config changes
4c76865d feat: multiple logging improvements
1d1e1df6 fix: handle skipped mounts correctly
0a964d92 test: fix openstack unit-test stability
72f62ac2 chore: bump Go and Docker dependencies
9c48ebe8 fix: gcp fetching externalIP
6c297268 test: fix e2e k8s version
ae5af9d3 feat: update Kubernetes to 1.23.0-alpha.3
28d3a69e feat: openstack config-drive support
2258bc49 test: update GCP e2e script to work with new templates
36b6ace2 feat: update Linux to 5.10.75
38516a54 test: update Talos versions in upgrade tests
cff20ec7 fix: change services OOM score
666a2b62 feat: azure platform ipv6 support
d32814e3 feat: extract JSON fields from log lines
e77d81ff fix: treat literal 'unknown' as a valid machine type
c8e404e3 test: update vars for AWS cluster
ad23891b feat: update CoreDNS version 1.8.6
41299cae feat: udev rules support
5237fdc9 feat: send JSON logs over UDP
6d44587a feat: coredns service dualstack
12f7888b feat: feed control plane endpoints on workers from cluster discovery
431e4fb4 chore: bump Go and Docker dependencies
89f3b9f8 feat: update etcd to 3.5.1
e60469a3 feat: initial support for JSON logging
68c420e3 feat: enable cluster discovery by default
3e100aa9 test: workaround EventsWatch test flakiness
9bd4838a chore: stop using sonobuoy CLI
6ad45951 docs: fix field names for bonding configuration
d7a3b7b5 chore: use discovery-client and discovery-api modules
d6309eed docs: create docs for Talos 0.14
c0fda643 fix: attempt to clean up tasks in containerd runner
8cf442da chore: bump tools, pkgs, extras
0dad5f4d chore: small cleanup
e3e2113a feat: upgrade CoreDNS during upgrade-k8s call
d92c98e1 docs: fix discovery service documentation link
e44b11c5 feat: update containerd to 1.5.7, bump Go dependencies
24129307 docs: make Talos 0.13 docs latest, update documentation
31b6e39e fix: delete expired affiliates from the discovery service
877a2b6f test: bump CAPI components to v1alpha4
2ba0e0ac docs: add KubeSpan documentation
997873b6 fix: use ECDSA-SHA512 when generating certs for Talos < 0.13
7137166d fix: allow overriding audit-policy-file in kube-apiserver static pod
8fcd4219 chore: fix integration-qemu-race
91a858b5 fix: sort output of the argument builder
657f7a56 fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs
983d2459 feat: suppress logging NTP sync to the console
022c7335 fix: add interface route if DHCP4 router is not directly routeable
66a1579e fix: don't enable 'no new privs' on the system level
423861cf feat: don't drop capabilities if kexec is disabled
facc8c38 docs: fix documentation for cluster discovery
ce65ca4e chore: build using only amd64 builders
e9b0f010 chore: update docker image in the pipeline

Changes since v0.14.0-alpha.0

44 commits

753a8218 refactor: move pkg/resources to machinery
0102a64a refactor: remove pkg/resources dependencies on wgtypes, netx
7462733b chore: update golangci-lint
032c99a0 refactor: remove pkg/resources dependencies on k8s and base62
4a5cff45 perf: raspberry PIs clockspeed as fast as firmware allows
a76f6d69 feat: allow kubelet to be restarted and provide negative nodeIP subnets
189221d5 chore: update dependencies
41f0aecc docs: update partition info
95105071 chore: fix simple issues found by golangci-lint
d4b0ca21 test: retry upgrade mutex lock failures
4357e9a8 docs: add Talos partions info
8e8687d7 fix: use temporary sonobuoy version
e4e8e873 test: disable e2e-misc test with Canal CNI
897da2f6 docs: common typos
a50483dd feat: update Linux to 5.15.1
a2233bfe fix: improve NTP sync process
7efc1238 fix: parse partition size correctly
d6147eb1 chore: update sonobuoy
efbae785 fix: use etc folder for du cli tests
198eea51 fix: wait for follow reader to start before writing to the file
e7f715eb chore: log KubeSpan IPs overlaps
82a1ad16 chore: bump dependencies
e8fccbf5 fix: clear time adjustment error when setting time to specific value
e6f90bb4 chore: remove unused parameters
785161d1 feat: update k8s to 1.23.0-alpha.4
fe228d7c fix: do not use yaml.v2 in the support cmd
9b48ca21 fix: endpoints and nodes in generated talosconfig
6e16fd2f chore: update tools, pkgs, and extras
261c497c feat: implement talosctl support command
fc7dc454 chore: check our API idiosyncrasies
b1584429 feat: use GCP deployment manager
3e7d4df9 chore: bump dependencies
88f24229 refactor: get rid of prometheus/procfs dependency in pkg/resources
dd196d30 refactor: prepare for move of pkg/resources to machinery
f6110f80 fix: remove listening socket to fix Talos in a container restart
53bbb13e docs: update docs with emmc boot guide
8329d211 chore: split polymorphic RootSecret resource into specific types
c97becdd chore: remove interfaces and routes APIs
d798635d feat: automatically limit kubelet node IP family based on service CIDRs
205a8d6d chore: make nethelpers build on all OSes
5b5dd49f feat: extract JSON fields from more log messages
eb4f1182 docs: create cluster in hetzner cloud
728164e2 docs: fix kexec_load_disabled param name in release notes
f6328f09 fix: fix filename typo

Changes from talos-systems/discovery-api

2 commits

db279ef feat: initial set of APIs and generated files
ac52a37 chore: initial commit

Changes from talos-systems/discovery-client

2 commits

a9a5e9b feat: initial client code
98eb999 chore: initial commit

Changes from talos-systems/extras

2 commits

2bb2efc chore: update pkgs and tools
d6e8b3a chore: update pkgs and tools

Changes from talos-systems/net

1 commit

0abe5bd feat: implement FilterIPs function

Changes from talos-systems/pkgs

15 commits

740da24 feat: bump raspberrypi-firmware to 1.20211029
832dae4 fix: enable CONFIG_DM_SNAPSHOT
f307e64 feat: update Linux to 5.15.1
4f0f238 chore: update tools
932c3cf feat: update libseccomp to 2.5.3
7f3311e feat: update cpu governor to schedutil
b4cdb99 fix: update containerd shas
80a63d4 feat: update Linux to 5.10.75
5c98efd feat: add QLogic QED 25/40/100Gb Ethernet NIC driver
bfb2365 feat: enable driver for SuperMicro raid controller
657e16b feat: enable Intel VMD driver
f7d9d72 feat: enable smarpqi driver and related options
bca3be0 feat: enable aqtion device driver
b88127a chore: update tools
971735f feat: update containerd to 1.5.7

Changes from talos-systems/tools

6 commits

96e0231 feat: update squashfs-tools to 4.5
2c9c826 feat: update libseccomp to 2.5.3
f713a7c feat: update protobuf to 3.19.1, grpc-go to 1.42.0
972c5ef feat: update Go to 1.17.3
f63848c feat: update PCRE version and source host
fab7532 feat: update Go to 1.17.2

Dependency Changes

github.com/AlekSi/pointer v1.1.0 -> v1.2.0
github.com/containerd/cgroups v1.0.1 -> v1.0.2
github.com/containerd/containerd v1.5.5 -> v1.5.7
github.com/docker/docker v20.10.8 -> v20.10.10
github.com/evanphx/json-patch v4.11.0 -> v4.12.0
github.com/gosuri/uiprogress v0.0.1 new
github.com/hashicorp/go-getter v1.5.8 -> v1.5.9
github.com/hetznercloud/hcloud-go v1.32.0 -> v1.33.1
github.com/insomniacslk/dhcp b95caade3eac -> ad197bcd36fd
github.com/jsimonetti/rtnetlink 435639c8e6a8 -> 93da33804786
github.com/jxskiss/base62 4f11678b909b -> v1.0.0
github.com/mdlayher/ethtool 2b88debcdd43 -> 288d040e9d60
github.com/rivo/tview ee97a7ab3975 -> badfa0f0b301
github.com/talos-systems/discovery-api v0.1.0 new
github.com/talos-systems/discovery-client v0.1.0 new
github.com/talos-systems/extras v0.6.0 -> v0.7.0-alpha.0-1-g2bb2efc
github.com/talos-systems/net v0.3.0 -> 0abe5bdae8f8
github.com/talos-systems/pkgs v0.8.0 -> v0.9.0-alpha.0-14-g740da24
github.com/talos-systems/talos/pkg/machinery v0.13.0 -> 000000000000
github.com/talos-systems/tools v0.8.0 -> v0.9.0-alpha.0-5-g96e0231
github.com/vmware-tanzu/sonobuoy v0.53.2 -> v0.55.0
github.com/vmware/govmomi v0.26.1 -> v0.27.1
github.com/vmware/vmw-guestinfo 687661b8bd8e -> cc1fd90d572c
go.etcd.io/etcd/api/v3 v3.5.0 -> v3.5.1
go.etcd.io/etcd/client/pkg/v3 v3.5.0 -> v3.5.1
go.etcd.io/etcd/client/v3 v3.5.0 -> v3.5.1
go.etcd.io/etcd/etcdutl/v3 v3.5.0 -> v3.5.1
golang.org/x/net 3ad01bbaa167 -> 69e39bad7dc2
golang.org/x/sys 39ccf1dd6fa6 -> 0c823b97ae02
golang.org/x/term 140adaaadfaf -> 03fcf44c2211
golang.zx2c4.com/wireguard/wgctrl 0a2f4901cba6 -> 0073765f69ba
google.golang.org/grpc v1.41.0 -> v1.42.0
inet.af/netaddr 85fa6c94624e -> c74959edd3b6
k8s.io/api v0.22.2 -> v0.23.0-alpha.4
k8s.io/apimachinery v0.22.2 -> v0.23.0-alpha.4
k8s.io/client-go v0.22.2 -> v0.23.0-alpha.4
k8s.io/cri-api v0.22.2 -> v0.23.0-alpha.4
k8s.io/kubectl v0.22.2 -> v0.23.0-alpha.4
k8s.io/kubelet v0.22.2 -> v0.23.0-alpha.4
kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 -> v1.2.60
sigs.k8s.io/yaml v1.3.0 new

Previous release can be found at v0.13.0

Talos 0.14.0-alpha.0 (2021-10-25)

Welcome to the v0.14.0-alpha.0 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Kexec and capabilities

When kexec support is disabled Talos no longer drops Linux capabilities (CAP_SYS_BOOT and CAP_SYS_MODULES) for child processes. That is helpful for advanced use-cases like Docker-in-Docker.

If you want to permanently disable kexec and capabilities dropping, pass kexec_load_disabled=1 argument to the kernel.

For example:

install:
  extraKernelArgs:
    - kexec_load_disabled=1

Please note that capabilities are dropped before machine configuration is loaded, so disabling kexec via machine.sysctls will not be enough.

Cluster Discovery

Cluster Discovery is enabled by default for Talos 0.14. Cluster Discovery can be disabled with talosctl gen config --with-cluster-discovery=false.

Log Shipping

Talos can now ship system logs to the configured destination using either JSON-over-UDP or JSON-over-TCP: see .machine.logging machine configuration option.

Component Updates

Linux: 5.10.75
etcd: 3.5.1
containerd: 1.5.7
Kubernetes: 1.23.0-alpha.0
CoreDNS: 1.8.6

Talos is built with Go 1.17.2

Kubernetes Upgrade Enhancements

talosctl upgrade-k8s now syncs all Talos manifest resources generated from templates.

So there is no need to update CoreDNS, Flannel container manually after running upgrade-k8s anymore.

Contributors

Andrey Smirnov
Alexey Palazhchenko
Serge Logvinov
Artem Chernyshev
Spencer Smith
Andrew Rynhard
Branden Cash
Gerard de Leeuw

Changes

56 commits

8b620653 fix: skip generating empty .machine.logging
60ad0063 fix: don't drop ability to use ambient capabilities
b6b78e7f test: add cluster discovery integration tests
97d64d16 fix: hcloud network config changes
4c76865d feat: multiple logging improvements
1d1e1df6 fix: handle skipped mounts correctly
0a964d92 test: fix openstack unit-test stability
72f62ac2 chore: bump Go and Docker dependencies
9c48ebe8 fix: gcp fetching externalIP
6c297268 test: fix e2e k8s version
ae5af9d3 feat: update Kubernetes to 1.23.0-alpha.3
28d3a69e feat: openstack config-drive support
2258bc49 test: update GCP e2e script to work with new templates
36b6ace2 feat: update Linux to 5.10.75
38516a54 test: update Talos versions in upgrade tests
cff20ec7 fix: change services OOM score
666a2b62 feat: azure platform ipv6 support
d32814e3 feat: extract JSON fields from log lines
e77d81ff fix: treat literal 'unknown' as a valid machine type
c8e404e3 test: update vars for AWS cluster
ad23891b feat: update CoreDNS version 1.8.6
41299cae feat: udev rules support
5237fdc9 feat: send JSON logs over UDP
6d44587a feat: coredns service dualstack
12f7888b feat: feed control plane endpoints on workers from cluster discovery
431e4fb4 chore: bump Go and Docker dependencies
89f3b9f8 feat: update etcd to 3.5.1
e60469a3 feat: initial support for JSON logging
68c420e3 feat: enable cluster discovery by default
3e100aa9 test: workaround EventsWatch test flakiness
9bd4838a chore: stop using sonobuoy CLI
6ad45951 docs: fix field names for bonding configuration
d7a3b7b5 chore: use discovery-client and discovery-api modules
d6309eed docs: create docs for Talos 0.14
c0fda643 fix: attempt to clean up tasks in containerd runner
8cf442da chore: bump tools, pkgs, extras
0dad5f4d chore: small cleanup
e3e2113a feat: upgrade CoreDNS during upgrade-k8s call
d92c98e1 docs: fix discovery service documentation link
e44b11c5 feat: update containerd to 1.5.7, bump Go dependencies
24129307 docs: make Talos 0.13 docs latest, update documentation
31b6e39e fix: delete expired affiliates from the discovery service
877a2b6f test: bump CAPI components to v1alpha4
2ba0e0ac docs: add KubeSpan documentation
997873b6 fix: use ECDSA-SHA512 when generating certs for Talos < 0.13
7137166d fix: allow overriding audit-policy-file in kube-apiserver static pod
8fcd4219 chore: fix integration-qemu-race
91a858b5 fix: sort output of the argument builder
657f7a56 fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs
983d2459 feat: suppress logging NTP sync to the console
022c7335 fix: add interface route if DHCP4 router is not directly routeable
66a1579e fix: don't enable 'no new privs' on the system level
423861cf feat: don't drop capabilities if kexec is disabled
facc8c38 docs: fix documentation for cluster discovery
ce65ca4e chore: build using only amd64 builders
e9b0f010 chore: update docker image in the pipeline

Changes from talos-systems/discovery-api

2 commits

db279ef feat: initial set of APIs and generated files
ac52a37 chore: initial commit

Changes from talos-systems/discovery-client

2 commits

a9a5e9b feat: initial client code
98eb999 chore: initial commit

Changes from talos-systems/extras

1 commit

d6e8b3a chore: update pkgs and tools

Changes from talos-systems/pkgs

8 commits

80a63d4 feat: update Linux to 5.10.75
5c98efd feat: add QLogic QED 25/40/100Gb Ethernet NIC driver
bfb2365 feat: enable driver for SuperMicro raid controller
657e16b feat: enable Intel VMD driver
f7d9d72 feat: enable smarpqi driver and related options
bca3be0 feat: enable aqtion device driver
b88127a chore: update tools
971735f feat: update containerd to 1.5.7

Changes from talos-systems/tools

1 commit

fab7532 feat: update Go to 1.17.2

Dependency Changes

github.com/AlekSi/pointer v1.1.0 -> v1.2.0
github.com/containerd/cgroups v1.0.1 -> v1.0.2
github.com/containerd/containerd v1.5.5 -> v1.5.7
github.com/docker/docker v20.10.8 -> v20.10.9
github.com/hashicorp/go-getter v1.5.8 -> v1.5.9
github.com/insomniacslk/dhcp b95caade3eac -> 509557e9f781
github.com/jsimonetti/rtnetlink 435639c8e6a8 -> e34540a94caa
github.com/jxskiss/base62 4f11678b909b -> v1.0.0
github.com/rivo/tview ee97a7ab3975 -> 5508f4b00266
github.com/talos-systems/discovery-api v0.1.0 new
github.com/talos-systems/discovery-client v0.1.0 new
github.com/talos-systems/extras v0.6.0 -> v0.7.0-alpha.0
github.com/talos-systems/pkgs v0.8.0 -> v0.9.0-alpha.0-7-g80a63d4
github.com/talos-systems/talos/pkg/machinery v0.13.0 -> 000000000000
github.com/talos-systems/tools v0.8.0 -> v0.9.0-alpha.0
github.com/vmware-tanzu/sonobuoy v0.53.2 -> v0.54.0
github.com/vmware/govmomi v0.26.1 -> v0.27.1
github.com/vmware/vmw-guestinfo 687661b8bd8e -> cc1fd90d572c
go.etcd.io/etcd/api/v3 v3.5.0 -> v3.5.1
go.etcd.io/etcd/client/pkg/v3 v3.5.0 -> v3.5.1
go.etcd.io/etcd/client/v3 v3.5.0 -> v3.5.1
go.etcd.io/etcd/etcdutl/v3 v3.5.0 -> v3.5.1
golang.org/x/net 3ad01bbaa167 -> d418f374d309
golang.org/x/sys 39ccf1dd6fa6 -> d6a326fbbf70
golang.org/x/term 140adaaadfaf -> 03fcf44c2211
golang.zx2c4.com/wireguard/wgctrl 0a2f4901cba6 -> 5be1d6054c42
k8s.io/api v0.22.2 -> v0.23.0-alpha.3
k8s.io/apimachinery v0.22.2 -> v0.23.0-alpha.3
k8s.io/client-go v0.22.2 -> v0.23.0-alpha.3
k8s.io/cri-api v0.22.2 -> v0.23.0-alpha.3
k8s.io/kubectl v0.22.2 -> v0.23.0-alpha.3
k8s.io/kubelet v0.22.2 -> v0.23.0-alpha.3
kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 -> v1.2.60
sigs.k8s.io/yaml v1.3.0 new

Previous release can be found at v0.13.0

Talos 0.13.0-alpha.3 (2021-09-29)

Welcome to the v0.13.0-alpha.3 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Hetzner, Scaleway, Upcloud and Vultr

Talos now natively supports three new cloud platforms:

Hetzner, including VIP support
Scaleway
Upcloud
Vultr

Also generic cloud-init nocloud platform is supported in both networking and storage-based modes.

etcd Advertised Address

The address advertised by etcd can now be controlled with new machine configuration option machine.etcd.subnet.

Reboots via kexec

Talos now reboots by default via kexec syscall which means BIOS POST process is skipped. On bare-metal hardware BIOS POST process might take 10-15 minutes, so Talos reboots 10-15 minutes faster on bare-metal.

Kexec support can be disabled with the following change to the machine configuration:

machine:
  sysctls:
    kernel.kexec_load_disabled: "1"

Cluster Discovery and KubeSpan

This release of Talos provides initial support for cluster membership discovery and KubeSpan.

These new features are not enabled by default, to enable them please make following changes to the machine configuration:

machine:
  network:
    kubespan:
      enabled: true
cluster:
  discovery:
    enabled: true

Windows Support

CLI tool talosctl is now built for Windows and published as part of the release.

Contributors

Andrey Smirnov
Artem Chernyshev
Seán C McCord
Serge Logvinov
Alexey Palazhchenko
Andrew Rynhard
Olli Janatuinen
Andrey Smirnov
Lennard Klein
Rui Lopes
Spencer Smith

Changes

100 commits

4044372e feat: harvest discovered endpoints and push them via discovery svc
9a51aa83 feat: add an option to skip downed peers in KubeSpan
cbbd7c68 feat: publish node's ExternalIPs as node addresses
0f60ef6d fix: reset inputs back to initial state in secrets.APIController
64cb873e feat: override static pods default args by extra Args
ecdd7757 test: workaround race in the tests with zaptest package
9c67fde7 release(v0.13.0-alpha.2): prepare release
30ae7142 feat: implement integration with Discovery Service
353d632a feat: add nocloud platform support
628fbf9b chore: update Linux to 5.10.69
62acd625 fix: check trustd API CA on worker nodes
ba27bc36 feat: implement Hetzner Cloud support for virtual (shared) IP
95f440ea test: add fuzz test for configloader
d2cf021d chore: remove deprecated "join" term
0e18e280 chore: bump dependencies
b450b7ce chore: deprecate Interfaces and Routes APIs
cddcb962 fix: find devices without partition table
b1b6d613 fix: check for existence of dhcp6 FQDN first
519999b8 fix: use readonly mode when probing devices with All lookup
2b520420 feat: enable resource API in the maintenance mode
452893c2 fix: make probe open blockdevice in readonly mode
96bccdd3 test: update CABPT provider to 0.3 release
d9eb18bf fix: containerd log symlink
efa7f48e docs: quicklinks on landing page
1cb9f282 fix: don't marshal clock with SecretsBundle
b27c75b3 release(v0.13.0-alpha.1): prepare release
9d803d75 chore: bump dependencies and drop firecracker support
50a24104 feat: add operating system version field to discovery
085c61b2 chore: add a special condition to check for kubeconfig readiness
21cdd854 fix: add node address to the list of allowed IPs (kubespan)
fdd80a12 feat: add an option to continue booting on NTP timeout
ef368498 feat: add routes, routing rules and nftables rules for KubeSpan
ed12379f fix: patch multi nodes support
d943bb0e feat: update Kubernetes to 1.22.2
d0585fb6 feat: reboot via kexec
3de505c8 fix: skip bad cloud-config in OpenStack platform
a394d1e2 fix: tear down control plane static pods when etcd is stopped
1c05089b feat: implement KubeSpan manager for Wireguard peer state
ec7f44ef fix: completely prevent editing resources other than mc
19a8ae97 feat: add vultr.com cloud support
0ff4c7cd fix: write KubernetesCACert chmodded 0400 instead of 0500
a1c9d649 fix: update the way results are retrieved for certified conformance
a0594540 chore: build using Go 1.17
7c5045bd release(v0.13.0-alpha.0): prepare release
ee2dce6c chore: bump dependencies
ef022959 fix: print etcd member ID in hex
5ca1fb82 fix: multiple fixes for KubeSpan and Wireguard implementation
b1bd6425 fix: build platform images
3b5f4038 feat: add scaleway.com cloud support
f156ab18 feat: add upcloud.com cloud support
c3b2429c fix: suppress spurious Kubernetes API server cert updates
ff90b575 feat: implement KubeSpan peer generation controller
14c69df5 fix: correctly parse multiple pod/service CIDRs
69897dbb feat: drop some capabilities to be never available
51e9836b docs: promote 0.12 docs to be the latest
812d59c7 feat: add hetzner.com cloud support
d53e9e89 chore: use named constants
2dfe7f1f chore: bump tools to the latest version
82b130e7 docs: document required options for extraMounts
af662210 feat: implement Kubernetes cluster discovery registry
2c66e1b3 feat: provide building of local Affiliate structure (for the node)
d69bd2af chore: enable GPG identity check for Talos
8dbd851f chore: update tools/pkgs/extras to the new version
0b347570 feat: use dynamic NodeAddresses/HostnameStatus in Kubernetes certs
bd5b9c96 fix: correctly define example for extraMounts
01cca099 docs: update docs for Talos 0.12 release
668627d5 feat: add subnet filter for etcd address
3c3c281b chore: bump dependencies via dependabot
f8bebba2 fix: ignore error on duplicate for MountStatus
6956edd0 feat: add node address filters, filter out k8s addresses for Talos API
caee24bf feat: implement KubeSpan identity controller
da0f6e7e fix: allow updating diskSelector option
761ccaf3 feat: provide machine configuration for KubeSpan and cluster discovery
a81e30cb docs: add bootstrap command to VMware docs
97da354c fix: do not panic on invalid machine configs
c4048e26 fix: don't extract nil IPs in the GCP platform
ba169c6f feat: provide talosctl.exe for Windows
6312f473 fix: properly handle omitempty fields in the validator
7f22879a feat: provide random node identity
032e7c6b chore: import yaml.v3 consistently
80b5f0e7 fix: validate IP address returned as HTTP response in platform code
c9af8f7f docs: fork docs for 0.13
85cda1b9 feat: provide MountStatus resource for system partition mounts
950f122c chore: update versions in upgrade tests
83fdb772 feat: provide first NIC hardware addr as a resource
5f5ac12f fix: properly case the VMware name
0a6048f4 fix: don't allow bootstrap if etcd data directory is not empty
e24b93b4 fix: cgroup delegate
751f64f9 docs: add release notes for 0.12, support matrix
57a77696 feat: update Kubernetes to 1.22.1
244b08cc chore: bump dependencies
576ba195 fix: do not set KSPP kernel params in container mode
b8c92ede fix: don't support cgroups nesting in process runner
9bb0b797 test: adapt tests to the cgroupsv2
1abc12be fix: extramount should have yaml:",inline" tag
2b614e43 feat: check if cluster has deprecated resources versions
0b86edab fix: don't panic if the machine config doesn't have network (EM)
8bef41e4 fix: make sure file mode is same (reproducibility issue)
fcfca55a chore: do not check that go mod tidy gives empty output
5ce92ca5 docs: ensure azure VMs are 0 indexed

Changes since v0.13.0-alpha.2

6 commits

4044372e feat: harvest discovered endpoints and push them via discovery svc
9a51aa83 feat: add an option to skip downed peers in KubeSpan
cbbd7c68 feat: publish node's ExternalIPs as node addresses
0f60ef6d fix: reset inputs back to initial state in secrets.APIController
64cb873e feat: override static pods default args by extra Args
ecdd7757 test: workaround race in the tests with zaptest package

Changes from talos-systems/discovery-service

17 commits

b2e2079 fix: properly encrypt IPv6 endpoints
e9d5dfa fix: enable connections to endpoints with public certs
509e9b2 feat: implement client wrapper around discovery service API
6195466 feat: enable vtprotobuf, watch batching, more limits
7174ec1 feat: implement new discovery service
1a43970 feat: add node and cluster validation
6454cfc refactor: kresify, fix linter and rename to Kubespan manager
d782452 add redis database backend
924fed4 refactor to flexible addresses
cd02b5a revert to string IDs
576288f add self-reported IPs
6ad15ca strong typing and known endpoint API
3437ff2 fixes from testing
d3fd1f3 add Name to Node
eb0e8ba add simple client pkg
5e0c1df add cluster hash grouping
f982696 initial commit

Changes from talos-systems/extras

1 commit

52b27da chore: update pkgs and tools to 0.8.0-alpha.0

Changes from talos-systems/go-blockdevice

6 commits

70d2865 fix: try to find cdrom disks
667bf53 fix: revert gpt partition not found
d7d4cdd fix: gpt partition not found
33afba3 fix: also open in readonly mode when running All lookup method
e367f9d feat: make probe always open blockdevices in readonly mode
d981156 fix: allow Build for Windows

Changes from talos-systems/pkgs

7 commits

28cda67 feat: update Linux kernel to 5.10.69
db90f93 chore: update tools
ca38c59 feat: enable KEXEC_FILE_LOAD in the kernel
982bc18 chore: update tools
a243ab8 feat: add /usr/src to FHS
428abdb chore: support builds with HTTP_PROXY
13151c5 chore: update bldr version, update tools

Changes from talos-systems/tools

5 commits

2790b55 feat: update Go to 1.17.1
5b9d214 fix: restore static library for ncurses
01104e5 chore: reproducible builds
53fe146 chore: update bldr with new version
bf4540d chore: add patch dependency

Dependency Changes

github.com/containerd/go-cni v1.0.2 -> v1.1.0
github.com/containernetworking/cni v0.8.1 -> v1.0.1
github.com/containernetworking/plugins v0.9.1 -> v1.0.1
github.com/cosi-project/runtime 25f235cd0682 -> 5cb7f5002d77
github.com/fatih/color v1.12.0 -> v1.13.0
github.com/fsnotify/fsnotify v1.4.9 -> v1.5.1
github.com/gdamore/tcell/v2 v2.4.0 -> f057f0a857a1
github.com/google/nftables 16a134723a96 new
github.com/hashicorp/go-getter v1.5.7 -> v1.5.8
github.com/hetznercloud/hcloud-go v1.32.0 new
github.com/insomniacslk/dhcp 1cac67f12b1e -> b95caade3eac
github.com/jsimonetti/rtnetlink 9c52e516c709 -> 435639c8e6a8
github.com/jxskiss/base62 4f11678b909b new
github.com/mattn/go-isatty v0.0.13 -> v0.0.14
github.com/mdlayher/netx 669a06fde734 new
github.com/packethost/packngo v0.19.0 -> v0.19.1
github.com/prometheus/procfs v0.7.2 -> v0.7.3
github.com/rivo/tview 29d673af0ce2 -> ee97a7ab3975
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7 new
github.com/talos-systems/discovery-service b2e2079088a5 new
github.com/talos-systems/extras v0.5.0 -> v0.6.0-alpha.0
github.com/talos-systems/go-blockdevice v0.2.3 -> 70d28650b398
github.com/talos-systems/pkgs v0.7.0 -> v0.8.0-alpha.0-4-g28cda67
github.com/talos-systems/tools v0.7.0-1-ga33ccc1 -> v0.8.0-alpha.0-3-g2790b55
github.com/vishvananda/netlink f5de75959ad5 new
github.com/vmware-tanzu/sonobuoy v0.53.1 -> v0.53.2
github.com/vmware/govmomi v0.26.0 -> v0.26.1
github.com/vultr/metadata v1.0.3 new
go.uber.org/zap v1.19.0 -> v1.19.1
golang.org/x/net 853a461950ff -> 3ad01bbaa167
golang.org/x/sys 0f9fa26af87c -> 39ccf1dd6fa6
golang.org/x/term 6886f2dfbf5b -> 140adaaadfaf
golang.zx2c4.com/wireguard/wgctrl 92e472f520a5 -> 0a2f4901cba6
google.golang.org/grpc v1.40.0 -> v1.41.0
inet.af/netaddr ce7a8ad02cc1 -> 85fa6c94624e
k8s.io/api v0.22.1 -> v0.22.2
k8s.io/apimachinery v0.22.1 -> v0.22.2
k8s.io/client-go v0.22.1 -> v0.22.2
k8s.io/kubectl v0.22.1 -> v0.22.2
k8s.io/kubelet v0.22.1 -> v0.22.2
kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 new

Previous release can be found at v0.12.0

Talos 0.13.0-alpha.2 (2021-09-28)

Welcome to the v0.13.0-alpha.2 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Hetzner, Scaleway, Upcloud and Vultr

Talos now natively supports three new cloud platforms:

Hetzner, including VIP support
Scaleway
Upcloud
Vultr

Also generic cloud-init nocloud platform is supported in both networking and storage-based modes.

etcd Advertised Address

The address advertised by etcd can now be controlled with new machine configuration option machine.etcd.subnet.

Reboots via kexec

Kexec support can be disabled with the following change to the machine configuration:

machine:
  sysctls:
    kernel.kexec_load_disabled: "1"

Cluster Discovery and KubeSpan

This release of Talos provides initial support for cluster membership discovery and KubeSpan.

These new features are not enabled by default, to enable them please make following changes to the machine configuration:

machine:
  network:
    kubespan:
      enabled: true
cluster:
  discovery:
    enabled: true

Windows Support

CLI tool talosctl is now built for Windows and published as part of the release.

Contributors

Andrey Smirnov
Artem Chernyshev
Seán C McCord
Serge Logvinov
Alexey Palazhchenko
Andrew Rynhard
Olli Janatuinen
Andrey Smirnov
Lennard Klein
Rui Lopes
Spencer Smith

Changes

93 commits

30ae7142 feat: implement integration with Discovery Service
353d632a feat: add nocloud platform support
628fbf9b chore: update Linux to 5.10.69
62acd625 fix: check trustd API CA on worker nodes
ba27bc36 feat: implement Hetzner Cloud support for virtual (shared) IP
95f440ea test: add fuzz test for configloader
d2cf021d chore: remove deprecated "join" term
0e18e280 chore: bump dependencies
b450b7ce chore: deprecate Interfaces and Routes APIs
cddcb962 fix: find devices without partition table
b1b6d613 fix: check for existence of dhcp6 FQDN first
519999b8 fix: use readonly mode when probing devices with All lookup
2b520420 feat: enable resource API in the maintenance mode
452893c2 fix: make probe open blockdevice in readonly mode
96bccdd3 test: update CABPT provider to 0.3 release
d9eb18bf fix: containerd log symlink
efa7f48e docs: quicklinks on landing page
1cb9f282 fix: don't marshal clock with SecretsBundle
b27c75b3 release(v0.13.0-alpha.1): prepare release
9d803d75 chore: bump dependencies and drop firecracker support
50a24104 feat: add operating system version field to discovery
085c61b2 chore: add a special condition to check for kubeconfig readiness
21cdd854 fix: add node address to the list of allowed IPs (kubespan)
fdd80a12 feat: add an option to continue booting on NTP timeout
ef368498 feat: add routes, routing rules and nftables rules for KubeSpan
ed12379f fix: patch multi nodes support
d943bb0e feat: update Kubernetes to 1.22.2
d0585fb6 feat: reboot via kexec
3de505c8 fix: skip bad cloud-config in OpenStack platform
a394d1e2 fix: tear down control plane static pods when etcd is stopped
1c05089b feat: implement KubeSpan manager for Wireguard peer state
ec7f44ef fix: completely prevent editing resources other than mc
19a8ae97 feat: add vultr.com cloud support
0ff4c7cd fix: write KubernetesCACert chmodded 0400 instead of 0500
a1c9d649 fix: update the way results are retrieved for certified conformance
a0594540 chore: build using Go 1.17
7c5045bd release(v0.13.0-alpha.0): prepare release
ee2dce6c chore: bump dependencies
ef022959 fix: print etcd member ID in hex
5ca1fb82 fix: multiple fixes for KubeSpan and Wireguard implementation
b1bd6425 fix: build platform images
3b5f4038 feat: add scaleway.com cloud support
f156ab18 feat: add upcloud.com cloud support
c3b2429c fix: suppress spurious Kubernetes API server cert updates
ff90b575 feat: implement KubeSpan peer generation controller
14c69df5 fix: correctly parse multiple pod/service CIDRs
69897dbb feat: drop some capabilities to be never available
51e9836b docs: promote 0.12 docs to be the latest
812d59c7 feat: add hetzner.com cloud support
d53e9e89 chore: use named constants
2dfe7f1f chore: bump tools to the latest version
82b130e7 docs: document required options for extraMounts
af662210 feat: implement Kubernetes cluster discovery registry
2c66e1b3 feat: provide building of local Affiliate structure (for the node)
d69bd2af chore: enable GPG identity check for Talos
8dbd851f chore: update tools/pkgs/extras to the new version
0b347570 feat: use dynamic NodeAddresses/HostnameStatus in Kubernetes certs
bd5b9c96 fix: correctly define example for extraMounts
01cca099 docs: update docs for Talos 0.12 release
668627d5 feat: add subnet filter for etcd address
3c3c281b chore: bump dependencies via dependabot
f8bebba2 fix: ignore error on duplicate for MountStatus
6956edd0 feat: add node address filters, filter out k8s addresses for Talos API
caee24bf feat: implement KubeSpan identity controller
da0f6e7e fix: allow updating diskSelector option
761ccaf3 feat: provide machine configuration for KubeSpan and cluster discovery
a81e30cb docs: add bootstrap command to VMware docs
97da354c fix: do not panic on invalid machine configs
c4048e26 fix: don't extract nil IPs in the GCP platform
ba169c6f feat: provide talosctl.exe for Windows
6312f473 fix: properly handle omitempty fields in the validator
7f22879a feat: provide random node identity
032e7c6b chore: import yaml.v3 consistently
80b5f0e7 fix: validate IP address returned as HTTP response in platform code
c9af8f7f docs: fork docs for 0.13
85cda1b9 feat: provide MountStatus resource for system partition mounts
950f122c chore: update versions in upgrade tests
83fdb772 feat: provide first NIC hardware addr as a resource
5f5ac12f fix: properly case the VMware name
0a6048f4 fix: don't allow bootstrap if etcd data directory is not empty
e24b93b4 fix: cgroup delegate
751f64f9 docs: add release notes for 0.12, support matrix
57a77696 feat: update Kubernetes to 1.22.1
244b08cc chore: bump dependencies
576ba195 fix: do not set KSPP kernel params in container mode
b8c92ede fix: don't support cgroups nesting in process runner
9bb0b797 test: adapt tests to the cgroupsv2
1abc12be fix: extramount should have yaml:",inline" tag
2b614e43 feat: check if cluster has deprecated resources versions
0b86edab fix: don't panic if the machine config doesn't have network (EM)
8bef41e4 fix: make sure file mode is same (reproducibility issue)
fcfca55a chore: do not check that go mod tidy gives empty output
5ce92ca5 docs: ensure azure VMs are 0 indexed

Changes since v0.13.0-alpha.1

18 commits

30ae7142 feat: implement integration with Discovery Service
353d632a feat: add nocloud platform support
628fbf9b chore: update Linux to 5.10.69
62acd625 fix: check trustd API CA on worker nodes
ba27bc36 feat: implement Hetzner Cloud support for virtual (shared) IP
95f440ea test: add fuzz test for configloader
d2cf021d chore: remove deprecated "join" term
0e18e280 chore: bump dependencies
b450b7ce chore: deprecate Interfaces and Routes APIs
cddcb962 fix: find devices without partition table
b1b6d613 fix: check for existence of dhcp6 FQDN first
519999b8 fix: use readonly mode when probing devices with All lookup
2b520420 feat: enable resource API in the maintenance mode
452893c2 fix: make probe open blockdevice in readonly mode
96bccdd3 test: update CABPT provider to 0.3 release
d9eb18bf fix: containerd log symlink
efa7f48e docs: quicklinks on landing page
1cb9f282 fix: don't marshal clock with SecretsBundle

Changes from talos-systems/discovery-service

16 commits

e9d5dfa fix: enable connections to endpoints with public certs
509e9b2 feat: implement client wrapper around discovery service API
6195466 feat: enable vtprotobuf, watch batching, more limits
7174ec1 feat: implement new discovery service
1a43970 feat: add node and cluster validation
6454cfc refactor: kresify, fix linter and rename to Kubespan manager
d782452 add redis database backend
924fed4 refactor to flexible addresses
cd02b5a revert to string IDs
576288f add self-reported IPs
6ad15ca strong typing and known endpoint API
3437ff2 fixes from testing
d3fd1f3 add Name to Node
eb0e8ba add simple client pkg
5e0c1df add cluster hash grouping
f982696 initial commit

Changes from talos-systems/extras

1 commit

52b27da chore: update pkgs and tools to 0.8.0-alpha.0

Changes from talos-systems/go-blockdevice

6 commits

70d2865 fix: try to find cdrom disks
667bf53 fix: revert gpt partition not found
d7d4cdd fix: gpt partition not found
33afba3 fix: also open in readonly mode when running All lookup method
e367f9d feat: make probe always open blockdevices in readonly mode
d981156 fix: allow Build for Windows

Changes from talos-systems/pkgs

7 commits

28cda67 feat: update Linux kernel to 5.10.69
db90f93 chore: update tools
ca38c59 feat: enable KEXEC_FILE_LOAD in the kernel
982bc18 chore: update tools
a243ab8 feat: add /usr/src to FHS
428abdb chore: support builds with HTTP_PROXY
13151c5 chore: update bldr version, update tools

Changes from talos-systems/tools

5 commits

2790b55 feat: update Go to 1.17.1
5b9d214 fix: restore static library for ncurses
01104e5 chore: reproducible builds
53fe146 chore: update bldr with new version
bf4540d chore: add patch dependency

Dependency Changes

github.com/containerd/go-cni v1.0.2 -> v1.1.0
github.com/containernetworking/cni v0.8.1 -> v1.0.1
github.com/containernetworking/plugins v0.9.1 -> v1.0.1
github.com/cosi-project/runtime 25f235cd0682 -> 5cb7f5002d77
github.com/fatih/color v1.12.0 -> v1.13.0
github.com/fsnotify/fsnotify v1.4.9 -> v1.5.1
github.com/gdamore/tcell/v2 v2.4.0 -> f057f0a857a1
github.com/google/nftables 16a134723a96 new
github.com/hashicorp/go-getter v1.5.7 -> v1.5.8
github.com/hetznercloud/hcloud-go v1.32.0 new
github.com/insomniacslk/dhcp 1cac67f12b1e -> b95caade3eac
github.com/jsimonetti/rtnetlink 9c52e516c709 -> 435639c8e6a8
github.com/jxskiss/base62 4f11678b909b new
github.com/mattn/go-isatty v0.0.13 -> v0.0.14
github.com/mdlayher/netx 669a06fde734 new
github.com/packethost/packngo v0.19.0 -> v0.19.1
github.com/prometheus/procfs v0.7.2 -> v0.7.3
github.com/rivo/tview 29d673af0ce2 -> ee97a7ab3975
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7 new
github.com/talos-systems/discovery-service e9d5dfa15e92 new
github.com/talos-systems/extras v0.5.0 -> v0.6.0-alpha.0
github.com/talos-systems/go-blockdevice v0.2.3 -> 70d28650b398
github.com/talos-systems/pkgs v0.7.0 -> v0.8.0-alpha.0-4-g28cda67
github.com/talos-systems/tools v0.7.0-1-ga33ccc1 -> v0.8.0-alpha.0-3-g2790b55
github.com/vishvananda/netlink f5de75959ad5 new
github.com/vmware-tanzu/sonobuoy v0.53.1 -> v0.53.2
github.com/vmware/govmomi v0.26.0 -> v0.26.1
github.com/vultr/metadata v1.0.3 new
go.uber.org/zap v1.19.0 -> v1.19.1
golang.org/x/net 853a461950ff -> 3ad01bbaa167
golang.org/x/sys 0f9fa26af87c -> 39ccf1dd6fa6
golang.org/x/term 6886f2dfbf5b -> 140adaaadfaf
golang.zx2c4.com/wireguard/wgctrl 92e472f520a5 -> 0a2f4901cba6
google.golang.org/grpc v1.40.0 -> v1.41.0
inet.af/netaddr ce7a8ad02cc1 -> 85fa6c94624e
k8s.io/api v0.22.1 -> v0.22.2
k8s.io/apimachinery v0.22.1 -> v0.22.2
k8s.io/client-go v0.22.1 -> v0.22.2
k8s.io/kubectl v0.22.1 -> v0.22.2
k8s.io/kubelet v0.22.1 -> v0.22.2
kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 new

Previous release can be found at v0.12.0

Talos 0.13.0-alpha.1 (2021-09-20)

Welcome to the v0.13.0-alpha.1 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Hetzner, Scaleway, Upcloud and Vultr

Talos now natively supports three new cloud platforms:

etcd Advertised Address

The address advertised by etcd can now be controlled with new machine configuration option machine.etcd.subnet.

Reboots via kexec

Kexec support can be disabled with the following change to the machine configuration:

machine:
  sysctls:
    kernel.kexec_load_disabled: "1"

Cluster Discovery and KubeSpan

This release of Talos provides initial support for cluster membership discovery and KubeSpan.

These new features are not enabled by default, to enable them please make following changes to the machine configuration:

machine:
  network:
    kubespan:
      enabled: true
cluster:
  discovery:
    enabled: true

Windows Support

CLI tool talosctl is now built for Windows and published as part of the release.

Contributors

Andrey Smirnov
Alexey Palazhchenko
Artem Chernyshev
Serge Logvinov
Andrew Rynhard
Olli Janatuinen
Andrey Smirnov
Lennard Klein
Rui Lopes
Spencer Smith

Changes

74 commits

9d803d75 chore: bump dependencies and drop firecracker support
50a24104 feat: add operating system version field to discovery
085c61b2 chore: add a special condition to check for kubeconfig readiness
21cdd854 fix: add node address to the list of allowed IPs (kubespan)
fdd80a12 feat: add an option to continue booting on NTP timeout
ef368498 feat: add routes, routing rules and nftables rules for KubeSpan
ed12379f fix: patch multi nodes support
d943bb0e feat: update Kubernetes to 1.22.2
d0585fb6 feat: reboot via kexec
3de505c8 fix: skip bad cloud-config in OpenStack platform
a394d1e2 fix: tear down control plane static pods when etcd is stopped
1c05089b feat: implement KubeSpan manager for Wireguard peer state
ec7f44ef fix: completely prevent editing resources other than mc
19a8ae97 feat: add vultr.com cloud support
0ff4c7cd fix: write KubernetesCACert chmodded 0400 instead of 0500
a1c9d649 fix: update the way results are retrieved for certified conformance
a0594540 chore: build using Go 1.17
7c5045bd release(v0.13.0-alpha.0): prepare release
ee2dce6c chore: bump dependencies
ef022959 fix: print etcd member ID in hex
5ca1fb82 fix: multiple fixes for KubeSpan and Wireguard implementation
b1bd6425 fix: build platform images
3b5f4038 feat: add scaleway.com cloud support
f156ab18 feat: add upcloud.com cloud support
c3b2429c fix: suppress spurious Kubernetes API server cert updates
ff90b575 feat: implement KubeSpan peer generation controller
14c69df5 fix: correctly parse multiple pod/service CIDRs
69897dbb feat: drop some capabilities to be never available
51e9836b docs: promote 0.12 docs to be the latest
812d59c7 feat: add hetzner.com cloud support
d53e9e89 chore: use named constants
2dfe7f1f chore: bump tools to the latest version
82b130e7 docs: document required options for extraMounts
af662210 feat: implement Kubernetes cluster discovery registry
2c66e1b3 feat: provide building of local Affiliate structure (for the node)
d69bd2af chore: enable GPG identity check for Talos
8dbd851f chore: update tools/pkgs/extras to the new version
0b347570 feat: use dynamic NodeAddresses/HostnameStatus in Kubernetes certs
bd5b9c96 fix: correctly define example for extraMounts
01cca099 docs: update docs for Talos 0.12 release
668627d5 feat: add subnet filter for etcd address
3c3c281b chore: bump dependencies via dependabot
f8bebba2 fix: ignore error on duplicate for MountStatus
6956edd0 feat: add node address filters, filter out k8s addresses for Talos API
caee24bf feat: implement KubeSpan identity controller
da0f6e7e fix: allow updating diskSelector option
761ccaf3 feat: provide machine configuration for KubeSpan and cluster discovery
a81e30cb docs: add bootstrap command to VMware docs
97da354c fix: do not panic on invalid machine configs
c4048e26 fix: don't extract nil IPs in the GCP platform
ba169c6f feat: provide talosctl.exe for Windows
6312f473 fix: properly handle omitempty fields in the validator
7f22879a feat: provide random node identity
032e7c6b chore: import yaml.v3 consistently
80b5f0e7 fix: validate IP address returned as HTTP response in platform code
c9af8f7f docs: fork docs for 0.13
85cda1b9 feat: provide MountStatus resource for system partition mounts
950f122c chore: update versions in upgrade tests
83fdb772 feat: provide first NIC hardware addr as a resource
5f5ac12f fix: properly case the VMware name
0a6048f4 fix: don't allow bootstrap if etcd data directory is not empty
e24b93b4 fix: cgroup delegate
751f64f9 docs: add release notes for 0.12, support matrix
57a77696 feat: update Kubernetes to 1.22.1
244b08cc chore: bump dependencies
576ba195 fix: do not set KSPP kernel params in container mode
b8c92ede fix: don't support cgroups nesting in process runner
9bb0b797 test: adapt tests to the cgroupsv2
1abc12be fix: extramount should have yaml:",inline" tag
2b614e43 feat: check if cluster has deprecated resources versions
0b86edab fix: don't panic if the machine config doesn't have network (EM)
8bef41e4 fix: make sure file mode is same (reproducibility issue)
fcfca55a chore: do not check that go mod tidy gives empty output
5ce92ca5 docs: ensure azure VMs are 0 indexed

Changes since v0.13.0-alpha.0

17 commits

9d803d75 chore: bump dependencies and drop firecracker support
50a24104 feat: add operating system version field to discovery
085c61b2 chore: add a special condition to check for kubeconfig readiness
21cdd854 fix: add node address to the list of allowed IPs (kubespan)
fdd80a12 feat: add an option to continue booting on NTP timeout
ef368498 feat: add routes, routing rules and nftables rules for KubeSpan
ed12379f fix: patch multi nodes support
d943bb0e feat: update Kubernetes to 1.22.2
d0585fb6 feat: reboot via kexec
3de505c8 fix: skip bad cloud-config in OpenStack platform
a394d1e2 fix: tear down control plane static pods when etcd is stopped
1c05089b feat: implement KubeSpan manager for Wireguard peer state
ec7f44ef fix: completely prevent editing resources other than mc
19a8ae97 feat: add vultr.com cloud support
0ff4c7cd fix: write KubernetesCACert chmodded 0400 instead of 0500
a1c9d649 fix: update the way results are retrieved for certified conformance
a0594540 chore: build using Go 1.17

Changes from talos-systems/extras

1 commit

52b27da chore: update pkgs and tools to 0.8.0-alpha.0

Changes from talos-systems/go-blockdevice

1 commit

d981156 fix: allow Build for Windows

Changes from talos-systems/pkgs

6 commits

db90f93 chore: update tools
ca38c59 feat: enable KEXEC_FILE_LOAD in the kernel
982bc18 chore: update tools
a243ab8 feat: add /usr/src to FHS
428abdb chore: support builds with HTTP_PROXY
13151c5 chore: update bldr version, update tools

Changes from talos-systems/tools

5 commits

2790b55 feat: update Go to 1.17.1
5b9d214 fix: restore static library for ncurses
01104e5 chore: reproducible builds
53fe146 chore: update bldr with new version
bf4540d chore: add patch dependency

Dependency Changes

github.com/containerd/go-cni v1.0.2 -> v1.1.0
github.com/containernetworking/cni v0.8.1 -> v1.0.1
github.com/containernetworking/plugins v0.9.1 -> v1.0.1
github.com/cosi-project/runtime 25f235cd0682 -> 5cb7f5002d77
github.com/fsnotify/fsnotify v1.4.9 -> v1.5.1
github.com/gdamore/tcell/v2 v2.4.0 -> f057f0a857a1
github.com/google/nftables 16a134723a96 new
github.com/hashicorp/go-getter v1.5.7 -> v1.5.8
github.com/insomniacslk/dhcp 1cac67f12b1e -> b95caade3eac
github.com/jsimonetti/rtnetlink 9c52e516c709 -> 4cc3c1489576
github.com/jxskiss/base62 4f11678b909b new
github.com/mattn/go-isatty v0.0.13 -> v0.0.14
github.com/mdlayher/netx 669a06fde734 new
github.com/packethost/packngo v0.19.0 -> v0.19.1
github.com/prometheus/procfs v0.7.2 -> v0.7.3
github.com/rivo/tview 29d673af0ce2 -> f7430b878d17
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7 new
github.com/talos-systems/extras v0.5.0 -> v0.6.0-alpha.0
github.com/talos-systems/go-blockdevice v0.2.3 -> d9811569588b
github.com/talos-systems/pkgs v0.7.0 -> v0.8.0-alpha.0-3-gdb90f93
github.com/talos-systems/tools v0.7.0-1-ga33ccc1 -> v0.8.0-alpha.0-3-g2790b55
github.com/vishvananda/netlink f5de75959ad5 new
github.com/vmware-tanzu/sonobuoy v0.53.1 -> v0.53.2
github.com/vmware/govmomi v0.26.0 -> v0.26.1
github.com/vultr/metadata v1.0.3 new
go.uber.org/zap v1.19.0 -> v1.19.1
golang.org/x/net 853a461950ff -> 978cfadd31cf
golang.org/x/sys 0f9fa26af87c -> d61c044b1678
golang.org/x/term 6886f2dfbf5b -> 140adaaadfaf
golang.zx2c4.com/wireguard/wgctrl 92e472f520a5 -> 91d1988e44de
inet.af/netaddr ce7a8ad02cc1 -> 85fa6c94624e
k8s.io/api v0.22.1 -> v0.22.2
k8s.io/apimachinery v0.22.1 -> v0.22.2
k8s.io/client-go v0.22.1 -> v0.22.2
k8s.io/kubectl v0.22.1 -> v0.22.2
k8s.io/kubelet v0.22.1 -> v0.22.2
kernel.org/pub/linux/libs/security/libcap/cap v1.2.58 new

Previous release can be found at v0.12.0

Talos 0.13.0-alpha.0 (2021-09-13)

Welcome to the v0.13.0-alpha.0 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Hetzner, Scaleway and Upcloud

Talos now natively supports three new cloud platforms:

etcd Advertised Address

The address advertised by etcd can now be controlled with new machine configuration option machine.etcd.subnet.

Cluster Discovery and KubeSpan

This release of Talos provides some initial support for cluster membership discovery and KubeSpan.

These new features are not enabled by default.

Windows Support

CLI tool talosctl is now built for Windows and published as part of the release.

Contributors

Andrey Smirnov
Artem Chernyshev
Alexey Palazhchenko
Serge Logvinov
Andrew Rynhard
Olli Janatuinen
Andrey Smirnov
Rui Lopes
Spencer Smith

Changes

55 commits

ef022959 fix: print etcd member ID in hex
5ca1fb82 fix: multiple fixes for KubeSpan and Wireguard implementation
b1bd6425 fix: build platform images
3b5f4038 feat: add scaleway.com cloud support
f156ab18 feat: add upcloud.com cloud support
c3b2429c fix: suppress spurious Kubernetes API server cert updates
ff90b575 feat: implement KubeSpan peer generation controller
14c69df5 fix: correctly parse multiple pod/service CIDRs
69897dbb feat: drop some capabilities to be never available
51e9836b docs: promote 0.12 docs to be the latest
812d59c7 feat: add hetzner.com cloud support
d53e9e89 chore: use named constants
2dfe7f1f chore: bump tools to the latest version
82b130e7 docs: document required options for extraMounts
af662210 feat: implement Kubernetes cluster discovery registry
2c66e1b3 feat: provide building of local Affiliate structure (for the node)
d69bd2af chore: enable GPG identity check for Talos
8dbd851f chore: update tools/pkgs/extras to the new version
0b347570 feat: use dynamic NodeAddresses/HostnameStatus in Kubernetes certs
bd5b9c96 fix: correctly define example for extraMounts
01cca099 docs: update docs for Talos 0.12 release
668627d5 feat: add subnet filter for etcd address
3c3c281b chore: bump dependencies via dependabot
f8bebba2 fix: ignore error on duplicate for MountStatus
6956edd0 feat: add node address filters, filter out k8s addresses for Talos API
caee24bf feat: implement KubeSpan identity controller
da0f6e7e fix: allow updating diskSelector option
761ccaf3 feat: provide machine configuration for KubeSpan and cluster discovery
a81e30cb docs: add bootstrap command to VMware docs
97da354c fix: do not panic on invalid machine configs
c4048e26 fix: don't extract nil IPs in the GCP platform
ba169c6f feat: provide talosctl.exe for Windows
6312f473 fix: properly handle omitempty fields in the validator
7f22879a feat: provide random node identity
032e7c6b chore: import yaml.v3 consistently
80b5f0e7 fix: validate IP address returned as HTTP response in platform code
c9af8f7f docs: fork docs for 0.13
85cda1b9 feat: provide MountStatus resource for system partition mounts
950f122c chore: update versions in upgrade tests
83fdb772 feat: provide first NIC hardware addr as a resource
5f5ac12f fix: properly case the VMware name
0a6048f4 fix: don't allow bootstrap if etcd data directory is not empty
e24b93b4 fix: cgroup delegate
751f64f9 docs: add release notes for 0.12, support matrix
57a77696 feat: update Kubernetes to 1.22.1
244b08cc chore: bump dependencies
576ba195 fix: do not set KSPP kernel params in container mode
b8c92ede fix: don't support cgroups nesting in process runner
9bb0b797 test: adapt tests to the cgroupsv2
1abc12be fix: extramount should have yaml:",inline" tag
2b614e43 feat: check if cluster has deprecated resources versions
0b86edab fix: don't panic if the machine config doesn't have network (EM)
8bef41e4 fix: make sure file mode is same (reproducibility issue)
fcfca55a chore: do not check that go mod tidy gives empty output
5ce92ca5 docs: ensure azure VMs are 0 indexed

Changes from talos-systems/extras

1 commit

52b27da chore: update pkgs and tools to 0.8.0-alpha.0

Changes from talos-systems/go-blockdevice

1 commit

d981156 fix: allow Build for Windows

Changes from talos-systems/pkgs

3 commits

a243ab8 feat: add /usr/src to FHS
428abdb chore: support builds with HTTP_PROXY
13151c5 chore: update bldr version, update tools

Changes from talos-systems/tools

4 commits

5b9d214 fix: restore static library for ncurses
01104e5 chore: reproducible builds
53fe146 chore: update bldr with new version
bf4540d chore: add patch dependency

Dependency Changes

github.com/cosi-project/runtime 25f235cd0682 -> 57b048cd66b0
github.com/fsnotify/fsnotify v1.4.9 -> v1.5.1
github.com/insomniacslk/dhcp 1cac67f12b1e -> d82598001386
github.com/jxskiss/base62 4f11678b909b new
github.com/mdlayher/netx 669a06fde734 new
github.com/prometheus/procfs v0.7.2 -> v0.7.3
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7 new
github.com/talos-systems/extras v0.5.0 -> v0.6.0-alpha.0
github.com/talos-systems/go-blockdevice v0.2.3 -> d9811569588b
github.com/talos-systems/pkgs v0.7.0 -> v0.8.0-alpha.0
github.com/talos-systems/tools v0.7.0-1-ga33ccc1 -> v0.8.0-alpha.0-2-g5b9d214
github.com/vmware-tanzu/sonobuoy v0.53.1 -> v0.53.2
github.com/vmware/govmomi v0.26.0 -> v0.26.1
golang.org/x/net 853a461950ff -> 60bc85c4be6d
golang.org/x/sys 0f9fa26af87c -> 63515b42dcdf
kernel.org/pub/linux/libs/security/libcap/cap v1.2.56 new

Previous release can be found at v0.12.0

Talos 0.12.0-alpha.1 (2021-08-13)

Welcome to the v0.12.0-alpha.1 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Support for Self-hosted Control Plane Dropped

Note

: This item only applies to clusters bootstrapped with Talos <= 0.8.

Talos 0.12 completely removes support for self-hosted Kubernetes control plane (bootkube-based). Talos 0.9 introduced support for Talos-managed control plane and provided migration path to convert self-hosted control plane to Talos-managed static pods. Automated and manual conversion process is available in Talos from 0.9.x to 0.11.x. For clusters bootstrapped with bootkube (Talos <= 0.8), please make sure control plane is converted to Talos-managed before before upgrading to Talos 0.12. Current control plane status can be checked with talosctl get bootstrapstatus before performing upgrade to Talos 0.12.

Cluster API v0.3.x

Cluster API v0.3.x (v1alpha3) is not compatible with Kubernetes 1.22 used by default in Talos 0.12. Talos can be configued to use Kubernetes 1.21 or CAPI v0.4.x components can be used instead.

Machine Config Validation

Unknown keys in the machine config now make the config invalid, so any attempt to apply/edit the configuration with the unknown keys will lead into an error.

Sysctl Configuration

Sysctl Kernel Params configuration was completely rewritten to be based on controllers and resources, which makes it possible to apply .machine.sysctls in immediate mode (without a reboot). talosctl get kernelparams returns merged list of KSPP, Kubernetes and user defined params along with the default values overwritten by Talos.

Equinix Metal

Added support for Equinix Metal IPs for the Talos virtual (shared) IP (option equnixMetal under vip in the machine configuration). Talos automatically re-assigns IP using the Equinix Metal API when leadership changes.

etcd

New etcd cluster members are now joined in learner mode, which improves cluster resiliency to member join issues.

Join Node Type

Node type join was renamed to worker for clarity. The old value is still accepted in the machine configuration but deprecated. talosctl gen config now generates worker.yaml instead of join.yaml.

Networking

multiple static addresses can be specified for the interface with new .addresses field (old .cidr field is deprecated now)
static addresses can be set on interfaces configured with DHCP

Performance

machined uses less memory and CPU time
more disk encryption options are exposed via the machine configuration
disk partitions are now aligned properly with minimum I/O size
Talos system processes are moved under proper cgroups, resource metrics are now available via the kubelet
OOM score is set on the system processes making sure they are killed last under memory pressure

Security

etcd PKI moved to /system/secrets
kubelet bootstrap CSR auto-signing scoped to kubelet bootstrap tokens only
enforce default seccomp profile on all system containers
run system services apid, trustd, and etcd as non-root users

Component Updates

Linux: 5.10.57
Kubernetes: 1.22.0
containerd: 1.5.5
runc: 1.0.1
GRUB: 2.06
Talos is built with Go 1.16.7

Contributors

Andrey Smirnov
Alexey Palazhchenko
Andrey Smirnov
Serge Logvinov
Artem Chernyshev
Spencer Smith
Alexey Palazhchenko
dependabot[bot]
Andrew Rynhard
Artem Chernyshev
Rui Lopes
Caleb Woodbine
Seán C McCord

Changes

109 commits

1ed5e545 feat: add ClusterID and ClusterSecret
228b3761 chore: run etcd as non-root user
3518219b chore: drop deprecated --no-reboot param and KernelCurrentRoot const
33d1c3e4 chore: run apid and trustd services as non-root user
dadaa65d feat: print uid/gid for the files in ls -l
e6fa401b fix: enable seccomp default profile by default
8ddbcc96 feat: validate if extra fields present in the decoder
5b57a980 chore: update Go to 1.16.7, Linux to 5.10.57
eefe1c21 feat: add new etcd members in learner mode
b1c66fba feat: implement Equinix Metal support for virtual (shared) IP
62242f97 chore: require GPG signatures
faecae44 feat: make ISO builds reproducible
887c2326 release(v0.12.0-alpha.0): prepare release
a15f0184 fix: move etcd PKI under /system/secrets
eb02afe1 fix: match correctly routes on the address family
cb948acc feat: allow multiple addresses per interface
e030b2e8 chore: use k8s 1.21.3 in CAPI tests for now
e08b4f8f feat: implement sysctl controllers
fdf6b243 chore: revert "improve artifacts generation reproducibility"
b68ed1eb fix: make route resources ID match closer routing table primary key
585f6337 fix: correctly handle nodoc for struct fields
f2d394dc docs: add AMIs for v0.11.5
d0970cbf feat: bootstrap token limit
5285a46d fix: maintenance mode reason message
009d15e8 chore: use etcd client TryLock function on upgrade
4dae9ea5 chore: use vtprotobuf compiled marshaling in Talos API
7ca5749a chore: bump dependencies via dependabot
b2507b41 chore: improve artifacts generation reproducibility
1f7dad23 chore: update PKGS version (512 cpus, new ca-certficates)
1a2e78a2 fix: update go-blockdevice
6d6ed117 chore: use parallel xz with higher compression level
571f7db1 chore: workaround GitHub new release notes limit
09d70b7e feat: update Kubernetes to v1.22.0
f25f10e7 feat: add an option to disable PSP
7c6e4cf2 feat: allow both DHCP and static addressing for the interface
3c566dbc fix: remove admission plugins enabled by default from the list
69ead373 fix: preserve PMBR bootable flag correctly
dee63051 fix: align partitions with minimal I/O size
62890229 feat: update GRUB to 2.06
b9d04928 feat: move system processes to cgroups
0b8681b4 fix: resolve several issues with Wireguard link specs
f8f4bf3b docs: add disk encryptions examples
79b8fa64 feat: update containerd to 1.5.5
539f4209 chore: bump dependencies via dependabot
0c7ce1cd feat: remove remnants of bootkube support
d4f9804f chore: fix typos
5f027615 feat: expose more encryption options to the machine config
585152a0 chore: bump dependencies
fc66ec59 feat: set oom score for main processes
df54584a fix: drop linux capabilities
f65d0b73 docs: add 0.11.3 AMIs
7332d636 fix: bump pkgs for new kernel 5.10.52
70d2505b fix: do not require ToVersion to be set when detecting version
0953b199 chore: update extras to bring a new CNI bundle
b6c47f86 fix: set the /etc/os-release HOME_URL parameter
c780821d feat: update containerd to 1.5.3, runc to 1.0.1
f8f1c83a feat: detect the lowest Kubernetes version in upgrade-k8s CLI command
55e17ccd chore: bump dependencies
da6f786c fix: kuberentes => kubernetes typo
2e463348 fix: pass all logs through the options.Log method
4e9c5afb fix: make ethtool optional in link status controller
bf61c2cc fix: write upgrade logs only to the LogOutput if it's defined
9c73257c feat: update Go to 1.16.6
23ef1d40 chore: add ability to redirect talos upgrade module logs to io.Writer
33e9d6c9 chore: bump github.com/aws/aws-sdk-go in /hack/cloud-image-uploader
604434c4 chore: bump github.com/prometheus/procfs from 0.6.0 to 0.7.0
2ea28f62 chore: bump node from 16.3.0-alpine to 16.4.2-alpine
b358a189 fix: correctly pick route scope for link-local destination
6848d431 feat: can change clusterdns ip lists
72b76abf fix: workaround issues when IPv6 is fully or partially disabled
679b08f4 docs: update docs for 0.12
6fbec9e0 fix: cache etcd client used for healthchecks
eea750de chore: rename "join" type to "worker"
951493ac docs: update what's new for Talos 0.11
b47d1098 docs: promote 0.11 docs to be the latest
d930a265 chore: implement DeepCopy for machine configuration
fe4ed3c7 chore: ignore tags which don't look like semantic version
b969e772 chore: update references to old protobuf package
2ba8ac9a docs: add documentation directory for 0.12
011e2885 fix: validate bond slaves addressing
10c28758 fix: ignore DeadlineExceeded error correctly on bootstrap
77fabace chore: ignore future pkg/machinery/vX.Y.Z tags
6b661114 fix: make COSI runtime history depth smaller
9bf899bd fix: make forfeit leadership connect to the right node
4708beae feat: implement talosctl config info command
6d13d2cf fix: close Kubernetes API client
aaa36f3b fix: ignore 'not a leader' error on forfeit leadership
22a41936 fix: workaround 'Unauthorized' errors when accessing Kubernetes API
71c6f700 chore: bump go.mod dependencies
915cd8fe docs: add guide for RBAC
f5721050 fix: controlplane keyusage
3d772661 fix: fill uuid argument correctly in the config download URL
d8602025 chore: update containerd config version 2
5949ec4e docs: describe the new network configuration subsystem
444d72b4 feat: update pkgs version
e883c12b fix: make output of upgrade-k8s command less scary
7f8e50de fix: restart the merge controllers on conflict
60d73609 fix: ignore deadline exceeded errors on bootstrap
ee06dd69 fix: don't print git sha of the release twice in the dashboard
07fb61e5 fix: issue worker apid certs properly on renewal
84817f73 chore: bump Talos version in upgrade tests
2fa54107 chore: fix tests for disabled RBAC
78583ba9 fix: don't set bond delay options if miimon is not enabled
bbf1c091 feat: add RBAC to talosctl version output
5f6ec3ef fix: handle cases when merged resource re-appears before being destroyed
1e9a0e74 fix: documentation typos
f228af40 chore: bump go.mod dependencies
2060ceaa chore: add CAPI version to CI setup
ad047a7d chore: small RBAC improvements

Changes since v0.12.0-alpha.0

12 commits

1ed5e545 feat: add ClusterID and ClusterSecret
228b3761 chore: run etcd as non-root user
3518219b chore: drop deprecated --no-reboot param and KernelCurrentRoot const
33d1c3e4 chore: run apid and trustd services as non-root user
dadaa65d feat: print uid/gid for the files in ls -l
e6fa401b fix: enable seccomp default profile by default
8ddbcc96 feat: validate if extra fields present in the decoder
5b57a980 chore: update Go to 1.16.7, Linux to 5.10.57
eefe1c21 feat: add new etcd members in learner mode
b1c66fba feat: implement Equinix Metal support for virtual (shared) IP
62242f97 chore: require GPG signatures
faecae44 feat: make ISO builds reproducible

Changes from talos-systems/crypto

1 commit

deec8d4 chore: implement DeepCopy methods for PEMEncoded* types

Changes from talos-systems/extras

3 commits

8ce17e5 chore: bump tools and packages for Go 1.16.7
4957f3c chore: update pkgs to use CNI plugins v0.9.1
233716a feat: update Go to 1.16.6

Changes from talos-systems/go-blockdevice

4 commits

fe24303 fix: perform correct PMBR partition calculations
2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
87816a8 feat: align partition to minimum I/O size
c34b59f feat: expose more encryption options in the LUKS module

Changes from talos-systems/pkgs

17 commits

da4ac04 chore: bump tools for Go 1.16.7
10275fb feat: update Linux to 5.10.57
875c7ec chore: patch grub with support for reproducible ISO builds
12856ce feat: increase number of CPUs supported by the kernel to 512
cbfabac chore: update ca-certificates to 2021-07-05
0c011c0 feat: update GRUB to 2.06
5090d14 chore: update containerd to v1.5.5
6653902 feat: add kernel drivers for fusion and scsi-isci
9b4041f chore: update containerd to v1.5.4
7b6cc05 feat: update kernel to latest 5.10.52
65159fb chore: update runc and CNI plugins
514ba34 feat: disable aufs, devmapper, zfs
6bc118f chore: update runc and containerd
b6fca88 feat: update Go to 1.16.6
fd56852 chore: update open-isns and open-iscsi
d779204 chore: update dosfstools to v4.2
bc7c0d7 feat: add support for hotplug of PCIE devices

Changes from talos-systems/tools

5 commits

2368154 feat: update Go and protoc-gen-go tools
7172a5d feat: update Go to 1.16.6
1de34d7 chore: update musl
76979a1 chore: update protobuf deps
0846c64 chore: update expat

Dependency Changes

github.com/BurntSushi/toml v0.3.1 -> v0.4.1
github.com/aws/aws-sdk-go v1.38.66 -> v1.40.2
github.com/containerd/containerd v1.5.2 -> v1.5.5
github.com/cosi-project/runtime 93ead370bf57 -> 25f235cd0682
github.com/docker/docker v20.10.7 -> v20.10.8
github.com/google/uuid v1.2.0 -> v1.3.0
github.com/hashicorp/go-getter v1.5.4 -> v1.5.6
github.com/opencontainers/runtime-spec e6143ca7d51d -> 1c3f411f0417
github.com/packethost/packngo v0.19.0 new
github.com/prometheus/procfs v0.6.0 -> v0.7.2
github.com/rivo/tview d4fb0348227b -> 29d673af0ce2
github.com/spf13/cobra v1.1.3 -> v1.2.1
github.com/talos-systems/crypto v0.3.1 -> deec8d47700e
github.com/talos-systems/extras v0.4.0 -> v0.5.0-alpha.0-2-g8ce17e5
github.com/talos-systems/go-blockdevice v0.2.1 -> v0.2.3
github.com/talos-systems/pkgs v0.6.0-1-g7b2e126 -> v0.7.0-alpha.0-16-gda4ac04
github.com/talos-systems/tools v0.6.0 -> v0.7.0-alpha.0-3-g2368154
github.com/vmware-tanzu/sonobuoy v0.52.0 -> v0.53.0
go.uber.org/zap v1.17.0 -> v1.18.1
golang.org/x/net 04defd469f4e -> 853a461950ff
golang.org/x/sys 59db8d763f22 -> 0f9fa26af87c
golang.org/x/time 38a9dc6acbc6 -> 1f47c861a9ac
google.golang.org/grpc v1.38.0 -> v1.39.1
google.golang.org/protobuf v1.26.0 -> v1.27.1
inet.af/netaddr bf05d8b52dda -> ce7a8ad02cc1
k8s.io/api v0.21.2 -> v0.22.0
k8s.io/apimachinery v0.21.2 -> v0.22.0
k8s.io/apiserver v0.21.2 -> v0.22.0
k8s.io/client-go v0.21.2 -> v0.22.0
k8s.io/cri-api v0.21.2 -> v0.22.0
k8s.io/kubectl v0.21.2 -> v0.22.0
k8s.io/kubelet v0.21.2 -> v0.22.0

Previous release can be found at v0.11.0

Talos 0.12.0-alpha.0 (2021-08-11)

Welcome to the v0.12.0-alpha.0 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Support for Self-hosted Control Plane Dropped

Note

: This item only applies to clusters bootstrapped with Talos <= 0.8.

Cluster API v0.3.x

Cluster API v0.3.x (v1alpha3) is not compatible with Kubernetes 1.22 used by default in Talos 0.12. Talos can be configued to use Kubernetes 1.21 or CAPI v0.4.x components can be used instead.

Sysctl Configuration

Join Node Type

Networking

multiple static addresses can be specified for the interface with new .addresses field (old .cidr field is deprecated now)
static addresses can be set on interfaces configured with DHCP

Performance

machined uses less memory and CPU time
more disk encryption options are exposed via the machine configuration
disk partitions are now aligned properly with minimum I/O size
Talos system processes are moved under proper cgroups, resource metrics are now available via the kubelet
OOM score is set on the system processes making sure they are killed last under memory pressure

Security

etcd PKI moved to /system/secrets
kubelet bootstrap CSR auto-signing scoped to kubelet bootstrap tokens only

Component Updates

Linux: 5.10.52
Kubernetes: 1.22.0
containerd: 1.5.5
runc: 1.0.1
GRUB: 2.06
Talos is built with Go 1.16.6

Contributors

Andrey Smirnov
Alexey Palazhchenko
Serge Logvinov
Andrey Smirnov
Artem Chernyshev
Spencer Smith
Alexey Palazhchenko
dependabot[bot]
Rui Lopes
Andrew Rynhard
Caleb Woodbine

Changes

96 commits

a15f0184 fix: move etcd PKI under /system/secrets
eb02afe1 fix: match correctly routes on the address family
cb948acc feat: allow multiple addresses per interface
e030b2e8 chore: use k8s 1.21.3 in CAPI tests for now
e08b4f8f feat: implement sysctl controllers
fdf6b243 chore: revert "improve artifacts generation reproducibility"
b68ed1eb fix: make route resources ID match closer routing table primary key
585f6337 fix: correctly handle nodoc for struct fields
f2d394dc docs: add AMIs for v0.11.5
d0970cbf feat: bootstrap token limit
5285a46d fix: maintenance mode reason message
009d15e8 chore: use etcd client TryLock function on upgrade
4dae9ea5 chore: use vtprotobuf compiled marshaling in Talos API
7ca5749a chore: bump dependencies via dependabot
b2507b41 chore: improve artifacts generation reproducibility
1f7dad23 chore: update PKGS version (512 cpus, new ca-certficates)
1a2e78a2 fix: update go-blockdevice
6d6ed117 chore: use parallel xz with higher compression level
571f7db1 chore: workaround GitHub new release notes limit
09d70b7e feat: update Kubernetes to v1.22.0
f25f10e7 feat: add an option to disable PSP
7c6e4cf2 feat: allow both DHCP and static addressing for the interface
3c566dbc fix: remove admission plugins enabled by default from the list
69ead373 fix: preserve PMBR bootable flag correctly
dee63051 fix: align partitions with minimal I/O size
62890229 feat: update GRUB to 2.06
b9d04928 feat: move system processes to cgroups
0b8681b4 fix: resolve several issues with Wireguard link specs
f8f4bf3b docs: add disk encryptions examples
79b8fa64 feat: update containerd to 1.5.5
539f4209 chore: bump dependencies via dependabot
0c7ce1cd feat: remove remnants of bootkube support
d4f9804f chore: fix typos
5f027615 feat: expose more encryption options to the machine config
585152a0 chore: bump dependencies
fc66ec59 feat: set oom score for main processes
df54584a fix: drop linux capabilities
f65d0b73 docs: add 0.11.3 AMIs
7332d636 fix: bump pkgs for new kernel 5.10.52
70d2505b fix: do not require ToVersion to be set when detecting version
0953b199 chore: update extras to bring a new CNI bundle
b6c47f86 fix: set the /etc/os-release HOME_URL parameter
c780821d feat: update containerd to 1.5.3, runc to 1.0.1
f8f1c83a feat: detect the lowest Kubernetes version in upgrade-k8s CLI command
55e17ccd chore: bump dependencies
da6f786c fix: kuberentes => kubernetes typo
2e463348 fix: pass all logs through the options.Log method
4e9c5afb fix: make ethtool optional in link status controller
bf61c2cc fix: write upgrade logs only to the LogOutput if it's defined
9c73257c feat: update Go to 1.16.6
23ef1d40 chore: add ability to redirect talos upgrade module logs to io.Writer
33e9d6c9 chore: bump github.com/aws/aws-sdk-go in /hack/cloud-image-uploader
604434c4 chore: bump github.com/prometheus/procfs from 0.6.0 to 0.7.0
2ea28f62 chore: bump node from 16.3.0-alpine to 16.4.2-alpine
b358a189 fix: correctly pick route scope for link-local destination
6848d431 feat: can change clusterdns ip lists
72b76abf fix: workaround issues when IPv6 is fully or partially disabled
679b08f4 docs: update docs for 0.12
6fbec9e0 fix: cache etcd client used for healthchecks
eea750de chore: rename "join" type to "worker"
951493ac docs: update what's new for Talos 0.11
b47d1098 docs: promote 0.11 docs to be the latest
d930a265 chore: implement DeepCopy for machine configuration
fe4ed3c7 chore: ignore tags which don't look like semantic version
b969e772 chore: update references to old protobuf package
2ba8ac9a docs: add documentation directory for 0.12
011e2885 fix: validate bond slaves addressing
10c28758 fix: ignore DeadlineExceeded error correctly on bootstrap
77fabace chore: ignore future pkg/machinery/vX.Y.Z tags
6b661114 fix: make COSI runtime history depth smaller
9bf899bd fix: make forfeit leadership connect to the right node
4708beae feat: implement talosctl config info command
6d13d2cf fix: close Kubernetes API client
aaa36f3b fix: ignore 'not a leader' error on forfeit leadership
22a41936 fix: workaround 'Unauthorized' errors when accessing Kubernetes API
71c6f700 chore: bump go.mod dependencies
915cd8fe docs: add guide for RBAC
f5721050 fix: controlplane keyusage
3d772661 fix: fill uuid argument correctly in the config download URL
d8602025 chore: update containerd config version 2
5949ec4e docs: describe the new network configuration subsystem
444d72b4 feat: update pkgs version
e883c12b fix: make output of upgrade-k8s command less scary
7f8e50de fix: restart the merge controllers on conflict
60d73609 fix: ignore deadline exceeded errors on bootstrap
ee06dd69 fix: don't print git sha of the release twice in the dashboard
07fb61e5 fix: issue worker apid certs properly on renewal
84817f73 chore: bump Talos version in upgrade tests
2fa54107 chore: fix tests for disabled RBAC
78583ba9 fix: don't set bond delay options if miimon is not enabled
bbf1c091 feat: add RBAC to talosctl version output
5f6ec3ef fix: handle cases when merged resource re-appears before being destroyed
1e9a0e74 fix: documentation typos
f228af40 chore: bump go.mod dependencies
2060ceaa chore: add CAPI version to CI setup
ad047a7d chore: small RBAC improvements

Changes from talos-systems/crypto

1 commit

deec8d4 chore: implement DeepCopy methods for PEMEncoded* types

Changes from talos-systems/extras

2 commits

4957f3c chore: update pkgs to use CNI plugins v0.9.1
233716a feat: update Go to 1.16.6

Changes from talos-systems/go-blockdevice

4 commits

fe24303 fix: perform correct PMBR partition calculations
2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
87816a8 feat: align partition to minimum I/O size
c34b59f feat: expose more encryption options in the LUKS module

Changes from talos-systems/pkgs

14 commits

12856ce feat: increase number of CPUs supported by the kernel to 512
cbfabac chore: update ca-certificates to 2021-07-05
0c011c0 feat: update GRUB to 2.06
5090d14 chore: update containerd to v1.5.5
6653902 feat: add kernel drivers for fusion and scsi-isci
9b4041f chore: update containerd to v1.5.4
7b6cc05 feat: update kernel to latest 5.10.52
65159fb chore: update runc and CNI plugins
514ba34 feat: disable aufs, devmapper, zfs
6bc118f chore: update runc and containerd
b6fca88 feat: update Go to 1.16.6
fd56852 chore: update open-isns and open-iscsi
d779204 chore: update dosfstools to v4.2
bc7c0d7 feat: add support for hotplug of PCIE devices

Changes from talos-systems/tools

4 commits

7172a5d feat: update Go to 1.16.6
1de34d7 chore: update musl
76979a1 chore: update protobuf deps
0846c64 chore: update expat

Dependency Changes

github.com/BurntSushi/toml v0.3.1 -> v0.4.1
github.com/aws/aws-sdk-go v1.38.66 -> v1.40.2
github.com/containerd/containerd v1.5.2 -> v1.5.5
github.com/cosi-project/runtime 93ead370bf57 -> 25f235cd0682
github.com/docker/docker v20.10.7 -> v20.10.8
github.com/google/uuid v1.2.0 -> v1.3.0
github.com/hashicorp/go-getter v1.5.4 -> v1.5.6
github.com/opencontainers/runtime-spec e6143ca7d51d -> 1c3f411f0417
github.com/prometheus/procfs v0.6.0 -> v0.7.2
github.com/rivo/tview d4fb0348227b -> 29d673af0ce2
github.com/spf13/cobra v1.1.3 -> v1.2.1
github.com/talos-systems/crypto v0.3.1 -> deec8d47700e
github.com/talos-systems/extras v0.4.0 -> v0.5.0-alpha.0-1-g4957f3c
github.com/talos-systems/go-blockdevice v0.2.1 -> v0.2.3
github.com/talos-systems/pkgs v0.6.0-1-g7b2e126 -> v0.7.0-alpha.0-13-g12856ce
github.com/talos-systems/tools v0.6.0 -> v0.7.0-alpha.0-2-g7172a5d
github.com/vmware-tanzu/sonobuoy v0.52.0 -> v0.53.0
go.uber.org/zap v1.17.0 -> v1.18.1
golang.org/x/net 04defd469f4e -> 853a461950ff
golang.org/x/sys 59db8d763f22 -> 0f9fa26af87c
golang.org/x/time 38a9dc6acbc6 -> 1f47c861a9ac
google.golang.org/grpc v1.38.0 -> v1.39.1
google.golang.org/protobuf v1.26.0 -> v1.27.1
inet.af/netaddr bf05d8b52dda -> ce7a8ad02cc1
k8s.io/api v0.21.2 -> v0.22.0
k8s.io/apimachinery v0.21.2 -> v0.22.0
k8s.io/apiserver v0.21.2 -> v0.22.0
k8s.io/client-go v0.21.2 -> v0.22.0
k8s.io/cri-api v0.21.2 -> v0.22.0
k8s.io/kubectl v0.21.2 -> v0.22.0
k8s.io/kubelet v0.21.2 -> v0.22.0

Previous release can be found at v0.11.0

Talos 0.11.0-alpha.2 (2021-06-23)

Welcome to the v0.11.0-alpha.2 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Default to Bootstrap workflow

The init.yaml is no longer an output of talosctl gen config. We now encourage using the bootstrap API, instead of init node types, as we intend on deprecating this machine type in the future. The init.yaml and controlplane.yaml machine configs are identical with the exception of the machine type. Users can use a modified controlplane.yaml with the machine type set to init if they would like to avoid using the bootstrap API.

Component Updates

containerd was updated to 1.5.2
Linux kernel was updated to 5.10.45
Kubernetes was updated to 1.21.2
etcd was updated to 3.4.16

CoreDNS

Added the flag cluster.coreDNS.disabled to coreDNS deployment during the cluster bootstrap.

Legacy BIOS Support

Added an option to the machine.install section of the machine config that can enable marking MBR partition bootable for the machines that have legacy BIOS which does not support GPT partitioning scheme.

Multi-arch Installer

Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture. This means that e.g. images for arm64 SBCs can be generated on amd64 host.

Networking Configuration

Talos networking configuration was completely rewritten to be based on controllers and resources. There are no changes to the machine configuration, but any update to .machine.network can now be applied in immediate mode (without a reboot). Talos should be setting up network configuration much faster on boot now, not blocking on DHCP for unconfigured interfaces and skipping the reset network step.

Talos API RBAC

Limited RBAC support in Talos API is now enabled by default for Talos 0.11. Default talosconfig has os:admin role embedded in the certificate so that all the APIs are available. Certificates with reduced set of roles can be created with talosctl config new command.

When upgrading from Talos 0.10, RBAC is not enabled by default. Before enabling RBAC, generate talosconfig with os:admin role first to make sure that administrator still has access to the cluster when RBAC is enabled.

List of available roles:

os:admin role enables every Talos API
os:reader role limits access to read-only APIs which do not return sensitive data
os:etcd:backup role only allows talosctl etcd snapshot API call (for etcd backup automation)

Contributors

Andrey Smirnov
Alexey Palazhchenko
Artem Chernyshev
Serge Logvinov
Jorik Jonker
Spencer Smith
Andrew Rynhard
Andrew LeCody
Kevin Hellemun
Seán C McCord
Boran Car
Brandon Nason
Gabor Nyiri
Gabor Nyiri
Joost Coelingh
Lance R. Vick
Lennard Klein
Sébastien Bernard
Sébastien Bernard

Changes

162 commits

0731be90 feat: add cloud images to releases
b52b2066 feat: split etcd certificates to peer/client
33119d2b chore: add an option to launch cluster with bad RTC state
d8c2bca1 feat: reimplement apid certificate generation on top of COSI
3c1b3219 chore: refactor CLI tests
0fd9ea2d feat: enable MACVTAP support
898673e8 chore: update e2e tests to use latest capi releases
e26c5583 docs: add AMI IDs for Talos 0.10.4
72ef48f0 fix: assign source address to the DHCP default gateway routes
004885a3 feat: update Linux kernel to 5.10.45, etcd to 3.4.16
821f469a feat: skip overlay mount checks with docker
b6e02311 feat: use COSI RD's sensitivity for RBAC
46751c1a feat: improve security of Kubernetes control plane components
0f659622 fix: build with custom kernel/rootfs
5b5089ab fix: mark kube-proxy as system critical priority
42c16f67 chore: bump dependencies
60f78419 chore: bump etcd client libraries to final 3.5.0 release
2b0de9ed feat: improve security of Kubernetes control plane components
48a5c460 docs: provide more storage details
e13d905c release(v0.11.0-alpha.1): prepare release
70ac771e fix: use localhost API server endpoint for internal communication
a941eb7d feat: improve security of Kubernetes control plane components
3aae94e5 feat: provide Kubernetes nodename as a COSI resource
06209bba chore: update RBAC rules, remove old APIs
9f24b519 chore: remove bootkube check from cluster health check
4ac9bea2 fix: stop etcd client logs from going to the server console
f63ab9dd feat: implement talosctl config new command
fa15a668 fix: don't enable RBAC feature in the config for Talos < 0.11
2dc27d99 fix: do not format state partition in the initialize sequence
b609f33c fix: update networking stack after Equnix Metal testing
243a3b53 fix: separate healthy and unknown flags in the service resource
1a1378be fix: update retry package with a fix for errors.Is
cb83edd7 fix: wait for the network to be ready in mainteancne mode
96f89071 feat: update controller-runtime logs to console level on config.debug
973069b6 feat: support NFS 4.1
654dcad4 chore: bump dependencies via dependabot
d7394457 fix: don't treat ethtool errors as fatal
f2ae9cd0 feat: replace networkd with new network implementation
caec3063 fix: do not complain about empty roles
11918a11 docs: update community meeting time
aeddb9c0 feat: implement platform config controller (hostnames)
1ece334d feat: implement controller which runs network operators
744ea8a5 fix: do not add bootstrap contents option if tail events is not 0
5029edfb fix: overwrite nodes in the gRPC metadata
6a35c8f1 feat: implement virtual IP (shared IP) network operator
0f3b8380 chore: expose WatchRequest in the resources client
11e258b1 feat: implement operator configuration controller
ce3815e7 feat: implement DHCP6 operator
f010d99a feat: implement operator framework with DHCP4 as the first example
f93c9c8f feat: bring unconfigured links with link carrier up by default
02bd657b feat: implement network.Status resource and controller
da329f00 feat: enable RBAC by default
0f168a88 feat: add configuration for enabling RBAC
e74f789b feat: implement EtcFileController to render files in /etc
5aede1a8 fix: prefer extraConfig over OVF env, skip empty config
5ad314fe feat: implement basic RBAC interceptors
c031be81 chore: use Go 1.16.5
8b0763f6 chore: bump dependencies via dependabot
8b8de11d feat: implement new controllers for hostname, resolvers and time servers
24859b14 docs: update Rpi4 firmware guide
62c702c4 fix: remove conflicting etcd member on rejoin with empty data directory
ff62a599 fix: drop into maintenance mode if config URL is none (metal)
14e696d0 feat: update COSI runtime and add support for tail in the Talos gRPC
a71053fc feat: default to bootstrap workflow
76aac4bb feat: implement CPU and Memory stats controller
8f90c6a8 feat: parse Talos-specific cmdline params
ed10e139 feat: implement NodeAddress controller
33db8857 fix: use COSI runtime DestroyReady input type
6e775363 refactor: rename *.Status() to *.TypedSpec() in the resources
97627061 docs: set static IP on ISO install mode
5811f4dd feat: implement link (interface) controllers
046b229b chore: skip building multi-arch installer for race-enabled build
73fbb4b5 fix: only fetch machine uuid if it's not set
f112a540 fix: clean up stale snapshots on container start
c036b949 chore: bump dependencies
a4d67a01 feat: add the ability to disable CoreDNS
76dbfb36 feat: add ability to mark MBR partition bootable
e0f5b1e2 chore: split mgmt/gen.go into several files
fad1b4f1 chore: fix go generate for the machinery
1117294a release(v0.11.0-alpha.0): prepare release
c0962946 chore: prepare for 0.11 release series
72359765 feat: enable GORACE=halt_on_panic=1 in machined binary
0acb04ad feat: implement route network controllers
f5bf88a4 feat: create certificates with os:admin role
1db301ed feat: switch controller-runtime to zap.Logger
f7cf64d4 fix: add talos.config to the vApp Properties in VMware OVA
209527ec docs: add AMIs for Talos 0.10.3
59cfd312 chore: bump dependencies via dependabot
1edb20cf feat: extract config generation
af77c295 docs: update wirguard guide
4fe69121 test: better talosctl ls tests
04ddda96 feat: update containerd to 1.5.2, runc to 1.0.0-rc95
49c7276b chore: fix markdown linting
7270495a docs: add mayastor quickstart
d3d9112f docs: fix spelling/grammar in What's New for Talos 0.9
82804414 test: provide a way to force different boot order in provision library
a1c0e99a docs: add guide for deploying metrics-server
6bc6658b feat: update containerd to 1.5.1
c6567fae chore: dependabot updates
61ccbb3f chore: keep debug symbols in debug builds
1ce362e0 docs: update customizing kernel build steps
a26174b5 fix: properly compose pattern and header in etcd members output
0825cf11 fix: stop networkd and pods before leaving etcd on upgrade
bed6b15d fix: properly populate AllowSchedulingOnMasters option in gen config RPC
071f0445 feat: implement AddressSpec handling
76e38b7b feat: update Kubernetes to 1.21.1
9b1338d9 chore: parse "boolean" variables
c81cfb21 chore: allow building with debug handlers
c9651673 feat: update go-smbios library
95c656fb feat: update containerd to 1.5.0, runc to 1.0.0-rc94
db9c35b5 feat: implement AddressStatusController
1cf011a8 chore: bump dependencies via dependabot
e3f407a1 fix: properly pass disk type selector from config to matcher
66b2b450 feat: add resources and use HTTPS checks in control plane pods
4ffd7c0a fix: stop networkd before leaving etcd on 'reset' path
610d38d3 docs: add AMIs for 0.10.1, collapse list of AMIs by default
807497ec chore: make conformance pipeline depend on cron-default
3c121359 feat: implement LinkStatusController
0e8de046 fix: update go-blockdevice to fix disk type detection
4d50a4ed fix: update the way NTP sync uses adjtimex syscall
1a85c14a fix: avoid data race on CRI pod stop
5de8dbc0 fix: repair pine64 support
38239097 fix: properly parse matcher expressions
e54b6b7a chore: update dependencies via dependabot
f2caed0d chore: use extracted talos-systems/go-kmsg library
79d804c5 docs: fix typos
a2bb390e feat: deterministic builds
e480fedf feat: add USB serial drivers
79299d76 docs: add Matrix room links
1b3e8b09 docs: add survey to README
8d51c9bb docs: update redirects to Talos 0.10
1092c3a5 feat: add Pine64 SBC support
63e01754 feat: pull kernel with VMware balloon module enabled
aeec99d8 chore: remove temporary fork
0f49722d feat: add --config-patch flag by node type
a01b1d22 chore: dump dependencies via dependabot
d540a4a4 fix: bump crypto library for the CSR verification fix
c3a4173e chore: remove security API ReadFile/WriteFile
38037131 chore: update wgctrl dependecy
d9ba0fd0 docs: create v0.11 docs, promote v0.10 docs, add v0.10 AMIs
2261d7ed fix: use both self-signed and Kubernetes CA to verify Kubelet cert
a3537a69 docs: update cloud images for Talos v0.9.3
5b9ee861 docs: add what's new for Talos 0.10
f1107fa3 docs: add survey
93623d47 docs: update AWS instructions
a739d1b8 feat: add support of custom registry CA certificate usage
7f468d35 fix: update osType in OVA other3xLinux64Guest"
4a184b67 docs: add etcd backup and restore guide
5fb38d3e chore: refactor Dockerfile for cross-compilation
a8f1e526 chore: build talosctl for Darwin / Apple Silicon
eb0b64d3 chore: list specifically for enabled regions
669a0cbd fix: check if OVF env is empty
da92049c chore: use codecov from the build container
9996d4b0 chore: use REGISTRY_MIRROR_FLAGS if defined
05cbe250 chore: bump dependencies via dependabot
9a91142a feat: print complete member info in etcd members
bb40d6dd feat: update pkgs version
e7a9164b test: implement talosctl conformance command to run e2e tests
6cb266e7 fix: update etcd client errors, print etcd join failures
0bd8b0e8 feat: provide an option to recover etcd from data directory copy
f9818540 chore: fix conform with scopes
21018f28 chore: bump website node.js dependencies

Changes since v0.11.0-alpha.1

19 commits

0731be90 feat: add cloud images to releases
b52b2066 feat: split etcd certificates to peer/client
33119d2b chore: add an option to launch cluster with bad RTC state
d8c2bca1 feat: reimplement apid certificate generation on top of COSI
3c1b3219 chore: refactor CLI tests
0fd9ea2d feat: enable MACVTAP support
898673e8 chore: update e2e tests to use latest capi releases
e26c5583 docs: add AMI IDs for Talos 0.10.4
72ef48f0 fix: assign source address to the DHCP default gateway routes
004885a3 feat: update Linux kernel to 5.10.45, etcd to 3.4.16
821f469a feat: skip overlay mount checks with docker
b6e02311 feat: use COSI RD's sensitivity for RBAC
46751c1a feat: improve security of Kubernetes control plane components
0f659622 fix: build with custom kernel/rootfs
5b5089ab fix: mark kube-proxy as system critical priority
42c16f67 chore: bump dependencies
60f78419 chore: bump etcd client libraries to final 3.5.0 release
2b0de9ed feat: improve security of Kubernetes control plane components
48a5c460 docs: provide more storage details

Changes from talos-systems/crypto

8 commits

d3cb772 feat: make possible to change KeyUsage
6bc5bb5 chore: remove unused argument
cd18ef6 feat: add support for several organizations
97c888b chore: add options to CSR
7776057 chore: fix typos
80df078 chore: remove named result parameters
15bdd28 chore: minor updates
4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/extras

1 commit

4fe2706 feat: build with Go 1.16.5

Changes from talos-systems/go-blockdevice

3 commits

30c2bc3 feat: mark MBR bootable
1292574 fix: make disk type matcher parser case insensitive
b77400e fix: properly detect nvme and sd card disk types

Changes from talos-systems/go-debug

5 commits

3d0a6e1 feat: race build tag flag detector
5b292e5 feat: disable memory profiling by default
c6d0ae2 fix: linters and CI
d969f95 feat: initial implementation
b2044b7 Initial commit

Changes from talos-systems/go-kmsg

2 commits

2edcd3a feat: add initial version
53cdd8d chore: initial commit

Changes from talos-systems/go-loadbalancer

3 commits

a445702 feat: allow dial timeout and keep alive period to be configurable
3c8f347 feat: provide a way to configure logger for the loadbalancer
da8e987 feat: implement Reconcile - ability to change upstream list on the fly

Changes from talos-systems/go-retry

3 commits

c78cc95 fix: implement errors.Is for all errors in the set
7885e16 feat: add ExpectedErrorf
3d83f61 feat: deprecate UnexpectedError

Changes from talos-systems/go-smbios

1 commit

d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

22 commits

41d6ccc feat: enable MACVTAP support
96072f8 feat: enable adiantum block encryption (both amd64 arm64)
f5eac03 feat: update Linux to 5.10.45
d756119 feat: enable HP ILO kernel module (both amd64 arm64)
2d51360 feat: support NFS 4.1
e63e4e9 feat: bump tools for Go 1.16.5
1f8af29 feat: update Linux to 5.10.38
a3a6650 feat: update containerd to 1.5.2
c70ea44 feat: update runc to 1.0.0-rc95
db60235 feat: add support for netxen card
f934187 feat: update containerd to 1.5.1
e8ed5bc feat: add geneve encapsulation support for openvswitch
9f7903c feat: update containerd to 1.5.0, runc to -rc94
d7c0f70 feat: add AES-NI support for amd64
b0d9cd2 fix: build zbin utility for both amd64 and arm64
bb39b97 feat: add IPMI support in kernel
1148f9a feat: add DS1307 RTC support for arm64
350aa6f feat: add USB serial support
de9c582 feat: add Pine64 SBC support
b56f36b feat: enable VMware baloon kernel module
f87c194 feat: add iPXE build with embedded placeholder script
a8b9e71 feat: add cpu scaling for rpi

Changes from talos-systems/tools

1 commit

c8c2a18 feat: update Go to 1.16.5

Dependency Changes

github.com/aws/aws-sdk-go v1.27.0 new
github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
github.com/containerd/containerd v1.4.4 -> v1.5.2
github.com/containerd/go-cni v1.0.1 -> v1.0.2
github.com/containerd/typeurl v1.0.1 -> v1.0.2
github.com/coreos/go-iptables v0.5.0 -> v0.6.0
github.com/cosi-project/runtime 10d6103c19ab -> f1649aff7641
github.com/docker/docker v20.10.4 -> v20.10.7
github.com/emicklei/dot v0.15.0 -> v0.16.0
github.com/evanphx/json-patch v4.9.0 -> v4.11.0
github.com/fatih/color v1.10.0 -> v1.12.0
github.com/google/go-cmp v0.5.5 -> v0.5.6
github.com/google/gofuzz v1.2.0 new
github.com/googleapis/gnostic v0.5.5 new
github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
github.com/hashicorp/go-getter v1.5.2 -> v1.5.4
github.com/imdario/mergo v0.3.12 new
github.com/insomniacslk/dhcp cc9239ac6294 -> 465dd6c35f6c
github.com/jsimonetti/rtnetlink 1b79e63a70a0 -> 9c52e516c709
github.com/magiconair/properties v1.8.5 new
github.com/mattn/go-isatty v0.0.12 -> v0.0.13
github.com/mdlayher/arp f72070a231fc new
github.com/mdlayher/ethtool 2b88debcdd43 new
github.com/mdlayher/netlink v1.4.0 -> v1.4.1
github.com/mdlayher/raw 51b895745faf new
github.com/mitchellh/mapstructure v1.4.1 new
github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> e6143ca7d51d
github.com/pelletier/go-toml v1.9.0 new
github.com/rivo/tview 8a8f78a6dd01 -> d4fb0348227b
github.com/rs/xid v1.2.1 -> v1.3.0
github.com/sirupsen/logrus v1.8.1 new
github.com/spf13/afero v1.6.0 new
github.com/spf13/cast v1.3.1 new
github.com/spf13/viper v1.7.1 new
github.com/talos-systems/crypto 39584f1b6e54 -> d3cb77220384
github.com/talos-systems/extras v0.3.0 -> v0.3.0-1-g4fe2706
github.com/talos-systems/go-blockdevice 1d830a25f64f -> v0.2.1
github.com/talos-systems/go-debug 3d0a6e1bf5e3 new
github.com/talos-systems/go-kmsg v0.1.0 new
github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
github.com/talos-systems/go-retry b9dc1a990133 -> c78cc953d9e9
github.com/talos-systems/go-smbios fb425d4727e6 -> d3a32bea731a
github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-alpha.0-12-g41d6ccc
github.com/talos-systems/talos/pkg/machinery 8ffb55943c -> 000000000000
github.com/talos-systems/tools v0.5.0 -> v0.5.0-1-gc8c2a18
github.com/vishvananda/netns 2eb08e3e575f new
github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.51.0
github.com/vmware/govmomi v0.24.0 -> v0.26.0
go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0
go.etcd.io/etcd/client/pkg/v3 v3.5.0 new
go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0
go.etcd.io/etcd/etcdutl/v3 v3.5.0 new
go.uber.org/zap v1.17.0 new
golang.org/x/net e18ecbb05110 -> 04defd469f4e
golang.org/x/oauth2 81ed05c6b58c new
golang.org/x/sys 77cc2087c03b -> 59db8d763f22
golang.org/x/term 6a3ed077a48d -> 6886f2dfbf5b
golang.org/x/time f8bda1e9f3ba -> 38a9dc6acbc6
golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> 92e472f520a5
google.golang.org/appengine v1.6.7 new
google.golang.org/grpc v1.37.0 -> v1.38.0
gopkg.in/ini.v1 v1.62.0 new
inet.af/netaddr 1d252cf8125e new
k8s.io/api v0.21.0 -> v0.21.2
k8s.io/apimachinery v0.21.0 -> v0.21.2
k8s.io/apiserver v0.21.0 -> v0.21.2
k8s.io/client-go v0.21.0 -> v0.21.2
k8s.io/cri-api v0.21.0 -> v0.21.2
k8s.io/kubectl v0.21.0 -> v0.21.2
k8s.io/kubelet v0.21.0 -> v0.21.2
k8s.io/utils 2afb4311ab10 new
sigs.k8s.io/structured-merge-diff/v4 v4.1.1 new

Previous release can be found at v0.10.0

Talos 0.11.0-alpha.1 (2021-06-18)

Welcome to the v0.11.0-alpha.1 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Default to Bootstrap workflow

Component Updates

containerd was updated to 1.5.2
Linux kernel was updated to 5.10.38

CoreDNS

Added the flag cluster.coreDNS.disabled to coreDNS deployment during the cluster bootstrap.

Legacy BIOS Support

Multi-arch Installer

Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture. This means that e.g. images for arm64 SBCs can be generated on amd64 host.

Networking Configuration

Talos API RBAC

List of available roles:

os:admin role enables every Talos API
os:reader role limits access to read-only APIs which do not return sensitive informtation
os:etcd:backup role only allows talosctl etcd snapshot API call (for etcd backup automation)

Contributors

Andrey Smirnov
Alexey Palazhchenko
Artem Chernyshev
Jorik Jonker
Spencer Smith
Andrew Rynhard
Serge Logvinov
Andrew LeCody
Kevin Hellemun
Boran Car
Brandon Nason
Gabor Nyiri
Joost Coelingh
Lance R. Vick
Lennard Klein
Seán C McCord
Sébastien Bernard
Sébastien Bernard

Changes

143 commits

f8e1cf09 release(v0.11.0-alpha.1): prepare release
70ac771e fix: use localhost API server endpoint for internal communication
a941eb7d feat: improve security of Kubernetes control plane components
3aae94e5 feat: provide Kubernetes nodename as a COSI resource
06209bba chore: update RBAC rules, remove old APIs
9f24b519 chore: remove bootkube check from cluster health check
4ac9bea2 fix: stop etcd client logs from going to the server console
f63ab9dd feat: implement talosctl config new command
fa15a668 fix: don't enable RBAC feature in the config for Talos < 0.11
2dc27d99 fix: do not format state partition in the initialize sequence
b609f33c fix: update networking stack after Equnix Metal testing
243a3b53 fix: separate healthy and unknown flags in the service resource
1a1378be fix: update retry package with a fix for errors.Is
cb83edd7 fix: wait for the network to be ready in mainteancne mode
96f89071 feat: update controller-runtime logs to console level on config.debug
973069b6 feat: support NFS 4.1
654dcad4 chore: bump dependencies via dependabot
d7394457 fix: don't treat ethtool errors as fatal
f2ae9cd0 feat: replace networkd with new network implementation
caec3063 fix: do not complain about empty roles
11918a11 docs: update community meeting time
aeddb9c0 feat: implement platform config controller (hostnames)
1ece334d feat: implement controller which runs network operators
744ea8a5 fix: do not add bootstrap contents option if tail events is not 0
5029edfb fix: overwrite nodes in the gRPC metadata
6a35c8f1 feat: implement virtual IP (shared IP) network operator
0f3b8380 chore: expose WatchRequest in the resources client
11e258b1 feat: implement operator configuration controller
ce3815e7 feat: implement DHCP6 operator
f010d99a feat: implement operator framework with DHCP4 as the first example
f93c9c8f feat: bring unconfigured links with link carrier up by default
02bd657b feat: implement network.Status resource and controller
da329f00 feat: enable RBAC by default
0f168a88 feat: add configuration for enabling RBAC
e74f789b feat: implement EtcFileController to render files in /etc
5aede1a8 fix: prefer extraConfig over OVF env, skip empty config
5ad314fe feat: implement basic RBAC interceptors
c031be81 chore: use Go 1.16.5
8b0763f6 chore: bump dependencies via dependabot
8b8de11d feat: implement new controllers for hostname, resolvers and time servers
24859b14 docs: update Rpi4 firmware guide
62c702c4 fix: remove conflicting etcd member on rejoin with empty data directory
ff62a599 fix: drop into maintenance mode if config URL is none (metal)
14e696d0 feat: update COSI runtime and add support for tail in the Talos gRPC
a71053fc feat: default to bootstrap workflow
76aac4bb feat: implement CPU and Memory stats controller
8f90c6a8 feat: parse Talos-specific cmdline params
ed10e139 feat: implement NodeAddress controller
33db8857 fix: use COSI runtime DestroyReady input type
6e775363 refactor: rename *.Status() to *.TypedSpec() in the resources
97627061 docs: set static IP on ISO install mode
5811f4dd feat: implement link (interface) controllers
046b229b chore: skip building multi-arch installer for race-enabled build
73fbb4b5 fix: only fetch machine uuid if it's not set
f112a540 fix: clean up stale snapshots on container start
c036b949 chore: bump dependencies
a4d67a01 feat: add the ability to disable CoreDNS
76dbfb36 feat: add ability to mark MBR partition bootable
e0f5b1e2 chore: split mgmt/gen.go into several files
fad1b4f1 chore: fix go generate for the machinery
1117294a release(v0.11.0-alpha.0): prepare release
c0962946 chore: prepare for 0.11 release series
72359765 feat: enable GORACE=halt_on_panic=1 in machined binary
0acb04ad feat: implement route network controllers
f5bf88a4 feat: create certificates with os:admin role
1db301ed feat: switch controller-runtime to zap.Logger
f7cf64d4 fix: add talos.config to the vApp Properties in VMware OVA
209527ec docs: add AMIs for Talos 0.10.3
59cfd312 chore: bump dependencies via dependabot
1edb20cf feat: extract config generation
af77c295 docs: update wirguard guide
4fe69121 test: better talosctl ls tests
04ddda96 feat: update containerd to 1.5.2, runc to 1.0.0-rc95
49c7276b chore: fix markdown linting
7270495a docs: add mayastor quickstart
d3d9112f docs: fix spelling/grammar in What's New for Talos 0.9
82804414 test: provide a way to force different boot order in provision library
a1c0e99a docs: add guide for deploying metrics-server
6bc6658b feat: update containerd to 1.5.1
c6567fae chore: dependabot updates
61ccbb3f chore: keep debug symbols in debug builds
1ce362e0 docs: update customizing kernel build steps
a26174b5 fix: properly compose pattern and header in etcd members output
0825cf11 fix: stop networkd and pods before leaving etcd on upgrade
bed6b15d fix: properly populate AllowSchedulingOnMasters option in gen config RPC
071f0445 feat: implement AddressSpec handling
76e38b7b feat: update Kubernetes to 1.21.1
9b1338d9 chore: parse "boolean" variables
c81cfb21 chore: allow building with debug handlers
c9651673 feat: update go-smbios library
95c656fb feat: update containerd to 1.5.0, runc to 1.0.0-rc94
db9c35b5 feat: implement AddressStatusController
1cf011a8 chore: bump dependencies via dependabot
e3f407a1 fix: properly pass disk type selector from config to matcher
66b2b450 feat: add resources and use HTTPS checks in control plane pods
4ffd7c0a fix: stop networkd before leaving etcd on 'reset' path
610d38d3 docs: add AMIs for 0.10.1, collapse list of AMIs by default
807497ec chore: make conformance pipeline depend on cron-default
3c121359 feat: implement LinkStatusController
0e8de046 fix: update go-blockdevice to fix disk type detection
4d50a4ed fix: update the way NTP sync uses adjtimex syscall
1a85c14a fix: avoid data race on CRI pod stop
5de8dbc0 fix: repair pine64 support
38239097 fix: properly parse matcher expressions
e54b6b7a chore: update dependencies via dependabot
f2caed0d chore: use extracted talos-systems/go-kmsg library
79d804c5 docs: fix typos
a2bb390e feat: deterministic builds
e480fedf feat: add USB serial drivers
79299d76 docs: add Matrix room links
1b3e8b09 docs: add survey to README
8d51c9bb docs: update redirects to Talos 0.10
1092c3a5 feat: add Pine64 SBC support
63e01754 feat: pull kernel with VMware balloon module enabled
aeec99d8 chore: remove temporary fork
0f49722d feat: add --config-patch flag by node type
a01b1d22 chore: dump dependencies via dependabot
d540a4a4 fix: bump crypto library for the CSR verification fix
c3a4173e chore: remove security API ReadFile/WriteFile
38037131 chore: update wgctrl dependecy
d9ba0fd0 docs: create v0.11 docs, promote v0.10 docs, add v0.10 AMIs
2261d7ed fix: use both self-signed and Kubernetes CA to verify Kubelet cert
a3537a69 docs: update cloud images for Talos v0.9.3
5b9ee861 docs: add what's new for Talos 0.10
f1107fa3 docs: add survey
93623d47 docs: update AWS instructions
a739d1b8 feat: add support of custom registry CA certificate usage
7f468d35 fix: update osType in OVA other3xLinux64Guest"
4a184b67 docs: add etcd backup and restore guide
5fb38d3e chore: refactor Dockerfile for cross-compilation
a8f1e526 chore: build talosctl for Darwin / Apple Silicon
eb0b64d3 chore: list specifically for enabled regions
669a0cbd fix: check if OVF env is empty
da92049c chore: use codecov from the build container
9996d4b0 chore: use REGISTRY_MIRROR_FLAGS if defined
05cbe250 chore: bump dependencies via dependabot
9a91142a feat: print complete member info in etcd members
bb40d6dd feat: update pkgs version
e7a9164b test: implement talosctl conformance command to run e2e tests
6cb266e7 fix: update etcd client errors, print etcd join failures
0bd8b0e8 feat: provide an option to recover etcd from data directory copy
f9818540 chore: fix conform with scopes
21018f28 chore: bump website node.js dependencies

Changes since v0.11.0-alpha.0

60 commits

f8e1cf09 release(v0.11.0-alpha.1): prepare release
70ac771e fix: use localhost API server endpoint for internal communication
a941eb7d feat: improve security of Kubernetes control plane components
3aae94e5 feat: provide Kubernetes nodename as a COSI resource
06209bba chore: update RBAC rules, remove old APIs
9f24b519 chore: remove bootkube check from cluster health check
4ac9bea2 fix: stop etcd client logs from going to the server console
f63ab9dd feat: implement talosctl config new command
fa15a668 fix: don't enable RBAC feature in the config for Talos < 0.11
2dc27d99 fix: do not format state partition in the initialize sequence
b609f33c fix: update networking stack after Equnix Metal testing
243a3b53 fix: separate healthy and unknown flags in the service resource
1a1378be fix: update retry package with a fix for errors.Is
cb83edd7 fix: wait for the network to be ready in mainteancne mode
96f89071 feat: update controller-runtime logs to console level on config.debug
973069b6 feat: support NFS 4.1
654dcad4 chore: bump dependencies via dependabot
d7394457 fix: don't treat ethtool errors as fatal
f2ae9cd0 feat: replace networkd with new network implementation
caec3063 fix: do not complain about empty roles
11918a11 docs: update community meeting time
aeddb9c0 feat: implement platform config controller (hostnames)
1ece334d feat: implement controller which runs network operators
744ea8a5 fix: do not add bootstrap contents option if tail events is not 0
5029edfb fix: overwrite nodes in the gRPC metadata
6a35c8f1 feat: implement virtual IP (shared IP) network operator
0f3b8380 chore: expose WatchRequest in the resources client
11e258b1 feat: implement operator configuration controller
ce3815e7 feat: implement DHCP6 operator
f010d99a feat: implement operator framework with DHCP4 as the first example
f93c9c8f feat: bring unconfigured links with link carrier up by default
02bd657b feat: implement network.Status resource and controller
da329f00 feat: enable RBAC by default
0f168a88 feat: add configuration for enabling RBAC
e74f789b feat: implement EtcFileController to render files in /etc
5aede1a8 fix: prefer extraConfig over OVF env, skip empty config
5ad314fe feat: implement basic RBAC interceptors
c031be81 chore: use Go 1.16.5
8b0763f6 chore: bump dependencies via dependabot
8b8de11d feat: implement new controllers for hostname, resolvers and time servers
24859b14 docs: update Rpi4 firmware guide
62c702c4 fix: remove conflicting etcd member on rejoin with empty data directory
ff62a599 fix: drop into maintenance mode if config URL is none (metal)
14e696d0 feat: update COSI runtime and add support for tail in the Talos gRPC
a71053fc feat: default to bootstrap workflow
76aac4bb feat: implement CPU and Memory stats controller
8f90c6a8 feat: parse Talos-specific cmdline params
ed10e139 feat: implement NodeAddress controller
33db8857 fix: use COSI runtime DestroyReady input type
6e775363 refactor: rename *.Status() to *.TypedSpec() in the resources
97627061 docs: set static IP on ISO install mode
5811f4dd feat: implement link (interface) controllers
046b229b chore: skip building multi-arch installer for race-enabled build
73fbb4b5 fix: only fetch machine uuid if it's not set
f112a540 fix: clean up stale snapshots on container start
c036b949 chore: bump dependencies
a4d67a01 feat: add the ability to disable CoreDNS
76dbfb36 feat: add ability to mark MBR partition bootable
e0f5b1e2 chore: split mgmt/gen.go into several files
fad1b4f1 chore: fix go generate for the machinery

Changes from talos-systems/crypto

7 commits

6bc5bb5 chore: remove unused argument
cd18ef6 feat: add support for several organizations
97c888b chore: add options to CSR
7776057 chore: fix typos
80df078 chore: remove named result parameters
15bdd28 chore: minor updates
4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/extras

1 commit

4fe2706 feat: build with Go 1.16.5

Changes from talos-systems/go-blockdevice

3 commits

30c2bc3 feat: mark MBR bootable
1292574 fix: make disk type matcher parser case insensitive
b77400e fix: properly detect nvme and sd card disk types

Changes from talos-systems/go-debug

5 commits

3d0a6e1 feat: race build tag flag detector
5b292e5 feat: disable memory profiling by default
c6d0ae2 fix: linters and CI
d969f95 feat: initial implementation
b2044b7 Initial commit

Changes from talos-systems/go-kmsg

2 commits

2edcd3a feat: add initial version
53cdd8d chore: initial commit

Changes from talos-systems/go-loadbalancer

3 commits

a445702 feat: allow dial timeout and keep alive period to be configurable
3c8f347 feat: provide a way to configure logger for the loadbalancer
da8e987 feat: implement Reconcile - ability to change upstream list on the fly

Changes from talos-systems/go-retry

3 commits

c78cc95 fix: implement errors.Is for all errors in the set
7885e16 feat: add ExpectedErrorf
3d83f61 feat: deprecate UnexpectedError

Changes from talos-systems/go-smbios

1 commit

d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

18 commits

2d51360 feat: support NFS 4.1
e63e4e9 feat: bump tools for Go 1.16.5
1f8af29 feat: update Linux to 5.10.38
a3a6650 feat: update containerd to 1.5.2
c70ea44 feat: update runc to 1.0.0-rc95
db60235 feat: add support for netxen card
f934187 feat: update containerd to 1.5.1
e8ed5bc feat: add geneve encapsulation support for openvswitch
9f7903c feat: update containerd to 1.5.0, runc to -rc94
d7c0f70 feat: add AES-NI support for amd64
b0d9cd2 fix: build zbin utility for both amd64 and arm64
bb39b97 feat: add IPMI support in kernel
1148f9a feat: add DS1307 RTC support for arm64
350aa6f feat: add USB serial support
de9c582 feat: add Pine64 SBC support
b56f36b feat: enable VMware baloon kernel module
f87c194 feat: add iPXE build with embedded placeholder script
a8b9e71 feat: add cpu scaling for rpi

Changes from talos-systems/tools

1 commit

c8c2a18 feat: update Go to 1.16.5

Dependency Changes

github.com/aws/aws-sdk-go v1.27.0 new
github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
github.com/containerd/containerd v1.4.4 -> v1.5.2
github.com/containerd/go-cni v1.0.1 -> v1.0.2
github.com/containerd/typeurl v1.0.1 -> v1.0.2
github.com/coreos/go-iptables v0.5.0 -> v0.6.0
github.com/cosi-project/runtime 10d6103c19ab -> ca95c7538d17
github.com/docker/docker v20.10.4 -> v20.10.7
github.com/emicklei/dot v0.15.0 -> v0.16.0
github.com/fatih/color v1.10.0 -> v1.12.0
github.com/google/go-cmp v0.5.5 -> v0.5.6
github.com/google/gofuzz v1.2.0 new
github.com/googleapis/gnostic v0.5.5 new
github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
github.com/hashicorp/go-getter v1.5.2 -> v1.5.3
github.com/imdario/mergo v0.3.12 new
github.com/insomniacslk/dhcp cc9239ac6294 -> fb4eaaa00ad2
github.com/jsimonetti/rtnetlink 1b79e63a70a0 -> b34cb89a106b
github.com/magiconair/properties v1.8.5 new
github.com/mattn/go-isatty v0.0.12 -> v0.0.13
github.com/mdlayher/arp f72070a231fc new
github.com/mdlayher/ethtool 2b88debcdd43 new
github.com/mdlayher/netlink v1.4.0 -> v1.4.1
github.com/mdlayher/raw 51b895745faf new
github.com/mitchellh/mapstructure v1.4.1 new
github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> e6143ca7d51d
github.com/pelletier/go-toml v1.9.0 new
github.com/rivo/tview 8a8f78a6dd01 -> 807e706f86d1
github.com/rs/xid v1.2.1 -> v1.3.0
github.com/sirupsen/logrus v1.8.1 new
github.com/spf13/afero v1.6.0 new
github.com/spf13/cast v1.3.1 new
github.com/spf13/viper v1.7.1 new
github.com/talos-systems/crypto 39584f1b6e54 -> 6bc5bb50c527
github.com/talos-systems/extras v0.3.0 -> v0.3.0-1-g4fe2706
github.com/talos-systems/go-blockdevice 1d830a25f64f -> 30c2bc3cb62a
github.com/talos-systems/go-debug 3d0a6e1bf5e3 new
github.com/talos-systems/go-kmsg v0.1.0 new
github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
github.com/talos-systems/go-retry b9dc1a990133 -> c78cc953d9e9
github.com/talos-systems/go-smbios fb425d4727e6 -> d3a32bea731a
github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-alpha.0-8-g2d51360
github.com/talos-systems/talos/pkg/machinery 8ffb55943c -> 000000000000
github.com/talos-systems/tools v0.5.0 -> v0.5.0-1-gc8c2a18
github.com/vishvananda/netns 2eb08e3e575f new
github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.51.0
github.com/vmware/govmomi v0.24.0 -> v0.26.0
go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0-rc.1
go.etcd.io/etcd/client/pkg/v3 v3.5.0-rc.1 new
go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0-rc.1
go.etcd.io/etcd/etcdutl/v3 v3.5.0-rc.1 new
go.uber.org/zap v1.17.0 new
golang.org/x/net e18ecbb05110 -> abc453219eb5
golang.org/x/oauth2 81ed05c6b58c new
golang.org/x/sys 77cc2087c03b -> ebe580a85c40
golang.org/x/term 6a3ed077a48d -> a79de5458b56
golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> 92e472f520a5
google.golang.org/appengine v1.6.7 new
google.golang.org/grpc v1.37.0 -> v1.38.0
gopkg.in/ini.v1 v1.62.0 new
inet.af/netaddr 1d252cf8125e new
k8s.io/api v0.21.0 -> v0.21.1
k8s.io/apimachinery v0.21.0 -> v0.21.1
k8s.io/apiserver v0.21.0 -> v0.21.1
k8s.io/client-go v0.21.0 -> v0.21.1
k8s.io/kubectl v0.21.0 -> v0.21.1
k8s.io/kubelet v0.21.0 -> v0.21.1
k8s.io/utils 2afb4311ab10 new
sigs.k8s.io/structured-merge-diff/v4 v4.1.1 new

Previous release can be found at v0.10.0

Talos 0.11.0-alpha.0 (2021-05-26)

Welcome to the v0.11.0-alpha.0 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Component Updates

containerd was updated to 1.5.2
Linux kernel was updated to 5.10.29

Multi-arch Installer

Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture. This means that e.g. images for arm64 SBCs can be generated on amd64 host.

Contributors

Andrey Smirnov
Alexey Palazhchenko
Artem Chernyshev
Jorik Jonker
Spencer Smith
Serge Logvinov
Andrew LeCody
Andrew Rynhard
Boran Car
Brandon Nason
Gabor Nyiri
Joost Coelingh
Kevin Hellemun
Lance R. Vick
Lennard Klein
Seán C McCord
Sébastien Bernard
Sébastien Bernard

Changes

82 commits

c0962946 chore: prepare for 0.11 release series
72359765 feat: enable GORACE=halt_on_panic=1 in machined binary
0acb04ad feat: implement route network controllers
f5bf88a4 feat: create certificates with os:admin role
1db301ed feat: switch controller-runtime to zap.Logger
f7cf64d4 fix: add talos.config to the vApp Properties in VMware OVA
209527ec docs: add AMIs for Talos 0.10.3
59cfd312 chore: bump dependencies via dependabot
1edb20cf feat: extract config generation
af77c295 docs: update wirguard guide
4fe69121 test: better talosctl ls tests
04ddda96 feat: update containerd to 1.5.2, runc to 1.0.0-rc95
49c7276b chore: fix markdown linting
7270495a docs: add mayastor quickstart
d3d9112f docs: fix spelling/grammar in What's New for Talos 0.9
82804414 test: provide a way to force different boot order in provision library
a1c0e99a docs: add guide for deploying metrics-server
6bc6658b feat: update containerd to 1.5.1
c6567fae chore: dependabot updates
61ccbb3f chore: keep debug symbols in debug builds
1ce362e0 docs: update customizing kernel build steps
a26174b5 fix: properly compose pattern and header in etcd members output
0825cf11 fix: stop networkd and pods before leaving etcd on upgrade
bed6b15d fix: properly populate AllowSchedulingOnMasters option in gen config RPC
071f0445 feat: implement AddressSpec handling
76e38b7b feat: update Kubernetes to 1.21.1
9b1338d9 chore: parse "boolean" variables
c81cfb21 chore: allow building with debug handlers
c9651673 feat: update go-smbios library
95c656fb feat: update containerd to 1.5.0, runc to 1.0.0-rc94
db9c35b5 feat: implement AddressStatusController
1cf011a8 chore: bump dependencies via dependabot
e3f407a1 fix: properly pass disk type selector from config to matcher
66b2b450 feat: add resources and use HTTPS checks in control plane pods
4ffd7c0a fix: stop networkd before leaving etcd on 'reset' path
610d38d3 docs: add AMIs for 0.10.1, collapse list of AMIs by default
807497ec chore: make conformance pipeline depend on cron-default
3c121359 feat: implement LinkStatusController
0e8de046 fix: update go-blockdevice to fix disk type detection
4d50a4ed fix: update the way NTP sync uses adjtimex syscall
1a85c14a fix: avoid data race on CRI pod stop
5de8dbc0 fix: repair pine64 support
38239097 fix: properly parse matcher expressions
e54b6b7a chore: update dependencies via dependabot
f2caed0d chore: use extracted talos-systems/go-kmsg library
79d804c5 docs: fix typos
a2bb390e feat: deterministic builds
e480fedf feat: add USB serial drivers
79299d76 docs: add Matrix room links
1b3e8b09 docs: add survey to README
8d51c9bb docs: update redirects to Talos 0.10
1092c3a5 feat: add Pine64 SBC support
63e01754 feat: pull kernel with VMware balloon module enabled
aeec99d8 chore: remove temporary fork
0f49722d feat: add --config-patch flag by node type
a01b1d22 chore: dump dependencies via dependabot
d540a4a4 fix: bump crypto library for the CSR verification fix
c3a4173e chore: remove security API ReadFile/WriteFile
38037131 chore: update wgctrl dependecy
d9ba0fd0 docs: create v0.11 docs, promote v0.10 docs, add v0.10 AMIs
2261d7ed fix: use both self-signed and Kubernetes CA to verify Kubelet cert
a3537a69 docs: update cloud images for Talos v0.9.3
5b9ee861 docs: add what's new for Talos 0.10
f1107fa3 docs: add survey
93623d47 docs: update AWS instructions
a739d1b8 feat: add support of custom registry CA certificate usage
7f468d35 fix: update osType in OVA other3xLinux64Guest"
4a184b67 docs: add etcd backup and restore guide
5fb38d3e chore: refactor Dockerfile for cross-compilation
a8f1e526 chore: build talosctl for Darwin / Apple Silicon
eb0b64d3 chore: list specifically for enabled regions
669a0cbd fix: check if OVF env is empty
da92049c chore: use codecov from the build container
9996d4b0 chore: use REGISTRY_MIRROR_FLAGS if defined
05cbe250 chore: bump dependencies via dependabot
9a91142a feat: print complete member info in etcd members
bb40d6dd feat: update pkgs version
e7a9164b test: implement talosctl conformance command to run e2e tests
6cb266e7 fix: update etcd client errors, print etcd join failures
0bd8b0e8 feat: provide an option to recover etcd from data directory copy
f9818540 chore: fix conform with scopes
21018f28 chore: bump website node.js dependencies

Changes from talos-systems/crypto

1 commit

4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/go-blockdevice

2 commits

1292574 fix: make disk type matcher parser case insensitive
b77400e fix: properly detect nvme and sd card disk types

Changes from talos-systems/go-debug

5 commits

3d0a6e1 feat: race build tag flag detector
5b292e5 feat: disable memory profiling by default
c6d0ae2 fix: linters and CI
d969f95 feat: initial implementation
b2044b7 Initial commit

Changes from talos-systems/go-kmsg

2 commits

2edcd3a feat: add initial version
53cdd8d chore: initial commit

Changes from talos-systems/go-loadbalancer

3 commits

a445702 feat: allow dial timeout and keep alive period to be configurable
3c8f347 feat: provide a way to configure logger for the loadbalancer
da8e987 feat: implement Reconcile - ability to change upstream list on the fly

Changes from talos-systems/go-smbios

1 commit

d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

15 commits

a3a6650 feat: update containerd to 1.5.2
c70ea44 feat: update runc to 1.0.0-rc95
db60235 feat: add support for netxen card
f934187 feat: update containerd to 1.5.1
e8ed5bc feat: add geneve encapsulation support for openvswitch
9f7903c feat: update containerd to 1.5.0, runc to -rc94
d7c0f70 feat: add AES-NI support for amd64
b0d9cd2 fix: build zbin utility for both amd64 and arm64
bb39b97 feat: add IPMI support in kernel
1148f9a feat: add DS1307 RTC support for arm64
350aa6f feat: add USB serial support
de9c582 feat: add Pine64 SBC support
b56f36b feat: enable VMware baloon kernel module
f87c194 feat: add iPXE build with embedded placeholder script
a8b9e71 feat: add cpu scaling for rpi

Dependency Changes

github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
github.com/containerd/containerd v1.4.4 -> v1.5.2
github.com/containerd/go-cni v1.0.1 -> v1.0.2
github.com/containerd/typeurl v1.0.1 -> v1.0.2
github.com/coreos/go-iptables v0.5.0 -> v0.6.0
github.com/cosi-project/runtime 10d6103c19ab -> 8a4533ce68e2
github.com/docker/docker v20.10.4 -> v20.10.6
github.com/emicklei/dot v0.15.0 -> v0.16.0
github.com/fatih/color v1.10.0 -> v1.11.0
github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
github.com/hashicorp/go-getter v1.5.2 -> v1.5.3
github.com/mdlayher/ethtool 2b88debcdd43 new
github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> e6143ca7d51d
github.com/plunder-app/kube-vip v0.3.2 -> v0.3.4
github.com/rs/xid v1.2.1 -> v1.3.0
github.com/talos-systems/crypto 39584f1b6e54 -> 4f80b976b640
github.com/talos-systems/go-blockdevice 1d830a25f64f -> 1292574643e0
github.com/talos-systems/go-debug 3d0a6e1bf5e3 new
github.com/talos-systems/go-kmsg v0.1.0 new
github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
github.com/talos-systems/go-smbios fb425d4727e6 -> d3a32bea731a
github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-alpha.0-5-ga3a6650
github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.50.0
github.com/vmware/govmomi v0.24.0 -> v0.25.0
go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0-beta.3
go.etcd.io/etcd/client/pkg/v3 v3.5.0-beta.3 new
go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0-beta.3
go.etcd.io/etcd/etcdutl/v3 v3.5.0-beta.3 new
go.uber.org/zap c23abee72d19 new
golang.org/x/net e18ecbb05110 -> 0714010a04ed
golang.org/x/sys 77cc2087c03b -> 0981d6026fa6
golang.org/x/term 6a3ed077a48d -> a79de5458b56
golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> f9ad6d392236
google.golang.org/grpc v1.37.0 -> v1.38.0
inet.af/netaddr 1d252cf8125e new
k8s.io/api v0.21.0 -> v0.21.1
k8s.io/apimachinery v0.21.0 -> v0.21.1
k8s.io/apiserver v0.21.0 -> v0.21.1
k8s.io/client-go v0.21.0 -> v0.21.1
k8s.io/kubectl v0.21.0 -> v0.21.1
k8s.io/kubelet v0.21.0 -> v0.21.1

Previous release can be found at v0.10.0

Talos 0.10.0-alpha.2 (2021-04-08)

Welcome to the v0.10.0-alpha.2 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Disaster Recovery

support for creating etcd snapshots (backups) with talosctl etcd snapshot command.
etcd cluster can be recovered from a snapshot using talosctl boostrap --recover-from= command.

Install Disk Selector

Install section of the machine config now has diskSelector field that allows querying install disk using the list of qualifiers:

...
  install:
    diskSelector:
      size: >= 500GB
      model: WDC*
...

talosctl disks -n <node> -i can be used to check allowed disk qualifiers when the node is running in the maintenance mode.

Optimizations

Talos system services now run without container images on initramfs from the single executable; this change reduces RAM usage, initramfs size and boot time..

SBCs

u-boot version was updated to fix the boot and USB issues on Raspberry Pi 4 8GiB version.
added support for Rock Pi 4.

Time Syncrhonization

timed service was replaced with a time sync controller, no machine configuration changes.
Talos now prefers last successful time server (by IP address) on each sync attempt (improves sync accuracy).

Contributors

Andrey Smirnov
Alexey Palazhchenko
Artem Chernyshev
Spencer Smith
Seán C McCord
Andrew Rynhard
Branden Cash
Jorik Jonker
Matt Zahorik
bzub

Changes

104 commits

e0650218 feat: support etcd recovery from snapshot on bootstrap
247bd50e docs: describe steps to install and boot Talos from the SSD on rockpi4
e6b4e524 test: update CAPA to 0.6.4
28753f6d fix: trim endpoints/nodes from arguments in talosctl config
aca63b88 docs: fix "DigitalOcean" spelling
33035901 fix: revert mark PMBR EFI partition as bootable
fbfd1eb2 refactor: pull new version of os-runtime, update code
8737ea71 feat: allow external cloud provides configration
3909e2d0 chore: update Go to 1.16.3
690eb20e chore: update blockdevice library for PMBR bootable fix
a8761b8e fix: require leader on etcd member operations
3dc84625 fix: make both HDMI ports work on RPi 4
bd5ae1e0 fix: add a check for overlay mounts in installer pre-flight checks
df8649cb refactor: download modules before go generate
39ae0415 chore: bump dependencies via dependabot
e16d6d34 fix: publish rockpi4 image to release artifacts
39c6dbcc feat: add --config-patch parameter to talosctl gen config
e664362c feat: add API and command to save etcd snapshot (backup)
61b694b9 fix: create rootfs for system services via /system tmpfs
abc2e17e test: update 0.9.x version in upgrade tests to 0.9.1
a1e64154 fix: retry Kubernetes API errors on cordon/uncordon/etc
063d1abe fix: print task failure error immediately
e039172e fix: ignore EOF errors from Kubernetes API when converting control plane
7bcb91a4 docs: fix typo for stage flag
a43acb21 feat: bring in Linux 5.10.27, support for 32-bit time syscalls
e2bb5973 release(v0.10.0-alpha.1): prepare release
8309312a chore: build components with race detector enabled in dev mode
7d912584 test: fix data race in apply config tests
204caf8e test: fix apply-config integration test, bump clusterctl version
d812099d fix: address several issues in TUI installer
269c9ad0 fix: don't write to config object on access
a9451f57 feat: update Kubernetes to 1.21.0-beta.1
4b42ced4 feat: add ability to disable comments in talosctl gen config
a0dcfc3d fix: workaround race in containerd runner with stdin pipe
2ea20f59 feat: replace timed with time sync controller
c38a161a test: add unit-test for machine config validation
a6106815 chore: bump dependencies via dependabot
35598f39 chore: refactor: extract ClusterConfig
03285184 fix: get rid of data race in encoder and fix concurrent map access
4b3580aa fix: prevent panic in validate config if machine.install is missing
d7e9f6d6 chore: build integration tests with -race
9f7d67ac chore: fix typo
672c9707 fix: allow convert-k8s --remove-initialized-keys with K8s cp is down
fb605a0f chore: tweak nolintlint settings
1f5a0c40 fix: resolve the issue with Kubernetes upgrade
74b2b557 docs: update AWS docs to ensure instances are tagged
dc21d9b4 chore: remove old file
966caf7a chore: remove unused module replace directives
98b22f1e feat: show short options in talosctl kubeconfig
51139d54 chore: cache go modules in the build
65701aa7 fix: resolve the issue with DHCP lease not being renewed
711f5b23 fix: config validation: CNI should apply to cp nodes, encryption config
5ff491d9 fix: allow empty list for CNI URLs
946e74f0 docs: update path for kernel downloads in qemu docs
ed272e60 feat: update Kubernetes to 1.21.0-beta.0
b0209fd2 refactor: move networkd, timed APIs to machined, remove routerd
6ffabe51 feat: add ability to find disk by disk properties
ac876470 refactor: move apid, routerd, timed and trustd to single executable
89a4b09f refactor: run networkd as a goroutine in machined
f4a6a19c chore: update sonobuoy
dc294db1 chore: bump dependencies via dependabot
2b1641a3 docs: add AMIs for Talos 0.9.0
79ceb428 docs: make v0.9 the default docs
a5b62f4d docs: add documentation for Talos 0.10
ce795f1c fix: command etcd remove-member shouldn't remove etcd data directory
aab49a16 fix: repair zsh completion
fc9c416a fix: build rockpi4 metal image as part of CI build
125b86f4 fix: upgrade-k8s bug with empty config values and provision script
8b2d228d chore: add script for starting registry proxies
f7d276b8 chore: remove old osctl reference
5b14d6f2 chore: fix make help output
f0512dfc feat: update Kubernetes to 1.20.5
24cd0a20 feat: publish talosctl container image
6e17102c chore: remove unused code
88104407 docs: add control plane in-depth guide
ecf03449 chore: bump Go to 1.16.2
cbc38418 release(v0.10.0-alpha.0): prepare release
3455a8e8 chore: use new release tool for changelogs and release notes
08271ba9 chore: use Go 1.16 language version
7662d033 fix: talosctl health should not check kube-proxy when it is disabled
0dbaeb9e chore: update tools, use new generators
e31790f6 fix: properly format spec comments in the resources
78d384eb test: update aws cloud provider version
3c5bfbb4 fix: don't touch any partitions on upgrade with --preserve
891f90fe chore: update Linux to 5.10.23
d4d77882 chore: update dependencies via dependabot
2e22f20b docs: minor fixes to getting started
ca8a5596 chore: fix provision tests after changes to build-container
4aae924c refactor: provide explicit logger for networkd
22f37530 chore: update golanci-lint to 1.38.0
83b4e7f7 feat: add Rock pi 4 support
1362966f docs: rewrite getting-started for ISO
8e57fc4f fix: move containerd CRI config files under /var/
6f7df3da fix: update output of convert-k8s command
dce6118c docs: add guide for VIP
ee5d9ffa chore: bump Go to 1.16.1
7c529e1c docs: fix links in the documentation
f596c7f6 docs: add video for raspberry pi install
47324dca docs: add guide on editing machine configuration
99d5f894 chore: update website npm dependencies
11056a80 docs: add highlights for 0.9 release
ae8bedb9 docs: add control plane conversion guide and 0.9 upgrade notes
ed9673e5 docs: add troubleshooting control plane documentation
485cb126 docs: update Kubernetes upgrade guide

Changes since v0.10.0-alpha.1

25 commits

e0650218 feat: support etcd recovery from snapshot on bootstrap
247bd50e docs: describe steps to install and boot Talos from the SSD on rockpi4
e6b4e524 test: update CAPA to 0.6.4
28753f6d fix: trim endpoints/nodes from arguments in talosctl config
aca63b88 docs: fix "DigitalOcean" spelling
33035901 fix: revert mark PMBR EFI partition as bootable
fbfd1eb2 refactor: pull new version of os-runtime, update code
8737ea71 feat: allow external cloud provides configration
3909e2d0 chore: update Go to 1.16.3
690eb20e chore: update blockdevice library for PMBR bootable fix
a8761b8e fix: require leader on etcd member operations
3dc84625 fix: make both HDMI ports work on RPi 4
bd5ae1e0 fix: add a check for overlay mounts in installer pre-flight checks
df8649cb refactor: download modules before go generate
39ae0415 chore: bump dependencies via dependabot
e16d6d34 fix: publish rockpi4 image to release artifacts
39c6dbcc feat: add --config-patch parameter to talosctl gen config
e664362c feat: add API and command to save etcd snapshot (backup)
61b694b9 fix: create rootfs for system services via /system tmpfs
abc2e17e test: update 0.9.x version in upgrade tests to 0.9.1
a1e64154 fix: retry Kubernetes API errors on cordon/uncordon/etc
063d1abe fix: print task failure error immediately
e039172e fix: ignore EOF errors from Kubernetes API when converting control plane
7bcb91a4 docs: fix typo for stage flag
a43acb21 feat: bring in Linux 5.10.27, support for 32-bit time syscalls

Changes from talos-systems/extras

3 commits

cf3934a feat: build with Go 1.16.3
c0fa0c0 feat: bump Go to 1.16.2
5f89d77 feat: bump Go to 1.16.1

Changes from talos-systems/go-blockdevice

3 commits

1d830a2 fix: revert mark the EFI partition in PMBR as bootable
bec914f fix: mark the EFI partition in PMBR as bootable
776b37d feat: add options to probe disk by various sysblock parameters

Changes from talos-systems/os-runtime

5 commits

86d9e09 chore: bump go.mod dependencies
2de411a feat: major rewrite of the os-runtime with new features
ded40a7 feat: implement controller runtime gRPC bridge
0d5b5a9 feat: implement resource state service and client
d04ec51 feat: add common COSI resource protobuf, implement bridge with state

Changes from talos-systems/pkgs

8 commits

9a6cf6b feat: build with Go 1.16.3
60ce626 feat: update Linux to 5.10.27, enable 32-bit time syscalls
fdf4866 feat: bump tools for Go 1.16.2
35f9b6f feat: update kernel to 5.10.23
dbae83e fix: do not use git-lfs for rockpi4 binaries
1c6b9a3 feat: bump tools for Go 1.16.1
c18073f feat: add u-boot for Rock Pi 4
6b85a2b feat: upgrade u-boot to 2021.04-rc3

Changes from talos-systems/tools

5 commits

1f26def feat: update Go to 1.16.3
41b8073 feat: bump protobuf-related tools
f7bce92 chore: bump Go to 1.16.2
bcf3380 feat: bump protobuf deps, add protoc-gen-go-grpc
b49c40e feat: bump Go to 1.16.1

Dependency Changes

github.com/coreos/go-semver v0.3.0 new
github.com/golang/protobuf v1.4.3 -> v1.5.2
github.com/google/go-cmp v0.5.4 -> v0.5.5
github.com/hashicorp/go-multierror v1.1.0 -> v1.1.1
github.com/talos-systems/extras v0.2.0-1-g0db3328 -> v0.3.0-alpha.0-2-gcf3934a
github.com/talos-systems/go-blockdevice bb3ad73f6983 -> 1d830a25f64f
github.com/talos-systems/os-runtime 7b3d14457439 -> 86d9e090bdc4
github.com/talos-systems/pkgs v0.4.1-2-gd471b60 -> v0.5.0-alpha.0-5-g9a6cf6b
github.com/talos-systems/tools v0.4.0-1-g3b25a7e -> v0.5.0-alpha.0-4-g1f26def
go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0 new
google.golang.org/grpc v1.36.0 -> v1.36.1
google.golang.org/protobuf v1.25.0 -> v1.26.0
k8s.io/api v0.20.5 -> v0.21.0-rc.0
k8s.io/apimachinery v0.20.5 -> v0.21.0-rc.0
k8s.io/apiserver v0.20.5 -> v0.21.0-rc.0
k8s.io/client-go v0.20.5 -> v0.21.0-rc.0
k8s.io/cri-api v0.20.5 -> v0.21.0-rc.0
k8s.io/kubectl v0.20.5 -> v0.21.0-rc.0
k8s.io/kubelet v0.20.5 -> v0.21.0-rc.0

Previous release can be found at v0.9.0

Talos 0.10.0-alpha.1 (2021-03-31)

Welcome to the v0.10.0-alpha.1 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Install Disk Selector

Install section of the machine config now has diskSelector field that allows querying install disk using the list of qualifiers:

...
  install:
    diskSelector:
      size: >= 500GB
      model: WDC*
...

talosctl disks -n <node> -i can be used to check allowed disk qualifiers when the node is running in the maintenance mode.

Optimizations

Talos system services now run without container images on initramfs from the single executable; this change reduces RAM usage, initramfs size and boot time..

SBCs

u-boot version was updated to fix the boot and USB issues on Raspberry Pi 4 8GiB version.
added support for Rock Pi 4.

Contributors

Andrey Smirnov
Alexey Palazhchenko
Artem Chernyshev
Spencer Smith
Seán C McCord
Andrew Rynhard
Jorik Jonker
bzub

Changes

78 commits

8309312a chore: build components with race detector enabled in dev mode
7d912584 test: fix data race in apply config tests
204caf8e test: fix apply-config integration test, bump clusterctl version
d812099d fix: address several issues in TUI installer
269c9ad0 fix: don't write to config object on access
a9451f57 feat: update Kubernetes to 1.21.0-beta.1
4b42ced4 feat: add ability to disable comments in talosctl gen config
a0dcfc3d fix: workaround race in containerd runner with stdin pipe
2ea20f59 feat: replace timed with time sync controller
c38a161a test: add unit-test for machine config validation
a6106815 chore: bump dependencies via dependabot
35598f39 chore: refactor: extract ClusterConfig
03285184 fix: get rid of data race in encoder and fix concurrent map access
4b3580aa fix: prevent panic in validate config if machine.install is missing
d7e9f6d6 chore: build integration tests with -race
9f7d67ac chore: fix typo
672c9707 fix: allow convert-k8s --remove-initialized-keys with K8s cp is down
fb605a0f chore: tweak nolintlint settings
1f5a0c40 fix: resolve the issue with Kubernetes upgrade
74b2b557 docs: update AWS docs to ensure instances are tagged
dc21d9b4 chore: remove old file
966caf7a chore: remove unused module replace directives
98b22f1e feat: show short options in talosctl kubeconfig
51139d54 chore: cache go modules in the build
65701aa7 fix: resolve the issue with DHCP lease not being renewed
711f5b23 fix: config validation: CNI should apply to cp nodes, encryption config
5ff491d9 fix: allow empty list for CNI URLs
946e74f0 docs: update path for kernel downloads in qemu docs
ed272e60 feat: update Kubernetes to 1.21.0-beta.0
b0209fd2 refactor: move networkd, timed APIs to machined, remove routerd
6ffabe51 feat: add ability to find disk by disk properties
ac876470 refactor: move apid, routerd, timed and trustd to single executable
89a4b09f refactor: run networkd as a goroutine in machined
f4a6a19c chore: update sonobuoy
dc294db1 chore: bump dependencies via dependabot
2b1641a3 docs: add AMIs for Talos 0.9.0
79ceb428 docs: make v0.9 the default docs
a5b62f4d docs: add documentation for Talos 0.10
ce795f1c fix: command etcd remove-member shouldn't remove etcd data directory
aab49a16 fix: repair zsh completion
fc9c416a fix: build rockpi4 metal image as part of CI build
125b86f4 fix: upgrade-k8s bug with empty config values and provision script
8b2d228d chore: add script for starting registry proxies
f7d276b8 chore: remove old osctl reference
5b14d6f2 chore: fix make help output
f0512dfc feat: update Kubernetes to 1.20.5
24cd0a20 feat: publish talosctl container image
6e17102c chore: remove unused code
88104407 docs: add control plane in-depth guide
ecf03449 chore: bump Go to 1.16.2
cbc38418 release(v0.10.0-alpha.0): prepare release
3455a8e8 chore: use new release tool for changelogs and release notes
08271ba9 chore: use Go 1.16 language version
7662d033 fix: talosctl health should not check kube-proxy when it is disabled
0dbaeb9e chore: update tools, use new generators
e31790f6 fix: properly format spec comments in the resources
78d384eb test: update aws cloud provider version
3c5bfbb4 fix: don't touch any partitions on upgrade with --preserve
891f90fe chore: update Linux to 5.10.23
d4d77882 chore: update dependencies via dependabot
2e22f20b docs: minor fixes to getting started
ca8a5596 chore: fix provision tests after changes to build-container
4aae924c refactor: provide explicit logger for networkd
22f37530 chore: update golanci-lint to 1.38.0
83b4e7f7 feat: add Rock pi 4 support
1362966f docs: rewrite getting-started for ISO
8e57fc4f fix: move containerd CRI config files under /var/
6f7df3da fix: update output of convert-k8s command
dce6118c docs: add guide for VIP
ee5d9ffa chore: bump Go to 1.16.1
7c529e1c docs: fix links in the documentation
f596c7f6 docs: add video for raspberry pi install
47324dca docs: add guide on editing machine configuration
99d5f894 chore: update website npm dependencies
11056a80 docs: add highlights for 0.9 release
ae8bedb9 docs: add control plane conversion guide and 0.9 upgrade notes
ed9673e5 docs: add troubleshooting control plane documentation
485cb126 docs: update Kubernetes upgrade guide

Changes since v0.10.0-alpha.0

50 commits

8309312a chore: build components with race detector enabled in dev mode
7d912584 test: fix data race in apply config tests
204caf8e test: fix apply-config integration test, bump clusterctl version
d812099d fix: address several issues in TUI installer
269c9ad0 fix: don't write to config object on access
a9451f57 feat: update Kubernetes to 1.21.0-beta.1
4b42ced4 feat: add ability to disable comments in talosctl gen config
a0dcfc3d fix: workaround race in containerd runner with stdin pipe
2ea20f59 feat: replace timed with time sync controller
c38a161a test: add unit-test for machine config validation
a6106815 chore: bump dependencies via dependabot
35598f39 chore: refactor: extract ClusterConfig
03285184 fix: get rid of data race in encoder and fix concurrent map access
4b3580aa fix: prevent panic in validate config if machine.install is missing
d7e9f6d6 chore: build integration tests with -race
9f7d67ac chore: fix typo
672c9707 fix: allow convert-k8s --remove-initialized-keys with K8s cp is down
fb605a0f chore: tweak nolintlint settings
1f5a0c40 fix: resolve the issue with Kubernetes upgrade
74b2b557 docs: update AWS docs to ensure instances are tagged
dc21d9b4 chore: remove old file
966caf7a chore: remove unused module replace directives
98b22f1e feat: show short options in talosctl kubeconfig
51139d54 chore: cache go modules in the build
65701aa7 fix: resolve the issue with DHCP lease not being renewed
711f5b23 fix: config validation: CNI should apply to cp nodes, encryption config
5ff491d9 fix: allow empty list for CNI URLs
946e74f0 docs: update path for kernel downloads in qemu docs
ed272e60 feat: update Kubernetes to 1.21.0-beta.0
b0209fd2 refactor: move networkd, timed APIs to machined, remove routerd
6ffabe51 feat: add ability to find disk by disk properties
ac876470 refactor: move apid, routerd, timed and trustd to single executable
89a4b09f refactor: run networkd as a goroutine in machined
f4a6a19c chore: update sonobuoy
dc294db1 chore: bump dependencies via dependabot
2b1641a3 docs: add AMIs for Talos 0.9.0
79ceb428 docs: make v0.9 the default docs
a5b62f4d docs: add documentation for Talos 0.10
ce795f1c fix: command etcd remove-member shouldn't remove etcd data directory
aab49a16 fix: repair zsh completion
fc9c416a fix: build rockpi4 metal image as part of CI build
125b86f4 fix: upgrade-k8s bug with empty config values and provision script
8b2d228d chore: add script for starting registry proxies
f7d276b8 chore: remove old osctl reference
5b14d6f2 chore: fix make help output
f0512dfc feat: update Kubernetes to 1.20.5
24cd0a20 feat: publish talosctl container image
6e17102c chore: remove unused code
88104407 docs: add control plane in-depth guide
ecf03449 chore: bump Go to 1.16.2

Changes from talos-systems/extras

2 commits

c0fa0c0 feat: bump Go to 1.16.2
5f89d77 feat: bump Go to 1.16.1

Changes from talos-systems/go-blockdevice

1 commit

776b37d feat: add options to probe disk by various sysblock parameters

Changes from talos-systems/pkgs

6 commits

fdf4866 feat: bump tools for Go 1.16.2
35f9b6f feat: update kernel to 5.10.23
dbae83e fix: do not use git-lfs for rockpi4 binaries
1c6b9a3 feat: bump tools for Go 1.16.1
c18073f feat: add u-boot for Rock Pi 4
6b85a2b feat: upgrade u-boot to 2021.04-rc3

Changes from talos-systems/tools

4 commits

41b8073 feat: bump protobuf-related tools
f7bce92 chore: bump Go to 1.16.2
bcf3380 feat: bump protobuf deps, add protoc-gen-go-grpc
b49c40e feat: bump Go to 1.16.1

Dependency Changes

github.com/coreos/go-semver v0.3.0 new
github.com/golang/protobuf v1.4.3 -> v1.5.1
github.com/google/go-cmp v0.5.4 -> v0.5.5
github.com/hashicorp/go-multierror v1.1.0 -> v1.1.1
github.com/talos-systems/extras v0.2.0-1-g0db3328 -> v0.3.0-alpha.0-1-gc0fa0c0
github.com/talos-systems/go-blockdevice bb3ad73f6983 -> 776b37d31de0
github.com/talos-systems/pkgs v0.4.1-2-gd471b60 -> v0.5.0-alpha.0-3-gfdf4866
github.com/talos-systems/tools v0.4.0-1-g3b25a7e -> v0.5.0-alpha.0-3-g41b8073
google.golang.org/grpc v1.36.0 -> v1.36.1
google.golang.org/protobuf v1.25.0 -> v1.26.0
k8s.io/api v0.20.5 -> v0.21.0-rc.0
k8s.io/apimachinery v0.20.5 -> v0.21.0-rc.0
k8s.io/apiserver v0.20.5 -> v0.21.0-rc.0
k8s.io/client-go v0.20.5 -> v0.21.0-rc.0
k8s.io/cri-api v0.20.5 -> v0.21.0-rc.0
k8s.io/kubectl v0.20.5 -> v0.21.0-rc.0
k8s.io/kubelet v0.20.5 -> v0.21.0-rc.0

Previous release can be found at v0.9.0

Talos 0.10.0-alpha.0 (2021-03-17)

Welcome to the v0.10.0-alpha.0 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

SBCs

u-boot version was updated to fix the boot and USB issues on Raspberry Pi 4 8GiB version.
added support for Rock Pi 4.

Contributors

Andrey Smirnov
Alexey Palazhchenko
Artem Chernyshev
Seán C McCord
Spencer Smith
Andrew Rynhard

Changes

27 commits

3455a8e8 chore: use new release tool for changelogs and release notes
08271ba9 chore: use Go 1.16 language version
7662d033 fix: talosctl health should not check kube-proxy when it is disabled
0dbaeb9e chore: update tools, use new generators
e31790f6 fix: properly format spec comments in the resources
78d384eb test: update aws cloud provider version
3c5bfbb4 fix: don't touch any partitions on upgrade with --preserve
891f90fe chore: update Linux to 5.10.23
d4d77882 chore: update dependencies via dependabot
2e22f20b docs: minor fixes to getting started
ca8a5596 chore: fix provision tests after changes to build-container
4aae924c refactor: provide explicit logger for networkd
22f37530 chore: update golanci-lint to 1.38.0
83b4e7f7 feat: add Rock pi 4 support
1362966f docs: rewrite getting-started for ISO
8e57fc4f fix: move containerd CRI config files under /var/
6f7df3da fix: update output of convert-k8s command
dce6118c docs: add guide for VIP
ee5d9ffa chore: bump Go to 1.16.1
7c529e1c docs: fix links in the documentation
f596c7f6 docs: add video for raspberry pi install
47324dca docs: add guide on editing machine configuration
99d5f894 chore: update website npm dependencies
11056a80 docs: add highlights for 0.9 release
ae8bedb9 docs: add control plane conversion guide and 0.9 upgrade notes
ed9673e5 docs: add troubleshooting control plane documentation
485cb126 docs: update Kubernetes upgrade guide

Changes since v0.10.0-alpha.0

0 commit

Changes from talos-systems/extras

1 commit

5f89d77 feat: bump Go to 1.16.1

Changes from talos-systems/os-runtime

1 commit

7b3d144 feat: use go-yaml fork and serialize spec as RawYAML objects

Changes from talos-systems/pkgs

5 commits

35f9b6f feat: update kernel to 5.10.23
dbae83e fix: do not use git-lfs for rockpi4 binaries
1c6b9a3 feat: bump tools for Go 1.16.1
c18073f feat: add u-boot for Rock Pi 4
6b85a2b feat: upgrade u-boot to 2021.04-rc3

Changes from talos-systems/tools

2 commits

bcf3380 feat: bump protobuf deps, add protoc-gen-go-grpc
b49c40e feat: bump Go to 1.16.1

Dependency Changes

github.com/hashicorp/go-multierror v1.1.0 -> v1.1.1
github.com/talos-systems/extras v0.2.0 -> v0.3.0-alpha.0
github.com/talos-systems/os-runtime 84c3c875eb2b -> 7b3d14457439
github.com/talos-systems/pkgs v0.4.1 -> v0.5.0-alpha.0-2-g35f9b6f
github.com/talos-systems/tools v0.4.0 -> v0.5.0-alpha.0-1-gbcf3380

Previous release can be found at v0.9.0-beta.0

v0.9.0-alpha.5 (2021-03-03)

Chore

bump Go module dependencies
properly propagate context object in the controller

Feat

bypass lock if ACPI reboot/shutdown issued
add --on-reboot flag to talosctl edit/patch machineConfig
support JSON output in talosctl get, event types
rename namespaces, resources, types etc

v0.9.0-alpha.4 (2021-03-02)

Chore

update provision/upgrade tests to 0.9.0-alpha.3

Docs

bump v0.8 release version in the SBCs guides
add disk encryption guide

Feat

update linux kernel to 5.10.19

Fix

ignore 'ENOENT' (no such file directory) on mount
move etcd to cri containerd runner

v0.9.0-alpha.3 (2021-03-01)

Chore

bump dependencies via dependabot
build both Darwin and Linux versions of talosctl
bump dependencies via dependabot
switch CI to stop embedding local registry into the builds

Docs

update AMI images for 0.8.4

Feat

implement etcd remove-member cli command
update etcd to 3.4.15
talosctl: allow v-prefixed k8s versions
implement simple layer 2 shared IP for CP
implement talosctl edit and patch config commands
bump etcd client library to 3.5.0-alpha.0

Fix

update in-cluster kubeconfig validity to match other certs
add ApplyDynamicConfig call in the apply-config --immediate mode
set hdmi_safe=1 on Raspberry Pi for maximum HDMI compatibility
show stopped/exited containers via CRI inspector
make ApplyDynamicConfig idempotent
improve the drain function
correctly set service state in the resource
update the layout of the Disks API to match proxying requirements
stop and clean up installer container correctly
sanitize volume name better in static pod extra volumes

Refactor

add context to the networkd
split WithNetworkConfig into sub-options

Test

add integration test with Canal CNI and reset API
upgrade master to master tests

v0.9.0-alpha.2 (2021-02-20)

Chore

add default cron pipeline to the list of pipelines
run default pipeline as part of the cron pipeline

Docs

add link to GitHub Discussions as a support forum

Feat

u-boot 2021.01, ca-certificates update, Linux file ACLs
support control plane upgrades with Talos managed control plane
add support for extra volume mounts for control plane pods
add a warning to boot log if running self-hosted control plane
add an option to disable kube-proxy manifest
update Kubernetes to 1.20.4
add state encryption support

Fix

redirect warnings in manifest apply k8s client
handle case when kubelet serving certificates are issued
correctly escape extra args in kube-proxy manifest
skip empty manifest YAML sub-documents

Refactor

split kubernetes/etcd resource generation into subresources

Test

enable disk encryption key rotation test
update integration tests to use wrapped client for etcd APIs

v0.9.0-alpha.1 (2021-02-09)

Chore

update artifacts bucket name in Drone
rework Drone pipelines
update dependencies via dependabot
ci: fix schedules in Drone pipelines
ci: update gcp templates

Docs

update AMI list for 0.8.2
fix typos

Feat

add a tool and package to convert self-hosted CP to static pods
implement ephemeral partition encryption
add resource watch API + CLI
rename apply-config --no-reboot to --on-reboot
skip filesystem for state and ephemeral partitions in the installer
stop all pods before unmounting ephemeral partition
bump Go to 1.15.8
support version contract for Talos config generation
update Linux to 5.10.14
add an option to force upgrade without checks
upgrade CoreDNS to 1.8.0
implement IPv6 DHCP client in networkd

Fix

correctly unwrap responses for etcd commands
drop cri dependency on etcd
move versions to annotations in control plane static pods
find master node IPs correctly in health checks
add 3 seconds grub boot timeout
don't use filename from URL when downloading manifest
pass attributes when adding routes
correct response structure for GenerateConfig API
correctly extract wrapped error messages
prevent crash in machined on apid service stop
wait for time sync before generating Kubernetes certificates
set proper hostname on docker nodes
mount kubelet secrets from system instead of ephemeral
allow loading of empty config files
prefer configured nameservers, fix DHCP6 in container
refresh control plane endpoints on worker apids on schedule
update DHCP client to use Request-Ack sequence after an Offer

Refactor

extract go-cmd into a separate library

Test

trigger e2e on thrice daily
update aws templates
add support for IPv6 in talosctl cluster create

v0.9.0-alpha.0 (2021-02-01)

Chore

bump dependencies (via dependabot)
fix import path for fsnotify
add dependabot config
enable virtio-balloon and monitor in QEMU provisioner
update protobuf, grpc-go, prototool
update upgrade test version used

Docs

update components.md
add v0.9 docs
add modes to validate command
document omitting DiskPartition size
update references to 0.8.0, add 0.8.0 AWS AMIs
fix latest docs
set latest docs to v0.8
provide AMIs for 0.8.0-beta.0
fix SBC docs to point to beta.0 instead of beta.1
update Talos release for SBCs

Feat

move to ECDSA keys for all Kubernetes/etcd certs and keys
update kernel
mount hugetlbfs
allow fqdn to be used when registering k8s node
copy cryptsetup executable from pkgs
use multi-arch images for k8s and Flannel CNI
replace bootkube with Talos-managed control plane
implement resource API in Talos
update Linux to 5.10.7, musl-libc to 1.2.2
update Kubernetes to 1.20.2
support Wireguard networking
bump pkgs for kernel with CONFIG_IPV6_MULTIPLE_TABLES
support type filter in list API and CLI
add commands to manage/query etcd cluster
support disk image in talosctl cluster create
update Kubernetes to 1.20.1

Fix

use hugetlbfs instead of none
use grpc load-balancing when connecting to trustd
lower memory usage a bit by disabling memory profiling
don't probe disks in container mode
prefix rendered Talos-owned static pod manifests
bump timeout for worker apid waiting for kubelet client config
kill all processes and umount all disk on reboot/shutdown
open blockdevices with exclusive flock for partitioning
list command unlimited recursion default behavior
pick first interface valid hostname (vs. last one)
allow 'console' argument in kernel args to be always overridden
bring up bonded interfaces correctly on packet
checkpoint controller-manager and scheduler
correctly transport gRPC errors from apid
use SetAll instead of AppendAll when building kernel args
add more dependencies for bootstrap services
pass disk image flags to e2e-qemu cluster create command
ignore pods spun up from checkpoints in health checks
leave etcd for staged upgrades
ignore errors on stopping/removing pod sandboxes
use the correct console on Banana Pi M64
don't run LabelNodeAsMaster in two sequences

Refactor

update go-blockdevice and restructure disk interaction code
define default kernel flags in machinery instead of procfs

Test

clear connection refused errors after reset
skip etcd tests on non-HA clusters

v0.8.0-alpha.3 (2020-12-10)

Chore

update CONTRIBUTING.md
limit unit-test run concurrency
bump Go to 1.15.6
bump dockerfile frontend version
fix conform for releases

Docs

update Equinix Metal guide
add architectural doc on the root file system layout
add a note on caveats in container mode
add storage doc
add guide for custom CAs
add docs for network connectivity
improve SBC documentation

Feat

update kernel to 5.9.13, new KSPP requirements
reset with system disk wipe spec
add talosctl merge config command
add talosctl config contexts
update Kubernetes to 1.20.0
implement "staged" (failsafe/backup) upgrades
allow disabling NoSchedule taint on masters using TUI installer

Fix

remove kmsg ratelimiting on startup
zero out partitions without filesystems on install
make interactive installer work without endpoints provided

Test

add ISO test
add support for mounting ISO in talosctl cluster create
bump Talos release version for upgrade test to 0.7.1
bump defaults for provision tests resources

v0.8.0-alpha.2 (2020-12-04)

Chore

publish Rock64 image
enable thrice daily pipeline
run integration test thrice daily
output SBC images as compressed raw images
build SBC images
update module dependencies
drop support for docker load
fix metal image name
use IMAGE_TAG instead of TAG for :latest pushes

Docs

fix typos
add openstack docs
ensure port for vbox and proxmox docs
add console kernel arg to rpi_4 image generation
add console kernel arg to libretech_all_h3_cc_h5 image generation

Feat

add support for the Pine64 Rock64
add TUI for configuring network interfaces settings
make GenerateConfiguration accept current time as a parameter
introduce configpatcher package in machinery
suggest fixed control plane endpoints in talosctl gen config
update kubernetes to 1.20.0-rc.0
allow boards to set kernel args
add support for the Banana Pi M64
stop including K8s version by default in talosctl gen config
add support for the Raspberry Pi 4 Model B
implement network interfaces list API
bump package for kernel with CIFS support
upgrade etcd to 3.4.14
update Containerd and Linux
add support for installing to SBCs
add ability to choose CNI config

Fix

make default generate image arch dynamic based on arch
stabilize serial console on RPi4, add video console
make reset work again
node taint doesn't contain value anymore
defer resolving config context in client code
remove value (change to empty) for NoSchedule taint
prevent endless loop with DHCP requests in networkd
skip board argument to the installer if it's not set
use the dtb from kernel pkg for libretech_all_h3_cc_h5
prevent crash in talosctl config commands
update generated .ova manifest for raw disk size
security: update Containerd to v1.4.3

Release

v0.8.0-alpha.2: prepare release

v0.8.0-alpha.1 (2020-11-26)

Chore

add cloud image uploader (AWS AMIs for now)
bump K8s to 1.19.4 in e2e scripts with CABPT version
build arm64 images in CI
remove maintenance service interface and use machine service

Docs

provide list of AMIs on AWS documentation page
add 0.8 docs for the upcoming release
ensure we configure nodes in guides
ensure gcp docs have firewall and node info
add qemu diagram and video walkthrough
graduate v0.7 docs
improve configuration reference documentation
fix small typo in talosctl processes cast
update asciinemas with talosctl
add proxmox doc
add live walkthroughs where applicable

Feat

support openstack platform
update Kubernetes to v1.20.0-beta.2
change UI component for disks selector
support cluster expansion in the interactive installer
implement apply configuration without reboot
make GenerateConfiguration API reuse current node auth
sync time before installer runs
set interface MTU in DHCP mode even if DHCP is not successful
print hint about using interative installer in mainenance mode
add TUI based talos interactive installer
support ipv6 routes
return client config as the second value in GenerateConfiguration
correctly merge talosconfig (don't ever overwrite)
drop to maintenance mode in cloud platforms if userdata is missing
read config from extra guestinfo key (vmware)
update Go to 1.15.5
add generate config gRPC API
upgrade Kubernetes default version to 1.19.4
add example command in maintenance, enforce cert fingerprint
add storage API

Fix

bump blockdevice library for mmcblk part name fix
ignore 'not found' errors when stopping/removing CRI pods
return hostname from packet platform
make fingerprint clearly optional in a boot hint
ensure packet nics get all IPs
use ghcr.io/talos-systems/kubelet
bump timeout for config downloading on bare metal

Refactor

drop osd compatibility layer

Release

v0.8.0-alpha.1: prepare release

Test

update integration test versions, clean up names

1.7 MiB Raw Blame History

Talos 1.10.0-alpha.0 (2024-12-23)

cgroups v1

Driver Rebind

Component Updates

Contributors

Changes

Changes from siderolabs/pkgs

Changes from siderolabs/tools

Dependency Changes

Talos 1.9.0-alpha.3 (2024-11-25)

AppArmor

Auditd

talosctl cgroups

Device Selectors

Direct Rendering Manager (DRM)

Registry Mirrors

talosctl disks

talosctl wipe

udevd

Component Updates

User Namespaces

Contributors

Changes

Changes since v1.9.0-alpha.2

Changes from siderolabs/crypto

Changes from siderolabs/discovery-api

Changes from siderolabs/discovery-client

Changes from siderolabs/extras

Changes from siderolabs/gen

Changes from siderolabs/go-blockdevice

Changes from siderolabs/go-circular

Changes from siderolabs/go-cmd

Changes from siderolabs/go-kubernetes

Changes from siderolabs/grpc-proxy

Changes from siderolabs/pkgs

Changes from siderolabs/proto-codec

Changes from siderolabs/siderolink

Changes from siderolabs/tools

Dependency Changes

Talos 1.9.0-alpha.2 (2024-11-08)

AppArmor

Auditd

talosctl cgroups

udevd

Component Updates

User Namespaces

Contributors

Changes

Changes since v1.9.0-alpha.1

Changes from siderolabs/crypto

Changes from siderolabs/discovery-api

Changes from siderolabs/discovery-client

Changes from siderolabs/extras

Changes from siderolabs/gen

Changes from siderolabs/go-blockdevice

Changes from siderolabs/go-circular

Changes from siderolabs/go-cmd

Changes from siderolabs/go-kubernetes

Changes from siderolabs/grpc-proxy

Changes from siderolabs/pkgs

Changes from siderolabs/proto-codec

Changes from siderolabs/siderolink

Changes from siderolabs/tools

Dependency Changes

Talos 1.9.0-alpha.1 (2024-11-08)

AppArmor

Auditd

talosctl cgroups

udevd

Component Updates

User Namespaces

Contributors

Changes

Changes since v1.9.0-alpha.0

Changes from siderolabs/crypto

Changes from siderolabs/discovery-api

Changes from siderolabs/discovery-client

Changes from siderolabs/extras

Changes from siderolabs/gen

1.7 MiB

Raw Blame History

`talosctl cgroups`

`talosctl cgroups`

`talosctl cgroups`

`talosctl cgroups`

`talos.halt_if_installed` kernel argument