Talos Linux is a modern Linux distribution built for Kubernetes.
MPL-2.0 License
Bot releases are visible (Hide)
Published by smira almost 2 years ago
Welcome to the v1.3.0-beta.1 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos now supports setting custom audit policy for kube-apiserver
in the machine configuration.
Talos defaults to using cgroups v2 when Talos doesn't run in a container (when running in a container
Talos follows host cgroups mode).
Talos can now be forced to use cgroups v1 by setting boot kernel argument talos.unified_cgroup_hierarchy=0
:
machine:
install:
extraKernelArgs:
- "talos.unified_cgroup_hierarchy=0"
Current cgroups mode can be checked with talosctl ls /sys/fs/cgroup
:
cgroups v1:
blkio
cpu
cpuacct
cpuset
devices
freezer
hugetlb
memory
net_cls
net_prio
perf_event
pids
cgroups v2:
cgroup.controllers
cgroup.max.depth
cgroup.max.descendants
cgroup.procs
cgroup.stat
cgroup.subtree_control
cgroup.threads
cpu.stat
cpuset.cpus.effective
cpuset.mems.effective
init
io.stat
kubepods
memory.numa_stat
memory.stat
podruntime
system
Note:
cgroupsv1
is deprecated and it should be used only for compatibility with workloads which don't supportcgroupsv2
yet.
Talos now supports referencing interface name via enxMAC
address notation:
ip=172.20.0.2::172.20.0.1:255.255.255.0::enx7085c2dfbc59
Talos no longer supports CRI config overrides placed in /var/cri/conf.d
directory.
New way correctly handles merging of containerd/CRI plugin configuration.
Talos enables --experimental-compact-hash-check-enabled option by default to improve
etcd store consistency guarantees.
This options is only available with etcd >= v3.5.5, so Talos doesn't support version of etcd before v3.5.5.
Talos now internally handles etcd member removal by member ID instead of member name (hostname).
This resolves the case when member name is not accurate or empty (eg: when etcd hasn't fully joined yet).
Command talosctl etcd remove-member
now accepts member IDs instead of member names.
New resource can be used to get member ID of the Talos node:
talosctl get etcdmember
Talos now supports new platform: Exoscale.
Exoscale provides a firewall, TCP load balancer and autoscale groups.
It works well with CCM and Kubernetes node autoscaler.
Talos now supports settings kernel module parameters.
Eg:
machine:
kernel:
modules:
- name: "br_netfilter"
parameters:
- nf_conntrack_max=131072
KubeSpan MTU link size is now configurable via network.kubespan.mtu
setting in the machine configuration.
Talos now supports specifying node labels in the machine configuration:
machine:
nodeLabels:
rack: rack1a
zone: us-east-1a
Changes to the node labels will be applied immediately without kubelet
restart.
Talos keeps track of the owned node labels in the talos.dev/owned-labels
annotation.
Talos had an inconsistency in the way registry mirror endpoints are handled when compared with containerd
implementation:
machine:
registries:
mirrors:
docker.io:
endpoints:
- "https://mirror-registry/v2/mirror.docker.io"
Talos would use endpoint https://mirror-registry/v2/mirror.docker.io
, while containerd
would use https://mirror-registry/v2/mirror.docker.io/v2
.
This inconsistency is now fixed, and Talos uses same endpoint as containerd
.
New overridePath
configuration is introduced to skip appending /v2
both on Talos and containerd side:
machine:
registries:
mirrors:
docker.io:
endpoints:
- "https://mirror-registry/v2/mirror.docker.io"
overridePath: true
Talos now uses registry.k8s.io
instead of k8s.gcr.io
for Kubernetes container images.
See Kubernetes documentation for additional details.
If using registry mirrors, or in air-gapped installations you may need to update your configuration.
Talos now supports setting MTU for a specific route.
Talos now supports the Nano Pi R4S SBC.
The Raspberry Pi 4 specific image has been deprecated and will be removed in the v1.4 release of Talos.
Talos now ships a generic Raspberry Pi image that should support more Raspberry Pi variants.
Refer to the docs at https://www.talos.dev/v1.3/talos-guides/install/single-board-computers/rpi_generic/ to find which ones are supported.
By default new clusters will use secretbox for encryption instead of AESCBC.
If both are configured secretbox will take precedence.
Old clusters may keep using AESCBC.
To enable secretbox you may add an encryption secret at cluster.secretboxEncryptionSecret
.
You should keep aescbcEncryptionSecret
however, even if secretbox is enabled older data will still be encrypted with AESCBC.
How to generate the secret:
dd if=/dev/random of=/dev/stdout bs=32 count=1 | base64
The directory "/etc/kubernetes/manifests" is now deprecated.
Static pods should always be configured in machine.pods.
To reenable support you may set machine.kubelet.disableManifestsDirectory
.
Eg:
machine:
kubelet:
disableManifestsDirectory: no
A new subcommand, machineconfig patch
is added to talosctl
to allow patching of machine configuration.
It accepts a machineconfig file and a list of patches as input and outputs the patched machine configuration.
Patches can be sourced from the command line or from a file. Output can be written to a file or to stdout.
Example:
talosctl machineconfig patch controlplane.yaml --patch '[{"op":"replace","path":"/cluster/clusterName","value":"patch1"}]' --patch @/path/to/patch2.json
Additionally, talosctl machineconfig gen
subcommand is introduced as an alias to talosctl gen config
.
Talos is built with Go 1.19.4.
watchErr
from metal.getResource
metal-iso
configuration methodmachined
servicetalosctl gen secrets
configContext
being nil
in Talos clientConn
Revert
functioncancelCtxMu
leftovers in PriorityLockcancelCtx
with the mutexwatchErr
from metal.getResource
nil
pkg/grpc/tls
from github.com/talos-systems/talos
as ./tls
All
lookup method/dev/ram
devicesmmcblk
devicesInsertAt
method via interfaceerrors.Is
for all errors in the setcontext.Context
in RetrySetHeader
callsgrpc.Server
not found handler.grpc.Server
changes changing the dispatch logicprotobuf
from gogo
netip.Addr
instead of net.IP
wgDevice.Peers
from the wireguard.Device
wrapperPrevious release can be found at v1.2.0
ghcr.io/siderolabs/flannel:v0.20.2
ghcr.io/siderolabs/install-cni:v1.3.0-1-g3773d71
docker.io/coredns/coredns:1.10.0
gcr.io/etcd-development/etcd:v3.5.6
registry.k8s.io/kube-apiserver:v1.26.0-rc.1
registry.k8s.io/kube-controller-manager:v1.26.0-rc.1
registry.k8s.io/kube-scheduler:v1.26.0-rc.1
registry.k8s.io/kube-proxy:v1.26.0-rc.1
ghcr.io/siderolabs/kubelet:v1.26.0-rc.1
ghcr.io/siderolabs/installer:v1.3.0-beta.1
registry.k8s.io/pause:3.6
Published by talos-bot almost 2 years ago
Welcome to the v1.3.0-beta.0 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos now supports setting custom audit policy for kube-apiserver
in the machine configuration.
Talos defaults to using cgroups v2 when Talos doesn't run in a container (when running in a container
Talos follows host cgroups mode).
Talos can now be forced to use cgroups v1 by setting boot kernel argument talos.unified_cgroup_hierarchy=0
:
machine:
install:
extraKernelArgs:
- "talos.unified_cgroup_hierarchy=0"
Current cgroups mode can be checked with talosctl ls /sys/fs/cgroup
:
cgroups v1:
blkio
cpu
cpuacct
cpuset
devices
freezer
hugetlb
memory
net_cls
net_prio
perf_event
pids
cgroups v2:
cgroup.controllers
cgroup.max.depth
cgroup.max.descendants
cgroup.procs
cgroup.stat
cgroup.subtree_control
cgroup.threads
cpu.stat
cpuset.cpus.effective
cpuset.mems.effective
init
io.stat
kubepods
memory.numa_stat
memory.stat
podruntime
system
Note:
cgroupsv1
is deprecated and it should be used only for compatibility with workloads which don't supportcgroupsv2
yet.
Talos now supports referencing interface name via enxMAC
address notation:
ip=172.20.0.2::172.20.0.1:255.255.255.0::enx7085c2dfbc59
Talos no longer supports CRI config overrides placed in /var/cri/conf.d
directory.
New way correctly handles merging of containerd/CRI plugin configuration.
Talos enables --experimental-compact-hash-check-enabled option by default to improve
etcd store consistency guarantees.
This options is only available with etcd >= v3.5.5, so Talos doesn't support version of etcd before v3.5.5.
Talos now internally handles etcd member removal by member ID instead of member name (hostname).
This resolves the case when member name is not accurate or empty (eg: when etcd hasn't fully joined yet).
Command talosctl etcd remove-member
now accepts member IDs instead of member names.
New resource can be used to get member ID of the Talos node:
talosctl get etcdmember
Talos now supports new platform: Exoscale.
Exoscale provides a firewall, TCP load balancer and autoscale groups.
It works well with CCM and Kubernetes node autoscaler.
Talos now supports settings kernel module parameters.
Eg:
machine:
kernel:
modules:
- name: "br_netfilter"
parameters:
- nf_conntrack_max=131072
KubeSpan MTU link size is now configurable via network.kubespan.mtu
setting in the machine configuration.
Talos now supports specifying node labels in the machine configuration:
machine:
nodeLabels:
rack: rack1a
zone: us-east-1a
Changes to the node labels will be applied immediately without kubelet
restart.
Talos keeps track of the owned node labels in the talos.dev/owned-labels
annotation.
Talos now uses registry.k8s.io
instead of k8s.gcr.io
for Kubernetes container images.
See Kubernetes documentation for additional details.
If using registry mirrors, or in air-gapped installations you may need to update your configuration.
Talos now supports setting MTU for a specific route.
Talos now supports the Nano Pi R4S SBC.
The Raspberry Pi 4 specific image has been deprecated and will be removed in the v1.4 release of Talos.
Talos now ships a generic Raspberry Pi image that should support more Raspberry Pi variants.
Refer to the docs at https://www.talos.dev/v1.3/talos-guides/install/single-board-computers/rpi_generic/ to find which ones are supported.
By default new clusters will use secretbox for encryption instead of AESCBC.
If both are configured secretbox will take precedence.
Old clusters may keep using AESCBC.
To enable secretbox you may add an encryption secret at cluster.secretboxEncryptionSecret
.
You should keep aescbcEncryptionSecret
however, even if secretbox is enabled older data will still be encrypted with AESCBC.
How to generate the secret:
dd if=/dev/random of=/dev/stdout bs=32 count=1 | base64
The directory "/etc/kubernetes/manifests" is now deprecated.
Static pods should always be configured in machine.pods.
To reenable support you may set machine.kubelet.disableManifestsDirectory
.
Eg:
machine:
kubelet:
disableManifestsDirectory: no
Talos is built with Go 1.19.3.
metal-iso
configuration methodmachined
servicetalosctl gen secrets
configContext
being nil
in Talos clientConn
Revert
functioncancelCtxMu
leftovers in PriorityLockcancelCtx
with the mutexmetal-iso
configuration methodnil
pkg/grpc/tls
from github.com/talos-systems/talos
as ./tls
All
lookup method/dev/ram
devicesmmcblk
devicesInsertAt
method via interfaceerrors.Is
for all errors in the setcontext.Context
in RetrySetHeader
callsgrpc.Server
not found handler.grpc.Server
changes changing the dispatch logicprotobuf
from gogo
netip.Addr
instead of net.IP
wgDevice.Peers
from the wireguard.Device
wrapperPrevious release can be found at v1.2.0
ghcr.io/siderolabs/flannel:v0.20.1
ghcr.io/siderolabs/install-cni:v1.3.0
docker.io/coredns/coredns:1.10.0
gcr.io/etcd-development/etcd:v3.5.6
registry.k8s.io/kube-apiserver:v1.26.0-rc.0
registry.k8s.io/kube-controller-manager:v1.26.0-rc.0
registry.k8s.io/kube-scheduler:v1.26.0-rc.0
registry.k8s.io/kube-proxy:v1.26.0-rc.0
ghcr.io/siderolabs/kubelet:v1.26.0-rc.0
ghcr.io/siderolabs/installer:v1.3.0-beta.0
registry.k8s.io/pause:3.6
Welcome to the v1.2.7 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
machined
servicePrevious release can be found at v1.2.6
ghcr.io/siderolabs/flannel:v0.19.2
ghcr.io/siderolabs/install-cni:v1.2.0-2-gf14175f
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.5
k8s.gcr.io/kube-apiserver:v1.25.4
k8s.gcr.io/kube-controller-manager:v1.25.4
k8s.gcr.io/kube-scheduler:v1.25.4
k8s.gcr.io/kube-proxy:v1.25.4
ghcr.io/siderolabs/kubelet:v1.25.4
ghcr.io/siderolabs/installer:v1.2.7
k8s.gcr.io/pause:3.6
Published by talos-bot almost 2 years ago
Welcome to the v1.3.0-alpha.2 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos now supports setting custom audit policy for kube-apiserver
in the machine configuration.
Talos defaults to using cgroups v2 when Talos doesn't run in a container (when running in a container
Talos follows host cgroups mode).
Talos can now be forced to use cgroups v1 by setting boot kernel argument talos.unified_cgroup_hierarchy=0
:
machine:
install:
extraKernelArgs:
- "talos.unified_cgroup_hierarchy=0"
Current cgroups mode can be checked with talosctl ls /sys/fs/cgroup
:
cgroups v1:
blkio
cpu
cpuacct
cpuset
devices
freezer
hugetlb
memory
net_cls
net_prio
perf_event
pids
cgroups v2:
cgroup.controllers
cgroup.max.depth
cgroup.max.descendants
cgroup.procs
cgroup.stat
cgroup.subtree_control
cgroup.threads
cpu.stat
cpuset.cpus.effective
cpuset.mems.effective
init
io.stat
kubepods
memory.numa_stat
memory.stat
podruntime
system
Note:
cgroupsv1
is deprecated and it should be used only for compatibility with workloads which don't supportcgroupsv2
yet.
Talos now supports referencing interface name via enxMAC
address notation:
ip=172.20.0.2::172.20.0.1:255.255.255.0::enx7085c2dfbc59
Talos no longer supports CRI config overrides placed in /var/cri/conf.d
directory.
New way correctly handles merging of containerd/CRI plugin configuration.
Talos enables --experimental-compact-hash-check-enabled option by default to improve
etcd store consistency guarantees.
This options is only available with etcd >= v3.5.5, so Talos doesn't support version of etcd before v3.5.5.
Talos now internally handles etcd member removal by member ID instead of member name (hostname).
This resolves the case when member name is not accurate or empty (eg: when etcd hasn't fully joined yet).
Command talosctl etcd remove-member
now accepts member IDs instead of member names.
New resource can be used to get member ID of the Talos node:
talosctl get etcdmember
Talos now supports new platform: Exoscale.
Exoscale provides a firewall, TCP load balancer and autoscale groups.
It works well with CCM and Kubernetes node autoscaler.
Talos now supports settings kernel module parameters.
Eg:
machine:
kernel:
modules:
- name: "br_netfilter"
parameters:
- nf_conntrack_max=131072
KubeSpan MTU link size is now configurable via network.kubespan.mtu
setting in the machine configuration.
Talos now supports specifying node labels in the machine configuration:
machine:
nodeLabels:
rack: rack1a
zone: us-east-1a
Changes to the node labels will be applied immediately without kubelet
restart.
Talos keeps track of the owned node labels in the talos.dev/owned-labels
annotation.
Talos now supports setting MTU for a specific route.
Talos now supports the Nano Pi R4S SBC.
The Raspberry Pi 4 specific image has been deprecated and will be removed in the v1.4 release of Talos.
Talos now ships a generic Raspberry Pi image that should support more Raspberry Pi variants.
Refer to the docs at https://www.talos.dev/v1.3/talos-guides/install/single-board-computers/rpi_generic/ to find which ones are supported.
By default new clusters will use secretbox for encryption instead of AESCBC.
If both are configured secretbox will take precedence.
Old clusters may keep using AESCBC.
To enable secretbox you may add an encryption secret at cluster.secretboxEncryptionSecret
.
You should keep aescbcEncryptionSecret
however, even if secretbox is enabled older data will still be encrypted with AESCBC.
How to generate the secret:
dd if=/dev/random of=/dev/stdout bs=32 count=1 | base64
The directory "/etc/kubernetes/manifests" is now deprecated.
Static pods should always be configured in machine.pods.
To reenable support you may set machine.kubelet.disableManifestsDirectory
.
Eg:
machine:
kubelet:
disableManifestsDirectory: no
Talos is built with Go 1.19.3.
machined
servicetalosctl gen secrets
configContext
being nil
in Talos clientConn
Revert
functioncancelCtxMu
leftovers in PriorityLockcancelCtx
with the mutexmachined
servicenil
pkg/grpc/tls
from github.com/talos-systems/talos
as ./tls
All
lookup method/dev/ram
devicesmmcblk
devicesInsertAt
method via interfaceerrors.Is
for all errors in the setcontext.Context
in RetrySetHeader
callsgrpc.Server
not found handler.grpc.Server
changes changing the dispatch logicprotobuf
from gogo
netip.Addr
instead of net.IP
wgDevice.Peers
from the wireguard.Device
wrapperPrevious release can be found at v1.2.0
ghcr.io/siderolabs/flannel:v0.20.1
ghcr.io/siderolabs/install-cni:v1.3.0-alpha.0-2-gb155fa0
docker.io/coredns/coredns:1.10.0
gcr.io/etcd-development/etcd:v3.5.5
k8s.gcr.io/kube-apiserver:v1.26.0-rc.0
k8s.gcr.io/kube-controller-manager:v1.26.0-rc.0
k8s.gcr.io/kube-scheduler:v1.26.0-rc.0
k8s.gcr.io/kube-proxy:v1.26.0-rc.0
ghcr.io/siderolabs/kubelet:v1.26.0-rc.0
ghcr.io/siderolabs/installer:v1.3.0-alpha.2
registry.k8s.io/pause:3.6
Published by talos-bot almost 2 years ago
Welcome to the v1.3.0-alpha.1 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos now supports setting custom audit policy for kube-apiserver
in the machine configuration.
Talos now supports referencing interface name via enxMAC
address notation:
ip=172.20.0.2::172.20.0.1:255.255.255.0::enx7085c2dfbc59
Talos enables --experimental-compact-hash-check-enabled option by default to improve
etcd store consistency guarantees.
This options is only available with etcd >= v3.5.5, so Talos doesn't support version of etcd before v3.5.5.
Talos now supports new platform: Exoscale.
Exoscale provides a firewall, TCP load balancer and autoscale groups.
It works well with CCM and Kubernetes node autoscaler.
Talos now supports settings kernel module parameters.
Eg:
machine:
kernel:
modules:
- name: "br_netfilter"
parameters:
- nf_conntrack_max=131072
KubeSpan MTU link size is now configurable via network.kubespan.mtu
setting in the machine configuration.
Talos now supports setting MTU for a specific route.
Talos now supports the Nano Pi R4S SBC.
The Raspberry Pi 4 specific image has been deprecated and will be removed in the v1.4 release of Talos.
Talos now ships a generic Raspberry Pi image that should support more Raspberry Pi variants.
Refer to the docs at https://www.talos.dev/v1.3/talos-guides/install/single-board-computers/rpi_generic/ to find which ones are supported.
By default new clusters will use secretbox for encryption instead of AESCBC.
If both are configured secretbox will take precedence.
Old clusters may keep using AESCBC.
To enable secretbox you may add an encryption secret at cluster.secretboxEncryptionSecret
.
You should keep aescbcEncryptionSecret
however, even if secretbox is enabled older data will still be encrypted with AESCBC.
How to generate the secret:
dd if=/dev/random of=/dev/stdout bs=32 count=1 | base64
The directory "/etc/kubernetes/manifests" is now deprecated.
Static pods should always be configured in machine.pods.
To reenable support you may set machine.kubelet.disableManifestsDirectory
.
Eg:
machine:
kubelet:
disableManifestsDirectory: no
Talos is built with Go 1.19.2.
talosctl gen secrets
configContext
being nil
in Talos clientConn
Revert
functioncancelCtxMu
leftovers in PriorityLockcancelCtx
with the mutexnil
pkg/grpc/tls
from github.com/talos-systems/talos
as ./tls
All
lookup method/dev/ram
devicesmmcblk
devicesInsertAt
method via interfaceSetHeader
callsgrpc.Server
not found handler.grpc.Server
changes changing the dispatch logicprotobuf
from gogo
wgDevice.Peers
from the wireguard.Device
wrapperPrevious release can be found at v1.2.0
ghcr.io/siderolabs/flannel:v0.20.0
ghcr.io/siderolabs/install-cni:v1.3.0-alpha.0-1-g8f00d77
docker.io/coredns/coredns:1.10.0
gcr.io/etcd-development/etcd:v3.5.5
k8s.gcr.io/kube-apiserver:v1.26.0-alpha.2
k8s.gcr.io/kube-controller-manager:v1.26.0-alpha.2
k8s.gcr.io/kube-scheduler:v1.26.0-alpha.2
k8s.gcr.io/kube-proxy:v1.26.0-alpha.2
ghcr.io/siderolabs/kubelet:v1.26.0-alpha.2
ghcr.io/siderolabs/installer:v1.3.0-alpha.1
registry.k8s.io/pause:3.6
Published by talos-bot almost 2 years ago
Welcome to the v1.2.6 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Previous release can be found at v1.2.5
ghcr.io/siderolabs/flannel:v0.19.2
ghcr.io/siderolabs/install-cni:v1.2.0-2-gf14175f
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.5
k8s.gcr.io/kube-apiserver:v1.25.3
k8s.gcr.io/kube-controller-manager:v1.25.3
k8s.gcr.io/kube-scheduler:v1.25.3
k8s.gcr.io/kube-proxy:v1.25.3
ghcr.io/siderolabs/kubelet:v1.25.3
ghcr.io/siderolabs/installer:v1.2.6
k8s.gcr.io/pause:3.6
Published by talos-bot about 2 years ago
Welcome to the v1.2.5 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Previous release can be found at v1.2.4
ghcr.io/siderolabs/flannel:v0.19.2
ghcr.io/siderolabs/install-cni:v1.2.0-2-gf14175f
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.5
k8s.gcr.io/kube-apiserver:v1.25.2
k8s.gcr.io/kube-controller-manager:v1.25.2
k8s.gcr.io/kube-scheduler:v1.25.2
k8s.gcr.io/kube-proxy:v1.25.2
ghcr.io/siderolabs/kubelet:v1.25.2
ghcr.io/siderolabs/installer:v1.2.5
k8s.gcr.io/pause:3.6
Published by talos-bot about 2 years ago
Welcome to the v1.2.4 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos is built with Go 1.19.2.
Previous release can be found at v1.2.3
ghcr.io/siderolabs/flannel:v0.19.2
ghcr.io/siderolabs/install-cni:v1.2.0-2-gf14175f
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.5
k8s.gcr.io/kube-apiserver:v1.25.2
k8s.gcr.io/kube-controller-manager:v1.25.2
k8s.gcr.io/kube-scheduler:v1.25.2
k8s.gcr.io/kube-proxy:v1.25.2
ghcr.io/siderolabs/kubelet:v1.25.2
ghcr.io/siderolabs/installer:v1.2.4
k8s.gcr.io/pause:3.6
Published by talos-bot about 2 years ago
Welcome to the v1.3.0-alpha.0 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos now supports setting custom audit policy for kube-apiserver
in the machine configuration.
Talos enables --experimental-compact-hash-check-enabled option by default to improve
etcd store consistency guarantees.
This options is only available with etcd >= v3.5.5, so Talos doesn't support version of etcd before v3.5.5.
Talos now supports settings kernel module parameters.
Eg:
machine:
kernel:
modules:
- name: "br_netfilter"
parameters:
- nf_conntrack_max=131072
Talos now supports the Nano Pi R4S SBC.
The Raspberry Pi 4 specific image has been deprecated and will be removed in the v1.4 release of Talos.
Talos now ships a generic Raspberry Pi image that should support more Raspberry Pi variants.
Refer to the docs at https://www.talos.dev/v1.3/talos-guides/install/single-board-computers/rpi_generic/ to find which ones are supported.
talosctl gen secrets
configContext
being nil
in Talos clientConn
Revert
functioncancelCtxMu
leftovers in PriorityLockcancelCtx
with the mutexnil
pkg/grpc/tls
from github.com/talos-systems/talos
as ./tls
All
lookup method/dev/ram
devicesmmcblk
devicesInsertAt
method via interfacePrevious release can be found at v1.2.0
ghcr.io/siderolabs/flannel:v0.19.2
ghcr.io/siderolabs/install-cni:v1.2.0
docker.io/coredns/coredns:1.10.0
gcr.io/etcd-development/etcd:v3.5.5
k8s.gcr.io/kube-apiserver:v1.26.0-alpha.1
k8s.gcr.io/kube-controller-manager:v1.26.0-alpha.1
k8s.gcr.io/kube-scheduler:v1.26.0-alpha.1
k8s.gcr.io/kube-proxy:v1.26.0-alpha.1
ghcr.io/siderolabs/kubelet:v1.26.0-alpha.1
ghcr.io/siderolabs/installer:v1.3.0-alpha.0
k8s.gcr.io/pause:3.6
Published by talos-bot about 2 years ago
Welcome to the v1.2.3 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Previous release can be found at v1.2.2
ghcr.io/siderolabs/flannel:v0.19.2
ghcr.io/siderolabs/install-cni:v1.2.0-1-g116c5a9
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.5
k8s.gcr.io/kube-apiserver:v1.25.1
k8s.gcr.io/kube-controller-manager:v1.25.1
k8s.gcr.io/kube-scheduler:v1.25.1
k8s.gcr.io/kube-proxy:v1.25.1
ghcr.io/siderolabs/kubelet:v1.25.1
ghcr.io/siderolabs/installer:v1.2.3
k8s.gcr.io/pause:3.6
Published by talos-bot about 2 years ago
Welcome to the v1.2.2 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
This releases fixes CVE-2022-36103.
Talos is built with Go 1.19.1.
Previous release can be found at v1.2.1
ghcr.io/siderolabs/flannel:v0.19.2
ghcr.io/siderolabs/install-cni:v1.2.0-1-g116c5a9
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.4
k8s.gcr.io/kube-apiserver:v1.25.0
k8s.gcr.io/kube-controller-manager:v1.25.0
k8s.gcr.io/kube-scheduler:v1.25.0
k8s.gcr.io/kube-proxy:v1.25.0
ghcr.io/siderolabs/kubelet:v1.25.0
ghcr.io/siderolabs/installer:v1.2.2
k8s.gcr.io/pause:3.6
Welcome to the v1.2.1 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos is built with Go 1.19.1.
Previous release can be found at v1.2.0
ghcr.io/siderolabs/flannel:v0.19.2
ghcr.io/siderolabs/install-cni:v1.2.0-1-g116c5a9
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.4
k8s.gcr.io/kube-apiserver:v1.25.0
k8s.gcr.io/kube-controller-manager:v1.25.0
k8s.gcr.io/kube-scheduler:v1.25.0
k8s.gcr.io/kube-proxy:v1.25.0
ghcr.io/siderolabs/kubelet:v1.25.0
ghcr.io/siderolabs/installer:v1.2.1
k8s.gcr.io/pause:3.6
Published by talos-bot about 2 years ago
Welcome to the v1.2.0 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos now supports access to its API from within Kubernetes. It can be configured in the machine config as below:
machine:
features:
kubernetesTalosAPIAccess:
enabled: true
allowedRoles:
- os:reader
allowedKubernetesNamespaces:
- kube-system
This feature introduces a new custom resource definition, serviceaccounts.talos.dev
.
Creating custom resources of this type will provide credentials to access Talos API from within Kubernetes.
The new CLI subcommand talosctl inject serviceaccount
can be used to configure Kubernetes manifests with Talos service accounts as below:
talosctl inject serviceaccount -f manifests.yaml > manifests-injected.yaml
kubectl apply -f manifests-injected.yaml
See documentation for more details.
talosctl apply-config
now supports patching the machine config file in memory before submitting it to the node.
Configuration setting cluster.etcd.subnet
is deprecated, but still supported.
Two new configuration settings are introduce to control precisely which subnet is used for etcd peer communication:
cluster:
etcd:
advertisedSubnets:
- 10.0.0.0/24
listenSubnets:
- 10.0.0.0/24
- 192.168.0.0/24
The advertisedSubnets
setting is used to control which subnet is used for etcd peer communication, it will be advertised
by each peer for other peers to connect to. If advertiseSubnets
is set, listenSubnets
defaults to the same value, so that
etcd
only listens on the same subnet as it advertises. Additional subnets can be configured in listenSubnets
if needed.
Default behavior hasn't changed - if the advertisedSubnets
is not set, Talos picks up the first available network address as
advertised address and etcd
is configured to listen on all interfaces.
Note: most of the
etcd
configuration changes are accepted on the fly, but they are fully applied only after reboot.
It is now possible to generate a secrets bundle from a Kubernetes PKI directory (e.g. /etc/kubernetes/pki
).
You can also specify a bootstrap token to be used in the secrets bundle.
This secrets bundle can then be used to generate a machine config.
This facilitates migrating clusters (e.g. created using kubeadm
) to Talos.
talosctl gen secrets --kubernetes-bootstrap-token znzio1.1ifu15frz7jd59pv --from-kubernetes-pki /etc/kubernetes/pki
talosctl gen config --with-secrets secrets.yaml my-cluster https://172.20.0.1:6443
Talos now run all Kubernetes Control Plane Components with the CRI default Seccomp Profile and other recommendations as described in
KEP-2568.
Talos now runs Kubelet with the CRI default Seccomp Profile enabled.
This can be disabled by setting .machine.kubelet.defaultRuntimeSeccompProfileEnabled
to false
.
This is not enabled automatically on upgrades, so upgrading to Talos v1.2 needs this to be explicitly enabled.
Talos now defaults to node-role.kubernetes.io/control-plane
label/taint.
On upgrades Talos now removes the node-role.kubernetes.io/master
label/taint on control-plane nodes and replaces it with the node-role.kubernetes.io/control-plane
label/taint.
Workloads that tolerate the old taints or having node selectors with the old labels will need to be updated.
Kubernetes cluster discovery backend is now disabled by default for new clusters.
This backend doesn't provide any benefits over the Discovery Service based backend, while it
causes issues for KubeSpan enabled clusters when control plane endpoint is KubeSpan-routed.
For air-gapped installations when the Discovery Service is not enabled, Kubernetes Discovery Backend can be enabled by applying
the following machine configuration patch:
cluster:
discovery:
registries:
kubernetes:
disabled: false
KubeSpan no longer by default advertises Kubernetes pod networks of the node over KubeSpan.
This means that CNI should handle encapsulation of pod-to-pod traffic into the node-to-node tunnel,
and node-to-node traffic will be handled by KubeSpan.
This provides better compatibility with popular CNIs like Calico and Cilium.
Old behavior can be restored by setting .machine.kubespan.advertiseKubernetesNetworks = true
in the machine config.
.cluster.allowSchedulingOnMasters
deprecatedThe .cluster.allowSchedulingOnMasters
is deprecated and replaced by .cluster.allowSchedulingOnControlPlanes
.
The .cluster.allowSchedulingOnMasters
will be removed in a future release of Talos.
If both .cluster.allowSchedulingOnMasters
and .cluster.allowSchedulingOnControlPlanes
are set to true
, the .cluster.allowSchedulingOnControlPlanes
will be used.
k8s.gcr.io
mirror configurationTalos now defaults to adding a registry mirror configuration in the machineconfig for k8s.gcr.io
pointing to both registry.k8s.io
and k8s.gcr.io
unless overridden.
This is in line with the Kubernetes 1.25 release having the new registry.k8s.io
registry endpoint.
This is only enabled by default on newly generated configurations and not on upgrades.
This can be enabled with a machine configuration as follows:
machine:
registries:
mirrors:
k8s.gcr.io:
endpoints:
- https://registry.k8s.io
- https://k8s.gcr.io
Talos now supports configuring Linux bridges. It can be configured in the machine config like the following:
machine:
network:
interfaces:
- interface: br0
bridge:
stp:
enabled: true
interfaces:
- eth0
- eth1
See documentation for more details.
Talos now supports dracut-style vlan
kernel argument to allow
installing Talos Linux in networks where ports are not tagged
with a default VLAN:
vlan=eth1.5:eth1 ip=172.20.0.2::172.20.0.1:255.255.255.0::eth1.5:::::
NVIDIA GPU support on Talos has been promoted to beta and SideroLabs now publishes the NVIDIA Open GPU Kernel Modules as a system extension making it easier to run GPU workloads on Talos. Refer to enabling NVIDIA GPU support docs here:
Talos now supports capturing packets on a network interface with talosctl pcap
command:
talosctl pcap --interface eth0
Talos now supports creating custom seccomp profiles on the host machine which in turn can be used by Kubernetes workloads.
It can be configured in the machine config as below:
machine:
seccompProfiles:
- name: audit.json
value:
defaultAction: SCMP_ACT_LOG
- name: deny.json
value: {"defaultAction":"SCMP_ACT_LOG"}
This profile data can be either configured as a YAML definition or as a JSON string.
The profiles are created on the host under /var/lib/kubelet/seccomp/profiles
.
See documentation for more details.
Talos now generates the default hostname (when there is no explicitly specified hostname) for the nodes based on the
node id (e.g. talos-2gd-76y
) instead of using the DHCP assigned IP address (e.g. talos-172-20-0-2
).
This ensures that the node hostname is not changed when DHCP assigns a new IP to a node.
Please note: the stable hostname generation algorithm changed between v1.2.0-beta.0 and v1.2.0-beta.1, please take care when upgrading
from versions >= 1.2.0-alpha.1 to versions >= 1.2.0-beta.1 when using stable default hostname feature.
In addition to JSON (RFC6902) patches Talos now supports strategic merge patching.
For example, machine hostname can be set with the following patch:
machine:
network:
hostname: worker1
Patch format is detected automatically.
The kernel parameter talos.config can now substitute system information into placeholders inside its URL query values. This example shows all supported variables:
http://example.com/metadata?h=${hostname}&m=${mac}&s=${serial}&u=${uuid}
--masters
flag on talosctl cluster create
is deprecated. Use --controlplanes
instead.
talosctl
subcommands shutdown
, reboot
, reset
and upgrade
now have a new flag --wait
to
wait until the operation is completed, displaying information on the current status of each node.
A new --debug
flag is added to these commands to get the kernel logs output from these nodes if the operation fails.
Talos is built with Go 1.19.
configContext
being nil
in Talos clientConn
Revert
functioncancelCtxMu
leftovers in PriorityLockcancelCtx
with the mutextalosctl
command return nonzero error codes if it had errorsapply-config
cmdapid
T.TempDir
to create temporary test directoryResetDuringBoot
test if the Cluster
config is unknownpowercycle
talos.platform
kernel argumentkvm64
note/etc/ssl/certs/ca-certificates.crt
talosctl bootstrap
accept only single nodexfs_repair
on xfs filesystem returing EUCLEAN
/var
to be mounted in kubelet service controllerconfigContext
being nil
in Talos clientConn
RANDOM_TRUST_BOOTLOADER
by defaultSetHeader
callsPrevious release can be found at v1.1.0
ghcr.io/siderolabs/flannel:v0.19.1
ghcr.io/siderolabs/install-cni:v1.2.0
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.4
k8s.gcr.io/kube-apiserver:v1.25.0
k8s.gcr.io/kube-controller-manager:v1.25.0
k8s.gcr.io/kube-scheduler:v1.25.0
k8s.gcr.io/kube-proxy:v1.25.0
ghcr.io/siderolabs/kubelet:v1.25.0
ghcr.io/siderolabs/installer:v1.2.0
k8s.gcr.io/pause:3.6
Published by talos-bot about 2 years ago
Welcome to the v1.2.0-beta.2 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos now supports access to its API from within Kubernetes. It can be configured in the machine config as below:
machine:
features:
kubernetesTalosAPIAccess:
enabled: true
allowedRoles:
- os:reader
allowedKubernetesNamespaces:
- kube-system
This feature introduces a new custom resource definition, serviceaccounts.talos.dev
.
Creating custom resources of this type will provide credentials to access Talos API from within Kubernetes.
The new CLI subcommand talosctl inject serviceaccount
can be used to configure Kubernetes manifests with Talos service accounts as below:
talosctl inject serviceaccount -f manifests.yaml > manifests-injected.yaml
kubectl apply -f manifests-injected.yaml
See documentation for more details.
talosctl apply-config
now supports patching the machine config file in memory before submitting it to the node.
Configuration setting cluster.etcd.subnet
is deprecated, but still supported.
Two new configuration settings are introduce to control precisely which subnet is used for etcd peer communication:
cluster:
etcd:
advertisedSubnets:
- 10.0.0.0/24
listenSubnets:
- 10.0.0.0/24
- 192.168.0.0/24
The advertisedSubnets
setting is used to control which subnet is used for etcd peer communication, it will be advertised
by each peer for other peers to connect to. If advertiseSubnets
is set, listenSubnets
defaults to the same value, so that
etcd
only listens on the same subnet as it advertises. Additional subnets can be configured in listenSubnets
if needed.
Default behavior hasn't changed - if the advertisedSubnets
is not set, Talos picks up the first available network address as
advertised address and etcd
is configured to listen on all interfaces.
Note: most of the
etcd
configuration changes are accepted on the fly, but they are fully applied only after reboot.
It is now possible to generate a secrets bundle from a Kubernetes PKI directory (e.g. /etc/kubernetes/pki
).
You can also specify a bootstrap token to be used in the secrets bundle.
This secrets bundle can then be used to generate a machine config.
This facilitates migrating clusters (e.g. created using kubeadm
) to Talos.
talosctl gen secrets --kubernetes-bootstrap-token znzio1.1ifu15frz7jd59pv --from-kubernetes-pki /etc/kubernetes/pki
talosctl gen config --with-secrets secrets.yaml my-cluster https://172.20.0.1:6443
Talos now run all Kubernetes Control Plane Components with the CRI default Seccomp Profile and other recommendations as described in
KEP-2568.
Talos now runs Kubelet with the CRI default Seccomp Profile enabled.
This can be disabled by setting .machine.kubelet.defaultRuntimeSeccompProfileEnabled
to false
.
This is not enabled automatically on upgrades, so upgrading to Talos v1.2 needs this to be explicitly enabled.
Talos now defaults to node-role.kubernetes.io/control-plane
label/taint.
On upgrades Talos now removes the node-role.kubernetes.io/master
label/taint on control-plane nodes and replaces it with the node-role.kubernetes.io/control-plane
label/taint.
Workloads that tolerate the old taints or having node selectors with the old labels will need to be updated.
Kubernetes cluster discovery backend is now disabled by default for new clusters.
This backend doesn't provide any benefits over the Discovery Service based backend, while it
causes issues for KubeSpan enabled clusters when control plane endpoint is KubeSpan-routed.
For air-gapped installations when the Discovery Service is not enabled, Kubernetes Discovery Backend can be enabled by applying
the following machine configuration patch:
cluster:
discovery:
registries:
kubernetes:
disabled: false
KubeSpan no longer by default advertises Kubernetes pod networks of the node over KubeSpan.
This means that CNI should handle encapsulation of pod-to-pod traffic into the node-to-node tunnel,
and node-to-node traffic will be handled by KubeSpan.
This provides better compatibility with popular CNIs like Calico and Cilium.
Old behavior can be restored by setting .machine.kubespan.advertiseKubernetesNetworks = true
in the machine config.
.cluster.allowSchedulingOnMasters
deprecatedThe .cluster.allowSchedulingOnMasters
is deprecated and replaced by .cluster.allowSchedulingOnControlPlanes
.
The .cluster.allowSchedulingOnMasters
will be removed in a future release of Talos.
If both .cluster.allowSchedulingOnMasters
and .cluster.allowSchedulingOnControlPlanes
are set to true
, the .cluster.allowSchedulingOnControlPlanes
will be used.
k8s.gcr.io
mirror configurationTalos now defaults to adding a registry mirror configuration in the machineconfig for k8s.gcr.io
pointing to both registry.k8s.io
and k8s.gcr.io
unless overridden.
This is in line with the Kubernetes 1.25 release having the new registry.k8s.io
registry endpoint.
This is only enabled by default on newly generated configurations and not on upgrades.
This can be enabled with a machine configuration as follows:
machine:
registries:
mirrors:
k8s.gcr.io:
endpoints:
- https://registry.k8s.io
- https://k8s.gcr.io
Talos now supports configuring Linux bridges. It can be configured in the machine config like the following:
machine:
network:
interfaces:
- interface: br0
bridge:
stp:
enabled: true
interfaces:
- eth0
- eth1
See documentation for more details.
Talos now supports dracut-style vlan
kernel argument to allow
installing Talos Linux in networks where ports are not tagged
with a default VLAN:
vlan=eth1.5:eth1 ip=172.20.0.2::172.20.0.1:255.255.255.0::eth1.5:::::
NVIDIA GPU support on Talos has been promoted to beta and SideroLabs now publishes the NVIDIA Open GPU Kernel Modules as a system extension making it easier to run GPU workloads on Talos. Refer to enabling NVIDIA GPU support docs here:
Talos now supports capturing packets on a network interface with talosctl pcap
command:
talosctl pcap --interface eth0
Talos now supports creating custom seccomp profiles on the host machine which in turn can be used by Kubernetes workloads.
It can be configured in the machine config as below:
machine:
seccompProfiles:
- name: audit.json
value:
defaultAction: SCMP_ACT_LOG
- name: deny.json
value: {"defaultAction":"SCMP_ACT_LOG"}
This profile data can be either configured as a YAML definition or as a JSON string.
The profiles are created on the host under /var/lib/kubelet/seccomp/profiles
.
See documentation for more details.
Talos now generates the default hostname (when there is no explicitly specified hostname) for the nodes based on the
node id (e.g. talos-2gd-76y
) instead of using the DHCP assigned IP address (e.g. talos-172-20-0-2
).
This ensures that the node hostname is not changed when DHCP assigns a new IP to a node.
Please note: the stable hostname generation algorithm changed between v1.2.0-beta.0 and v1.2.0-beta.1, please take care when upgrading
from versions >= 1.2.0-alpha.1 to versions >= 1.2.0-beta.1 when using stable default hostname feature.
In addition to JSON (RFC6902) patches Talos now supports strategic merge patching.
For example, machine hostname can be set with the following patch:
machine:
network:
hostname: worker1
Patch format is detected automatically.
The kernel parameter talos.config can now substitute system information into placeholders inside its URL query values. This example shows all supported variables:
http://example.com/metadata?h=${hostname}&m=${mac}&s=${serial}&u=${uuid}
--masters
flag on talosctl cluster create
is deprecated. Use --controlplanes
instead.
talosctl
subcommands shutdown
, reboot
, reset
and upgrade
now have a new flag --wait
to
wait until the operation is completed, displaying information on the current status of each node.
A new --debug
flag is added to these commands to get the kernel logs output from these nodes if the operation fails.
Talos is built with Go 1.19.
Revert
functioncancelCtxMu
leftovers in PriorityLockcancelCtx
with the mutextalosctl
command return nonzero error codes if it had errorsapply-config
cmdapid
T.TempDir
to create temporary test directoryResetDuringBoot
test if the Cluster
config is unknownpowercycle
talos.platform
kernel argumentkvm64
note/etc/ssl/certs/ca-certificates.crt
talosctl bootstrap
accept only single nodexfs_repair
on xfs filesystem returing EUCLEAN
/var
to be mounted in kubelet service controllerRANDOM_TRUST_BOOTLOADER
by defaultSetHeader
callsPrevious release can be found at v1.1.0
ghcr.io/siderolabs/flannel:v0.19.1
ghcr.io/siderolabs/install-cni:v1.2.0
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.4
k8s.gcr.io/kube-apiserver:v1.25.0
k8s.gcr.io/kube-controller-manager:v1.25.0
k8s.gcr.io/kube-scheduler:v1.25.0
k8s.gcr.io/kube-proxy:v1.25.0
ghcr.io/siderolabs/kubelet:v1.25.0
ghcr.io/siderolabs/installer:v1.2.0-beta.2
k8s.gcr.io/pause:3.6
Published by talos-bot about 2 years ago
Welcome to the v1.2.0-beta.1 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos now supports access to its API from within Kubernetes. It can be configured in the machine config as below:
machine:
features:
kubernetesTalosAPIAccess:
enabled: true
allowedRoles:
- os:reader
allowedKubernetesNamespaces:
- kube-system
This feature introduces a new custom resource definition, serviceaccounts.talos.dev
.
Creating custom resources of this type will provide credentials to access Talos API from within Kubernetes.
The new CLI subcommand talosctl inject serviceaccount
can be used to configure Kubernetes manifests with Talos service accounts as below:
talosctl inject serviceaccount -f manifests.yaml > manifests-injected.yaml
kubectl apply -f manifests-injected.yaml
See documentation for more details.
talosctl apply-config
now supports patching the machine config file in memory before submitting it to the node.
Configuration setting cluster.etcd.subnet
is deprecated, but still supported.
Two new configuration settings are introduce to control precisely which subnet is used for etcd peer communication:
cluster:
etcd:
advertisedSubnets:
- 10.0.0.0/24
listenSubnets:
- 10.0.0.0/24
- 192.168.0.0/24
The advertisedSubnets
setting is used to control which subnet is used for etcd peer communication, it will be advertised
by each peer for other peers to connect to. If advertiseSubnets
is set, listenSubnets
defaults to the same value, so that
etcd
only listens on the same subnet as it advertises. Additional subnets can be configured in listenSubnets
if needed.
Default behavior hasn't changed - if the advertisedSubnets
is not set, Talos picks up the first available network address as
advertised address and etcd
is configured to listen on all interfaces.
Note: most of the
etcd
configuration changes are accepted on the fly, but they are fully applied only after reboot.
It is now possible to generate a secrets bundle from a Kubernetes PKI directory (e.g. /etc/kubernetes/pki
).
You can also specify a bootstrap token to be used in the secrets bundle.
This secrets bundle can then be used to generate a machine config.
This facilitates migrating clusters (e.g. created using kubeadm
) to Talos.
talosctl gen secrets --kubernetes-bootstrap-token znzio1.1ifu15frz7jd59pv --from-kubernetes-pki /etc/kubernetes/pki
talosctl gen config --with-secrets secrets.yaml my-cluster https://172.20.0.1:6443
Talos now run all Kubernetes Control Plane Components with the CRI default Seccomp Profile and other recommendations as described in
KEP-2568.
Talos now runs Kubelet with the CRI default Seccomp Profile enabled.
This can be disabled by setting .machine.kubelet.defaultRuntimeSeccompProfileEnabled
to false
.
This is not enabled automatically on upgrades, so upgrading to Talos v1.2 needs this to be explicitly enabled.
Talos now defaults to node-role.kubernetes.io/control-plane
label/taint.
On upgrades Talos now removes the node-role.kubernetes.io/master
label/taint on control-plane nodes and replaces it with the node-role.kubernetes.io/control-plane
label/taint.
Workloads that tolerate the old taints or having node selectors with the old labels will need to be updated.
Kubernetes cluster discovery backend is now disabled by default for new clusters.
This backend doesn't provide any benefits over the Discovery Service based backend, while it
causes issues for KubeSpan enabled clusters when control plane endpoint is KubeSpan-routed.
For air-gapped installations when the Discovery Service is not enabled, Kubernetes Discovery Backend can be enabled by applying
the following machine configuration patch:
cluster:
discovery:
registries:
kubernetes:
disabled: false
KubeSpan no longer by default advertises Kubernetes pod networks of the node over KubeSpan.
This means that CNI should handle encapsulation of pod-to-pod traffic into the node-to-node tunnel,
and node-to-node traffic will be handled by KubeSpan.
This provides better compatibility with popular CNIs like Calico and Cilium.
Old behavior can be restored by setting .machine.kubespan.advertiseKubernetesNetworks = true
in the machine config.
.cluster.allowSchedulingOnMasters
deprecatedThe .cluster.allowSchedulingOnMasters
is deprecated and replaced by .cluster.allowSchedulingOnControlPlanes
.
The .cluster.allowSchedulingOnMasters
will be removed in a future release of Talos.
If both .cluster.allowSchedulingOnMasters
and .cluster.allowSchedulingOnControlPlanes
are set to true
, the .cluster.allowSchedulingOnControlPlanes
will be used.
k8s.gcr.io
mirror configurationTalos now defaults to adding a registry mirror configuration in the machineconfig for k8s.gcr.io
pointing to both registry.k8s.io
and k8s.gcr.io
unless overridden.
This is in line with the Kubernetes 1.25 release having the new registry.k8s.io
registry endpoint.
This is only enabled by default on newly generated configurations and not on upgrades.
This can be enabled with a machine configuration as follows:
machine:
registries:
mirrors:
k8s.gcr.io:
endpoints:
- https://registry.k8s.io
- https://k8s.gcr.io
Talos now supports configuring Linux bridges. It can be configured in the machine config like the following:
machine:
network:
interfaces:
- interface: br0
bridge:
stp:
enabled: true
interfaces:
- eth0
- eth1
See documentation for more details.
Talos now supports dracut-style vlan
kernel argument to allow
installing Talos Linux in networks where ports are not tagged
with a default VLAN:
vlan=eth1.5:eth1 ip=172.20.0.2::172.20.0.1:255.255.255.0::eth1.5:::::
NVIDIA GPU support on Talos has been promoted to beta and SideroLabs now publishes the NVIDIA Open GPU Kernel Modules as a system extension making it easier to run GPU workloads on Talos. Refer to enabling NVIDIA GPU support docs here:
Talos now supports capturing packets on a network interface with talosctl pcap
command:
talosctl pcap --interface eth0
Talos now supports creating custom seccomp profiles on the host machine which in turn can be used by Kubernetes workloads.
It can be configured in the machine config as below:
machine:
seccompProfiles:
- name: audit.json
value:
defaultAction: SCMP_ACT_LOG
- name: deny.json
value: {"defaultAction":"SCMP_ACT_LOG"}
This profile data can be either configured as a YAML definition or as a JSON string.
The profiles are created on the host under /var/lib/kubelet/seccomp/profiles
.
See documentation for more details.
Talos now generates the default hostname (when there is no explicitly specified hostname) for the nodes based on the
node id (e.g. talos-2gd-76y
) instead of using the DHCP assigned IP address (e.g. talos-172-20-0-2
).
This ensures that the node hostname is not changed when DHCP assigns a new IP to a node.
Please note: the stable hostname generation algorithm changed between v1.2.0-beta.0 and v1.2.0-beta.1, please take care when upgrading
from versions >= 1.2.0-alpha.1 to versions >= 1.2.0-beta.1 when using stable default hostname feature.
In addition to JSON (RFC6902) patches Talos now supports strategic merge patching.
For example, machine hostname can be set with the following patch:
machine:
network:
hostname: worker1
Patch format is detected automatically.
The kernel parameter talos.config can now substitute system information into placeholders inside its URL query values. This example shows all supported variables:
http://example.com/metadata?h=${hostname}&m=${mac}&s=${serial}&u=${uuid}
--masters
flag on talosctl cluster create
is deprecated. Use --controlplanes
instead.
Talos is built with Go 1.19.
Revert
functioncancelCtxMu
leftovers in PriorityLockcancelCtx
with the mutextalosctl
command return nonzero error codes if it had errorsapply-config
cmdapid
T.TempDir
to create temporary test directoryResetDuringBoot
test if the Cluster
config is unknownpowercycle
talos.platform
kernel argumentkvm64
note/etc/ssl/certs/ca-certificates.crt
talosctl bootstrap
accept only single nodexfs_repair
on xfs filesystem returing EUCLEAN
/var
to be mounted in kubelet service controllerRevert
functioncancelCtxMu
leftovers in PriorityLockcancelCtx
with the mutexRANDOM_TRUST_BOOTLOADER
by defaultSetHeader
callsPrevious release can be found at v1.1.0
ghcr.io/siderolabs/flannel:v0.19.1
ghcr.io/siderolabs/install-cni:v1.2.0
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.4
k8s.gcr.io/kube-apiserver:v1.25.0-rc.1
k8s.gcr.io/kube-controller-manager:v1.25.0-rc.1
k8s.gcr.io/kube-scheduler:v1.25.0-rc.1
k8s.gcr.io/kube-proxy:v1.25.0-rc.1
ghcr.io/siderolabs/kubelet:v1.25.0-rc.1
ghcr.io/siderolabs/installer:v1.2.0-beta.1
k8s.gcr.io/pause:3.6
Published by talos-bot about 2 years ago
Welcome to the v1.2.0-beta.0 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos now supports access to its API from within Kubernetes. It can be configured in the machine config as below:
machine:
features:
kubernetesTalosAPIAccess:
enabled: true
allowedRoles:
- os:reader
allowedKubernetesNamespaces:
- kube-system
This feature introduces a new custom resource definition, serviceaccounts.talos.dev
.
Creating custom resources of this type will provide credentials to access Talos API from within Kubernetes.
The new CLI subcommand talosctl inject serviceaccount
can be used to configure Kubernetes manifests with Talos service accounts as below:
talosctl inject serviceaccount -f manifests.yaml > manifests-injected.yaml
kubectl apply -f manifests-injected.yaml
See documentation for more details.
talosctl apply-config
now supports patching the machine config file in memory before submitting it to the node.
It is now possible to generate a secrets bundle from a Kubernetes PKI directory (e.g. /etc/kubernetes/pki
).
You can also specify a bootstrap token to be used in the secrets bundle.
This secrets bundle can then be used to generate a machine config.
This facilitates migrating clusters (e.g. created using kubeadm
) to Talos.
talosctl gen secrets --kubernetes-bootstrap-token znzio1.1ifu15frz7jd59pv --from-kubernetes-pki /etc/kubernetes/pki
talosctl gen config --with-secrets secrets.yaml my-cluster https://172.20.0.1:6443
Talos now run all Kubernetes Control Plane Components with the CRI default Seccomp Profile and other recommendations as described in
KEP-2568.
Talos now runs Kubelet with the CRI default Seccomp Profile enabled.
This can be disabled by setting .machine.kubelet.defaultRuntimeSeccompProfileEnabled
to false
.
This is not enabled automatically on upgrades, so upgrading to Talos v1.2 needs this to be explicitly enabled.
Talos now defaults to node-role.kubernetes.io/control-plane
label/taint.
On upgrades Talos now removes the node-role.kubernetes.io/master
label/taint on control-plane nodes and replaces it with the node-role.kubernetes.io/control-plane
label/taint.
Workloads that tolerate the old taints or having node selectors with the old labels will need to be updated.
Kubernetes cluster discovery backend is now disabled by default for new clusters.
This backend doesn't provide any benefits over the Discovery Service based backend, while it
causes issues for KubeSpan enabled clusters when control plane endpoint is KubeSpan-routed.
For air-gapped installations when the Discovery Service is not enabled, Kubernetes Discovery Backend can be enabled by applying
the following machine configuration patch:
cluster:
discovery:
registries:
kubernetes:
disabled: false
KubeSpan no longer by default advertises Kubernetes pod networks of the node over KubeSpan.
This means that CNI should handle encapsulation of pod-to-pod traffic into the node-to-node tunnel,
and node-to-node traffic will be handled by KubeSpan.
This provides better compatibility with popular CNIs like Calico and Cilium.
Old behavior can be restored by setting .machine.kubespan.advertiseKubernetesNetworks = true
in the machine config.
.cluster.allowSchedulingOnMasters
deprecatedThe .cluster.allowSchedulingOnMasters
is deprecated and replaced by .cluster.allowSchedulingOnControlPlanes
.
The .cluster.allowSchedulingOnMasters
will be removed in a future release of Talos.
If both .cluster.allowSchedulingOnMasters
and .cluster.allowSchedulingOnControlPlanes
are set to true
, the .cluster.allowSchedulingOnControlPlanes
will be used.
k8s.gcr.io
mirror configurationTalos now defaults to adding a registry mirror configuration in the machineconfig for k8s.gcr.io
pointing to both registry.k8s.io
and k8s.gcr.io
unless overridden.
This is in line with the Kubernetes 1.25 release having the new registry.k8s.io
registry endpoint.
This is only enabled by default on newly generated configurations and not on upgrades.
This can be enabled with a machine configuration as follows:
machine:
registries:
mirrors:
k8s.gcr.io:
endpoints:
- https://registry.k8s.io
- https://k8s.gcr.io
Talos now supports configuring Linux bridges. It can be configured in the machine config like the following:
machine:
network:
interfaces:
- interface: br0
bridge:
stp:
enabled: true
interfaces:
- eth0
- eth1
See documentation for more details.
Talos now supports dracut-style vlan
kernel argument to allow
installing Talos Linux in networks where ports are not tagged
with a default VLAN:
vlan=eth1.5:eth1 ip=172.20.0.2::172.20.0.1:255.255.255.0::eth1.5:::::
Talos now supports capturing packets on a network interface with talosctl pcap
command:
talosctl pcap --interface eth0
Talos now supports creating custom seccomp profiles on the host machine which in turn can be used by Kubernetes workloads.
It can be configured in the machine config as below:
machine:
seccompProfiles:
- name: audit.json
value:
defaultAction: SCMP_ACT_LOG
- name: deny.json
value: {"defaultAction":"SCMP_ACT_LOG"}
This profile data can be either configured as a YAML definition or as a JSON string.
The profiles are created on the host under /var/lib/kubelet/seccomp/profiles
.
See documentation for more details.
Talos now generates the default hostname (when there is no explicitly specified hostname) for the nodes based on the
node id (e.g. talos-2gd-76y
) instead of using the DHCP assigned IP address (e.g. talos-172-20-0-2
).
This ensures that the node hostname is not changed when DHCP assigns a new IP to a node.
In addition to JSON (RFC6902) patches Talos now supports strategic merge patching.
For example, machine hostname can be set with the following patch:
machine:
network:
hostname: worker1
Patch format is detected automatically.
The kernel parameter talos.config can now substitute system information into placeholders inside its URL query values. This example shows all supported variables:
http://example.com/metadata?h=${hostname}&m=${mac}&s=${serial}&u=${uuid}
--masters
flag on talosctl cluster create
is deprecated. Use --controlplanes
instead.
Talos is built with Go 1.19.
talosctl
command return nonzero error codes if it had errorsapply-config
cmdapid
T.TempDir
to create temporary test directoryResetDuringBoot
test if the Cluster
config is unknownpowercycle
talos.platform
kernel argumentkvm64
note/etc/ssl/certs/ca-certificates.crt
talosctl bootstrap
accept only single nodexfs_repair
on xfs filesystem returing EUCLEAN
/var
to be mounted in kubelet service controllertalosctl
command return nonzero error codes if it had errorsapply-config
cmdRANDOM_TRUST_BOOTLOADER
by defaultSetHeader
callsPrevious release can be found at v1.1.0
ghcr.io/siderolabs/flannel:v0.19.1
ghcr.io/siderolabs/install-cni:v1.2.0
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.4
k8s.gcr.io/kube-apiserver:v1.25.0-rc.0
k8s.gcr.io/kube-controller-manager:v1.25.0-rc.0
k8s.gcr.io/kube-scheduler:v1.25.0-rc.0
k8s.gcr.io/kube-proxy:v1.25.0-rc.0
ghcr.io/siderolabs/kubelet:v1.25.0-rc.0
ghcr.io/siderolabs/installer:v1.2.0-beta.0
k8s.gcr.io/pause:3.6
Welcome to the v1.2.0-alpha.2 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos now supports access to its API from within Kubernetes. It can be configured in the machine config as below:
machine:
features:
kubernetesTalosAPIAccess:
enabled: true
allowedRoles:
- os:reader
allowedKubernetesNamespaces:
- kube-system
This feature introduces a new custom resource definition, serviceaccounts.talos.dev
.
Creating custom resources of this type will provide credentials to access Talos API from within Kubernetes.
The new CLI subcommand talosctl inject serviceaccount
can be used to configure Kubernetes manifests with Talos service accounts as below:
talosctl inject serviceaccount -f manifests.yaml > manifests-injected.yaml
kubectl apply -f manifests-injected.yaml
See documentation for more details.
It is now possible to generate a secrets bundle from a Kubernetes PKI directory (e.g. /etc/kubernetes/pki
).
You can also specify a bootstrap token to be used in the secrets bundle.
This secrets bundle can then be used to generate a machine config.
This facilitates migrating clusters (e.g. created using kubeadm
) to Talos.
talosctl gen secrets --kubernetes-bootstrap-token znzio1.1ifu15frz7jd59pv --from-kubernetes-pki /etc/kubernetes/pki
talosctl gen config --with-secrets secrets.yaml my-cluster https://172.20.0.1:6443
Talos now run all Kubernetes Control Plane Components with the CRI default Seccomp Profile and other recommendations as described in
KEP-2568.
Talos now runs Kubelet with the CRI default Seccomp Profile enabled.
This can be disabled by setting .machine.kubelet.defaultRuntimeSeccompProfileEnabled
to false
.
This is not enabled automatically on upgrades, so upgrading to Talos v1.2 needs this to be explicitly enabled.
Talos now defaults to node-role.kubernetes.io/control-plane
label/taint.
On upgrades Talos now removes the node-role.kubernetes.io/master
label/taint on control-plane nodes and replaces it with the node-role.kubernetes.io/control-plane
label/taint.
Workloads that tolerate the old taints or having node selectors with the old labels will need to be updated.
Kubernetes cluster discovery backend is now disabled by default for new clusters.
This backend doesn't provide any benefits over the Discovery Service based backend, while it
causes issues for KubeSpan enabled clusters when control plane endpoint is KubeSpan-routed.
For air-gapped installations when the Discovery Service is not enabled, Kubernetes Discovery Backend can be enabled by applying
the following machine configuration patch:
cluster:
discovery:
registries:
kubernetes:
disabled: false
KubeSpan no longer by default advertises Kubernetes pod networks of the node over KubeSpan.
This means that CNI should handle encapsulation of pod-to-pod traffic into the node-to-node tunnel,
and node-to-node traffic will be handled by KubeSpan.
This provides better compatibility with popular CNIs like Calico and Cilium.
Old behavior can be restored by setting .machine.kubespan.advertiseKubernetesNetworks = true
in the machine config.
.cluster.allowSchedulingOnMasters
deprecatedThe .cluster.allowSchedulingOnMasters
is deprecated and replaced by .cluster.allowSchedulingOnControlPlanes
.
The .cluster.allowSchedulingOnMasters
will be removed in a future release of Talos.
If both .cluster.allowSchedulingOnMasters
and .cluster.allowSchedulingOnControlPlanes
are set to true
, the .cluster.allowSchedulingOnControlPlanes
will be used.
k8s.gcr.io
mirror configurationTalos now defaults to adding a registry mirror configuration in the machineconfig for k8s.gcr.io
pointing to both registry.k8s.io
and k8s.gcr.io
unless overridden.
This is in line with the Kubernetes 1.25 release having the new registry.k8s.io
registry endpoint.
This is only enabled by default on newly generated configurations and not on upgrades.
This can be enabled with a machine configuration as follows:
machine:
registries:
mirrors:
k8s.gcr.io:
endpoints:
- https://registry.k8s.io
- https://k8s.gcr.io
Talos now supports configuring Linux bridges. It can be configured in the machine config like the following:
machine:
network:
interfaces:
- interface: br0
bridge:
stp:
enabled: true
interfaces:
- eth0
- eth1
See documentation for more details.
Talos now supports dracut-style vlan
kernel argument to allow
installing Talos Linux in networks where ports are not tagged
with a default VLAN:
vlan=eth1.5:eth1 ip=172.20.0.2::172.20.0.1:255.255.255.0::eth1.5:::::
Talos now supports capturing packets on a network interface with talosctl pcap
command:
talosctl pcap --interface eth0
Talos now supports creating custom seccomp profiles on the host machine which in turn can be used by Kubernetes workloads.
It can be configured in the machine config as below:
machine:
seccompProfiles:
- name: audit.json
value:
defaultAction: SCMP_ACT_LOG
- name: deny.json
value: {"defaultAction":"SCMP_ACT_LOG"}
This profile data can be either configured as a YAML definition or as a JSON string.
The profiles are created on the host under /var/lib/seccomp/profiles
and bind mounted at /var/lib/kubelet/seccomp/profiles
so Kubelet can use it.
See documentation for more details.
Talos now generates the default hostname (when there is no explicitly specified hostname) for the nodes based on the
node id (e.g. talos-2gd-76y
) instead of using the DHCP assigned IP address (e.g. talos-172-20-0-2
).
This ensures that the node hostname is not changed when DHCP assigns a new IP to a node.
In addition to JSON (RFC6902) patches Talos now supports strategic merge patching.
For example, machine hostname can be set with the following patch:
machine:
network:
hostname: worker1
Patch format is detected automatically.
The kernel parameter talos.config can now substitute system information into placeholders inside its URL query values. This example shows all supported variables:
http://example.com/metadata?h=${hostname}&m=${mac}&s=${serial}&u=${uuid}
--masters
flag on talosctl cluster create
is deprecated. Use --controlplanes
instead.
Talos is built with Go 1.19.
apid
T.TempDir
to create temporary test directoryResetDuringBoot
test if the Cluster
config is unknownpowercycle
talos.platform
kernel argumentkvm64
note/etc/ssl/certs/ca-certificates.crt
talosctl bootstrap
accept only single nodexfs_repair
on xfs filesystem returing EUCLEAN
/var
to be mounted in kubelet service controllerapid
T.TempDir
to create temporary test directoryRANDOM_TRUST_BOOTLOADER
by defaultSetHeader
callsPrevious release can be found at v1.1.0
ghcr.io/siderolabs/flannel:v0.19.1
ghcr.io/siderolabs/install-cni:v1.2.0-alpha.0-2-gda35a63
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.4
k8s.gcr.io/kube-apiserver:v1.25.0-beta.0
k8s.gcr.io/kube-controller-manager:v1.25.0-beta.0
k8s.gcr.io/kube-scheduler:v1.25.0-beta.0
k8s.gcr.io/kube-proxy:v1.25.0-beta.0
ghcr.io/siderolabs/kubelet:v1.25.0-beta.0
ghcr.io/siderolabs/installer:v1.2.0-alpha.2
k8s.gcr.io/pause:3.6
Published by talos-bot about 2 years ago
Welcome to the v1.2.0-alpha.1 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
It is now possible to generate a secrets bundle from a Kubernetes PKI directory (e.g. /etc/kubernetes/pki
).
You can also specify a bootstrap token to be used in the secrets bundle.
This secrets bundle can then be used to generate a machine config.
This facilitates migrating clusters (e.g. created using kubeadm
) to Talos.
talosctl gen secrets --kubernetes-bootstrap-token znzio1.1ifu15frz7jd59pv --from-kubernetes-pki /etc/kubernetes/pki
talosctl gen config --with-secrets secrets.yaml my-cluster https://172.20.0.1:6443
Talos now run all Kubernetes Control Plane Components with the CRI default Seccomp Profile and other recommendations as described in
KEP-2568.
Talos now runs Kubelet with the CRI default Seccomp Profile enabled.
This can be disabled by setting .machine.kubelet.defaultRuntimeSeccompProfileEnabled
to false
.
This is not enabled automatically on upgrades, so upgrading to Talos v1.2 needs this to be explicitly enabled.
Talos now supports configuring Linux bridges. It can be configured in the machine config like the following:
machine:
network:
interfaces:
- interface: br0
bridge:
stp:
enabled: true
interfaces:
- eth0
- eth1
See documentation for more details.
Talos now supports dracut-style vlan
kernel argument to allow
installing Talos Linux in networks where ports are not tagged
with a default VLAN:
vlan=eth1.5:eth1 ip=172.20.0.2::172.20.0.1:255.255.255.0::eth1.5:::::
Talos now supports capturing packets on a network interface with talosctl pcap
command:
talosctl pcap --interface eth0
Talos now supports creating custom seccomp profiles on the host machine which in turn can be used by Kubernetes workloads.
It can be configured in the machine config as below:
machine:
seccompProfiles:
- name: audit.json
value:
defaultAction: SCMP_ACT_LOG
- name: deny.json
value: {"defaultAction":"SCMP_ACT_LOG"}
This profile data can be either configured as a YAML definition or as a JSON string.
The profiles are created on the host under /var/lib/seccomp/profiles
and bind mounted at /var/lib/kubelet/seccomp/profiles
so Kubelet can use it.
See documentation for more details.
Talos now generates the default hostname (when there is no explicitly specified hostname) for the nodes based on the
node id (e.g. talos-2gd-76y
) instead of using the DHCP assigned IP address (e.g. talos-172-20-0-2
).
This ensures that the node hostname is not changed when DHCP assigns a new IP to a node.
In addition to JSON (RFC6902) patches Talos now supports strategic merge patching.
For example, machine hostname can be set with the following patch:
machine:
network:
hostname: worker1
Patch format is detected automatically.
The kernel parameter talos.config can now substitute system information into placeholders inside its URL query values. This example shows all supported variables:
http://example.com/metadata?h=${hostname}&m=${mac}&s=${serial}&u=${uuid}
Talos is built with Go 1.18.4.
ResetDuringBoot
test if the Cluster
config is unknownpowercycle
talos.platform
kernel argumentkvm64
note/etc/ssl/certs/ca-certificates.crt
talosctl bootstrap
accept only single nodexfs_repair
on xfs filesystem returing EUCLEAN
/var
to be mounted in kubelet service controllerResetDuringBoot
test if the Cluster
config is unknownpowercycle
talos.platform
kernel argumentkvm64
noteRANDOM_TRUST_BOOTLOADER
by defaultSetHeader
callsPrevious release can be found at v1.1.0
ghcr.io/siderolabs/flannel:v0.18.1
ghcr.io/siderolabs/install-cni:v1.2.0-alpha.0-1-g17a319f
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.4
k8s.gcr.io/kube-apiserver:v1.24.3
k8s.gcr.io/kube-controller-manager:v1.24.3
k8s.gcr.io/kube-scheduler:v1.24.3
k8s.gcr.io/kube-proxy:v1.24.3
ghcr.io/siderolabs/kubelet:v1.24.3
ghcr.io/siderolabs/installer:v1.2.0-alpha.1
k8s.gcr.io/pause:3.6
Published by talos-bot about 2 years ago
Welcome to the v1.1.2 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos is built with Go 1.18.4.
powercycle
Previous release can be found at v1.1.1
ghcr.io/siderolabs/flannel:v0.18.1
ghcr.io/siderolabs/install-cni:v1.1.0-2-gcb03a5d
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.4
k8s.gcr.io/kube-apiserver:v1.24.3
k8s.gcr.io/kube-controller-manager:v1.24.3
k8s.gcr.io/kube-scheduler:v1.24.3
k8s.gcr.io/kube-proxy:v1.24.3
ghcr.io/siderolabs/kubelet:v1.24.3
ghcr.io/siderolabs/installer:v1.1.2
k8s.gcr.io/pause:3.6
Published by talos-bot over 2 years ago
Welcome to the v1.1.1 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos is built with Go 1.18.4.
/etc/ssl/certs/ca-certificates.crt
Previous release can be found at v1.1.0
ghcr.io/siderolabs/flannel:v0.18.1
ghcr.io/siderolabs/install-cni:v1.1.0-2-gcb03a5d
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.4
k8s.gcr.io/kube-apiserver:v1.24.2
k8s.gcr.io/kube-controller-manager:v1.24.2
k8s.gcr.io/kube-scheduler:v1.24.2
k8s.gcr.io/kube-proxy:v1.24.2
ghcr.io/siderolabs/kubelet:v1.24.2
ghcr.io/siderolabs/installer:v1.1.1
k8s.gcr.io/pause:3.6