talos

Talos 1.5.5 (2023-11-09)

Welcome to the v1.5.5 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.1.61
Kubernetes: 1.28.3
etcd: 3.5.10

Talos is built with Go 1.20.11.

Contributors

• Andrey Smirnov
• Utku Ozdemir
• Artem Chernyshev

Changes

• siderolabs/talos@ad7361c72 release(v1.5.5): prepare release
• siderolabs/talos@5f70f05e9 fix: don't validate machine.install if installed
• siderolabs/talos@0b18d7403 fix: when writing to META in the installer/imager, use fixed name
• siderolabs/talos@6be1e5836 fix: fix error output of cli action tracker
• siderolabs/talos@059823c4b feat: update etcd to 3.5.10
• siderolabs/talos@8c503f0df chore: bump go-api-signature dependency to v0.3.1
• siderolabs/talos@61413ed11 fix: make Talos work on Rockpi 4c boards again
• siderolabs/talos@6fd9a71b3 feat: update Go 1.20.11, Linux 6.1.61, Kubernetes 1.28.3
• siderolabs/talos@9fe31bd42 fix: update gRPC library to 1.57.2

Changes from siderolabs/extras

• siderolabs/extras@b43c4e4 feat: update Go to 1.20.11

Changes from siderolabs/pkgs

• siderolabs/pkgs@ab5b0e5 feat: update Linux to 6.1.61
• siderolabs/pkgs@cd687eb feat: update Go to 1.20.11

Changes from siderolabs/tools

• siderolabs/tools@c95372c feat: update Go to 1.20.11

Dependency Changes

• github.com/siderolabs/extras v1.5.0-2-g6241ac7 -> v1.5.0-3-gb43c4e4
• github.com/siderolabs/pkgs v1.5.0-13-g45cf9b0 -> v1.5.0-15-gab5b0e5
• github.com/siderolabs/talos/pkg/machinery v1.5.4 -> v1.5.5
• github.com/siderolabs/tools v1.5.0-2-g8adf637 -> v1.5.0-3-gc95372c
• go.etcd.io/etcd/api/v3 v3.5.9 -> v3.5.10
• go.etcd.io/etcd/client/pkg/v3 v3.5.9 -> v3.5.10
• go.etcd.io/etcd/client/v3 v3.5.9 -> v3.5.10
• go.etcd.io/etcd/etcdutl/v3 v3.5.9 -> v3.5.10
• google.golang.org/grpc v1.57.1 -> v1.58.3
• k8s.io/api v0.28.2 -> v0.28.3
• k8s.io/apimachinery v0.28.2 -> v0.28.3
• k8s.io/apiserver v0.28.2 -> v0.28.3
• k8s.io/client-go v0.28.2 -> v0.28.3
• k8s.io/component-base v0.28.2 -> v0.28.3
• k8s.io/cri-api v0.28.2 -> v0.28.3
• k8s.io/kubectl v0.28.2 -> v0.28.3
• k8s.io/kubelet v0.28.2 -> v0.28.3

Previous release can be found at v1.5.4

Images

ghcr.io/siderolabs/flannel:v0.22.1
ghcr.io/siderolabs/install-cni:v1.5.0-3-gb43c4e4
registry.k8s.io/coredns/coredns:v1.10.1
gcr.io/etcd-development/etcd:v3.5.10
registry.k8s.io/kube-apiserver:v1.28.3
registry.k8s.io/kube-controller-manager:v1.28.3
registry.k8s.io/kube-scheduler:v1.28.3
registry.k8s.io/kube-proxy:v1.28.3
ghcr.io/siderolabs/kubelet:v1.28.3
ghcr.io/siderolabs/installer:v1.5.5
registry.k8s.io/pause:3.6

Talos 1.6.0-alpha.1 (2023-10-17)

Welcome to the v1.6.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Network Device Selectors

Previously, network device selectors only matched the first link, now the configuration is applied to all matching links.

Linux Firmware

Starting with Talos 1.6, there is no Linux firmware included in the initramfs.
Customers who need Linux firmware can pull them as extension during install time using the image factory service.
If the initial boot requires firmware, a custom iso can be built with the firmware included using the image factory service.
This also ensures that the linux-firmware is not tied to a specific Talos version.

KubePrism

KubePrism is enabled by default on port 7445.

talosctl CLI

The command images deprecated in Talos 1.5 was removed, please use talosctl images default instead.

Component Updates

Linux: 6.1.58
containerd: 1.7.7
CoreDNS: 1.11.1
Kubernetes: 1.29.0-alpha.2
Flannel: 0.22.3

Talos is built with Go 1.21.3.

Contributors

• Andrey Smirnov
• Noel Georgi
• Andrey Smirnov
• Dmitriy Matrenichev
• Serge Logvinov
• Radosław Piliszek
• Artem Chernyshev
• Thomas Way
• Utku Ozdemir
• Andrei Kvapil
• Christian Rolland
• Drew Hess
• Enno Boland
• Henry Sachs
• Jacob McSwain
• Jacob McSwain
• Jared Davenport
• Mans Matulewicz
• Nebula
• Nico Berlee
• Sascha Desch
• Spencer Smith
• Steve Francis
• Thomas Lemarchand
• Tim Jones
• Zachary Milonas
• guoguangwu
• mikucat0309
• ndbrew

Changes

• siderolabs/talos@11d1f6163 release(v1.6.0-alpha.1): prepare release
• siderolabs/talos@9dfae8467 chore: update dependencies
• siderolabs/talos@38ce3c827 feat: nocloud prefer mac address
• siderolabs/talos@401e89411 feat: customize image size
• siderolabs/talos@865f08f86 docs: kubeadm migration guide improvements
• siderolabs/talos@c3e418200 refactor: use COSI runtime with new controller runtime DB
• siderolabs/talos@c1ee24465 feat: update Kubernetes to v1.29.0-alpha.2
• siderolabs/talos@0ff7350ab fix: oracle integration fixes
• siderolabs/talos@675bada45 test: add config generation stability tests
• siderolabs/talos@f9639fb53 test: fix 'talosctl gen' tests
• siderolabs/talos@6142d87a0 feat: hostname configuration improvements on the NoCloud platform
• siderolabs/talos@7bb205ebe fix: don't use runtime-specs Mount struct in machine config
• siderolabs/talos@d1b27926c feat: update Go to 1.21.3
• siderolabs/talos@b87092ab6 fix: handle secure boot state policy pcr digest error
• siderolabs/talos@498aeb8c3 docs: fix incorrect image suffix
• siderolabs/talos@c14a5d4f7 feat: support service account auth in cli
• siderolabs/talos@336aee0fd fix: use tpm2 hash algorithm constants and allow non-SHA-256 PCRs
• siderolabs/talos@69d8054c9 chore: drop UpdateEndpointSuite
• siderolabs/talos@ef7be16c8 fix: clear the encryption config in META when STATE is reset
• siderolabs/talos@5fc60d2ca feat: add Solarflare SFC9000 support
• siderolabs/talos@9b5cfdd0b chore: add tests for iscsi
• siderolabs/talos@b897764f8 docs: update proxmox.md
• siderolabs/talos@159f45bde docs: fix typos in CLI calls to endpoints
• siderolabs/talos@0bd1bdd74 chore: allow insecure access to installer base image (imager)
• siderolabs/talos@10ed13067 fix: the node IP for kubelet shouldn't change if nothing matches
• siderolabs/talos@e7575ecaa feat: support n-5 latest Kubernetes versions
• siderolabs/talos@e71508ec1 chore: update dependencies
• siderolabs/talos@6d7fa4668 docs: add metal network configuration guide
• siderolabs/talos@2b548ad0d feat: update containerd to 1.7.x
• siderolabs/talos@62dcfe81e fix: update kubernetes library to support 1.29 upgrades
• siderolabs/talos@52caf0763 feat: update Kubernetes to 1.29.0-alpha.1
• siderolabs/talos@390137447 feat: enable KubePrism by default
• siderolabs/talos@1beb5e86e docs: add KubePrism video
• siderolabs/talos@a52d3cda3 chore: update gen and COSI runtime
• siderolabs/talos@29b201d61 feat: enable common h/w sensors
• siderolabs/talos@9c2ba7c6f chore: add tests for chelsio drivers
• siderolabs/talos@5ca4d58dc fix: generate of modules.dep when on the machine
• siderolabs/talos@5efcccb6b chore: bump kernel to 6.1.54
• siderolabs/talos@29c767a02 docs: add control plane nodes as users of apid also for control plane nodes
• siderolabs/talos@4874cfb95 chore: fix typo
• siderolabs/talos@96f2a62ea test: update upgrade tests versions
• siderolabs/talos@f3a370acb feat: update Flannel to 0.22.3
• siderolabs/talos@efdee6965 feat: update Kubernetes to 1.28.2
• siderolabs/talos@e3b494058 fix: build CPU ucode correctly for early loader
• siderolabs/talos@c5bd0ac5c refactor: reimplement the depmod extension rebuilder
• siderolabs/talos@0b883f52a docs: add notes about stable addressing
• siderolabs/talos@3ef670a9e chore: pull in dm modules
• siderolabs/talos@8f4a36b0d docs: update aws to add command to allow KubeSpan wireguard port
• siderolabs/talos@a7edd0523 fix: set default route priority for hcloud platform
• siderolabs/talos@87c1b3ddd fix: calculate UKI ISO size dynamically
• siderolabs/talos@9698e4547 fix: handle correctly change of listen address for maintenance service
• siderolabs/talos@a096f05a5 chore: update gRPC library and enable shared write buffers
• siderolabs/talos@9e78fecca chore: improve image signing process
• siderolabs/talos@f00567e20 chore: add PKG_KERNEL arg to customize used kernel
• siderolabs/talos@2960f93ba feat: add readonly information to the disks API response
• siderolabs/talos@735bf9ed0 feat: bring in Google vNIC driver
• siderolabs/talos@3f5232075 feat: upgrade-k8s without comments
• siderolabs/talos@e44875106 docs: update deploying-cilium.md
• siderolabs/talos@7046cae43 chore: update gopacket to reduce init memory allocs
• siderolabs/talos@da73b563d chore: update Go to 1.21.1
• siderolabs/talos@5e11f08a6 fix: trim file path in the container image
• siderolabs/talos@3d2dad4e6 chore: show securtiystate on dashboard
• siderolabs/talos@b48510874 chore: e2e-aws cleanup
• siderolabs/talos@1eebbce35 chore: add output flag for talosctl config info
• siderolabs/talos@3fbed806c chore: add tests for util-linux extensions
• siderolabs/talos@7c514a1a6 docs: update header links
• siderolabs/talos@6058c3602 fix: shorten VLAN link names to fit into the limit of 15 characters
• siderolabs/talos@9c2f765c8 fix: allow network device selector to match multiple links
• siderolabs/talos@a04b98637 fix: update kubernetes library for 1.28 upgrade pre-checks
• siderolabs/talos@f7473e477 feat: update default Kubernetes to 1.28.1
• siderolabs/talos@d693604a1 chore: fix default image list in the release notes
• siderolabs/talos@d91b5b3a3 feat: set environment variables early in the boot
• siderolabs/talos@c918c0855 fix: set correct (1 year) talosconfig expiration
• siderolabs/talos@79bbdf454 fix: set proper timeouts for KubePrism loadbalancer
• siderolabs/talos@b8fb55d5c fix: use a mount prefix when installing a bootloader
• siderolabs/talos@44f59a804 feat: improve imager APIs
• siderolabs/talos@2d3ac925e refactor: update NTP spike detector
• siderolabs/talos@af0cc70e3 test: update e2e-aws to use worker groups
• siderolabs/talos@d03dc7a8a chore: validate new system extensions
• siderolabs/talos@bbeb489aa chore: drop firmware from initramfs
• siderolabs/talos@3c9f7a7de chore: re-enable nolintlint and typecheck linters
• siderolabs/talos@c51e2c9b4 feat: update CoreDNS to 1.11.1
• siderolabs/talos@8670450d2 release(v1.6.0-alpha.0): prepare release
• siderolabs/talos@6778ded29 feat: add e2e-aws for nvidia extensions
• siderolabs/talos@74c07ed71 chore: update Go to 1.21
• siderolabs/talos@a28d72e9c fix: ova contents to be named disk.*
• siderolabs/talos@c0ea4d7ba fix: properly calculate overal of node address with subnet filters
• siderolabs/talos@d6b2719e2 chore: drone: move extensions step to a function
• siderolabs/talos@9608ef56d chore: allow bridge traffic with DHCP broadcast traffic
• siderolabs/talos@c99316457 docs: fix the installing system extensions doc
• siderolabs/talos@833895940 chore: add tests for zfs extension
• siderolabs/talos@cb468c41c fix: copy proper modules to arm64 squashfs
• siderolabs/talos@ea0d6e8c6 fix: prevent dashboard crashes when process info is not available
• siderolabs/talos@e9077a6fb feat: filter the hostname to produce nodename
• siderolabs/talos@dc8361c1d fix: properly GC images supplied with both tag and digest
• siderolabs/talos@ccfa8de11 fix: automatically change rpi_4 board on upgrade
• siderolabs/talos@b56e8b7d9 fix: support 'List' type manifests
• siderolabs/talos@574d48e54 fix: use image digest when starting a container
• siderolabs/talos@175747cea fix: ntp query error with bare IPv6 address
• siderolabs/talos@c8b507fb2 docs: fix kubeprism typo
• siderolabs/talos@0cdcb2e0e docs: restructure docs for nvidia drivers for v1.4
• siderolabs/talos@676db9768 docs: fork docs for Talos 1.6
• siderolabs/talos@92ad18c18 fix: write correct capacity to the ovf
• siderolabs/talos@6b0373ebe chore: move bash tests to integration
• siderolabs/talos@52b3d8d37 docs: make Talos 1.5 documentation the default one
• siderolabs/talos@dc873df9b chore: fix the filenames of openstack images
• siderolabs/talos@b5c0e7b24 docs: update nvidia docs
• siderolabs/talos@9606e871e docs: update Jiva Pod Security Policy
• siderolabs/talos@a86ed4362 chore: update Kubernetes Go modules to 0.28.0
• siderolabs/talos@97b4e3e91 feat: update Kubernetes to 1.28.0
• siderolabs/talos@79ca1a3df feat: e2e-aws using tf code
• siderolabs/talos@bf3a5e011 chore: add version compatibility for Talos 1.6
• siderolabs/talos@969e8097c feat: update Kubernetes to 1.28.0-rc.1
• siderolabs/talos@ca41b611e chore: drone jsonnet cleanup
• siderolabs/talos@bc198e98e docs: retain cilium autoMount pending upstream hostPath fix
• siderolabs/talos@86c94eff8 refactor: docgen and config examples
• siderolabs/talos@ee6d639f6 fix: match routes on the priority properly
• siderolabs/talos@bff0d8f32 chore: fix dependencies in the release pipeline
• siderolabs/talos@e1b288679 refactor: compile regex in validation method on the first use
• siderolabs/talos@daa4c185a docs: add what's new and documentation for Talos 1.5
• siderolabs/talos@c4a1ca8d6 chore: remove <-errCh where possible in grpc methods
• siderolabs/talos@e0f383598 chore: clean up the output of the imager
• siderolabs/talos@fb536af4d chore: optimize memory usage of tcell library on init
• siderolabs/talos@7c86a365e chore: publish systemd-boot and systemd-stub assets
• siderolabs/talos@7d688ccfe fix: make encryption config provider default to luks2 if not set
• siderolabs/talos@80238a05a chore: unify semver under github.com/blang/semver/v4
• siderolabs/talos@0f1920bdd chore: provide a resource to peek into Linux clock adjustments
• siderolabs/talos@4eab3017b fix: calculate log2i properly
• siderolabs/talos@bcf284530 fix: update providerid prefix for aws
• siderolabs/talos@ac2aff5cc fix: fix azure portion of cloud uploader
• siderolabs/talos@793dcedc9 fix: fast-wipe the system disk on talosctl reset
• siderolabs/talos@76fa45afb docs: update cilium instructions

Changes since v1.6.0-alpha.0

• siderolabs/talos@11d1f6163 release(v1.6.0-alpha.1): prepare release
• siderolabs/talos@9dfae8467 chore: update dependencies
• siderolabs/talos@38ce3c827 feat: nocloud prefer mac address
• siderolabs/talos@401e89411 feat: customize image size
• siderolabs/talos@865f08f86 docs: kubeadm migration guide improvements
• siderolabs/talos@c3e418200 refactor: use COSI runtime with new controller runtime DB
• siderolabs/talos@c1ee24465 feat: update Kubernetes to v1.29.0-alpha.2
• siderolabs/talos@0ff7350ab fix: oracle integration fixes
• siderolabs/talos@675bada45 test: add config generation stability tests
• siderolabs/talos@f9639fb53 test: fix 'talosctl gen' tests
• siderolabs/talos@6142d87a0 feat: hostname configuration improvements on the NoCloud platform
• siderolabs/talos@7bb205ebe fix: don't use runtime-specs Mount struct in machine config
• siderolabs/talos@d1b27926c feat: update Go to 1.21.3
• siderolabs/talos@b87092ab6 fix: handle secure boot state policy pcr digest error
• siderolabs/talos@498aeb8c3 docs: fix incorrect image suffix
• siderolabs/talos@c14a5d4f7 feat: support service account auth in cli
• siderolabs/talos@336aee0fd fix: use tpm2 hash algorithm constants and allow non-SHA-256 PCRs
• siderolabs/talos@69d8054c9 chore: drop UpdateEndpointSuite
• siderolabs/talos@ef7be16c8 fix: clear the encryption config in META when STATE is reset
• siderolabs/talos@5fc60d2ca feat: add Solarflare SFC9000 support
• siderolabs/talos@9b5cfdd0b chore: add tests for iscsi
• siderolabs/talos@b897764f8 docs: update proxmox.md
• siderolabs/talos@159f45bde docs: fix typos in CLI calls to endpoints
• siderolabs/talos@0bd1bdd74 chore: allow insecure access to installer base image (imager)
• siderolabs/talos@10ed13067 fix: the node IP for kubelet shouldn't change if nothing matches
• siderolabs/talos@e7575ecaa feat: support n-5 latest Kubernetes versions
• siderolabs/talos@e71508ec1 chore: update dependencies
• siderolabs/talos@6d7fa4668 docs: add metal network configuration guide
• siderolabs/talos@2b548ad0d feat: update containerd to 1.7.x
• siderolabs/talos@62dcfe81e fix: update kubernetes library to support 1.29 upgrades
• siderolabs/talos@52caf0763 feat: update Kubernetes to 1.29.0-alpha.1
• siderolabs/talos@390137447 feat: enable KubePrism by default
• siderolabs/talos@1beb5e86e docs: add KubePrism video
• siderolabs/talos@a52d3cda3 chore: update gen and COSI runtime
• siderolabs/talos@29b201d61 feat: enable common h/w sensors
• siderolabs/talos@9c2ba7c6f chore: add tests for chelsio drivers
• siderolabs/talos@5ca4d58dc fix: generate of modules.dep when on the machine
• siderolabs/talos@5efcccb6b chore: bump kernel to 6.1.54
• siderolabs/talos@29c767a02 docs: add control plane nodes as users of apid also for control plane nodes
• siderolabs/talos@4874cfb95 chore: fix typo
• siderolabs/talos@96f2a62ea test: update upgrade tests versions
• siderolabs/talos@f3a370acb feat: update Flannel to 0.22.3
• siderolabs/talos@efdee6965 feat: update Kubernetes to 1.28.2
• siderolabs/talos@e3b494058 fix: build CPU ucode correctly for early loader
• siderolabs/talos@c5bd0ac5c refactor: reimplement the depmod extension rebuilder
• siderolabs/talos@0b883f52a docs: add notes about stable addressing
• siderolabs/talos@3ef670a9e chore: pull in dm modules
• siderolabs/talos@8f4a36b0d docs: update aws to add command to allow KubeSpan wireguard port
• siderolabs/talos@a7edd0523 fix: set default route priority for hcloud platform
• siderolabs/talos@87c1b3ddd fix: calculate UKI ISO size dynamically
• siderolabs/talos@9698e4547 fix: handle correctly change of listen address for maintenance service
• siderolabs/talos@a096f05a5 chore: update gRPC library and enable shared write buffers
• siderolabs/talos@9e78fecca chore: improve image signing process
• siderolabs/talos@f00567e20 chore: add PKG_KERNEL arg to customize used kernel
• siderolabs/talos@2960f93ba feat: add readonly information to the disks API response
• siderolabs/talos@735bf9ed0 feat: bring in Google vNIC driver
• siderolabs/talos@3f5232075 feat: upgrade-k8s without comments
• siderolabs/talos@e44875106 docs: update deploying-cilium.md
• siderolabs/talos@7046cae43 chore: update gopacket to reduce init memory allocs
• siderolabs/talos@da73b563d chore: update Go to 1.21.1
• siderolabs/talos@5e11f08a6 fix: trim file path in the container image
• siderolabs/talos@3d2dad4e6 chore: show securtiystate on dashboard
• siderolabs/talos@b48510874 chore: e2e-aws cleanup
• siderolabs/talos@1eebbce35 chore: add output flag for talosctl config info
• siderolabs/talos@3fbed806c chore: add tests for util-linux extensions
• siderolabs/talos@7c514a1a6 docs: update header links
• siderolabs/talos@6058c3602 fix: shorten VLAN link names to fit into the limit of 15 characters
• siderolabs/talos@9c2f765c8 fix: allow network device selector to match multiple links
• siderolabs/talos@a04b98637 fix: update kubernetes library for 1.28 upgrade pre-checks
• siderolabs/talos@f7473e477 feat: update default Kubernetes to 1.28.1
• siderolabs/talos@d693604a1 chore: fix default image list in the release notes
• siderolabs/talos@d91b5b3a3 feat: set environment variables early in the boot
• siderolabs/talos@c918c0855 fix: set correct (1 year) talosconfig expiration
• siderolabs/talos@79bbdf454 fix: set proper timeouts for KubePrism loadbalancer
• siderolabs/talos@b8fb55d5c fix: use a mount prefix when installing a bootloader
• siderolabs/talos@44f59a804 feat: improve imager APIs
• siderolabs/talos@2d3ac925e refactor: update NTP spike detector
• siderolabs/talos@af0cc70e3 test: update e2e-aws to use worker groups
• siderolabs/talos@d03dc7a8a chore: validate new system extensions
• siderolabs/talos@bbeb489aa chore: drop firmware from initramfs
• siderolabs/talos@3c9f7a7de chore: re-enable nolintlint and typecheck linters
• siderolabs/talos@c51e2c9b4 feat: update CoreDNS to 1.11.1

Changes from siderolabs/extras

• siderolabs/extras@6d48418 feat: update Go to 1.21.3
• siderolabs/extras@09d7c3e chore: update releases
• siderolabs/extras@a011245 feat: update Go to 1.21.1
• siderolabs/extras@d3f54c7 feat: update Go to 1.20.8

Changes from siderolabs/gen

• siderolabs/gen@efca710 chore: add FilterInPlace method to maps and update module
• siderolabs/gen@36a3ae3 feat: update module

Changes from siderolabs/go-kubernetes

• siderolabs/go-kubernetes@09fa006 fix: retry Windows connection errors
• siderolabs/go-kubernetes@3aa47a4 feat: support Kubernetes 1.29 upgrades
• siderolabs/go-kubernetes@ae33a4a feat: introduce support for Kubernetes version compatibility checks
• siderolabs/go-kubernetes@cf2754e chore: update to use GHA
• siderolabs/go-kubernetes@44e26b3 feat: update removed feature gates for 1.28

Changes from siderolabs/pkgs

• siderolabs/pkgs@2e892fd feat: update versions
• siderolabs/pkgs@37348d6 feat: update Go to 1.21.3
• siderolabs/pkgs@34f3c41 feat: add Solarflare SFC9000 support
• siderolabs/pkgs@0c84090 feat: update releases
• siderolabs/pkgs@19cdf71 feat: enable common sensors
• siderolabs/pkgs@acee18e chore: bump kernel to 6.1.54
• siderolabs/pkgs@1d16fd2 feat: add Chelsio support
• siderolabs/pkgs@4504f83 chore: rename kconfig-hardened-check
• siderolabs/pkgs@847a9c3 chore: enable dm thin provisioning
• siderolabs/pkgs@1401505 chore: drop -pkgs for upstream kernel modules
• siderolabs/pkgs@a62471d feat: add binfmt_misc support
• siderolabs/pkgs@518c441 feat: add gVNIC support
• siderolabs/pkgs@7d9e60e feat: update Go to 1.21.1
• siderolabs/pkgs@d3d7d29 chore: bump deps
• siderolabs/pkgs@3b70656 chore: fix cacert perms
• siderolabs/pkgs@cca80b7 feat: update Linux to 6.1.46
• siderolabs/pkgs@2e1c0b9 fix: nonfree kmod pkg name
• siderolabs/pkgs@cff5beb feat: add btrfs support
• siderolabs/pkgs@7717b7e chore: bump deps
• siderolabs/pkgs@2f19f18 feat: update containerd to 1.6.23
• siderolabs/pkgs@30d4b74 feat: update Go to 1.21
• siderolabs/pkgs@eda123d feat: update runc to 1.1.9
• siderolabs/pkgs@30cd584 chore: enable pushing of non-free packages
• siderolabs/pkgs@fb247b5 chore: update kernel and microcode

Changes from siderolabs/tools

• siderolabs/tools@9c09b00 feat: update dependencies
• siderolabs/tools@35948af feat: update Go to 1.21.3
• siderolabs/tools@09023c1 feat: update OpenSSL to 3.1.3
• siderolabs/tools@7fa8bb5 feat: update releases
• siderolabs/tools@fa388de feat: update Go to 1.21.1
• siderolabs/tools@33fb4b3 feat: update Go to 1.21

Dependency Changes

• github.com/aws/aws-sdk-go-v2/config v1.18.32 -> v1.19.0
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.7 -> v1.13.13
• github.com/aws/smithy-go v1.14.0 -> v1.15.0
• github.com/beevik/ntp v1.2.0 -> v1.3.0
• github.com/blang/semver/v4 v4.0.0 new
• github.com/containerd/cgroups/v3 v3.0.2 new
• github.com/containerd/containerd v1.6.23 -> v1.7.7
• github.com/cosi-project/runtime v0.3.1 -> v0.3.13
• github.com/distribution/reference v0.5.0 new
• github.com/docker/docker v24.0.5 -> v24.0.6
• github.com/foxboron/go-uefi 32187aa193d0 -> 18b9ba9cd4c3
• github.com/google/go-cmp v0.5.9 -> v0.6.0
• github.com/google/go-containerregistry v0.15.2 -> v0.16.1
• github.com/google/uuid v1.3.0 -> v1.3.1
• github.com/gopacket/gopacket v1.1.1 -> 4769cf270e9e
• github.com/hetznercloud/hcloud-go/v2 v2.0.0 -> v2.4.0
• github.com/insomniacslk/dhcp 0f9eb93a696c -> 6a2c8fbdcc1c
• github.com/jsimonetti/rtnetlink v1.3.4 -> v1.3.5
• github.com/opencontainers/runtime-spec 1c3f411f0417 -> v1.1.0-rc.1
• github.com/prometheus/procfs v0.11.1 -> v0.12.0
• github.com/rivo/tview 6cc0565babaf -> 6c844bdc5f7a
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.20 -> v1.0.0-beta.21
• github.com/siderolabs/extras v1.5.0 -> v1.6.0-alpha.0-2-g6d48418
• github.com/siderolabs/gen v0.4.5 -> v0.4.7
• github.com/siderolabs/go-kubernetes v0.2.2 -> v0.2.6
• github.com/siderolabs/pkgs v1.5.0-6-g2f2c9cd -> v1.6.0-alpha.0-23-g2e892fd
• github.com/siderolabs/talos/pkg/machinery v1.5.0 -> v1.6.0-alpha.1
• github.com/siderolabs/tools v1.5.0 -> v1.6.0-alpha.0-5-g9c09b00
• go.uber.org/zap v1.25.0 -> v1.26.0
• go4.org/netipx ec4c8b891b28 -> 6213f710f925
• golang.org/x/net v0.13.0 -> v0.17.0
• golang.org/x/sync v0.3.0 -> v0.4.0
• golang.org/x/sys v0.10.0 -> v0.13.0
• golang.org/x/term v0.10.0 -> v0.13.0
• golang.org/x/text v0.11.0 -> v0.13.0
• google.golang.org/grpc v1.57.0 -> v1.58.3
• k8s.io/api v0.28.0 -> v0.29.0-alpha.2
• k8s.io/apimachinery v0.28.0 -> v0.29.0-alpha.2
• k8s.io/apiserver v0.28.0 -> v0.29.0-alpha.2
• k8s.io/client-go v0.28.0 -> v0.29.0-alpha.2
• k8s.io/component-base v0.28.0 -> v0.29.0-alpha.2
• k8s.io/cri-api v0.28.0 -> v0.29.0-alpha.2
• k8s.io/kubectl v0.28.0 -> v0.29.0-alpha.2
• k8s.io/kubelet v0.28.0 -> v0.29.0-alpha.2

Previous release can be found at v1.5.0

Images

ghcr.io/siderolabs/flannel:v0.22.3
ghcr.io/siderolabs/install-cni:v1.6.0-alpha.0-2-g6d48418
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.9
registry.k8s.io/kube-apiserver:v1.29.0-alpha.2
registry.k8s.io/kube-controller-manager:v1.29.0-alpha.2
registry.k8s.io/kube-scheduler:v1.29.0-alpha.2
registry.k8s.io/kube-proxy:v1.29.0-alpha.2
ghcr.io/siderolabs/kubelet:v1.29.0-alpha.2
ghcr.io/siderolabs/installer:v1.6.0-alpha.1
registry.k8s.io/pause:3.8

Talos 1.5.4 (2023-10-17)

Welcome to the v1.5.4 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.1.58

Talos is built with Go 1.21.3.

Contributors

• Andrey Smirnov
• Thomas Way
• Utku Ozdemir

Changes

• siderolabs/talos@9cf7980e5 release(v1.5.4): prepare release
• siderolabs/talos@b72abb613 test: fix 'talosctl gen' tests
• siderolabs/talos@69f1ea283 fix: handle secure boot state policy pcr digest error
• siderolabs/talos@738092fda fix: use tpm2 hash algorithm constants and allow non-SHA-256 PCRs
• siderolabs/talos@21d874a8a fix: clear the encryption config in META when STATE is reset
• siderolabs/talos@58b16b9dc feat: support service account auth in cli
• siderolabs/talos@124c2ff13 fix: the node IP for kubelet shouldn't change if nothing matches
• siderolabs/talos@8f8392595 feat: update Linux to 6.1.58
• siderolabs/talos@db4c5ce99 feat: update Go to 1.20.10

Changes from siderolabs/extras

• siderolabs/extras@6241ac7 feat: update Go to 1.20.10

Changes from siderolabs/pkgs

• siderolabs/pkgs@45cf9b0 feat: update Linux to 6.1.58
• siderolabs/pkgs@873830b feat: update Go to 1.20.10

Changes from siderolabs/tools

• siderolabs/tools@8adf637 feat: update Go to 1.20.10

Dependency Changes

• github.com/siderolabs/extras v1.5.0-1-g9d5f16f -> v1.5.0-2-g6241ac7
• github.com/siderolabs/pkgs v1.5.0-11-gd6d7236 -> v1.5.0-13-g45cf9b0
• github.com/siderolabs/talos/pkg/machinery v1.5.3 -> v1.5.4
• github.com/siderolabs/tools v1.5.0-1-g4d58a1b -> v1.5.0-2-g8adf637
• golang.org/x/net v0.13.0 -> v0.17.0
• golang.org/x/sys v0.10.0 -> v0.13.0
• golang.org/x/term v0.10.0 -> v0.13.0
• golang.org/x/text v0.11.0 -> v0.13.0
• google.golang.org/grpc v1.57.0 -> v1.57.1

Previous release can be found at v1.5.3

Images

ghcr.io/siderolabs/flannel:v0.22.1
ghcr.io/siderolabs/install-cni:v1.5.0-2-g6241ac7
registry.k8s.io/coredns/coredns:v1.10.1
gcr.io/etcd-development/etcd:v3.5.9
registry.k8s.io/kube-apiserver:v1.28.2
registry.k8s.io/kube-controller-manager:v1.28.2
registry.k8s.io/kube-scheduler:v1.28.2
registry.k8s.io/kube-proxy:v1.28.2
ghcr.io/siderolabs/kubelet:v1.28.2
ghcr.io/siderolabs/installer:v1.5.4
registry.k8s.io/pause:3.6

Talos 1.5.3 (2023-09-22)

Welcome to the v1.5.3 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

cgroups v1

Talos Linux is incompatible with cgroups v1 due to the Kubernetes issue
https://github.com/kubernetes/kubernetes/issues/120813 and new version of Linux kernel.

Talos Linux doesn't use cgroups v1 by default, and it has to be explicitly enabled with
a kernel argument: talos.unified_cgroup_hierarchy=0, so if you are not using cgroups v1,
you are not affected.

Component Updates

Kubernetes: v1.28.2
Linux: 6.1.54

Contributors

• Andrey Smirnov
• Noel Georgi

Changes

• siderolabs/talos@cb21c6710 release(v1.5.3): prepare release
• siderolabs/talos@c4c33fb9e feat: update Linux to 6.1.54
• siderolabs/talos@88c97678c feat: update Kubernetes to 1.28.2
• siderolabs/talos@721b69b40 fix: generate of modules.dep when on the machine
• siderolabs/talos@802aedd21 fix: build CPU ucode correctly for early loader
• siderolabs/talos@1a1472033 refactor: reimplement the depmod extension rebuilder
• siderolabs/talos@6e27fe3a6 fix: calculate UKI ISO size dynamically
• siderolabs/talos@43d4afc92 fix: set default route priority for hcloud platform
• siderolabs/talos@63a4257a9 fix: handle correctly change of listen address for maintenance service
• siderolabs/talos@e9c9dc50d chore: improve image signing process
• siderolabs/talos@2e13558ac fix: trim file path in the container image

Changes from siderolabs/pkgs

• siderolabs/pkgs@d6d7236 chore: bump kernel to 6.1.54
• siderolabs/pkgs@9bfb39a chore: rename kconfig-hardened-check

Dependency Changes

• github.com/siderolabs/pkgs v1.5.0-9-g7f9d6eb -> v1.5.0-11-gd6d7236
• github.com/siderolabs/talos/pkg/machinery v1.5.2 -> v1.5.3
• k8s.io/api v0.28.1 -> v0.28.2
• k8s.io/apimachinery v0.28.1 -> v0.28.2
• k8s.io/apiserver v0.28.1 -> v0.28.2
• k8s.io/client-go v0.28.1 -> v0.28.2
• k8s.io/component-base v0.28.1 -> v0.28.2
• k8s.io/cri-api v0.28.1 -> v0.28.2
• k8s.io/kubectl v0.28.1 -> v0.28.2
• k8s.io/kubelet v0.28.1 -> v0.28.2

Previous release can be found at v1.5.2

Images

ghcr.io/siderolabs/flannel:v0.22.1
ghcr.io/siderolabs/install-cni:v1.5.0-1-g9d5f16f
registry.k8s.io/coredns/coredns:v1.10.1
gcr.io/etcd-development/etcd:v3.5.9
registry.k8s.io/kube-apiserver:v1.28.2
registry.k8s.io/kube-controller-manager:v1.28.2
registry.k8s.io/kube-scheduler:v1.28.2
registry.k8s.io/kube-proxy:v1.28.2
ghcr.io/siderolabs/kubelet:v1.28.2
ghcr.io/siderolabs/installer:v1.5.3
registry.k8s.io/pause:3.6

Talos 1.5.2 (2023-09-07)

Welcome to the v1.5.2 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Kubernetes: v1.28.1
Linux: 6.1.51

Talos is now built with Go 1.20.8.

Contributors

• Andrey Smirnov

Changes

• siderolabs/talos@318c66b98 release(v1.5.2): prepare release
• siderolabs/talos@614e4e892 feat: update Go to 1.20.8
• siderolabs/talos@cb8eb9da1 feat: update Linux to 6.1.51
• siderolabs/talos@45c88aedd fix: update kubernetes library for 1.28 upgrade pre-checks
• siderolabs/talos@b8bd8ee43 fix: shorten VLAN link names to fit into the limit of 15 characters
• siderolabs/talos@2a2b64eee feat: update default Kubernetes to 1.28.1
• siderolabs/talos@e713043ff feat: set environment variables early in the boot
• siderolabs/talos@4552014b9 fix: set correct (1 year) talosconfig expiration
• siderolabs/talos@1804906c7 fix: set proper timeouts for KubePrism loadbalancer
• siderolabs/talos@dbfbeb7c9 refactor: update NTP spike detector
• siderolabs/talos@6ae5b1289 fix: ova contents to be named disk.*
• siderolabs/talos@9d6d580f4 fix: properly calculate overal of node address with subnet filters

Changes from siderolabs/extras

• siderolabs/extras@9d5f16f feat: update Go to 1.20.8

Changes from siderolabs/go-kubernetes

• siderolabs/go-kubernetes@44e26b3 feat: update removed feature gates for 1.28

Changes from siderolabs/pkgs

• siderolabs/pkgs@7f9d6eb feat: update Go to 1.20.8
• siderolabs/pkgs@99b6ac1 feat: update Linux to 6.1.51

Changes from siderolabs/tools

• siderolabs/tools@4d58a1b feat: update Go to 1.20.8

Dependency Changes

• github.com/siderolabs/extras v1.5.0 -> v1.5.0-1-g9d5f16f
• github.com/siderolabs/go-kubernetes v0.2.2 -> v0.2.3
• github.com/siderolabs/pkgs v1.5.0-7-gf62fa2c -> v1.5.0-9-g7f9d6eb
• github.com/siderolabs/talos/pkg/machinery v1.5.1 -> v1.5.2
• github.com/siderolabs/tools v1.5.0 -> v1.5.0-1-g4d58a1b
• k8s.io/api v0.28.0 -> v0.28.1
• k8s.io/apiserver v0.28.0 -> v0.28.1
• k8s.io/client-go v0.28.0 -> v0.28.1
• k8s.io/component-base v0.28.0 -> v0.28.1
• k8s.io/kubectl v0.28.0 -> v0.28.1
• k8s.io/kubelet v0.28.0 -> v0.28.1

Previous release can be found at v1.5.1

Images

ghcr.io/siderolabs/flannel:v0.22.1
ghcr.io/siderolabs/install-cni:v1.5.0-1-g9d5f16f
registry.k8s.io/coredns/coredns:v1.10.1
gcr.io/etcd-development/etcd:v3.5.9
registry.k8s.io/kube-apiserver:v1.28.1
registry.k8s.io/kube-controller-manager:v1.28.1
registry.k8s.io/kube-scheduler:v1.28.1
registry.k8s.io/kube-proxy:v1.28.1
ghcr.io/siderolabs/kubelet:v1.28.1
ghcr.io/siderolabs/installer:v1.5.2
registry.k8s.io/pause:3.6

Talos 1.6.0-alpha.0 (2023-08-24)

Welcome to the v1.6.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

talosctl CLI

The command images deprecated in Talos 1.5 was removed, please use talosctl images default instead.

Component Updates

Linux: 6.1.46

Talos is built with Go 1.21.

Contributors

• Andrey Smirnov
• Noel Georgi
• Andrey Smirnov
• Dmitriy Matrenichev
• Artem Chernyshev
• Christian Rolland
• Enno Boland
• Henry Sachs
• Jared Davenport
• Nico Berlee
• Sascha Desch
• Tim Jones
• Utku Ozdemir

Changes

• siderolabs/talos@8670450d2 release(v1.6.0-alpha.0): prepare release
• siderolabs/talos@6778ded29 feat: add e2e-aws for nvidia extensions
• siderolabs/talos@74c07ed71 chore: update Go to 1.21
• siderolabs/talos@a28d72e9c fix: ova contents to be named disk.*
• siderolabs/talos@c0ea4d7ba fix: properly calculate overal of node address with subnet filters
• siderolabs/talos@d6b2719e2 chore: drone: move extensions step to a function
• siderolabs/talos@9608ef56d chore: allow bridge traffic with DHCP broadcast traffic
• siderolabs/talos@c99316457 docs: fix the installing system extensions doc
• siderolabs/talos@833895940 chore: add tests for zfs extension
• siderolabs/talos@cb468c41c fix: copy proper modules to arm64 squashfs
• siderolabs/talos@ea0d6e8c6 fix: prevent dashboard crashes when process info is not available
• siderolabs/talos@e9077a6fb feat: filter the hostname to produce nodename
• siderolabs/talos@dc8361c1d fix: properly GC images supplied with both tag and digest
• siderolabs/talos@ccfa8de11 fix: automatically change rpi_4 board on upgrade
• siderolabs/talos@b56e8b7d9 fix: support 'List' type manifests
• siderolabs/talos@574d48e54 fix: use image digest when starting a container
• siderolabs/talos@175747cea fix: ntp query error with bare IPv6 address
• siderolabs/talos@c8b507fb2 docs: fix kubeprism typo
• siderolabs/talos@0cdcb2e0e docs: restructure docs for nvidia drivers for v1.4
• siderolabs/talos@676db9768 docs: fork docs for Talos 1.6
• siderolabs/talos@92ad18c18 fix: write correct capacity to the ovf
• siderolabs/talos@6b0373ebe chore: move bash tests to integration
• siderolabs/talos@52b3d8d37 docs: make Talos 1.5 documentation the default one
• siderolabs/talos@dc873df9b chore: fix the filenames of openstack images
• siderolabs/talos@b5c0e7b24 docs: update nvidia docs
• siderolabs/talos@9606e871e docs: update Jiva Pod Security Policy
• siderolabs/talos@a86ed4362 chore: update Kubernetes Go modules to 0.28.0
• siderolabs/talos@97b4e3e91 feat: update Kubernetes to 1.28.0
• siderolabs/talos@79ca1a3df feat: e2e-aws using tf code
• siderolabs/talos@bf3a5e011 chore: add version compatibility for Talos 1.6
• siderolabs/talos@969e8097c feat: update Kubernetes to 1.28.0-rc.1
• siderolabs/talos@ca41b611e chore: drone jsonnet cleanup
• siderolabs/talos@bc198e98e docs: retain cilium autoMount pending upstream hostPath fix
• siderolabs/talos@86c94eff8 refactor: docgen and config examples
• siderolabs/talos@ee6d639f6 fix: match routes on the priority properly
• siderolabs/talos@bff0d8f32 chore: fix dependencies in the release pipeline
• siderolabs/talos@e1b288679 refactor: compile regex in validation method on the first use
• siderolabs/talos@daa4c185a docs: add what's new and documentation for Talos 1.5
• siderolabs/talos@c4a1ca8d6 chore: remove <-errCh where possible in grpc methods
• siderolabs/talos@e0f383598 chore: clean up the output of the imager
• siderolabs/talos@fb536af4d chore: optimize memory usage of tcell library on init
• siderolabs/talos@7c86a365e chore: publish systemd-boot and systemd-stub assets
• siderolabs/talos@7d688ccfe fix: make encryption config provider default to luks2 if not set
• siderolabs/talos@80238a05a chore: unify semver under github.com/blang/semver/v4
• siderolabs/talos@0f1920bdd chore: provide a resource to peek into Linux clock adjustments
• siderolabs/talos@4eab3017b fix: calculate log2i properly
• siderolabs/talos@bcf284530 fix: update providerid prefix for aws
• siderolabs/talos@ac2aff5cc fix: fix azure portion of cloud uploader
• siderolabs/talos@793dcedc9 fix: fast-wipe the system disk on talosctl reset
• siderolabs/talos@76fa45afb docs: update cilium instructions

Changes from siderolabs/pkgs

• siderolabs/pkgs@cca80b7 feat: update Linux to 6.1.46
• siderolabs/pkgs@2e1c0b9 fix: nonfree kmod pkg name
• siderolabs/pkgs@cff5beb feat: add btrfs support
• siderolabs/pkgs@7717b7e chore: bump deps
• siderolabs/pkgs@2f19f18 feat: update containerd to 1.6.23
• siderolabs/pkgs@30d4b74 feat: update Go to 1.21
• siderolabs/pkgs@eda123d feat: update runc to 1.1.9
• siderolabs/pkgs@30cd584 chore: enable pushing of non-free packages
• siderolabs/pkgs@fb247b5 chore: update kernel and microcode

Changes from siderolabs/tools

• siderolabs/tools@33fb4b3 feat: update Go to 1.21

Dependency Changes

• github.com/aws/aws-sdk-go-v2/config v1.18.32 -> v1.18.36
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.7 -> v1.13.11
• github.com/aws/smithy-go v1.14.0 -> v1.14.2
• github.com/beevik/ntp v1.2.0 -> v1.3.0
• github.com/blang/semver/v4 v4.0.0 new
• github.com/containerd/containerd v1.6.23 -> v1.6.22
• github.com/foxboron/go-uefi 32187aa193d0 -> 18b9ba9cd4c3
• github.com/google/go-containerregistry v0.15.2 -> v0.16.1
• github.com/google/uuid v1.3.0 -> v1.3.1
• github.com/hetznercloud/hcloud-go/v2 v2.0.0 -> v2.1.1
• github.com/insomniacslk/dhcp 0f9eb93a696c -> b3ca2534940d
• github.com/jsimonetti/rtnetlink v1.3.4 -> v1.3.5
• github.com/rivo/tview 6cc0565babaf -> ccc2c8119703
• github.com/siderolabs/pkgs v1.5.0-6-g2f2c9cd -> v1.6.0-alpha.0-8-gcca80b7
• github.com/siderolabs/talos/pkg/machinery v1.5.0 -> v1.6.0-alpha.0
• github.com/siderolabs/tools v1.5.0 -> v1.6.0-alpha.0
• golang.org/x/net v0.13.0 -> v0.14.0
• golang.org/x/sys v0.10.0 -> v0.11.0
• golang.org/x/term v0.10.0 -> v0.11.0
• golang.org/x/text v0.11.0 -> v0.12.0

Previous release can be found at v1.5.0

Images

Manage CRI containter images

Usage:
  talosctl image [command]

Aliases:
  image, images

Available Commands:
  default     List the default images used by Talos
  list        List CRI images
  pull        Pull an image into CRI

Flags:
  -h, --help               help for image
      --namespace system   namespace to use: system (etcd and kubelet images) or `cri` for all Kubernetes workloads (default "cri")

Global Flags:
      --cluster string       Cluster to connect to if a proxy endpoint is used.
      --context string       Context to be used in command
  -e, --endpoints strings    override default endpoints in Talos configuration
  -n, --nodes strings        target the specified nodes
      --talosconfig string   The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.

Use "talosctl image [command] --help" for more information about a command.

Talos 1.5.1 (2023-08-22)

Welcome to the v1.5.1 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

• Linux: 6.1.46

Contributors

• Andrey Smirnov
• Utku Ozdemir

Changes

• siderolabs/talos@40a22cdf7 release(v1.5.1): prepare release
• siderolabs/talos@4fd4e16c0 fix: copy proper modules to arm64 squashfs
• siderolabs/talos@51c92e48a feat: update Linux to 6.1.46
• siderolabs/talos@2d2b8c895 fix: prevent dashboard crashes when process info is not available
• siderolabs/talos@a79ed5e47 fix: properly GC images supplied with both tag and digest
• siderolabs/talos@024053a5c fix: automatically change rpi_4 board on upgrade
• siderolabs/talos@5c82445d2 fix: support 'List' type manifests
• siderolabs/talos@7b36ada79 fix: use image digest when starting a container
• siderolabs/talos@106078295 fix: ntp query error with bare IPv6 address
• siderolabs/talos@5b1d021d5 fix: write correct capacity to the ovf
• siderolabs/talos@3c8b0856b fix: restore compatibility with Kubernetes 1.26

Changes from siderolabs/pkgs

• siderolabs/pkgs@f62fa2c feat: update Linux to 6.1.46

Dependency Changes

• github.com/beevik/ntp v1.2.0 -> v1.3.0
• github.com/siderolabs/pkgs v1.5.0-6-g2f2c9cd -> v1.5.0-7-gf62fa2c
• github.com/siderolabs/talos/pkg/machinery v1.5.0 -> v1.5.1

Previous release can be found at v1.5.0

Images

ghcr.io/siderolabs/flannel:v0.22.1
ghcr.io/siderolabs/install-cni:v1.5.0
registry.k8s.io/coredns/coredns:v1.10.1
gcr.io/etcd-development/etcd:v3.5.9
registry.k8s.io/kube-apiserver:v1.28.0
registry.k8s.io/kube-controller-manager:v1.28.0
registry.k8s.io/kube-scheduler:v1.28.0
registry.k8s.io/kube-proxy:v1.28.0
ghcr.io/siderolabs/kubelet:v1.28.0
ghcr.io/siderolabs/installer:v1.5.1
registry.k8s.io/pause:3.6

Talos 1.5.0 (2023-08-17)

Welcome to the v1.5.0 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Extension Services

Talos now supports setting environmentFile for an extension service container spec. Refer: https://www.talos.dev/v1.5/advanced/extension-services/#container
The extension waits for the file to be present before starting the service.

Predictable Network Interface Names

Starting with version Talos 1.5, network interfaces are renamed to predictable names
same way as systemd does that in other Linux distributions.

The naming schema enx78e7d1ea46da (based on MAC addresses) is enabled by default, the order of interface naming decisions is:

• firmware/BIOS provided index numbers for on-board devices (example: eno1)
• firmware/BIOS provided PCI Express hotplug slot index numbers (example: ens1)
• physical/geographical location of the connector of the hardware (example: enp2s0)
• interfaces's MAC address (example: enx78e7d1ea46da)

The predictable network interface names features can be disabled by specifying net.ifnames=0 in the kernel command line.
Talos automatically adds the net.ifnames=0 kernel argument when upgrading from Talos versions before 1.5.

This change doesn't affect "cloud" platforms, like AWS, as Talos automatically adds net.ifnames=0 to the kernel command line.

Network KMS Disk Encryption

Talos now supports new type of encryption keys which are sealed/unsealed with an external KMS server:

systemDiskEncryption:
  ephemeral:
    keys:
      - kms:
          endpoint: https://1.2.3.4:443
        slot: 0

gRPC API definitions and a simple reference implementation of the KMS server can be found in this
repository.

KubePrism - Kubernetes API Server In-Cluster Load Balancer

Talos now supports configuring the KubePrism - Kubernetes API Server in-cluster load balancer with machine config
features.kubePrism.port and features.kubePrism.enabled fields.

If enabled, KubePrism binds to localhost and runs on the same port on every machine in the cluster.
The default value for KubePrism endpoint is https://localhost:7445.

The KubePrism is used by the kubelet, kube-scheduler, kube-controller-manager
and kube-proxy by default and can be passed to the CNIs like Cilium and Calico.

The KubePrism provides access to the Kubernetes API endpoint even if the external loadbalancer
is not healthy, provided that the worker nodes can reach to the controlplane machine addresses directly.

Machine Config option .machine.install.bootloader

The .machine.install.bootloader option in the machine config is deprecated and will be removed in Talos 1.6.
This was a no-op for a long time. The bootloader is always installed.

XFS Quota

Talos 1.5+ enables XFS project quota support by default, also enabling by default
kubelet feature gate LocalStorageCapacityIsolationFSQuotaMonitoring to use xfs quotas
to monitor volume usage instead of du.

This feature is controlled by the .machine.features.diskQuotaSupport field in the machine config,
it is set to true for new clusters.

When upgrading from a previous version, the feature can be enabled by setting the field to true.
On the first mount of a volume, the quota information will be recalculated, which may take some time.

RDMA/RoCE support

Talos no longer loads by default rdma_rxe Linux driver, which is required for RoCE support.
If the driver is required, it can be enabled by specifying rdma_rxe in the .machine.kernel.modules field in the machine config.

SecureBoot

Talos now supports generating a custom iso that can be used with SecureBoot. Key generation and enrolling has to be done manually.

talosctl image Command

A new set of commands was introduced to manage container images in the CRI:

• talosctl image list shows list of available images
• talosctl image pull allows to pre-pull an image into the CRI

Both new commands accept --namespace flag with two possible values:

• cri (default): images managed by the CRI (Kubernetes workloads)
• system: images managed by Talos (etcd and kubelet)

talosctl images Command

The command talosctl images was renamed to talosctl image default.

The backward-compatible alias is kept in Talos 1.5, but it will be dropped in Talos 1.6.

TPM Disk Encryption

Talos now supports encrypting STATE/EPHEMERAL with keys bound to a TPM device. The TPM device must be TPM2.0 compatible.
This is ideally supported when booting with new Talos SecureBoot UKI ISOs/Metal images. This feature would still work if SecureBoot
is not enabled for UKI images, but not recommended since there is no way to verify the trust of the bootloader.

Example machine config:

systemDiskEncryption:
  ephemeral:
    provider: luks2
    keys:
      - slot: 0
        tpm: {}
  state:
    provider: luks2
    keys:
      - slot: 0
        tpm: {}

Component Updates

• Linux: 6.1.45
• containerd: 1.6.23
• runc: 1.1.9
• etcd: 3.5.9
• Kubernetes: 1.28.0
• Flannel: 0.22.1

Talos is built with Go 1.20.7.

talosctl upgrade-k8s Image Pre-pulling

The command talosctl upgrade-k8s now by default pre-pulls images for Kubernetes controlplane components
and kubelet. This provides an early check for missing images, and minimizes downtime during Kubernetes
rolling component update.

Contributors

• Andrey Smirnov
• Noel Georgi
• Dmitriy Matrenichev
• Andrey Smirnov
• Utku Ozdemir
• Artem Chernyshev
• Spencer Smith
• Christian Rolland
• Steve Francis
• Andrei Kvapil
• Nanfei Chen
• Nico Berlee
• Alex Corcoles
• Alex Corcoles
• Alex Lubbock
• Artem Chernyshev
• Budiman Jojo
• Chris Hoffman
• DJAlPee
• Dennis Marttinen
• Eirik Askheim
• Florian Klink
• Henk Kraal
• Igor Rzegocki
• James Callahan
• Jared Davenport
• LukasAuerbeck
• Markus Reiter
• Michael A. Davis
• Michael Fornaro
• Niklas Wik
• Piotr Maksymiuk
• Ricky Sadowski
• Roee Klinger
• Sacha Trémoureux
• Scott Cariss
• Serge Logvinov
• Thomas Lemarchand
• Thomas Perronin
• Tim Jones
• Victor Bajada
• Walt Chen
• bdronneau

Changes

• siderolabs/talos@429a2de86 release(v1.5.0): prepare release
• siderolabs/talos@7d37108e7 test: fix the check on 'trusted boot'
• siderolabs/talos@644c8a4a5 feat: update pkgs
• siderolabs/talos@17d11cb36 chore: update Kubernetes Go modules to 0.28.0
• siderolabs/talos@c15106898 feat: update Kubernetes to 1.28.0
• siderolabs/talos@51680ad02 chore: add version compatibility for Talos 1.6
• siderolabs/talos@fd304fae2 feat: update Kubernetes to 1.28.0-rc.1
• siderolabs/talos@2c122b37f fix: match routes on the priority properly
• siderolabs/talos@16382a650 refactor: compile regex in validation method on the first use
• siderolabs/talos@f0364d29e refactor: docgen and config examples
• siderolabs/talos@5dec8c22e docs: add what's new and documentation for Talos 1.5
• siderolabs/talos@bd44bf02a chore: fix dependencies in the release pipeline
• siderolabs/talos@46d61bb3f release(v1.5.0-beta.1): prepare release
• siderolabs/talos@8a94ae93e chore: update Linux to 6.1.44
• siderolabs/talos@0b9f200ad chore: allow multiple commits
• siderolabs/talos@3e2359403 chore: clean up the output of the imager
• siderolabs/talos@d52e5d672 chore: optimize memory usage of tcell library on init
• siderolabs/talos@c8231d482 fix: make encryption config provider default to luks2 if not set
• siderolabs/talos@47b1224c9 chore: publish systemd-boot and systemd-stub assets
• siderolabs/talos@761e7737b fix: calculate log2i properly
• siderolabs/talos@6748efb4e fix: fast-wipe the system disk on talosctl reset
• siderolabs/talos@73db592fa docs: update cilium instructions
• siderolabs/talos@eae450772 fix: fix azure portion of cloud uploader
• siderolabs/talos@a94cb001c fix: update providerid prefix for aws
• siderolabs/talos@de763409b release(v1.5.0-beta.0): prepare release
• siderolabs/talos@87fe8f1a2 feat: implement image generation profiles
• siderolabs/talos@e685208ce chore: update go 1.20.7
• siderolabs/talos@10f958cf4 feat: network configuration improvements on the NoCloud platform
• siderolabs/talos@5adeb5042 feat: update extension spec allowlist for opengl
• siderolabs/talos@abf383117 chore: remove cpu_manager_state on cpuManagerPolicy change
• siderolabs/talos@018e7f587 chore: bump dependencies
• siderolabs/talos@68e6b98f7 feat: add security state resource
• siderolabs/talos@209c34801 chore: drop with-secureboot talosctl flag
• siderolabs/talos@ab14905d9 docs: note that Talos API requires TCP only load balancer, not HTTPS
• siderolabs/talos@078c29c73 chore: re-enable cloud images step
• siderolabs/talos@a17272cdd chore: update hcloud API SDK to v2
• siderolabs/talos@6d71bb8df refactor: replace google/gopacket with gopacket/gopacket
• siderolabs/talos@846f37d84 refactor: drop dependency on vmware/govmomi
• siderolabs/talos@ca0b32c51 refactor: update AWS SDK and http-getter to v2 versions
• siderolabs/talos@dbb9f2bc7 chore: add dm_multipath module
• siderolabs/talos@b70b7ea57 chore: use new go-pcidb database
• siderolabs/talos@9b533e27c feat: update Kubernetes to 1.28.0-rc.0
• siderolabs/talos@a3a2aa8ef fix: use fast wipe for upgrade
• siderolabs/talos@f863498ff fix: always override APIServer audit policy
• siderolabs/talos@355681dda fix: terminate dashboard gracefully on & switch back to tty1
• siderolabs/talos@544cb4fe7 refactor: accept partial machine configuration
• siderolabs/talos@9b0bc3e93 chore: split kernel modules out of the tree
• siderolabs/talos@ffa48ac80 chore: workaround AWS AMI failures, disable Azure uploader
• siderolabs/talos@4cd7623cf chore: add alx drivers
• siderolabs/talos@663264c86 release(v1.5.0-alpha.3): prepare release
• siderolabs/talos@d2f64af86 chore: disable cloud-images, pull in new kernel and gre module
• siderolabs/talos@8edce4906 docs: improve proxmox install guide
• siderolabs/talos@c783458be docs: typo dhcp -> dhcp
• siderolabs/talos@003cbd161 docs: warn about secretboxEncryptionSecret in kubeadm migration guide
• siderolabs/talos@786e86f5b refactor: rewrite the way Talos acquires the machine configuration
• siderolabs/talos@5e13cafe5 feat: enforce kernel lockdown for UKI
• siderolabs/talos@4d96d642f feat: update default Kubernetes version to 1.28.0-beta.0
• siderolabs/talos@170a73e16 chore: support creating qemu guest socket
• siderolabs/talos@59ac38a6b docs: add docs for installing azure ccm and csi
• siderolabs/talos@6288cd970 release(v1.5.0-alpha.2): prepare release
• siderolabs/talos@60c304126 chore: bump dependencies
• siderolabs/talos@9ef4e5efc fix: log explicitly when kubelet has no nodeIP match
• siderolabs/talos@6b39c6a4d fix: enable compression and bump gRPC max msg size
• siderolabs/talos@2f2eca861 chore: basic support for shutdown/poweroff flags
• siderolabs/talos@b84277d7d docs: fix wrong capability name
• siderolabs/talos@59d7d9344 chore: use machined for shutdown, poweroff
• siderolabs/talos@2439bfb71 chore: explicitly add timestamps to machined logs
• siderolabs/talos@14966e718 fix: skip over tpm2 1.2 devices
• siderolabs/talos@6716e7bc0 docs: update cilium documentation about KubePrism usage
• siderolabs/talos@166d75fe8 fix: tpm2 encrypt/decrypt flow
• siderolabs/talos@130518de7 chore: change missing renames of KubePrism
• siderolabs/talos@5f34f5b41 chore: rename api load balancer to KubePrism
• siderolabs/talos@c8b7095c0 refactor: use tpm2 library to calculate policy hash
• siderolabs/talos@078aac92e chore: bump deps
• siderolabs/talos@53873b844 refactor: move ukify into Talos code
• siderolabs/talos@d5f6fb9ff chore: add vendor info
• siderolabs/talos@79365d9ba feat: tpm2 based disk encryption
• siderolabs/talos@06369e819 fix: retry CRI pod removal, fix upgrade flow in the tests
• siderolabs/talos@d32dd3a82 chore: update Go to 1.20.6
• siderolabs/talos@8017afb10 feat: implement CRI image management and pre-pull on K8s upgrade
• siderolabs/talos@1c2f19b36 feat: update Kubernetes to 1.28.0-alpha.4
• siderolabs/talos@94e9891c1 chore: bump sd-boot to v254-rc1
• siderolabs/talos@936111ce0 fix: properly set up tls for KMS endpoint
• siderolabs/talos@cb226eec4 fix: rewrite encryption system information flow
• siderolabs/talos@3206db528 feat: drop tpm simulator for ukify measure
• siderolabs/talos@bd4f89f63 fix: disable dashboard on Azure, GCP and Scaleway
• siderolabs/talos@bdb96189f refactor: make maintenance service controller-based
• siderolabs/talos@d23d04de2 feat: seed the kernel random pool from the TPM
• siderolabs/talos@c81ce8cfb feat: support controlplane resources configuration
• siderolabs/talos@74de562b2 fix: mount hugepages with nosuid + nodev
• siderolabs/talos@ce63abb21 feat: add KMS assisted encryption key handler
• siderolabs/talos@dafbe9deb chore: optimize dockerfile instructions
• siderolabs/talos@a4289e870 chore: fix CLI docs generation stability
• siderolabs/talos@2fec8388f chore: bump dependencies
• siderolabs/talos@c1b4262dd docs: split simple and more complex getting started guides
• siderolabs/talos@c9a9f9561 refactor: extract secure boot certificate generation
• siderolabs/talos@6be5a13d5 feat: implement machine config documents for event and log streaming
• siderolabs/talos@e241be85b fix: properly handle YAML comment stripping for multi-doc
• siderolabs/talos@c02ada7d9 fix: capabilities including ALL should be uppercase
• siderolabs/talos@cbdf96d46 feat: support environment file for extensions
• siderolabs/talos@35d6adcb9 fix: provide stashed META values before installation
• siderolabs/talos@258f07449 fix: ukify cert generation
• siderolabs/talos@bf3febb7e fix: refine OVMF search paths
• siderolabs/talos@fbebc17f8 fix: disable LVM backups/archive
• siderolabs/talos@e5306ef26 chore: format and cleanup test scripts
• siderolabs/talos@bc371ecfd chore: add /sbin/shutdown
• siderolabs/talos@0d313b973 feat: add reboot-mode flag to talosctl upgrade
• siderolabs/talos@7ce87f20c fix: compare only basename of os.Args[0] in machined
• siderolabs/talos@53389b1e7 feat: auto-enroll secure boot keys
• siderolabs/talos@d77f0bc7b docs: fix broken link to powershell module
• siderolabs/talos@e1b150a11 release(v1.5.0-alpha.1): prepare release
• siderolabs/talos@8daf432b2 chore: bump deps
• siderolabs/talos@e3f3f5794 feat: implement revert for sd-boot
• siderolabs/talos@d8b0903d7 docs: vagrant setup document fix
• siderolabs/talos@fe0f46980 feat: implement secure boot from disk
• siderolabs/talos@445f5ad54 feat: support API server load balancer
• siderolabs/talos@19bc223de refactor: bootloader interface, labels
• siderolabs/talos@665702ddd chore: fix cilium e2e tests
• siderolabs/talos@71a548d18 chore: generic boootloader implementation
• siderolabs/talos@e9dbc9311 test: bump versions for upgrade tests
• siderolabs/talos@0a99965ef refactor: replace uncordonNode with controllers
• siderolabs/talos@e858bca3a test: fix cilium integration tests
• siderolabs/talos@455328d05 fix: allow time skew for generated kubeconfig
• siderolabs/talos@3ae05648a fix: usage of custom kernels
• siderolabs/talos@0797b0d16 chore: add a pipeline to test cloud-images step without a release
• siderolabs/talos@e5a36268b docs: include allowSchedulingOnControlPlanes on talosctl gen config output
• siderolabs/talos@c74d93728 chore: bump github.com/cosi-project/runtime
• siderolabs/talos@dbaf5c699 refactor: task labelControlPlane into controllers
• siderolabs/talos@1865a0c29 chore: modify some usages that are not recommended
• siderolabs/talos@3816318b9 chore: wrap config.Provider in atomic wrapper
• siderolabs/talos@d04cf1978 chore: clean up unnecessary self assignment
• siderolabs/talos@a34a94898 fix: copy missing modules.* files
• siderolabs/talos@f5e3272fc refactor: task 'updateBootLoader' as controller
• siderolabs/talos@e7be6ee7c refactor: make event log streaming fully reactive
• siderolabs/talos@aef2192a6 chore: use fixed module list
• siderolabs/talos@c719aa231 fix: allow http:// for discovery service URL
• siderolabs/talos@39134d8d5 chore: fix cron pipeline
• siderolabs/talos@a61dcdbbd fix: don't load RDMA over Ethernet driver by default
• siderolabs/talos@aac441f61 chore: update Go to 1.20.5, bump dependencies
• siderolabs/talos@1c0c7933d chore: cleanup partition code
• siderolabs/talos@31b988281 docs: add some words about certifcates
• siderolabs/talos@e912c0dfc chore: use go-blockdevice for zeroing partitions
• siderolabs/talos@e6dde8ffc feat: add network chaos to qemu development environment
• siderolabs/talos@47986cb79 chore: unify kexec phase
• siderolabs/talos@3a865370f feat: qemu secureboot
• siderolabs/talos@5dab45e86 refactor: allow kmsg log streaming to be reconfigured on the fly
• siderolabs/talos@8a02ecd4c chore: add endpoints balancer controller
• siderolabs/talos@423a31ac9 chore: deprectae bootloader installer option
• siderolabs/talos@cdfece7d6 chore: optimize image compression
• siderolabs/talos@bfc341937 chore: add default console args
• siderolabs/talos@2749aeeda feat: add support for multi-doc strategic merge patching
• siderolabs/talos@3f68485e4 feat: add uki iso generation
• siderolabs/talos@bab484a40 feat: use stable network interface names
• siderolabs/talos@196dfb99b fix: do not probe kernel args in dashboard if not needed
• siderolabs/talos@8c071b579 fix: skip DHCP RENEW if server IP in the lease is all zeroes
• siderolabs/talos@badbc51e6 refactor: rewrite code to include preliminary support for multi-doc
• siderolabs/talos@ecce29dee fix: upgrade-k8s use internal IP first, external IP fallback
• siderolabs/talos@3c64a5ffb chore: optimize image generation time
• siderolabs/talos@2292f36d9 chore: registry.k8s.io for coredns image
• siderolabs/talos@f2b258b37 docs: document talosctl version for upgrades
• siderolabs/talos@a0773f783 chore: add ukify Go script
• siderolabs/talos@b69e38d1f chore: bump dependencies
• siderolabs/talos@adce65103 docs: add piraeus/drbd to storage documentation
• siderolabs/talos@a982cabe7 docs: link support matrix in k8s update doc
• siderolabs/talos@1fb29a56a fix: fail quickly if upgrade-k8s is used with multiple nodes
• siderolabs/talos@51d931c47 chore: faster dev cycle
• siderolabs/talos@dc6764871 refactor: move around config interfaces, make RawV1Alpha1 typed
• siderolabs/talos@ea9a97dba fix: fall back to external IP when discovering nodes in upgrade-k8s
• siderolabs/talos@0bb7e8a5c refactor: split config.Provider into Config & Container
• siderolabs/talos@85d8a1619 chore: bump deps
• siderolabs/talos@39b7a56f0 chore: use 8GiB instead of 10GiB for cloud images
• siderolabs/talos@ff11fd39c fix: race with udevd and mountUserDisks
• siderolabs/talos@c3fabb982 chore: update default image sizes to 10GB for all "cloud" images
• siderolabs/talos@10155c390 feat: enable xfs project quota support, kubelet feature
• siderolabs/talos@eba818564 release(v1.5.0-alpha.0): prepare release
• siderolabs/talos@383471c3e feat: update default Kubernetes to v1.27.2
• siderolabs/talos@8f68d1abe chore: bump deps
• siderolabs/talos@e0c1585d3 feat: create azure community gallery image version on release
• siderolabs/talos@dd8336c9e fix: refresh kubelet self-issued serving certificates
• siderolabs/talos@bb02dd263 chore: drop deprecated stuff for Talos 1.5
• siderolabs/talos@61cad8673 chore: bump deps
• siderolabs/talos@01dfd3af7 feat: update etcd to v3.5.9
• siderolabs/talos@aa65fbb8a chore: update KUBECTL_URL to reflect the community bucket
• siderolabs/talos@cc3128d94 chore: bump kernel to 6.1.28
• siderolabs/talos@97fffaf78 chore: use ctest.UpdateWithConflicts instead of plain UpdateWithConflicts
• siderolabs/talos@3b36993b9 fix: rlimit nofile test
• siderolabs/talos@45e6e27af chore: bump runtime
• siderolabs/talos@4f720d465 fix: revert: set rlimit explicitly in wrapperd
• siderolabs/talos@a2565f674 fix: set rlimit explicitly in wrapperd
• siderolabs/talos@cdfc242b8 chore: re-enable Go buildid
• siderolabs/talos@e67f3f5c5 feat: linux 6.1.27, containerd 1.6.21, go 1.20.4
• siderolabs/talos@55ae59a0a fix: properly skip/cleanup controlplane configs for workers
• siderolabs/talos@64eade9bd chore: clean up unused constant
• siderolabs/talos@62c6e9655 feat: introduce siderolink config resource & reconnect
• siderolabs/talos@860002c73 fix: don't reload control plane pods on cert SANs changes
• siderolabs/talos@d43c61e80 fix: enforce nolock option for all NFS mounts by default
• siderolabs/talos@339986db9 fix: inhibit timer to follow kubelet timer
• siderolabs/talos@cbf6dc100 fix: set timeout for unmount calls
• siderolabs/talos@b58f913d5 fix: set the static pod priority as values
• siderolabs/talos@f8a7a5b6b docs: add information about KubeSpan ports and topology
• siderolabs/talos@2bad74d64 docs: add how to on scaling down
• siderolabs/talos@7442ff8b0 chore: fix typos inteface -> interface (docs and tests)
• siderolabs/talos@d4e94f7a1 fix: add back required TARGETARCH for installer
• siderolabs/talos@e6fffda01 chore: linux 6.1.26, runc 1.1.7
• siderolabs/talos@344746ae2 fix: bump max inhibit delay to 20 min
• siderolabs/talos@d9bdea2b5 chore: fork docs and compatibility modules for Talos 1.5
• siderolabs/talos@3d99610fc docs: document building, verifying image and process caps
• siderolabs/talos@014008ea2 fix: udevd rules trigger
• siderolabs/talos@9b36bb613 feat: update Linux to 6.1.25, fix virtio on arm64
• siderolabs/talos@08ec66c55 feat: clean up (garbage collect) system images which are not referenced
• siderolabs/talos@b097efcde fix: display correct number of machines on dashboard
• siderolabs/talos@cad43f0ad chore: remove k8s master label
• siderolabs/talos@e296a566e fix: support kernel userspace module loading
• siderolabs/talos@103f0ffdd feat: add startup probes to controller-manager and scheduler
• siderolabs/talos@5a1ae8aae chore: bump dependences
• siderolabs/talos@ec8c8dbaf chore: fix container image reproducibility
• siderolabs/talos@f661d8487 fix: allow talosctl cp to handle special files in /proc
• siderolabs/talos@2d824b563 fix: do not show control plane status for workers on dashboard
• siderolabs/talos@e5491ddad docs: update documentation for nocloud
• siderolabs/talos@7a004a6f7 fix: parse errors correctly
• siderolabs/talos@374ef5385 test: submit verbose flag to e2e tests
• siderolabs/talos@e1d38b6fe feat: show template URL in dashboard config URL tab
• siderolabs/talos@45d7f0ce9 docs: fix the latest url
• siderolabs/talos@96efbf147 docs: activate 1.4.0 docs by default
• siderolabs/talos@8c1f515b1 feat: update Linux to 6.1.24
• siderolabs/talos@8689bef5f docs: update documentation for Talos 1.4
• siderolabs/talos@a781dfb8e feat: update Kubernetes to 1.27.1
• siderolabs/talos@a737dd83a chore: typo in compatibility.ParseKubernetesVersion
• siderolabs/talos@f14928b0a fix: fix dashboard crash when a non-existent node is specified
• siderolabs/talos@3e406d9b0 feat: update etcd to v3.5.8
• siderolabs/talos@bd1cff3e8 chore: remove Go buildid
• siderolabs/talos@e31f7f50b feat: update Kubernetes to 1.27.0
• siderolabs/talos@aa3640d74 docs: update storage.md
• siderolabs/talos@07bb61e60 chore: module-sig-verify cleanup
• siderolabs/talos@5e9d836c3 chore: add kernel module signtaure verification
• siderolabs/talos@3cd1c6bb0 fix: send 'STOP' event on phase end
• siderolabs/talos@5176d27dc feat: update Kubernetes to 1.27.0-rc.1
• siderolabs/talos@2c55550a6 fix: quote ISO kernel args for GRUB
• siderolabs/talos@319d76e38 fix: respect BROWSER=echo in client auth interceptor
• siderolabs/talos@4e4ace839 chore: update Go to 1.20.3
• siderolabs/talos@170f73899 fix: correctly parse static pod phase
• siderolabs/talos@c3a595d5b fix: improve action tracking post checks
• siderolabs/talos@eb01edbc8 fix: rework DHCP flow
• siderolabs/talos@e095150a6 test: bump CAPI components versions

Changes since v1.5.0-beta.1

• siderolabs/talos@429a2de86 release(v1.5.0): prepare release
• siderolabs/talos@7d37108e7 test: fix the check on 'trusted boot'
• siderolabs/talos@644c8a4a5 feat: update pkgs
• siderolabs/talos@17d11cb36 chore: update Kubernetes Go modules to 0.28.0
• siderolabs/talos@c15106898 feat: update Kubernetes to 1.28.0
• siderolabs/talos@51680ad02 chore: add version compatibility for Talos 1.6
• siderolabs/talos@fd304fae2 feat: update Kubernetes to 1.28.0-rc.1
• siderolabs/talos@2c122b37f fix: match routes on the priority properly
• siderolabs/talos@16382a650 refactor: compile regex in validation method on the first use
• siderolabs/talos@f0364d29e refactor: docgen and config examples
• siderolabs/talos@5dec8c22e docs: add what's new and documentation for Talos 1.5

Changes from siderolabs/crypto

• siderolabs/crypto@8f77da3 feat: add a method to load PEM key from file
• siderolabs/crypto@c03ff58 feat: add a way to represent redacted x509 private keys

Changes from siderolabs/discovery-api

• siderolabs/discovery-api@5e3db3c chore: app optional ControlPlane data

Changes from siderolabs/discovery-client

• siderolabs/discovery-client@9ba5f03 chore: app optional ControlPlane data

Changes from siderolabs/extras

• siderolabs/extras@f521190 feat: update Go to 1.20.7
• siderolabs/extras@26b9d64 chore: bump dependencies
• siderolabs/extras@f415aac feat: update Go to 1.20.6
• siderolabs/extras@a73d524 feat: update Go to 1.20.5
• siderolabs/extras@36c8ac4 chore: update to Go 1.20.3

Changes from siderolabs/gen

• siderolabs/gen@f9f5805 chore: bump rekres and add functions from exp
• siderolabs/gen@b968d21 feat: add TryRecv and RecvWithContext functions
• siderolabs/gen@476dfea feat: add foreach and clear to lazymap

Changes from siderolabs/go-blockdevice

• siderolabs/go-blockdevice@fbb01f7 fix: properly detect token not found error
• siderolabs/go-blockdevice@3e08968 fix: do not attach token to a key slot
• siderolabs/go-blockdevice@f2c419e feat: support LUKS token management
• siderolabs/go-blockdevice@076874a chore: resolve blockdevice symlinks

Changes from siderolabs/go-debug

• siderolabs/go-debug@43d9100 chore: allow enabling pprof manually

Changes from siderolabs/go-kubernetes

• siderolabs/go-kubernetes@69fea5b feat: support upgrades to Kubernetes 1.28
• siderolabs/go-kubernetes@5a3df5b fix: remove removed APIs for 1.27 upgrade

Changes from siderolabs/go-loadbalancer

• siderolabs/go-loadbalancer@574126c chore: add 0.1ms tier and fix tiers
• siderolabs/go-loadbalancer@5301800 chore: fix logging and tests
• siderolabs/go-loadbalancer@b23a173 chore: replace std log with zap
• siderolabs/go-loadbalancer@1a2f374 feat: add multi-tier scoring based for generic List
• siderolabs/go-loadbalancer@56a27da chore: move to siderolabs/tcpproxy of inet.af/tcpproxy
• siderolabs/go-loadbalancer@f3a0e24 fix: use SO_LINGER option when doing TCP healthchecks

Changes from siderolabs/go-pcidb

• siderolabs/go-pcidb@164a1b2 refactor: use 'switch' statement instead of giant maps

Changes from siderolabs/kms-client

• siderolabs/kms-client@50064b6 fix: pass context to the key handler in the server wrapper
• siderolabs/kms-client@83e0a2e feat: define API and add reference implementation for KMS server
• siderolabs/kms-client@8c37ee8 Initial commit

Changes from siderolabs/pkgs

• siderolabs/pkgs@2f2c9cd feat: update Linux to 6.1.45
• siderolabs/pkgs@e4aa9a2 fix: nonfree kmod pkg name
• siderolabs/pkgs@ac36033 feat: update containerd to 1.6.23
• siderolabs/pkgs@b5671ab feat: update runc to 1.1.9
• siderolabs/pkgs@2c89ab6 chore: enable pushing of non-free packages
• siderolabs/pkgs@8a2227d chore: update kernel and microcode
• siderolabs/pkgs@2abca48 feat: update Go to 1.20.7, OpenSSL to 1.1.1v
• siderolabs/pkgs@8144720 chore: bump dependencies
• siderolabs/pkgs@cb97daf chore: add dm_multipath to kernel
• siderolabs/pkgs@a65ac0d refactor: move device drivers out as kernel modules
• siderolabs/pkgs@357bd67 feat: update Linux to 6.1.41
• siderolabs/pkgs@41191cf feat: add alx drivers
• siderolabs/pkgs@fedfafa feat: add thunderbolt/USB4 module
• siderolabs/pkgs@17d5b94 feat: enable NET_IPGRE kernel config
• siderolabs/pkgs@84cdfb6 feat: add 'zfs' package
• siderolabs/pkgs@d0eaedc feat: enable DM_RAID kernel config
• siderolabs/pkgs@d5e0fad feat: update dependencies
• siderolabs/pkgs@c644633 feat: enable multi-gen lru by default
• siderolabs/pkgs@75696ba feat: update Go to 1.20.6
• siderolabs/pkgs@205cab6 chore: feat use new sd-boot
• siderolabs/pkgs@fb817fe fix: enable USB attached SCSI driver on x86 systems
• siderolabs/pkgs@43451e6 chore: bump dependencies
• siderolabs/pkgs@eca94f8 feat: enable sriov
• siderolabs/pkgs@5a8e8e5 feat: enable VMWARE/HYPERV vsockets
• siderolabs/pkgs@edd725a chore: bump deps
• siderolabs/pkgs@c0ac69b feat: enable CONFIG_NVME_{MULTIPATH|AUTH}
• siderolabs/pkgs@f7cd916 fix: bump drbd to 9.2.4
• siderolabs/pkgs@a56d15a fix: copy missing modules.* files
• siderolabs/pkgs@1eefa66 feat: build isb modem drivers as module
• siderolabs/pkgs@a859f4f fix: build RDMA_RXE as a module
• siderolabs/pkgs@5fb5e95 feat: bump dependencies
• siderolabs/pkgs@39a64b2 feat: update Linux to 6.1.31, add GENEVE for arm64
• siderolabs/pkgs@97177be feat: update Linux to 6.1.30
• siderolabs/pkgs@b1f9d4e chore: prevent unsigned kexec with secureboot
• siderolabs/pkgs@9232a42 feat: add reproducibility pipelines
• siderolabs/pkgs@702d7a7 chore: bump deps
• siderolabs/pkgs@7958db1 chore: copy over sd-boot and sd-stub from tools
• siderolabs/pkgs@813b3c3 chore: revert xfsprogs
• siderolabs/pkgs@0cc78ab chore: bump kernel to 6.1.28
• siderolabs/pkgs@70189e3 chore: bump deps
• siderolabs/pkgs@c5d3bf1 feat: add sd-stub and sd-boot
• siderolabs/pkgs@30a7ac2 feat: update Linux 6.1.27, containerd 1.6.21
• siderolabs/pkgs@fbc6ee5 chore: bump deps
• siderolabs/pkgs@82b9489 chore: bump dependencies
• siderolabs/pkgs@f37e520 feat: update Linux to 6.1.25
• siderolabs/pkgs@3920b16 feat: add multi-gen LRU kernel support
• siderolabs/pkgs@988f1ec feat: update Linux to 6.1.24
• siderolabs/pkgs@5327d12 fix: remove FB_NVIDIA drivers, Linux 6.1.23
• siderolabs/pkgs@4eae958 chore: copy over the kernel signing public key
• siderolabs/pkgs@174f8fc chore: update Go to 1.20.3
• siderolabs/pkgs@41629b0 chore: reorder pkgs for better kernel caching
• siderolabs/pkgs@b483a6b feat: build 'snp.efi' for iPXE
• siderolabs/pkgs@fb853ff feat: update containerd to 1.6.20

Changes from siderolabs/tools

• siderolabs/tools@c050b7e feat: update OpenSSL to 1.1.1v
• siderolabs/tools@640e523 feat: update Go to 1.20.7
• siderolabs/tools@fd42f4b chore: bump dependencies
• siderolabs/tools@7cefce4 chore: optimize tools image size
• siderolabs/tools@dc7dd9e chore: remove libseccomp
• siderolabs/tools@e27c249 feat: update Go to 1.20.6
• siderolabs/tools@9b6d512 feat: use systemd 254-rc1
• siderolabs/tools@cd3b692 chore: bump deps
• siderolabs/tools@c1027a6 chore: remove sbsign
• siderolabs/tools@e0c76c0 chore: bump dependencies
• siderolabs/tools@7d0cd58 feat: update Go to 1.20.5
• siderolabs/tools@150efc2 chore: remove non needed tools
• siderolabs/tools@88ebb40 feat: add swtpm
• siderolabs/tools@4c5d7fe chore: use same source epoch everywhere
• siderolabs/tools@2e46e5b feat: add reproducibility pipelines
• siderolabs/tools@c6a41b6 fix: add sd-stub assertion patch
• siderolabs/tools@d2dde48 chore: bump deps
• siderolabs/tools@8e45ad7 feat: add sbsign
• siderolabs/tools@271c4a6 feat: add sd-tools
• siderolabs/tools@eedc294 chore: bump deps
• siderolabs/tools@81b09a5 feat: add libcap and gnuefi
• siderolabs/tools@47b0fd3 chore: bump go to 1.20.4
• siderolabs/tools@ff4cf2b chore: bump deps
• siderolabs/tools@1563556 feat: update Go to 1.20.3

Dependency Changes

• github.com/BurntSushi/toml v1.2.1 -> v1.3.2
• github.com/aws/aws-sdk-go-v2/config v1.18.32 new
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.7 new
• github.com/aws/smithy-go v1.14.0 new
• github.com/beevik/ntp v0.3.0 -> v1.2.0
• github.com/benbjohnson/clock v1.1.0 -> v1.3.5
• github.com/cenkalti/backoff/v4 v4.2.0 -> v4.2.1
• github.com/containerd/containerd v1.6.19 -> v1.6.23
• github.com/containerd/typeurl/v2 v2.1.1 new
• github.com/containernetworking/plugins v1.2.0 -> v1.3.0
• github.com/coreos/go-iptables v0.6.0 -> v0.7.0
• github.com/cosi-project/runtime v0.3.0 -> v0.3.1
• github.com/docker/distribution v2.8.1 -> v2.8.2
• github.com/docker/docker v23.0.2 -> v24.0.5
• github.com/ecks/uefi caef65d070eb new
• github.com/emicklei/dot v1.4.2 -> v1.6.0
• github.com/foxboron/go-uefi 32187aa193d0 new
• github.com/google/go-containerregistry v0.15.2 new
• github.com/google/go-tpm v0.9.0 new
• github.com/gopacket/gopacket v1.1.1 new
• github.com/hashicorp/go-envparse v0.1.0 new
• github.com/hashicorp/go-getter/v2 v2.2.1 new
• github.com/hetznercloud/hcloud-go/v2 v2.0.0 new
• github.com/insomniacslk/dhcp 74ae03f2425e -> 0f9eb93a696c
• github.com/jsimonetti/rtnetlink v1.3.1 -> v1.3.4
• github.com/mattn/go-isatty v0.0.18 -> v0.0.19
• github.com/mdlayher/ethtool ba3b4bc2e02c -> v0.1.0
• github.com/mdlayher/genetlink v1.3.1 -> v1.3.2
• github.com/mdlayher/netlink v1.7.1 -> v1.7.2
• github.com/mdlayher/netx c711c2f8512f -> 7e21880baee8
• github.com/nberlee/go-netstat v0.1.1 -> v0.1.2
• github.com/opencontainers/go-digest v1.0.0 new
• github.com/opencontainers/image-spec v1.1.0-rc2 -> v1.1.0-rc4
• github.com/packethost/packngo v0.29.0 -> v0.30.0
• github.com/prometheus/procfs v0.9.0 -> v0.11.1
• github.com/rivo/tview 281d14d896d7 -> 6cc0565babaf
• github.com/rs/xid v1.4.0 -> v1.5.0
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.15 -> v1.0.0-beta.20
• github.com/siderolabs/crypto v0.4.0 -> v0.4.1
• github.com/siderolabs/discovery-api v0.1.2 -> v0.1.3
• github.com/siderolabs/discovery-client v0.1.4 -> v0.1.5
• github.com/siderolabs/extras v1.4.0-1-g9b07505 -> v1.5.0
• github.com/siderolabs/gen v0.4.3 -> v0.4.5
• github.com/siderolabs/go-blockdevice v0.4.4 -> v0.4.6
• github.com/siderolabs/go-debug v0.2.2 -> v0.2.3
• github.com/siderolabs/go-kubernetes v0.2.0 -> v0.2.2
• github.com/siderolabs/go-loadbalancer v0.2.1 -> v0.3.2
• github.com/siderolabs/go-pcidb v0.1.0 -> v0.2.0
• github.com/siderolabs/kms-client v0.1.0 new
• github.com/siderolabs/pkgs v1.4.1-5-ga333a84 -> v1.5.0-6-g2f2c9cd
• github.com/siderolabs/talos/pkg/machinery v1.4.0 -> v1.5.0
• github.com/siderolabs/tools v1.4.0-1-g955aabc -> v1.5.0
• github.com/spf13/cobra v1.6.1 -> v1.7.0
• github.com/stretchr/testify v1.8.2 -> v1.8.4
• github.com/vmware-tanzu/sonobuoy v0.56.16 -> v0.56.17
• go.etcd.io/etcd/api/v3 v3.5.8 -> v3.5.9
• go.etcd.io/etcd/client/pkg/v3 v3.5.8 -> v3.5.9
• go.etcd.io/etcd/client/v3 v3.5.8 -> v3.5.9
• go.etcd.io/etcd/etcdutl/v3 v3.5.8 -> v3.5.9
• go.uber.org/zap v1.24.0 -> v1.25.0
• go4.org/netipx f1b76eb4bb35 -> ec4c8b891b28
• golang.org/x/net v0.8.0 -> v0.13.0
• golang.org/x/sync v0.1.0 -> v0.3.0
• golang.org/x/sys v0.6.0 -> v0.10.0
• golang.org/x/term v0.6.0 -> v0.10.0
• golang.org/x/text v0.11.0 new
• golang.zx2c4.com/wireguard/wgctrl 9c5414ab4bde -> 925a1e7659e6
• google.golang.org/grpc v1.54.0 -> v1.57.0
• google.golang.org/protobuf v1.30.0 -> v1.31.0
• k8s.io/api v0.27.1 -> v0.28.0
• k8s.io/apimachinery v0.27.1 -> v0.28.0
• k8s.io/apiserver v0.27.1 -> v0.28.0
• k8s.io/client-go v0.27.1 -> v0.28.0
• k8s.io/component-base v0.27.1 -> v0.28.0
• k8s.io/cri-api v0.27.1 -> v0.28.0
• k8s.io/klog/v2 v2.90.1 -> v2.100.1
• k8s.io/kubectl v0.27.1 -> v0.28.0
• k8s.io/kubelet v0.27.1 -> v0.28.0
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.68 -> v1.2.69

Previous release can be found at v1.4.0

Images

ghcr.io/siderolabs/flannel:v0.22.1
ghcr.io/siderolabs/install-cni:v1.5.0
registry.k8s.io/coredns/coredns:v1.10.1
gcr.io/etcd-development/etcd:v3.5.9
registry.k8s.io/kube-apiserver:v1.28.0
registry.k8s.io/kube-controller-manager:v1.28.0
registry.k8s.io/kube-scheduler:v1.28.0
registry.k8s.io/kube-proxy:v1.28.0
ghcr.io/siderolabs/kubelet:v1.28.0
ghcr.io/siderolabs/installer:v1.5.0
registry.k8s.io/pause:3.6

Talos 1.4.8 (2023-08-10)

Welcome to the v1.4.8 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.1.44

Talos is built with Go 1.20.7.

Contributors

• Andrey Smirnov
• Andrey Smirnov

Changes

• siderolabs/talos@84c2961ab release(v1.4.8): prepare release
• siderolabs/talos@371586180 chore: update Go to 1.20.7, Linux to 6.1.44
• siderolabs/talos@85b5d1ddd fix: calculate log2i properly

Changes from siderolabs/extras

• siderolabs/extras@9b41398 chore: update go to 1.20.7

Changes from siderolabs/pkgs

• siderolabs/pkgs@13103d6 chore: update Go to 1.20.7
• siderolabs/pkgs@782d769 feat: update Linux to 6.1.44
• siderolabs/pkgs@11860e5 chore: enable pushing of non-free packages

Changes from siderolabs/tools

• siderolabs/tools@6889ef6 feat: update Go to 1.20.7

Dependency Changes

• github.com/siderolabs/extras v1.4.0-3-g2b5a1e6 -> v1.4.0-4-g9b41398
• github.com/siderolabs/pkgs v1.4.1-16-g69266d9 -> v1.4.1-19-g13103d6
• github.com/siderolabs/talos/pkg/machinery v1.4.7 -> v1.4.8
• github.com/siderolabs/tools v1.4.0-4-g78b2dc6 -> v1.4.0-5-g6889ef6

Previous release can be found at v1.4.7

Images

ghcr.io/siderolabs/flannel:v0.21.4
ghcr.io/siderolabs/install-cni:v1.4.0-4-g9b41398
docker.io/coredns/coredns:1.10.1
gcr.io/etcd-development/etcd:v3.5.9
registry.k8s.io/kube-apiserver:v1.27.4
registry.k8s.io/kube-controller-manager:v1.27.4
registry.k8s.io/kube-scheduler:v1.27.4
registry.k8s.io/kube-proxy:v1.27.4
ghcr.io/siderolabs/kubelet:v1.27.4
ghcr.io/siderolabs/installer:v1.4.8
registry.k8s.io/pause:3.6

Talos 1.5.0-beta.1 (2023-08-09)

Welcome to the v1.5.0-beta.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Extension Services

Talos now supports setting environmentFile for an extension service container spec. Refer: https://www.talos.dev/v1.5/advanced/extension-services/#container
The extension waits for the file to be present before starting the service.

Predictable Network Interface Names

Starting with version Talos 1.5, network interfaces are renamed to predictable names
same way as systemd does that in other Linux distributions.

The naming schema enx78e7d1ea46da (based on MAC addresses) is enabled by default, the order of interface naming decisions is:

• firmware/BIOS provided index numbers for on-board devices (example: eno1)
• firmware/BIOS provided PCI Express hotplug slot index numbers (example: ens1)
• physical/geographical location of the connector of the hardware (example: enp2s0)
• interfaces's MAC address (example: enx78e7d1ea46da)

The predictable network interface names features can be disabled by specifying net.ifnames=0 in the kernel command line.
Talos automatically adds the net.ifnames=0 kernel argument when upgrading from Talos versions before 1.5.

This change doesn't affect "cloud" platforms, like AWS, as Talos automatically adds net.ifnames=0 to the kernel command line.

Network KMS Disk Encryption

Talos now supports new type of encryption keys which are sealed/unsealed with an external KMS server:

systemDiskEncryption:
  ephemeral:
    keys:
      - kms:
          endpoint: https://1.2.3.4:443
        slot: 0

gRPC API definitions and a simple reference implementation of the KMS server can be found in this
repository.

KubePrism - Kubernetes API Server In-Cluster Load Balancer

Talos now supports configuring the KubePrism - Kubernetes API Server in-cluster load balancer with machine config
features.kubePrism.port and features.kubePrism.enabled fields.

If enabled, KubePrism binds to localhost and runs on the same port on every machine in the cluster.
The default value for KubePrism endpoint is https://localhost:7445.

The KubePrism is used by the kubelet, kube-scheduler, kube-controller-manager
and kube-proxy by default and can be passed to the CNIs like Cilium and Calico.

The KubePrism provides access to the Kubernetes API endpoint even if the external loadbalancer
is not healthy, provided that the worker nodes can reach to the controlplane machine addresses directly.

Machine Config option .machine.install.bootloader

The .machine.install.bootloader option in the machine config is deprecated and will be removed in Talos 1.6.
This was a no-op for a long time. The bootloader is always installed.

XFS Quota

Talos 1.5+ enables XFS project quota support by default, also enabling by default
kubelet feature gate LocalStorageCapacityIsolationFSQuotaMonitoring to use xfs quotas
to monitor volume usage instead of du.

This feature is controlled by the .machine.features.diskQuotaSupport field in the machine config,
it is set to true for new clusters.

When upgrading from a previous version, the feature can be enabled by setting the field to true.
On the first mount of a volume, the quota information will be recalculated, which may take some time.

RDMA/RoCE support

Talos no longer loads by default rdma_rxe Linux driver, which is required for RoCE support.
If the driver is required, it can be enabled by specifying rdma_rxe in the .machine.kernel.modules field in the machine config.

SecureBoot

Talos now supports generating a custom iso that can be used with SecureBoot. Key generation and enrolling has to be done manually.

talosctl image Command

A new set of commands was introduced to manage container images in the CRI:

• talosctl image list shows list of available images
• talosctl image pull allows to pre-pull an image into the CRI

Both new commands accept --namespace flag with two possible values:

• cri (default): images managed by the CRI (Kubernetes workloads)
• system: images managed by Talos (etcd and kubelet)

talosctl images Command

The command talosctl images was renamed to talosctl image default.

The backward-compatible alias is kept in Talos 1.5, but it will be dropped in Talos 1.6.

TPM Disk Encryption

Talos now supports encrypting STATE/EPHEMERAL with keys bound to a TPM device. The TPM device must be TPM2.0 compatible.
This is ideally supported when booting with new Talos SecureBoot UKI ISOs/Metal images. This feature would still work if SecureBoot
is not enabled for UKI images, but not recommended since there is no way to verify the trust of the bootloader.

Example machine config:

systemDiskEncryption:
  ephemeral:
    provider: luks2
    keys:
      - slot: 0
        tpm: {}
  state:
    provider: luks2
    keys:
      - slot: 0
        tpm: {}

Component Updates

• Linux: 6.1.44
• containerd: 1.6.22
• runc: 1.1.8
• etcd: 3.5.9
• Kubernetes: 1.28.0-rc.0
• Flannel: 0.22.1

Talos is built with Go 1.20.7.

talosctl upgrade-k8s Image Pre-pulling

The command talosctl upgrade-k8s now by default pre-pulls images for Kubernetes controlplane components
and kubelet. This provides an early check for missing images, and minimizes downtime during Kubernetes
rolling component update.

Contributors

• Andrey Smirnov
• Noel Georgi
• Dmitriy Matrenichev
• Utku Ozdemir
• Artem Chernyshev
• Spencer Smith
• Andrey Smirnov
• Christian Rolland
• Steve Francis
• Andrei Kvapil
• Nanfei Chen
• Nico Berlee
• Alex Corcoles
• Alex Corcoles
• Alex Lubbock
• Artem Chernyshev
• Budiman Jojo
• Chris Hoffman
• DJAlPee
• Dennis Marttinen
• Eirik Askheim
• Florian Klink
• Henk Kraal
• Igor Rzegocki
• James Callahan
• Jared Davenport
• LukasAuerbeck
• Markus Reiter
• Michael A. Davis
• Michael Fornaro
• Niklas Wik
• Piotr Maksymiuk
• Ricky Sadowski
• Roee Klinger
• Sacha Trémoureux
• Scott Cariss
• Serge Logvinov
• Thomas Lemarchand
• Thomas Perronin
• Tim Jones
• Victor Bajada
• Walt Chen
• bdronneau

Changes

• siderolabs/talos@bd44bf02a chore: fix dependencies in the release pipeline
• siderolabs/talos@46d61bb3f release(v1.5.0-beta.1): prepare release
• siderolabs/talos@8a94ae93e chore: update Linux to 6.1.44
• siderolabs/talos@0b9f200ad chore: allow multiple commits
• siderolabs/talos@3e2359403 chore: clean up the output of the imager
• siderolabs/talos@d52e5d672 chore: optimize memory usage of tcell library on init
• siderolabs/talos@c8231d482 fix: make encryption config provider default to luks2 if not set
• siderolabs/talos@47b1224c9 chore: publish systemd-boot and systemd-stub assets
• siderolabs/talos@761e7737b fix: calculate log2i properly
• siderolabs/talos@6748efb4e fix: fast-wipe the system disk on talosctl reset
• siderolabs/talos@73db592fa docs: update cilium instructions
• siderolabs/talos@eae450772 fix: fix azure portion of cloud uploader
• siderolabs/talos@a94cb001c fix: update providerid prefix for aws
• siderolabs/talos@de763409b release(v1.5.0-beta.0): prepare release
• siderolabs/talos@87fe8f1a2 feat: implement image generation profiles
• siderolabs/talos@e685208ce chore: update go 1.20.7
• siderolabs/talos@10f958cf4 feat: network configuration improvements on the NoCloud platform
• siderolabs/talos@5adeb5042 feat: update extension spec allowlist for opengl
• siderolabs/talos@abf383117 chore: remove cpu_manager_state on cpuManagerPolicy change
• siderolabs/talos@018e7f587 chore: bump dependencies
• siderolabs/talos@68e6b98f7 feat: add security state resource
• siderolabs/talos@209c34801 chore: drop with-secureboot talosctl flag
• siderolabs/talos@ab14905d9 docs: note that Talos API requires TCP only load balancer, not HTTPS
• siderolabs/talos@078c29c73 chore: re-enable cloud images step
• siderolabs/talos@a17272cdd chore: update hcloud API SDK to v2
• siderolabs/talos@6d71bb8df refactor: replace google/gopacket with gopacket/gopacket
• siderolabs/talos@846f37d84 refactor: drop dependency on vmware/govmomi
• siderolabs/talos@ca0b32c51 refactor: update AWS SDK and http-getter to v2 versions
• siderolabs/talos@dbb9f2bc7 chore: add dm_multipath module
• siderolabs/talos@b70b7ea57 chore: use new go-pcidb database
• siderolabs/talos@9b533e27c feat: update Kubernetes to 1.28.0-rc.0
• siderolabs/talos@a3a2aa8ef fix: use fast wipe for upgrade
• siderolabs/talos@f863498ff fix: always override APIServer audit policy
• siderolabs/talos@355681dda fix: terminate dashboard gracefully on & switch back to tty1
• siderolabs/talos@544cb4fe7 refactor: accept partial machine configuration
• siderolabs/talos@9b0bc3e93 chore: split kernel modules out of the tree
• siderolabs/talos@ffa48ac80 chore: workaround AWS AMI failures, disable Azure uploader
• siderolabs/talos@4cd7623cf chore: add alx drivers
• siderolabs/talos@663264c86 release(v1.5.0-alpha.3): prepare release
• siderolabs/talos@d2f64af86 chore: disable cloud-images, pull in new kernel and gre module
• siderolabs/talos@8edce4906 docs: improve proxmox install guide
• siderolabs/talos@c783458be docs: typo dhcp -> dhcp
• siderolabs/talos@003cbd161 docs: warn about secretboxEncryptionSecret in kubeadm migration guide
• siderolabs/talos@786e86f5b refactor: rewrite the way Talos acquires the machine configuration
• siderolabs/talos@5e13cafe5 feat: enforce kernel lockdown for UKI
• siderolabs/talos@4d96d642f feat: update default Kubernetes version to 1.28.0-beta.0
• siderolabs/talos@170a73e16 chore: support creating qemu guest socket
• siderolabs/talos@59ac38a6b docs: add docs for installing azure ccm and csi
• siderolabs/talos@6288cd970 release(v1.5.0-alpha.2): prepare release
• siderolabs/talos@60c304126 chore: bump dependencies
• siderolabs/talos@9ef4e5efc fix: log explicitly when kubelet has no nodeIP match
• siderolabs/talos@6b39c6a4d fix: enable compression and bump gRPC max msg size
• siderolabs/talos@2f2eca861 chore: basic support for shutdown/poweroff flags
• siderolabs/talos@b84277d7d docs: fix wrong capability name
• siderolabs/talos@59d7d9344 chore: use machined for shutdown, poweroff
• siderolabs/talos@2439bfb71 chore: explicitly add timestamps to machined logs
• siderolabs/talos@14966e718 fix: skip over tpm2 1.2 devices
• siderolabs/talos@6716e7bc0 docs: update cilium documentation about KubePrism usage
• siderolabs/talos@166d75fe8 fix: tpm2 encrypt/decrypt flow
• siderolabs/talos@130518de7 chore: change missing renames of KubePrism
• siderolabs/talos@5f34f5b41 chore: rename api load balancer to KubePrism
• siderolabs/talos@c8b7095c0 refactor: use tpm2 library to calculate policy hash
• siderolabs/talos@078aac92e chore: bump deps
• siderolabs/talos@53873b844 refactor: move ukify into Talos code
• siderolabs/talos@d5f6fb9ff chore: add vendor info
• siderolabs/talos@79365d9ba feat: tpm2 based disk encryption
• siderolabs/talos@06369e819 fix: retry CRI pod removal, fix upgrade flow in the tests
• siderolabs/talos@d32dd3a82 chore: update Go to 1.20.6
• siderolabs/talos@8017afb10 feat: implement CRI image management and pre-pull on K8s upgrade
• siderolabs/talos@1c2f19b36 feat: update Kubernetes to 1.28.0-alpha.4
• siderolabs/talos@94e9891c1 chore: bump sd-boot to v254-rc1
• siderolabs/talos@936111ce0 fix: properly set up tls for KMS endpoint
• siderolabs/talos@cb226eec4 fix: rewrite encryption system information flow
• siderolabs/talos@3206db528 feat: drop tpm simulator for ukify measure
• siderolabs/talos@bd4f89f63 fix: disable dashboard on Azure, GCP and Scaleway
• siderolabs/talos@bdb96189f refactor: make maintenance service controller-based
• siderolabs/talos@d23d04de2 feat: seed the kernel random pool from the TPM
• siderolabs/talos@c81ce8cfb feat: support controlplane resources configuration
• siderolabs/talos@74de562b2 fix: mount hugepages with nosuid + nodev
• siderolabs/talos@ce63abb21 feat: add KMS assisted encryption key handler
• siderolabs/talos@dafbe9deb chore: optimize dockerfile instructions
• siderolabs/talos@a4289e870 chore: fix CLI docs generation stability
• siderolabs/talos@2fec8388f chore: bump dependencies
• siderolabs/talos@c1b4262dd docs: split simple and more complex getting started guides
• siderolabs/talos@c9a9f9561 refactor: extract secure boot certificate generation
• siderolabs/talos@6be5a13d5 feat: implement machine config documents for event and log streaming
• siderolabs/talos@e241be85b fix: properly handle YAML comment stripping for multi-doc
• siderolabs/talos@c02ada7d9 fix: capabilities including ALL should be uppercase
• siderolabs/talos@cbdf96d46 feat: support environment file for extensions
• siderolabs/talos@35d6adcb9 fix: provide stashed META values before installation
• siderolabs/talos@258f07449 fix: ukify cert generation
• siderolabs/talos@bf3febb7e fix: refine OVMF search paths
• siderolabs/talos@fbebc17f8 fix: disable LVM backups/archive
• siderolabs/talos@e5306ef26 chore: format and cleanup test scripts
• siderolabs/talos@bc371ecfd chore: add /sbin/shutdown
• siderolabs/talos@0d313b973 feat: add reboot-mode flag to talosctl upgrade
• siderolabs/talos@7ce87f20c fix: compare only basename of os.Args[0] in machined
• siderolabs/talos@53389b1e7 feat: auto-enroll secure boot keys
• siderolabs/talos@d77f0bc7b docs: fix broken link to powershell module
• siderolabs/talos@e1b150a11 release(v1.5.0-alpha.1): prepare release
• siderolabs/talos@8daf432b2 chore: bump deps
• siderolabs/talos@e3f3f5794 feat: implement revert for sd-boot
• siderolabs/talos@d8b0903d7 docs: vagrant setup document fix
• siderolabs/talos@fe0f46980 feat: implement secure boot from disk
• siderolabs/talos@445f5ad54 feat: support API server load balancer
• siderolabs/talos@19bc223de refactor: bootloader interface, labels
• siderolabs/talos@665702ddd chore: fix cilium e2e tests
• siderolabs/talos@71a548d18 chore: generic boootloader implementation
• siderolabs/talos@e9dbc9311 test: bump versions for upgrade tests
• siderolabs/talos@0a99965ef refactor: replace uncordonNode with controllers
• siderolabs/talos@e858bca3a test: fix cilium integration tests
• siderolabs/talos@455328d05 fix: allow time skew for generated kubeconfig
• siderolabs/talos@3ae05648a fix: usage of custom kernels
• siderolabs/talos@0797b0d16 chore: add a pipeline to test cloud-images step without a release
• siderolabs/talos@e5a36268b docs: include allowSchedulingOnControlPlanes on talosctl gen config output
• siderolabs/talos@c74d93728 chore: bump github.com/cosi-project/runtime
• siderolabs/talos@dbaf5c699 refactor: task labelControlPlane into controllers
• siderolabs/talos@1865a0c29 chore: modify some usages that are not recommended
• siderolabs/talos@3816318b9 chore: wrap config.Provider in atomic wrapper
• siderolabs/talos@d04cf1978 chore: clean up unnecessary self assignment
• siderolabs/talos@a34a94898 fix: copy missing modules.* files
• siderolabs/talos@f5e3272fc refactor: task 'updateBootLoader' as controller
• siderolabs/talos@e7be6ee7c refactor: make event log streaming fully reactive
• siderolabs/talos@aef2192a6 chore: use fixed module list
• siderolabs/talos@c719aa231 fix: allow http:// for discovery service URL
• siderolabs/talos@39134d8d5 chore: fix cron pipeline
• siderolabs/talos@a61dcdbbd fix: don't load RDMA over Ethernet driver by default
• siderolabs/talos@aac441f61 chore: update Go to 1.20.5, bump dependencies
• siderolabs/talos@1c0c7933d chore: cleanup partition code
• siderolabs/talos@31b988281 docs: add some words about certifcates
• siderolabs/talos@e912c0dfc chore: use go-blockdevice for zeroing partitions
• siderolabs/talos@e6dde8ffc feat: add network chaos to qemu development environment
• siderolabs/talos@47986cb79 chore: unify kexec phase
• siderolabs/talos@3a865370f feat: qemu secureboot
• siderolabs/talos@5dab45e86 refactor: allow kmsg log streaming to be reconfigured on the fly
• siderolabs/talos@8a02ecd4c chore: add endpoints balancer controller
• siderolabs/talos@423a31ac9 chore: deprectae bootloader installer option
• siderolabs/talos@cdfece7d6 chore: optimize image compression
• siderolabs/talos@bfc341937 chore: add default console args
• siderolabs/talos@2749aeeda feat: add support for multi-doc strategic merge patching
• siderolabs/talos@3f68485e4 feat: add uki iso generation
• siderolabs/talos@bab484a40 feat: use stable network interface names
• siderolabs/talos@196dfb99b fix: do not probe kernel args in dashboard if not needed
• siderolabs/talos@8c071b579 fix: skip DHCP RENEW if server IP in the lease is all zeroes
• siderolabs/talos@badbc51e6 refactor: rewrite code to include preliminary support for multi-doc
• siderolabs/talos@ecce29dee fix: upgrade-k8s use internal IP first, external IP fallback
• siderolabs/talos@3c64a5ffb chore: optimize image generation time
• siderolabs/talos@2292f36d9 chore: registry.k8s.io for coredns image
• siderolabs/talos@f2b258b37 docs: document talosctl version for upgrades
• siderolabs/talos@a0773f783 chore: add ukify Go script
• siderolabs/talos@b69e38d1f chore: bump dependencies
• siderolabs/talos@adce65103 docs: add piraeus/drbd to storage documentation
• siderolabs/talos@a982cabe7 docs: link support matrix in k8s update doc
• siderolabs/talos@1fb29a56a fix: fail quickly if upgrade-k8s is used with multiple nodes
• siderolabs/talos@51d931c47 chore: faster dev cycle
• siderolabs/talos@dc6764871 refactor: move around config interfaces, make RawV1Alpha1 typed
• siderolabs/talos@ea9a97dba fix: fall back to external IP when discovering nodes in upgrade-k8s
• siderolabs/talos@0bb7e8a5c refactor: split config.Provider into Config & Container
• siderolabs/talos@85d8a1619 chore: bump deps
• siderolabs/talos@39b7a56f0 chore: use 8GiB instead of 10GiB for cloud images
• siderolabs/talos@ff11fd39c fix: race with udevd and mountUserDisks
• siderolabs/talos@c3fabb982 chore: update default image sizes to 10GB for all "cloud" images
• siderolabs/talos@10155c390 feat: enable xfs project quota support, kubelet feature
• siderolabs/talos@eba818564 release(v1.5.0-alpha.0): prepare release
• siderolabs/talos@383471c3e feat: update default Kubernetes to v1.27.2
• siderolabs/talos@8f68d1abe chore: bump deps
• siderolabs/talos@e0c1585d3 feat: create azure community gallery image version on release
• siderolabs/talos@dd8336c9e fix: refresh kubelet self-issued serving certificates
• siderolabs/talos@bb02dd263 chore: drop deprecated stuff for Talos 1.5
• siderolabs/talos@61cad8673 chore: bump deps
• siderolabs/talos@01dfd3af7 feat: update etcd to v3.5.9
• siderolabs/talos@aa65fbb8a chore: update KUBECTL_URL to reflect the community bucket
• siderolabs/talos@cc3128d94 chore: bump kernel to 6.1.28
• siderolabs/talos@97fffaf78 chore: use ctest.UpdateWithConflicts instead of plain UpdateWithConflicts
• siderolabs/talos@3b36993b9 fix: rlimit nofile test
• siderolabs/talos@45e6e27af chore: bump runtime
• siderolabs/talos@4f720d465 fix: revert: set rlimit explicitly in wrapperd
• siderolabs/talos@a2565f674 fix: set rlimit explicitly in wrapperd
• siderolabs/talos@cdfc242b8 chore: re-enable Go buildid
• siderolabs/talos@e67f3f5c5 feat: linux 6.1.27, containerd 1.6.21, go 1.20.4
• siderolabs/talos@55ae59a0a fix: properly skip/cleanup controlplane configs for workers
• siderolabs/talos@64eade9bd chore: clean up unused constant
• siderolabs/talos@62c6e9655 feat: introduce siderolink config resource & reconnect
• siderolabs/talos@860002c73 fix: don't reload control plane pods on cert SANs changes
• siderolabs/talos@d43c61e80 fix: enforce nolock option for all NFS mounts by default
• siderolabs/talos@339986db9 fix: inhibit timer to follow kubelet timer
• siderolabs/talos@cbf6dc100 fix: set timeout for unmount calls
• siderolabs/talos@b58f913d5 fix: set the static pod priority as values
• siderolabs/talos@f8a7a5b6b docs: add information about KubeSpan ports and topology
• siderolabs/talos@2bad74d64 docs: add how to on scaling down
• siderolabs/talos@7442ff8b0 chore: fix typos inteface -> interface (docs and tests)
• siderolabs/talos@d4e94f7a1 fix: add back required TARGETARCH for installer
• siderolabs/talos@e6fffda01 chore: linux 6.1.26, runc 1.1.7
• siderolabs/talos@344746ae2 fix: bump max inhibit delay to 20 min
• siderolabs/talos@d9bdea2b5 chore: fork docs and compatibility modules for Talos 1.5
• siderolabs/talos@3d99610fc docs: document building, verifying image and process caps
• siderolabs/talos@014008ea2 fix: udevd rules trigger
• siderolabs/talos@9b36bb613 feat: update Linux to 6.1.25, fix virtio on arm64
• siderolabs/talos@08ec66c55 feat: clean up (garbage collect) system images which are not referenced
• siderolabs/talos@b097efcde fix: display correct number of machines on dashboard
• siderolabs/talos@cad43f0ad chore: remove k8s master label
• siderolabs/talos@e296a566e fix: support kernel userspace module loading
• siderolabs/talos@103f0ffdd feat: add startup probes to controller-manager and scheduler
• siderolabs/talos@5a1ae8aae chore: bump dependences
• siderolabs/talos@ec8c8dbaf chore: fix container image reproducibility
• siderolabs/talos@f661d8487 fix: allow talosctl cp to handle special files in /proc
• siderolabs/talos@2d824b563 fix: do not show control plane status for workers on dashboard
• siderolabs/talos@e5491ddad docs: update documentation for nocloud
• siderolabs/talos@7a004a6f7 fix: parse errors correctly
• siderolabs/talos@374ef5385 test: submit verbose flag to e2e tests
• siderolabs/talos@e1d38b6fe feat: show template URL in dashboard config URL tab
• siderolabs/talos@45d7f0ce9 docs: fix the latest url
• siderolabs/talos@96efbf147 docs: activate 1.4.0 docs by default
• siderolabs/talos@8c1f515b1 feat: update Linux to 6.1.24
• siderolabs/talos@8689bef5f docs: update documentation for Talos 1.4
• siderolabs/talos@a781dfb8e feat: update Kubernetes to 1.27.1
• siderolabs/talos@a737dd83a chore: typo in compatibility.ParseKubernetesVersion
• siderolabs/talos@f14928b0a fix: fix dashboard crash when a non-existent node is specified
• siderolabs/talos@3e406d9b0 feat: update etcd to v3.5.8
• siderolabs/talos@bd1cff3e8 chore: remove Go buildid
• siderolabs/talos@e31f7f50b feat: update Kubernetes to 1.27.0
• siderolabs/talos@aa3640d74 docs: update storage.md
• siderolabs/talos@07bb61e60 chore: module-sig-verify cleanup
• siderolabs/talos@5e9d836c3 chore: add kernel module signtaure verification
• siderolabs/talos@3cd1c6bb0 fix: send 'STOP' event on phase end
• siderolabs/talos@5176d27dc feat: update Kubernetes to 1.27.0-rc.1
• siderolabs/talos@2c55550a6 fix: quote ISO kernel args for GRUB
• siderolabs/talos@319d76e38 fix: respect BROWSER=echo in client auth interceptor
• siderolabs/talos@4e4ace839 chore: update Go to 1.20.3
• siderolabs/talos@170f73899 fix: correctly parse static pod phase
• siderolabs/talos@c3a595d5b fix: improve action tracking post checks
• siderolabs/talos@eb01edbc8 fix: rework DHCP flow
• siderolabs/talos@e095150a6 test: bump CAPI components versions

Changes since v1.5.0-beta.0

• siderolabs/talos@bd44bf02a chore: fix dependencies in the release pipeline
• siderolabs/talos@46d61bb3f release(v1.5.0-beta.1): prepare release
• siderolabs/talos@8a94ae93e chore: update Linux to 6.1.44
• siderolabs/talos@0b9f200ad chore: allow multiple commits
• siderolabs/talos@3e2359403 chore: clean up the output of the imager
• siderolabs/talos@d52e5d672 chore: optimize memory usage of tcell library on init
• siderolabs/talos@c8231d482 fix: make encryption config provider default to luks2 if not set
• siderolabs/talos@47b1224c9 chore: publish systemd-boot and systemd-stub assets
• siderolabs/talos@761e7737b fix: calculate log2i properly
• siderolabs/talos@6748efb4e fix: fast-wipe the system disk on talosctl reset
• siderolabs/talos@73db592fa docs: update cilium instructions
• siderolabs/talos@eae450772 fix: fix azure portion of cloud uploader
• siderolabs/talos@a94cb001c fix: update providerid prefix for aws

Changes from siderolabs/crypto

• siderolabs/crypto@8f77da3 feat: add a method to load PEM key from file
• siderolabs/crypto@c03ff58 feat: add a way to represent redacted x509 private keys

Changes from siderolabs/discovery-api

• siderolabs/discovery-api@5e3db3c chore: app optional ControlPlane data

Changes from siderolabs/discovery-client

• siderolabs/discovery-client@9ba5f03 chore: app optional ControlPlane data

Changes from siderolabs/extras

• siderolabs/extras@f521190 feat: update Go to 1.20.7
• siderolabs/extras@26b9d64 chore: bump dependencies
• siderolabs/extras@f415aac feat: update Go to 1.20.6
• siderolabs/extras@a73d524 feat: update Go to 1.20.5
• siderolabs/extras@36c8ac4 chore: update to Go 1.20.3

Changes from siderolabs/gen

• siderolabs/gen@f9f5805 chore: bump rekres and add functions from exp
• siderolabs/gen@b968d21 feat: add TryRecv and RecvWithContext functions
• siderolabs/gen@476dfea feat: add foreach and clear to lazymap

Changes from siderolabs/go-blockdevice

• siderolabs/go-blockdevice@fbb01f7 fix: properly detect token not found error
• siderolabs/go-blockdevice@3e08968 fix: do not attach token to a key slot
• siderolabs/go-blockdevice@f2c419e feat: support LUKS token management
• siderolabs/go-blockdevice@076874a chore: resolve blockdevice symlinks

Changes from siderolabs/go-debug

• siderolabs/go-debug@43d9100 chore: allow enabling pprof manually

Changes from siderolabs/go-kubernetes

• siderolabs/go-kubernetes@69fea5b feat: support upgrades to Kubernetes 1.28
• siderolabs/go-kubernetes@5a3df5b fix: remove removed APIs for 1.27 upgrade

Changes from siderolabs/go-loadbalancer

• siderolabs/go-loadbalancer@574126c chore: add 0.1ms tier and fix tiers
• siderolabs/go-loadbalancer@5301800 chore: fix logging and tests
• siderolabs/go-loadbalancer@b23a173 chore: replace std log with zap
• siderolabs/go-loadbalancer@1a2f374 feat: add multi-tier scoring based for generic List
• siderolabs/go-loadbalancer@56a27da chore: move to siderolabs/tcpproxy of inet.af/tcpproxy
• siderolabs/go-loadbalancer@f3a0e24 fix: use SO_LINGER option when doing TCP healthchecks

Changes from siderolabs/go-pcidb

• siderolabs/go-pcidb@164a1b2 refactor: use 'switch' statement instead of giant maps

Changes from siderolabs/kms-client

• siderolabs/kms-client@50064b6 fix: pass context to the key handler in the server wrapper
• siderolabs/kms-client@83e0a2e feat: define API and add reference implementation for KMS server
• siderolabs/kms-client@8c37ee8 Initial commit

Changes from siderolabs/pkgs

• siderolabs/pkgs@8a2227d chore: update kernel and microcode
• siderolabs/pkgs@2abca48 feat: update Go to 1.20.7, OpenSSL to 1.1.1v
• siderolabs/pkgs@8144720 chore: bump dependencies
• siderolabs/pkgs@cb97daf chore: add dm_multipath to kernel
• siderolabs/pkgs@a65ac0d refactor: move device drivers out as kernel modules
• siderolabs/pkgs@357bd67 feat: update Linux to 6.1.41
• siderolabs/pkgs@41191cf feat: add alx drivers
• siderolabs/pkgs@fedfafa feat: add thunderbolt/USB4 module
• siderolabs/pkgs@17d5b94 feat: enable NET_IPGRE kernel config
• siderolabs/pkgs@84cdfb6 feat: add 'zfs' package
• siderolabs/pkgs@d0eaedc feat: enable DM_RAID kernel config
• siderolabs/pkgs@d5e0fad feat: update dependencies
• siderolabs/pkgs@c644633 feat: enable multi-gen lru by default
• siderolabs/pkgs@75696ba feat: update Go to 1.20.6
• siderolabs/pkgs@205cab6 chore: feat use new sd-boot
• siderolabs/pkgs@fb817fe fix: enable USB attached SCSI driver on x86 systems
• siderolabs/pkgs@43451e6 chore: bump dependencies
• siderolabs/pkgs@eca94f8 feat: enable sriov
• siderolabs/pkgs@5a8e8e5 feat: enable VMWARE/HYPERV vsockets
• siderolabs/pkgs@edd725a chore: bump deps
• siderolabs/pkgs@c0ac69b feat: enable CONFIG_NVME_{MULTIPATH|AUTH}
• siderolabs/pkgs@f7cd916 fix: bump drbd to 9.2.4
• siderolabs/pkgs@a56d15a fix: copy missing modules.* files
• siderolabs/pkgs@1eefa66 feat: build isb modem drivers as module
• siderolabs/pkgs@a859f4f fix: build RDMA_RXE as a module
• siderolabs/pkgs@5fb5e95 feat: bump dependencies
• siderolabs/pkgs@39a64b2 feat: update Linux to 6.1.31, add GENEVE for arm64
• siderolabs/pkgs@97177be feat: update Linux to 6.1.30
• siderolabs/pkgs@b1f9d4e chore: prevent unsigned kexec with secureboot
• siderolabs/pkgs@9232a42 feat: add reproducibility pipelines
• siderolabs/pkgs@702d7a7 chore: bump deps
• siderolabs/pkgs@7958db1 chore: copy over sd-boot and sd-stub from tools
• siderolabs/pkgs@813b3c3 chore: revert xfsprogs
• siderolabs/pkgs@0cc78ab chore: bump kernel to 6.1.28
• siderolabs/pkgs@70189e3 chore: bump deps
• siderolabs/pkgs@c5d3bf1 feat: add sd-stub and sd-boot
• siderolabs/pkgs@30a7ac2 feat: update Linux 6.1.27, containerd 1.6.21
• siderolabs/pkgs@fbc6ee5 chore: bump deps
• siderolabs/pkgs@82b9489 chore: bump dependencies
• siderolabs/pkgs@f37e520 feat: update Linux to 6.1.25
• siderolabs/pkgs@3920b16 feat: add multi-gen LRU kernel support
• siderolabs/pkgs@988f1ec feat: update Linux to 6.1.24
• siderolabs/pkgs@5327d12 fix: remove FB_NVIDIA drivers, Linux 6.1.23
• siderolabs/pkgs@4eae958 chore: copy over the kernel signing public key
• siderolabs/pkgs@174f8fc chore: update Go to 1.20.3
• siderolabs/pkgs@41629b0 chore: reorder pkgs for better kernel caching
• siderolabs/pkgs@b483a6b feat: build 'snp.efi' for iPXE
• siderolabs/pkgs@fb853ff feat: update containerd to 1.6.20

Changes from siderolabs/tools

• siderolabs/tools@c050b7e feat: update OpenSSL to 1.1.1v
• siderolabs/tools@640e523 feat: update Go to 1.20.7
• siderolabs/tools@fd42f4b chore: bump dependencies
• siderolabs/tools@7cefce4 chore: optimize tools image size
• siderolabs/tools@dc7dd9e chore: remove libseccomp
• siderolabs/tools@e27c249 feat: update Go to 1.20.6
• siderolabs/tools@9b6d512 feat: use systemd 254-rc1
• siderolabs/tools@cd3b692 chore: bump deps
• siderolabs/tools@c1027a6 chore: remove sbsign
• siderolabs/tools@e0c76c0 chore: bump dependencies
• siderolabs/tools@7d0cd58 feat: update Go to 1.20.5
• siderolabs/tools@150efc2 chore: remove non needed tools
• siderolabs/tools@88ebb40 feat: add swtpm
• siderolabs/tools@4c5d7fe chore: use same source epoch everywhere
• siderolabs/tools@2e46e5b feat: add reproducibility pipelines
• siderolabs/tools@c6a41b6 fix: add sd-stub assertion patch
• siderolabs/tools@d2dde48 chore: bump deps
• siderolabs/tools@8e45ad7 feat: add sbsign
• siderolabs/tools@271c4a6 feat: add sd-tools
• siderolabs/tools@eedc294 chore: bump deps
• siderolabs/tools@81b09a5 feat: add libcap and gnuefi
• siderolabs/tools@47b0fd3 chore: bump go to 1.20.4
• siderolabs/tools@ff4cf2b chore: bump deps
• siderolabs/tools@1563556 feat: update Go to 1.20.3

Dependency Changes

• github.com/BurntSushi/toml v1.2.1 -> v1.3.2
• github.com/aws/aws-sdk-go-v2/config v1.18.32 new
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.7 new
• github.com/aws/smithy-go v1.14.0 new
• github.com/beevik/ntp v0.3.0 -> v1.2.0
• github.com/benbjohnson/clock v1.1.0 -> v1.3.5
• github.com/cenkalti/backoff/v4 v4.2.0 -> v4.2.1
• github.com/containerd/containerd v1.6.19 -> v1.6.22
• github.com/containerd/typeurl/v2 v2.1.1 new
• github.com/containernetworking/plugins v1.2.0 -> v1.3.0
• github.com/coreos/go-iptables v0.6.0 -> v0.7.0
• github.com/cosi-project/runtime v0.3.0 -> v0.3.1
• github.com/docker/distribution v2.8.1 -> v2.8.2
• github.com/docker/docker v23.0.2 -> v24.0.5
• github.com/ecks/uefi caef65d070eb new
• github.com/emicklei/dot v1.4.2 -> v1.6.0
• github.com/foxboron/go-uefi 32187aa193d0 new
• github.com/google/go-containerregistry v0.15.2 new
• github.com/google/go-tpm v0.9.0 new
• github.com/gopacket/gopacket v1.1.1 new
• github.com/hashicorp/go-envparse v0.1.0 new
• github.com/hashicorp/go-getter/v2 v2.2.1 new
• github.com/hetznercloud/hcloud-go/v2 v2.0.0 new
• github.com/insomniacslk/dhcp 74ae03f2425e -> 0f9eb93a696c
• github.com/jsimonetti/rtnetlink v1.3.1 -> v1.3.4
• github.com/mattn/go-isatty v0.0.18 -> v0.0.19
• github.com/mdlayher/ethtool ba3b4bc2e02c -> v0.1.0
• github.com/mdlayher/genetlink v1.3.1 -> v1.3.2
• github.com/mdlayher/netlink v1.7.1 -> v1.7.2
• github.com/mdlayher/netx c711c2f8512f -> 7e21880baee8
• github.com/nberlee/go-netstat v0.1.1 -> v0.1.2
• github.com/opencontainers/go-digest v1.0.0 new
• github.com/opencontainers/image-spec v1.1.0-rc2 -> v1.1.0-rc4
• github.com/packethost/packngo v0.29.0 -> v0.30.0
• github.com/prometheus/procfs v0.9.0 -> v0.11.1
• github.com/rivo/tview 281d14d896d7 -> 6cc0565babaf
• github.com/rs/xid v1.4.0 -> v1.5.0
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.15 -> v1.0.0-beta.20
• github.com/siderolabs/crypto v0.4.0 -> v0.4.1
• github.com/siderolabs/discovery-api v0.1.2 -> v0.1.3
• github.com/siderolabs/discovery-client v0.1.4 -> v0.1.5
• github.com/siderolabs/extras v1.4.0-1-g9b07505 -> v1.5.0
• github.com/siderolabs/gen v0.4.3 -> v0.4.5
• github.com/siderolabs/go-blockdevice v0.4.4 -> v0.4.6
• github.com/siderolabs/go-debug v0.2.2 -> v0.2.3
• github.com/siderolabs/go-kubernetes v0.2.0 -> v0.2.2
• github.com/siderolabs/go-loadbalancer v0.2.1 -> v0.3.2
• github.com/siderolabs/go-pcidb v0.1.0 -> v0.2.0
• github.com/siderolabs/kms-client v0.1.0 new
• github.com/siderolabs/pkgs v1.4.1-5-ga333a84 -> v1.5.0-1-g8a2227d
• github.com/siderolabs/talos/pkg/machinery v1.4.0 -> v1.5.0-beta.1
• github.com/siderolabs/tools v1.4.0-1-g955aabc -> v1.5.0
• github.com/spf13/cobra v1.6.1 -> v1.7.0
• github.com/stretchr/testify v1.8.2 -> v1.8.4
• github.com/vmware-tanzu/sonobuoy v0.56.16 -> v0.56.17
• go.etcd.io/etcd/api/v3 v3.5.8 -> v3.5.9
• go.etcd.io/etcd/client/pkg/v3 v3.5.8 -> v3.5.9
• go.etcd.io/etcd/client/v3 v3.5.8 -> v3.5.9
• go.etcd.io/etcd/etcdutl/v3 v3.5.8 -> v3.5.9
• go.uber.org/zap v1.24.0 -> v1.25.0
• go4.org/netipx f1b76eb4bb35 -> ec4c8b891b28
• golang.org/x/net v0.8.0 -> v0.13.0
• golang.org/x/sync v0.1.0 -> v0.3.0
• golang.org/x/sys v0.6.0 -> v0.10.0
• golang.org/x/term v0.6.0 -> v0.10.0
• golang.org/x/text v0.11.0 new
• golang.zx2c4.com/wireguard/wgctrl 9c5414ab4bde -> 925a1e7659e6
• google.golang.org/grpc v1.54.0 -> v1.57.0
• google.golang.org/protobuf v1.30.0 -> v1.31.0
• k8s.io/api v0.27.1 -> v0.28.0-rc.0
• k8s.io/apimachinery v0.27.1 -> v0.28.0-rc.0
• k8s.io/apiserver v0.27.1 -> v0.28.0-rc.0
• k8s.io/client-go v0.27.1 -> v0.28.0-rc.0
• k8s.io/component-base v0.27.1 -> v0.28.0-rc.0
• k8s.io/cri-api v0.27.1 -> v0.28.0-rc.0
• k8s.io/klog/v2 v2.90.1 -> v2.100.1
• k8s.io/kubectl v0.27.1 -> v0.28.0-rc.0
• k8s.io/kubelet v0.27.1 -> v0.28.0-rc.0
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.68 -> v1.2.69

Previous release can be found at v1.4.0

Images

ghcr.io/siderolabs/flannel:v0.22.1
ghcr.io/siderolabs/install-cni:v1.5.0
registry.k8s.io/coredns/coredns:v1.10.1
gcr.io/etcd-development/etcd:v3.5.9
registry.k8s.io/kube-apiserver:v1.28.0-rc.0
registry.k8s.io/kube-controller-manager:v1.28.0-rc.0
registry.k8s.io/kube-scheduler:v1.28.0-rc.0
registry.k8s.io/kube-proxy:v1.28.0-rc.0
ghcr.io/siderolabs/kubelet:v1.28.0-rc.0
ghcr.io/siderolabs/installer:v1.5.0-beta.1
registry.k8s.io/pause:3.6

Talos 1.5.0-beta.0 (2023-08-02)

Welcome to the v1.5.0-beta.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Extension Services

Talos now supports setting environmentFile for an extension service container spec. Refer: https://www.talos.dev/v1.5/advanced/extension-services/#container
The extension waits for the file to be present before starting the service.

Predictable Network Interface Names

Starting with version Talos 1.5, network interfaces are renamed to predictable names
same way as systemd does that in other Linux distributions.

The naming schema enx78e7d1ea46da (based on MAC addresses) is enabled by default, the order of interface naming decisions is:

• firmware/BIOS provided index numbers for on-board devices (example: eno1)
• firmware/BIOS provided PCI Express hotplug slot index numbers (example: ens1)
• physical/geographical location of the connector of the hardware (example: enp2s0)
• interfaces's MAC address (example: enx78e7d1ea46da)

The predictable network interface names features can be disabled by specifying net.ifnames=0 in the kernel command line.
Talos automatically adds the net.ifnames=0 kernel argument when upgrading from Talos versions before 1.5.

This change doesn't affect "cloud" platforms, like AWS, as Talos automatically adds net.ifnames=0 to the kernel command line.

Network KMS Disk Encryption

Talos now supports new type of encryption keys which are sealed/unsealed with an external KMS server:

systemDiskEncryption:
  ephemeral:
    keys:
      - kms:
          endpoint: https://1.2.3.4:443
        slot: 0

gRPC API definitions and a simple reference implementation of the KMS server can be found in this
repository.

KubePrism - Kubernetes API Server In-Cluster Load Balancer

Talos now supports configuring the KubePrism - Kubernetes API Server in-cluster load balancer with machine config
features.kubePrism.port and features.kubePrism.enabled fields.

If enabled, KubePrism binds to localhost and runs on the same port on every machine in the cluster.
The default value for KubePrism endpoint is https://localhost:7445.

The KubePrism is used by the kubelet, kube-scheduler, kube-controller-manager
and kube-proxy by default and can be passed to the CNIs like Cilium and Calico.

The KubePrism provides access to the Kubernetes API endpoint even if the external loadbalancer
is not healthy, provided that the worker nodes can reach to the controlplane machine addresses directly.

Machine Config option .machine.install.bootloader

The .machine.install.bootloader option in the machine config is deprecated and will be removed in Talos 1.6.
This was a no-op for a long time. The bootloader is always installed.

XFS Quota

Talos 1.5+ enables XFS project quota support by default, also enabling by default
kubelet feature gate LocalStorageCapacityIsolationFSQuotaMonitoring to use xfs quotas
to monitor volume usage instead of du.

This feature is controlled by the .machine.features.diskQuotaSupport field in the machine config,
it is set to true for new clusters.

When upgrading from a previous version, the feature can be enabled by setting the field to true.
On the first mount of a volume, the quota information will be recalculated, which may take some time.

RDMA/RoCE support

Talos no longer loads by default rdma_rxe Linux driver, which is required for RoCE support.
If the driver is required, it can be enabled by specifying rdma_rxe in the .machine.kernel.modules field in the machine config.

SecureBoot

Talos now supports generating a custom iso that can be used with SecureBoot. Key generation and enrolling has to be done manually.

talosctl image Command

A new set of commands was introduced to manage container images in the CRI:

• talosctl image list shows list of available images
• talosctl image pull allows to pre-pull an image into the CRI

Both new commands accept --namespace flag with two possible values:

• cri (default): images managed by the CRI (Kubernetes workloads)
• system: images managed by Talos (etcd and kubelet)

talosctl images Command

The command talosctl images was renamed to talosctl image default.

The backward-compatible alias is kept in Talos 1.5, but it will be dropped in Talos 1.6.

TPM Disk Encryption

Talos now supports encrypting STATE/EPHEMERAL with keys bound to a TPM device. The TPM device must be TPM2.0 compatible.
This is ideally supported when booting with new Talos SecureBoot UKI ISOs/Metal images. This feature would still work if SecureBoot
is not enabled for UKI images, but not recommended since there is no way to verify the trust of the bootloader.

Example machine config:

systemDiskEncryption:
  ephemeral:
    keys:
      - slot: 0
        tpm: {}
  state:
    keys:
      - slot: 0
        tpm: {}

Component Updates

• Linux: 6.1.42
• containerd: 1.6.22
• runc: 1.1.8
• etcd: 3.5.9
• Kubernetes: 1.28.0-rc.0
• Flannel: 0.22.1

Talos is built with Go 1.20.7.

talosctl upgrade-k8s Image Pre-pulling

The command talosctl upgrade-k8s now by default pre-pulls images for Kubernetes controlplane components
and kubelet. This provides an early check for missing images, and minimizes downtime during Kubernetes
rolling component update.

Contributors

• Andrey Smirnov
• Noel Georgi
• Dmitriy Matrenichev
• Utku Ozdemir
• Artem Chernyshev
• Spencer Smith
• Steve Francis
• Christian Rolland
• Andrei Kvapil
• Nanfei Chen
• Nico Berlee
• Alex Corcoles
• Alex Corcoles
• Alex Lubbock
• Artem Chernyshev
• Budiman Jojo
• Chris Hoffman
• DJAlPee
• Dennis Marttinen
• Eirik Askheim
• Florian Klink
• Henk Kraal
• Igor Rzegocki
• James Callahan
• LukasAuerbeck
• Markus Reiter
• Michael A. Davis
• Michael Fornaro
• Niklas Wik
• Piotr Maksymiuk
• Ricky Sadowski
• Roee Klinger
• Sacha Trémoureux
• Scott Cariss
• Serge Logvinov
• Thomas Lemarchand
• Thomas Perronin
• Tim Jones
• Victor Bajada
• Walt Chen
• bdronneau

Changes

• siderolabs/talos@de763409b release(v1.5.0-beta.0): prepare release
• siderolabs/talos@87fe8f1a2 feat: implement image generation profiles
• siderolabs/talos@e685208ce chore: update go 1.20.7
• siderolabs/talos@10f958cf4 feat: network configuration improvements on the NoCloud platform
• siderolabs/talos@5adeb5042 feat: update extension spec allowlist for opengl
• siderolabs/talos@abf383117 chore: remove cpu_manager_state on cpuManagerPolicy change
• siderolabs/talos@018e7f587 chore: bump dependencies
• siderolabs/talos@68e6b98f7 feat: add security state resource
• siderolabs/talos@209c34801 chore: drop with-secureboot talosctl flag
• siderolabs/talos@ab14905d9 docs: note that Talos API requires TCP only load balancer, not HTTPS
• siderolabs/talos@078c29c73 chore: re-enable cloud images step
• siderolabs/talos@a17272cdd chore: update hcloud API SDK to v2
• siderolabs/talos@6d71bb8df refactor: replace google/gopacket with gopacket/gopacket
• siderolabs/talos@846f37d84 refactor: drop dependency on vmware/govmomi
• siderolabs/talos@ca0b32c51 refactor: update AWS SDK and http-getter to v2 versions
• siderolabs/talos@dbb9f2bc7 chore: add dm_multipath module
• siderolabs/talos@b70b7ea57 chore: use new go-pcidb database
• siderolabs/talos@9b533e27c feat: update Kubernetes to 1.28.0-rc.0
• siderolabs/talos@a3a2aa8ef fix: use fast wipe for upgrade
• siderolabs/talos@f863498ff fix: always override APIServer audit policy
• siderolabs/talos@355681dda fix: terminate dashboard gracefully on & switch back to tty1
• siderolabs/talos@544cb4fe7 refactor: accept partial machine configuration
• siderolabs/talos@9b0bc3e93 chore: split kernel modules out of the tree
• siderolabs/talos@ffa48ac80 chore: workaround AWS AMI failures, disable Azure uploader
• siderolabs/talos@4cd7623cf chore: add alx drivers
• siderolabs/talos@663264c86 release(v1.5.0-alpha.3): prepare release
• siderolabs/talos@d2f64af86 chore: disable cloud-images, pull in new kernel and gre module
• siderolabs/talos@8edce4906 docs: improve proxmox install guide
• siderolabs/talos@c783458be docs: typo dhcp -> dhcp
• siderolabs/talos@003cbd161 docs: warn about secretboxEncryptionSecret in kubeadm migration guide
• siderolabs/talos@786e86f5b refactor: rewrite the way Talos acquires the machine configuration
• siderolabs/talos@5e13cafe5 feat: enforce kernel lockdown for UKI
• siderolabs/talos@4d96d642f feat: update default Kubernetes version to 1.28.0-beta.0
• siderolabs/talos@170a73e16 chore: support creating qemu guest socket
• siderolabs/talos@59ac38a6b docs: add docs for installing azure ccm and csi
• siderolabs/talos@6288cd970 release(v1.5.0-alpha.2): prepare release
• siderolabs/talos@60c304126 chore: bump dependencies
• siderolabs/talos@9ef4e5efc fix: log explicitly when kubelet has no nodeIP match
• siderolabs/talos@6b39c6a4d fix: enable compression and bump gRPC max msg size
• siderolabs/talos@2f2eca861 chore: basic support for shutdown/poweroff flags
• siderolabs/talos@b84277d7d docs: fix wrong capability name
• siderolabs/talos@59d7d9344 chore: use machined for shutdown, poweroff
• siderolabs/talos@2439bfb71 chore: explicitly add timestamps to machined logs
• siderolabs/talos@14966e718 fix: skip over tpm2 1.2 devices
• siderolabs/talos@6716e7bc0 docs: update cilium documentation about KubePrism usage
• siderolabs/talos@166d75fe8 fix: tpm2 encrypt/decrypt flow
• siderolabs/talos@130518de7 chore: change missing renames of KubePrism
• siderolabs/talos@5f34f5b41 chore: rename api load balancer to KubePrism
• siderolabs/talos@c8b7095c0 refactor: use tpm2 library to calculate policy hash
• siderolabs/talos@078aac92e chore: bump deps
• siderolabs/talos@53873b844 refactor: move ukify into Talos code
• siderolabs/talos@d5f6fb9ff chore: add vendor info
• siderolabs/talos@79365d9ba feat: tpm2 based disk encryption
• siderolabs/talos@06369e819 fix: retry CRI pod removal, fix upgrade flow in the tests
• siderolabs/talos@d32dd3a82 chore: update Go to 1.20.6
• siderolabs/talos@8017afb10 feat: implement CRI image management and pre-pull on K8s upgrade
• siderolabs/talos@1c2f19b36 feat: update Kubernetes to 1.28.0-alpha.4
• siderolabs/talos@94e9891c1 chore: bump sd-boot to v254-rc1
• siderolabs/talos@936111ce0 fix: properly set up tls for KMS endpoint
• siderolabs/talos@cb226eec4 fix: rewrite encryption system information flow
• siderolabs/talos@3206db528 feat: drop tpm simulator for ukify measure
• siderolabs/talos@bd4f89f63 fix: disable dashboard on Azure, GCP and Scaleway
• siderolabs/talos@bdb96189f refactor: make maintenance service controller-based
• siderolabs/talos@d23d04de2 feat: seed the kernel random pool from the TPM
• siderolabs/talos@c81ce8cfb feat: support controlplane resources configuration
• siderolabs/talos@74de562b2 fix: mount hugepages with nosuid + nodev
• siderolabs/talos@ce63abb21 feat: add KMS assisted encryption key handler
• siderolabs/talos@dafbe9deb chore: optimize dockerfile instructions
• siderolabs/talos@a4289e870 chore: fix CLI docs generation stability
• siderolabs/talos@2fec8388f chore: bump dependencies
• siderolabs/talos@c1b4262dd docs: split simple and more complex getting started guides
• siderolabs/talos@c9a9f9561 refactor: extract secure boot certificate generation
• siderolabs/talos@6be5a13d5 feat: implement machine config documents for event and log streaming
• siderolabs/talos@e241be85b fix: properly handle YAML comment stripping for multi-doc
• siderolabs/talos@c02ada7d9 fix: capabilities including ALL should be uppercase
• siderolabs/talos@cbdf96d46 feat: support environment file for extensions
• siderolabs/talos@35d6adcb9 fix: provide stashed META values before installation
• siderolabs/talos@258f07449 fix: ukify cert generation
• siderolabs/talos@bf3febb7e fix: refine OVMF search paths
• siderolabs/talos@fbebc17f8 fix: disable LVM backups/archive
• siderolabs/talos@e5306ef26 chore: format and cleanup test scripts
• siderolabs/talos@bc371ecfd chore: add /sbin/shutdown
• siderolabs/talos@0d313b973 feat: add reboot-mode flag to talosctl upgrade
• siderolabs/talos@7ce87f20c fix: compare only basename of os.Args[0] in machined
• siderolabs/talos@53389b1e7 feat: auto-enroll secure boot keys
• siderolabs/talos@d77f0bc7b docs: fix broken link to powershell module
• siderolabs/talos@e1b150a11 release(v1.5.0-alpha.1): prepare release
• siderolabs/talos@8daf432b2 chore: bump deps
• siderolabs/talos@e3f3f5794 feat: implement revert for sd-boot
• siderolabs/talos@d8b0903d7 docs: vagrant setup document fix
• siderolabs/talos@fe0f46980 feat: implement secure boot from disk
• siderolabs/talos@445f5ad54 feat: support API server load balancer
• siderolabs/talos@19bc223de refactor: bootloader interface, labels
• siderolabs/talos@665702ddd chore: fix cilium e2e tests
• siderolabs/talos@71a548d18 chore: generic boootloader implementation
• siderolabs/talos@e9dbc9311 test: bump versions for upgrade tests
• siderolabs/talos@0a99965ef refactor: replace uncordonNode with controllers
• siderolabs/talos@e858bca3a test: fix cilium integration tests
• siderolabs/talos@455328d05 fix: allow time skew for generated kubeconfig
• siderolabs/talos@3ae05648a fix: usage of custom kernels
• siderolabs/talos@0797b0d16 chore: add a pipeline to test cloud-images step without a release
• siderolabs/talos@e5a36268b docs: include allowSchedulingOnControlPlanes on talosctl gen config output
• siderolabs/talos@c74d93728 chore: bump github.com/cosi-project/runtime
• siderolabs/talos@dbaf5c699 refactor: task labelControlPlane into controllers
• siderolabs/talos@1865a0c29 chore: modify some usages that are not recommended
• siderolabs/talos@3816318b9 chore: wrap config.Provider in atomic wrapper
• siderolabs/talos@d04cf1978 chore: clean up unnecessary self assignment
• siderolabs/talos@a34a94898 fix: copy missing modules.* files
• siderolabs/talos@f5e3272fc refactor: task 'updateBootLoader' as controller
• siderolabs/talos@e7be6ee7c refactor: make event log streaming fully reactive
• siderolabs/talos@aef2192a6 chore: use fixed module list
• siderolabs/talos@c719aa231 fix: allow http:// for discovery service URL
• siderolabs/talos@39134d8d5 chore: fix cron pipeline
• siderolabs/talos@a61dcdbbd fix: don't load RDMA over Ethernet driver by default
• siderolabs/talos@aac441f61 chore: update Go to 1.20.5, bump dependencies
• siderolabs/talos@1c0c7933d chore: cleanup partition code
• siderolabs/talos@31b988281 docs: add some words about certifcates
• siderolabs/talos@e912c0dfc chore: use go-blockdevice for zeroing partitions
• siderolabs/talos@e6dde8ffc feat: add network chaos to qemu development environment
• siderolabs/talos@47986cb79 chore: unify kexec phase
• siderolabs/talos@3a865370f feat: qemu secureboot
• siderolabs/talos@5dab45e86 refactor: allow kmsg log streaming to be reconfigured on the fly
• siderolabs/talos@8a02ecd4c chore: add endpoints balancer controller
• siderolabs/talos@423a31ac9 chore: deprectae bootloader installer option
• siderolabs/talos@cdfece7d6 chore: optimize image compression
• siderolabs/talos@bfc341937 chore: add default console args
• siderolabs/talos@2749aeeda feat: add support for multi-doc strategic merge patching
• siderolabs/talos@3f68485e4 feat: add uki iso generation
• siderolabs/talos@bab484a40 feat: use stable network interface names
• siderolabs/talos@196dfb99b fix: do not probe kernel args in dashboard if not needed
• siderolabs/talos@8c071b579 fix: skip DHCP RENEW if server IP in the lease is all zeroes
• siderolabs/talos@badbc51e6 refactor: rewrite code to include preliminary support for multi-doc
• siderolabs/talos@ecce29dee fix: upgrade-k8s use internal IP first, external IP fallback
• siderolabs/talos@3c64a5ffb chore: optimize image generation time
• siderolabs/talos@2292f36d9 chore: registry.k8s.io for coredns image
• siderolabs/talos@f2b258b37 docs: document talosctl version for upgrades
• siderolabs/talos@a0773f783 chore: add ukify Go script
• siderolabs/talos@b69e38d1f chore: bump dependencies
• siderolabs/talos@adce65103 docs: add piraeus/drbd to storage documentation
• siderolabs/talos@a982cabe7 docs: link support matrix in k8s update doc
• siderolabs/talos@1fb29a56a fix: fail quickly if upgrade-k8s is used with multiple nodes
• siderolabs/talos@51d931c47 chore: faster dev cycle
• siderolabs/talos@dc6764871 refactor: move around config interfaces, make RawV1Alpha1 typed
• siderolabs/talos@ea9a97dba fix: fall back to external IP when discovering nodes in upgrade-k8s
• siderolabs/talos@0bb7e8a5c refactor: split config.Provider into Config & Container
• siderolabs/talos@85d8a1619 chore: bump deps
• siderolabs/talos@39b7a56f0 chore: use 8GiB instead of 10GiB for cloud images
• siderolabs/talos@ff11fd39c fix: race with udevd and mountUserDisks
• siderolabs/talos@c3fabb982 chore: update default image sizes to 10GB for all "cloud" images
• siderolabs/talos@10155c390 feat: enable xfs project quota support, kubelet feature
• siderolabs/talos@eba818564 release(v1.5.0-alpha.0): prepare release
• siderolabs/talos@383471c3e feat: update default Kubernetes to v1.27.2
• siderolabs/talos@8f68d1abe chore: bump deps
• siderolabs/talos@e0c1585d3 feat: create azure community gallery image version on release
• siderolabs/talos@dd8336c9e fix: refresh kubelet self-issued serving certificates
• siderolabs/talos@bb02dd263 chore: drop deprecated stuff for Talos 1.5
• siderolabs/talos@61cad8673 chore: bump deps
• siderolabs/talos@01dfd3af7 feat: update etcd to v3.5.9
• siderolabs/talos@aa65fbb8a chore: update KUBECTL_URL to reflect the community bucket
• siderolabs/talos@cc3128d94 chore: bump kernel to 6.1.28
• siderolabs/talos@97fffaf78 chore: use ctest.UpdateWithConflicts instead of plain UpdateWithConflicts
• siderolabs/talos@3b36993b9 fix: rlimit nofile test
• siderolabs/talos@45e6e27af chore: bump runtime
• siderolabs/talos@4f720d465 fix: revert: set rlimit explicitly in wrapperd
• siderolabs/talos@a2565f674 fix: set rlimit explicitly in wrapperd
• siderolabs/talos@cdfc242b8 chore: re-enable Go buildid
• siderolabs/talos@e67f3f5c5 feat: linux 6.1.27, containerd 1.6.21, go 1.20.4
• siderolabs/talos@55ae59a0a fix: properly skip/cleanup controlplane configs for workers
• siderolabs/talos@64eade9bd chore: clean up unused constant
• siderolabs/talos@62c6e9655 feat: introduce siderolink config resource & reconnect
• siderolabs/talos@860002c73 fix: don't reload control plane pods on cert SANs changes
• siderolabs/talos@d43c61e80 fix: enforce nolock option for all NFS mounts by default
• siderolabs/talos@339986db9 fix: inhibit timer to follow kubelet timer
• siderolabs/talos@cbf6dc100 fix: set timeout for unmount calls
• siderolabs/talos@b58f913d5 fix: set the static pod priority as values
• siderolabs/talos@f8a7a5b6b docs: add information about KubeSpan ports and topology
• siderolabs/talos@2bad74d64 docs: add how to on scaling down
• siderolabs/talos@7442ff8b0 chore: fix typos inteface -> interface (docs and tests)
• siderolabs/talos@d4e94f7a1 fix: add back required TARGETARCH for installer
• siderolabs/talos@e6fffda01 chore: linux 6.1.26, runc 1.1.7
• siderolabs/talos@344746ae2 fix: bump max inhibit delay to 20 min
• siderolabs/talos@d9bdea2b5 chore: fork docs and compatibility modules for Talos 1.5
• siderolabs/talos@3d99610fc docs: document building, verifying image and process caps
• siderolabs/talos@014008ea2 fix: udevd rules trigger
• siderolabs/talos@9b36bb613 feat: update Linux to 6.1.25, fix virtio on arm64
• siderolabs/talos@08ec66c55 feat: clean up (garbage collect) system images which are not referenced
• siderolabs/talos@b097efcde fix: display correct number of machines on dashboard
• siderolabs/talos@cad43f0ad chore: remove k8s master label
• siderolabs/talos@e296a566e fix: support kernel userspace module loading
• siderolabs/talos@103f0ffdd feat: add startup probes to controller-manager and scheduler
• siderolabs/talos@5a1ae8aae chore: bump dependences
• siderolabs/talos@ec8c8dbaf chore: fix container image reproducibility
• siderolabs/talos@f661d8487 fix: allow talosctl cp to handle special files in /proc
• siderolabs/talos@2d824b563 fix: do not show control plane status for workers on dashboard
• siderolabs/talos@e5491ddad docs: update documentation for nocloud
• siderolabs/talos@7a004a6f7 fix: parse errors correctly
• siderolabs/talos@374ef5385 test: submit verbose flag to e2e tests
• siderolabs/talos@e1d38b6fe feat: show template URL in dashboard config URL tab
• siderolabs/talos@45d7f0ce9 docs: fix the latest url
• siderolabs/talos@96efbf147 docs: activate 1.4.0 docs by default
• siderolabs/talos@8c1f515b1 feat: update Linux to 6.1.24
• siderolabs/talos@8689bef5f docs: update documentation for Talos 1.4
• siderolabs/talos@a781dfb8e feat: update Kubernetes to 1.27.1
• siderolabs/talos@a737dd83a chore: typo in compatibility.ParseKubernetesVersion
• siderolabs/talos@f14928b0a fix: fix dashboard crash when a non-existent node is specified
• siderolabs/talos@3e406d9b0 feat: update etcd to v3.5.8
• siderolabs/talos@bd1cff3e8 chore: remove Go buildid
• siderolabs/talos@e31f7f50b feat: update Kubernetes to 1.27.0
• siderolabs/talos@aa3640d74 docs: update storage.md
• siderolabs/talos@07bb61e60 chore: module-sig-verify cleanup
• siderolabs/talos@5e9d836c3 chore: add kernel module signtaure verification
• siderolabs/talos@3cd1c6bb0 fix: send 'STOP' event on phase end
• siderolabs/talos@5176d27dc feat: update Kubernetes to 1.27.0-rc.1
• siderolabs/talos@2c55550a6 fix: quote ISO kernel args for GRUB
• siderolabs/talos@319d76e38 fix: respect BROWSER=echo in client auth interceptor
• siderolabs/talos@4e4ace839 chore: update Go to 1.20.3
• siderolabs/talos@170f73899 fix: correctly parse static pod phase
• siderolabs/talos@c3a595d5b fix: improve action tracking post checks
• siderolabs/talos@eb01edbc8 fix: rework DHCP flow
• siderolabs/talos@e095150a6 test: bump CAPI components versions

Changes since v1.5.0-alpha.3

• siderolabs/talos@de763409b release(v1.5.0-beta.0): prepare release
• siderolabs/talos@87fe8f1a2 feat: implement image generation profiles
• siderolabs/talos@e685208ce chore: update go 1.20.7
• siderolabs/talos@10f958cf4 feat: network configuration improvements on the NoCloud platform
• siderolabs/talos@5adeb5042 feat: update extension spec allowlist for opengl
• siderolabs/talos@abf383117 chore: remove cpu_manager_state on cpuManagerPolicy change
• siderolabs/talos@018e7f587 chore: bump dependencies
• siderolabs/talos@68e6b98f7 feat: add security state resource
• siderolabs/talos@209c34801 chore: drop with-secureboot talosctl flag
• siderolabs/talos@ab14905d9 docs: note that Talos API requires TCP only load balancer, not HTTPS
• siderolabs/talos@078c29c73 chore: re-enable cloud images step
• siderolabs/talos@a17272cdd chore: update hcloud API SDK to v2
• siderolabs/talos@6d71bb8df refactor: replace google/gopacket with gopacket/gopacket
• siderolabs/talos@846f37d84 refactor: drop dependency on vmware/govmomi
• siderolabs/talos@ca0b32c51 refactor: update AWS SDK and http-getter to v2 versions
• siderolabs/talos@dbb9f2bc7 chore: add dm_multipath module
• siderolabs/talos@b70b7ea57 chore: use new go-pcidb database
• siderolabs/talos@9b533e27c feat: update Kubernetes to 1.28.0-rc.0
• siderolabs/talos@a3a2aa8ef fix: use fast wipe for upgrade
• siderolabs/talos@f863498ff fix: always override APIServer audit policy
• siderolabs/talos@355681dda fix: terminate dashboard gracefully on & switch back to tty1
• siderolabs/talos@544cb4fe7 refactor: accept partial machine configuration
• siderolabs/talos@9b0bc3e93 chore: split kernel modules out of the tree
• siderolabs/talos@ffa48ac80 chore: workaround AWS AMI failures, disable Azure uploader
• siderolabs/talos@4cd7623cf chore: add alx drivers

Changes from siderolabs/crypto

• siderolabs/crypto@8f77da3 feat: add a method to load PEM key from file
• siderolabs/crypto@c03ff58 feat: add a way to represent redacted x509 private keys

Changes from siderolabs/discovery-api

• siderolabs/discovery-api@5e3db3c chore: app optional ControlPlane data

Changes from siderolabs/discovery-client

• siderolabs/discovery-client@9ba5f03 chore: app optional ControlPlane data

Changes from siderolabs/extras

• siderolabs/extras@f521190 feat: update Go to 1.20.7
• siderolabs/extras@26b9d64 chore: bump dependencies
• siderolabs/extras@f415aac feat: update Go to 1.20.6
• siderolabs/extras@a73d524 feat: update Go to 1.20.5
• siderolabs/extras@36c8ac4 chore: update to Go 1.20.3

Changes from siderolabs/gen

• siderolabs/gen@f9f5805 chore: bump rekres and add functions from exp
• siderolabs/gen@b968d21 feat: add TryRecv and RecvWithContext functions
• siderolabs/gen@476dfea feat: add foreach and clear to lazymap

Changes from siderolabs/go-blockdevice

• siderolabs/go-blockdevice@fbb01f7 fix: properly detect token not found error
• siderolabs/go-blockdevice@3e08968 fix: do not attach token to a key slot
• siderolabs/go-blockdevice@f2c419e feat: support LUKS token management
• siderolabs/go-blockdevice@076874a chore: resolve blockdevice symlinks

Changes from siderolabs/go-debug

• siderolabs/go-debug@43d9100 chore: allow enabling pprof manually

Changes from siderolabs/go-kubernetes

• siderolabs/go-kubernetes@69fea5b feat: support upgrades to Kubernetes 1.28
• siderolabs/go-kubernetes@5a3df5b fix: remove removed APIs for 1.27 upgrade

Changes from siderolabs/go-loadbalancer

• siderolabs/go-loadbalancer@574126c chore: add 0.1ms tier and fix tiers
• siderolabs/go-loadbalancer@5301800 chore: fix logging and tests
• siderolabs/go-loadbalancer@b23a173 chore: replace std log with zap
• siderolabs/go-loadbalancer@1a2f374 feat: add multi-tier scoring based for generic List
• siderolabs/go-loadbalancer@56a27da chore: move to siderolabs/tcpproxy of inet.af/tcpproxy
• siderolabs/go-loadbalancer@f3a0e24 fix: use SO_LINGER option when doing TCP healthchecks

Changes from siderolabs/go-pcidb

• siderolabs/go-pcidb@164a1b2 refactor: use 'switch' statement instead of giant maps

Changes from siderolabs/kms-client

• siderolabs/kms-client@50064b6 fix: pass context to the key handler in the server wrapper
• siderolabs/kms-client@83e0a2e feat: define API and add reference implementation for KMS server
• siderolabs/kms-client@8c37ee8 Initial commit

Changes from siderolabs/pkgs

• siderolabs/pkgs@2abca48 feat: update Go to 1.20.7, OpenSSL to 1.1.1v
• siderolabs/pkgs@8144720 chore: bump dependencies
• siderolabs/pkgs@cb97daf chore: add dm_multipath to kernel
• siderolabs/pkgs@a65ac0d refactor: move device drivers out as kernel modules
• siderolabs/pkgs@357bd67 feat: update Linux to 6.1.41
• siderolabs/pkgs@41191cf feat: add alx drivers
• siderolabs/pkgs@fedfafa feat: add thunderbolt/USB4 module
• siderolabs/pkgs@17d5b94 feat: enable NET_IPGRE kernel config
• siderolabs/pkgs@84cdfb6 feat: add 'zfs' package
• siderolabs/pkgs@d0eaedc feat: enable DM_RAID kernel config
• siderolabs/pkgs@d5e0fad feat: update dependencies
• siderolabs/pkgs@c644633 feat: enable multi-gen lru by default
• siderolabs/pkgs@75696ba feat: update Go to 1.20.6
• siderolabs/pkgs@205cab6 chore: feat use new sd-boot
• siderolabs/pkgs@fb817fe fix: enable USB attached SCSI driver on x86 systems
• siderolabs/pkgs@43451e6 chore: bump dependencies
• siderolabs/pkgs@eca94f8 feat: enable sriov
• siderolabs/pkgs@5a8e8e5 feat: enable VMWARE/HYPERV vsockets
• siderolabs/pkgs@edd725a chore: bump deps
• siderolabs/pkgs@c0ac69b feat: enable CONFIG_NVME_{MULTIPATH|AUTH}
• siderolabs/pkgs@f7cd916 fix: bump drbd to 9.2.4
• siderolabs/pkgs@a56d15a fix: copy missing modules.* files
• siderolabs/pkgs@1eefa66 feat: build isb modem drivers as module
• siderolabs/pkgs@a859f4f fix: build RDMA_RXE as a module
• siderolabs/pkgs@5fb5e95 feat: bump dependencies
• siderolabs/pkgs@39a64b2 feat: update Linux to 6.1.31, add GENEVE for arm64
• siderolabs/pkgs@97177be feat: update Linux to 6.1.30
• siderolabs/pkgs@b1f9d4e chore: prevent unsigned kexec with secureboot
• siderolabs/pkgs@9232a42 feat: add reproducibility pipelines
• siderolabs/pkgs@702d7a7 chore: bump deps
• siderolabs/pkgs@7958db1 chore: copy over sd-boot and sd-stub from tools
• siderolabs/pkgs@813b3c3 chore: revert xfsprogs
• siderolabs/pkgs@0cc78ab chore: bump kernel to 6.1.28
• siderolabs/pkgs@70189e3 chore: bump deps
• siderolabs/pkgs@c5d3bf1 feat: add sd-stub and sd-boot
• siderolabs/pkgs@30a7ac2 feat: update Linux 6.1.27, containerd 1.6.21
• siderolabs/pkgs@fbc6ee5 chore: bump deps
• siderolabs/pkgs@82b9489 chore: bump dependencies
• siderolabs/pkgs@f37e520 feat: update Linux to 6.1.25
• siderolabs/pkgs@3920b16 feat: add multi-gen LRU kernel support
• siderolabs/pkgs@988f1ec feat: update Linux to 6.1.24
• siderolabs/pkgs@5327d12 fix: remove FB_NVIDIA drivers, Linux 6.1.23
• siderolabs/pkgs@4eae958 chore: copy over the kernel signing public key
• siderolabs/pkgs@174f8fc chore: update Go to 1.20.3
• siderolabs/pkgs@41629b0 chore: reorder pkgs for better kernel caching
• siderolabs/pkgs@b483a6b feat: build 'snp.efi' for iPXE
• siderolabs/pkgs@fb853ff feat: update containerd to 1.6.20

Changes from siderolabs/tools

• siderolabs/tools@c050b7e feat: update OpenSSL to 1.1.1v
• siderolabs/tools@640e523 feat: update Go to 1.20.7
• siderolabs/tools@fd42f4b chore: bump dependencies
• siderolabs/tools@7cefce4 chore: optimize tools image size
• siderolabs/tools@dc7dd9e chore: remove libseccomp
• siderolabs/tools@e27c249 feat: update Go to 1.20.6
• siderolabs/tools@9b6d512 feat: use systemd 254-rc1
• siderolabs/tools@cd3b692 chore: bump deps
• siderolabs/tools@c1027a6 chore: remove sbsign
• siderolabs/tools@e0c76c0 chore: bump dependencies
• siderolabs/tools@7d0cd58 feat: update Go to 1.20.5
• siderolabs/tools@150efc2 chore: remove non needed tools
• siderolabs/tools@88ebb40 feat: add swtpm
• siderolabs/tools@4c5d7fe chore: use same source epoch everywhere
• siderolabs/tools@2e46e5b feat: add reproducibility pipelines
• siderolabs/tools@c6a41b6 fix: add sd-stub assertion patch
• siderolabs/tools@d2dde48 chore: bump deps
• siderolabs/tools@8e45ad7 feat: add sbsign
• siderolabs/tools@271c4a6 feat: add sd-tools
• siderolabs/tools@eedc294 chore: bump deps
• siderolabs/tools@81b09a5 feat: add libcap and gnuefi
• siderolabs/tools@47b0fd3 chore: bump go to 1.20.4
• siderolabs/tools@ff4cf2b chore: bump deps
• siderolabs/tools@1563556 feat: update Go to 1.20.3

Dependency Changes

• github.com/BurntSushi/toml v1.2.1 -> v1.3.2
• github.com/aws/aws-sdk-go-v2/config v1.18.32 new
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.7 new
• github.com/aws/smithy-go v1.14.0 new
• github.com/beevik/ntp v0.3.0 -> v1.2.0
• github.com/benbjohnson/clock v1.1.0 -> v1.3.5
• github.com/cenkalti/backoff/v4 v4.2.0 -> v4.2.1
• github.com/containerd/containerd v1.6.19 -> v1.6.22
• github.com/containerd/typeurl/v2 v2.1.1 new
• github.com/containernetworking/plugins v1.2.0 -> v1.3.0
• github.com/coreos/go-iptables v0.6.0 -> v0.7.0
• github.com/cosi-project/runtime v0.3.0 -> v0.3.1
• github.com/docker/distribution v2.8.1 -> v2.8.2
• github.com/docker/docker v23.0.2 -> v24.0.5
• github.com/ecks/uefi caef65d070eb new
• github.com/emicklei/dot v1.4.2 -> v1.6.0
• github.com/foxboron/go-uefi 32187aa193d0 new
• github.com/google/go-containerregistry v0.15.2 new
• github.com/google/go-tpm v0.9.0 new
• github.com/gopacket/gopacket v1.1.1 new
• github.com/hashicorp/go-envparse v0.1.0 new
• github.com/hashicorp/go-getter/v2 v2.2.1 new
• github.com/hetznercloud/hcloud-go/v2 v2.0.0 new
• github.com/insomniacslk/dhcp 74ae03f2425e -> 0f9eb93a696c
• github.com/jsimonetti/rtnetlink v1.3.1 -> v1.3.4
• github.com/mattn/go-isatty v0.0.18 -> v0.0.19
• github.com/mdlayher/ethtool ba3b4bc2e02c -> v0.1.0
• github.com/mdlayher/genetlink v1.3.1 -> v1.3.2
• github.com/mdlayher/netlink v1.7.1 -> v1.7.2
• github.com/mdlayher/netx c711c2f8512f -> 7e21880baee8
• github.com/nberlee/go-netstat v0.1.1 -> v0.1.2
• github.com/opencontainers/go-digest v1.0.0 new
• github.com/opencontainers/image-spec v1.1.0-rc2 -> v1.1.0-rc4
• github.com/packethost/packngo v0.29.0 -> v0.30.0
• github.com/prometheus/procfs v0.9.0 -> v0.11.1
• github.com/rivo/tview 281d14d896d7 -> 6cc0565babaf
• github.com/rs/xid v1.4.0 -> v1.5.0
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.15 -> v1.0.0-beta.20
• github.com/siderolabs/crypto v0.4.0 -> v0.4.1
• github.com/siderolabs/discovery-api v0.1.2 -> v0.1.3
• github.com/siderolabs/discovery-client v0.1.4 -> v0.1.5
• github.com/siderolabs/extras v1.4.0-1-g9b07505 -> v1.5.0
• github.com/siderolabs/gen v0.4.3 -> v0.4.5
• github.com/siderolabs/go-blockdevice v0.4.4 -> v0.4.6
• github.com/siderolabs/go-debug v0.2.2 -> v0.2.3
• github.com/siderolabs/go-kubernetes v0.2.0 -> v0.2.2
• github.com/siderolabs/go-loadbalancer v0.2.1 -> v0.3.2
• github.com/siderolabs/go-pcidb v0.1.0 -> v0.2.0
• github.com/siderolabs/kms-client v0.1.0 new
• github.com/siderolabs/pkgs v1.4.1-5-ga333a84 -> v1.5.0
• github.com/siderolabs/talos/pkg/machinery v1.4.0 -> v1.5.0-beta.0
• github.com/siderolabs/tools v1.4.0-1-g955aabc -> v1.5.0
• github.com/spf13/cobra v1.6.1 -> v1.7.0
• github.com/stretchr/testify v1.8.2 -> v1.8.4
• github.com/vmware-tanzu/sonobuoy v0.56.16 -> v0.56.17
• go.etcd.io/etcd/api/v3 v3.5.8 -> v3.5.9
• go.etcd.io/etcd/client/pkg/v3 v3.5.8 -> v3.5.9
• go.etcd.io/etcd/client/v3 v3.5.8 -> v3.5.9
• go.etcd.io/etcd/etcdutl/v3 v3.5.8 -> v3.5.9
• go.uber.org/zap v1.24.0 -> v1.25.0
• go4.org/netipx f1b76eb4bb35 -> ec4c8b891b28
• golang.org/x/net v0.8.0 -> v0.13.0
• golang.org/x/sync v0.1.0 -> v0.3.0
• golang.org/x/sys v0.6.0 -> v0.10.0
• golang.org/x/term v0.6.0 -> v0.10.0
• golang.org/x/text v0.11.0 new
• golang.zx2c4.com/wireguard/wgctrl 9c5414ab4bde -> 925a1e7659e6
• google.golang.org/grpc v1.54.0 -> v1.57.0
• google.golang.org/protobuf v1.30.0 -> v1.31.0
• k8s.io/api v0.27.1 -> v0.28.0-rc.0
• k8s.io/apimachinery v0.27.1 -> v0.28.0-rc.0
• k8s.io/apiserver v0.27.1 -> v0.28.0-rc.0
• k8s.io/client-go v0.27.1 -> v0.28.0-rc.0
• k8s.io/component-base v0.27.1 -> v0.28.0-rc.0
• k8s.io/cri-api v0.27.1 -> v0.28.0-rc.0
• k8s.io/klog/v2 v2.90.1 -> v2.100.1
• k8s.io/kubectl v0.27.1 -> v0.28.0-rc.0
• k8s.io/kubelet v0.27.1 -> v0.28.0-rc.0
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.68 -> v1.2.69

Previous release can be found at v1.4.0

Images

ghcr.io/siderolabs/flannel:v0.22.1
ghcr.io/siderolabs/install-cni:v1.5.0
registry.k8s.io/coredns/coredns:v1.10.1
gcr.io/etcd-development/etcd:v3.5.9
registry.k8s.io/kube-apiserver:v1.28.0-rc.0
registry.k8s.io/kube-controller-manager:v1.28.0-rc.0
registry.k8s.io/kube-scheduler:v1.28.0-rc.0
registry.k8s.io/kube-proxy:v1.28.0-rc.0
ghcr.io/siderolabs/kubelet:v1.28.0-rc.0
ghcr.io/siderolabs/installer:v1.5.0-beta.0
registry.k8s.io/pause:3.6

Talos 1.4.7 (2023-07-26)

Welcome to the v1.4.7 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Kubernetes: 1.27.4
Linux: 6.1.41

Talos is built with Go 1.20.6.

Contributors

• Andrey Smirnov

Changes

• siderolabs/talos@a1ee7612f release(v1.4.7): prepare release
• siderolabs/talos@95a3670f6 chore: workaround AWS AMI failures, disable Azure uploader
• siderolabs/talos@8f35f7dbe feat: update Linux to 6.1.41
• siderolabs/talos@696a6fb63 feat: update Kubernetes default to 1.27.4
• siderolabs/talos@7b5e94816 chore: optimize image generation time
• siderolabs/talos@d6af392e1 chore: update Go to 1.20.6

Changes from siderolabs/extras

• siderolabs/extras@2b5a1e6 feat: update Go to 1.20.6

Changes from siderolabs/pkgs

• siderolabs/pkgs@69266d9 feat: update Linux to 6.1.41
• siderolabs/pkgs@d5a3fd7 feat: update Go to 1.20.6

Changes from siderolabs/tools

• siderolabs/tools@78b2dc6 feat: update Go to 1.20.6

Dependency Changes

• github.com/siderolabs/extras v1.4.0-2-gb2aba9d -> v1.4.0-3-g2b5a1e6
• github.com/siderolabs/pkgs v1.4.1-14-ge911ac5 -> v1.4.1-16-g69266d9
• github.com/siderolabs/talos/pkg/machinery v1.4.6 -> v1.4.7
• github.com/siderolabs/tools v1.4.0-3-gfac34e5 -> v1.4.0-4-g78b2dc6
• k8s.io/api v0.27.3 -> v0.27.4
• k8s.io/apimachinery v0.27.3 -> v0.27.4
• k8s.io/apiserver v0.27.3 -> v0.27.4
• k8s.io/client-go v0.27.3 -> v0.27.4
• k8s.io/component-base v0.27.3 -> v0.27.4
• k8s.io/kubectl v0.27.3 -> v0.27.4
• k8s.io/kubelet v0.27.3 -> v0.27.4

Previous release can be found at v1.4.6

Images

ghcr.io/siderolabs/flannel:v0.21.4
ghcr.io/siderolabs/install-cni:v1.4.0-3-g2b5a1e6
docker.io/coredns/coredns:1.10.1
gcr.io/etcd-development/etcd:v3.5.9
registry.k8s.io/kube-apiserver:v1.27.4
registry.k8s.io/kube-controller-manager:v1.27.4
registry.k8s.io/kube-scheduler:v1.27.4
registry.k8s.io/kube-proxy:v1.27.4
ghcr.io/siderolabs/kubelet:v1.27.4
ghcr.io/siderolabs/installer:v1.4.7
registry.k8s.io/pause:3.6

Talos 1.5.0-alpha.3 (2023-07-25)

Welcome to the v1.5.0-alpha.3 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Extension Services

Talos now supports setting environmentFile for an extension service container spec. Refer: https://www.talos.dev/v1.5/advanced/extension-services/#container
The extension waits for the file to be present before starting the service.

Predictable Network Interface Names

Starting with version Talos 1.5, network interfaces are renamed to predictable names
same way as systemd does that in other Linux distributions.

The naming schema enx78e7d1ea46da (based on MAC addresses) is enabled by default, the order of interface naming decisions is:

• firmware/BIOS provided index numbers for on-board devices (example: eno1)
• firmware/BIOS provided PCI Express hotplug slot index numbers (example: ens1)
• physical/geographical location of the connector of the hardware (example: enp2s0)
• interfaces's MAC address (example: enx78e7d1ea46da)

The predictable network interface names features can be disabled by specifying net.ifnames=0 in the kernel command line.
Talos automatically adds the net.ifnames=0 kernel argument when upgrading from Talos versions before 1.5.

This change doesn't affect "cloud" platforms, like AWS, as Talos automatically adds net.ifnames=0 to the kernel command line.

Network KMS Disk Encryption

Talos now supports new type of encryption keys which are sealed/unsealed with an external KMS server:

systemDiskEncryption:
  ephemeral:
    keys:
      - kms:
          endpoint: https://1.2.3.4:443
        slot: 0

gRPC API definitions and a simple reference implementation of the KMS server can be found in this
repository.

KubePrism - Kubernetes API Server In-Cluster Load Balancer

Talos now supports configuring the KubePrism - Kubernetes API Server in-cluster load balancer with machine config
features.kubePrism.port and features.kubePrism.enabled fields.

If enabled, KubePrism binds to localhost and runs on the same port on every machine in the cluster.
The default value for KubePrism endpoint is https://localhost:7445.

The KubePrism is used by the kubelet, kube-scheduler, kube-controller-manager
and kube-proxy by default and can be passed to the CNIs like Cilium and Calico.

The KubePrism provides access to the Kubernetes API endpoint even if the external loadbalancer
is not healthy, provided that the worker nodes can reach to the controlplane machine addresses directly.

Machine Config option .machine.install.bootloader

The .machine.install.bootloader option in the machine config is deprecated and will be removed in Talos 1.6.
This was a no-op for a long time. The bootloader is always installed.

XFS Quota

Talos 1.5+ enables XFS project quota support by default, also enabling by default
kubelet feature gate LocalStorageCapacityIsolationFSQuotaMonitoring to use xfs quotas
to monitor volume usage instead of du.

This feature is controlled by the .machine.features.diskQuotaSupport field in the machine config,
it is set to true for new clusters.

When upgrading from a previous version, the feature can be enabled by setting the field to true.
On the first mount of a volume, the quota information will be recalculated, which may take some time.

RDMA/RoCE support

Talos no longer loads by default rdma_rxe Linux driver, which is required for RoCE support.
If the driver is required, it can be enabled by specifying rdma_rxe in the .machine.kernel.modules field in the machine config.

SecureBoot

Talos now supports generating a custom iso that can be used with SecureBoot. Key generation and enrolling has to be done manually.

talosctl image Command

A new set of commands was introduced to manage container images in the CRI:

• talosctl image list shows list of available images
• talosctl image pull allows to pre-pull an image into the CRI

Both new commands accept --namespace flag with two possible values:

• cri (default): images managed by the CRI (Kubernetes workloads)
• system: images managed by Talos (etcd and kubelet)

### `talosctl images` Command

The command `talosctl images` was renamed to `talosctl image default`.

The backward-compatible alias is kept in Talos 1.5, but it will be dropped in Talos 1.6.


### TPM Disk Encryption

Talos now supports encrypting STATE/EPHEMERAL with keys bound to a TPM device. The TPM device must be TPM2.0 compatible.
This is ideally supported when booting with new Talos SecureBoot UKI ISOs/Metal images. This feature would still work if SecureBoot
is not enabled for UKI images, but not recommended since there is no way to verify the trust of the bootloader.

Example machine config:

systemDiskEncryption:
ephemeral:
keys:
- slot: 0
tpm: {}
state:
keys:
- slot: 0
tpm: {}

### Component Updates

* Linux: 6.1.39
* containerd: 1.6.21
* runc: 1.1.8
* etcd: 3.5.9
* Kubernetes: 1.28.0-beta.0
* Flannel: 0.22.0

Talos is built with Go 1.20.6.


### `talosctl upgrade-k8s` Image Pre-pulling

The command `talosctl upgrade-k8s` now by default pre-pulls images for Kubernetes controlplane components
and kubelet. This provides an early check for missing images, and minimizes downtime during Kubernetes
rolling component update.


### Contributors

* Andrey Smirnov
* Noel Georgi
* Dmitriy Matrenichev
* Utku Ozdemir
* Artem Chernyshev
* Christian Rolland
* Steve Francis
* Nanfei Chen
* Nico Berlee
* Spencer Smith
* Alex Corcoles
* Alex Corcoles
* Alex Lubbock
* Andrei Kvapil
* Artem Chernyshev
* Budiman Jojo
* Chris Hoffman
* DJAlPee
* Dennis Marttinen
* Eirik Askheim
* Florian Klink
* Henk Kraal
* Igor Rzegocki
* James Callahan
* LukasAuerbeck
* Markus Reiter
* Michael A. Davis
* Michael Fornaro
* Niklas Wik
* Piotr Maksymiuk
* Ricky Sadowski
* Roee Klinger
* Sacha Trémoureux
* Scott Cariss
* Serge Logvinov
* Thomas Lemarchand
* Thomas Perronin
* Tim Jones
* Victor Bajada
* Walt Chen
* bdronneau

### Changes
<details><summary>195 commits</summary>
<p>

* siderolabs/talos@663264c86 release(v1.5.0-alpha.3): prepare release
* siderolabs/talos@d2f64af86 chore: disable cloud-images, pull in new kernel and gre module
* siderolabs/talos@8edce4906 docs: improve proxmox install guide
* siderolabs/talos@c783458be docs: typo dhcp -> dhcp
* siderolabs/talos@003cbd161 docs: warn about secretboxEncryptionSecret in kubeadm migration guide
* siderolabs/talos@786e86f5b refactor: rewrite the way Talos acquires the machine configuration
* siderolabs/talos@5e13cafe5 feat: enforce kernel lockdown for UKI
* siderolabs/talos@4d96d642f feat: update default Kubernetes version to 1.28.0-beta.0
* siderolabs/talos@170a73e16 chore: support creating qemu guest socket
* siderolabs/talos@59ac38a6b docs: add docs for installing azure ccm and csi
* siderolabs/talos@6288cd970 release(v1.5.0-alpha.2): prepare release
* siderolabs/talos@60c304126 chore: bump dependencies
* siderolabs/talos@9ef4e5efc fix: log explicitly when kubelet has no nodeIP match
* siderolabs/talos@6b39c6a4d fix: enable compression and bump gRPC max msg size
* siderolabs/talos@2f2eca861 chore: basic support for shutdown/poweroff flags
* siderolabs/talos@b84277d7d docs: fix wrong capability name
* siderolabs/talos@59d7d9344 chore: use machined for `shutdown`, `poweroff`
* siderolabs/talos@2439bfb71 chore: explicitly add timestamps to machined logs
* siderolabs/talos@14966e718 fix: skip over tpm2 1.2 devices
* siderolabs/talos@6716e7bc0 docs: update cilium documentation about KubePrism usage
* siderolabs/talos@166d75fe8 fix: tpm2 encrypt/decrypt flow
* siderolabs/talos@130518de7 chore: change missing renames of KubePrism
* siderolabs/talos@5f34f5b41 chore: rename api load balancer to KubePrism
* siderolabs/talos@c8b7095c0 refactor: use tpm2 library to calculate policy hash
* siderolabs/talos@078aac92e chore: bump deps
* siderolabs/talos@53873b844 refactor: move ukify into Talos code
* siderolabs/talos@d5f6fb9ff chore: add vendor info
* siderolabs/talos@79365d9ba feat: tpm2 based disk encryption
* siderolabs/talos@06369e819 fix: retry CRI pod removal, fix upgrade flow in the tests
* siderolabs/talos@d32dd3a82 chore: update Go to 1.20.6
* siderolabs/talos@8017afb10 feat: implement CRI image management and pre-pull on K8s upgrade
* siderolabs/talos@1c2f19b36 feat: update Kubernetes to 1.28.0-alpha.4
* siderolabs/talos@94e9891c1 chore: bump sd-boot to v254-rc1
* siderolabs/talos@936111ce0 fix: properly set up tls for KMS endpoint
* siderolabs/talos@cb226eec4 fix: rewrite encryption system information flow
* siderolabs/talos@3206db528 feat: drop tpm simulator for ukify measure
* siderolabs/talos@bd4f89f63 fix: disable dashboard on Azure, GCP and Scaleway
* siderolabs/talos@bdb96189f refactor: make maintenance service controller-based
* siderolabs/talos@d23d04de2 feat: seed the kernel random pool from the TPM
* siderolabs/talos@c81ce8cfb feat: support controlplane resources configuration
* siderolabs/talos@74de562b2 fix: mount hugepages with nosuid + nodev
* siderolabs/talos@ce63abb21 feat: add KMS assisted encryption key handler
* siderolabs/talos@dafbe9deb chore: optimize dockerfile instructions
* siderolabs/talos@a4289e870 chore: fix CLI docs generation stability
* siderolabs/talos@2fec8388f chore: bump dependencies
* siderolabs/talos@c1b4262dd docs: split simple and more complex getting started guides
* siderolabs/talos@c9a9f9561 refactor: extract secure boot certificate generation
* siderolabs/talos@6be5a13d5 feat: implement machine config documents for event and log streaming
* siderolabs/talos@e241be85b fix: properly handle YAML comment stripping for multi-doc
* siderolabs/talos@c02ada7d9 fix: capabilities including `ALL` should be uppercase
* siderolabs/talos@cbdf96d46 feat: support environment file for extensions
* siderolabs/talos@35d6adcb9 fix: provide stashed META values before installation
* siderolabs/talos@258f07449 fix: ukify cert generation
* siderolabs/talos@bf3febb7e fix: refine OVMF search paths
* siderolabs/talos@fbebc17f8 fix: disable LVM backups/archive
* siderolabs/talos@e5306ef26 chore: format and cleanup test scripts
* siderolabs/talos@bc371ecfd chore: add `/sbin/shutdown`
* siderolabs/talos@0d313b973 feat: add `reboot-mode` flag to `talosctl upgrade`
* siderolabs/talos@7ce87f20c fix: compare only basename of `os.Args[0]` in machined
* siderolabs/talos@53389b1e7 feat: auto-enroll secure boot keys
* siderolabs/talos@d77f0bc7b docs: fix broken link to powershell module
* siderolabs/talos@e1b150a11 release(v1.5.0-alpha.1): prepare release
* siderolabs/talos@8daf432b2 chore: bump deps
* siderolabs/talos@e3f3f5794 feat: implement revert for sd-boot
* siderolabs/talos@d8b0903d7 docs: vagrant setup document fix
* siderolabs/talos@fe0f46980 feat: implement secure boot from disk
* siderolabs/talos@445f5ad54 feat: support API server load balancer
* siderolabs/talos@19bc223de refactor: bootloader interface, labels
* siderolabs/talos@665702ddd chore: fix cilium e2e tests
* siderolabs/talos@71a548d18 chore: generic boootloader implementation
* siderolabs/talos@e9dbc9311 test: bump versions for upgrade tests
* siderolabs/talos@0a99965ef refactor: replace `uncordonNode` with controllers
* siderolabs/talos@e858bca3a test: fix cilium integration tests
* siderolabs/talos@455328d05 fix: allow time skew for generated kubeconfig
* siderolabs/talos@3ae05648a fix: usage of custom kernels
* siderolabs/talos@0797b0d16 chore: add a pipeline to test cloud-images step without a release
* siderolabs/talos@e5a36268b docs: include `allowSchedulingOnControlPlanes` on `talosctl gen config` output
* siderolabs/talos@c74d93728 chore: bump github.com/cosi-project/runtime
* siderolabs/talos@dbaf5c699 refactor: task `labelControlPlane` into controllers
* siderolabs/talos@1865a0c29 chore: modify some usages that are not recommended
* siderolabs/talos@3816318b9 chore: wrap config.Provider in atomic wrapper
* siderolabs/talos@d04cf1978 chore: clean up unnecessary self assignment
* siderolabs/talos@a34a94898 fix: copy missing modules.* files
* siderolabs/talos@f5e3272fc refactor: task 'updateBootLoader' as controller
* siderolabs/talos@e7be6ee7c refactor: make event log streaming fully reactive
* siderolabs/talos@aef2192a6 chore: use fixed module list
* siderolabs/talos@c719aa231 fix: allow http:// for discovery service URL
* siderolabs/talos@39134d8d5 chore: fix cron pipeline
* siderolabs/talos@a61dcdbbd fix: don't load RDMA over Ethernet driver by default
* siderolabs/talos@aac441f61 chore: update Go to 1.20.5, bump dependencies
* siderolabs/talos@1c0c7933d chore: cleanup partition code
* siderolabs/talos@31b988281 docs: add some words about certifcates
* siderolabs/talos@e912c0dfc chore: use go-blockdevice for zeroing partitions
* siderolabs/talos@e6dde8ffc feat: add network chaos to qemu development environment
* siderolabs/talos@47986cb79 chore: unify kexec phase
* siderolabs/talos@3a865370f feat: qemu secureboot
* siderolabs/talos@5dab45e86 refactor: allow kmsg log streaming to be reconfigured on the fly
* siderolabs/talos@8a02ecd4c chore: add endpoints balancer controller
* siderolabs/talos@423a31ac9 chore: deprectae `bootloader` installer option
* siderolabs/talos@cdfece7d6 chore: optimize image compression
* siderolabs/talos@bfc341937 chore: add default console args
* siderolabs/talos@2749aeeda feat: add support for multi-doc strategic merge patching
* siderolabs/talos@3f68485e4 feat: add uki iso generation
* siderolabs/talos@bab484a40 feat: use stable network interface names
* siderolabs/talos@196dfb99b fix: do not probe kernel args in dashboard if not needed
* siderolabs/talos@8c071b579 fix: skip DHCP RENEW if server IP in the lease is all zeroes
* siderolabs/talos@badbc51e6 refactor: rewrite code to include preliminary support for multi-doc
* siderolabs/talos@ecce29dee fix: upgrade-k8s use internal IP first, external IP fallback
* siderolabs/talos@3c64a5ffb chore: optimize image generation time
* siderolabs/talos@2292f36d9 chore: registry.k8s.io for coredns image
* siderolabs/talos@f2b258b37 docs: document talosctl version for upgrades
* siderolabs/talos@a0773f783 chore: add ukify Go script
* siderolabs/talos@b69e38d1f chore: bump dependencies
* siderolabs/talos@adce65103 docs: add piraeus/drbd to storage documentation
* siderolabs/talos@a982cabe7 docs: link support matrix in k8s update doc
* siderolabs/talos@1fb29a56a fix: fail quickly if upgrade-k8s is used with multiple nodes
* siderolabs/talos@51d931c47 chore: faster dev cycle
* siderolabs/talos@dc6764871 refactor: move around config interfaces, make RawV1Alpha1 typed
* siderolabs/talos@ea9a97dba fix: fall back to external IP when discovering nodes in upgrade-k8s
* siderolabs/talos@0bb7e8a5c refactor: split config.Provider into Config & Container
* siderolabs/talos@85d8a1619 chore: bump deps
* siderolabs/talos@39b7a56f0 chore: use 8GiB instead of 10GiB for cloud images
* siderolabs/talos@ff11fd39c fix: race with `udevd` and `mountUserDisks`
* siderolabs/talos@c3fabb982 chore: update default image sizes to 10GB for all "cloud" images
* siderolabs/talos@10155c390 feat: enable xfs project quota support, kubelet feature
* siderolabs/talos@eba818564 release(v1.5.0-alpha.0): prepare release
* siderolabs/talos@383471c3e feat: update default Kubernetes to v1.27.2
* siderolabs/talos@8f68d1abe chore: bump deps
* siderolabs/talos@e0c1585d3 feat: create azure community gallery image version on release
* siderolabs/talos@dd8336c9e fix: refresh kubelet self-issued serving certificates
* siderolabs/talos@bb02dd263 chore: drop deprecated stuff for Talos 1.5
* siderolabs/talos@61cad8673 chore: bump deps
* siderolabs/talos@01dfd3af7 feat: update etcd to v3.5.9
* siderolabs/talos@aa65fbb8a chore: update KUBECTL_URL to reflect the community bucket
* siderolabs/talos@cc3128d94 chore: bump kernel to 6.1.28
* siderolabs/talos@97fffaf78 chore: use ctest.UpdateWithConflicts instead of plain UpdateWithConflicts
* siderolabs/talos@3b36993b9 fix: rlimit nofile test
* siderolabs/talos@45e6e27af chore: bump runtime
* siderolabs/talos@4f720d465 fix: revert: set rlimit explicitly in wrapperd
* siderolabs/talos@a2565f674 fix: set rlimit explicitly in wrapperd
* siderolabs/talos@cdfc242b8 chore: re-enable Go buildid
* siderolabs/talos@e67f3f5c5 feat: linux 6.1.27, containerd 1.6.21, go 1.20.4
* siderolabs/talos@55ae59a0a fix: properly skip/cleanup controlplane configs for workers
* siderolabs/talos@64eade9bd chore: clean up unused constant
* siderolabs/talos@62c6e9655 feat: introduce siderolink config resource & reconnect
* siderolabs/talos@860002c73 fix: don't reload control plane pods on cert SANs changes
* siderolabs/talos@d43c61e80 fix: enforce nolock option for all NFS mounts by default
* siderolabs/talos@339986db9 fix: inhibit timer to follow kubelet timer
* siderolabs/talos@cbf6dc100 fix: set timeout for unmount calls
* siderolabs/talos@b58f913d5 fix: set the static pod priority as values
* siderolabs/talos@f8a7a5b6b docs: add information about KubeSpan ports and topology
* siderolabs/talos@2bad74d64 docs: add how to on scaling down
* siderolabs/talos@7442ff8b0 chore: fix typos inteface -> interface (docs and tests)
* siderolabs/talos@d4e94f7a1 fix: add back required TARGETARCH for installer
* siderolabs/talos@e6fffda01 chore: linux 6.1.26, runc 1.1.7
* siderolabs/talos@344746ae2 fix: bump max inhibit delay to 20 min
* siderolabs/talos@d9bdea2b5 chore: fork docs and compatibility modules for Talos 1.5
* siderolabs/talos@3d99610fc docs: document building, verifying image and process caps
* siderolabs/talos@014008ea2 fix: udevd rules trigger
* siderolabs/talos@9b36bb613 feat: update Linux to 6.1.25, fix virtio on arm64
* siderolabs/talos@08ec66c55 feat: clean up (garbage collect) system images which are not referenced
* siderolabs/talos@b097efcde fix: display correct number of machines on dashboard
* siderolabs/talos@cad43f0ad chore: remove k8s master label
* siderolabs/talos@e296a566e fix: support kernel userspace module loading
* siderolabs/talos@103f0ffdd feat: add startup probes to controller-manager and scheduler
* siderolabs/talos@5a1ae8aae chore: bump dependences
* siderolabs/talos@ec8c8dbaf chore: fix container image reproducibility
* siderolabs/talos@f661d8487 fix: allow `talosctl cp` to handle special files in `/proc`
* siderolabs/talos@2d824b563 fix: do not show control plane status for workers on dashboard
* siderolabs/talos@e5491ddad docs: update documentation for nocloud
* siderolabs/talos@7a004a6f7 fix: parse errors correctly
* siderolabs/talos@374ef5385 test: submit verbose flag to e2e tests
* siderolabs/talos@e1d38b6fe feat: show template URL in dashboard config URL tab
* siderolabs/talos@45d7f0ce9 docs: fix the latest url
* siderolabs/talos@96efbf147 docs: activate 1.4.0 docs by default
* siderolabs/talos@8c1f515b1 feat: update Linux to 6.1.24
* siderolabs/talos@8689bef5f docs: update documentation for Talos 1.4
* siderolabs/talos@a781dfb8e feat: update Kubernetes to 1.27.1
* siderolabs/talos@a737dd83a chore: typo in `compatibility.ParseKubernetesVersion`
* siderolabs/talos@f14928b0a fix: fix dashboard crash when a non-existent node is specified
* siderolabs/talos@3e406d9b0 feat: update etcd to v3.5.8
* siderolabs/talos@bd1cff3e8 chore: remove Go buildid
* siderolabs/talos@e31f7f50b feat: update Kubernetes to 1.27.0
* siderolabs/talos@aa3640d74 docs: update storage.md
* siderolabs/talos@07bb61e60 chore: module-sig-verify cleanup
* siderolabs/talos@5e9d836c3 chore: add kernel module signtaure verification
* siderolabs/talos@3cd1c6bb0 fix: send 'STOP' event on phase end
* siderolabs/talos@5176d27dc feat: update Kubernetes to 1.27.0-rc.1
* siderolabs/talos@2c55550a6 fix: quote ISO kernel args for GRUB
* siderolabs/talos@319d76e38 fix: respect BROWSER=echo in client auth interceptor
* siderolabs/talos@4e4ace839 chore: update Go to 1.20.3
* siderolabs/talos@170f73899 fix: correctly parse static pod phase
* siderolabs/talos@c3a595d5b fix: improve action tracking post checks
* siderolabs/talos@eb01edbc8 fix: rework DHCP flow
* siderolabs/talos@e095150a6 test: bump CAPI components versions
</p>
</details>

### Changes since v1.5.0-alpha.2
<details><summary>10 commits</summary>
<p>

* siderolabs/talos@663264c86 release(v1.5.0-alpha.3): prepare release
* siderolabs/talos@d2f64af86 chore: disable cloud-images, pull in new kernel and gre module
* siderolabs/talos@8edce4906 docs: improve proxmox install guide
* siderolabs/talos@c783458be docs: typo dhcp -> dhcp
* siderolabs/talos@003cbd161 docs: warn about secretboxEncryptionSecret in kubeadm migration guide
* siderolabs/talos@786e86f5b refactor: rewrite the way Talos acquires the machine configuration
* siderolabs/talos@5e13cafe5 feat: enforce kernel lockdown for UKI
* siderolabs/talos@4d96d642f feat: update default Kubernetes version to 1.28.0-beta.0
* siderolabs/talos@170a73e16 chore: support creating qemu guest socket
* siderolabs/talos@59ac38a6b docs: add docs for installing azure ccm and csi
</p>
</details>

### Changes from siderolabs/crypto
<details><summary>2 commits</summary>
<p>

* siderolabs/crypto@8f77da3 feat: add a method to load PEM key from file
* siderolabs/crypto@c03ff58 feat: add a way to represent redacted x509 private keys
</p>
</details>

### Changes from siderolabs/discovery-api
<details><summary>1 commit</summary>
<p>

* siderolabs/discovery-api@5e3db3c chore: app optional ControlPlane data
</p>
</details>

### Changes from siderolabs/discovery-client
<details><summary>1 commit</summary>
<p>

* siderolabs/discovery-client@9ba5f03 chore: app optional ControlPlane data
</p>
</details>

### Changes from siderolabs/extras
<details><summary>3 commits</summary>
<p>

* siderolabs/extras@f415aac feat: update Go to 1.20.6
* siderolabs/extras@a73d524 feat: update Go to 1.20.5
* siderolabs/extras@36c8ac4 chore: update to Go 1.20.3
</p>
</details>

### Changes from siderolabs/gen
<details><summary>3 commits</summary>
<p>

* siderolabs/gen@f9f5805 chore: bump rekres and add functions from exp
* siderolabs/gen@b968d21 feat: add `TryRecv` and `RecvWithContext` functions
* siderolabs/gen@476dfea feat: add foreach and clear to lazymap
</p>
</details>

### Changes from siderolabs/go-blockdevice
<details><summary>4 commits</summary>
<p>

* siderolabs/go-blockdevice@fbb01f7 fix: properly detect token not found error
* siderolabs/go-blockdevice@3e08968 fix: do not attach token to a key slot
* siderolabs/go-blockdevice@f2c419e feat: support LUKS token management
* siderolabs/go-blockdevice@076874a chore: resolve blockdevice symlinks
</p>
</details>

### Changes from siderolabs/go-debug
<details><summary>1 commit</summary>
<p>

* siderolabs/go-debug@43d9100 chore: allow enabling pprof manually
</p>
</details>

### Changes from siderolabs/go-kubernetes
<details><summary>2 commits</summary>
<p>

* siderolabs/go-kubernetes@69fea5b feat: support upgrades to Kubernetes 1.28
* siderolabs/go-kubernetes@5a3df5b fix: remove removed APIs for 1.27 upgrade
</p>
</details>

### Changes from siderolabs/go-loadbalancer
<details><summary>6 commits</summary>
<p>

* siderolabs/go-loadbalancer@574126c chore: add 0.1ms tier and fix tiers
* siderolabs/go-loadbalancer@5301800 chore: fix logging and tests
* siderolabs/go-loadbalancer@b23a173 chore: replace std log with zap
* siderolabs/go-loadbalancer@1a2f374 feat: add multi-tier scoring based for generic List
* siderolabs/go-loadbalancer@56a27da chore: move to siderolabs/tcpproxy of inet.af/tcpproxy
* siderolabs/go-loadbalancer@f3a0e24 fix: use SO_LINGER option when doing TCP healthchecks
</p>
</details>

### Changes from siderolabs/kms-client
<details><summary>3 commits</summary>
<p>

* siderolabs/kms-client@50064b6 fix: pass context to the key handler in the server wrapper
* siderolabs/kms-client@83e0a2e feat: define API and add reference implementation for KMS server
* siderolabs/kms-client@8c37ee8 Initial commit
</p>
</details>

### Changes from siderolabs/pkgs
<details><summary>41 commits</summary>
<p>

* siderolabs/pkgs@fedfafa feat: add thunderbolt/USB4 module
* siderolabs/pkgs@17d5b94 feat: enable NET_IPGRE kernel config
* siderolabs/pkgs@84cdfb6 feat: add 'zfs' package
* siderolabs/pkgs@d0eaedc feat: enable DM_RAID kernel config
* siderolabs/pkgs@d5e0fad feat: update dependencies
* siderolabs/pkgs@c644633 feat: enable multi-gen lru by default
* siderolabs/pkgs@75696ba feat: update Go to 1.20.6
* siderolabs/pkgs@205cab6 chore: feat use new sd-boot
* siderolabs/pkgs@fb817fe fix: enable USB attached SCSI driver on x86 systems
* siderolabs/pkgs@43451e6 chore: bump dependencies
* siderolabs/pkgs@eca94f8 feat: enable sriov
* siderolabs/pkgs@5a8e8e5 feat: enable VMWARE/HYPERV vsockets
* siderolabs/pkgs@edd725a chore: bump deps
* siderolabs/pkgs@c0ac69b feat: enable CONFIG_NVME_{MULTIPATH|AUTH}
* siderolabs/pkgs@f7cd916 fix: bump drbd to 9.2.4
* siderolabs/pkgs@a56d15a fix: copy missing `modules.*` files
* siderolabs/pkgs@1eefa66 feat: build isb modem drivers as module
* siderolabs/pkgs@a859f4f fix: build RDMA_RXE as a module
* siderolabs/pkgs@5fb5e95 feat: bump dependencies
* siderolabs/pkgs@39a64b2 feat: update Linux to 6.1.31, add GENEVE for arm64
* siderolabs/pkgs@97177be feat: update Linux to 6.1.30
* siderolabs/pkgs@b1f9d4e chore: prevent unsigned kexec with secureboot
* siderolabs/pkgs@9232a42 feat: add reproducibility pipelines
* siderolabs/pkgs@702d7a7 chore: bump deps
* siderolabs/pkgs@7958db1 chore: copy over sd-boot and sd-stub from tools
* siderolabs/pkgs@813b3c3 chore: revert xfsprogs
* siderolabs/pkgs@0cc78ab chore: bump kernel to 6.1.28
* siderolabs/pkgs@70189e3 chore: bump deps
* siderolabs/pkgs@c5d3bf1 feat: add sd-stub and sd-boot
* siderolabs/pkgs@30a7ac2 feat: update Linux 6.1.27, containerd 1.6.21
* siderolabs/pkgs@fbc6ee5 chore: bump deps
* siderolabs/pkgs@82b9489 chore: bump dependencies
* siderolabs/pkgs@f37e520 feat: update Linux to 6.1.25
* siderolabs/pkgs@3920b16 feat: add multi-gen LRU kernel support
* siderolabs/pkgs@988f1ec feat: update Linux to 6.1.24
* siderolabs/pkgs@5327d12 fix: remove FB_NVIDIA drivers, Linux 6.1.23
* siderolabs/pkgs@4eae958 chore: copy over the kernel signing public key
* siderolabs/pkgs@174f8fc chore: update Go to 1.20.3
* siderolabs/pkgs@41629b0 chore: reorder pkgs for better kernel caching
* siderolabs/pkgs@b483a6b feat: build 'snp.efi' for iPXE
* siderolabs/pkgs@fb853ff feat: update containerd to 1.6.20
</p>
</details>

### Changes from siderolabs/tools
<details><summary>20 commits</summary>
<p>

* siderolabs/tools@dc7dd9e chore: remove libseccomp
* siderolabs/tools@e27c249 feat: update Go to 1.20.6
* siderolabs/tools@9b6d512 feat: use systemd 254-rc1
* siderolabs/tools@cd3b692 chore: bump deps
* siderolabs/tools@c1027a6 chore: remove sbsign
* siderolabs/tools@e0c76c0 chore: bump dependencies
* siderolabs/tools@7d0cd58 feat: update Go to 1.20.5
* siderolabs/tools@150efc2 chore: remove non needed tools
* siderolabs/tools@88ebb40 feat: add swtpm
* siderolabs/tools@4c5d7fe chore: use same source epoch everywhere
* siderolabs/tools@2e46e5b feat: add reproducibility pipelines
* siderolabs/tools@c6a41b6 fix: add sd-stub assertion patch
* siderolabs/tools@d2dde48 chore: bump deps
* siderolabs/tools@8e45ad7 feat: add sbsign
* siderolabs/tools@271c4a6 feat: add sd-tools
* siderolabs/tools@eedc294 chore: bump deps
* siderolabs/tools@81b09a5 feat: add libcap and gnuefi
* siderolabs/tools@47b0fd3 chore: bump go to 1.20.4
* siderolabs/tools@ff4cf2b chore: bump deps
* siderolabs/tools@1563556 feat: update Go to 1.20.3
</p>
</details>

### Dependency Changes

* **github.com/BurntSushi/toml**                     v1.2.1 -> v1.3.2
* **github.com/aws/aws-sdk-go**                      v1.44.232 -> v1.44.304
* **github.com/beevik/ntp**                          v0.3.0 -> v1.2.0
* **github.com/benbjohnson/clock**                   v1.1.0 -> v1.3.5
* **github.com/cenkalti/backoff/v4**                 v4.2.0 -> v4.2.1
* **github.com/containerd/containerd**               v1.6.19 -> v1.6.21
* **github.com/containerd/typeurl/v2**               v2.1.1 **_new_**
* **github.com/containernetworking/plugins**         v1.2.0 -> v1.3.0
* **github.com/cosi-project/runtime**                v0.3.0 -> v0.3.1-alpha.8
* **github.com/docker/distribution**                 v2.8.1 -> v2.8.2
* **github.com/docker/docker**                       v23.0.2 -> v24.0.4
* **github.com/ecks/uefi**                           caef65d070eb **_new_**
* **github.com/emicklei/dot**                        v1.4.2 -> v1.5.0
* **github.com/foxboron/go-uefi**                    32187aa193d0 **_new_**
* **github.com/google/go-tpm**                       v0.9.0 **_new_**
* **github.com/hashicorp/go-envparse**               v0.1.0 **_new_**
* **github.com/hetznercloud/hcloud-go**              v1.41.0 -> v1.48.0
* **github.com/insomniacslk/dhcp**                   74ae03f2425e -> 5648422c16cd
* **github.com/jsimonetti/rtnetlink**                v1.3.1 -> v1.3.4
* **github.com/mattn/go-isatty**                     v0.0.18 -> v0.0.19
* **github.com/mdlayher/ethtool**                    ba3b4bc2e02c -> v0.1.0
* **github.com/mdlayher/genetlink**                  v1.3.1 -> v1.3.2
* **github.com/mdlayher/netlink**                    v1.7.1 -> v1.7.2
* **github.com/mdlayher/netx**                       c711c2f8512f -> 7e21880baee8
* **github.com/nberlee/go-netstat**                  v0.1.1 -> v0.1.2
* **github.com/opencontainers/go-digest**            v1.0.0 **_new_**
* **github.com/opencontainers/image-spec**           v1.1.0-rc2 -> v1.1.0-rc4
* **github.com/packethost/packngo**                  v0.29.0 -> v0.30.0
* **github.com/prometheus/procfs**                   v0.9.0 -> v0.11.0
* **github.com/rivo/tview**                          281d14d896d7 -> 6cc0565babaf
* **github.com/rs/xid**                              v1.4.0 -> v1.5.0
* **github.com/scaleway/scaleway-sdk-go**            v1.0.0-beta.15 -> v1.0.0-beta.19
* **github.com/siderolabs/crypto**                   v0.4.0 -> v0.4.1
* **github.com/siderolabs/discovery-api**            v0.1.2 -> v0.1.3
* **github.com/siderolabs/discovery-client**         v0.1.4 -> v0.1.5
* **github.com/siderolabs/extras**                   v1.4.0-1-g9b07505 -> v1.5.0-alpha.0-2-gf415aac
* **github.com/siderolabs/gen**                      v0.4.3 -> v0.4.5
* **github.com/siderolabs/go-blockdevice**           v0.4.4 -> v0.4.6
* **github.com/siderolabs/go-debug**                 v0.2.2 -> v0.2.3
* **github.com/siderolabs/go-kubernetes**            v0.2.0 -> v0.2.2
* **github.com/siderolabs/go-loadbalancer**          v0.2.1 -> v0.3.2
* **github.com/siderolabs/kms-client**               v0.1.0 **_new_**
* **github.com/siderolabs/pkgs**                     v1.4.1-5-ga333a84 -> v1.5.0-alpha.0-40-gfedfafa
* **github.com/siderolabs/talos/pkg/machinery**      v1.4.0 -> v1.5.0-alpha.3
* **github.com/siderolabs/tools**                    v1.4.0-1-g955aabc -> v1.5.0-alpha.0-19-gdc7dd9e
* **github.com/spf13/cobra**                         v1.6.1 -> v1.7.0
* **github.com/stretchr/testify**                    v1.8.2 -> v1.8.4
* **github.com/vmware-tanzu/sonobuoy**               v0.56.16 -> v0.56.17
* **github.com/vmware/govmomi**                      v0.30.4 -> v0.30.6
* **go.etcd.io/etcd/api/v3**                         v3.5.8 -> v3.5.9
* **go.etcd.io/etcd/client/pkg/v3**                  v3.5.8 -> v3.5.9
* **go.etcd.io/etcd/client/v3**                      v3.5.8 -> v3.5.9
* **go.etcd.io/etcd/etcdutl/v3**                     v3.5.8 -> v3.5.9
* **golang.org/x/net**                               v0.8.0 -> v0.12.0
* **golang.org/x/sync**                              v0.1.0 -> v0.3.0
* **golang.org/x/sys**                               v0.6.0 -> v0.10.0
* **golang.org/x/term**                              v0.6.0 -> v0.10.0
* **golang.org/x/text**                              v0.11.0 **_new_**
* **golang.zx2c4.com/wireguard/wgctrl**              9c5414ab4bde -> 925a1e7659e6
* **google.golang.org/grpc**                         v1.54.0 -> v1.56.2
* **google.golang.org/protobuf**                     v1.30.0 -> v1.31.0
* **k8s.io/api**                                     v0.27.1 -> v0.28.0-alpha.4
* **k8s.io/apimachinery**                            v0.27.1 -> v0.28.0-alpha.4
* **k8s.io/apiserver**                               v0.27.1 -> v0.28.0-alpha.4
* **k8s.io/client-go**                               v0.27.1 -> v0.28.0-alpha.4
* **k8s.io/component-base**                          v0.27.1 -> v0.28.0-alpha.4
* **k8s.io/cri-api**                                 v0.27.1 -> v0.28.0-alpha.4
* **k8s.io/klog/v2**                                 v2.90.1 -> v2.100.1
* **k8s.io/kubectl**                                 v0.27.1 -> v0.28.0-alpha.4
* **k8s.io/kubelet**                                 v0.27.1 -> v0.28.0-alpha.4
* **kernel.org/pub/linux/libs/security/libcap/cap**  v1.2.68 -> v1.2.69

Previous release can be found at [v1.4.0](https://github.com/siderolabs/talos/releases/tag/v1.4.0)

## Images

ghcr.io/siderolabs/flannel:v0.22.0
ghcr.io/siderolabs/install-cni:v1.5.0-alpha.0-2-gf415aac
registry.k8s.io/coredns/coredns:v1.10.1
gcr.io/etcd-development/etcd:v3.5.9
registry.k8s.io/kube-apiserver:v1.28.0-beta.0
registry.k8s.io/kube-controller-manager:v1.28.0-beta.0
registry.k8s.io/kube-scheduler:v1.28.0-beta.0
registry.k8s.io/kube-proxy:v1.28.0-beta.0
ghcr.io/siderolabs/kubelet:v1.28.0-beta.0
ghcr.io/siderolabs/installer:v1.5.0-alpha.3
registry.k8s.io/pause:3.6

Talos 1.4.6 (2023-06-28)

Welcome to the v1.4.6 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Kubernetes: 1.27.3
Linux: 6.1.35

Talos is built with Go 1.20.5.

Contributors

• Andrey Smirnov
• Alex Lubbock
• Noel Georgi
• Utku Ozdemir

Changes

• siderolabs/talos@8615b213e release(v1.4.6): prepare release
• siderolabs/talos@bb76a38d4 fix: provide stashed META values before installation
• siderolabs/talos@109a6c659 fix: allow time skew for generated kubeconfig
• siderolabs/talos@765f87b95 chore: optimize image compression
• siderolabs/talos@8c9f0495f fix: do not probe kernel args in dashboard if not needed
• siderolabs/talos@d759302d9 fix: skip DHCP RENEW if server IP in the lease is all zeroes
• siderolabs/talos@2b33a66d7 fix: upgrade-k8s use internal IP first, external IP fallback
• siderolabs/talos@b5bbb3f2e feat: update Linux to 6.1.36
• siderolabs/talos@1e9c3b3b8 feat: update default Kubernetes version to 1.27.3
• siderolabs/talos@21a490b11 chore: update to Go 1.20.5

Changes from siderolabs/extras

• siderolabs/extras@b2aba9d feat: update Go to 1.20.5

Changes from siderolabs/pkgs

• siderolabs/pkgs@e911ac5 feat: update Linux to 6.1.35
• siderolabs/pkgs@15a5cba fix: bump drbd to 9.2.4
• siderolabs/pkgs@91b8dd4 feat: update Go to 1.20.5

Changes from siderolabs/tools

• siderolabs/tools@fac34e5 feat: update Go to 1.20.5

Dependency Changes

• github.com/siderolabs/extras v1.4.0-1-g9b07505 -> v1.4.0-2-gb2aba9d
• github.com/siderolabs/pkgs v1.4.1-11-g3e75ce2 -> v1.4.1-14-ge911ac5
• github.com/siderolabs/talos/pkg/machinery v1.4.5 -> v1.4.6
• github.com/siderolabs/tools v1.4.0-2-g5d0e9ab -> v1.4.0-3-gfac34e5
• k8s.io/api v0.27.2 -> v0.27.3
• k8s.io/apimachinery v0.27.2 -> v0.27.3
• k8s.io/apiserver v0.27.2 -> v0.27.3
• k8s.io/client-go v0.27.2 -> v0.27.3
• k8s.io/component-base v0.27.2 -> v0.27.3
• k8s.io/cri-api v0.27.2 -> v0.27.3
• k8s.io/kubectl v0.27.2 -> v0.27.3
• k8s.io/kubelet v0.27.2 -> v0.27.3

Previous release can be found at v1.4.5

Images

ghcr.io/siderolabs/flannel:v0.21.4
ghcr.io/siderolabs/install-cni:v1.4.0-2-gb2aba9d
docker.io/coredns/coredns:1.10.1
gcr.io/etcd-development/etcd:v3.5.9
registry.k8s.io/kube-apiserver:v1.27.3
registry.k8s.io/kube-controller-manager:v1.27.3
registry.k8s.io/kube-scheduler:v1.27.3
registry.k8s.io/kube-proxy:v1.27.3
ghcr.io/siderolabs/kubelet:v1.27.3
ghcr.io/siderolabs/installer:v1.4.6
registry.k8s.io/pause:3.6

Talos 1.5.0-alpha.1 (2023-06-23)

Welcome to the v1.5.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Kubernetes API Server In-Cluster Load Balancer

Talos now supports configuring the Kubernetes API Server in-cluster load balancer with machine config
features.apiServerBalancerSupport.port and features.apiServerBalancerSupport.enabled fields.

If enabled, the loadbalancer binds to localhost and runs on the same port on every machine in the cluster.
The default value for loadbalancer endpoint is https://localhost:7445.

The in-cluster loadbalancer endpoint is used by the kubelet, kube-scheduler, kube-controller-manager
and kube-proxy by default and can be passed to the CNIs like Cilium and Calico.

The in-cluster loadbalancer provides access to the Kubernetes API endpoint even if the external loadbalancer
is not healthy, provided that the worker nodes can reach to the controlplane machine addresses directly.

Predictable Network Interface Names

Starting with version Talos 1.5, network interfaces are renamed to predictable names
same way as systemd does that in other Linux distributions.

The naming schema enx78e7d1ea46da (based on MAC addresses) is enabled by default, the order of interface naming decisions is:

• firmware/BIOS provided index numbers for on-board devices (example: eno1)
• firmware/BIOS provided PCI Express hotplug slot index numbers (example: ens1)
• physical/geographical location of the connector of the hardware (example: enp2s0)
• interfaces's MAC address (example: enx78e7d1ea46da)

The predictable network interface names features can be disabled by specifying net.ifnames=0 in the kernel command line.
Talos automatically adds the net.ifnames=0 kernel argument when upgrading from Talos versions before 1.5.

This change doesn't affect "cloud" platforms, like AWS, as Talos automatically adds net.ifnames=0 to the kernel command line.

Machine Config option .machine.install.bootloader

The .machine.install.bootloader option in the machine config is deprecated and will be removed in Talos 1.6.
This was a no-op for a long time. The bootloader is always installed.

XFS Quota

Talos 1.5+ enables XFS project quota support by default, also enabling by default
kubelet feature gate LocalStorageCapacityIsolationFSQuotaMonitoring to use xfs quotas
to monitor volume usage instead of du.

This feature is controlled by the .machine.features.diskQuotaSupport field in the machine config,
it is set to true for new clusters.

When upgrading from a previous version, the feature can be enabled by setting the field to true.
On the first mount of a volume, the quota information will be recalculated, which may take some time.

RDMA/RoCE support

Talos no longer loads by default rdma_rxe Linux driver, which is required for RoCE support.
If the driver is required, it can be enabled by specifying rdma_rxe in the .machine.kernel.modules field in the machine config.

SecureBoot

Talos now supports generating a custom iso that can be used with SecureBoot. Key generation and enrolling has to be done manually.

Component Updates

• Linux: 6.1.35
• containerd: 1.6.21
• runc: 1.1.7
• etcd: 3.5.9
• Kubernetes: 1.27.3
• Flannel: 0.22.0

Talos is built with Go 1.20.5.

Contributors

• Andrey Smirnov
• Noel Georgi
• Dmitriy Matrenichev
• Utku Ozdemir
• Christian Rolland
• Nanfei Chen
• Spencer Smith
• Steve Francis
• Alex Corcoles
• Alex Corcoles
• Alex Lubbock
• Budiman Jojo
• DJAlPee
• Eirik Askheim
• Henk Kraal
• Michael A. Davis
• Michael Fornaro
• Nico Berlee
• Niklas Wik
• Piotr Maksymiuk
• Ricky Sadowski
• Roee Klinger
• Thomas Perronin
• Walt Chen
• bdronneau

Changes

• siderolabs/talos@e1b150a11 release(v1.5.0-alpha.1): prepare release
• siderolabs/talos@8daf432b2 chore: bump deps
• siderolabs/talos@e3f3f5794 feat: implement revert for sd-boot
• siderolabs/talos@d8b0903d7 docs: vagrant setup document fix
• siderolabs/talos@fe0f46980 feat: implement secure boot from disk
• siderolabs/talos@445f5ad54 feat: support API server load balancer
• siderolabs/talos@19bc223de refactor: bootloader interface, labels
• siderolabs/talos@665702ddd chore: fix cilium e2e tests
• siderolabs/talos@71a548d18 chore: generic boootloader implementation
• siderolabs/talos@e9dbc9311 test: bump versions for upgrade tests
• siderolabs/talos@0a99965ef refactor: replace uncordonNode with controllers
• siderolabs/talos@e858bca3a test: fix cilium integration tests
• siderolabs/talos@455328d05 fix: allow time skew for generated kubeconfig
• siderolabs/talos@3ae05648a fix: usage of custom kernels
• siderolabs/talos@0797b0d16 chore: add a pipeline to test cloud-images step without a release
• siderolabs/talos@e5a36268b docs: include allowSchedulingOnControlPlanes on talosctl gen config output
• siderolabs/talos@c74d93728 chore: bump github.com/cosi-project/runtime
• siderolabs/talos@dbaf5c699 refactor: task labelControlPlane into controllers
• siderolabs/talos@1865a0c29 chore: modify some usages that are not recommended
• siderolabs/talos@3816318b9 chore: wrap config.Provider in atomic wrapper
• siderolabs/talos@d04cf1978 chore: clean up unnecessary self assignment
• siderolabs/talos@a34a94898 fix: copy missing modules.* files
• siderolabs/talos@f5e3272fc refactor: task 'updateBootLoader' as controller
• siderolabs/talos@e7be6ee7c refactor: make event log streaming fully reactive
• siderolabs/talos@aef2192a6 chore: use fixed module list
• siderolabs/talos@c719aa231 fix: allow http:// for discovery service URL
• siderolabs/talos@39134d8d5 chore: fix cron pipeline
• siderolabs/talos@a61dcdbbd fix: don't load RDMA over Ethernet driver by default
• siderolabs/talos@aac441f61 chore: update Go to 1.20.5, bump dependencies
• siderolabs/talos@1c0c7933d chore: cleanup partition code
• siderolabs/talos@31b988281 docs: add some words about certifcates
• siderolabs/talos@e912c0dfc chore: use go-blockdevice for zeroing partitions
• siderolabs/talos@e6dde8ffc feat: add network chaos to qemu development environment
• siderolabs/talos@47986cb79 chore: unify kexec phase
• siderolabs/talos@3a865370f feat: qemu secureboot
• siderolabs/talos@5dab45e86 refactor: allow kmsg log streaming to be reconfigured on the fly
• siderolabs/talos@8a02ecd4c chore: add endpoints balancer controller
• siderolabs/talos@423a31ac9 chore: deprectae bootloader installer option
• siderolabs/talos@cdfece7d6 chore: optimize image compression
• siderolabs/talos@bfc341937 chore: add default console args
• siderolabs/talos@2749aeeda feat: add support for multi-doc strategic merge patching
• siderolabs/talos@3f68485e4 feat: add uki iso generation
• siderolabs/talos@bab484a40 feat: use stable network interface names
• siderolabs/talos@196dfb99b fix: do not probe kernel args in dashboard if not needed
• siderolabs/talos@8c071b579 fix: skip DHCP RENEW if server IP in the lease is all zeroes
• siderolabs/talos@badbc51e6 refactor: rewrite code to include preliminary support for multi-doc
• siderolabs/talos@ecce29dee fix: upgrade-k8s use internal IP first, external IP fallback
• siderolabs/talos@3c64a5ffb chore: optimize image generation time
• siderolabs/talos@2292f36d9 chore: registry.k8s.io for coredns image
• siderolabs/talos@f2b258b37 docs: document talosctl version for upgrades
• siderolabs/talos@a0773f783 chore: add ukify Go script
• siderolabs/talos@b69e38d1f chore: bump dependencies
• siderolabs/talos@adce65103 docs: add piraeus/drbd to storage documentation
• siderolabs/talos@a982cabe7 docs: link support matrix in k8s update doc
• siderolabs/talos@1fb29a56a fix: fail quickly if upgrade-k8s is used with multiple nodes
• siderolabs/talos@51d931c47 chore: faster dev cycle
• siderolabs/talos@dc6764871 refactor: move around config interfaces, make RawV1Alpha1 typed
• siderolabs/talos@ea9a97dba fix: fall back to external IP when discovering nodes in upgrade-k8s
• siderolabs/talos@0bb7e8a5c refactor: split config.Provider into Config & Container
• siderolabs/talos@85d8a1619 chore: bump deps
• siderolabs/talos@39b7a56f0 chore: use 8GiB instead of 10GiB for cloud images
• siderolabs/talos@ff11fd39c fix: race with udevd and mountUserDisks
• siderolabs/talos@c3fabb982 chore: update default image sizes to 10GB for all "cloud" images
• siderolabs/talos@10155c390 feat: enable xfs project quota support, kubelet feature
• siderolabs/talos@eba818564 release(v1.5.0-alpha.0): prepare release
• siderolabs/talos@383471c3e feat: update default Kubernetes to v1.27.2
• siderolabs/talos@8f68d1abe chore: bump deps
• siderolabs/talos@e0c1585d3 feat: create azure community gallery image version on release
• siderolabs/talos@dd8336c9e fix: refresh kubelet self-issued serving certificates
• siderolabs/talos@bb02dd263 chore: drop deprecated stuff for Talos 1.5
• siderolabs/talos@61cad8673 chore: bump deps
• siderolabs/talos@01dfd3af7 feat: update etcd to v3.5.9
• siderolabs/talos@aa65fbb8a chore: update KUBECTL_URL to reflect the community bucket
• siderolabs/talos@cc3128d94 chore: bump kernel to 6.1.28
• siderolabs/talos@97fffaf78 chore: use ctest.UpdateWithConflicts instead of plain UpdateWithConflicts
• siderolabs/talos@3b36993b9 fix: rlimit nofile test
• siderolabs/talos@45e6e27af chore: bump runtime
• siderolabs/talos@4f720d465 fix: revert: set rlimit explicitly in wrapperd
• siderolabs/talos@a2565f674 fix: set rlimit explicitly in wrapperd
• siderolabs/talos@cdfc242b8 chore: re-enable Go buildid
• siderolabs/talos@e67f3f5c5 feat: linux 6.1.27, containerd 1.6.21, go 1.20.4
• siderolabs/talos@55ae59a0a fix: properly skip/cleanup controlplane configs for workers
• siderolabs/talos@64eade9bd chore: clean up unused constant
• siderolabs/talos@62c6e9655 feat: introduce siderolink config resource & reconnect
• siderolabs/talos@860002c73 fix: don't reload control plane pods on cert SANs changes
• siderolabs/talos@d43c61e80 fix: enforce nolock option for all NFS mounts by default
• siderolabs/talos@339986db9 fix: inhibit timer to follow kubelet timer
• siderolabs/talos@cbf6dc100 fix: set timeout for unmount calls
• siderolabs/talos@b58f913d5 fix: set the static pod priority as values
• siderolabs/talos@f8a7a5b6b docs: add information about KubeSpan ports and topology
• siderolabs/talos@2bad74d64 docs: add how to on scaling down
• siderolabs/talos@7442ff8b0 chore: fix typos inteface -> interface (docs and tests)
• siderolabs/talos@d4e94f7a1 fix: add back required TARGETARCH for installer
• siderolabs/talos@e6fffda01 chore: linux 6.1.26, runc 1.1.7
• siderolabs/talos@344746ae2 fix: bump max inhibit delay to 20 min
• siderolabs/talos@d9bdea2b5 chore: fork docs and compatibility modules for Talos 1.5
• siderolabs/talos@3d99610fc docs: document building, verifying image and process caps
• siderolabs/talos@014008ea2 fix: udevd rules trigger
• siderolabs/talos@9b36bb613 feat: update Linux to 6.1.25, fix virtio on arm64
• siderolabs/talos@08ec66c55 feat: clean up (garbage collect) system images which are not referenced
• siderolabs/talos@b097efcde fix: display correct number of machines on dashboard
• siderolabs/talos@cad43f0ad chore: remove k8s master label
• siderolabs/talos@e296a566e fix: support kernel userspace module loading
• siderolabs/talos@103f0ffdd feat: add startup probes to controller-manager and scheduler
• siderolabs/talos@5a1ae8aae chore: bump dependences
• siderolabs/talos@ec8c8dbaf chore: fix container image reproducibility
• siderolabs/talos@f661d8487 fix: allow talosctl cp to handle special files in /proc
• siderolabs/talos@2d824b563 fix: do not show control plane status for workers on dashboard
• siderolabs/talos@e5491ddad docs: update documentation for nocloud
• siderolabs/talos@7a004a6f7 fix: parse errors correctly
• siderolabs/talos@374ef5385 test: submit verbose flag to e2e tests
• siderolabs/talos@e1d38b6fe feat: show template URL in dashboard config URL tab
• siderolabs/talos@45d7f0ce9 docs: fix the latest url
• siderolabs/talos@96efbf147 docs: activate 1.4.0 docs by default
• siderolabs/talos@8c1f515b1 feat: update Linux to 6.1.24
• siderolabs/talos@8689bef5f docs: update documentation for Talos 1.4
• siderolabs/talos@a781dfb8e feat: update Kubernetes to 1.27.1
• siderolabs/talos@a737dd83a chore: typo in compatibility.ParseKubernetesVersion
• siderolabs/talos@f14928b0a fix: fix dashboard crash when a non-existent node is specified
• siderolabs/talos@3e406d9b0 feat: update etcd to v3.5.8
• siderolabs/talos@bd1cff3e8 chore: remove Go buildid
• siderolabs/talos@e31f7f50b feat: update Kubernetes to 1.27.0
• siderolabs/talos@aa3640d74 docs: update storage.md
• siderolabs/talos@07bb61e60 chore: module-sig-verify cleanup
• siderolabs/talos@5e9d836c3 chore: add kernel module signtaure verification
• siderolabs/talos@3cd1c6bb0 fix: send 'STOP' event on phase end
• siderolabs/talos@5176d27dc feat: update Kubernetes to 1.27.0-rc.1
• siderolabs/talos@2c55550a6 fix: quote ISO kernel args for GRUB
• siderolabs/talos@319d76e38 fix: respect BROWSER=echo in client auth interceptor
• siderolabs/talos@4e4ace839 chore: update Go to 1.20.3
• siderolabs/talos@170f73899 fix: correctly parse static pod phase
• siderolabs/talos@c3a595d5b fix: improve action tracking post checks
• siderolabs/talos@eb01edbc8 fix: rework DHCP flow
• siderolabs/talos@e095150a6 test: bump CAPI components versions

Changes since v1.5.0-alpha.0

• siderolabs/talos@e1b150a11 release(v1.5.0-alpha.1): prepare release
• siderolabs/talos@8daf432b2 chore: bump deps
• siderolabs/talos@e3f3f5794 feat: implement revert for sd-boot
• siderolabs/talos@d8b0903d7 docs: vagrant setup document fix
• siderolabs/talos@fe0f46980 feat: implement secure boot from disk
• siderolabs/talos@445f5ad54 feat: support API server load balancer
• siderolabs/talos@19bc223de refactor: bootloader interface, labels
• siderolabs/talos@665702ddd chore: fix cilium e2e tests
• siderolabs/talos@71a548d18 chore: generic boootloader implementation
• siderolabs/talos@e9dbc9311 test: bump versions for upgrade tests
• siderolabs/talos@0a99965ef refactor: replace uncordonNode with controllers
• siderolabs/talos@e858bca3a test: fix cilium integration tests
• siderolabs/talos@455328d05 fix: allow time skew for generated kubeconfig
• siderolabs/talos@3ae05648a fix: usage of custom kernels
• siderolabs/talos@0797b0d16 chore: add a pipeline to test cloud-images step without a release
• siderolabs/talos@e5a36268b docs: include allowSchedulingOnControlPlanes on talosctl gen config output
• siderolabs/talos@c74d93728 chore: bump github.com/cosi-project/runtime
• siderolabs/talos@dbaf5c699 refactor: task labelControlPlane into controllers
• siderolabs/talos@1865a0c29 chore: modify some usages that are not recommended
• siderolabs/talos@3816318b9 chore: wrap config.Provider in atomic wrapper
• siderolabs/talos@d04cf1978 chore: clean up unnecessary self assignment
• siderolabs/talos@a34a94898 fix: copy missing modules.* files
• siderolabs/talos@f5e3272fc refactor: task 'updateBootLoader' as controller
• siderolabs/talos@e7be6ee7c refactor: make event log streaming fully reactive
• siderolabs/talos@aef2192a6 chore: use fixed module list
• siderolabs/talos@c719aa231 fix: allow http:// for discovery service URL
• siderolabs/talos@39134d8d5 chore: fix cron pipeline
• siderolabs/talos@a61dcdbbd fix: don't load RDMA over Ethernet driver by default
• siderolabs/talos@aac441f61 chore: update Go to 1.20.5, bump dependencies
• siderolabs/talos@1c0c7933d chore: cleanup partition code
• siderolabs/talos@31b988281 docs: add some words about certifcates
• siderolabs/talos@e912c0dfc chore: use go-blockdevice for zeroing partitions
• siderolabs/talos@e6dde8ffc feat: add network chaos to qemu development environment
• siderolabs/talos@47986cb79 chore: unify kexec phase
• siderolabs/talos@3a865370f feat: qemu secureboot
• siderolabs/talos@5dab45e86 refactor: allow kmsg log streaming to be reconfigured on the fly
• siderolabs/talos@8a02ecd4c chore: add endpoints balancer controller
• siderolabs/talos@423a31ac9 chore: deprectae bootloader installer option
• siderolabs/talos@cdfece7d6 chore: optimize image compression
• siderolabs/talos@bfc341937 chore: add default console args
• siderolabs/talos@2749aeeda feat: add support for multi-doc strategic merge patching
• siderolabs/talos@3f68485e4 feat: add uki iso generation
• siderolabs/talos@bab484a40 feat: use stable network interface names
• siderolabs/talos@196dfb99b fix: do not probe kernel args in dashboard if not needed
• siderolabs/talos@8c071b579 fix: skip DHCP RENEW if server IP in the lease is all zeroes
• siderolabs/talos@badbc51e6 refactor: rewrite code to include preliminary support for multi-doc
• siderolabs/talos@ecce29dee fix: upgrade-k8s use internal IP first, external IP fallback
• siderolabs/talos@3c64a5ffb chore: optimize image generation time
• siderolabs/talos@2292f36d9 chore: registry.k8s.io for coredns image
• siderolabs/talos@f2b258b37 docs: document talosctl version for upgrades
• siderolabs/talos@a0773f783 chore: add ukify Go script
• siderolabs/talos@b69e38d1f chore: bump dependencies
• siderolabs/talos@adce65103 docs: add piraeus/drbd to storage documentation
• siderolabs/talos@a982cabe7 docs: link support matrix in k8s update doc
• siderolabs/talos@1fb29a56a fix: fail quickly if upgrade-k8s is used with multiple nodes
• siderolabs/talos@51d931c47 chore: faster dev cycle
• siderolabs/talos@dc6764871 refactor: move around config interfaces, make RawV1Alpha1 typed
• siderolabs/talos@ea9a97dba fix: fall back to external IP when discovering nodes in upgrade-k8s
• siderolabs/talos@0bb7e8a5c refactor: split config.Provider into Config & Container
• siderolabs/talos@85d8a1619 chore: bump deps
• siderolabs/talos@39b7a56f0 chore: use 8GiB instead of 10GiB for cloud images
• siderolabs/talos@ff11fd39c fix: race with udevd and mountUserDisks
• siderolabs/talos@c3fabb982 chore: update default image sizes to 10GB for all "cloud" images
• siderolabs/talos@10155c390 feat: enable xfs project quota support, kubelet feature

Changes from siderolabs/discovery-api

• siderolabs/discovery-api@5e3db3c chore: app optional ControlPlane data

Changes from siderolabs/discovery-client

• siderolabs/discovery-client@9ba5f03 chore: app optional ControlPlane data

Changes from siderolabs/extras

• siderolabs/extras@a73d524 feat: update Go to 1.20.5
• siderolabs/extras@36c8ac4 chore: update to Go 1.20.3

Changes from siderolabs/gen

• siderolabs/gen@f9f5805 chore: bump rekres and add functions from exp
• siderolabs/gen@b968d21 feat: add TryRecv and RecvWithContext functions
• siderolabs/gen@476dfea feat: add foreach and clear to lazymap

Changes from siderolabs/go-blockdevice

• siderolabs/go-blockdevice@076874a chore: resolve blockdevice symlinks

Changes from siderolabs/go-kubernetes

• siderolabs/go-kubernetes@5a3df5b fix: remove removed APIs for 1.27 upgrade

Changes from siderolabs/go-loadbalancer

• siderolabs/go-loadbalancer@5301800 chore: fix logging and tests
• siderolabs/go-loadbalancer@b23a173 chore: replace std log with zap
• siderolabs/go-loadbalancer@1a2f374 feat: add multi-tier scoring based for generic List
• siderolabs/go-loadbalancer@56a27da chore: move to siderolabs/tcpproxy of inet.af/tcpproxy
• siderolabs/go-loadbalancer@f3a0e24 fix: use SO_LINGER option when doing TCP healthchecks

Changes from siderolabs/pkgs

• siderolabs/pkgs@edd725a chore: bump deps
• siderolabs/pkgs@c0ac69b feat: enable CONFIG_NVME_{MULTIPATH|AUTH}
• siderolabs/pkgs@f7cd916 fix: bump drbd to 9.2.4
• siderolabs/pkgs@a56d15a fix: copy missing modules.* files
• siderolabs/pkgs@1eefa66 feat: build isb modem drivers as module
• siderolabs/pkgs@a859f4f fix: build RDMA_RXE as a module
• siderolabs/pkgs@5fb5e95 feat: bump dependencies
• siderolabs/pkgs@39a64b2 feat: update Linux to 6.1.31, add GENEVE for arm64
• siderolabs/pkgs@97177be feat: update Linux to 6.1.30
• siderolabs/pkgs@b1f9d4e chore: prevent unsigned kexec with secureboot
• siderolabs/pkgs@9232a42 feat: add reproducibility pipelines
• siderolabs/pkgs@702d7a7 chore: bump deps
• siderolabs/pkgs@7958db1 chore: copy over sd-boot and sd-stub from tools
• siderolabs/pkgs@813b3c3 chore: revert xfsprogs
• siderolabs/pkgs@0cc78ab chore: bump kernel to 6.1.28
• siderolabs/pkgs@70189e3 chore: bump deps
• siderolabs/pkgs@c5d3bf1 feat: add sd-stub and sd-boot
• siderolabs/pkgs@30a7ac2 feat: update Linux 6.1.27, containerd 1.6.21
• siderolabs/pkgs@fbc6ee5 chore: bump deps
• siderolabs/pkgs@82b9489 chore: bump dependencies
• siderolabs/pkgs@f37e520 feat: update Linux to 6.1.25
• siderolabs/pkgs@3920b16 feat: add multi-gen LRU kernel support
• siderolabs/pkgs@988f1ec feat: update Linux to 6.1.24
• siderolabs/pkgs@5327d12 fix: remove FB_NVIDIA drivers, Linux 6.1.23
• siderolabs/pkgs@4eae958 chore: copy over the kernel signing public key
• siderolabs/pkgs@174f8fc chore: update Go to 1.20.3
• siderolabs/pkgs@41629b0 chore: reorder pkgs for better kernel caching
• siderolabs/pkgs@b483a6b feat: build 'snp.efi' for iPXE
• siderolabs/pkgs@fb853ff feat: update containerd to 1.6.20

Changes from siderolabs/tools

• siderolabs/tools@e0c76c0 chore: bump dependencies
• siderolabs/tools@7d0cd58 feat: update Go to 1.20.5
• siderolabs/tools@150efc2 chore: remove non needed tools
• siderolabs/tools@88ebb40 feat: add swtpm
• siderolabs/tools@4c5d7fe chore: use same source epoch everywhere
• siderolabs/tools@2e46e5b feat: add reproducibility pipelines
• siderolabs/tools@c6a41b6 fix: add sd-stub assertion patch
• siderolabs/tools@d2dde48 chore: bump deps
• siderolabs/tools@8e45ad7 feat: add sbsign
• siderolabs/tools@271c4a6 feat: add sd-tools
• siderolabs/tools@eedc294 chore: bump deps
• siderolabs/tools@81b09a5 feat: add libcap and gnuefi
• siderolabs/tools@47b0fd3 chore: bump go to 1.20.4
• siderolabs/tools@ff4cf2b chore: bump deps
• siderolabs/tools@1563556 feat: update Go to 1.20.3

Dependency Changes

• github.com/BurntSushi/toml v1.2.1 -> v1.3.2
• github.com/aws/aws-sdk-go v1.44.232 -> v1.44.287
• github.com/beevik/ntp v0.3.0 -> v1.1.1
• github.com/benbjohnson/clock v1.1.0 -> v1.3.5
• github.com/cenkalti/backoff/v4 v4.2.0 -> v4.2.1
• github.com/containerd/containerd v1.6.19 -> v1.6.21
• github.com/containerd/typeurl/v2 v2.1.1 new
• github.com/containernetworking/plugins v1.2.0 -> v1.3.0
• github.com/cosi-project/runtime v0.3.0 -> v0.3.1-alpha.5
• github.com/docker/distribution v2.8.1 -> v2.8.2
• github.com/docker/docker v23.0.2 -> v24.0.2
• github.com/ecks/uefi caef65d070eb new
• github.com/emicklei/dot v1.4.2 -> v1.5.0
• github.com/hetznercloud/hcloud-go v1.41.0 -> v1.47.0
• github.com/insomniacslk/dhcp 74ae03f2425e -> b20c9ba983df
• github.com/jsimonetti/rtnetlink v1.3.1 -> v1.3.3
• github.com/mattn/go-isatty v0.0.18 -> v0.0.19
• github.com/mdlayher/ethtool ba3b4bc2e02c -> v0.1.0
• github.com/mdlayher/genetlink v1.3.1 -> v1.3.2
• github.com/mdlayher/netlink v1.7.1 -> v1.7.2
• github.com/mdlayher/netx c711c2f8512f -> 7e21880baee8
• github.com/nberlee/go-netstat v0.1.1 -> v0.1.2
• github.com/opencontainers/image-spec v1.1.0-rc2 -> v1.1.0-rc3
• github.com/packethost/packngo v0.29.0 -> v0.30.0
• github.com/prometheus/procfs v0.9.0 -> v0.11.0
• github.com/rivo/tview 281d14d896d7 -> 6cc0565babaf
• github.com/rs/xid v1.4.0 -> v1.5.0
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.15 -> v1.0.0-beta.17
• github.com/siderolabs/discovery-api v0.1.2 -> v0.1.3
• github.com/siderolabs/discovery-client v0.1.4 -> v0.1.5
• github.com/siderolabs/extras v1.4.0-1-g9b07505 -> v1.5.0-alpha.0-1-ga73d524
• github.com/siderolabs/gen v0.4.3 -> v0.4.5
• github.com/siderolabs/go-blockdevice v0.4.4 -> v0.4.5
• github.com/siderolabs/go-kubernetes v0.2.0 -> v0.2.1
• github.com/siderolabs/go-loadbalancer v0.2.1 -> v0.3.1
• github.com/siderolabs/pkgs v1.4.1-5-ga333a84 -> v1.5.0-alpha.0-28-gedd725a
• github.com/siderolabs/talos/pkg/machinery v1.4.0 -> v1.5.0-alpha.1
• github.com/siderolabs/tools v1.4.0-1-g955aabc -> v1.5.0-alpha.0-14-ge0c76c0
• github.com/spf13/cobra v1.6.1 -> v1.7.0
• github.com/stretchr/testify v1.8.2 -> v1.8.4
• github.com/vmware-tanzu/sonobuoy v0.56.16 -> v0.56.17
• go.etcd.io/etcd/api/v3 v3.5.8 -> v3.5.9
• go.etcd.io/etcd/client/pkg/v3 v3.5.8 -> v3.5.9
• go.etcd.io/etcd/client/v3 v3.5.8 -> v3.5.9
• go.etcd.io/etcd/etcdutl/v3 v3.5.8 -> v3.5.9
• golang.org/x/net v0.8.0 -> v0.11.0
• golang.org/x/sync v0.1.0 -> v0.3.0
• golang.org/x/sys v0.6.0 -> v0.9.0
• golang.org/x/term v0.6.0 -> v0.9.0
• golang.org/x/text v0.10.0 new
• golang.zx2c4.com/wireguard/wgctrl 9c5414ab4bde -> 925a1e7659e6
• google.golang.org/grpc v1.54.0 -> v1.56.1
• k8s.io/api v0.27.1 -> v0.27.3
• k8s.io/apimachinery v0.27.1 -> v0.27.3
• k8s.io/apiserver v0.27.1 -> v0.27.3
• k8s.io/client-go v0.27.1 -> v0.27.3
• k8s.io/component-base v0.27.1 -> v0.27.3
• k8s.io/cri-api v0.27.1 -> v0.27.3
• k8s.io/klog/v2 v2.90.1 -> v2.100.1
• k8s.io/kubectl v0.27.1 -> v0.27.3
• k8s.io/kubelet v0.27.1 -> v0.27.3
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.68 -> v1.2.69

Previous release can be found at v1.4.0

Images

ghcr.io/siderolabs/flannel:v0.22.0
ghcr.io/siderolabs/install-cni:v1.5.0-alpha.0-1-ga73d524
registry.k8s.io/coredns/coredns:v1.10.1
gcr.io/etcd-development/etcd:v3.5.9
registry.k8s.io/kube-apiserver:v1.27.3
registry.k8s.io/kube-controller-manager:v1.27.3
registry.k8s.io/kube-scheduler:v1.27.3
registry.k8s.io/kube-proxy:v1.27.3
ghcr.io/siderolabs/kubelet:v1.27.3
ghcr.io/siderolabs/installer:v1.5.0-alpha.1
registry.k8s.io/pause:3.6

Talos 1.4.5 (2023-05-30)

Welcome to the v1.4.5 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

• Linux: 6.1.30
• etcd: 3.5.9
• Kubernetes: 1.27.2

Contributors

• Andrey Smirnov

Changes

• siderolabs/talos@45679b0e1 release(v1.4.5): prepare release
• siderolabs/talos@d522db5e0 chore: update go-kubernetes to v0.2.1
• siderolabs/talos@cdc9ad889 fix: fail quickly if upgrade-k8s is used with multiple nodes
• siderolabs/talos@b5b39f99b fix: fall back to external IP when discovering nodes in upgrade-k8s
• siderolabs/talos@a89c9d201 fix: race with udevd and mountUserDisks
• siderolabs/talos@9abd00564 feat: update default Kubernetes to v1.27.2
• siderolabs/talos@d249b14d0 fix: refresh kubelet self-issued serving certificates
• siderolabs/talos@abfb534a2 feat: update etcd to v3.5.9
• siderolabs/talos@4b7083fc9 chore: re-enable Go buildid
• siderolabs/talos@65a58c8ac feat: update Linux to 6.1.30
• siderolabs/talos@4393b624d fix: correct upgrade Talos version check

Changes from siderolabs/go-kubernetes

• siderolabs/go-kubernetes@5a3df5b fix: remove removed APIs for 1.27 upgrade

Changes from siderolabs/pkgs

• siderolabs/pkgs@3e75ce2 feat: update Linux to 6.1.30

Dependency Changes

• github.com/siderolabs/go-kubernetes v0.2.0 -> v0.2.1
• github.com/siderolabs/pkgs v1.4.1-10-g6d90f68 -> v1.4.1-11-g3e75ce2
• github.com/siderolabs/talos/pkg/machinery v1.4.4 -> v1.4.5
• go.etcd.io/etcd/api/v3 v3.5.8 -> v3.5.9
• go.etcd.io/etcd/client/pkg/v3 v3.5.8 -> v3.5.9
• go.etcd.io/etcd/client/v3 v3.5.8 -> v3.5.9
• go.etcd.io/etcd/etcdutl/v3 v3.5.8 -> v3.5.9
• k8s.io/api v0.27.1 -> v0.27.2
• k8s.io/apimachinery v0.27.1 -> v0.27.2
• k8s.io/apiserver v0.27.1 -> v0.27.2
• k8s.io/client-go v0.27.1 -> v0.27.2
• k8s.io/component-base v0.27.1 -> v0.27.2
• k8s.io/kubectl v0.27.1 -> v0.27.2
• k8s.io/kubelet v0.27.1 -> v0.27.2

Previous release can be found at v1.4.4

Images

ghcr.io/siderolabs/flannel:v0.21.4
ghcr.io/siderolabs/install-cni:v1.4.0-1-g9b07505
docker.io/coredns/coredns:1.10.1
gcr.io/etcd-development/etcd:v3.5.9
registry.k8s.io/kube-apiserver:v1.27.2
registry.k8s.io/kube-controller-manager:v1.27.2
registry.k8s.io/kube-scheduler:v1.27.2
registry.k8s.io/kube-proxy:v1.27.2
ghcr.io/siderolabs/kubelet:v1.27.2
ghcr.io/siderolabs/installer:v1.4.5
registry.k8s.io/pause:3.6

Talos 1.5.0-alpha.0 (2023-05-19)

Welcome to the v1.5.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

• Linux: 6.1.28
• containerd: 1.6.21
• runc: 1.1.7
• etcd: 3.5.9
• Kubernetes: 1.27.2

Talos is built with Go 1.20.4.

Contributors

• Andrey Smirnov
• Noel Georgi
• Utku Ozdemir
• Dmitriy Matrenichev
• Steve Francis
• Budiman Jojo
• Christian Rolland
• Henk Kraal
• Michael A. Davis
• Michael Fornaro
• Nico Berlee
• Niklas Wik
• Ricky Sadowski
• Thomas Perronin

Changes

• siderolabs/talos@eba818564 release(v1.5.0-alpha.0): prepare release
• siderolabs/talos@383471c3e feat: update default Kubernetes to v1.27.2
• siderolabs/talos@8f68d1abe chore: bump deps
• siderolabs/talos@e0c1585d3 feat: create azure community gallery image version on release
• siderolabs/talos@dd8336c9e fix: refresh kubelet self-issued serving certificates
• siderolabs/talos@bb02dd263 chore: drop deprecated stuff for Talos 1.5
• siderolabs/talos@61cad8673 chore: bump deps
• siderolabs/talos@01dfd3af7 feat: update etcd to v3.5.9
• siderolabs/talos@aa65fbb8a chore: update KUBECTL_URL to reflect the community bucket
• siderolabs/talos@cc3128d94 chore: bump kernel to 6.1.28
• siderolabs/talos@97fffaf78 chore: use ctest.UpdateWithConflicts instead of plain UpdateWithConflicts
• siderolabs/talos@3b36993b9 fix: rlimit nofile test
• siderolabs/talos@45e6e27af chore: bump runtime
• siderolabs/talos@4f720d465 fix: revert: set rlimit explicitly in wrapperd
• siderolabs/talos@a2565f674 fix: set rlimit explicitly in wrapperd
• siderolabs/talos@cdfc242b8 chore: re-enable Go buildid
• siderolabs/talos@e67f3f5c5 feat: linux 6.1.27, containerd 1.6.21, go 1.20.4
• siderolabs/talos@55ae59a0a fix: properly skip/cleanup controlplane configs for workers
• siderolabs/talos@64eade9bd chore: clean up unused constant
• siderolabs/talos@62c6e9655 feat: introduce siderolink config resource & reconnect
• siderolabs/talos@860002c73 fix: don't reload control plane pods on cert SANs changes
• siderolabs/talos@d43c61e80 fix: enforce nolock option for all NFS mounts by default
• siderolabs/talos@339986db9 fix: inhibit timer to follow kubelet timer
• siderolabs/talos@cbf6dc100 fix: set timeout for unmount calls
• siderolabs/talos@b58f913d5 fix: set the static pod priority as values
• siderolabs/talos@f8a7a5b6b docs: add information about KubeSpan ports and topology
• siderolabs/talos@2bad74d64 docs: add how to on scaling down
• siderolabs/talos@7442ff8b0 chore: fix typos inteface -> interface (docs and tests)
• siderolabs/talos@d4e94f7a1 fix: add back required TARGETARCH for installer
• siderolabs/talos@e6fffda01 chore: linux 6.1.26, runc 1.1.7
• siderolabs/talos@344746ae2 fix: bump max inhibit delay to 20 min
• siderolabs/talos@d9bdea2b5 chore: fork docs and compatibility modules for Talos 1.5
• siderolabs/talos@3d99610fc docs: document building, verifying image and process caps
• siderolabs/talos@014008ea2 fix: udevd rules trigger
• siderolabs/talos@9b36bb613 feat: update Linux to 6.1.25, fix virtio on arm64
• siderolabs/talos@08ec66c55 feat: clean up (garbage collect) system images which are not referenced
• siderolabs/talos@b097efcde fix: display correct number of machines on dashboard
• siderolabs/talos@cad43f0ad chore: remove k8s master label
• siderolabs/talos@e296a566e fix: support kernel userspace module loading
• siderolabs/talos@103f0ffdd feat: add startup probes to controller-manager and scheduler
• siderolabs/talos@5a1ae8aae chore: bump dependences
• siderolabs/talos@ec8c8dbaf chore: fix container image reproducibility
• siderolabs/talos@f661d8487 fix: allow talosctl cp to handle special files in /proc
• siderolabs/talos@2d824b563 fix: do not show control plane status for workers on dashboard
• siderolabs/talos@e5491ddad docs: update documentation for nocloud
• siderolabs/talos@7a004a6f7 fix: parse errors correctly
• siderolabs/talos@374ef5385 test: submit verbose flag to e2e tests
• siderolabs/talos@e1d38b6fe feat: show template URL in dashboard config URL tab
• siderolabs/talos@45d7f0ce9 docs: fix the latest url
• siderolabs/talos@96efbf147 docs: activate 1.4.0 docs by default
• siderolabs/talos@8c1f515b1 feat: update Linux to 6.1.24
• siderolabs/talos@8689bef5f docs: update documentation for Talos 1.4
• siderolabs/talos@a781dfb8e feat: update Kubernetes to 1.27.1
• siderolabs/talos@a737dd83a chore: typo in compatibility.ParseKubernetesVersion
• siderolabs/talos@f14928b0a fix: fix dashboard crash when a non-existent node is specified
• siderolabs/talos@3e406d9b0 feat: update etcd to v3.5.8
• siderolabs/talos@bd1cff3e8 chore: remove Go buildid
• siderolabs/talos@e31f7f50b feat: update Kubernetes to 1.27.0
• siderolabs/talos@aa3640d74 docs: update storage.md
• siderolabs/talos@07bb61e60 chore: module-sig-verify cleanup
• siderolabs/talos@5e9d836c3 chore: add kernel module signtaure verification
• siderolabs/talos@3cd1c6bb0 fix: send 'STOP' event on phase end
• siderolabs/talos@5176d27dc feat: update Kubernetes to 1.27.0-rc.1
• siderolabs/talos@2c55550a6 fix: quote ISO kernel args for GRUB
• siderolabs/talos@319d76e38 fix: respect BROWSER=echo in client auth interceptor
• siderolabs/talos@4e4ace839 chore: update Go to 1.20.3
• siderolabs/talos@170f73899 fix: correctly parse static pod phase
• siderolabs/talos@c3a595d5b fix: improve action tracking post checks
• siderolabs/talos@eb01edbc8 fix: rework DHCP flow
• siderolabs/talos@e095150a6 test: bump CAPI components versions

Changes from siderolabs/extras

• siderolabs/extras@36c8ac4 chore: update to Go 1.20.3

Changes from siderolabs/gen

• siderolabs/gen@f9f5805 chore: bump rekres and add functions from exp
• siderolabs/gen@b968d21 feat: add TryRecv and RecvWithContext functions
• siderolabs/gen@476dfea feat: add foreach and clear to lazymap

Changes from siderolabs/go-blockdevice

• siderolabs/go-blockdevice@076874a chore: resolve blockdevice symlinks

Changes from siderolabs/go-loadbalancer

• siderolabs/go-loadbalancer@f3a0e24 fix: use SO_LINGER option when doing TCP healthchecks

Changes from siderolabs/pkgs

• siderolabs/pkgs@702d7a7 chore: bump deps
• siderolabs/pkgs@7958db1 chore: copy over sd-boot and sd-stub from tools
• siderolabs/pkgs@813b3c3 chore: revert xfsprogs
• siderolabs/pkgs@0cc78ab chore: bump kernel to 6.1.28
• siderolabs/pkgs@70189e3 chore: bump deps
• siderolabs/pkgs@c5d3bf1 feat: add sd-stub and sd-boot
• siderolabs/pkgs@30a7ac2 feat: update Linux 6.1.27, containerd 1.6.21
• siderolabs/pkgs@fbc6ee5 chore: bump deps
• siderolabs/pkgs@82b9489 chore: bump dependencies
• siderolabs/pkgs@f37e520 feat: update Linux to 6.1.25
• siderolabs/pkgs@3920b16 feat: add multi-gen LRU kernel support
• siderolabs/pkgs@988f1ec feat: update Linux to 6.1.24
• siderolabs/pkgs@5327d12 fix: remove FB_NVIDIA drivers, Linux 6.1.23
• siderolabs/pkgs@4eae958 chore: copy over the kernel signing public key
• siderolabs/pkgs@174f8fc chore: update Go to 1.20.3
• siderolabs/pkgs@41629b0 chore: reorder pkgs for better kernel caching
• siderolabs/pkgs@b483a6b feat: build 'snp.efi' for iPXE
• siderolabs/pkgs@fb853ff feat: update containerd to 1.6.20

Changes from siderolabs/tools

• siderolabs/tools@d2dde48 chore: bump deps
• siderolabs/tools@8e45ad7 feat: add sbsign
• siderolabs/tools@271c4a6 feat: add sd-tools
• siderolabs/tools@eedc294 chore: bump deps
• siderolabs/tools@81b09a5 feat: add libcap and gnuefi
• siderolabs/tools@47b0fd3 chore: bump go to 1.20.4
• siderolabs/tools@ff4cf2b chore: bump deps
• siderolabs/tools@1563556 feat: update Go to 1.20.3

Dependency Changes

• github.com/aws/aws-sdk-go v1.44.232 -> v1.44.264
• github.com/beevik/ntp v0.3.0 -> v1.0.0
• github.com/benbjohnson/clock v1.1.0 -> v1.3.5
• github.com/cenkalti/backoff/v4 v4.2.0 -> v4.2.1
• github.com/containerd/containerd v1.6.19 -> v1.6.20
• github.com/containerd/typeurl/v2 v2.1.1 new
• github.com/containernetworking/plugins v1.2.0 -> v1.3.0
• github.com/cosi-project/runtime v0.3.0 -> 82b69d862a7a
• github.com/docker/docker v23.0.2 -> v23.0.6
• github.com/hetznercloud/hcloud-go v1.41.0 -> v1.45.1
• github.com/insomniacslk/dhcp 74ae03f2425e -> 49801966e6cb
• github.com/jsimonetti/rtnetlink v1.3.1 -> v1.3.3
• github.com/mdlayher/genetlink v1.3.1 -> v1.3.2
• github.com/mdlayher/netlink v1.7.1 -> v1.7.2
• github.com/mdlayher/netx c711c2f8512f -> 7e21880baee8
• github.com/nberlee/go-netstat v0.1.1 -> v0.1.2
• github.com/opencontainers/image-spec v1.1.0-rc2 -> v1.1.0-rc3
• github.com/rivo/tview 281d14d896d7 -> 822bd067b165
• github.com/rs/xid v1.4.0 -> v1.5.0
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.15 -> v1.0.0-beta.16
• github.com/siderolabs/extras v1.4.0-1-g9b07505 -> v1.5.0-alpha.0
• github.com/siderolabs/gen v0.4.3 -> v0.4.5
• github.com/siderolabs/go-blockdevice v0.4.4 -> v0.4.5
• github.com/siderolabs/go-loadbalancer v0.2.1 -> v0.2.2
• github.com/siderolabs/pkgs v1.4.1-5-ga333a84 -> v1.5.0-alpha.0-17-g702d7a7
• github.com/siderolabs/talos/pkg/machinery v1.4.0 -> v1.5.0-alpha.0
• github.com/siderolabs/tools v1.4.0-1-g955aabc -> v1.5.0-alpha.0-7-gd2dde48
• github.com/spf13/cobra v1.6.1 -> v1.7.0
• go.etcd.io/etcd/api/v3 v3.5.8 -> v3.5.9
• go.etcd.io/etcd/client/pkg/v3 v3.5.8 -> v3.5.9
• go.etcd.io/etcd/client/v3 v3.5.8 -> v3.5.9
• go.etcd.io/etcd/etcdutl/v3 v3.5.8 -> v3.5.9
• golang.org/x/net v0.8.0 -> v0.10.0
• golang.org/x/sync v0.1.0 -> v0.2.0
• golang.org/x/sys v0.6.0 -> v0.8.0
• golang.org/x/term v0.6.0 -> v0.8.0
• golang.zx2c4.com/wireguard/wgctrl 9c5414ab4bde -> 925a1e7659e6
• google.golang.org/grpc v1.54.0 -> v1.55.0
• k8s.io/api v0.27.1 -> v0.27.2
• k8s.io/apimachinery v0.27.1 -> v0.27.2
• k8s.io/apiserver v0.27.1 -> v0.27.2
• k8s.io/client-go v0.27.1 -> v0.27.2
• k8s.io/component-base v0.27.1 -> v0.27.2
• k8s.io/klog/v2 v2.90.1 -> v2.100.1
• k8s.io/kubectl v0.27.1 -> v0.27.2
• k8s.io/kubelet v0.27.1 -> v0.27.2
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.68 -> v1.2.69

Previous release can be found at v1.4.0

Images

ghcr.io/siderolabs/flannel:v0.21.4
ghcr.io/siderolabs/install-cni:v1.5.0-alpha.0
docker.io/coredns/coredns:1.10.1
gcr.io/etcd-development/etcd:v3.5.9
registry.k8s.io/kube-apiserver:v1.27.2
registry.k8s.io/kube-controller-manager:v1.27.2
registry.k8s.io/kube-scheduler:v1.27.2
registry.k8s.io/kube-proxy:v1.27.2
ghcr.io/siderolabs/kubelet:v1.27.2
ghcr.io/siderolabs/installer:v1.5.0-alpha.0
registry.k8s.io/pause:3.6

Talos 1.4.4 (2023-05-12)

Welcome to the v1.4.4 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Fixes

This release fixes a bug that was introduced in Talos v1.4.2 and Talos v1.4.3 by updating Go to 1.20.4 which sets the default file rlimit to 1024.

See: #7198

Component Updates

• Linux: 6.1.28

Contributors

• Noel Georgi

Changes

• siderolabs/talos@168114fc1 release(v1.4.4): prepare release
• siderolabs/talos@c2220996d fix: rlimit nofile test
• siderolabs/talos@efc9f3a1d feat: bump x/sys to v0.8.0
• siderolabs/talos@cfa913270 chore: bump kernel to 6.1.28
• siderolabs/talos@779febfb9 fix: revert: set rlimit explicitly in wrapperd

Changes from siderolabs/pkgs

• siderolabs/pkgs@6d90f68 chore: bump kernel to 6.1.28

Dependency Changes

• github.com/siderolabs/pkgs v1.4.1-9-g4b22054 -> v1.4.1-10-g6d90f68
• github.com/siderolabs/talos/pkg/machinery v1.4.3 -> v1.4.4
• golang.org/x/sys v0.6.0 -> v0.8.0

Previous release can be found at v1.4.3

Images

ghcr.io/siderolabs/flannel:v0.21.4
ghcr.io/siderolabs/install-cni:v1.4.0-1-g9b07505
docker.io/coredns/coredns:1.10.1
gcr.io/etcd-development/etcd:v3.5.8
registry.k8s.io/kube-apiserver:v1.27.1
registry.k8s.io/kube-controller-manager:v1.27.1
registry.k8s.io/kube-scheduler:v1.27.1
registry.k8s.io/kube-proxy:v1.27.1
ghcr.io/siderolabs/kubelet:v1.27.1
ghcr.io/siderolabs/installer:v1.4.4
registry.k8s.io/pause:3.6

Talos 1.4.3 (2023-05-10)

Welcome to the v1.4.3 release of Talos!

NOTE: This release has a known issue that the workload nofile rlimit is set to a low value of 1024

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Fixes

This release fixes a bug that was introduced in Talos v1.4.2 by updating Go to 1.20.4 which sets the default file rlimit to 1024.

See: #7198

Contributors

• Noel Georgi

Changes

• siderolabs/talos@a2cc92b8a release(v1.4.3): prepare release
• siderolabs/talos@1ad8b7448 fix: set rlimit explicitly in wrapperd

Dependency Changes

• github.com/siderolabs/talos/pkg/machinery v1.4.2 -> v1.4.3

Previous release can be found at v1.4.2

Images

ghcr.io/siderolabs/flannel:v0.21.4
ghcr.io/siderolabs/install-cni:v1.4.0-1-g9b07505
docker.io/coredns/coredns:1.10.1
gcr.io/etcd-development/etcd:v3.5.8
registry.k8s.io/kube-apiserver:v1.27.1
registry.k8s.io/kube-controller-manager:v1.27.1
registry.k8s.io/kube-scheduler:v1.27.1
registry.k8s.io/kube-proxy:v1.27.1
ghcr.io/siderolabs/kubelet:v1.27.1
ghcr.io/siderolabs/installer:v1.4.3
registry.k8s.io/pause:3.6

Talos 1.4.2 (2023-05-08)

Welcome to the v1.4.2 release of Talos!

NOTE: This release has a known issue that the workload nofile rlimit is set to a low value of 1024

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

• Linux: 6.1.27
• containerd: 1.6.21
• runc: 1.1.7

Talos is built with Go 1.20.4.

Contributors

• Andrey Smirnov
• Michael A. Davis
• Niklas Wik
• Noel Georgi
• Utku Ozdemir

Changes

• siderolabs/talos@6f1d7ae9c release(v1.4.2): prepare release
• siderolabs/talos@2652fce90 fix: properly skip/cleanup controlplane configs for workers
• siderolabs/talos@0097a67e5 feat: introduce siderolink config resource & reconnect
• siderolabs/talos@3da5aa945 fix: don't reload control plane pods on cert SANs changes
• siderolabs/talos@447838243 fix: enforce nolock option for all NFS mounts by default
• siderolabs/talos@e2979fb4d fix: inhibit timer to follow kubelet timer
• siderolabs/talos@476dccfb0 fix: set timeout for unmount calls
• siderolabs/talos@ebca8496a fix: set the static pod priority as values
• siderolabs/talos@05f65f1d8 fix: add back required TARGETARCH for installer
• siderolabs/talos@8a8fc5f7a feat: Linux 6.1.27, containerd 1.6.21, runc 1.1.7

Changes from siderolabs/pkgs

• siderolabs/pkgs@4b22054 feat: linux 6.1.27, runc 1.1.7, containerd 1.6.21

Changes from siderolabs/tools

• siderolabs/tools@5d0e9ab chore: bump go to 1.20.4

Dependency Changes

• github.com/containerd/containerd v1.6.19 -> v1.6.21
• github.com/opencontainers/image-spec v1.1.0-rc2 -> 3a7f492d3f1b
• github.com/siderolabs/pkgs v1.4.1-8-g0657493 -> v1.4.1-9-g4b22054
• github.com/siderolabs/talos/pkg/machinery v1.4.1 -> v1.4.2
• github.com/siderolabs/tools v1.4.0-1-g955aabc -> v1.4.0-2-g5d0e9ab

Previous release can be found at v1.4.1

Images

ghcr.io/siderolabs/flannel:v0.21.4
ghcr.io/siderolabs/install-cni:v1.4.0-1-g9b07505
docker.io/coredns/coredns:1.10.1
gcr.io/etcd-development/etcd:v3.5.8
registry.k8s.io/kube-apiserver:v1.27.1
registry.k8s.io/kube-controller-manager:v1.27.1
registry.k8s.io/kube-scheduler:v1.27.1
registry.k8s.io/kube-proxy:v1.27.1
ghcr.io/siderolabs/kubelet:v1.27.1
ghcr.io/siderolabs/installer:v1.4.2
registry.k8s.io/pause:3.6