talos | Kubernetes Ecosystem Directory

Bot releases are visible (Hide)

talos - v1.3.0-beta.1

Published by smira almost 2 years ago

Talos 1.3.0-beta.1 (2022-12-08)

Welcome to the v1.3.0-beta.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

kube-apiserver Audit Policy

Talos now supports setting custom audit policy for kube-apiserver in the machine configuration.

cgroups v1

Talos defaults to using cgroups v2 when Talos doesn't run in a container (when running in a container
Talos follows host cgroups mode).
Talos can now be forced to use cgroups v1 by setting boot kernel argument talos.unified_cgroup_hierarchy=0:

machine:
  install:
    extraKernelArgs:
      - "talos.unified_cgroup_hierarchy=0"

Current cgroups mode can be checked with talosctl ls /sys/fs/cgroup:

cgroups v1:

blkio
cpu
cpuacct
cpuset
devices
freezer
hugetlb
memory
net_cls
net_prio
perf_event
pids

cgroups v2:

cgroup.controllers
cgroup.max.depth
cgroup.max.descendants
cgroup.procs
cgroup.stat
cgroup.subtree_control
cgroup.threads
cpu.stat
cpuset.cpus.effective
cpuset.mems.effective
init
io.stat
kubepods
memory.numa_stat
memory.stat
podruntime
system

Note: cgroupsv1 is deprecated and it should be used only for compatibility with workloads which don't support cgroupsv2 yet.

Kernel Command Line ip= Argument

Talos now supports referencing interface name via enxMAC address notation:

ip=172.20.0.2::172.20.0.1:255.255.255.0::enx7085c2dfbc59

CRI Configuration Overrides

Talos no longer supports CRI config overrides placed in /var/cri/conf.d directory.

New way correctly handles merging of containerd/CRI plugin configuration.

etcd Consistency Check

Talos enables --experimental-compact-hash-check-enabled option by default to improve
etcd store consistency guarantees.

This options is only available with etcd >= v3.5.5, so Talos doesn't support version of etcd before v3.5.5.

etcd Member ID

Talos now internally handles etcd member removal by member ID instead of member name (hostname).
This resolves the case when member name is not accurate or empty (eg: when etcd hasn't fully joined yet).

Command talosctl etcd remove-member now accepts member IDs instead of member names.

New resource can be used to get member ID of the Talos node:

talosctl get etcdmember

Exocale Platform

Talos now supports new platform: Exoscale.

Exoscale provides a firewall, TCP load balancer and autoscale groups.
It works well with CCM and Kubernetes node autoscaler.

Kernel Modules

Talos now supports settings kernel module parameters.

Eg:

machine:
  kernel:
    modules:
      - name: "br_netfilter"
        parameters:
          - nf_conntrack_max=131072

KubeSpan

KubeSpan MTU link size is now configurable via network.kubespan.mtu setting in the machine configuration.

Node Labels

Talos now supports specifying node labels in the machine configuration:

machine:
  nodeLabels:
    rack: rack1a
    zone: us-east-1a

Changes to the node labels will be applied immediately without kubelet restart.

Talos keeps track of the owned node labels in the talos.dev/owned-labels annotation.

Registry Mirrors

Talos had an inconsistency in the way registry mirror endpoints are handled when compared with containerd implementation:

machine:
    registries:
        mirrors:
            docker.io:
                endpoints:
                    - "https://mirror-registry/v2/mirror.docker.io"

Talos would use endpoint https://mirror-registry/v2/mirror.docker.io, while containerd would use https://mirror-registry/v2/mirror.docker.io/v2.
This inconsistency is now fixed, and Talos uses same endpoint as containerd.

New overridePath configuration is introduced to skip appending /v2 both on Talos and containerd side:

machine:
    registries:
        mirrors:
            docker.io:
                endpoints:
                    - "https://mirror-registry/v2/mirror.docker.io"
                overridePath: true

registry.k8s.io

Talos now uses registry.k8s.io instead of k8s.gcr.io for Kubernetes container images.

See Kubernetes documentation for additional details.

If using registry mirrors, or in air-gapped installations you may need to update your configuration.

Routes

Talos now supports setting MTU for a specific route.

Nano Pi R4S

Talos now supports the Nano Pi R4S SBC.

Raspberry Generic Images

The Raspberry Pi 4 specific image has been deprecated and will be removed in the v1.4 release of Talos.
Talos now ships a generic Raspberry Pi image that should support more Raspberry Pi variants.
Refer to the docs at https://www.talos.dev/v1.3/talos-guides/install/single-board-computers/rpi_generic/ to find which ones are supported.

Encryption with secretbox

By default new clusters will use secretbox for encryption instead of AESCBC.
If both are configured secretbox will take precedence.
Old clusters may keep using AESCBC.
To enable secretbox you may add an encryption secret at cluster.secretboxEncryptionSecret.
You should keep aescbcEncryptionSecret however, even if secretbox is enabled older data will still be encrypted with AESCBC.

How to generate the secret:

dd if=/dev/random of=/dev/stdout bs=32 count=1 | base64

Static Pod Manifests

The directory "/etc/kubernetes/manifests" is now deprecated.
Static pods should always be configured in machine.pods.
To reenable support you may set machine.kubelet.disableManifestsDirectory.

Eg:

machine:
  kubelet:
    disableManifestsDirectory: no

talosctl machineconfig patch

A new subcommand, machineconfig patch is added to talosctl to allow patching of machine configuration.

It accepts a machineconfig file and a list of patches as input and outputs the patched machine configuration.

Patches can be sourced from the command line or from a file. Output can be written to a file or to stdout.

Example:

talosctl machineconfig patch controlplane.yaml --patch '[{"op":"replace","path":"/cluster/clusterName","value":"patch1"}]' --patch @/path/to/patch2.json

Additionally, talosctl machineconfig gen subcommand is introduced as an alias to talosctl gen config.

Component Updates

Kubernetes: v1.26.0-rc.1
Flannel: v0.20.2
CoreDNS: v1.10.0
etcd: v3.5.6
Linux: 5.15.81
containerd: v1.6.11

Talos is built with Go 1.19.4.

Contributors

Andrey Smirnov
Noel Georgi
Andrey Smirnov
Michal Witkowski
Artem Chernyshev
Artem Chernyshev
Dmitriy Matrenichev
Serge Logvinov
Alexey Palazhchenko
Utku Ozdemir
Andrey Smirnov
Philipp Sauter
Steve Francis
Andrew Rynhard
Andrew Rynhard
Tim Jones
Seán C McCord
Kris Reeves
Marvin Drees
Spencer Smith
Alexandre Mclean
Branden Cash
Brandon Nason
Cameron Brunner
DJAlPee
Daniel Low
Gerard de Leeuw
Jack Wink
Jon Stelly
Martin Stone
Matt Zahorik
Maxim Makarov
Michael Vorburger ⛑️
Olli Janatuinen
Pau Campana
Rubens Farias
Sander Maijers
Spencer Smith
ankitm123
emattiza
killcity

Changes

siderolabs/talos@09da90f66 release(v1.3.0-beta.1): prepare release
siderolabs/talos@91844709e chore: disable single commit check
siderolabs/talos@a9673efa1 chore: remove watchErr from metal.getResource
siderolabs/talos@0bdec81ca fix: fix nil pointer panic and incorrect error output
siderolabs/talos@bce132f14 fix: workaround panic in the kubelet service controller
siderolabs/talos@e47e74452 fix: add ext4 filesystem detection
siderolabs/talos@2d03ef401 docs: expand help for 'talosctl get'
siderolabs/talos@810a550f1 fix: report errors to Equinix Metal event API
siderolabs/talos@1f382d8f7 fix: use only kube-apiserver endpoints for Talos API access endpoints
siderolabs/talos@44fce3073 feat: add talosctl machineconfig patch command
siderolabs/talos@89882dd2d fix: introduce 'overridePath' setting and fix Talos resolver
siderolabs/talos@1e520afbb fix: ignore many more filesystems in IMA
siderolabs/talos@2964b9327 fix: correctly handle new watch event types
siderolabs/talos@c8968a701 feat: add stdout and single config type support to talosctl gen config
siderolabs/talos@a5fccddaa feat: update Kubernetes to v1.26.0-rc.1
siderolabs/talos@9012e679a feat: update Flannel to 0.20.2
siderolabs/talos@8c563ae28 chore: update Go to 1.19.4
siderolabs/talos@63adb708c chore: bump kernel to 5.15.81
siderolabs/talos@788d5c91e release(v1.3.0-beta.0): prepare release
siderolabs/talos@2ebe410e9 feat: update COSI to v0.2.0
siderolabs/talos@00388651b chore: bump pkgs and Go dependencies
siderolabs/talos@bbb56840e chore: update protobuf API descriptors for 1.3.0
siderolabs/talos@fdbd380f6 feat: use 'registry.k8s.io' for Kubernetes images
siderolabs/talos@1103c5ad2 feat: implement pre-flight checks in the installer
siderolabs/talos@4a052eadf fix: disable kexec on upgrades from pre-BTF kernel
siderolabs/talos@732c459ec fix: parse and apply DHCP settings properly from cmdline
siderolabs/talos@a9e9d71b2 fix: parse correctly upgrade cmd force flag
siderolabs/talos@e85e64d6f docs: document metal-iso configuration method
siderolabs/talos@c27adbe54 docs: update getting started
siderolabs/talos@260684a93 chore: use build-container image for s3cmd
siderolabs/talos@ee7a4777a chore: bump dependencies
siderolabs/talos@49a4b1494 docs: clarify talosctl apply-config & talosctl get machineconfig
siderolabs/talos@a58c3d669 feat: hcloud location properties
siderolabs/talos@6bce06f62 feat: update etcd 3.5.6
siderolabs/talos@c54bea128 fix: don't publish external IPs as affiliate addresses
siderolabs/talos@54d9032ce test: fix log streaming for conformance tests
siderolabs/talos@e432579d4 feat: kubespan node endpoints filter
siderolabs/talos@6430ce1ef fix: limit SideroLink Wireguard link MTU to 1280
siderolabs/talos@1f1128028 chore: add flag to force talos cluster folder deletion
siderolabs/talos@d9c2c6f0a chore: update Kubernetes Go modules to 0.26.0-rc.1
siderolabs/talos@3d30ce6d7 feat: add util function to extract GRPC status from error
siderolabs/talos@9e44341c4 release(v1.3.0-alpha.2): prepare release
siderolabs/talos@aa56aed79 feat: publish discovered public IP as one of the KubeSpan endpoint
siderolabs/talos@9382443ba feat: update Kubernetes to v1.26.0-rc.0
siderolabs/talos@6ffc381c5 feat: implement CRI configuration customization
siderolabs/talos@e1e340bdd feat: expose Talos node labels as a machine configuration field
siderolabs/talos@c78bbbfda docs: specify that only XFS partitions are detected
siderolabs/talos@b881a9a79 chore: bump dependencies
siderolabs/talos@5bfd7dbfa test: fix assertion on reboot test
siderolabs/talos@1cfb6188b feat: implement support for cgroupsv1
siderolabs/talos@3866d0e33 feat: update Kubernetes to v1.26.0-beta.0
siderolabs/talos@e1590ba7b fix: lifecycle action tracking
siderolabs/talos@804762c59 feat: add timeout to cli action tracking, track by default & refactor
siderolabs/talos@4e114ca12 feat: use the etcd member id for etcd operations instead of hostname
siderolabs/talos@06fea2441 feat: expand platform metadata resources
siderolabs/talos@03a20da9d fix: filter up duplicate IPs out of NodeAddresses
siderolabs/talos@6b771bc73 chore: bump deps
siderolabs/talos@96aa9638f chore: rename talos-systems/talos to siderolabs/talos
siderolabs/talos@30bbf6463 refactor: use siderolabs/net version with netip.Addr
siderolabs/talos@343c55762 chore: replace talos-systems Go modules with siderolabs
siderolabs/talos@0301bbe93 fix: check if processes is nil to avoid panic
siderolabs/talos@08e7e49a2 test: update versions for upgrade tests
siderolabs/talos@0b41923c3 fix: restore the StaticPodStatus resource
siderolabs/talos@1947092ae chore: introduce a healthcheck for machined service
siderolabs/talos@3333cd93c fix: generate correct Flannel config for IPv6-only clusters
siderolabs/talos@d7070f5e7 release(v1.3.0-alpha.1): prepare release
siderolabs/talos@869f3b5a5 feat: network configuration improvements on the OpenStack platform
siderolabs/talos@29f2195e1 feat: support exoscale cloud
siderolabs/talos@8b4ae08d1 fix: etcd snapshot command on Windows
siderolabs/talos@8bfa7ac1d feat: platform metadata resource
siderolabs/talos@7e50e24c0 fix: properly cleanup legacy static pod manifests directory
siderolabs/talos@6ee47bcc6 fix: support serving config for qemu launcher on IPv6
siderolabs/talos@6c3d11b49 docs: admission control patch note
siderolabs/talos@4ea3b99b5 fix: serve static pod files on 127.0.0.1 instead of localhost
siderolabs/talos@23842114f feat: support encryption with secretbox
siderolabs/talos@f6773c472 docs: talos support on equinix metal
siderolabs/talos@b307160f6 chore: bump dependencies
siderolabs/talos@d7edd0e2e refactor: use go-circular, go-kubeconfig, and go-tail
siderolabs/talos@c6e1702ec feat: use URL-based manifests to present static pods to the kubelet
siderolabs/talos@136a795e5 docs: update system requirements to mention dedicated disk usage
siderolabs/talos@879e8c0bf chore: update kernel with BTF support
siderolabs/talos@ceb0cd99a feat: implement Talos API auth using SideroV1 signatures
siderolabs/talos@e6fba7d3b chore: update dependencies
siderolabs/talos@93e55b85f chore: bump golangci-lint to v1.50.0
siderolabs/talos@aa3d9b4ca fix: regenerate cert on node labeling retry
siderolabs/talos@021c73c35 fix: lowercase nodename
siderolabs/talos@b902036e1 docs: update office hours time link
siderolabs/talos@7fcb8c681 feat: update Flannel to v0.20.0
siderolabs/talos@dc70d892a fix: support setting KubeSpan link MTU
siderolabs/talos@7d52bad37 feat: update Linux to 5.15.73
siderolabs/talos@9c78b3aff feat: update Kubernetes to v1.26.0-alpha.2
siderolabs/talos@94913a672 docs: add lofty to talos adopters
siderolabs/talos@0a0bdfe16 docs: add Tremor Video to adopters
siderolabs/talos@b7b1d4fd6 feat: use readonly containers
siderolabs/talos@d210338e3 fix: skip protobuf full unmarshaling for some talosctl commands
siderolabs/talos@b3c679d18 chore: bump dependencies
siderolabs/talos@993743f63 fix: skip hostname via DHCP on OpenStack platform
siderolabs/talos@db076e7b5 feat: pin interface by mac address in cmdline args
siderolabs/talos@63de93722 fix: update go-smbios to v0.3.1
siderolabs/talos@49e9f808e chore: bump kernel and go
siderolabs/talos@c7372144d docs: add constraints to upgrade docs
siderolabs/talos@c71c8ca18 docs: consolidate, simplify and correct various docs
siderolabs/talos@06f76bfeb chore: bump dependencies
siderolabs/talos@b1c421b9a chore: publish ami's with imds v2 enabled
siderolabs/talos@195c40ab5 docs: add information about applicable use cases of disk encryption
siderolabs/talos@54a687fb8 docs: consolidate and expand on discovery service
siderolabs/talos@139c62d76 feat: allow upgrades in maintenance mode (only over SideroLink)
siderolabs/talos@48dee4805 feat: support mtu for routes
siderolabs/talos@1c43c72ae docs: fix talos required kernel params
siderolabs/talos@67cc45ae3 release(v1.3.0-alpha.0): prepare release
siderolabs/talos@18c377a4d feat: customize audit policy
siderolabs/talos@23c9ea46b fix: raspberry pi install
siderolabs/talos@f17cdee16 feat: jsonpath filter for talosctl get outputs
siderolabs/talos@6bd3cca1a chore: generic raspberry pi images
siderolabs/talos@d914ab8bb chore: add vulncheck tool as a linter
siderolabs/talos@a0151aa13 feat: add generic rpi u-boot support
siderolabs/talos@30f851d09 chore: bump dependences
siderolabs/talos@8b2235c3b fix: lookup Equinix Metal bond slaves using 'permanent addr'
siderolabs/talos@b3257ebb1 chore: bump kernel to 5.15.70
siderolabs/talos@0b2767c16 feat: implement 'permanent addr' in link statuses
siderolabs/talos@c90e20251 fix: kubeconfig permission
siderolabs/talos@fc48849d0 chore: move maps/slices/ordered to gen module
siderolabs/talos@8b09bd4b0 feat: update Kubernetes to v1.26.0-alpha.1
siderolabs/talos@276d4175b chore: bump extension versions in testing
siderolabs/talos@357b770cb fix: cryptsetup delete slot
siderolabs/talos@711128839 fix: continue applying bootstrap manifests on some errors
siderolabs/talos@ce12c7b38 chore: update COSI runtime to v0.2.0-alpha.1
siderolabs/talos@1b435c0b3 chore: bump kernel + ice drivers
siderolabs/talos@18e041f1e docs: fix typo in patching example
siderolabs/talos@0ad6452ca feat: update CoreDNS to v1.10.0
siderolabs/talos@479f3f52e chore: bump dependencies
siderolabs/talos@e07c6ae99 feat: update Kubernetes to v1.25.1
siderolabs/talos@13fdfaffc test: fix up default branch name
siderolabs/talos@ef181321a docs: add component diagram; K8s & Talos Linux
siderolabs/talos@aade73643 docs: fix missing variable in OpenEBS docs
siderolabs/talos@472590aa8 chore: return InvalidArgument on invalid config in maintenance mode
siderolabs/talos@e5cabd42c feat: enable etcd consistency hashcheck
siderolabs/talos@015535d90 fix: update discovery client with the redirect fix
siderolabs/talos@d0c8e7699 chore: bump kernel and go
siderolabs/talos@985b0c2e7 chore: remove go.work.sum
siderolabs/talos@69124f102 feat: update etcd to v3.5.5
siderolabs/talos@1985a796c docs: update docs for pod security
siderolabs/talos@94b088f02 fix: set etcd options consistently
siderolabs/talos@92ae7ef4b fix: fix protoenc encoding for enums and types with custom encoders
siderolabs/talos@93809017c docs: cpu scaling governor knowledgebase
siderolabs/talos@7b270ff33 test: fix api controller test
siderolabs/talos@2dadcd669 fix: stop worker nodes from acting as apid routers
siderolabs/talos@9eaf33f3f fix: never sign client certificate requests in trustd
siderolabs/talos@436749124 feat: environment vars for extension service
siderolabs/talos@0c0cb671e chore: mark machine configuration validation failure as InvalidArgument
siderolabs/talos@f424e5340 fix: stop containers more thoroughly
siderolabs/talos@12827b861 chore: move "implements" checks to compile time
siderolabs/talos@3a67c42cb fix: kill the task processes when cleaning up stale task
siderolabs/talos@14a79e325 chore: bump dependencies
siderolabs/talos@9beee92e7 docs: fix double vv in Kubernetes version
siderolabs/talos@688272515 fix: use different username for Talos Kubernetes API access
siderolabs/talos@161a52a9e feat: check apid client certificate extended key usage
siderolabs/talos@9dadc4a59 fix: include all node addresses into etcd cert SANs
siderolabs/talos@71bfd3e43 feat: update CoreDNS to 1.9.4
siderolabs/talos@9df8f1ff1 fix: list COSI APIs for the apid authenticator
siderolabs/talos@31462450f fix: pass a pointer to specs.Mount into protoenc.Marshal
siderolabs/talos@e626540df chore: avoid double API request logging in trustd
siderolabs/talos@f62d17125 chore: update crypto to use new import path siderolabs/crypto
siderolabs/talos@ef27dd855 chore: bump dependencies
siderolabs/talos@6472ae00b fix: automatically discard VIPs for etcd advertised addresses
siderolabs/talos@5e21cca52 feat: support setting kernel parameters
siderolabs/talos@bd56621cd feat: add structprotogen tool
siderolabs/talos@cdb6bb2cc feat: add Nano Pi R4S support
siderolabs/talos@36c1f1d6e fix: flip the client-server version check
siderolabs/talos@cd6c53a97 docs: fork docs for v1.3
siderolabs/talos@0847400f7 fix: prevent panic on health check if a member has no IPs
siderolabs/talos@7471d7f01 feat: update Flannel to v0.19.2
siderolabs/talos@148c75cfb docs: consolidate the control-plane documentation
siderolabs/talos@353154281 fix: drop kube-system SA default binding
siderolabs/talos@4f37b668b chore: remove capi hacks
siderolabs/talos@1369afea8 docs: make 1.2.0 docs default ones
siderolabs/talos@7627cb0e3 docs: add new talosctl gen secrets
siderolabs/talos@8aa60a37a chore: bump kernel to 5.15.64
siderolabs/talos@a798dbd5d docs: update docs for upcoming 1.2.0 release
siderolabs/talos@b2fec3c97 fix: properly handle configContext being nil in Talos client
siderolabs/talos@1c0977b3a fix: change the type of returned gRPC connection object from the client
siderolabs/talos@41848e421 fix: expose Talos client gRPC connection via the function Conn
siderolabs/talos@2e9be4af8 chore: bump dependencies
siderolabs/talos@d283aba3a test: fix cli reboot test
siderolabs/talos@0b339a9dc feat: track progress of action API calls
siderolabs/talos@072349812 fix: update COSI to the version with gRPC Wait fix
siderolabs/talos@89d57aa81 fix: always abort the maintenance service
siderolabs/talos@f6fa74619 fix: limit apid backoff max delay
siderolabs/talos@d7ef346db fix: get command in the case 'nodes' are not set in the context
siderolabs/talos@4e9c32256 fix: correctly render hosts.toml with multiple endpoints
siderolabs/talos@cdd0f08bc feat: check client <> server version in some Talos commands
siderolabs/talos@446b0af58 chore: bump kernel and runc
siderolabs/talos@8c203ce9b feat: remove the machine from the discovery service on reset
siderolabs/talos@b59ca5810 chore: move from inet.af/netaddr to net/netip and go4.org/netipx
siderolabs/talos@053af1d59 fix: update etcd certificates when node addresses changes
siderolabs/talos@11edb2c6f test: re-enable upgrade tests
siderolabs/talos@0310e2089 chore: bump github.com/siderolabs/protoenc to v0.1.5
siderolabs/talos@29bd63240 chore: remove old build tags syntax
siderolabs/talos@b500d0aa9 chore: bump k8s to v1.25.0
siderolabs/talos@29e574be7 docs: update to v1.2.0-beta.1
siderolabs/talos@26b549f2a chore: bump dependencies
siderolabs/talos@8c3ac4c42 chore: limit GOMAXPROCS for Talos services
siderolabs/talos@361e85b74 fix: properly read kexec disabled sysctl
siderolabs/talos@cfe6c2bc2 docs: nvidia oss drivers
siderolabs/talos@2f2d97b6b fix: don't wait for the hostname in maintenance mode
siderolabs/talos@b15a63924 chore: bump kernel to 5.15.62
siderolabs/talos@a0d94be30 fix: stable default hostname bias
siderolabs/talos@da4cd34ef feat: update etcd advertised peer addresses on the fly
siderolabs/talos@faf92ce01 chore: bump kubernetes to v1.25.0-rc.1
siderolabs/talos@52de919e3 chore: bump containerd to v1.6.8
siderolabs/talos@7d43fc79b fix: make 'ca', 'crt' and 'key' flags optional for 'talosctl config add'
siderolabs/talos@fd467e02c fix: handle grub config being empty in the Revert function
siderolabs/talos@9492aca65 fix: clean up cancelCtxMu leftovers in PriorityLock
siderolabs/talos@61e3eb2ea fix: talosctl edit mc loop
siderolabs/talos@32db7a7f5 fix: surround cancelCtx with the mutex

Changes since v1.3.0-beta.0

siderolabs/talos@09da90f66 release(v1.3.0-beta.1): prepare release
siderolabs/talos@91844709e chore: disable single commit check
siderolabs/talos@a9673efa1 chore: remove watchErr from metal.getResource
siderolabs/talos@0bdec81ca fix: fix nil pointer panic and incorrect error output
siderolabs/talos@bce132f14 fix: workaround panic in the kubelet service controller
siderolabs/talos@e47e74452 fix: add ext4 filesystem detection
siderolabs/talos@2d03ef401 docs: expand help for 'talosctl get'
siderolabs/talos@810a550f1 fix: report errors to Equinix Metal event API
siderolabs/talos@1f382d8f7 fix: use only kube-apiserver endpoints for Talos API access endpoints
siderolabs/talos@44fce3073 feat: add talosctl machineconfig patch command
siderolabs/talos@89882dd2d fix: introduce 'overridePath' setting and fix Talos resolver
siderolabs/talos@1e520afbb fix: ignore many more filesystems in IMA
siderolabs/talos@2964b9327 fix: correctly handle new watch event types
siderolabs/talos@c8968a701 feat: add stdout and single config type support to talosctl gen config
siderolabs/talos@a5fccddaa feat: update Kubernetes to v1.26.0-rc.1
siderolabs/talos@9012e679a feat: update Flannel to 0.20.2
siderolabs/talos@8c563ae28 chore: update Go to 1.19.4
siderolabs/talos@63adb708c chore: bump kernel to 5.15.81

Changes from siderolabs/crypto

siderolabs/crypto@c3225ee feat: allow CSR template subject field to be overridden
siderolabs/crypto@8570669 chore: rename to siderolabs/crypto
siderolabs/crypto@e9df1b8 feat: add support for generating keys from RSA-SHA256 CAs
siderolabs/crypto@510b0d2 chore: add json tags
siderolabs/crypto@6fa2d93 fix: deepcopy nil fields as nil
siderolabs/crypto@9a63cba fix: add back support for generating ECDSA keys with P-256 and SHA512
siderolabs/crypto@893bc66 fix: use SHA256 for ECDSA-P256
siderolabs/crypto@deec8d4 chore: implement DeepCopy methods for PEMEncoded* types
siderolabs/crypto@d3cb772 feat: make possible to change KeyUsage
siderolabs/crypto@6bc5bb5 chore: remove unused argument
siderolabs/crypto@cd18ef6 feat: add support for several organizations
siderolabs/crypto@97c888b chore: add options to CSR
siderolabs/crypto@7776057 chore: fix typos
siderolabs/crypto@80df078 chore: remove named result parameters
siderolabs/crypto@15bdd28 chore: minor updates
siderolabs/crypto@4f80b97 fix: verify CSR signature before issuing a certificate
siderolabs/crypto@39584f1 feat: support for key/certificate types RSA, Ed25519, ECDSA
siderolabs/crypto@cf75519 fix: function NewKeyPair should create certificate with proper subject
siderolabs/crypto@751c95a feat: add 'PEMEncodedKey' which allows to transport keys in YAML
siderolabs/crypto@562c3b6 feat: add support for public RSA key in RSAKey
siderolabs/crypto@bda0e9c feat: enable more conversions between encoded and raw versions
siderolabs/crypto@e0dd56a feat: add NotBefore option for x509 cert creation
siderolabs/crypto@12a4897 feat: add support for SPKI fingerprint generation and matching
siderolabs/crypto@d0c3eef fix: implement NewKeyPair
siderolabs/crypto@196679e feat: move pkg/grpc/tls from github.com/talos-systems/talos as ./tls
siderolabs/crypto@1ff6242 chore: initial version as imported from talos-systems/talos
siderolabs/crypto@835063e chore: initial commit

Changes from siderolabs/discovery-api

siderolabs/discovery-api@5b0c5e7 chore: rename to siderolabs, rekres, etc
siderolabs/discovery-api@db279ef feat: initial set of APIs and generated files
siderolabs/discovery-api@ac52a37 chore: initial commit

Changes from siderolabs/discovery-client

siderolabs/discovery-client@a5c19c6 feat: provide public IP discovered from the server
siderolabs/discovery-client@230f317 fix: reconnect the client on update failure

Changes from siderolabs/extras

siderolabs/extras@3773d71 feat: update Go to 1.19.4
siderolabs/extras@b155fc9 chore: update pkgs to the latest tag
siderolabs/extras@4ba0e60 chore: bump dependencies
siderolabs/extras@b155fa0 chore: enable renovate
siderolabs/extras@8f00d77 feat: update tc-redirect-tap to the latest version
siderolabs/extras@7c91844 chore: bump go to 1.19.2

Changes from siderolabs/gen

siderolabs/gen@7c7ccc3 feat: introduce channel SendWithContext
siderolabs/gen@b3b6db8 fix: fix Copy documentation and implementation
siderolabs/gen@521f737 feat: add xerrors package which contains additions to the std errors
siderolabs/gen@726e066 fix: rename tuples.go to pair.go and set proper package name
siderolabs/gen@d8d7d25 chore: minor additions
siderolabs/gen@338a650 chore: add initial implementation and documentation
siderolabs/gen@4fd8667 Initial commit

Changes from siderolabs/go-blockdevice

siderolabs/go-blockdevice@e52e012 feat: add ext4 filesystem detection logic
siderolabs/go-blockdevice@694ac62 chore: update imports to siderolabs, rekres
siderolabs/go-blockdevice@dcf6044 chore: rekres and rename
siderolabs/go-blockdevice@9c4af49 fix: cryptsetup remove slot
siderolabs/go-blockdevice@74ea471 feat: add freebsd stubs
siderolabs/go-blockdevice@9fa801c feat: add ReadOnly attribute to Disk
siderolabs/go-blockdevice@fccee8b chore: rekres the source, fix issues
siderolabs/go-blockdevice@d9c3a27 feat: support probing FAT12/FAT16 filesystems
siderolabs/go-blockdevice@b374eb4 fix: align partition to 1M boundary by default
siderolabs/go-blockdevice@ec428fe fix: lookup filesystem labels on the actual device path
siderolabs/go-blockdevice@7b9de26 feat: read symlink fullpath in block device list function
siderolabs/go-blockdevice@6928ee4 refactor: rewrite GPT serialize/deserialize functions
siderolabs/go-blockdevice@0c7e429 refactor: simplify middle endian functions
siderolabs/go-blockdevice@15b182d fix: return partition table not exist when trying to read an empty dev
siderolabs/go-blockdevice@b9517d5 fix: resize partition
siderolabs/go-blockdevice@70d2865 fix: try to find cdrom disks
siderolabs/go-blockdevice@667bf53 fix: revert gpt partition not found
siderolabs/go-blockdevice@d7d4cdd fix: gpt partition not found
siderolabs/go-blockdevice@33afba3 fix: also open in readonly mode when running All lookup method
siderolabs/go-blockdevice@e367f9d feat: make probe always open blockdevices in readonly mode
siderolabs/go-blockdevice@d981156 fix: allow Build for Windows
siderolabs/go-blockdevice@fe24303 fix: perform correct PMBR partition calculations
siderolabs/go-blockdevice@2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
siderolabs/go-blockdevice@87816a8 feat: align partition to minimum I/O size
siderolabs/go-blockdevice@c34b59f feat: expose more encryption options in the LUKS module
siderolabs/go-blockdevice@30c2bc3 feat: mark MBR bootable
siderolabs/go-blockdevice@1292574 fix: make disk type matcher parser case insensitive
siderolabs/go-blockdevice@b77400e fix: properly detect nvme and sd card disk types
siderolabs/go-blockdevice@1d830a2 fix: revert mark the EFI partition in PMBR as bootable
siderolabs/go-blockdevice@bec914f fix: mark the EFI partition in PMBR as bootable
siderolabs/go-blockdevice@776b37d feat: add options to probe disk by various sysblock parameters
siderolabs/go-blockdevice@bb3ad73 fix: align partition start to physical sector size
siderolabs/go-blockdevice@8f976c2 feat: replace exec.Command with go-cmd module
siderolabs/go-blockdevice@1cf7f25 fix: properly handle no child processes error from cmd.Wait
siderolabs/go-blockdevice@04a9851 feat: implement luks encryption provider
siderolabs/go-blockdevice@b0375e4 feat: add an option to open block device with exclusive flock
siderolabs/go-blockdevice@5a1c7f7 refactor: add devname into gpt.Partition, refactor probe package
siderolabs/go-blockdevice@f2728a5 fix: keep contents of PMBR when writing it
siderolabs/go-blockdevice@2878460 fix: write second copy of partition entries
siderolabs/go-blockdevice@943b08b fix: blockdevice reset should read partition table from disk
siderolabs/go-blockdevice@5b4ee44 fix: ignore /dev/ram devices
siderolabs/go-blockdevice@98754ec refactor: rewrite GPT library
siderolabs/go-blockdevice@2a1baad fix: correctly build paths for mmcblk devices
siderolabs/go-blockdevice@8076344 fix: return proper disk size from GetDisks function
siderolabs/go-blockdevice@8742133 chore: add common method to list available disks using /sys/block
siderolabs/go-blockdevice@c4b5833 feat: implement "fast" wipe
siderolabs/go-blockdevice@b4e67d7 feat: return resize status from Resize() function
siderolabs/go-blockdevice@ceae64e fix: sync kernel partition table incrementally
siderolabs/go-blockdevice@2cb9516 fix: return correct error value from blkpg functions
siderolabs/go-blockdevice@cebe43d refactor: expose InsertAt method via interface
siderolabs/go-blockdevice@c40dcd8 fix: properly inform kernel about partition deletion
siderolabs/go-blockdevice@bb8ac5d feat: implement disk wiping via several methods
siderolabs/go-blockdevice@23fb7dc feat: expose partition name (label)
siderolabs/go-blockdevice@ff3a821 feat: implement 'InsertAt' method to insert partitions at any position
siderolabs/go-blockdevice@3d1ce4f fix: calculate last lba of partition correctly
siderolabs/go-blockdevice@b71540f feat: copy initial version from talos-systems/talos
siderolabs/go-blockdevice@ca3c078 Initial commit

Changes from siderolabs/go-circular

siderolabs/go-circular@507e0ec refactor: extract circular Go module
siderolabs/go-circular@2234b3a docs: add README

Changes from siderolabs/go-cmd

siderolabs/go-cmd@0aea518 chore: rekres and update
siderolabs/go-cmd@68eb006 feat: return typed error for exit error
siderolabs/go-cmd@333ccf1 feat: add stdin support into the Run methods
siderolabs/go-cmd@c5c8f1c feat: extract cmd module from Talos into a separate module
siderolabs/go-cmd@77685fc Initial commit

Changes from siderolabs/go-debug

siderolabs/go-debug@c1bc4bf chore: rekres, rename, etc
siderolabs/go-debug@3d0a6e1 feat: race build tag flag detector
siderolabs/go-debug@5b292e5 feat: disable memory profiling by default
siderolabs/go-debug@c6d0ae2 fix: linters and CI
siderolabs/go-debug@d969f95 feat: initial implementation
siderolabs/go-debug@b2044b7 Initial commit

Changes from siderolabs/go-kmsg

siderolabs/go-kmsg@e2a0000 chore: rekres, rename
siderolabs/go-kmsg@b08e4d3 feat: replace tab character with space in console output
siderolabs/go-kmsg@2edcd3a feat: add initial version
siderolabs/go-kmsg@53cdd8d chore: initial commit

Changes from siderolabs/go-kubeconfig

siderolabs/go-kubeconfig@e7fdd94 refactor: extract kubeconfig library as a Go module
siderolabs/go-kubeconfig@50e91b8 docs: add REAMDE

Changes from siderolabs/go-loadbalancer

siderolabs/go-loadbalancer@f54e3c9 chore: update dependencies to siderolabs, rekres
siderolabs/go-loadbalancer@438b71d chore: update package path and rekres
siderolabs/go-loadbalancer@5341eec feat: implement public method to check if the route is Healthy
siderolabs/go-loadbalancer@b578d47 feat: add a way to configure loadbalancer options
siderolabs/go-loadbalancer@c54d95d feat: implement control plane loadbalancer
siderolabs/go-loadbalancer@4a6e29e refactor: clean up names, fix the lingering goroutines
siderolabs/go-loadbalancer@af87d1c chore: apply new Kres rules
siderolabs/go-loadbalancer@a445702 feat: allow dial timeout and keep alive period to be configurable
siderolabs/go-loadbalancer@3c8f347 feat: provide a way to configure logger for the loadbalancer
siderolabs/go-loadbalancer@da8e987 feat: implement Reconcile - ability to change upstream list on the fly
siderolabs/go-loadbalancer@8b1dfa6 feat: copy initial version from talos-systems/talos
siderolabs/go-loadbalancer@c2f6a8f Initial commit

Changes from siderolabs/go-procfs

siderolabs/go-procfs@a062a4c chore: rekres, rename
siderolabs/go-procfs@8cbc42d feat: provide an option to overwrite some args in AppendAll
siderolabs/go-procfs@24d06a9 refactor: remove talos kernel default args
siderolabs/go-procfs@a82654e feat: implement SetAll method
siderolabs/go-procfs@16ce2ef fix: update cmdline.Set() to drop the value being overwritten
siderolabs/go-procfs@5a9a4a7 feat: update kernel args for new KSPP requirements
siderolabs/go-procfs@57c7311 refactor: change directory layout
siderolabs/go-procfs@a077c96 fix: fix go module name
siderolabs/go-procfs@698666f chore: move package to new repo
siderolabs/go-procfs@dabb425 Initial commit

Changes from siderolabs/go-retry

siderolabs/go-retry@6d45449 chore: rekres, rename
siderolabs/go-retry@c78cc95 fix: implement errors.Is for all errors in the set
siderolabs/go-retry@7885e16 feat: add ExpectedErrorf
siderolabs/go-retry@3d83f61 feat: deprecate UnexpectedError
siderolabs/go-retry@b9dc1a9 feat: add support for context.Context in Retry
siderolabs/go-retry@8c63d29 fix: correctly implement error interfaces on wrapped errors
siderolabs/go-retry@752f081 feat: add an option to log errors being retried
siderolabs/go-retry@073067b feat: copy initial version from talos-systems/talos
siderolabs/go-retry@c7968c5 Initial commit

Changes from siderolabs/go-smbios

siderolabs/go-smbios@10c1dd8 fix: check for end of the slice properly
siderolabs/go-smbios@9ca8ce7 chore: treat invalid strings as empty
siderolabs/go-smbios@dbc5f79 chore: rekres+rename
siderolabs/go-smbios@3f1e775 feat: rework destructuring of SMBIOS information and added some tests
siderolabs/go-smbios@fd5ec8c fix: remove useless (?) goroutines leading to data race error
siderolabs/go-smbios@d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6
siderolabs/go-smbios@fb425d4 feat: add memory device
siderolabs/go-smbios@0bb4f96 feat: add physical memory array
siderolabs/go-smbios@8019619 feat: supply wake-up type in SMBIOS info
siderolabs/go-smbios@94b8c4e feat: initial implementation
siderolabs/go-smbios@864ed80 Initial commit

Changes from siderolabs/go-tail

siderolabs/go-tail@962ae43 refactor: extract go-tail module
siderolabs/go-tail@359c3cb docs: initial commit

Changes from siderolabs/grpc-proxy

siderolabs/grpc-proxy@4cc7bbe chore: rename to siderolabs/grpc-proxy, rekres
siderolabs/grpc-proxy@2c586db feat: pass fullMethodName to GetConnection
siderolabs/grpc-proxy@6dfa2cc fix: ignore errors on duplicate SetHeader calls
siderolabs/grpc-proxy@b076302 fix: use io.EOF error when no backend connections are available
siderolabs/grpc-proxy@82daca0 docs: update README
siderolabs/grpc-proxy@fa6843a chore: fix spelling
siderolabs/grpc-proxy@c0a87d9 chore: major cleanup of the code and build
siderolabs/grpc-proxy@ca3bc61 fix: ignore some errors so that we don't spam the logs
siderolabs/grpc-proxy@5c579a7 feat: allow different formats for messages streaming/unary
siderolabs/grpc-proxy@6c9f7b3 fix: allow mode to be set for each request being proxied
siderolabs/grpc-proxy@cc91c09 refactor: provide better public API, enforce proxying mode
siderolabs/grpc-proxy@d8d3a75 chore: update import paths after repo move
siderolabs/grpc-proxy@dbf07a4 Merge pull request #7 from smira/one2many-4
siderolabs/grpc-proxy@fc0d27d More tests, small code fixes, updated README.
siderolabs/grpc-proxy@d9ce0b1 Merge pull request #6 from smira/one2many-3
siderolabs/grpc-proxy@2d37ba4 Support for one2many streaming calls, tests.
siderolabs/grpc-proxy@817b035 Merge pull request #5 from smira/one2many-2
siderolabs/grpc-proxy@436b338 More unary one-2-many tests, error propagation.
siderolabs/grpc-proxy@1f0cb46 Merge pull request #4 from smira/one2many-1
siderolabs/grpc-proxy@992a975 Proxying one to many: first iteration
siderolabs/grpc-proxy@a0988ff Merge pull request #3 from smira/small-fixups
siderolabs/grpc-proxy@e3111ef Small fixups in preparation to add one-to-many proxying.
siderolabs/grpc-proxy@6d76ffc Merge pull request #2 from smira/backend-concept
siderolabs/grpc-proxy@2aad63a Add concept of a 'Backend', but still one to one proxying
siderolabs/grpc-proxy@7cc4610 Merge pull request #1 from smira/build
siderolabs/grpc-proxy@37f01f3 Rework build to use GitHub Actions, linting updates.
siderolabs/grpc-proxy@0f1106e Move error checking further up (#34)
siderolabs/grpc-proxy@d5b35f6 Update gRPC and fix tests (#27)
siderolabs/grpc-proxy@67591eb Break StreamDirector interface, fix metadata propagation for gRPC-Go>1.5. (#20)
siderolabs/grpc-proxy@97396d9 Merge pull request #11 from mwitkow/fix-close-bug
siderolabs/grpc-proxy@3fcbd37 fixup closing conns
siderolabs/grpc-proxy@a8f5f87 fixup tests, extend readme
siderolabs/grpc-proxy@428fa1c Fix a channel closing bug
siderolabs/grpc-proxy@af55d61 Merge pull request #10 from mwitkow/bugfix/streaming-fix
siderolabs/grpc-proxy@de4d3db remove spurious printfs
siderolabs/grpc-proxy@84242c4 fix the "i don't know who finished" case
siderolabs/grpc-proxy@9b22f41 fix full duplex streaming
siderolabs/grpc-proxy@c2f7c98 update readme
siderolabs/grpc-proxy@d654141 update README
siderolabs/grpc-proxy@f457856 move to proxy subdirectory
siderolabs/grpc-proxy@4889d78 Add fixup scripts
siderolabs/grpc-proxy@ef60a37 version 2 of the grpc-proxy, this time with fewer grpc upstream deps
siderolabs/grpc-proxy@07aeac1 Merge pull request #2 from daniellowtw/master
siderolabs/grpc-proxy@e5c3df5 Fix compatibility with latest grpc library
siderolabs/grpc-proxy@52be0a5 bugfix: fix gRPC Java deadlock, due to different dispatch logic
siderolabs/grpc-proxy@822df7d Fix reference to mwitkow.
siderolabs/grpc-proxy@28341d1 move out forward logic to method, allowing for use as grpc.Server not found handler.
siderolabs/grpc-proxy@89e28b4 add reference to upstream grpc bug
siderolabs/grpc-proxy@00dd588 merge upstream grpc.Server changes changing the dispatch logic
siderolabs/grpc-proxy@77edc97 move to upstream protobuf from gogo
siderolabs/grpc-proxy@db71c3e initial commit, tested and working.

Changes from siderolabs/net

siderolabs/net@19eb1c4 feat: switch to use netip.Addr instead of net.IP
siderolabs/net@5b21171 chore: rename, rekres
siderolabs/net@409926a fix: parse correctly some IPv6 CIDRs
siderolabs/net@b4b7181 feat: add a way to filter list of IPs for the machine
siderolabs/net@0abe5bd feat: implement FilterIPs function
siderolabs/net@0519054 feat: add ParseCIDR
siderolabs/net@52c7509 feat: add a function to format IPs in CIDR notation
siderolabs/net@005a94f feat: add methods to manage CIDR list, check for non-local IPv6
siderolabs/net@8b56890 feat: add ValidateEndpointURI
siderolabs/net@402fa79 chore: apply kres to get the latest build scripts
siderolabs/net@c7bc477 chore: initial version of the package
siderolabs/net@393246a chore: initial commit

Changes from siderolabs/pkgs

siderolabs/pkgs@551787c feat: update Go 1.19.4, containerd to 1.6.11
siderolabs/pkgs@4e2ff68 chore: bump kernel to 5.15.81
siderolabs/pkgs@cf4a2b6 chore: update releases
siderolabs/pkgs@1e8df44 chore: bump depencies
siderolabs/pkgs@8b975a7 chore: bump deps
siderolabs/pkgs@b153ce6 chore: bump deps
siderolabs/pkgs@535b8f9 chore: update packages version
siderolabs/pkgs@66c77e9 feat: re-enable build kernel with BTF enabled
siderolabs/pkgs@98ef073 feat: enable INET_DIAG and FANOTFY_PERMISSIONS
siderolabs/pkgs@8fe5cbc chore: update dependencies
siderolabs/pkgs@554c0fe feat: add fanotify and kprobes kernel options
siderolabs/pkgs@54d7e5c fix: drbd package name
siderolabs/pkgs@b4cb9e2 feat: add 'drbd' package
siderolabs/pkgs@91e73b3 feat: update dependencies
siderolabs/pkgs@b6d0d96 chore: bump kernel to 5.15.72
siderolabs/pkgs@b16dfe9 chore: bump go to 1.19.2
siderolabs/pkgs@861cc32 chore: bump kernel to 5.15.71
siderolabs/pkgs@0ac7773 chore: use generic raspberry pi u-boot
siderolabs/pkgs@d5633d4 chore: bump kernel to 5.15.70
siderolabs/pkgs@39c0d43 feat: add generic rpi_arm64_defconfig configuration
siderolabs/pkgs@ed269ca chore: bump kernel to 5.15.69
siderolabs/pkgs@f2f8333 fix: no slack notifications on failure
siderolabs/pkgs@6f0af33 chore: disable drone slack pipeline for renovate
siderolabs/pkgs@32aea3f chore: disable drone for renovate/dependabot
siderolabs/pkgs@44579f0 fix: rollback xfsprogs to 5.18.0
siderolabs/pkgs@792c0e3 feat: add gasket driver package
siderolabs/pkgs@07f1898 chore: update deps
siderolabs/pkgs@f78f410 chore: enable conntrack zones and timestamps
siderolabs/pkgs@049b3c6 chore: enable intel ice drivers
siderolabs/pkgs@606ff32 chore: bump deps
siderolabs/pkgs@eee5c8a chore: disable irc in conntrack
siderolabs/pkgs@70e6c46 chore: bump kernel to 5.15.64
siderolabs/pkgs@e510321 chore: update renovate config
siderolabs/pkgs@d1fa510 feat: enable renovate bot
siderolabs/pkgs@e427a77 chore: bump runc to v1.1.4
siderolabs/pkgs@40e1215 chore: enable nfsv4.2 client support
siderolabs/pkgs@15efada chore: bump kernel to 5.15.63
siderolabs/pkgs@e70e3c1 fix: nvidia oss pkg name
siderolabs/pkgs@30b8d79 chore: bump kernel to 5.15.62
siderolabs/pkgs@862c392 chore: bump gcc to 12.2.0
siderolabs/pkgs@2ecd14e fix: containerd version
siderolabs/pkgs@01df058 feat: add NanoPi R4S configuration
siderolabs/pkgs@d4cb33b chore: bump containerd to v1.6.8

Changes from siderolabs/siderolink

siderolabs/siderolink@a92acc6 feat: set SideroLink MTU to 1280
siderolabs/siderolink@575c5cc refactor: drop dependency on Talos machinery package
siderolabs/siderolink@61ab1c4 fix: include MachineStatusEvent into the list of supported events
siderolabs/siderolink@16a84eb chore: rename to siderolabs/siderolink
siderolabs/siderolink@ca470c7 chore: update Talos to the latest master, migrate netaddr -> netip/x
siderolabs/siderolink@93b65f0 fix: ignore 'exist' error on interface managmeent
siderolabs/siderolink@3c4d9e0 chore: move IP to interface binding into NewDevice
siderolabs/siderolink@f0b5e39 feat: use kernel wireguard implementation when available
siderolabs/siderolink@1d2b7e1 feat: allow setting peer endpoint using peer event
siderolabs/siderolink@5d085d6 feat: expose wgDevice.Peers from the wireguard.Device wrapper
siderolabs/siderolink@3a5be65 fix: use correct method to generate Wireguard private key
siderolabs/siderolink@8318a7e feat: accept join token in Provision payload
siderolabs/siderolink@b38c192 fix: build on Windows
siderolabs/siderolink@9902ad2 feat: pass request context and node address to the events sink adapter
siderolabs/siderolink@d0612a7 refactor: pass in listener to the log receiver
siderolabs/siderolink@d86cdd5 feat: implement logreceiver for kernel logs
siderolabs/siderolink@f7cadbc fix: handle duplicate peer updates
siderolabs/siderolink@0755b24 feat: initial implementation of SideroLink
siderolabs/siderolink@ee73ea9 feat: add Talos events sink proto files and the reference implementation
siderolabs/siderolink@1e2cd9d Initial commit

Changes from siderolabs/tools

siderolabs/tools@712379c feat: update Go to 1.19.4
siderolabs/tools@ff41c0b chore: bump dependencies
siderolabs/tools@df6813e chore: bump dependencies
siderolabs/tools@5776dd8 chore: bump tools
siderolabs/tools@e8f92b3 chore: bump tools
siderolabs/tools@3b5f89a chore: update dependencies
siderolabs/tools@6402b99 feat: update OpenSSL to 1.1.1r
siderolabs/tools@00e91b1 feat: update releases
siderolabs/tools@a264809 chore: bump go to 1.19.2
siderolabs/tools@858cfe7 fix: no slack notifications on failure
siderolabs/tools@ed85950 chore: disable drone slack pipeline for renovate
siderolabs/tools@5df6589 chore: disable drone for renovate/dependabot
siderolabs/tools@1f00d2e fix: revert gawk to 5.1.1
siderolabs/tools@feeda1f chore: bump grpc-go
siderolabs/tools@8542014 chore: bump deps
siderolabs/tools@e5c4968 chore: update renovate config
siderolabs/tools@f34f94d chore: update renovate config
siderolabs/tools@cef4cc6 chore: update renovate config
siderolabs/tools@bab8e9e chore: add libbpf to tools
siderolabs/tools@0a15f7b chore: build pahole properly
siderolabs/tools@a322d06 chore: remove img
siderolabs/tools@c7ff47b feat: enable renovate dependency updates (3/3)
siderolabs/tools@6e095cf feat: enable renovate dependency updates (2/n)
siderolabs/tools@bad1ad1 feat: add renovatebot
siderolabs/tools@7d6f9c3 chore: bump gcc to 12.2.0
siderolabs/tools@2719b4b chore: bump toolchain

Dependency Changes

cloud.google.com/go/compute/metadata v0.2.1 new
github.com/BurntSushi/toml v1.2.0 -> v1.2.1
github.com/aws/aws-sdk-go v1.44.76 -> v1.44.147
github.com/cenkalti/backoff/v4 v4.1.3 -> v4.2.0
github.com/containerd/containerd v1.6.8 -> v1.6.11
github.com/cosi-project/runtime v0.1.1 -> v0.2.0
github.com/docker/docker v20.10.17 -> v20.10.21
github.com/emicklei/dot v1.0.0 -> v1.2.0
github.com/fsnotify/fsnotify v1.5.4 -> v1.6.0
github.com/gdamore/tcell/v2 v2.5.2 -> v2.5.3
github.com/google/go-cmp v0.5.8 -> v0.5.9
github.com/google/nftables 2eca00135732 -> 130caa4c31c9
github.com/hetznercloud/hcloud-go v1.35.2 -> v1.37.0
github.com/insomniacslk/dhcp 509691fd59ec -> f26e6d78f622
github.com/jsimonetti/rtnetlink v1.2.2 -> v1.3.0
github.com/mdlayher/ethtool 856bd6cb8a38 -> 0e16326d06d1
github.com/mdlayher/genetlink v1.2.0 -> v1.3.0
github.com/mdlayher/netlink v1.6.0 -> v1.7.0
github.com/opencontainers/image-spec c5a74bcca799 -> v1.1.0-rc2
github.com/packethost/packngo v0.25.0 -> v0.29.0
github.com/pmorjan/kmod v1.0.0 -> v1.1.0
github.com/rivo/tview 0e6b21a48e96 -> db36428c92d9
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.9 -> v1.0.0-beta.10
github.com/siderolabs/crypto v0.4.0 new
github.com/siderolabs/discovery-api v0.1.1 new
github.com/siderolabs/discovery-client v0.1.1 -> v0.1.3
github.com/siderolabs/extras v1.2.0 -> v1.3.0-1-g3773d71
github.com/siderolabs/gen v0.4.1 new
github.com/siderolabs/go-blockdevice v0.4.2 new
github.com/siderolabs/go-circular v0.1.0 new
github.com/siderolabs/go-cmd v0.1.1 new
github.com/siderolabs/go-debug v0.2.2 new
github.com/siderolabs/go-kmsg v0.1.2 new
github.com/siderolabs/go-kubeconfig v0.1.0 new
github.com/siderolabs/go-loadbalancer v0.2.1 new
github.com/siderolabs/go-procfs v0.1.1 new
github.com/siderolabs/go-retry v0.3.2 new
github.com/siderolabs/go-smbios v0.3.1 new
github.com/siderolabs/go-tail v0.1.0 new
github.com/siderolabs/grpc-proxy v0.4.0 new
github.com/siderolabs/net v0.4.0 new
github.com/siderolabs/pkgs v1.2.0-8-g970860d -> v1.3.0-2-g551787c
github.com/siderolabs/siderolink v0.3.1 new
github.com/siderolabs/talos/pkg/machinery v1.3.0-beta.1 new
github.com/siderolabs/tools v1.2.0 -> v1.3.0-1-g712379c
github.com/spf13/cobra v1.5.0 -> v1.6.1
github.com/stretchr/testify v1.8.0 -> v1.8.1
github.com/u-root/u-root v0.9.0 -> v0.10.0
github.com/vmware-tanzu/sonobuoy v0.56.9 -> v0.56.12
go.etcd.io/etcd/api/v3 v3.5.4 -> v3.5.6
go.etcd.io/etcd/client/pkg/v3 v3.5.4 -> v3.5.6
go.etcd.io/etcd/client/v3 v3.5.4 -> v3.5.6
go.etcd.io/etcd/etcdutl/v3 v3.5.4 -> v3.5.6
go.uber.org/atomic v1.9.0 -> v1.10.0
go.uber.org/multierr v1.8.0 new
go.uber.org/zap v1.22.0 -> v1.23.0
go4.org/netipx 797b0c90d8ab new
golang.org/x/net 3211cb980234 -> v0.4.0
golang.org/x/sync 886fb9371eb4 -> v0.1.0
golang.org/x/sys fbc7d0a398ab -> v0.3.0
golang.org/x/term a9ba230a4035 -> v0.3.0
golang.org/x/time e5dcc9cfc0b9 -> v0.2.0
golang.zx2c4.com/wireguard/wgctrl 3d4a969bb56b -> 97bc4ad4a1cb
google.golang.org/grpc v1.48.0 -> v1.51.0
k8s.io/api v0.25.0 -> v0.26.0-rc.1
k8s.io/apimachinery v0.25.0 -> v0.26.0-rc.1
k8s.io/apiserver v0.25.0 -> v0.26.0-rc.1
k8s.io/client-go v0.25.0 -> v0.26.0-rc.1
k8s.io/component-base v0.25.0 -> v0.26.0-rc.1
k8s.io/cri-api v0.25.0 -> v0.26.0-rc.1
k8s.io/klog/v2 v2.70.1 -> v2.80.1
k8s.io/kubectl v0.25.0 -> v0.26.0-rc.1
k8s.io/kubelet v0.25.0 -> v0.26.0-rc.1
kernel.org/pub/linux/libs/security/libcap/cap v1.2.65 -> v1.2.66

Previous release can be found at v1.2.0

Images

ghcr.io/siderolabs/flannel:v0.20.2
ghcr.io/siderolabs/install-cni:v1.3.0-1-g3773d71
docker.io/coredns/coredns:1.10.0
gcr.io/etcd-development/etcd:v3.5.6
registry.k8s.io/kube-apiserver:v1.26.0-rc.1
registry.k8s.io/kube-controller-manager:v1.26.0-rc.1
registry.k8s.io/kube-scheduler:v1.26.0-rc.1
registry.k8s.io/kube-proxy:v1.26.0-rc.1
ghcr.io/siderolabs/kubelet:v1.26.0-rc.1
ghcr.io/siderolabs/installer:v1.3.0-beta.1
registry.k8s.io/pause:3.6

talos - v1.3.0-beta.0

Published by talos-bot almost 2 years ago

Talos 1.3.0-beta.0 (2022-11-30)

Welcome to the v1.3.0-beta.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

kube-apiserver Audit Policy

Talos now supports setting custom audit policy for kube-apiserver in the machine configuration.

cgroups v1

machine:
  install:
    extraKernelArgs:
      - "talos.unified_cgroup_hierarchy=0"

Current cgroups mode can be checked with talosctl ls /sys/fs/cgroup:

cgroups v1:

blkio
cpu
cpuacct
cpuset
devices
freezer
hugetlb
memory
net_cls
net_prio
perf_event
pids

cgroups v2:

cgroup.controllers
cgroup.max.depth
cgroup.max.descendants
cgroup.procs
cgroup.stat
cgroup.subtree_control
cgroup.threads
cpu.stat
cpuset.cpus.effective
cpuset.mems.effective
init
io.stat
kubepods
memory.numa_stat
memory.stat
podruntime
system

Note: cgroupsv1 is deprecated and it should be used only for compatibility with workloads which don't support cgroupsv2 yet.

Kernel Command Line ip= Argument

Talos now supports referencing interface name via enxMAC address notation:

ip=172.20.0.2::172.20.0.1:255.255.255.0::enx7085c2dfbc59

CRI Configuration Overrides

Talos no longer supports CRI config overrides placed in /var/cri/conf.d directory.

New way correctly handles merging of containerd/CRI plugin configuration.

etcd Consistency Check

Talos enables --experimental-compact-hash-check-enabled option by default to improve
etcd store consistency guarantees.

This options is only available with etcd >= v3.5.5, so Talos doesn't support version of etcd before v3.5.5.

etcd Member ID

Command talosctl etcd remove-member now accepts member IDs instead of member names.

New resource can be used to get member ID of the Talos node:

talosctl get etcdmember

Exocale Platform

Talos now supports new platform: Exoscale.

Exoscale provides a firewall, TCP load balancer and autoscale groups.
It works well with CCM and Kubernetes node autoscaler.

Kernel Modules

Talos now supports settings kernel module parameters.

Eg:

machine:
  kernel:
    modules:
      - name: "br_netfilter"
        parameters:
          - nf_conntrack_max=131072

KubeSpan

KubeSpan MTU link size is now configurable via network.kubespan.mtu setting in the machine configuration.

Node Labels

Talos now supports specifying node labels in the machine configuration:

machine:
  nodeLabels:
    rack: rack1a
    zone: us-east-1a

Changes to the node labels will be applied immediately without kubelet restart.

Talos keeps track of the owned node labels in the talos.dev/owned-labels annotation.

registry.k8s.io

Talos now uses registry.k8s.io instead of k8s.gcr.io for Kubernetes container images.

See Kubernetes documentation for additional details.

If using registry mirrors, or in air-gapped installations you may need to update your configuration.

Routes

Talos now supports setting MTU for a specific route.

Nano Pi R4S

Talos now supports the Nano Pi R4S SBC.

Raspberry Generic Images

Encryption with secretbox

How to generate the secret:

dd if=/dev/random of=/dev/stdout bs=32 count=1 | base64

Static Pod Manifests

The directory "/etc/kubernetes/manifests" is now deprecated.
Static pods should always be configured in machine.pods.
To reenable support you may set machine.kubelet.disableManifestsDirectory.

Eg:

machine:
  kubelet:
    disableManifestsDirectory: no

Component Updates

Kubernetes: v1.26.0-rc.0
Flannel: v0.20.1
CoreDNS: v1.10.0
etcd: v3.5.6
Linux: 5.15.80
containerd: v1.6.10

Talos is built with Go 1.19.3.

Contributors

Andrey Smirnov
Noel Georgi
Andrey Smirnov
Michal Witkowski
Artem Chernyshev
Artem Chernyshev
Dmitriy Matrenichev
Serge Logvinov
Alexey Palazhchenko
Andrey Smirnov
Philipp Sauter
Steve Francis
Utku Ozdemir
Andrew Rynhard
Andrew Rynhard
Tim Jones
Seán C McCord
Kris Reeves
Marvin Drees
Spencer Smith
Alexandre Mclean
Branden Cash
Brandon Nason
Cameron Brunner
DJAlPee
Daniel Low
Gerard de Leeuw
Jack Wink
Jon Stelly
Martin Stone
Matt Zahorik
Maxim Makarov
Michael Vorburger ⛑️
Olli Janatuinen
Pau Campana
Rubens Farias
Sander Maijers
Spencer Smith
ankitm123
emattiza
killcity

Changes

siderolabs/talos@788d5c91e release(v1.3.0-beta.0): prepare release
siderolabs/talos@2ebe410e9 feat: update COSI to v0.2.0
siderolabs/talos@00388651b chore: bump pkgs and Go dependencies
siderolabs/talos@bbb56840e chore: update protobuf API descriptors for 1.3.0
siderolabs/talos@fdbd380f6 feat: use 'registry.k8s.io' for Kubernetes images
siderolabs/talos@1103c5ad2 feat: implement pre-flight checks in the installer
siderolabs/talos@4a052eadf fix: disable kexec on upgrades from pre-BTF kernel
siderolabs/talos@732c459ec fix: parse and apply DHCP settings properly from cmdline
siderolabs/talos@a9e9d71b2 fix: parse correctly upgrade cmd force flag
siderolabs/talos@e85e64d6f docs: document metal-iso configuration method
siderolabs/talos@c27adbe54 docs: update getting started
siderolabs/talos@260684a93 chore: use build-container image for s3cmd
siderolabs/talos@ee7a4777a chore: bump dependencies
siderolabs/talos@49a4b1494 docs: clarify talosctl apply-config & talosctl get machineconfig
siderolabs/talos@a58c3d669 feat: hcloud location properties
siderolabs/talos@6bce06f62 feat: update etcd 3.5.6
siderolabs/talos@c54bea128 fix: don't publish external IPs as affiliate addresses
siderolabs/talos@54d9032ce test: fix log streaming for conformance tests
siderolabs/talos@e432579d4 feat: kubespan node endpoints filter
siderolabs/talos@6430ce1ef fix: limit SideroLink Wireguard link MTU to 1280
siderolabs/talos@1f1128028 chore: add flag to force talos cluster folder deletion
siderolabs/talos@d9c2c6f0a chore: update Kubernetes Go modules to 0.26.0-rc.1
siderolabs/talos@3d30ce6d7 feat: add util function to extract GRPC status from error
siderolabs/talos@9e44341c4 release(v1.3.0-alpha.2): prepare release
siderolabs/talos@aa56aed79 feat: publish discovered public IP as one of the KubeSpan endpoint
siderolabs/talos@9382443ba feat: update Kubernetes to v1.26.0-rc.0
siderolabs/talos@6ffc381c5 feat: implement CRI configuration customization
siderolabs/talos@e1e340bdd feat: expose Talos node labels as a machine configuration field
siderolabs/talos@c78bbbfda docs: specify that only XFS partitions are detected
siderolabs/talos@b881a9a79 chore: bump dependencies
siderolabs/talos@5bfd7dbfa test: fix assertion on reboot test
siderolabs/talos@1cfb6188b feat: implement support for cgroupsv1
siderolabs/talos@3866d0e33 feat: update Kubernetes to v1.26.0-beta.0
siderolabs/talos@e1590ba7b fix: lifecycle action tracking
siderolabs/talos@804762c59 feat: add timeout to cli action tracking, track by default & refactor
siderolabs/talos@4e114ca12 feat: use the etcd member id for etcd operations instead of hostname
siderolabs/talos@06fea2441 feat: expand platform metadata resources
siderolabs/talos@03a20da9d fix: filter up duplicate IPs out of NodeAddresses
siderolabs/talos@6b771bc73 chore: bump deps
siderolabs/talos@96aa9638f chore: rename talos-systems/talos to siderolabs/talos
siderolabs/talos@30bbf6463 refactor: use siderolabs/net version with netip.Addr
siderolabs/talos@343c55762 chore: replace talos-systems Go modules with siderolabs
siderolabs/talos@0301bbe93 fix: check if processes is nil to avoid panic
siderolabs/talos@08e7e49a2 test: update versions for upgrade tests
siderolabs/talos@0b41923c3 fix: restore the StaticPodStatus resource
siderolabs/talos@1947092ae chore: introduce a healthcheck for machined service
siderolabs/talos@3333cd93c fix: generate correct Flannel config for IPv6-only clusters
siderolabs/talos@d7070f5e7 release(v1.3.0-alpha.1): prepare release
siderolabs/talos@869f3b5a5 feat: network configuration improvements on the OpenStack platform
siderolabs/talos@29f2195e1 feat: support exoscale cloud
siderolabs/talos@8b4ae08d1 fix: etcd snapshot command on Windows
siderolabs/talos@8bfa7ac1d feat: platform metadata resource
siderolabs/talos@7e50e24c0 fix: properly cleanup legacy static pod manifests directory
siderolabs/talos@6ee47bcc6 fix: support serving config for qemu launcher on IPv6
siderolabs/talos@6c3d11b49 docs: admission control patch note
siderolabs/talos@4ea3b99b5 fix: serve static pod files on 127.0.0.1 instead of localhost
siderolabs/talos@23842114f feat: support encryption with secretbox
siderolabs/talos@f6773c472 docs: talos support on equinix metal
siderolabs/talos@b307160f6 chore: bump dependencies
siderolabs/talos@d7edd0e2e refactor: use go-circular, go-kubeconfig, and go-tail
siderolabs/talos@c6e1702ec feat: use URL-based manifests to present static pods to the kubelet
siderolabs/talos@136a795e5 docs: update system requirements to mention dedicated disk usage
siderolabs/talos@879e8c0bf chore: update kernel with BTF support
siderolabs/talos@ceb0cd99a feat: implement Talos API auth using SideroV1 signatures
siderolabs/talos@e6fba7d3b chore: update dependencies
siderolabs/talos@93e55b85f chore: bump golangci-lint to v1.50.0
siderolabs/talos@aa3d9b4ca fix: regenerate cert on node labeling retry
siderolabs/talos@021c73c35 fix: lowercase nodename
siderolabs/talos@b902036e1 docs: update office hours time link
siderolabs/talos@7fcb8c681 feat: update Flannel to v0.20.0
siderolabs/talos@dc70d892a fix: support setting KubeSpan link MTU
siderolabs/talos@7d52bad37 feat: update Linux to 5.15.73
siderolabs/talos@9c78b3aff feat: update Kubernetes to v1.26.0-alpha.2
siderolabs/talos@94913a672 docs: add lofty to talos adopters
siderolabs/talos@0a0bdfe16 docs: add Tremor Video to adopters
siderolabs/talos@b7b1d4fd6 feat: use readonly containers
siderolabs/talos@d210338e3 fix: skip protobuf full unmarshaling for some talosctl commands
siderolabs/talos@b3c679d18 chore: bump dependencies
siderolabs/talos@993743f63 fix: skip hostname via DHCP on OpenStack platform
siderolabs/talos@db076e7b5 feat: pin interface by mac address in cmdline args
siderolabs/talos@63de93722 fix: update go-smbios to v0.3.1
siderolabs/talos@49e9f808e chore: bump kernel and go
siderolabs/talos@c7372144d docs: add constraints to upgrade docs
siderolabs/talos@c71c8ca18 docs: consolidate, simplify and correct various docs
siderolabs/talos@06f76bfeb chore: bump dependencies
siderolabs/talos@b1c421b9a chore: publish ami's with imds v2 enabled
siderolabs/talos@195c40ab5 docs: add information about applicable use cases of disk encryption
siderolabs/talos@54a687fb8 docs: consolidate and expand on discovery service
siderolabs/talos@139c62d76 feat: allow upgrades in maintenance mode (only over SideroLink)
siderolabs/talos@48dee4805 feat: support mtu for routes
siderolabs/talos@1c43c72ae docs: fix talos required kernel params
siderolabs/talos@67cc45ae3 release(v1.3.0-alpha.0): prepare release
siderolabs/talos@18c377a4d feat: customize audit policy
siderolabs/talos@23c9ea46b fix: raspberry pi install
siderolabs/talos@f17cdee16 feat: jsonpath filter for talosctl get outputs
siderolabs/talos@6bd3cca1a chore: generic raspberry pi images
siderolabs/talos@d914ab8bb chore: add vulncheck tool as a linter
siderolabs/talos@a0151aa13 feat: add generic rpi u-boot support
siderolabs/talos@30f851d09 chore: bump dependences
siderolabs/talos@8b2235c3b fix: lookup Equinix Metal bond slaves using 'permanent addr'
siderolabs/talos@b3257ebb1 chore: bump kernel to 5.15.70
siderolabs/talos@0b2767c16 feat: implement 'permanent addr' in link statuses
siderolabs/talos@c90e20251 fix: kubeconfig permission
siderolabs/talos@fc48849d0 chore: move maps/slices/ordered to gen module
siderolabs/talos@8b09bd4b0 feat: update Kubernetes to v1.26.0-alpha.1
siderolabs/talos@276d4175b chore: bump extension versions in testing
siderolabs/talos@357b770cb fix: cryptsetup delete slot
siderolabs/talos@711128839 fix: continue applying bootstrap manifests on some errors
siderolabs/talos@ce12c7b38 chore: update COSI runtime to v0.2.0-alpha.1
siderolabs/talos@1b435c0b3 chore: bump kernel + ice drivers
siderolabs/talos@18e041f1e docs: fix typo in patching example
siderolabs/talos@0ad6452ca feat: update CoreDNS to v1.10.0
siderolabs/talos@479f3f52e chore: bump dependencies
siderolabs/talos@e07c6ae99 feat: update Kubernetes to v1.25.1
siderolabs/talos@13fdfaffc test: fix up default branch name
siderolabs/talos@ef181321a docs: add component diagram; K8s & Talos Linux
siderolabs/talos@aade73643 docs: fix missing variable in OpenEBS docs
siderolabs/talos@472590aa8 chore: return InvalidArgument on invalid config in maintenance mode
siderolabs/talos@e5cabd42c feat: enable etcd consistency hashcheck
siderolabs/talos@015535d90 fix: update discovery client with the redirect fix
siderolabs/talos@d0c8e7699 chore: bump kernel and go
siderolabs/talos@985b0c2e7 chore: remove go.work.sum
siderolabs/talos@69124f102 feat: update etcd to v3.5.5
siderolabs/talos@1985a796c docs: update docs for pod security
siderolabs/talos@94b088f02 fix: set etcd options consistently
siderolabs/talos@92ae7ef4b fix: fix protoenc encoding for enums and types with custom encoders
siderolabs/talos@93809017c docs: cpu scaling governor knowledgebase
siderolabs/talos@7b270ff33 test: fix api controller test
siderolabs/talos@2dadcd669 fix: stop worker nodes from acting as apid routers
siderolabs/talos@9eaf33f3f fix: never sign client certificate requests in trustd
siderolabs/talos@436749124 feat: environment vars for extension service
siderolabs/talos@0c0cb671e chore: mark machine configuration validation failure as InvalidArgument
siderolabs/talos@f424e5340 fix: stop containers more thoroughly
siderolabs/talos@12827b861 chore: move "implements" checks to compile time
siderolabs/talos@3a67c42cb fix: kill the task processes when cleaning up stale task
siderolabs/talos@14a79e325 chore: bump dependencies
siderolabs/talos@9beee92e7 docs: fix double vv in Kubernetes version
siderolabs/talos@688272515 fix: use different username for Talos Kubernetes API access
siderolabs/talos@161a52a9e feat: check apid client certificate extended key usage
siderolabs/talos@9dadc4a59 fix: include all node addresses into etcd cert SANs
siderolabs/talos@71bfd3e43 feat: update CoreDNS to 1.9.4
siderolabs/talos@9df8f1ff1 fix: list COSI APIs for the apid authenticator
siderolabs/talos@31462450f fix: pass a pointer to specs.Mount into protoenc.Marshal
siderolabs/talos@e626540df chore: avoid double API request logging in trustd
siderolabs/talos@f62d17125 chore: update crypto to use new import path siderolabs/crypto
siderolabs/talos@ef27dd855 chore: bump dependencies
siderolabs/talos@6472ae00b fix: automatically discard VIPs for etcd advertised addresses
siderolabs/talos@5e21cca52 feat: support setting kernel parameters
siderolabs/talos@bd56621cd feat: add structprotogen tool
siderolabs/talos@cdb6bb2cc feat: add Nano Pi R4S support
siderolabs/talos@36c1f1d6e fix: flip the client-server version check
siderolabs/talos@cd6c53a97 docs: fork docs for v1.3
siderolabs/talos@0847400f7 fix: prevent panic on health check if a member has no IPs
siderolabs/talos@7471d7f01 feat: update Flannel to v0.19.2
siderolabs/talos@148c75cfb docs: consolidate the control-plane documentation
siderolabs/talos@353154281 fix: drop kube-system SA default binding
siderolabs/talos@4f37b668b chore: remove capi hacks
siderolabs/talos@1369afea8 docs: make 1.2.0 docs default ones
siderolabs/talos@7627cb0e3 docs: add new talosctl gen secrets
siderolabs/talos@8aa60a37a chore: bump kernel to 5.15.64
siderolabs/talos@a798dbd5d docs: update docs for upcoming 1.2.0 release
siderolabs/talos@b2fec3c97 fix: properly handle configContext being nil in Talos client
siderolabs/talos@1c0977b3a fix: change the type of returned gRPC connection object from the client
siderolabs/talos@41848e421 fix: expose Talos client gRPC connection via the function Conn
siderolabs/talos@2e9be4af8 chore: bump dependencies
siderolabs/talos@d283aba3a test: fix cli reboot test
siderolabs/talos@0b339a9dc feat: track progress of action API calls
siderolabs/talos@072349812 fix: update COSI to the version with gRPC Wait fix
siderolabs/talos@89d57aa81 fix: always abort the maintenance service
siderolabs/talos@f6fa74619 fix: limit apid backoff max delay
siderolabs/talos@d7ef346db fix: get command in the case 'nodes' are not set in the context
siderolabs/talos@4e9c32256 fix: correctly render hosts.toml with multiple endpoints
siderolabs/talos@cdd0f08bc feat: check client <> server version in some Talos commands
siderolabs/talos@446b0af58 chore: bump kernel and runc
siderolabs/talos@8c203ce9b feat: remove the machine from the discovery service on reset
siderolabs/talos@b59ca5810 chore: move from inet.af/netaddr to net/netip and go4.org/netipx
siderolabs/talos@053af1d59 fix: update etcd certificates when node addresses changes
siderolabs/talos@11edb2c6f test: re-enable upgrade tests
siderolabs/talos@0310e2089 chore: bump github.com/siderolabs/protoenc to v0.1.5
siderolabs/talos@29bd63240 chore: remove old build tags syntax
siderolabs/talos@b500d0aa9 chore: bump k8s to v1.25.0
siderolabs/talos@29e574be7 docs: update to v1.2.0-beta.1
siderolabs/talos@26b549f2a chore: bump dependencies
siderolabs/talos@8c3ac4c42 chore: limit GOMAXPROCS for Talos services
siderolabs/talos@361e85b74 fix: properly read kexec disabled sysctl
siderolabs/talos@cfe6c2bc2 docs: nvidia oss drivers
siderolabs/talos@2f2d97b6b fix: don't wait for the hostname in maintenance mode
siderolabs/talos@b15a63924 chore: bump kernel to 5.15.62
siderolabs/talos@a0d94be30 fix: stable default hostname bias
siderolabs/talos@da4cd34ef feat: update etcd advertised peer addresses on the fly
siderolabs/talos@faf92ce01 chore: bump kubernetes to v1.25.0-rc.1
siderolabs/talos@52de919e3 chore: bump containerd to v1.6.8
siderolabs/talos@7d43fc79b fix: make 'ca', 'crt' and 'key' flags optional for 'talosctl config add'
siderolabs/talos@fd467e02c fix: handle grub config being empty in the Revert function
siderolabs/talos@9492aca65 fix: clean up cancelCtxMu leftovers in PriorityLock
siderolabs/talos@61e3eb2ea fix: talosctl edit mc loop
siderolabs/talos@32db7a7f5 fix: surround cancelCtx with the mutex

Changes since v1.3.0-alpha.2

siderolabs/talos@788d5c91e release(v1.3.0-beta.0): prepare release
siderolabs/talos@2ebe410e9 feat: update COSI to v0.2.0
siderolabs/talos@00388651b chore: bump pkgs and Go dependencies
siderolabs/talos@bbb56840e chore: update protobuf API descriptors for 1.3.0
siderolabs/talos@fdbd380f6 feat: use 'registry.k8s.io' for Kubernetes images
siderolabs/talos@1103c5ad2 feat: implement pre-flight checks in the installer
siderolabs/talos@4a052eadf fix: disable kexec on upgrades from pre-BTF kernel
siderolabs/talos@732c459ec fix: parse and apply DHCP settings properly from cmdline
siderolabs/talos@a9e9d71b2 fix: parse correctly upgrade cmd force flag
siderolabs/talos@e85e64d6f docs: document metal-iso configuration method
siderolabs/talos@c27adbe54 docs: update getting started
siderolabs/talos@260684a93 chore: use build-container image for s3cmd
siderolabs/talos@ee7a4777a chore: bump dependencies
siderolabs/talos@49a4b1494 docs: clarify talosctl apply-config & talosctl get machineconfig
siderolabs/talos@a58c3d669 feat: hcloud location properties
siderolabs/talos@6bce06f62 feat: update etcd 3.5.6
siderolabs/talos@c54bea128 fix: don't publish external IPs as affiliate addresses
siderolabs/talos@54d9032ce test: fix log streaming for conformance tests
siderolabs/talos@e432579d4 feat: kubespan node endpoints filter
siderolabs/talos@6430ce1ef fix: limit SideroLink Wireguard link MTU to 1280
siderolabs/talos@1f1128028 chore: add flag to force talos cluster folder deletion
siderolabs/talos@d9c2c6f0a chore: update Kubernetes Go modules to 0.26.0-rc.1
siderolabs/talos@3d30ce6d7 feat: add util function to extract GRPC status from error

Changes from siderolabs/crypto

siderolabs/crypto@c3225ee feat: allow CSR template subject field to be overridden
siderolabs/crypto@8570669 chore: rename to siderolabs/crypto
siderolabs/crypto@e9df1b8 feat: add support for generating keys from RSA-SHA256 CAs
siderolabs/crypto@510b0d2 chore: add json tags
siderolabs/crypto@6fa2d93 fix: deepcopy nil fields as nil
siderolabs/crypto@9a63cba fix: add back support for generating ECDSA keys with P-256 and SHA512
siderolabs/crypto@893bc66 fix: use SHA256 for ECDSA-P256
siderolabs/crypto@deec8d4 chore: implement DeepCopy methods for PEMEncoded* types
siderolabs/crypto@d3cb772 feat: make possible to change KeyUsage
siderolabs/crypto@6bc5bb5 chore: remove unused argument
siderolabs/crypto@cd18ef6 feat: add support for several organizations
siderolabs/crypto@97c888b chore: add options to CSR
siderolabs/crypto@7776057 chore: fix typos
siderolabs/crypto@80df078 chore: remove named result parameters
siderolabs/crypto@15bdd28 chore: minor updates
siderolabs/crypto@4f80b97 fix: verify CSR signature before issuing a certificate
siderolabs/crypto@39584f1 feat: support for key/certificate types RSA, Ed25519, ECDSA
siderolabs/crypto@cf75519 fix: function NewKeyPair should create certificate with proper subject
siderolabs/crypto@751c95a feat: add 'PEMEncodedKey' which allows to transport keys in YAML
siderolabs/crypto@562c3b6 feat: add support for public RSA key in RSAKey
siderolabs/crypto@bda0e9c feat: enable more conversions between encoded and raw versions
siderolabs/crypto@e0dd56a feat: add NotBefore option for x509 cert creation
siderolabs/crypto@12a4897 feat: add support for SPKI fingerprint generation and matching
siderolabs/crypto@d0c3eef fix: implement NewKeyPair
siderolabs/crypto@196679e feat: move pkg/grpc/tls from github.com/talos-systems/talos as ./tls
siderolabs/crypto@1ff6242 chore: initial version as imported from talos-systems/talos
siderolabs/crypto@835063e chore: initial commit

Changes from siderolabs/discovery-api

siderolabs/discovery-api@5b0c5e7 chore: rename to siderolabs, rekres, etc
siderolabs/discovery-api@db279ef feat: initial set of APIs and generated files
siderolabs/discovery-api@ac52a37 chore: initial commit

Changes from siderolabs/discovery-client

siderolabs/discovery-client@a5c19c6 feat: provide public IP discovered from the server
siderolabs/discovery-client@230f317 fix: reconnect the client on update failure

Changes from siderolabs/extras

siderolabs/extras@b155fc9 chore: update pkgs to the latest tag
siderolabs/extras@4ba0e60 chore: bump dependencies
siderolabs/extras@b155fa0 chore: enable renovate
siderolabs/extras@8f00d77 feat: update tc-redirect-tap to the latest version
siderolabs/extras@7c91844 chore: bump go to 1.19.2

Changes from siderolabs/gen

siderolabs/gen@7c7ccc3 feat: introduce channel SendWithContext
siderolabs/gen@b3b6db8 fix: fix Copy documentation and implementation
siderolabs/gen@521f737 feat: add xerrors package which contains additions to the std errors
siderolabs/gen@726e066 fix: rename tuples.go to pair.go and set proper package name
siderolabs/gen@d8d7d25 chore: minor additions
siderolabs/gen@338a650 chore: add initial implementation and documentation
siderolabs/gen@4fd8667 Initial commit

Changes from siderolabs/go-blockdevice

siderolabs/go-blockdevice@694ac62 chore: update imports to siderolabs, rekres
siderolabs/go-blockdevice@dcf6044 chore: rekres and rename
siderolabs/go-blockdevice@9c4af49 fix: cryptsetup remove slot
siderolabs/go-blockdevice@74ea471 feat: add freebsd stubs
siderolabs/go-blockdevice@9fa801c feat: add ReadOnly attribute to Disk
siderolabs/go-blockdevice@fccee8b chore: rekres the source, fix issues
siderolabs/go-blockdevice@d9c3a27 feat: support probing FAT12/FAT16 filesystems
siderolabs/go-blockdevice@b374eb4 fix: align partition to 1M boundary by default
siderolabs/go-blockdevice@ec428fe fix: lookup filesystem labels on the actual device path
siderolabs/go-blockdevice@7b9de26 feat: read symlink fullpath in block device list function
siderolabs/go-blockdevice@6928ee4 refactor: rewrite GPT serialize/deserialize functions
siderolabs/go-blockdevice@0c7e429 refactor: simplify middle endian functions
siderolabs/go-blockdevice@15b182d fix: return partition table not exist when trying to read an empty dev
siderolabs/go-blockdevice@b9517d5 fix: resize partition
siderolabs/go-blockdevice@70d2865 fix: try to find cdrom disks
siderolabs/go-blockdevice@667bf53 fix: revert gpt partition not found
siderolabs/go-blockdevice@d7d4cdd fix: gpt partition not found
siderolabs/go-blockdevice@33afba3 fix: also open in readonly mode when running All lookup method
siderolabs/go-blockdevice@e367f9d feat: make probe always open blockdevices in readonly mode
siderolabs/go-blockdevice@d981156 fix: allow Build for Windows
siderolabs/go-blockdevice@fe24303 fix: perform correct PMBR partition calculations
siderolabs/go-blockdevice@2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
siderolabs/go-blockdevice@87816a8 feat: align partition to minimum I/O size
siderolabs/go-blockdevice@c34b59f feat: expose more encryption options in the LUKS module
siderolabs/go-blockdevice@30c2bc3 feat: mark MBR bootable
siderolabs/go-blockdevice@1292574 fix: make disk type matcher parser case insensitive
siderolabs/go-blockdevice@b77400e fix: properly detect nvme and sd card disk types
siderolabs/go-blockdevice@1d830a2 fix: revert mark the EFI partition in PMBR as bootable
siderolabs/go-blockdevice@bec914f fix: mark the EFI partition in PMBR as bootable
siderolabs/go-blockdevice@776b37d feat: add options to probe disk by various sysblock parameters
siderolabs/go-blockdevice@bb3ad73 fix: align partition start to physical sector size
siderolabs/go-blockdevice@8f976c2 feat: replace exec.Command with go-cmd module
siderolabs/go-blockdevice@1cf7f25 fix: properly handle no child processes error from cmd.Wait
siderolabs/go-blockdevice@04a9851 feat: implement luks encryption provider
siderolabs/go-blockdevice@b0375e4 feat: add an option to open block device with exclusive flock
siderolabs/go-blockdevice@5a1c7f7 refactor: add devname into gpt.Partition, refactor probe package
siderolabs/go-blockdevice@f2728a5 fix: keep contents of PMBR when writing it
siderolabs/go-blockdevice@2878460 fix: write second copy of partition entries
siderolabs/go-blockdevice@943b08b fix: blockdevice reset should read partition table from disk
siderolabs/go-blockdevice@5b4ee44 fix: ignore /dev/ram devices
siderolabs/go-blockdevice@98754ec refactor: rewrite GPT library
siderolabs/go-blockdevice@2a1baad fix: correctly build paths for mmcblk devices
siderolabs/go-blockdevice@8076344 fix: return proper disk size from GetDisks function
siderolabs/go-blockdevice@8742133 chore: add common method to list available disks using /sys/block
siderolabs/go-blockdevice@c4b5833 feat: implement "fast" wipe
siderolabs/go-blockdevice@b4e67d7 feat: return resize status from Resize() function
siderolabs/go-blockdevice@ceae64e fix: sync kernel partition table incrementally
siderolabs/go-blockdevice@2cb9516 fix: return correct error value from blkpg functions
siderolabs/go-blockdevice@cebe43d refactor: expose InsertAt method via interface
siderolabs/go-blockdevice@c40dcd8 fix: properly inform kernel about partition deletion
siderolabs/go-blockdevice@bb8ac5d feat: implement disk wiping via several methods
siderolabs/go-blockdevice@23fb7dc feat: expose partition name (label)
siderolabs/go-blockdevice@ff3a821 feat: implement 'InsertAt' method to insert partitions at any position
siderolabs/go-blockdevice@3d1ce4f fix: calculate last lba of partition correctly
siderolabs/go-blockdevice@b71540f feat: copy initial version from talos-systems/talos
siderolabs/go-blockdevice@ca3c078 Initial commit

Changes from siderolabs/go-circular

siderolabs/go-circular@507e0ec refactor: extract circular Go module
siderolabs/go-circular@2234b3a docs: add README

Changes from siderolabs/go-cmd

siderolabs/go-cmd@0aea518 chore: rekres and update
siderolabs/go-cmd@68eb006 feat: return typed error for exit error
siderolabs/go-cmd@333ccf1 feat: add stdin support into the Run methods
siderolabs/go-cmd@c5c8f1c feat: extract cmd module from Talos into a separate module
siderolabs/go-cmd@77685fc Initial commit

Changes from siderolabs/go-debug

siderolabs/go-debug@c1bc4bf chore: rekres, rename, etc
siderolabs/go-debug@3d0a6e1 feat: race build tag flag detector
siderolabs/go-debug@5b292e5 feat: disable memory profiling by default
siderolabs/go-debug@c6d0ae2 fix: linters and CI
siderolabs/go-debug@d969f95 feat: initial implementation
siderolabs/go-debug@b2044b7 Initial commit

Changes from siderolabs/go-kmsg

siderolabs/go-kmsg@e2a0000 chore: rekres, rename
siderolabs/go-kmsg@b08e4d3 feat: replace tab character with space in console output
siderolabs/go-kmsg@2edcd3a feat: add initial version
siderolabs/go-kmsg@53cdd8d chore: initial commit

Changes from siderolabs/go-kubeconfig

siderolabs/go-kubeconfig@e7fdd94 refactor: extract kubeconfig library as a Go module
siderolabs/go-kubeconfig@50e91b8 docs: add REAMDE

Changes from siderolabs/go-loadbalancer

siderolabs/go-loadbalancer@f54e3c9 chore: update dependencies to siderolabs, rekres
siderolabs/go-loadbalancer@438b71d chore: update package path and rekres
siderolabs/go-loadbalancer@5341eec feat: implement public method to check if the route is Healthy
siderolabs/go-loadbalancer@b578d47 feat: add a way to configure loadbalancer options
siderolabs/go-loadbalancer@c54d95d feat: implement control plane loadbalancer
siderolabs/go-loadbalancer@4a6e29e refactor: clean up names, fix the lingering goroutines
siderolabs/go-loadbalancer@af87d1c chore: apply new Kres rules
siderolabs/go-loadbalancer@a445702 feat: allow dial timeout and keep alive period to be configurable
siderolabs/go-loadbalancer@3c8f347 feat: provide a way to configure logger for the loadbalancer
siderolabs/go-loadbalancer@da8e987 feat: implement Reconcile - ability to change upstream list on the fly
siderolabs/go-loadbalancer@8b1dfa6 feat: copy initial version from talos-systems/talos
siderolabs/go-loadbalancer@c2f6a8f Initial commit

Changes from siderolabs/go-procfs

siderolabs/go-procfs@a062a4c chore: rekres, rename
siderolabs/go-procfs@8cbc42d feat: provide an option to overwrite some args in AppendAll
siderolabs/go-procfs@24d06a9 refactor: remove talos kernel default args
siderolabs/go-procfs@a82654e feat: implement SetAll method
siderolabs/go-procfs@16ce2ef fix: update cmdline.Set() to drop the value being overwritten
siderolabs/go-procfs@5a9a4a7 feat: update kernel args for new KSPP requirements
siderolabs/go-procfs@57c7311 refactor: change directory layout
siderolabs/go-procfs@a077c96 fix: fix go module name
siderolabs/go-procfs@698666f chore: move package to new repo
siderolabs/go-procfs@dabb425 Initial commit

Changes from siderolabs/go-retry

siderolabs/go-retry@6d45449 chore: rekres, rename
siderolabs/go-retry@c78cc95 fix: implement errors.Is for all errors in the set
siderolabs/go-retry@7885e16 feat: add ExpectedErrorf
siderolabs/go-retry@3d83f61 feat: deprecate UnexpectedError
siderolabs/go-retry@b9dc1a9 feat: add support for context.Context in Retry
siderolabs/go-retry@8c63d29 fix: correctly implement error interfaces on wrapped errors
siderolabs/go-retry@752f081 feat: add an option to log errors being retried
siderolabs/go-retry@073067b feat: copy initial version from talos-systems/talos
siderolabs/go-retry@c7968c5 Initial commit

Changes from siderolabs/go-smbios

siderolabs/go-smbios@10c1dd8 fix: check for end of the slice properly
siderolabs/go-smbios@9ca8ce7 chore: treat invalid strings as empty
siderolabs/go-smbios@dbc5f79 chore: rekres+rename
siderolabs/go-smbios@3f1e775 feat: rework destructuring of SMBIOS information and added some tests
siderolabs/go-smbios@fd5ec8c fix: remove useless (?) goroutines leading to data race error
siderolabs/go-smbios@d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6
siderolabs/go-smbios@fb425d4 feat: add memory device
siderolabs/go-smbios@0bb4f96 feat: add physical memory array
siderolabs/go-smbios@8019619 feat: supply wake-up type in SMBIOS info
siderolabs/go-smbios@94b8c4e feat: initial implementation
siderolabs/go-smbios@864ed80 Initial commit

Changes from siderolabs/go-tail

siderolabs/go-tail@962ae43 refactor: extract go-tail module
siderolabs/go-tail@359c3cb docs: initial commit

Changes from siderolabs/grpc-proxy

siderolabs/grpc-proxy@4cc7bbe chore: rename to siderolabs/grpc-proxy, rekres
siderolabs/grpc-proxy@2c586db feat: pass fullMethodName to GetConnection
siderolabs/grpc-proxy@6dfa2cc fix: ignore errors on duplicate SetHeader calls
siderolabs/grpc-proxy@b076302 fix: use io.EOF error when no backend connections are available
siderolabs/grpc-proxy@82daca0 docs: update README
siderolabs/grpc-proxy@fa6843a chore: fix spelling
siderolabs/grpc-proxy@c0a87d9 chore: major cleanup of the code and build
siderolabs/grpc-proxy@ca3bc61 fix: ignore some errors so that we don't spam the logs
siderolabs/grpc-proxy@5c579a7 feat: allow different formats for messages streaming/unary
siderolabs/grpc-proxy@6c9f7b3 fix: allow mode to be set for each request being proxied
siderolabs/grpc-proxy@cc91c09 refactor: provide better public API, enforce proxying mode
siderolabs/grpc-proxy@d8d3a75 chore: update import paths after repo move
siderolabs/grpc-proxy@dbf07a4 Merge pull request #7 from smira/one2many-4
siderolabs/grpc-proxy@fc0d27d More tests, small code fixes, updated README.
siderolabs/grpc-proxy@d9ce0b1 Merge pull request #6 from smira/one2many-3
siderolabs/grpc-proxy@2d37ba4 Support for one2many streaming calls, tests.
siderolabs/grpc-proxy@817b035 Merge pull request #5 from smira/one2many-2
siderolabs/grpc-proxy@436b338 More unary one-2-many tests, error propagation.
siderolabs/grpc-proxy@1f0cb46 Merge pull request #4 from smira/one2many-1
siderolabs/grpc-proxy@992a975 Proxying one to many: first iteration
siderolabs/grpc-proxy@a0988ff Merge pull request #3 from smira/small-fixups
siderolabs/grpc-proxy@e3111ef Small fixups in preparation to add one-to-many proxying.
siderolabs/grpc-proxy@6d76ffc Merge pull request #2 from smira/backend-concept
siderolabs/grpc-proxy@2aad63a Add concept of a 'Backend', but still one to one proxying
siderolabs/grpc-proxy@7cc4610 Merge pull request #1 from smira/build
siderolabs/grpc-proxy@37f01f3 Rework build to use GitHub Actions, linting updates.
siderolabs/grpc-proxy@0f1106e Move error checking further up (#34)
siderolabs/grpc-proxy@d5b35f6 Update gRPC and fix tests (#27)
siderolabs/grpc-proxy@67591eb Break StreamDirector interface, fix metadata propagation for gRPC-Go>1.5. (#20)
siderolabs/grpc-proxy@97396d9 Merge pull request #11 from mwitkow/fix-close-bug
siderolabs/grpc-proxy@3fcbd37 fixup closing conns
siderolabs/grpc-proxy@a8f5f87 fixup tests, extend readme
siderolabs/grpc-proxy@428fa1c Fix a channel closing bug
siderolabs/grpc-proxy@af55d61 Merge pull request #10 from mwitkow/bugfix/streaming-fix
siderolabs/grpc-proxy@de4d3db remove spurious printfs
siderolabs/grpc-proxy@84242c4 fix the "i don't know who finished" case
siderolabs/grpc-proxy@9b22f41 fix full duplex streaming
siderolabs/grpc-proxy@c2f7c98 update readme
siderolabs/grpc-proxy@d654141 update README
siderolabs/grpc-proxy@f457856 move to proxy subdirectory
siderolabs/grpc-proxy@4889d78 Add fixup scripts
siderolabs/grpc-proxy@ef60a37 version 2 of the grpc-proxy, this time with fewer grpc upstream deps
siderolabs/grpc-proxy@07aeac1 Merge pull request #2 from daniellowtw/master
siderolabs/grpc-proxy@e5c3df5 Fix compatibility with latest grpc library
siderolabs/grpc-proxy@52be0a5 bugfix: fix gRPC Java deadlock, due to different dispatch logic
siderolabs/grpc-proxy@822df7d Fix reference to mwitkow.
siderolabs/grpc-proxy@28341d1 move out forward logic to method, allowing for use as grpc.Server not found handler.
siderolabs/grpc-proxy@89e28b4 add reference to upstream grpc bug
siderolabs/grpc-proxy@00dd588 merge upstream grpc.Server changes changing the dispatch logic
siderolabs/grpc-proxy@77edc97 move to upstream protobuf from gogo
siderolabs/grpc-proxy@db71c3e initial commit, tested and working.

Changes from siderolabs/net

siderolabs/net@19eb1c4 feat: switch to use netip.Addr instead of net.IP
siderolabs/net@5b21171 chore: rename, rekres
siderolabs/net@409926a fix: parse correctly some IPv6 CIDRs
siderolabs/net@b4b7181 feat: add a way to filter list of IPs for the machine
siderolabs/net@0abe5bd feat: implement FilterIPs function
siderolabs/net@0519054 feat: add ParseCIDR
siderolabs/net@52c7509 feat: add a function to format IPs in CIDR notation
siderolabs/net@005a94f feat: add methods to manage CIDR list, check for non-local IPv6
siderolabs/net@8b56890 feat: add ValidateEndpointURI
siderolabs/net@402fa79 chore: apply kres to get the latest build scripts
siderolabs/net@c7bc477 chore: initial version of the package
siderolabs/net@393246a chore: initial commit

Changes from siderolabs/pkgs

siderolabs/pkgs@cf4a2b6 chore: update releases
siderolabs/pkgs@1e8df44 chore: bump depencies
siderolabs/pkgs@8b975a7 chore: bump deps
siderolabs/pkgs@b153ce6 chore: bump deps
siderolabs/pkgs@535b8f9 chore: update packages version
siderolabs/pkgs@66c77e9 feat: re-enable build kernel with BTF enabled
siderolabs/pkgs@98ef073 feat: enable INET_DIAG and FANOTFY_PERMISSIONS
siderolabs/pkgs@8fe5cbc chore: update dependencies
siderolabs/pkgs@554c0fe feat: add fanotify and kprobes kernel options
siderolabs/pkgs@54d7e5c fix: drbd package name
siderolabs/pkgs@b4cb9e2 feat: add 'drbd' package
siderolabs/pkgs@91e73b3 feat: update dependencies
siderolabs/pkgs@b6d0d96 chore: bump kernel to 5.15.72
siderolabs/pkgs@b16dfe9 chore: bump go to 1.19.2
siderolabs/pkgs@861cc32 chore: bump kernel to 5.15.71
siderolabs/pkgs@0ac7773 chore: use generic raspberry pi u-boot
siderolabs/pkgs@d5633d4 chore: bump kernel to 5.15.70
siderolabs/pkgs@39c0d43 feat: add generic rpi_arm64_defconfig configuration
siderolabs/pkgs@ed269ca chore: bump kernel to 5.15.69
siderolabs/pkgs@f2f8333 fix: no slack notifications on failure
siderolabs/pkgs@6f0af33 chore: disable drone slack pipeline for renovate
siderolabs/pkgs@32aea3f chore: disable drone for renovate/dependabot
siderolabs/pkgs@44579f0 fix: rollback xfsprogs to 5.18.0
siderolabs/pkgs@792c0e3 feat: add gasket driver package
siderolabs/pkgs@07f1898 chore: update deps
siderolabs/pkgs@f78f410 chore: enable conntrack zones and timestamps
siderolabs/pkgs@049b3c6 chore: enable intel ice drivers
siderolabs/pkgs@606ff32 chore: bump deps
siderolabs/pkgs@eee5c8a chore: disable irc in conntrack
siderolabs/pkgs@70e6c46 chore: bump kernel to 5.15.64
siderolabs/pkgs@e510321 chore: update renovate config
siderolabs/pkgs@d1fa510 feat: enable renovate bot
siderolabs/pkgs@e427a77 chore: bump runc to v1.1.4
siderolabs/pkgs@40e1215 chore: enable nfsv4.2 client support
siderolabs/pkgs@15efada chore: bump kernel to 5.15.63
siderolabs/pkgs@e70e3c1 fix: nvidia oss pkg name
siderolabs/pkgs@30b8d79 chore: bump kernel to 5.15.62
siderolabs/pkgs@862c392 chore: bump gcc to 12.2.0
siderolabs/pkgs@2ecd14e fix: containerd version
siderolabs/pkgs@01df058 feat: add NanoPi R4S configuration
siderolabs/pkgs@d4cb33b chore: bump containerd to v1.6.8

Changes from siderolabs/siderolink

siderolabs/siderolink@a92acc6 feat: set SideroLink MTU to 1280
siderolabs/siderolink@575c5cc refactor: drop dependency on Talos machinery package
siderolabs/siderolink@61ab1c4 fix: include MachineStatusEvent into the list of supported events
siderolabs/siderolink@16a84eb chore: rename to siderolabs/siderolink
siderolabs/siderolink@ca470c7 chore: update Talos to the latest master, migrate netaddr -> netip/x
siderolabs/siderolink@93b65f0 fix: ignore 'exist' error on interface managmeent
siderolabs/siderolink@3c4d9e0 chore: move IP to interface binding into NewDevice
siderolabs/siderolink@f0b5e39 feat: use kernel wireguard implementation when available
siderolabs/siderolink@1d2b7e1 feat: allow setting peer endpoint using peer event
siderolabs/siderolink@5d085d6 feat: expose wgDevice.Peers from the wireguard.Device wrapper
siderolabs/siderolink@3a5be65 fix: use correct method to generate Wireguard private key
siderolabs/siderolink@8318a7e feat: accept join token in Provision payload
siderolabs/siderolink@b38c192 fix: build on Windows
siderolabs/siderolink@9902ad2 feat: pass request context and node address to the events sink adapter
siderolabs/siderolink@d0612a7 refactor: pass in listener to the log receiver
siderolabs/siderolink@d86cdd5 feat: implement logreceiver for kernel logs
siderolabs/siderolink@f7cadbc fix: handle duplicate peer updates
siderolabs/siderolink@0755b24 feat: initial implementation of SideroLink
siderolabs/siderolink@ee73ea9 feat: add Talos events sink proto files and the reference implementation
siderolabs/siderolink@1e2cd9d Initial commit

Changes from siderolabs/tools

siderolabs/tools@ff41c0b chore: bump dependencies
siderolabs/tools@df6813e chore: bump dependencies
siderolabs/tools@5776dd8 chore: bump tools
siderolabs/tools@e8f92b3 chore: bump tools
siderolabs/tools@3b5f89a chore: update dependencies
siderolabs/tools@6402b99 feat: update OpenSSL to 1.1.1r
siderolabs/tools@00e91b1 feat: update releases
siderolabs/tools@a264809 chore: bump go to 1.19.2
siderolabs/tools@858cfe7 fix: no slack notifications on failure
siderolabs/tools@ed85950 chore: disable drone slack pipeline for renovate
siderolabs/tools@5df6589 chore: disable drone for renovate/dependabot
siderolabs/tools@1f00d2e fix: revert gawk to 5.1.1
siderolabs/tools@feeda1f chore: bump grpc-go
siderolabs/tools@8542014 chore: bump deps
siderolabs/tools@e5c4968 chore: update renovate config
siderolabs/tools@f34f94d chore: update renovate config
siderolabs/tools@cef4cc6 chore: update renovate config
siderolabs/tools@bab8e9e chore: add libbpf to tools
siderolabs/tools@0a15f7b chore: build pahole properly
siderolabs/tools@a322d06 chore: remove img
siderolabs/tools@c7ff47b feat: enable renovate dependency updates (3/3)
siderolabs/tools@6e095cf feat: enable renovate dependency updates (2/n)
siderolabs/tools@bad1ad1 feat: add renovatebot
siderolabs/tools@7d6f9c3 chore: bump gcc to 12.2.0
siderolabs/tools@2719b4b chore: bump toolchain

Dependency Changes

cloud.google.com/go/compute/metadata v0.2.1 new
github.com/BurntSushi/toml v1.2.0 -> v1.2.1
github.com/aws/aws-sdk-go v1.44.76 -> v1.44.147
github.com/cenkalti/backoff/v4 v4.1.3 -> v4.2.0
github.com/containerd/containerd v1.6.8 -> v1.6.10
github.com/cosi-project/runtime v0.1.1 -> v0.2.0
github.com/docker/docker v20.10.17 -> v20.10.21
github.com/emicklei/dot v1.0.0 -> v1.2.0
github.com/fsnotify/fsnotify v1.5.4 -> v1.6.0
github.com/gdamore/tcell/v2 v2.5.2 -> v2.5.3
github.com/google/go-cmp v0.5.8 -> v0.5.9
github.com/google/nftables 2eca00135732 -> 130caa4c31c9
github.com/hetznercloud/hcloud-go v1.35.2 -> v1.37.0
github.com/insomniacslk/dhcp 509691fd59ec -> f26e6d78f622
github.com/jsimonetti/rtnetlink v1.2.2 -> v1.3.0
github.com/mdlayher/ethtool 856bd6cb8a38 -> 0e16326d06d1
github.com/mdlayher/genetlink v1.2.0 -> v1.3.0
github.com/mdlayher/netlink v1.6.0 -> v1.7.0
github.com/opencontainers/image-spec c5a74bcca799 -> v1.1.0-rc2
github.com/packethost/packngo v0.25.0 -> v0.29.0
github.com/pmorjan/kmod v1.0.0 -> v1.1.0
github.com/rivo/tview 0e6b21a48e96 -> db36428c92d9
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.9 -> v1.0.0-beta.10
github.com/siderolabs/crypto v0.4.0 new
github.com/siderolabs/discovery-api v0.1.1 new
github.com/siderolabs/discovery-client v0.1.1 -> v0.1.3
github.com/siderolabs/extras v1.2.0 -> v1.3.0
github.com/siderolabs/gen v0.4.1 new
github.com/siderolabs/go-blockdevice v0.4.1 new
github.com/siderolabs/go-circular v0.1.0 new
github.com/siderolabs/go-cmd v0.1.1 new
github.com/siderolabs/go-debug v0.2.2 new
github.com/siderolabs/go-kmsg v0.1.2 new
github.com/siderolabs/go-kubeconfig v0.1.0 new
github.com/siderolabs/go-loadbalancer v0.2.1 new
github.com/siderolabs/go-procfs v0.1.1 new
github.com/siderolabs/go-retry v0.3.2 new
github.com/siderolabs/go-smbios v0.3.1 new
github.com/siderolabs/go-tail v0.1.0 new
github.com/siderolabs/grpc-proxy v0.4.0 new
github.com/siderolabs/net v0.4.0 new
github.com/siderolabs/pkgs v1.2.0-8-g970860d -> v1.3.0
github.com/siderolabs/siderolink v0.3.1 new
github.com/siderolabs/talos/pkg/machinery v1.3.0-beta.0 new
github.com/siderolabs/tools v1.2.0 -> v1.3.0
github.com/spf13/cobra v1.5.0 -> v1.6.1
github.com/stretchr/testify v1.8.0 -> v1.8.1
github.com/u-root/u-root v0.9.0 -> v0.10.0
github.com/vmware-tanzu/sonobuoy v0.56.9 -> v0.56.12
go.etcd.io/etcd/api/v3 v3.5.4 -> v3.5.6
go.etcd.io/etcd/client/pkg/v3 v3.5.4 -> v3.5.6
go.etcd.io/etcd/client/v3 v3.5.4 -> v3.5.6
go.etcd.io/etcd/etcdutl/v3 v3.5.4 -> v3.5.6
go.uber.org/atomic v1.9.0 -> v1.10.0
go.uber.org/zap v1.22.0 -> v1.23.0
go4.org/netipx 797b0c90d8ab new
golang.org/x/net 3211cb980234 -> v0.2.0
golang.org/x/sync 886fb9371eb4 -> v0.1.0
golang.org/x/sys fbc7d0a398ab -> v0.2.0
golang.org/x/term a9ba230a4035 -> v0.2.0
golang.org/x/time e5dcc9cfc0b9 -> v0.2.0
golang.zx2c4.com/wireguard/wgctrl 3d4a969bb56b -> 97bc4ad4a1cb
google.golang.org/grpc v1.48.0 -> v1.51.0
k8s.io/api v0.25.0 -> v0.26.0-rc.0
k8s.io/apimachinery v0.25.0 -> v0.26.0-rc.0
k8s.io/apiserver v0.25.0 -> v0.26.0-rc.0
k8s.io/client-go v0.25.0 -> v0.26.0-rc.0
k8s.io/component-base v0.25.0 -> v0.26.0-rc.0
k8s.io/cri-api v0.25.0 -> v0.26.0-rc.0
k8s.io/klog/v2 v2.70.1 -> v2.80.1
k8s.io/kubectl v0.25.0 -> v0.26.0-rc.0
k8s.io/kubelet v0.25.0 -> v0.26.0-rc.0
kernel.org/pub/linux/libs/security/libcap/cap v1.2.65 -> v1.2.66

Previous release can be found at v1.2.0

Images

ghcr.io/siderolabs/flannel:v0.20.1
ghcr.io/siderolabs/install-cni:v1.3.0
docker.io/coredns/coredns:1.10.0
gcr.io/etcd-development/etcd:v3.5.6
registry.k8s.io/kube-apiserver:v1.26.0-rc.0
registry.k8s.io/kube-controller-manager:v1.26.0-rc.0
registry.k8s.io/kube-scheduler:v1.26.0-rc.0
registry.k8s.io/kube-proxy:v1.26.0-rc.0
ghcr.io/siderolabs/kubelet:v1.26.0-rc.0
ghcr.io/siderolabs/installer:v1.3.0-beta.0
registry.k8s.io/pause:3.6

talos -

Published by talos-bot almost 2 years ago

Talos 1.2.7 (2022-11-22)

Welcome to the v1.2.7 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Kubernetes: v1.25.4
Linux: 5.15.79

Contributors

Andrey Smirnov

Changes

siderolabs/talos@facc3d124 release(v1.2.7): prepare release
siderolabs/talos@54f1b0e19 fix: limit SideroLink Wireguard link MTU to 1280
siderolabs/talos@bd8ca9da4 fix: generate correct Flannel config for IPv6-only clusters
siderolabs/talos@f9b5cd822 chore: introduce a healthcheck for machined service
siderolabs/talos@e29f306cf feat: update Linux to 5.15.79
siderolabs/talos@4361c14bd feat: update Kubernetes to v1.25.4

Changes from siderolabs/pkgs

siderolabs/pkgs@23c0dfd feat: update Linux to 5.15.79

Dependency Changes

github.com/siderolabs/pkgs v1.2.0-19-gf3dfac7 -> v1.2.0-20-g23c0dfd
github.com/talos-systems/talos/pkg/machinery v1.2.6 -> v1.2.7
k8s.io/api v0.25.3 -> v0.25.4
k8s.io/apimachinery v0.25.3 -> v0.25.4
k8s.io/apiserver v0.25.3 -> v0.25.4
k8s.io/client-go v0.25.3 -> v0.25.4
k8s.io/component-base v0.25.3 -> v0.25.4
k8s.io/kubectl v0.25.3 -> v0.25.4
k8s.io/kubelet v0.25.3 -> v0.25.4

Previous release can be found at v1.2.6

Images

ghcr.io/siderolabs/flannel:v0.19.2
ghcr.io/siderolabs/install-cni:v1.2.0-2-gf14175f
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.5
k8s.gcr.io/kube-apiserver:v1.25.4
k8s.gcr.io/kube-controller-manager:v1.25.4
k8s.gcr.io/kube-scheduler:v1.25.4
k8s.gcr.io/kube-proxy:v1.25.4
ghcr.io/siderolabs/kubelet:v1.25.4
ghcr.io/siderolabs/installer:v1.2.7
k8s.gcr.io/pause:3.6

talos - v1.3.0-alpha.2

Published by talos-bot almost 2 years ago

Talos 1.3.0-alpha.2 (2022-11-17)

Welcome to the v1.3.0-alpha.2 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

kube-apiserver Audit Policy

Talos now supports setting custom audit policy for kube-apiserver in the machine configuration.

cgroups v1

machine:
  install:
    extraKernelArgs:
      - "talos.unified_cgroup_hierarchy=0"

Current cgroups mode can be checked with talosctl ls /sys/fs/cgroup:

cgroups v1:

blkio
cpu
cpuacct
cpuset
devices
freezer
hugetlb
memory
net_cls
net_prio
perf_event
pids

cgroups v2:

cgroup.controllers
cgroup.max.depth
cgroup.max.descendants
cgroup.procs
cgroup.stat
cgroup.subtree_control
cgroup.threads
cpu.stat
cpuset.cpus.effective
cpuset.mems.effective
init
io.stat
kubepods
memory.numa_stat
memory.stat
podruntime
system

Note: cgroupsv1 is deprecated and it should be used only for compatibility with workloads which don't support cgroupsv2 yet.

Kernel Command Line ip= Argument

Talos now supports referencing interface name via enxMAC address notation:

ip=172.20.0.2::172.20.0.1:255.255.255.0::enx7085c2dfbc59

CRI Configuration Overrides

Talos no longer supports CRI config overrides placed in /var/cri/conf.d directory.

New way correctly handles merging of containerd/CRI plugin configuration.

etcd Consistency Check

Talos enables --experimental-compact-hash-check-enabled option by default to improve
etcd store consistency guarantees.

This options is only available with etcd >= v3.5.5, so Talos doesn't support version of etcd before v3.5.5.

etcd Member ID

Command talosctl etcd remove-member now accepts member IDs instead of member names.

New resource can be used to get member ID of the Talos node:

talosctl get etcdmember

Exocale Platform

Talos now supports new platform: Exoscale.

Exoscale provides a firewall, TCP load balancer and autoscale groups.
It works well with CCM and Kubernetes node autoscaler.

Kernel Modules

Talos now supports settings kernel module parameters.

Eg:

machine:
  kernel:
    modules:
      - name: "br_netfilter"
        parameters:
          - nf_conntrack_max=131072

KubeSpan

KubeSpan MTU link size is now configurable via network.kubespan.mtu setting in the machine configuration.

Node Labels

Talos now supports specifying node labels in the machine configuration:

machine:
  nodeLabels:
    rack: rack1a
    zone: us-east-1a

Changes to the node labels will be applied immediately without kubelet restart.

Talos keeps track of the owned node labels in the talos.dev/owned-labels annotation.

Routes

Talos now supports setting MTU for a specific route.

Nano Pi R4S

Talos now supports the Nano Pi R4S SBC.

Raspberry Generic Images

Encryption with secretbox

How to generate the secret:

dd if=/dev/random of=/dev/stdout bs=32 count=1 | base64

Static Pod Manifests

The directory "/etc/kubernetes/manifests" is now deprecated.
Static pods should always be configured in machine.pods.
To reenable support you may set machine.kubelet.disableManifestsDirectory.

Eg:

machine:
  kubelet:
    disableManifestsDirectory: no

Component Updates

Kubernetes: v1.26.0-rc.0
Flannel: v0.20.1
CoreDNS: v1.10.0
etcd: v3.5.5
Linux: 5.15.77
containerd: v1.6.9

Talos is built with Go 1.19.3.

Contributors

Andrey Smirnov
Noel Georgi
Andrey Smirnov
Michal Witkowski
Artem Chernyshev
Artem Chernyshev
Dmitriy Matrenichev
Alexey Palazhchenko
Serge Logvinov
Andrey Smirnov
Philipp Sauter
Andrew Rynhard
Steve Francis
Utku Ozdemir
Andrew Rynhard
Tim Jones
Seán C McCord
Kris Reeves
Marvin Drees
Spencer Smith
Branden Cash
Brandon Nason
Cameron Brunner
DJAlPee
Daniel Low
Gerard de Leeuw
Jack Wink
Jon Stelly
Martin Stone
Matt Zahorik
Maxim Makarov
Olli Janatuinen
Pau Campana
Rubens Farias
Sander Maijers
Spencer Smith
ankitm123
emattiza
killcity

Changes

siderolabs/talos@9e44341c4 release(v1.3.0-alpha.2): prepare release
siderolabs/talos@aa56aed79 feat: publish discovered public IP as one of the KubeSpan endpoint
siderolabs/talos@9382443ba feat: update Kubernetes to v1.26.0-rc.0
siderolabs/talos@6ffc381c5 feat: implement CRI configuration customization
siderolabs/talos@e1e340bdd feat: expose Talos node labels as a machine configuration field
siderolabs/talos@c78bbbfda docs: specify that only XFS partitions are detected
siderolabs/talos@b881a9a79 chore: bump dependencies
siderolabs/talos@5bfd7dbfa test: fix assertion on reboot test
siderolabs/talos@1cfb6188b feat: implement support for cgroupsv1
siderolabs/talos@3866d0e33 feat: update Kubernetes to v1.26.0-beta.0
siderolabs/talos@e1590ba7b fix: lifecycle action tracking
siderolabs/talos@804762c59 feat: add timeout to cli action tracking, track by default & refactor
siderolabs/talos@4e114ca12 feat: use the etcd member id for etcd operations instead of hostname
siderolabs/talos@06fea2441 feat: expand platform metadata resources
siderolabs/talos@03a20da9d fix: filter up duplicate IPs out of NodeAddresses
siderolabs/talos@6b771bc73 chore: bump deps
siderolabs/talos@96aa9638f chore: rename talos-systems/talos to siderolabs/talos
siderolabs/talos@30bbf6463 refactor: use siderolabs/net version with netip.Addr
siderolabs/talos@343c55762 chore: replace talos-systems Go modules with siderolabs
siderolabs/talos@0301bbe93 fix: check if processes is nil to avoid panic
siderolabs/talos@08e7e49a2 test: update versions for upgrade tests
siderolabs/talos@0b41923c3 fix: restore the StaticPodStatus resource
siderolabs/talos@1947092ae chore: introduce a healthcheck for machined service
siderolabs/talos@3333cd93c fix: generate correct Flannel config for IPv6-only clusters
siderolabs/talos@d7070f5e7 release(v1.3.0-alpha.1): prepare release
siderolabs/talos@869f3b5a5 feat: network configuration improvements on the OpenStack platform
siderolabs/talos@29f2195e1 feat: support exoscale cloud
siderolabs/talos@8b4ae08d1 fix: etcd snapshot command on Windows
siderolabs/talos@8bfa7ac1d feat: platform metadata resource
siderolabs/talos@7e50e24c0 fix: properly cleanup legacy static pod manifests directory
siderolabs/talos@6ee47bcc6 fix: support serving config for qemu launcher on IPv6
siderolabs/talos@6c3d11b49 docs: admission control patch note
siderolabs/talos@4ea3b99b5 fix: serve static pod files on 127.0.0.1 instead of localhost
siderolabs/talos@23842114f feat: support encryption with secretbox
siderolabs/talos@f6773c472 docs: talos support on equinix metal
siderolabs/talos@b307160f6 chore: bump dependencies
siderolabs/talos@d7edd0e2e refactor: use go-circular, go-kubeconfig, and go-tail
siderolabs/talos@c6e1702ec feat: use URL-based manifests to present static pods to the kubelet
siderolabs/talos@136a795e5 docs: update system requirements to mention dedicated disk usage
siderolabs/talos@879e8c0bf chore: update kernel with BTF support
siderolabs/talos@ceb0cd99a feat: implement Talos API auth using SideroV1 signatures
siderolabs/talos@e6fba7d3b chore: update dependencies
siderolabs/talos@93e55b85f chore: bump golangci-lint to v1.50.0
siderolabs/talos@aa3d9b4ca fix: regenerate cert on node labeling retry
siderolabs/talos@021c73c35 fix: lowercase nodename
siderolabs/talos@b902036e1 docs: update office hours time link
siderolabs/talos@7fcb8c681 feat: update Flannel to v0.20.0
siderolabs/talos@dc70d892a fix: support setting KubeSpan link MTU
siderolabs/talos@7d52bad37 feat: update Linux to 5.15.73
siderolabs/talos@9c78b3aff feat: update Kubernetes to v1.26.0-alpha.2
siderolabs/talos@94913a672 docs: add lofty to talos adopters
siderolabs/talos@0a0bdfe16 docs: add Tremor Video to adopters
siderolabs/talos@b7b1d4fd6 feat: use readonly containers
siderolabs/talos@d210338e3 fix: skip protobuf full unmarshaling for some talosctl commands
siderolabs/talos@b3c679d18 chore: bump dependencies
siderolabs/talos@993743f63 fix: skip hostname via DHCP on OpenStack platform
siderolabs/talos@db076e7b5 feat: pin interface by mac address in cmdline args
siderolabs/talos@63de93722 fix: update go-smbios to v0.3.1
siderolabs/talos@49e9f808e chore: bump kernel and go
siderolabs/talos@c7372144d docs: add constraints to upgrade docs
siderolabs/talos@c71c8ca18 docs: consolidate, simplify and correct various docs
siderolabs/talos@06f76bfeb chore: bump dependencies
siderolabs/talos@b1c421b9a chore: publish ami's with imds v2 enabled
siderolabs/talos@195c40ab5 docs: add information about applicable use cases of disk encryption
siderolabs/talos@54a687fb8 docs: consolidate and expand on discovery service
siderolabs/talos@139c62d76 feat: allow upgrades in maintenance mode (only over SideroLink)
siderolabs/talos@48dee4805 feat: support mtu for routes
siderolabs/talos@1c43c72ae docs: fix talos required kernel params
siderolabs/talos@67cc45ae3 release(v1.3.0-alpha.0): prepare release
siderolabs/talos@18c377a4d feat: customize audit policy
siderolabs/talos@23c9ea46b fix: raspberry pi install
siderolabs/talos@f17cdee16 feat: jsonpath filter for talosctl get outputs
siderolabs/talos@6bd3cca1a chore: generic raspberry pi images
siderolabs/talos@d914ab8bb chore: add vulncheck tool as a linter
siderolabs/talos@a0151aa13 feat: add generic rpi u-boot support
siderolabs/talos@30f851d09 chore: bump dependences
siderolabs/talos@8b2235c3b fix: lookup Equinix Metal bond slaves using 'permanent addr'
siderolabs/talos@b3257ebb1 chore: bump kernel to 5.15.70
siderolabs/talos@0b2767c16 feat: implement 'permanent addr' in link statuses
siderolabs/talos@c90e20251 fix: kubeconfig permission
siderolabs/talos@fc48849d0 chore: move maps/slices/ordered to gen module
siderolabs/talos@8b09bd4b0 feat: update Kubernetes to v1.26.0-alpha.1
siderolabs/talos@276d4175b chore: bump extension versions in testing
siderolabs/talos@357b770cb fix: cryptsetup delete slot
siderolabs/talos@711128839 fix: continue applying bootstrap manifests on some errors
siderolabs/talos@ce12c7b38 chore: update COSI runtime to v0.2.0-alpha.1
siderolabs/talos@1b435c0b3 chore: bump kernel + ice drivers
siderolabs/talos@18e041f1e docs: fix typo in patching example
siderolabs/talos@0ad6452ca feat: update CoreDNS to v1.10.0
siderolabs/talos@479f3f52e chore: bump dependencies
siderolabs/talos@e07c6ae99 feat: update Kubernetes to v1.25.1
siderolabs/talos@13fdfaffc test: fix up default branch name
siderolabs/talos@ef181321a docs: add component diagram; K8s & Talos Linux
siderolabs/talos@aade73643 docs: fix missing variable in OpenEBS docs
siderolabs/talos@472590aa8 chore: return InvalidArgument on invalid config in maintenance mode
siderolabs/talos@e5cabd42c feat: enable etcd consistency hashcheck
siderolabs/talos@015535d90 fix: update discovery client with the redirect fix
siderolabs/talos@d0c8e7699 chore: bump kernel and go
siderolabs/talos@985b0c2e7 chore: remove go.work.sum
siderolabs/talos@69124f102 feat: update etcd to v3.5.5
siderolabs/talos@1985a796c docs: update docs for pod security
siderolabs/talos@94b088f02 fix: set etcd options consistently
siderolabs/talos@92ae7ef4b fix: fix protoenc encoding for enums and types with custom encoders
siderolabs/talos@93809017c docs: cpu scaling governor knowledgebase
siderolabs/talos@7b270ff33 test: fix api controller test
siderolabs/talos@2dadcd669 fix: stop worker nodes from acting as apid routers
siderolabs/talos@9eaf33f3f fix: never sign client certificate requests in trustd
siderolabs/talos@436749124 feat: environment vars for extension service
siderolabs/talos@0c0cb671e chore: mark machine configuration validation failure as InvalidArgument
siderolabs/talos@f424e5340 fix: stop containers more thoroughly
siderolabs/talos@12827b861 chore: move "implements" checks to compile time
siderolabs/talos@3a67c42cb fix: kill the task processes when cleaning up stale task
siderolabs/talos@14a79e325 chore: bump dependencies
siderolabs/talos@9beee92e7 docs: fix double vv in Kubernetes version
siderolabs/talos@688272515 fix: use different username for Talos Kubernetes API access
siderolabs/talos@161a52a9e feat: check apid client certificate extended key usage
siderolabs/talos@9dadc4a59 fix: include all node addresses into etcd cert SANs
siderolabs/talos@71bfd3e43 feat: update CoreDNS to 1.9.4
siderolabs/talos@9df8f1ff1 fix: list COSI APIs for the apid authenticator
siderolabs/talos@31462450f fix: pass a pointer to specs.Mount into protoenc.Marshal
siderolabs/talos@e626540df chore: avoid double API request logging in trustd
siderolabs/talos@f62d17125 chore: update crypto to use new import path siderolabs/crypto
siderolabs/talos@ef27dd855 chore: bump dependencies
siderolabs/talos@6472ae00b fix: automatically discard VIPs for etcd advertised addresses
siderolabs/talos@5e21cca52 feat: support setting kernel parameters
siderolabs/talos@bd56621cd feat: add structprotogen tool
siderolabs/talos@cdb6bb2cc feat: add Nano Pi R4S support
siderolabs/talos@36c1f1d6e fix: flip the client-server version check
siderolabs/talos@cd6c53a97 docs: fork docs for v1.3
siderolabs/talos@0847400f7 fix: prevent panic on health check if a member has no IPs
siderolabs/talos@7471d7f01 feat: update Flannel to v0.19.2
siderolabs/talos@148c75cfb docs: consolidate the control-plane documentation
siderolabs/talos@353154281 fix: drop kube-system SA default binding
siderolabs/talos@4f37b668b chore: remove capi hacks
siderolabs/talos@1369afea8 docs: make 1.2.0 docs default ones
siderolabs/talos@7627cb0e3 docs: add new talosctl gen secrets
siderolabs/talos@8aa60a37a chore: bump kernel to 5.15.64
siderolabs/talos@a798dbd5d docs: update docs for upcoming 1.2.0 release
siderolabs/talos@b2fec3c97 fix: properly handle configContext being nil in Talos client
siderolabs/talos@1c0977b3a fix: change the type of returned gRPC connection object from the client
siderolabs/talos@41848e421 fix: expose Talos client gRPC connection via the function Conn
siderolabs/talos@2e9be4af8 chore: bump dependencies
siderolabs/talos@d283aba3a test: fix cli reboot test
siderolabs/talos@0b339a9dc feat: track progress of action API calls
siderolabs/talos@072349812 fix: update COSI to the version with gRPC Wait fix
siderolabs/talos@89d57aa81 fix: always abort the maintenance service
siderolabs/talos@f6fa74619 fix: limit apid backoff max delay
siderolabs/talos@d7ef346db fix: get command in the case 'nodes' are not set in the context
siderolabs/talos@4e9c32256 fix: correctly render hosts.toml with multiple endpoints
siderolabs/talos@cdd0f08bc feat: check client <> server version in some Talos commands
siderolabs/talos@446b0af58 chore: bump kernel and runc
siderolabs/talos@8c203ce9b feat: remove the machine from the discovery service on reset
siderolabs/talos@b59ca5810 chore: move from inet.af/netaddr to net/netip and go4.org/netipx
siderolabs/talos@053af1d59 fix: update etcd certificates when node addresses changes
siderolabs/talos@11edb2c6f test: re-enable upgrade tests
siderolabs/talos@0310e2089 chore: bump github.com/siderolabs/protoenc to v0.1.5
siderolabs/talos@29bd63240 chore: remove old build tags syntax
siderolabs/talos@b500d0aa9 chore: bump k8s to v1.25.0
siderolabs/talos@29e574be7 docs: update to v1.2.0-beta.1
siderolabs/talos@26b549f2a chore: bump dependencies
siderolabs/talos@8c3ac4c42 chore: limit GOMAXPROCS for Talos services
siderolabs/talos@361e85b74 fix: properly read kexec disabled sysctl
siderolabs/talos@cfe6c2bc2 docs: nvidia oss drivers
siderolabs/talos@2f2d97b6b fix: don't wait for the hostname in maintenance mode
siderolabs/talos@b15a63924 chore: bump kernel to 5.15.62
siderolabs/talos@a0d94be30 fix: stable default hostname bias
siderolabs/talos@da4cd34ef feat: update etcd advertised peer addresses on the fly
siderolabs/talos@faf92ce01 chore: bump kubernetes to v1.25.0-rc.1
siderolabs/talos@52de919e3 chore: bump containerd to v1.6.8
siderolabs/talos@7d43fc79b fix: make 'ca', 'crt' and 'key' flags optional for 'talosctl config add'
siderolabs/talos@fd467e02c fix: handle grub config being empty in the Revert function
siderolabs/talos@9492aca65 fix: clean up cancelCtxMu leftovers in PriorityLock
siderolabs/talos@61e3eb2ea fix: talosctl edit mc loop
siderolabs/talos@32db7a7f5 fix: surround cancelCtx with the mutex

Changes since v1.3.0-alpha.1

siderolabs/talos@9e44341c4 release(v1.3.0-alpha.2): prepare release
siderolabs/talos@aa56aed79 feat: publish discovered public IP as one of the KubeSpan endpoint
siderolabs/talos@9382443ba feat: update Kubernetes to v1.26.0-rc.0
siderolabs/talos@6ffc381c5 feat: implement CRI configuration customization
siderolabs/talos@e1e340bdd feat: expose Talos node labels as a machine configuration field
siderolabs/talos@c78bbbfda docs: specify that only XFS partitions are detected
siderolabs/talos@b881a9a79 chore: bump dependencies
siderolabs/talos@5bfd7dbfa test: fix assertion on reboot test
siderolabs/talos@1cfb6188b feat: implement support for cgroupsv1
siderolabs/talos@3866d0e33 feat: update Kubernetes to v1.26.0-beta.0
siderolabs/talos@e1590ba7b fix: lifecycle action tracking
siderolabs/talos@804762c59 feat: add timeout to cli action tracking, track by default & refactor
siderolabs/talos@4e114ca12 feat: use the etcd member id for etcd operations instead of hostname
siderolabs/talos@06fea2441 feat: expand platform metadata resources
siderolabs/talos@03a20da9d fix: filter up duplicate IPs out of NodeAddresses
siderolabs/talos@6b771bc73 chore: bump deps
siderolabs/talos@96aa9638f chore: rename talos-systems/talos to siderolabs/talos
siderolabs/talos@30bbf6463 refactor: use siderolabs/net version with netip.Addr
siderolabs/talos@343c55762 chore: replace talos-systems Go modules with siderolabs
siderolabs/talos@0301bbe93 fix: check if processes is nil to avoid panic
siderolabs/talos@08e7e49a2 test: update versions for upgrade tests
siderolabs/talos@0b41923c3 fix: restore the StaticPodStatus resource
siderolabs/talos@1947092ae chore: introduce a healthcheck for machined service
siderolabs/talos@3333cd93c fix: generate correct Flannel config for IPv6-only clusters

Changes from siderolabs/crypto

siderolabs/crypto@c3225ee feat: allow CSR template subject field to be overridden
siderolabs/crypto@8570669 chore: rename to siderolabs/crypto
siderolabs/crypto@e9df1b8 feat: add support for generating keys from RSA-SHA256 CAs
siderolabs/crypto@510b0d2 chore: add json tags
siderolabs/crypto@6fa2d93 fix: deepcopy nil fields as nil
siderolabs/crypto@9a63cba fix: add back support for generating ECDSA keys with P-256 and SHA512
siderolabs/crypto@893bc66 fix: use SHA256 for ECDSA-P256
siderolabs/crypto@deec8d4 chore: implement DeepCopy methods for PEMEncoded* types
siderolabs/crypto@d3cb772 feat: make possible to change KeyUsage
siderolabs/crypto@6bc5bb5 chore: remove unused argument
siderolabs/crypto@cd18ef6 feat: add support for several organizations
siderolabs/crypto@97c888b chore: add options to CSR
siderolabs/crypto@7776057 chore: fix typos
siderolabs/crypto@80df078 chore: remove named result parameters
siderolabs/crypto@15bdd28 chore: minor updates
siderolabs/crypto@4f80b97 fix: verify CSR signature before issuing a certificate
siderolabs/crypto@39584f1 feat: support for key/certificate types RSA, Ed25519, ECDSA
siderolabs/crypto@cf75519 fix: function NewKeyPair should create certificate with proper subject
siderolabs/crypto@751c95a feat: add 'PEMEncodedKey' which allows to transport keys in YAML
siderolabs/crypto@562c3b6 feat: add support for public RSA key in RSAKey
siderolabs/crypto@bda0e9c feat: enable more conversions between encoded and raw versions
siderolabs/crypto@e0dd56a feat: add NotBefore option for x509 cert creation
siderolabs/crypto@12a4897 feat: add support for SPKI fingerprint generation and matching
siderolabs/crypto@d0c3eef fix: implement NewKeyPair
siderolabs/crypto@196679e feat: move pkg/grpc/tls from github.com/talos-systems/talos as ./tls
siderolabs/crypto@1ff6242 chore: initial version as imported from talos-systems/talos
siderolabs/crypto@835063e chore: initial commit

Changes from siderolabs/discovery-api

siderolabs/discovery-api@5b0c5e7 chore: rename to siderolabs, rekres, etc
siderolabs/discovery-api@db279ef feat: initial set of APIs and generated files
siderolabs/discovery-api@ac52a37 chore: initial commit

Changes from siderolabs/discovery-client

siderolabs/discovery-client@a5c19c6 feat: provide public IP discovered from the server
siderolabs/discovery-client@230f317 fix: reconnect the client on update failure

Changes from siderolabs/extras

siderolabs/extras@b155fa0 chore: enable renovate
siderolabs/extras@8f00d77 feat: update tc-redirect-tap to the latest version
siderolabs/extras@7c91844 chore: bump go to 1.19.2

Changes from siderolabs/gen

siderolabs/gen@b3b6db8 fix: fix Copy documentation and implementation
siderolabs/gen@521f737 feat: add xerrors package which contains additions to the std errors
siderolabs/gen@726e066 fix: rename tuples.go to pair.go and set proper package name
siderolabs/gen@d8d7d25 chore: minor additions
siderolabs/gen@338a650 chore: add initial implementation and documentation
siderolabs/gen@4fd8667 Initial commit

Changes from siderolabs/go-blockdevice

siderolabs/go-blockdevice@694ac62 chore: update imports to siderolabs, rekres
siderolabs/go-blockdevice@dcf6044 chore: rekres and rename
siderolabs/go-blockdevice@9c4af49 fix: cryptsetup remove slot
siderolabs/go-blockdevice@74ea471 feat: add freebsd stubs
siderolabs/go-blockdevice@9fa801c feat: add ReadOnly attribute to Disk
siderolabs/go-blockdevice@fccee8b chore: rekres the source, fix issues
siderolabs/go-blockdevice@d9c3a27 feat: support probing FAT12/FAT16 filesystems
siderolabs/go-blockdevice@b374eb4 fix: align partition to 1M boundary by default
siderolabs/go-blockdevice@ec428fe fix: lookup filesystem labels on the actual device path
siderolabs/go-blockdevice@7b9de26 feat: read symlink fullpath in block device list function
siderolabs/go-blockdevice@6928ee4 refactor: rewrite GPT serialize/deserialize functions
siderolabs/go-blockdevice@0c7e429 refactor: simplify middle endian functions
siderolabs/go-blockdevice@15b182d fix: return partition table not exist when trying to read an empty dev
siderolabs/go-blockdevice@b9517d5 fix: resize partition
siderolabs/go-blockdevice@70d2865 fix: try to find cdrom disks
siderolabs/go-blockdevice@667bf53 fix: revert gpt partition not found
siderolabs/go-blockdevice@d7d4cdd fix: gpt partition not found
siderolabs/go-blockdevice@33afba3 fix: also open in readonly mode when running All lookup method
siderolabs/go-blockdevice@e367f9d feat: make probe always open blockdevices in readonly mode
siderolabs/go-blockdevice@d981156 fix: allow Build for Windows
siderolabs/go-blockdevice@fe24303 fix: perform correct PMBR partition calculations
siderolabs/go-blockdevice@2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
siderolabs/go-blockdevice@87816a8 feat: align partition to minimum I/O size
siderolabs/go-blockdevice@c34b59f feat: expose more encryption options in the LUKS module
siderolabs/go-blockdevice@30c2bc3 feat: mark MBR bootable
siderolabs/go-blockdevice@1292574 fix: make disk type matcher parser case insensitive
siderolabs/go-blockdevice@b77400e fix: properly detect nvme and sd card disk types
siderolabs/go-blockdevice@1d830a2 fix: revert mark the EFI partition in PMBR as bootable
siderolabs/go-blockdevice@bec914f fix: mark the EFI partition in PMBR as bootable
siderolabs/go-blockdevice@776b37d feat: add options to probe disk by various sysblock parameters
siderolabs/go-blockdevice@bb3ad73 fix: align partition start to physical sector size
siderolabs/go-blockdevice@8f976c2 feat: replace exec.Command with go-cmd module
siderolabs/go-blockdevice@1cf7f25 fix: properly handle no child processes error from cmd.Wait
siderolabs/go-blockdevice@04a9851 feat: implement luks encryption provider
siderolabs/go-blockdevice@b0375e4 feat: add an option to open block device with exclusive flock
siderolabs/go-blockdevice@5a1c7f7 refactor: add devname into gpt.Partition, refactor probe package
siderolabs/go-blockdevice@f2728a5 fix: keep contents of PMBR when writing it
siderolabs/go-blockdevice@2878460 fix: write second copy of partition entries
siderolabs/go-blockdevice@943b08b fix: blockdevice reset should read partition table from disk
siderolabs/go-blockdevice@5b4ee44 fix: ignore /dev/ram devices
siderolabs/go-blockdevice@98754ec refactor: rewrite GPT library
siderolabs/go-blockdevice@2a1baad fix: correctly build paths for mmcblk devices
siderolabs/go-blockdevice@8076344 fix: return proper disk size from GetDisks function
siderolabs/go-blockdevice@8742133 chore: add common method to list available disks using /sys/block
siderolabs/go-blockdevice@c4b5833 feat: implement "fast" wipe
siderolabs/go-blockdevice@b4e67d7 feat: return resize status from Resize() function
siderolabs/go-blockdevice@ceae64e fix: sync kernel partition table incrementally
siderolabs/go-blockdevice@2cb9516 fix: return correct error value from blkpg functions
siderolabs/go-blockdevice@cebe43d refactor: expose InsertAt method via interface
siderolabs/go-blockdevice@c40dcd8 fix: properly inform kernel about partition deletion
siderolabs/go-blockdevice@bb8ac5d feat: implement disk wiping via several methods
siderolabs/go-blockdevice@23fb7dc feat: expose partition name (label)
siderolabs/go-blockdevice@ff3a821 feat: implement 'InsertAt' method to insert partitions at any position
siderolabs/go-blockdevice@3d1ce4f fix: calculate last lba of partition correctly
siderolabs/go-blockdevice@b71540f feat: copy initial version from talos-systems/talos
siderolabs/go-blockdevice@ca3c078 Initial commit

Changes from siderolabs/go-circular

siderolabs/go-circular@507e0ec refactor: extract circular Go module
siderolabs/go-circular@2234b3a docs: add README

Changes from siderolabs/go-cmd

siderolabs/go-cmd@0aea518 chore: rekres and update
siderolabs/go-cmd@68eb006 feat: return typed error for exit error
siderolabs/go-cmd@333ccf1 feat: add stdin support into the Run methods
siderolabs/go-cmd@c5c8f1c feat: extract cmd module from Talos into a separate module
siderolabs/go-cmd@77685fc Initial commit

Changes from siderolabs/go-debug

siderolabs/go-debug@c1bc4bf chore: rekres, rename, etc
siderolabs/go-debug@3d0a6e1 feat: race build tag flag detector
siderolabs/go-debug@5b292e5 feat: disable memory profiling by default
siderolabs/go-debug@c6d0ae2 fix: linters and CI
siderolabs/go-debug@d969f95 feat: initial implementation
siderolabs/go-debug@b2044b7 Initial commit

Changes from siderolabs/go-kmsg

siderolabs/go-kmsg@e2a0000 chore: rekres, rename
siderolabs/go-kmsg@b08e4d3 feat: replace tab character with space in console output
siderolabs/go-kmsg@2edcd3a feat: add initial version
siderolabs/go-kmsg@53cdd8d chore: initial commit

Changes from siderolabs/go-kubeconfig

siderolabs/go-kubeconfig@e7fdd94 refactor: extract kubeconfig library as a Go module
siderolabs/go-kubeconfig@50e91b8 docs: add REAMDE

Changes from siderolabs/go-loadbalancer

siderolabs/go-loadbalancer@f54e3c9 chore: update dependencies to siderolabs, rekres
siderolabs/go-loadbalancer@438b71d chore: update package path and rekres
siderolabs/go-loadbalancer@5341eec feat: implement public method to check if the route is Healthy
siderolabs/go-loadbalancer@b578d47 feat: add a way to configure loadbalancer options
siderolabs/go-loadbalancer@c54d95d feat: implement control plane loadbalancer
siderolabs/go-loadbalancer@4a6e29e refactor: clean up names, fix the lingering goroutines
siderolabs/go-loadbalancer@af87d1c chore: apply new Kres rules
siderolabs/go-loadbalancer@a445702 feat: allow dial timeout and keep alive period to be configurable
siderolabs/go-loadbalancer@3c8f347 feat: provide a way to configure logger for the loadbalancer
siderolabs/go-loadbalancer@da8e987 feat: implement Reconcile - ability to change upstream list on the fly
siderolabs/go-loadbalancer@8b1dfa6 feat: copy initial version from talos-systems/talos
siderolabs/go-loadbalancer@c2f6a8f Initial commit

Changes from siderolabs/go-procfs

siderolabs/go-procfs@a062a4c chore: rekres, rename
siderolabs/go-procfs@8cbc42d feat: provide an option to overwrite some args in AppendAll
siderolabs/go-procfs@24d06a9 refactor: remove talos kernel default args
siderolabs/go-procfs@a82654e feat: implement SetAll method
siderolabs/go-procfs@16ce2ef fix: update cmdline.Set() to drop the value being overwritten
siderolabs/go-procfs@5a9a4a7 feat: update kernel args for new KSPP requirements
siderolabs/go-procfs@57c7311 refactor: change directory layout
siderolabs/go-procfs@a077c96 fix: fix go module name
siderolabs/go-procfs@698666f chore: move package to new repo
siderolabs/go-procfs@dabb425 Initial commit

Changes from siderolabs/go-retry

siderolabs/go-retry@6d45449 chore: rekres, rename
siderolabs/go-retry@c78cc95 fix: implement errors.Is for all errors in the set
siderolabs/go-retry@7885e16 feat: add ExpectedErrorf
siderolabs/go-retry@3d83f61 feat: deprecate UnexpectedError
siderolabs/go-retry@b9dc1a9 feat: add support for context.Context in Retry
siderolabs/go-retry@8c63d29 fix: correctly implement error interfaces on wrapped errors
siderolabs/go-retry@752f081 feat: add an option to log errors being retried
siderolabs/go-retry@073067b feat: copy initial version from talos-systems/talos
siderolabs/go-retry@c7968c5 Initial commit

Changes from siderolabs/go-smbios

siderolabs/go-smbios@10c1dd8 fix: check for end of the slice properly
siderolabs/go-smbios@9ca8ce7 chore: treat invalid strings as empty
siderolabs/go-smbios@dbc5f79 chore: rekres+rename
siderolabs/go-smbios@3f1e775 feat: rework destructuring of SMBIOS information and added some tests
siderolabs/go-smbios@fd5ec8c fix: remove useless (?) goroutines leading to data race error
siderolabs/go-smbios@d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6
siderolabs/go-smbios@fb425d4 feat: add memory device
siderolabs/go-smbios@0bb4f96 feat: add physical memory array
siderolabs/go-smbios@8019619 feat: supply wake-up type in SMBIOS info
siderolabs/go-smbios@94b8c4e feat: initial implementation
siderolabs/go-smbios@864ed80 Initial commit

Changes from siderolabs/go-tail

siderolabs/go-tail@962ae43 refactor: extract go-tail module
siderolabs/go-tail@359c3cb docs: initial commit

Changes from siderolabs/grpc-proxy

siderolabs/grpc-proxy@4cc7bbe chore: rename to siderolabs/grpc-proxy, rekres
siderolabs/grpc-proxy@2c586db feat: pass fullMethodName to GetConnection
siderolabs/grpc-proxy@6dfa2cc fix: ignore errors on duplicate SetHeader calls
siderolabs/grpc-proxy@b076302 fix: use io.EOF error when no backend connections are available
siderolabs/grpc-proxy@82daca0 docs: update README
siderolabs/grpc-proxy@fa6843a chore: fix spelling
siderolabs/grpc-proxy@c0a87d9 chore: major cleanup of the code and build
siderolabs/grpc-proxy@ca3bc61 fix: ignore some errors so that we don't spam the logs
siderolabs/grpc-proxy@5c579a7 feat: allow different formats for messages streaming/unary
siderolabs/grpc-proxy@6c9f7b3 fix: allow mode to be set for each request being proxied
siderolabs/grpc-proxy@cc91c09 refactor: provide better public API, enforce proxying mode
siderolabs/grpc-proxy@d8d3a75 chore: update import paths after repo move
siderolabs/grpc-proxy@dbf07a4 Merge pull request #7 from smira/one2many-4
siderolabs/grpc-proxy@fc0d27d More tests, small code fixes, updated README.
siderolabs/grpc-proxy@d9ce0b1 Merge pull request #6 from smira/one2many-3
siderolabs/grpc-proxy@2d37ba4 Support for one2many streaming calls, tests.
siderolabs/grpc-proxy@817b035 Merge pull request #5 from smira/one2many-2
siderolabs/grpc-proxy@436b338 More unary one-2-many tests, error propagation.
siderolabs/grpc-proxy@1f0cb46 Merge pull request #4 from smira/one2many-1
siderolabs/grpc-proxy@992a975 Proxying one to many: first iteration
siderolabs/grpc-proxy@a0988ff Merge pull request #3 from smira/small-fixups
siderolabs/grpc-proxy@e3111ef Small fixups in preparation to add one-to-many proxying.
siderolabs/grpc-proxy@6d76ffc Merge pull request #2 from smira/backend-concept
siderolabs/grpc-proxy@2aad63a Add concept of a 'Backend', but still one to one proxying
siderolabs/grpc-proxy@7cc4610 Merge pull request #1 from smira/build
siderolabs/grpc-proxy@37f01f3 Rework build to use GitHub Actions, linting updates.
siderolabs/grpc-proxy@0f1106e Move error checking further up (#34)
siderolabs/grpc-proxy@d5b35f6 Update gRPC and fix tests (#27)
siderolabs/grpc-proxy@67591eb Break StreamDirector interface, fix metadata propagation for gRPC-Go>1.5. (#20)
siderolabs/grpc-proxy@97396d9 Merge pull request #11 from mwitkow/fix-close-bug
siderolabs/grpc-proxy@3fcbd37 fixup closing conns
siderolabs/grpc-proxy@a8f5f87 fixup tests, extend readme
siderolabs/grpc-proxy@428fa1c Fix a channel closing bug
siderolabs/grpc-proxy@af55d61 Merge pull request #10 from mwitkow/bugfix/streaming-fix
siderolabs/grpc-proxy@de4d3db remove spurious printfs
siderolabs/grpc-proxy@84242c4 fix the "i don't know who finished" case
siderolabs/grpc-proxy@9b22f41 fix full duplex streaming
siderolabs/grpc-proxy@c2f7c98 update readme
siderolabs/grpc-proxy@d654141 update README
siderolabs/grpc-proxy@f457856 move to proxy subdirectory
siderolabs/grpc-proxy@4889d78 Add fixup scripts
siderolabs/grpc-proxy@ef60a37 version 2 of the grpc-proxy, this time with fewer grpc upstream deps
siderolabs/grpc-proxy@07aeac1 Merge pull request #2 from daniellowtw/master
siderolabs/grpc-proxy@e5c3df5 Fix compatibility with latest grpc library
siderolabs/grpc-proxy@52be0a5 bugfix: fix gRPC Java deadlock, due to different dispatch logic
siderolabs/grpc-proxy@822df7d Fix reference to mwitkow.
siderolabs/grpc-proxy@28341d1 move out forward logic to method, allowing for use as grpc.Server not found handler.
siderolabs/grpc-proxy@89e28b4 add reference to upstream grpc bug
siderolabs/grpc-proxy@00dd588 merge upstream grpc.Server changes changing the dispatch logic
siderolabs/grpc-proxy@77edc97 move to upstream protobuf from gogo
siderolabs/grpc-proxy@db71c3e initial commit, tested and working.

Changes from siderolabs/net

siderolabs/net@19eb1c4 feat: switch to use netip.Addr instead of net.IP
siderolabs/net@5b21171 chore: rename, rekres
siderolabs/net@409926a fix: parse correctly some IPv6 CIDRs
siderolabs/net@b4b7181 feat: add a way to filter list of IPs for the machine
siderolabs/net@0abe5bd feat: implement FilterIPs function
siderolabs/net@0519054 feat: add ParseCIDR
siderolabs/net@52c7509 feat: add a function to format IPs in CIDR notation
siderolabs/net@005a94f feat: add methods to manage CIDR list, check for non-local IPv6
siderolabs/net@8b56890 feat: add ValidateEndpointURI
siderolabs/net@402fa79 chore: apply kres to get the latest build scripts
siderolabs/net@c7bc477 chore: initial version of the package
siderolabs/net@393246a chore: initial commit

Changes from siderolabs/pkgs

siderolabs/pkgs@8b975a7 chore: bump deps
siderolabs/pkgs@b153ce6 chore: bump deps
siderolabs/pkgs@535b8f9 chore: update packages version
siderolabs/pkgs@66c77e9 feat: re-enable build kernel with BTF enabled
siderolabs/pkgs@98ef073 feat: enable INET_DIAG and FANOTFY_PERMISSIONS
siderolabs/pkgs@8fe5cbc chore: update dependencies
siderolabs/pkgs@554c0fe feat: add fanotify and kprobes kernel options
siderolabs/pkgs@54d7e5c fix: drbd package name
siderolabs/pkgs@b4cb9e2 feat: add 'drbd' package
siderolabs/pkgs@91e73b3 feat: update dependencies
siderolabs/pkgs@b6d0d96 chore: bump kernel to 5.15.72
siderolabs/pkgs@b16dfe9 chore: bump go to 1.19.2
siderolabs/pkgs@861cc32 chore: bump kernel to 5.15.71
siderolabs/pkgs@0ac7773 chore: use generic raspberry pi u-boot
siderolabs/pkgs@d5633d4 chore: bump kernel to 5.15.70
siderolabs/pkgs@39c0d43 feat: add generic rpi_arm64_defconfig configuration
siderolabs/pkgs@ed269ca chore: bump kernel to 5.15.69
siderolabs/pkgs@f2f8333 fix: no slack notifications on failure
siderolabs/pkgs@6f0af33 chore: disable drone slack pipeline for renovate
siderolabs/pkgs@32aea3f chore: disable drone for renovate/dependabot
siderolabs/pkgs@44579f0 fix: rollback xfsprogs to 5.18.0
siderolabs/pkgs@792c0e3 feat: add gasket driver package
siderolabs/pkgs@07f1898 chore: update deps
siderolabs/pkgs@f78f410 chore: enable conntrack zones and timestamps
siderolabs/pkgs@049b3c6 chore: enable intel ice drivers
siderolabs/pkgs@606ff32 chore: bump deps
siderolabs/pkgs@eee5c8a chore: disable irc in conntrack
siderolabs/pkgs@70e6c46 chore: bump kernel to 5.15.64
siderolabs/pkgs@e510321 chore: update renovate config
siderolabs/pkgs@d1fa510 feat: enable renovate bot
siderolabs/pkgs@e427a77 chore: bump runc to v1.1.4
siderolabs/pkgs@40e1215 chore: enable nfsv4.2 client support
siderolabs/pkgs@15efada chore: bump kernel to 5.15.63
siderolabs/pkgs@e70e3c1 fix: nvidia oss pkg name
siderolabs/pkgs@30b8d79 chore: bump kernel to 5.15.62
siderolabs/pkgs@862c392 chore: bump gcc to 12.2.0
siderolabs/pkgs@2ecd14e fix: containerd version
siderolabs/pkgs@01df058 feat: add NanoPi R4S configuration
siderolabs/pkgs@d4cb33b chore: bump containerd to v1.6.8

Changes from siderolabs/siderolink

siderolabs/siderolink@575c5cc refactor: drop dependency on Talos machinery package
siderolabs/siderolink@61ab1c4 fix: include MachineStatusEvent into the list of supported events
siderolabs/siderolink@16a84eb chore: rename to siderolabs/siderolink
siderolabs/siderolink@ca470c7 chore: update Talos to the latest master, migrate netaddr -> netip/x
siderolabs/siderolink@93b65f0 fix: ignore 'exist' error on interface managmeent
siderolabs/siderolink@3c4d9e0 chore: move IP to interface binding into NewDevice
siderolabs/siderolink@f0b5e39 feat: use kernel wireguard implementation when available
siderolabs/siderolink@1d2b7e1 feat: allow setting peer endpoint using peer event
siderolabs/siderolink@5d085d6 feat: expose wgDevice.Peers from the wireguard.Device wrapper
siderolabs/siderolink@3a5be65 fix: use correct method to generate Wireguard private key
siderolabs/siderolink@8318a7e feat: accept join token in Provision payload
siderolabs/siderolink@b38c192 fix: build on Windows
siderolabs/siderolink@9902ad2 feat: pass request context and node address to the events sink adapter
siderolabs/siderolink@d0612a7 refactor: pass in listener to the log receiver
siderolabs/siderolink@d86cdd5 feat: implement logreceiver for kernel logs
siderolabs/siderolink@f7cadbc fix: handle duplicate peer updates
siderolabs/siderolink@0755b24 feat: initial implementation of SideroLink
siderolabs/siderolink@ee73ea9 feat: add Talos events sink proto files and the reference implementation
siderolabs/siderolink@1e2cd9d Initial commit

Changes from siderolabs/tools

siderolabs/tools@e8f92b3 chore: bump tools
siderolabs/tools@3b5f89a chore: update dependencies
siderolabs/tools@6402b99 feat: update OpenSSL to 1.1.1r
siderolabs/tools@00e91b1 feat: update releases
siderolabs/tools@a264809 chore: bump go to 1.19.2
siderolabs/tools@858cfe7 fix: no slack notifications on failure
siderolabs/tools@ed85950 chore: disable drone slack pipeline for renovate
siderolabs/tools@5df6589 chore: disable drone for renovate/dependabot
siderolabs/tools@1f00d2e fix: revert gawk to 5.1.1
siderolabs/tools@feeda1f chore: bump grpc-go
siderolabs/tools@8542014 chore: bump deps
siderolabs/tools@e5c4968 chore: update renovate config
siderolabs/tools@f34f94d chore: update renovate config
siderolabs/tools@cef4cc6 chore: update renovate config
siderolabs/tools@bab8e9e chore: add libbpf to tools
siderolabs/tools@0a15f7b chore: build pahole properly
siderolabs/tools@a322d06 chore: remove img
siderolabs/tools@c7ff47b feat: enable renovate dependency updates (3/3)
siderolabs/tools@6e095cf feat: enable renovate dependency updates (2/n)
siderolabs/tools@bad1ad1 feat: add renovatebot
siderolabs/tools@7d6f9c3 chore: bump gcc to 12.2.0
siderolabs/tools@2719b4b chore: bump toolchain

Dependency Changes

cloud.google.com/go/compute/metadata v0.2.1 new
github.com/BurntSushi/toml v1.2.0 -> v1.2.1
github.com/aws/aws-sdk-go v1.44.76 -> v1.44.136
github.com/containerd/containerd v1.6.8 -> v1.6.9
github.com/cosi-project/runtime v0.1.1 -> v0.2.0-alpha.3
github.com/docker/docker v20.10.17 -> v20.10.21
github.com/emicklei/dot v1.0.0 -> v1.1.0
github.com/fsnotify/fsnotify v1.5.4 -> v1.6.0
github.com/gdamore/tcell/v2 v2.5.2 -> v2.5.3
github.com/google/go-cmp v0.5.8 -> v0.5.9
github.com/google/nftables 2eca00135732 -> 130caa4c31c9
github.com/hetznercloud/hcloud-go v1.35.2 -> v1.37.0
github.com/insomniacslk/dhcp 509691fd59ec -> 5308ebe5334c
github.com/jsimonetti/rtnetlink v1.2.2 -> v1.2.3
github.com/mdlayher/ethtool 856bd6cb8a38 -> 0e16326d06d1
github.com/mdlayher/genetlink v1.2.0 -> v1.3.0
github.com/mdlayher/netlink v1.6.0 -> v1.7.0
github.com/opencontainers/image-spec c5a74bcca799 -> v1.1.0-rc2
github.com/packethost/packngo v0.25.0 -> v0.29.0
github.com/pmorjan/kmod v1.0.0 -> v1.1.0
github.com/rivo/tview 0e6b21a48e96 -> 04a46906d2e9
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.9 -> v1.0.0-beta.10
github.com/siderolabs/crypto v0.4.0 new
github.com/siderolabs/discovery-api v0.1.1 new
github.com/siderolabs/discovery-client v0.1.1 -> v0.1.3
github.com/siderolabs/extras v1.2.0 -> v1.3.0-alpha.0-2-gb155fa0
github.com/siderolabs/gen v0.4.0 new
github.com/siderolabs/go-blockdevice v0.4.1 new
github.com/siderolabs/go-circular v0.1.0 new
github.com/siderolabs/go-cmd v0.1.1 new
github.com/siderolabs/go-debug v0.2.2 new
github.com/siderolabs/go-kmsg v0.1.2 new
github.com/siderolabs/go-kubeconfig v0.1.0 new
github.com/siderolabs/go-loadbalancer v0.2.1 new
github.com/siderolabs/go-procfs v0.1.1 new
github.com/siderolabs/go-retry v0.3.2 new
github.com/siderolabs/go-smbios v0.3.1 new
github.com/siderolabs/go-tail v0.1.0 new
github.com/siderolabs/grpc-proxy v0.4.0 new
github.com/siderolabs/net v0.4.0 new
github.com/siderolabs/pkgs v1.2.0-8-g970860d -> v1.3.0-alpha.0-38-g8b975a7
github.com/siderolabs/siderolink v0.3.0 new
github.com/siderolabs/talos/pkg/machinery v1.3.0-alpha.2 new
github.com/siderolabs/tools v1.2.0 -> v1.3.0-alpha.0-21-ge8f92b3
github.com/spf13/cobra v1.5.0 -> v1.6.1
github.com/stretchr/testify v1.8.0 -> v1.8.1
github.com/u-root/u-root v0.9.0 -> v0.10.0
github.com/vmware-tanzu/sonobuoy v0.56.9 -> v0.56.11
go.etcd.io/etcd/api/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/client/pkg/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/client/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/etcdutl/v3 v3.5.4 -> v3.5.5
go.uber.org/atomic v1.9.0 -> v1.10.0
go.uber.org/zap v1.22.0 -> v1.23.0
go4.org/netipx 797b0c90d8ab new
golang.org/x/net 3211cb980234 -> v0.2.0
golang.org/x/sync 886fb9371eb4 -> v0.1.0
golang.org/x/sys fbc7d0a398ab -> v0.2.0
golang.org/x/term a9ba230a4035 -> v0.2.0
golang.org/x/time e5dcc9cfc0b9 -> v0.2.0
golang.zx2c4.com/wireguard/wgctrl 3d4a969bb56b -> 97bc4ad4a1cb
google.golang.org/grpc v1.48.0 -> v1.50.1
k8s.io/api v0.25.0 -> v0.26.0-beta.0
k8s.io/apimachinery v0.25.0 -> v0.26.0-beta.0
k8s.io/apiserver v0.25.0 -> v0.26.0-beta.0
k8s.io/client-go v0.25.0 -> v0.26.0-beta.0
k8s.io/component-base v0.25.0 -> v0.26.0-beta.0
k8s.io/cri-api v0.25.0 -> v0.26.0-beta.0
k8s.io/klog/v2 v2.70.1 -> v2.80.1
k8s.io/kubectl v0.25.0 -> v0.26.0-beta.0
k8s.io/kubelet v0.25.0 -> v0.26.0-beta.0
kernel.org/pub/linux/libs/security/libcap/cap v1.2.65 -> v1.2.66

Previous release can be found at v1.2.0

Images

ghcr.io/siderolabs/flannel:v0.20.1
ghcr.io/siderolabs/install-cni:v1.3.0-alpha.0-2-gb155fa0
docker.io/coredns/coredns:1.10.0
gcr.io/etcd-development/etcd:v3.5.5
k8s.gcr.io/kube-apiserver:v1.26.0-rc.0
k8s.gcr.io/kube-controller-manager:v1.26.0-rc.0
k8s.gcr.io/kube-scheduler:v1.26.0-rc.0
k8s.gcr.io/kube-proxy:v1.26.0-rc.0
ghcr.io/siderolabs/kubelet:v1.26.0-rc.0
ghcr.io/siderolabs/installer:v1.3.0-alpha.2
registry.k8s.io/pause:3.6

talos - v1.3.0-alpha.1

Published by talos-bot almost 2 years ago

Talos 1.3.0-alpha.1 (2022-10-31)

Welcome to the v1.3.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

kube-apiserver Audit Policy

Talos now supports setting custom audit policy for kube-apiserver in the machine configuration.

Kernel Command Line ip= Argument

Talos now supports referencing interface name via enxMAC address notation:

ip=172.20.0.2::172.20.0.1:255.255.255.0::enx7085c2dfbc59

etcd Consistency Check

Talos enables --experimental-compact-hash-check-enabled option by default to improve
etcd store consistency guarantees.

This options is only available with etcd >= v3.5.5, so Talos doesn't support version of etcd before v3.5.5.

Exocale Platform

Talos now supports new platform: Exoscale.

Exoscale provides a firewall, TCP load balancer and autoscale groups.
It works well with CCM and Kubernetes node autoscaler.

Kernel Modules

Talos now supports settings kernel module parameters.

Eg:

machine:
  kernel:
    modules:
      - name: "br_netfilter"
        parameters:
          - nf_conntrack_max=131072

KubeSpan

KubeSpan MTU link size is now configurable via network.kubespan.mtu setting in the machine configuration.

Routes

Talos now supports setting MTU for a specific route.

Nano Pi R4S

Talos now supports the Nano Pi R4S SBC.

Raspberry Generic Images

Encryption with secretbox

How to generate the secret:

dd if=/dev/random of=/dev/stdout bs=32 count=1 | base64

Static Pod Manifests

The directory "/etc/kubernetes/manifests" is now deprecated.
Static pods should always be configured in machine.pods.
To reenable support you may set machine.kubelet.disableManifestsDirectory.

Eg:

machine:
  kubelet:
    disableManifestsDirectory: no

Component Updates

Kubernetes: v1.26.0-alpha.2
Flannel: v0.20.0
CoreDNS: v1.10.0
etcd: v3.5.5
Linux: 5.15.74

Talos is built with Go 1.19.2.

Contributors

Andrey Smirnov
Noel Georgi
Andrey Smirnov
Michal Witkowski
Artem Chernyshev
Dmitriy Matrenichev
Artem Chernyshev
Serge Logvinov
Andrey Smirnov
Philipp Sauter
Steve Francis
Alexey Palazhchenko
Andrew Rynhard
Tim Jones
Utku Ozdemir
Andrew Rynhard
Kris Reeves
Marvin Drees
Spencer Smith
Branden Cash
Brandon Nason
Cameron Brunner
DJAlPee
Daniel Low
Gerard de Leeuw
Jack Wink
Jon Stelly
Matt Zahorik
Maxim Makarov
Olli Janatuinen
Pau Campana
Rubens Farias
Sander Maijers
Seán C McCord
Spencer Smith
emattiza
killcity

Changes

siderolabs/talos@d7070f5e7 release(v1.3.0-alpha.1): prepare release
siderolabs/talos@869f3b5a5 feat: network configuration improvements on the OpenStack platform
siderolabs/talos@29f2195e1 feat: support exoscale cloud
siderolabs/talos@8b4ae08d1 fix: etcd snapshot command on Windows
siderolabs/talos@8bfa7ac1d feat: platform metadata resource
siderolabs/talos@7e50e24c0 fix: properly cleanup legacy static pod manifests directory
siderolabs/talos@6ee47bcc6 fix: support serving config for qemu launcher on IPv6
siderolabs/talos@6c3d11b49 docs: admission control patch note
siderolabs/talos@4ea3b99b5 fix: serve static pod files on 127.0.0.1 instead of localhost
siderolabs/talos@23842114f feat: support encryption with secretbox
siderolabs/talos@f6773c472 docs: talos support on equinix metal
siderolabs/talos@b307160f6 chore: bump dependencies
siderolabs/talos@d7edd0e2e refactor: use go-circular, go-kubeconfig, and go-tail
siderolabs/talos@c6e1702ec feat: use URL-based manifests to present static pods to the kubelet
siderolabs/talos@136a795e5 docs: update system requirements to mention dedicated disk usage
siderolabs/talos@879e8c0bf chore: update kernel with BTF support
siderolabs/talos@ceb0cd99a feat: implement Talos API auth using SideroV1 signatures
siderolabs/talos@e6fba7d3b chore: update dependencies
siderolabs/talos@93e55b85f chore: bump golangci-lint to v1.50.0
siderolabs/talos@aa3d9b4ca fix: regenerate cert on node labeling retry
siderolabs/talos@021c73c35 fix: lowercase nodename
siderolabs/talos@b902036e1 docs: update office hours time link
siderolabs/talos@7fcb8c681 feat: update Flannel to v0.20.0
siderolabs/talos@dc70d892a fix: support setting KubeSpan link MTU
siderolabs/talos@7d52bad37 feat: update Linux to 5.15.73
siderolabs/talos@9c78b3aff feat: update Kubernetes to v1.26.0-alpha.2
siderolabs/talos@94913a672 docs: add lofty to talos adopters
siderolabs/talos@0a0bdfe16 docs: add Tremor Video to adopters
siderolabs/talos@b7b1d4fd6 feat: use readonly containers
siderolabs/talos@d210338e3 fix: skip protobuf full unmarshaling for some talosctl commands
siderolabs/talos@b3c679d18 chore: bump dependencies
siderolabs/talos@993743f63 fix: skip hostname via DHCP on OpenStack platform
siderolabs/talos@db076e7b5 feat: pin interface by mac address in cmdline args
siderolabs/talos@63de93722 fix: update go-smbios to v0.3.1
siderolabs/talos@49e9f808e chore: bump kernel and go
siderolabs/talos@c7372144d docs: add constraints to upgrade docs
siderolabs/talos@c71c8ca18 docs: consolidate, simplify and correct various docs
siderolabs/talos@06f76bfeb chore: bump dependencies
siderolabs/talos@b1c421b9a chore: publish ami's with imds v2 enabled
siderolabs/talos@195c40ab5 docs: add information about applicable use cases of disk encryption
siderolabs/talos@54a687fb8 docs: consolidate and expand on discovery service
siderolabs/talos@139c62d76 feat: allow upgrades in maintenance mode (only over SideroLink)
siderolabs/talos@48dee4805 feat: support mtu for routes
siderolabs/talos@1c43c72ae docs: fix talos required kernel params
siderolabs/talos@67cc45ae3 release(v1.3.0-alpha.0): prepare release
siderolabs/talos@18c377a4d feat: customize audit policy
siderolabs/talos@23c9ea46b fix: raspberry pi install
siderolabs/talos@f17cdee16 feat: jsonpath filter for talosctl get outputs
siderolabs/talos@6bd3cca1a chore: generic raspberry pi images
siderolabs/talos@d914ab8bb chore: add vulncheck tool as a linter
siderolabs/talos@a0151aa13 feat: add generic rpi u-boot support
siderolabs/talos@30f851d09 chore: bump dependences
siderolabs/talos@8b2235c3b fix: lookup Equinix Metal bond slaves using 'permanent addr'
siderolabs/talos@b3257ebb1 chore: bump kernel to 5.15.70
siderolabs/talos@0b2767c16 feat: implement 'permanent addr' in link statuses
siderolabs/talos@c90e20251 fix: kubeconfig permission
siderolabs/talos@fc48849d0 chore: move maps/slices/ordered to gen module
siderolabs/talos@8b09bd4b0 feat: update Kubernetes to v1.26.0-alpha.1
siderolabs/talos@276d4175b chore: bump extension versions in testing
siderolabs/talos@357b770cb fix: cryptsetup delete slot
siderolabs/talos@711128839 fix: continue applying bootstrap manifests on some errors
siderolabs/talos@ce12c7b38 chore: update COSI runtime to v0.2.0-alpha.1
siderolabs/talos@1b435c0b3 chore: bump kernel + ice drivers
siderolabs/talos@18e041f1e docs: fix typo in patching example
siderolabs/talos@0ad6452ca feat: update CoreDNS to v1.10.0
siderolabs/talos@479f3f52e chore: bump dependencies
siderolabs/talos@e07c6ae99 feat: update Kubernetes to v1.25.1
siderolabs/talos@13fdfaffc test: fix up default branch name
siderolabs/talos@ef181321a docs: add component diagram; K8s & Talos Linux
siderolabs/talos@aade73643 docs: fix missing variable in OpenEBS docs
siderolabs/talos@472590aa8 chore: return InvalidArgument on invalid config in maintenance mode
siderolabs/talos@e5cabd42c feat: enable etcd consistency hashcheck
siderolabs/talos@015535d90 fix: update discovery client with the redirect fix
siderolabs/talos@d0c8e7699 chore: bump kernel and go
siderolabs/talos@985b0c2e7 chore: remove go.work.sum
siderolabs/talos@69124f102 feat: update etcd to v3.5.5
siderolabs/talos@1985a796c docs: update docs for pod security
siderolabs/talos@94b088f02 fix: set etcd options consistently
siderolabs/talos@92ae7ef4b fix: fix protoenc encoding for enums and types with custom encoders
siderolabs/talos@93809017c docs: cpu scaling governor knowledgebase
siderolabs/talos@7b270ff33 test: fix api controller test
siderolabs/talos@2dadcd669 fix: stop worker nodes from acting as apid routers
siderolabs/talos@9eaf33f3f fix: never sign client certificate requests in trustd
siderolabs/talos@436749124 feat: environment vars for extension service
siderolabs/talos@0c0cb671e chore: mark machine configuration validation failure as InvalidArgument
siderolabs/talos@f424e5340 fix: stop containers more thoroughly
siderolabs/talos@12827b861 chore: move "implements" checks to compile time
siderolabs/talos@3a67c42cb fix: kill the task processes when cleaning up stale task
siderolabs/talos@14a79e325 chore: bump dependencies
siderolabs/talos@9beee92e7 docs: fix double vv in Kubernetes version
siderolabs/talos@688272515 fix: use different username for Talos Kubernetes API access
siderolabs/talos@161a52a9e feat: check apid client certificate extended key usage
siderolabs/talos@9dadc4a59 fix: include all node addresses into etcd cert SANs
siderolabs/talos@71bfd3e43 feat: update CoreDNS to 1.9.4
siderolabs/talos@9df8f1ff1 fix: list COSI APIs for the apid authenticator
siderolabs/talos@31462450f fix: pass a pointer to specs.Mount into protoenc.Marshal
siderolabs/talos@e626540df chore: avoid double API request logging in trustd
siderolabs/talos@f62d17125 chore: update crypto to use new import path siderolabs/crypto
siderolabs/talos@ef27dd855 chore: bump dependencies
siderolabs/talos@6472ae00b fix: automatically discard VIPs for etcd advertised addresses
siderolabs/talos@5e21cca52 feat: support setting kernel parameters
siderolabs/talos@bd56621cd feat: add structprotogen tool
siderolabs/talos@cdb6bb2cc feat: add Nano Pi R4S support
siderolabs/talos@36c1f1d6e fix: flip the client-server version check
siderolabs/talos@cd6c53a97 docs: fork docs for v1.3
siderolabs/talos@0847400f7 fix: prevent panic on health check if a member has no IPs
siderolabs/talos@7471d7f01 feat: update Flannel to v0.19.2
siderolabs/talos@148c75cfb docs: consolidate the control-plane documentation
siderolabs/talos@353154281 fix: drop kube-system SA default binding
siderolabs/talos@4f37b668b chore: remove capi hacks
siderolabs/talos@1369afea8 docs: make 1.2.0 docs default ones
siderolabs/talos@7627cb0e3 docs: add new talosctl gen secrets
siderolabs/talos@8aa60a37a chore: bump kernel to 5.15.64
siderolabs/talos@a798dbd5d docs: update docs for upcoming 1.2.0 release
siderolabs/talos@b2fec3c97 fix: properly handle configContext being nil in Talos client
siderolabs/talos@1c0977b3a fix: change the type of returned gRPC connection object from the client
siderolabs/talos@41848e421 fix: expose Talos client gRPC connection via the function Conn
siderolabs/talos@2e9be4af8 chore: bump dependencies
siderolabs/talos@d283aba3a test: fix cli reboot test
siderolabs/talos@0b339a9dc feat: track progress of action API calls
siderolabs/talos@072349812 fix: update COSI to the version with gRPC Wait fix
siderolabs/talos@89d57aa81 fix: always abort the maintenance service
siderolabs/talos@f6fa74619 fix: limit apid backoff max delay
siderolabs/talos@d7ef346db fix: get command in the case 'nodes' are not set in the context
siderolabs/talos@4e9c32256 fix: correctly render hosts.toml with multiple endpoints
siderolabs/talos@cdd0f08bc feat: check client <> server version in some Talos commands
siderolabs/talos@446b0af58 chore: bump kernel and runc
siderolabs/talos@8c203ce9b feat: remove the machine from the discovery service on reset
siderolabs/talos@b59ca5810 chore: move from inet.af/netaddr to net/netip and go4.org/netipx
siderolabs/talos@053af1d59 fix: update etcd certificates when node addresses changes
siderolabs/talos@11edb2c6f test: re-enable upgrade tests
siderolabs/talos@0310e2089 chore: bump github.com/siderolabs/protoenc to v0.1.5
siderolabs/talos@29bd63240 chore: remove old build tags syntax
siderolabs/talos@b500d0aa9 chore: bump k8s to v1.25.0
siderolabs/talos@29e574be7 docs: update to v1.2.0-beta.1
siderolabs/talos@26b549f2a chore: bump dependencies
siderolabs/talos@8c3ac4c42 chore: limit GOMAXPROCS for Talos services
siderolabs/talos@361e85b74 fix: properly read kexec disabled sysctl
siderolabs/talos@cfe6c2bc2 docs: nvidia oss drivers
siderolabs/talos@2f2d97b6b fix: don't wait for the hostname in maintenance mode
siderolabs/talos@b15a63924 chore: bump kernel to 5.15.62
siderolabs/talos@a0d94be30 fix: stable default hostname bias
siderolabs/talos@da4cd34ef feat: update etcd advertised peer addresses on the fly
siderolabs/talos@faf92ce01 chore: bump kubernetes to v1.25.0-rc.1
siderolabs/talos@52de919e3 chore: bump containerd to v1.6.8
siderolabs/talos@7d43fc79b fix: make 'ca', 'crt' and 'key' flags optional for 'talosctl config add'
siderolabs/talos@fd467e02c fix: handle grub config being empty in the Revert function
siderolabs/talos@9492aca65 fix: clean up cancelCtxMu leftovers in PriorityLock
siderolabs/talos@61e3eb2ea fix: talosctl edit mc loop
siderolabs/talos@32db7a7f5 fix: surround cancelCtx with the mutex

Changes since v1.3.0-alpha.0

siderolabs/talos@d7070f5e7 release(v1.3.0-alpha.1): prepare release
siderolabs/talos@869f3b5a5 feat: network configuration improvements on the OpenStack platform
siderolabs/talos@29f2195e1 feat: support exoscale cloud
siderolabs/talos@8b4ae08d1 fix: etcd snapshot command on Windows
siderolabs/talos@8bfa7ac1d feat: platform metadata resource
siderolabs/talos@7e50e24c0 fix: properly cleanup legacy static pod manifests directory
siderolabs/talos@6ee47bcc6 fix: support serving config for qemu launcher on IPv6
siderolabs/talos@6c3d11b49 docs: admission control patch note
siderolabs/talos@4ea3b99b5 fix: serve static pod files on 127.0.0.1 instead of localhost
siderolabs/talos@23842114f feat: support encryption with secretbox
siderolabs/talos@f6773c472 docs: talos support on equinix metal
siderolabs/talos@b307160f6 chore: bump dependencies
siderolabs/talos@d7edd0e2e refactor: use go-circular, go-kubeconfig, and go-tail
siderolabs/talos@c6e1702ec feat: use URL-based manifests to present static pods to the kubelet
siderolabs/talos@136a795e5 docs: update system requirements to mention dedicated disk usage
siderolabs/talos@879e8c0bf chore: update kernel with BTF support
siderolabs/talos@ceb0cd99a feat: implement Talos API auth using SideroV1 signatures
siderolabs/talos@e6fba7d3b chore: update dependencies
siderolabs/talos@93e55b85f chore: bump golangci-lint to v1.50.0
siderolabs/talos@aa3d9b4ca fix: regenerate cert on node labeling retry
siderolabs/talos@021c73c35 fix: lowercase nodename
siderolabs/talos@b902036e1 docs: update office hours time link
siderolabs/talos@7fcb8c681 feat: update Flannel to v0.20.0
siderolabs/talos@dc70d892a fix: support setting KubeSpan link MTU
siderolabs/talos@7d52bad37 feat: update Linux to 5.15.73
siderolabs/talos@9c78b3aff feat: update Kubernetes to v1.26.0-alpha.2
siderolabs/talos@94913a672 docs: add lofty to talos adopters
siderolabs/talos@0a0bdfe16 docs: add Tremor Video to adopters
siderolabs/talos@b7b1d4fd6 feat: use readonly containers
siderolabs/talos@d210338e3 fix: skip protobuf full unmarshaling for some talosctl commands
siderolabs/talos@b3c679d18 chore: bump dependencies
siderolabs/talos@993743f63 fix: skip hostname via DHCP on OpenStack platform
siderolabs/talos@db076e7b5 feat: pin interface by mac address in cmdline args
siderolabs/talos@63de93722 fix: update go-smbios to v0.3.1
siderolabs/talos@49e9f808e chore: bump kernel and go
siderolabs/talos@c7372144d docs: add constraints to upgrade docs
siderolabs/talos@c71c8ca18 docs: consolidate, simplify and correct various docs
siderolabs/talos@06f76bfeb chore: bump dependencies
siderolabs/talos@b1c421b9a chore: publish ami's with imds v2 enabled
siderolabs/talos@195c40ab5 docs: add information about applicable use cases of disk encryption
siderolabs/talos@54a687fb8 docs: consolidate and expand on discovery service
siderolabs/talos@139c62d76 feat: allow upgrades in maintenance mode (only over SideroLink)
siderolabs/talos@48dee4805 feat: support mtu for routes
siderolabs/talos@1c43c72ae docs: fix talos required kernel params

Changes from siderolabs/crypto

siderolabs/crypto@c3225ee feat: allow CSR template subject field to be overridden
siderolabs/crypto@8570669 chore: rename to siderolabs/crypto
siderolabs/crypto@e9df1b8 feat: add support for generating keys from RSA-SHA256 CAs
siderolabs/crypto@510b0d2 chore: add json tags
siderolabs/crypto@6fa2d93 fix: deepcopy nil fields as nil
siderolabs/crypto@9a63cba fix: add back support for generating ECDSA keys with P-256 and SHA512
siderolabs/crypto@893bc66 fix: use SHA256 for ECDSA-P256
siderolabs/crypto@deec8d4 chore: implement DeepCopy methods for PEMEncoded* types
siderolabs/crypto@d3cb772 feat: make possible to change KeyUsage
siderolabs/crypto@6bc5bb5 chore: remove unused argument
siderolabs/crypto@cd18ef6 feat: add support for several organizations
siderolabs/crypto@97c888b chore: add options to CSR
siderolabs/crypto@7776057 chore: fix typos
siderolabs/crypto@80df078 chore: remove named result parameters
siderolabs/crypto@15bdd28 chore: minor updates
siderolabs/crypto@4f80b97 fix: verify CSR signature before issuing a certificate
siderolabs/crypto@39584f1 feat: support for key/certificate types RSA, Ed25519, ECDSA
siderolabs/crypto@cf75519 fix: function NewKeyPair should create certificate with proper subject
siderolabs/crypto@751c95a feat: add 'PEMEncodedKey' which allows to transport keys in YAML
siderolabs/crypto@562c3b6 feat: add support for public RSA key in RSAKey
siderolabs/crypto@bda0e9c feat: enable more conversions between encoded and raw versions
siderolabs/crypto@e0dd56a feat: add NotBefore option for x509 cert creation
siderolabs/crypto@12a4897 feat: add support for SPKI fingerprint generation and matching
siderolabs/crypto@d0c3eef fix: implement NewKeyPair
siderolabs/crypto@196679e feat: move pkg/grpc/tls from github.com/talos-systems/talos as ./tls
siderolabs/crypto@1ff6242 chore: initial version as imported from talos-systems/talos
siderolabs/crypto@835063e chore: initial commit

Changes from siderolabs/discovery-api

siderolabs/discovery-api@5b0c5e7 chore: rename to siderolabs, rekres, etc
siderolabs/discovery-api@db279ef feat: initial set of APIs and generated files
siderolabs/discovery-api@ac52a37 chore: initial commit

Changes from siderolabs/discovery-client

siderolabs/discovery-client@230f317 fix: reconnect the client on update failure

Changes from siderolabs/extras

siderolabs/extras@8f00d77 feat: update tc-redirect-tap to the latest version
siderolabs/extras@7c91844 chore: bump go to 1.19.2

Changes from siderolabs/gen

siderolabs/gen@b3b6db8 fix: fix Copy documentation and implementation
siderolabs/gen@521f737 feat: add xerrors package which contains additions to the std errors
siderolabs/gen@726e066 fix: rename tuples.go to pair.go and set proper package name
siderolabs/gen@d8d7d25 chore: minor additions
siderolabs/gen@338a650 chore: add initial implementation and documentation
siderolabs/gen@4fd8667 Initial commit

Changes from siderolabs/go-blockdevice

siderolabs/go-blockdevice@dcf6044 chore: rekres and rename
siderolabs/go-blockdevice@9c4af49 fix: cryptsetup remove slot
siderolabs/go-blockdevice@74ea471 feat: add freebsd stubs
siderolabs/go-blockdevice@9fa801c feat: add ReadOnly attribute to Disk
siderolabs/go-blockdevice@fccee8b chore: rekres the source, fix issues
siderolabs/go-blockdevice@d9c3a27 feat: support probing FAT12/FAT16 filesystems
siderolabs/go-blockdevice@b374eb4 fix: align partition to 1M boundary by default
siderolabs/go-blockdevice@ec428fe fix: lookup filesystem labels on the actual device path
siderolabs/go-blockdevice@7b9de26 feat: read symlink fullpath in block device list function
siderolabs/go-blockdevice@6928ee4 refactor: rewrite GPT serialize/deserialize functions
siderolabs/go-blockdevice@0c7e429 refactor: simplify middle endian functions
siderolabs/go-blockdevice@15b182d fix: return partition table not exist when trying to read an empty dev
siderolabs/go-blockdevice@b9517d5 fix: resize partition
siderolabs/go-blockdevice@70d2865 fix: try to find cdrom disks
siderolabs/go-blockdevice@667bf53 fix: revert gpt partition not found
siderolabs/go-blockdevice@d7d4cdd fix: gpt partition not found
siderolabs/go-blockdevice@33afba3 fix: also open in readonly mode when running All lookup method
siderolabs/go-blockdevice@e367f9d feat: make probe always open blockdevices in readonly mode
siderolabs/go-blockdevice@d981156 fix: allow Build for Windows
siderolabs/go-blockdevice@fe24303 fix: perform correct PMBR partition calculations
siderolabs/go-blockdevice@2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
siderolabs/go-blockdevice@87816a8 feat: align partition to minimum I/O size
siderolabs/go-blockdevice@c34b59f feat: expose more encryption options in the LUKS module
siderolabs/go-blockdevice@30c2bc3 feat: mark MBR bootable
siderolabs/go-blockdevice@1292574 fix: make disk type matcher parser case insensitive
siderolabs/go-blockdevice@b77400e fix: properly detect nvme and sd card disk types
siderolabs/go-blockdevice@1d830a2 fix: revert mark the EFI partition in PMBR as bootable
siderolabs/go-blockdevice@bec914f fix: mark the EFI partition in PMBR as bootable
siderolabs/go-blockdevice@776b37d feat: add options to probe disk by various sysblock parameters
siderolabs/go-blockdevice@bb3ad73 fix: align partition start to physical sector size
siderolabs/go-blockdevice@8f976c2 feat: replace exec.Command with go-cmd module
siderolabs/go-blockdevice@1cf7f25 fix: properly handle no child processes error from cmd.Wait
siderolabs/go-blockdevice@04a9851 feat: implement luks encryption provider
siderolabs/go-blockdevice@b0375e4 feat: add an option to open block device with exclusive flock
siderolabs/go-blockdevice@5a1c7f7 refactor: add devname into gpt.Partition, refactor probe package
siderolabs/go-blockdevice@f2728a5 fix: keep contents of PMBR when writing it
siderolabs/go-blockdevice@2878460 fix: write second copy of partition entries
siderolabs/go-blockdevice@943b08b fix: blockdevice reset should read partition table from disk
siderolabs/go-blockdevice@5b4ee44 fix: ignore /dev/ram devices
siderolabs/go-blockdevice@98754ec refactor: rewrite GPT library
siderolabs/go-blockdevice@2a1baad fix: correctly build paths for mmcblk devices
siderolabs/go-blockdevice@8076344 fix: return proper disk size from GetDisks function
siderolabs/go-blockdevice@8742133 chore: add common method to list available disks using /sys/block
siderolabs/go-blockdevice@c4b5833 feat: implement "fast" wipe
siderolabs/go-blockdevice@b4e67d7 feat: return resize status from Resize() function
siderolabs/go-blockdevice@ceae64e fix: sync kernel partition table incrementally
siderolabs/go-blockdevice@2cb9516 fix: return correct error value from blkpg functions
siderolabs/go-blockdevice@cebe43d refactor: expose InsertAt method via interface
siderolabs/go-blockdevice@c40dcd8 fix: properly inform kernel about partition deletion
siderolabs/go-blockdevice@bb8ac5d feat: implement disk wiping via several methods
siderolabs/go-blockdevice@23fb7dc feat: expose partition name (label)
siderolabs/go-blockdevice@ff3a821 feat: implement 'InsertAt' method to insert partitions at any position
siderolabs/go-blockdevice@3d1ce4f fix: calculate last lba of partition correctly
siderolabs/go-blockdevice@b71540f feat: copy initial version from talos-systems/talos
siderolabs/go-blockdevice@ca3c078 Initial commit

Changes from siderolabs/go-circular

siderolabs/go-circular@507e0ec refactor: extract circular Go module
siderolabs/go-circular@2234b3a docs: add README

Changes from siderolabs/go-kubeconfig

siderolabs/go-kubeconfig@e7fdd94 refactor: extract kubeconfig library as a Go module
siderolabs/go-kubeconfig@50e91b8 docs: add REAMDE

Changes from siderolabs/go-loadbalancer

siderolabs/go-loadbalancer@438b71d chore: update package path and rekres
siderolabs/go-loadbalancer@5341eec feat: implement public method to check if the route is Healthy
siderolabs/go-loadbalancer@b578d47 feat: add a way to configure loadbalancer options
siderolabs/go-loadbalancer@c54d95d feat: implement control plane loadbalancer
siderolabs/go-loadbalancer@4a6e29e refactor: clean up names, fix the lingering goroutines
siderolabs/go-loadbalancer@af87d1c chore: apply new Kres rules
siderolabs/go-loadbalancer@a445702 feat: allow dial timeout and keep alive period to be configurable
siderolabs/go-loadbalancer@3c8f347 feat: provide a way to configure logger for the loadbalancer
siderolabs/go-loadbalancer@da8e987 feat: implement Reconcile - ability to change upstream list on the fly
siderolabs/go-loadbalancer@8b1dfa6 feat: copy initial version from talos-systems/talos
siderolabs/go-loadbalancer@c2f6a8f Initial commit

Changes from siderolabs/go-smbios

siderolabs/go-smbios@10c1dd8 fix: check for end of the slice properly
siderolabs/go-smbios@9ca8ce7 chore: treat invalid strings as empty
siderolabs/go-smbios@dbc5f79 chore: rekres+rename
siderolabs/go-smbios@3f1e775 feat: rework destructuring of SMBIOS information and added some tests
siderolabs/go-smbios@fd5ec8c fix: remove useless (?) goroutines leading to data race error
siderolabs/go-smbios@d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6
siderolabs/go-smbios@fb425d4 feat: add memory device
siderolabs/go-smbios@0bb4f96 feat: add physical memory array
siderolabs/go-smbios@8019619 feat: supply wake-up type in SMBIOS info
siderolabs/go-smbios@94b8c4e feat: initial implementation
siderolabs/go-smbios@864ed80 Initial commit

Changes from siderolabs/go-tail

siderolabs/go-tail@962ae43 refactor: extract go-tail module
siderolabs/go-tail@359c3cb docs: initial commit

Changes from siderolabs/grpc-proxy

siderolabs/grpc-proxy@4cc7bbe chore: rename to siderolabs/grpc-proxy, rekres
siderolabs/grpc-proxy@2c586db feat: pass fullMethodName to GetConnection
siderolabs/grpc-proxy@6dfa2cc fix: ignore errors on duplicate SetHeader calls
siderolabs/grpc-proxy@b076302 fix: use io.EOF error when no backend connections are available
siderolabs/grpc-proxy@82daca0 docs: update README
siderolabs/grpc-proxy@fa6843a chore: fix spelling
siderolabs/grpc-proxy@c0a87d9 chore: major cleanup of the code and build
siderolabs/grpc-proxy@ca3bc61 fix: ignore some errors so that we don't spam the logs
siderolabs/grpc-proxy@5c579a7 feat: allow different formats for messages streaming/unary
siderolabs/grpc-proxy@6c9f7b3 fix: allow mode to be set for each request being proxied
siderolabs/grpc-proxy@cc91c09 refactor: provide better public API, enforce proxying mode
siderolabs/grpc-proxy@d8d3a75 chore: update import paths after repo move
siderolabs/grpc-proxy@dbf07a4 Merge pull request #7 from smira/one2many-4
siderolabs/grpc-proxy@fc0d27d More tests, small code fixes, updated README.
siderolabs/grpc-proxy@d9ce0b1 Merge pull request #6 from smira/one2many-3
siderolabs/grpc-proxy@2d37ba4 Support for one2many streaming calls, tests.
siderolabs/grpc-proxy@817b035 Merge pull request #5 from smira/one2many-2
siderolabs/grpc-proxy@436b338 More unary one-2-many tests, error propagation.
siderolabs/grpc-proxy@1f0cb46 Merge pull request #4 from smira/one2many-1
siderolabs/grpc-proxy@992a975 Proxying one to many: first iteration
siderolabs/grpc-proxy@a0988ff Merge pull request #3 from smira/small-fixups
siderolabs/grpc-proxy@e3111ef Small fixups in preparation to add one-to-many proxying.
siderolabs/grpc-proxy@6d76ffc Merge pull request #2 from smira/backend-concept
siderolabs/grpc-proxy@2aad63a Add concept of a 'Backend', but still one to one proxying
siderolabs/grpc-proxy@7cc4610 Merge pull request #1 from smira/build
siderolabs/grpc-proxy@37f01f3 Rework build to use GitHub Actions, linting updates.
siderolabs/grpc-proxy@0f1106e Move error checking further up (#34)
siderolabs/grpc-proxy@d5b35f6 Update gRPC and fix tests (#27)
siderolabs/grpc-proxy@67591eb Break StreamDirector interface, fix metadata propagation for gRPC-Go>1.5. (#20)
siderolabs/grpc-proxy@97396d9 Merge pull request #11 from mwitkow/fix-close-bug
siderolabs/grpc-proxy@3fcbd37 fixup closing conns
siderolabs/grpc-proxy@a8f5f87 fixup tests, extend readme
siderolabs/grpc-proxy@428fa1c Fix a channel closing bug
siderolabs/grpc-proxy@af55d61 Merge pull request #10 from mwitkow/bugfix/streaming-fix
siderolabs/grpc-proxy@de4d3db remove spurious printfs
siderolabs/grpc-proxy@84242c4 fix the "i don't know who finished" case
siderolabs/grpc-proxy@9b22f41 fix full duplex streaming
siderolabs/grpc-proxy@c2f7c98 update readme
siderolabs/grpc-proxy@d654141 update README
siderolabs/grpc-proxy@f457856 move to proxy subdirectory
siderolabs/grpc-proxy@4889d78 Add fixup scripts
siderolabs/grpc-proxy@ef60a37 version 2 of the grpc-proxy, this time with fewer grpc upstream deps
siderolabs/grpc-proxy@07aeac1 Merge pull request #2 from daniellowtw/master
siderolabs/grpc-proxy@e5c3df5 Fix compatibility with latest grpc library
siderolabs/grpc-proxy@52be0a5 bugfix: fix gRPC Java deadlock, due to different dispatch logic
siderolabs/grpc-proxy@822df7d Fix reference to mwitkow.
siderolabs/grpc-proxy@28341d1 move out forward logic to method, allowing for use as grpc.Server not found handler.
siderolabs/grpc-proxy@89e28b4 add reference to upstream grpc bug
siderolabs/grpc-proxy@00dd588 merge upstream grpc.Server changes changing the dispatch logic
siderolabs/grpc-proxy@77edc97 move to upstream protobuf from gogo
siderolabs/grpc-proxy@db71c3e initial commit, tested and working.

Changes from siderolabs/pkgs

siderolabs/pkgs@66c77e9 feat: re-enable build kernel with BTF enabled
siderolabs/pkgs@98ef073 feat: enable INET_DIAG and FANOTFY_PERMISSIONS
siderolabs/pkgs@8fe5cbc chore: update dependencies
siderolabs/pkgs@554c0fe feat: add fanotify and kprobes kernel options
siderolabs/pkgs@54d7e5c fix: drbd package name
siderolabs/pkgs@b4cb9e2 feat: add 'drbd' package
siderolabs/pkgs@91e73b3 feat: update dependencies
siderolabs/pkgs@b6d0d96 chore: bump kernel to 5.15.72
siderolabs/pkgs@b16dfe9 chore: bump go to 1.19.2
siderolabs/pkgs@861cc32 chore: bump kernel to 5.15.71
siderolabs/pkgs@0ac7773 chore: use generic raspberry pi u-boot
siderolabs/pkgs@d5633d4 chore: bump kernel to 5.15.70
siderolabs/pkgs@39c0d43 feat: add generic rpi_arm64_defconfig configuration
siderolabs/pkgs@ed269ca chore: bump kernel to 5.15.69
siderolabs/pkgs@f2f8333 fix: no slack notifications on failure
siderolabs/pkgs@6f0af33 chore: disable drone slack pipeline for renovate
siderolabs/pkgs@32aea3f chore: disable drone for renovate/dependabot
siderolabs/pkgs@44579f0 fix: rollback xfsprogs to 5.18.0
siderolabs/pkgs@792c0e3 feat: add gasket driver package
siderolabs/pkgs@07f1898 chore: update deps
siderolabs/pkgs@f78f410 chore: enable conntrack zones and timestamps
siderolabs/pkgs@049b3c6 chore: enable intel ice drivers
siderolabs/pkgs@606ff32 chore: bump deps
siderolabs/pkgs@eee5c8a chore: disable irc in conntrack
siderolabs/pkgs@70e6c46 chore: bump kernel to 5.15.64
siderolabs/pkgs@e510321 chore: update renovate config
siderolabs/pkgs@d1fa510 feat: enable renovate bot
siderolabs/pkgs@e427a77 chore: bump runc to v1.1.4
siderolabs/pkgs@40e1215 chore: enable nfsv4.2 client support
siderolabs/pkgs@15efada chore: bump kernel to 5.15.63
siderolabs/pkgs@e70e3c1 fix: nvidia oss pkg name
siderolabs/pkgs@30b8d79 chore: bump kernel to 5.15.62
siderolabs/pkgs@862c392 chore: bump gcc to 12.2.0
siderolabs/pkgs@2ecd14e fix: containerd version
siderolabs/pkgs@01df058 feat: add NanoPi R4S configuration
siderolabs/pkgs@d4cb33b chore: bump containerd to v1.6.8

Changes from siderolabs/siderolink

siderolabs/siderolink@61ab1c4 fix: include MachineStatusEvent into the list of supported events
siderolabs/siderolink@16a84eb chore: rename to siderolabs/siderolink
siderolabs/siderolink@ca470c7 chore: update Talos to the latest master, migrate netaddr -> netip/x
siderolabs/siderolink@93b65f0 fix: ignore 'exist' error on interface managmeent
siderolabs/siderolink@3c4d9e0 chore: move IP to interface binding into NewDevice
siderolabs/siderolink@f0b5e39 feat: use kernel wireguard implementation when available
siderolabs/siderolink@1d2b7e1 feat: allow setting peer endpoint using peer event
siderolabs/siderolink@5d085d6 feat: expose wgDevice.Peers from the wireguard.Device wrapper
siderolabs/siderolink@3a5be65 fix: use correct method to generate Wireguard private key
siderolabs/siderolink@8318a7e feat: accept join token in Provision payload
siderolabs/siderolink@b38c192 fix: build on Windows
siderolabs/siderolink@9902ad2 feat: pass request context and node address to the events sink adapter
siderolabs/siderolink@d0612a7 refactor: pass in listener to the log receiver
siderolabs/siderolink@d86cdd5 feat: implement logreceiver for kernel logs
siderolabs/siderolink@f7cadbc fix: handle duplicate peer updates
siderolabs/siderolink@0755b24 feat: initial implementation of SideroLink
siderolabs/siderolink@ee73ea9 feat: add Talos events sink proto files and the reference implementation
siderolabs/siderolink@1e2cd9d Initial commit

Changes from siderolabs/tools

siderolabs/tools@3b5f89a chore: update dependencies
siderolabs/tools@6402b99 feat: update OpenSSL to 1.1.1r
siderolabs/tools@00e91b1 feat: update releases
siderolabs/tools@a264809 chore: bump go to 1.19.2
siderolabs/tools@858cfe7 fix: no slack notifications on failure
siderolabs/tools@ed85950 chore: disable drone slack pipeline for renovate
siderolabs/tools@5df6589 chore: disable drone for renovate/dependabot
siderolabs/tools@1f00d2e fix: revert gawk to 5.1.1
siderolabs/tools@feeda1f chore: bump grpc-go
siderolabs/tools@8542014 chore: bump deps
siderolabs/tools@e5c4968 chore: update renovate config
siderolabs/tools@f34f94d chore: update renovate config
siderolabs/tools@cef4cc6 chore: update renovate config
siderolabs/tools@bab8e9e chore: add libbpf to tools
siderolabs/tools@0a15f7b chore: build pahole properly
siderolabs/tools@a322d06 chore: remove img
siderolabs/tools@c7ff47b feat: enable renovate dependency updates (3/3)
siderolabs/tools@6e095cf feat: enable renovate dependency updates (2/n)
siderolabs/tools@bad1ad1 feat: add renovatebot
siderolabs/tools@7d6f9c3 chore: bump gcc to 12.2.0
siderolabs/tools@2719b4b chore: bump toolchain

Dependency Changes

cloud.google.com/go/compute v1.8.0 -> v1.10.0
github.com/BurntSushi/toml v1.2.0 -> v1.2.1
github.com/aws/aws-sdk-go v1.44.76 -> v1.44.122
github.com/containerd/containerd v1.6.8 -> v1.6.9
github.com/cosi-project/runtime v0.1.1 -> e8a8fdcc7548
github.com/docker/docker v20.10.17 -> v20.10.20
github.com/fsnotify/fsnotify v1.5.4 -> v1.6.0
github.com/google/go-cmp v0.5.8 -> v0.5.9
github.com/google/nftables 2eca00135732 -> 4f5cd5826fbd
github.com/hetznercloud/hcloud-go v1.35.2 -> v1.35.3
github.com/insomniacslk/dhcp 509691fd59ec -> 5308ebe5334c
github.com/jsimonetti/rtnetlink v1.2.2 -> v1.2.3
github.com/mdlayher/ethtool 856bd6cb8a38 -> 0e16326d06d1
github.com/mdlayher/netlink v1.6.0 -> v1.6.2
github.com/opencontainers/image-spec c5a74bcca799 -> v1.1.0-rc2
github.com/packethost/packngo v0.25.0 -> v0.28.1
github.com/rivo/tview 0e6b21a48e96 -> 2e69b7385a37
github.com/siderolabs/crypto v0.4.0 new
github.com/siderolabs/discovery-api v0.1.1 new
github.com/siderolabs/discovery-client v0.1.1 -> v0.1.2
github.com/siderolabs/extras v1.2.0 -> v1.3.0-alpha.0-1-g8f00d77
github.com/siderolabs/gen v0.4.0 new
github.com/siderolabs/go-blockdevice v0.4.0 new
github.com/siderolabs/go-circular v0.1.0 new
github.com/siderolabs/go-kubeconfig v0.1.0 new
github.com/siderolabs/go-loadbalancer v0.2.0 new
github.com/siderolabs/go-smbios v0.3.1 new
github.com/siderolabs/go-tail v0.1.0 new
github.com/siderolabs/grpc-proxy v0.4.0 new
github.com/siderolabs/pkgs v1.2.0-8-g970860d -> v1.3.0-alpha.0-35-g66c77e9
github.com/siderolabs/siderolink v0.2.0 new
github.com/siderolabs/tools v1.2.0 -> v1.3.0-alpha.0-20-g3b5f89a
github.com/spf13/cobra v1.5.0 -> v1.6.1
github.com/stretchr/testify v1.8.0 -> v1.8.1
github.com/u-root/u-root v0.9.0 -> v0.10.0
github.com/vmware-tanzu/sonobuoy v0.56.9 -> v0.56.10
go.etcd.io/etcd/api/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/client/pkg/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/client/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/etcdutl/v3 v3.5.4 -> v3.5.5
go.uber.org/atomic v1.9.0 -> v1.10.0
go.uber.org/zap v1.22.0 -> v1.23.0
go4.org/netipx 797b0c90d8ab new
golang.org/x/net 3211cb980234 -> v0.1.0
golang.org/x/sync 886fb9371eb4 -> v0.1.0
golang.org/x/sys fbc7d0a398ab -> v0.1.0
golang.org/x/term a9ba230a4035 -> v0.1.0
golang.org/x/time e5dcc9cfc0b9 -> v0.1.0
golang.zx2c4.com/wireguard/wgctrl 3d4a969bb56b -> 473347a5e6e3
google.golang.org/grpc v1.48.0 -> v1.50.1
k8s.io/api v0.25.0 -> v0.26.0-alpha.2
k8s.io/apimachinery v0.25.0 -> v0.26.0-alpha.2
k8s.io/apiserver v0.25.0 -> v0.26.0-alpha.2
k8s.io/client-go v0.25.0 -> v0.26.0-alpha.2
k8s.io/component-base v0.25.0 -> v0.26.0-alpha.2
k8s.io/cri-api v0.25.0 -> v0.26.0-alpha.2
k8s.io/kubectl v0.25.0 -> v0.26.0-alpha.2
k8s.io/kubelet v0.25.0 -> v0.26.0-alpha.2
kernel.org/pub/linux/libs/security/libcap/cap v1.2.65 -> v1.2.66

Previous release can be found at v1.2.0

Images

ghcr.io/siderolabs/flannel:v0.20.0
ghcr.io/siderolabs/install-cni:v1.3.0-alpha.0-1-g8f00d77
docker.io/coredns/coredns:1.10.0
gcr.io/etcd-development/etcd:v3.5.5
k8s.gcr.io/kube-apiserver:v1.26.0-alpha.2
k8s.gcr.io/kube-controller-manager:v1.26.0-alpha.2
k8s.gcr.io/kube-scheduler:v1.26.0-alpha.2
k8s.gcr.io/kube-proxy:v1.26.0-alpha.2
ghcr.io/siderolabs/kubelet:v1.26.0-alpha.2
ghcr.io/siderolabs/installer:v1.3.0-alpha.1
registry.k8s.io/pause:3.6

talos - v1.2.6

Published by talos-bot almost 2 years ago

Talos 1.2.6 (2022-10-26)

Welcome to the v1.2.6 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Kubernetes: v1.25.3
Linux: 5.15.74

Contributors

Andrey Smirnov

Changes

siderolabs/talos@6ca8b2acc release(v1.2.6): prepare release
siderolabs/talos@d79658c18 feat: implement Talos API auth using SideroV1 signatures
siderolabs/talos@8dd393e77 fix: regenerate cert on node labeling retry
siderolabs/talos@06266edaf fix: lowercase nodename
siderolabs/talos@0f0552e3d feat: update Linux to 5.15.74
siderolabs/talos@2c12fe59b feat: update Kubernetes to 1.25.3

Changes from siderolabs/pkgs

siderolabs/pkgs@f3dfac7 feat: update Linux to 5.15.74

Dependency Changes

github.com/siderolabs/pkgs v1.2.0-18-g4e4a1c6 -> v1.2.0-19-gf3dfac7
golang.org/x/sys aba9fc2a8ff2 -> f11e5e49a4ec
google.golang.org/grpc v1.49.0 -> v1.50.1
k8s.io/api v0.25.2 -> v0.25.3
k8s.io/apimachinery v0.25.2 -> v0.25.3
k8s.io/apiserver v0.25.2 -> v0.25.3
k8s.io/client-go v0.25.2 -> v0.25.3
k8s.io/component-base v0.25.2 -> v0.25.3
k8s.io/cri-api v0.25.2 -> v0.25.3
k8s.io/kubectl v0.25.2 -> v0.25.3
k8s.io/kubelet v0.25.2 -> v0.25.3

Previous release can be found at v1.2.5

Images

ghcr.io/siderolabs/flannel:v0.19.2
ghcr.io/siderolabs/install-cni:v1.2.0-2-gf14175f
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.5
k8s.gcr.io/kube-apiserver:v1.25.3
k8s.gcr.io/kube-controller-manager:v1.25.3
k8s.gcr.io/kube-scheduler:v1.25.3
k8s.gcr.io/kube-proxy:v1.25.3
ghcr.io/siderolabs/kubelet:v1.25.3
ghcr.io/siderolabs/installer:v1.2.6
k8s.gcr.io/pause:3.6

talos - v1.2.5

Published by talos-bot about 2 years ago

Talos 1.2.5 (2022-10-11)

Welcome to the v1.2.5 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 5.15.72 + UEFI/arm64 patch

Contributors

Andrey Smirnov

Changes

siderolabs/talos@65fab60c9 release(v1.2.5): prepare release
siderolabs/talos@7e7b07b7d feat: patch Linux kernel with UEFI randomize fix

Changes from siderolabs/pkgs

siderolabs/pkgs@4e4a1c6 feat: revert kernel to 5.15.68, add UEFI no randomize patch
siderolabs/pkgs@08408bb feat: revert kernel to 5.15.68

Dependency Changes

github.com/siderolabs/pkgs v1.2.0-16-gfca1701 -> v1.2.0-18-g4e4a1c6

Previous release can be found at v1.2.4

Images

ghcr.io/siderolabs/flannel:v0.19.2
ghcr.io/siderolabs/install-cni:v1.2.0-2-gf14175f
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.5
k8s.gcr.io/kube-apiserver:v1.25.2
k8s.gcr.io/kube-controller-manager:v1.25.2
k8s.gcr.io/kube-scheduler:v1.25.2
k8s.gcr.io/kube-proxy:v1.25.2
ghcr.io/siderolabs/kubelet:v1.25.2
ghcr.io/siderolabs/installer:v1.2.5
k8s.gcr.io/pause:3.6

talos - v1.2.4

Published by talos-bot about 2 years ago

Talos 1.2.4 (2022-10-10)

Welcome to the v1.2.4 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Kubernetes: v1.25.2
Linux: 5.15.72

Talos is built with Go 1.19.2.

Contributors

Andrey Smirnov
Noel Georgi

Changes

siderolabs/talos@0872ca7b1 release(v1.2.4): prepare release
siderolabs/talos@ce540ff6a fix: lookup Equinix Metal bond slaves using 'permanent addr'
siderolabs/talos@806d2c438 feat: implement 'permanent addr' in link statuses
siderolabs/talos@f522f9e39 feat: allow upgrades in maintenance mode (only over SideroLink)
siderolabs/talos@afa5e087b fix: update discovery client with the redirect fix
siderolabs/talos@0cce9ef0a fix: update go-smbios to v0.2.1
siderolabs/talos@1e63eeb36 chore: bump kernel and go
siderolabs/talos@f048bdca1 chore: bump kernel to 5.15.70
siderolabs/talos@43e34bcae feat: update Kubernetes to v1.25.2

Changes from siderolabs/discovery-api

siderolabs/discovery-api@5b0c5e7 chore: rename to siderolabs, rekres, etc
siderolabs/discovery-api@db279ef feat: initial set of APIs and generated files
siderolabs/discovery-api@ac52a37 chore: initial commit

Changes from siderolabs/discovery-client

siderolabs/discovery-client@230f317 fix: reconnect the client on update failure

Changes from siderolabs/extras

siderolabs/extras@f14175f chore: bump go to 1.19.2

Changes from siderolabs/pkgs

siderolabs/pkgs@fca1701 chore: bump kernel to 5.15.72
siderolabs/pkgs@631278e chore: bump go to 1.19.2
siderolabs/pkgs@fd9fbae chore: bump kernel to 5.15.71
siderolabs/pkgs@85c7cae chore: bump kernel to 5.15.70
siderolabs/pkgs@3c1f04d chore: bump kernel to 5.15.69

Changes from siderolabs/tools

siderolabs/tools@dcbd748 chore: bump go to 1.19.2

Changes from talos-systems/go-smbios

talos-systems/go-smbios@72c40f7 fix: check for end of the slice properly

Dependency Changes

github.com/siderolabs/discovery-api v0.1.1 new
github.com/siderolabs/discovery-client v0.1.1 -> v0.1.2
github.com/siderolabs/extras v1.2.0-1-g116c5a9 -> v1.2.0-2-gf14175f
github.com/siderolabs/pkgs v1.2.0-11-geb07d7c -> v1.2.0-16-gfca1701
github.com/siderolabs/tools v1.2.0-1-gccc64f9 -> v1.2.0-2-gdcbd748
github.com/talos-systems/go-smbios v0.2.0 -> v0.2.1
google.golang.org/grpc v1.48.0 -> v1.49.0
k8s.io/api v0.25.1 -> v0.25.2
k8s.io/apimachinery v0.25.1 -> v0.25.2
k8s.io/apiserver v0.25.1 -> v0.25.2
k8s.io/client-go v0.25.1 -> v0.25.2
k8s.io/component-base v0.25.1 -> v0.25.2
k8s.io/kubectl v0.25.1 -> v0.25.2
k8s.io/kubelet v0.25.1 -> v0.25.2

Previous release can be found at v1.2.3

Images

ghcr.io/siderolabs/flannel:v0.19.2
ghcr.io/siderolabs/install-cni:v1.2.0-2-gf14175f
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.5
k8s.gcr.io/kube-apiserver:v1.25.2
k8s.gcr.io/kube-controller-manager:v1.25.2
k8s.gcr.io/kube-scheduler:v1.25.2
k8s.gcr.io/kube-proxy:v1.25.2
ghcr.io/siderolabs/kubelet:v1.25.2
ghcr.io/siderolabs/installer:v1.2.4
k8s.gcr.io/pause:3.6

talos - v1.3.0-alpha.0

Published by talos-bot about 2 years ago

Talos 1.3.0-alpha.0 (2022-09-28)

Welcome to the v1.3.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

kube-apiserver Audit Policy

Talos now supports setting custom audit policy for kube-apiserver in the machine configuration.

etcd Consistency Check

Talos enables --experimental-compact-hash-check-enabled option by default to improve
etcd store consistency guarantees.

This options is only available with etcd >= v3.5.5, so Talos doesn't support version of etcd before v3.5.5.

Kernel Modules

Talos now supports settings kernel module parameters.

Eg:

machine:
  kernel:
    modules:
      - name: "br_netfilter"
        parameters:
          - nf_conntrack_max=131072

Nano Pi R4S

Talos now supports the Nano Pi R4S SBC.

Raspberry Generic Images

Component Updates

Kubernetes: v1.26.0-alpha.1
Flannel: v0.19.2
CoreDNS: v1.10.0
etcd: v3.5.5
Linux: 5.15.70

Contributors

Andrey Smirnov
Noel Georgi
Andrey Smirnov
Artem Chernyshev
Dmitriy Matrenichev
Artem Chernyshev
Alexey Palazhchenko
Serge Logvinov
Andrew Rynhard
Utku Ozdemir
Kris Reeves
Marvin Drees
Philipp Sauter
Andrew Rynhard
Branden Cash
Matt Zahorik
Olli Janatuinen
Pau Campana
Sander Maijers
Seán C McCord
Spencer Smith
Steve Francis
Tim Jones

Changes

siderolabs/talos@67cc45ae3 release(v1.3.0-alpha.0): prepare release
siderolabs/talos@18c377a4d feat: customize audit policy
siderolabs/talos@23c9ea46b fix: raspberry pi install
siderolabs/talos@f17cdee16 feat: jsonpath filter for talosctl get outputs
siderolabs/talos@6bd3cca1a chore: generic raspberry pi images
siderolabs/talos@d914ab8bb chore: add vulncheck tool as a linter
siderolabs/talos@a0151aa13 feat: add generic rpi u-boot support
siderolabs/talos@30f851d09 chore: bump dependences
siderolabs/talos@8b2235c3b fix: lookup Equinix Metal bond slaves using 'permanent addr'
siderolabs/talos@b3257ebb1 chore: bump kernel to 5.15.70
siderolabs/talos@0b2767c16 feat: implement 'permanent addr' in link statuses
siderolabs/talos@c90e20251 fix: kubeconfig permission
siderolabs/talos@fc48849d0 chore: move maps/slices/ordered to gen module
siderolabs/talos@8b09bd4b0 feat: update Kubernetes to v1.26.0-alpha.1
siderolabs/talos@276d4175b chore: bump extension versions in testing
siderolabs/talos@357b770cb fix: cryptsetup delete slot
siderolabs/talos@711128839 fix: continue applying bootstrap manifests on some errors
siderolabs/talos@ce12c7b38 chore: update COSI runtime to v0.2.0-alpha.1
siderolabs/talos@1b435c0b3 chore: bump kernel + ice drivers
siderolabs/talos@18e041f1e docs: fix typo in patching example
siderolabs/talos@0ad6452ca feat: update CoreDNS to v1.10.0
siderolabs/talos@479f3f52e chore: bump dependencies
siderolabs/talos@e07c6ae99 feat: update Kubernetes to v1.25.1
siderolabs/talos@13fdfaffc test: fix up default branch name
siderolabs/talos@ef181321a docs: add component diagram; K8s & Talos Linux
siderolabs/talos@aade73643 docs: fix missing variable in OpenEBS docs
siderolabs/talos@472590aa8 chore: return InvalidArgument on invalid config in maintenance mode
siderolabs/talos@e5cabd42c feat: enable etcd consistency hashcheck
siderolabs/talos@015535d90 fix: update discovery client with the redirect fix
siderolabs/talos@d0c8e7699 chore: bump kernel and go
siderolabs/talos@985b0c2e7 chore: remove go.work.sum
siderolabs/talos@69124f102 feat: update etcd to v3.5.5
siderolabs/talos@1985a796c docs: update docs for pod security
siderolabs/talos@94b088f02 fix: set etcd options consistently
siderolabs/talos@92ae7ef4b fix: fix protoenc encoding for enums and types with custom encoders
siderolabs/talos@93809017c docs: cpu scaling governor knowledgebase
siderolabs/talos@7b270ff33 test: fix api controller test
siderolabs/talos@2dadcd669 fix: stop worker nodes from acting as apid routers
siderolabs/talos@9eaf33f3f fix: never sign client certificate requests in trustd
siderolabs/talos@436749124 feat: environment vars for extension service
siderolabs/talos@0c0cb671e chore: mark machine configuration validation failure as InvalidArgument
siderolabs/talos@f424e5340 fix: stop containers more thoroughly
siderolabs/talos@12827b861 chore: move "implements" checks to compile time
siderolabs/talos@3a67c42cb fix: kill the task processes when cleaning up stale task
siderolabs/talos@14a79e325 chore: bump dependencies
siderolabs/talos@9beee92e7 docs: fix double vv in Kubernetes version
siderolabs/talos@688272515 fix: use different username for Talos Kubernetes API access
siderolabs/talos@161a52a9e feat: check apid client certificate extended key usage
siderolabs/talos@9dadc4a59 fix: include all node addresses into etcd cert SANs
siderolabs/talos@71bfd3e43 feat: update CoreDNS to 1.9.4
siderolabs/talos@9df8f1ff1 fix: list COSI APIs for the apid authenticator
siderolabs/talos@31462450f fix: pass a pointer to specs.Mount into protoenc.Marshal
siderolabs/talos@e626540df chore: avoid double API request logging in trustd
siderolabs/talos@f62d17125 chore: update crypto to use new import path siderolabs/crypto
siderolabs/talos@ef27dd855 chore: bump dependencies
siderolabs/talos@6472ae00b fix: automatically discard VIPs for etcd advertised addresses
siderolabs/talos@5e21cca52 feat: support setting kernel parameters
siderolabs/talos@bd56621cd feat: add structprotogen tool
siderolabs/talos@cdb6bb2cc feat: add Nano Pi R4S support
siderolabs/talos@36c1f1d6e fix: flip the client-server version check
siderolabs/talos@cd6c53a97 docs: fork docs for v1.3
siderolabs/talos@0847400f7 fix: prevent panic on health check if a member has no IPs
siderolabs/talos@7471d7f01 feat: update Flannel to v0.19.2
siderolabs/talos@148c75cfb docs: consolidate the control-plane documentation
siderolabs/talos@353154281 fix: drop kube-system SA default binding
siderolabs/talos@4f37b668b chore: remove capi hacks
siderolabs/talos@1369afea8 docs: make 1.2.0 docs default ones
siderolabs/talos@7627cb0e3 docs: add new talosctl gen secrets
siderolabs/talos@8aa60a37a chore: bump kernel to 5.15.64
siderolabs/talos@a798dbd5d docs: update docs for upcoming 1.2.0 release
siderolabs/talos@b2fec3c97 fix: properly handle configContext being nil in Talos client
siderolabs/talos@1c0977b3a fix: change the type of returned gRPC connection object from the client
siderolabs/talos@41848e421 fix: expose Talos client gRPC connection via the function Conn
siderolabs/talos@2e9be4af8 chore: bump dependencies
siderolabs/talos@d283aba3a test: fix cli reboot test
siderolabs/talos@0b339a9dc feat: track progress of action API calls
siderolabs/talos@072349812 fix: update COSI to the version with gRPC Wait fix
siderolabs/talos@89d57aa81 fix: always abort the maintenance service
siderolabs/talos@f6fa74619 fix: limit apid backoff max delay
siderolabs/talos@d7ef346db fix: get command in the case 'nodes' are not set in the context
siderolabs/talos@4e9c32256 fix: correctly render hosts.toml with multiple endpoints
siderolabs/talos@cdd0f08bc feat: check client <> server version in some Talos commands
siderolabs/talos@446b0af58 chore: bump kernel and runc
siderolabs/talos@8c203ce9b feat: remove the machine from the discovery service on reset
siderolabs/talos@b59ca5810 chore: move from inet.af/netaddr to net/netip and go4.org/netipx
siderolabs/talos@053af1d59 fix: update etcd certificates when node addresses changes
siderolabs/talos@11edb2c6f test: re-enable upgrade tests
siderolabs/talos@0310e2089 chore: bump github.com/siderolabs/protoenc to v0.1.5
siderolabs/talos@29bd63240 chore: remove old build tags syntax
siderolabs/talos@b500d0aa9 chore: bump k8s to v1.25.0
siderolabs/talos@29e574be7 docs: update to v1.2.0-beta.1
siderolabs/talos@26b549f2a chore: bump dependencies
siderolabs/talos@8c3ac4c42 chore: limit GOMAXPROCS for Talos services
siderolabs/talos@361e85b74 fix: properly read kexec disabled sysctl
siderolabs/talos@cfe6c2bc2 docs: nvidia oss drivers
siderolabs/talos@2f2d97b6b fix: don't wait for the hostname in maintenance mode
siderolabs/talos@b15a63924 chore: bump kernel to 5.15.62
siderolabs/talos@a0d94be30 fix: stable default hostname bias
siderolabs/talos@da4cd34ef feat: update etcd advertised peer addresses on the fly
siderolabs/talos@faf92ce01 chore: bump kubernetes to v1.25.0-rc.1
siderolabs/talos@52de919e3 chore: bump containerd to v1.6.8
siderolabs/talos@7d43fc79b fix: make 'ca', 'crt' and 'key' flags optional for 'talosctl config add'
siderolabs/talos@fd467e02c fix: handle grub config being empty in the Revert function
siderolabs/talos@9492aca65 fix: clean up cancelCtxMu leftovers in PriorityLock
siderolabs/talos@61e3eb2ea fix: talosctl edit mc loop
siderolabs/talos@32db7a7f5 fix: surround cancelCtx with the mutex

Changes from siderolabs/crypto

siderolabs/crypto@c3225ee feat: allow CSR template subject field to be overridden
siderolabs/crypto@8570669 chore: rename to siderolabs/crypto
siderolabs/crypto@e9df1b8 feat: add support for generating keys from RSA-SHA256 CAs
siderolabs/crypto@510b0d2 chore: add json tags
siderolabs/crypto@6fa2d93 fix: deepcopy nil fields as nil
siderolabs/crypto@9a63cba fix: add back support for generating ECDSA keys with P-256 and SHA512
siderolabs/crypto@893bc66 fix: use SHA256 for ECDSA-P256
siderolabs/crypto@deec8d4 chore: implement DeepCopy methods for PEMEncoded* types
siderolabs/crypto@d3cb772 feat: make possible to change KeyUsage
siderolabs/crypto@6bc5bb5 chore: remove unused argument
siderolabs/crypto@cd18ef6 feat: add support for several organizations
siderolabs/crypto@97c888b chore: add options to CSR
siderolabs/crypto@7776057 chore: fix typos
siderolabs/crypto@80df078 chore: remove named result parameters
siderolabs/crypto@15bdd28 chore: minor updates
siderolabs/crypto@4f80b97 fix: verify CSR signature before issuing a certificate
siderolabs/crypto@39584f1 feat: support for key/certificate types RSA, Ed25519, ECDSA
siderolabs/crypto@cf75519 fix: function NewKeyPair should create certificate with proper subject
siderolabs/crypto@751c95a feat: add 'PEMEncodedKey' which allows to transport keys in YAML
siderolabs/crypto@562c3b6 feat: add support for public RSA key in RSAKey
siderolabs/crypto@bda0e9c feat: enable more conversions between encoded and raw versions
siderolabs/crypto@e0dd56a feat: add NotBefore option for x509 cert creation
siderolabs/crypto@12a4897 feat: add support for SPKI fingerprint generation and matching
siderolabs/crypto@d0c3eef fix: implement NewKeyPair
siderolabs/crypto@196679e feat: move pkg/grpc/tls from github.com/talos-systems/talos as ./tls
siderolabs/crypto@1ff6242 chore: initial version as imported from talos-systems/talos
siderolabs/crypto@835063e chore: initial commit

Changes from siderolabs/discovery-api

siderolabs/discovery-api@5b0c5e7 chore: rename to siderolabs, rekres, etc
siderolabs/discovery-api@db279ef feat: initial set of APIs and generated files
siderolabs/discovery-api@ac52a37 chore: initial commit

Changes from siderolabs/discovery-client

siderolabs/discovery-client@230f317 fix: reconnect the client on update failure

Changes from siderolabs/gen

siderolabs/gen@726e066 fix: rename tuples.go to pair.go and set proper package name
siderolabs/gen@d8d7d25 chore: minor additions
siderolabs/gen@338a650 chore: add initial implementation and documentation
siderolabs/gen@4fd8667 Initial commit

Changes from siderolabs/go-blockdevice

siderolabs/go-blockdevice@dcf6044 chore: rekres and rename
siderolabs/go-blockdevice@9c4af49 fix: cryptsetup remove slot
siderolabs/go-blockdevice@74ea471 feat: add freebsd stubs
siderolabs/go-blockdevice@9fa801c feat: add ReadOnly attribute to Disk
siderolabs/go-blockdevice@fccee8b chore: rekres the source, fix issues
siderolabs/go-blockdevice@d9c3a27 feat: support probing FAT12/FAT16 filesystems
siderolabs/go-blockdevice@b374eb4 fix: align partition to 1M boundary by default
siderolabs/go-blockdevice@ec428fe fix: lookup filesystem labels on the actual device path
siderolabs/go-blockdevice@7b9de26 feat: read symlink fullpath in block device list function
siderolabs/go-blockdevice@6928ee4 refactor: rewrite GPT serialize/deserialize functions
siderolabs/go-blockdevice@0c7e429 refactor: simplify middle endian functions
siderolabs/go-blockdevice@15b182d fix: return partition table not exist when trying to read an empty dev
siderolabs/go-blockdevice@b9517d5 fix: resize partition
siderolabs/go-blockdevice@70d2865 fix: try to find cdrom disks
siderolabs/go-blockdevice@667bf53 fix: revert gpt partition not found
siderolabs/go-blockdevice@d7d4cdd fix: gpt partition not found
siderolabs/go-blockdevice@33afba3 fix: also open in readonly mode when running All lookup method
siderolabs/go-blockdevice@e367f9d feat: make probe always open blockdevices in readonly mode
siderolabs/go-blockdevice@d981156 fix: allow Build for Windows
siderolabs/go-blockdevice@fe24303 fix: perform correct PMBR partition calculations
siderolabs/go-blockdevice@2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
siderolabs/go-blockdevice@87816a8 feat: align partition to minimum I/O size
siderolabs/go-blockdevice@c34b59f feat: expose more encryption options in the LUKS module
siderolabs/go-blockdevice@30c2bc3 feat: mark MBR bootable
siderolabs/go-blockdevice@1292574 fix: make disk type matcher parser case insensitive
siderolabs/go-blockdevice@b77400e fix: properly detect nvme and sd card disk types
siderolabs/go-blockdevice@1d830a2 fix: revert mark the EFI partition in PMBR as bootable
siderolabs/go-blockdevice@bec914f fix: mark the EFI partition in PMBR as bootable
siderolabs/go-blockdevice@776b37d feat: add options to probe disk by various sysblock parameters
siderolabs/go-blockdevice@bb3ad73 fix: align partition start to physical sector size
siderolabs/go-blockdevice@8f976c2 feat: replace exec.Command with go-cmd module
siderolabs/go-blockdevice@1cf7f25 fix: properly handle no child processes error from cmd.Wait
siderolabs/go-blockdevice@04a9851 feat: implement luks encryption provider
siderolabs/go-blockdevice@b0375e4 feat: add an option to open block device with exclusive flock
siderolabs/go-blockdevice@5a1c7f7 refactor: add devname into gpt.Partition, refactor probe package
siderolabs/go-blockdevice@f2728a5 fix: keep contents of PMBR when writing it
siderolabs/go-blockdevice@2878460 fix: write second copy of partition entries
siderolabs/go-blockdevice@943b08b fix: blockdevice reset should read partition table from disk
siderolabs/go-blockdevice@5b4ee44 fix: ignore /dev/ram devices
siderolabs/go-blockdevice@98754ec refactor: rewrite GPT library
siderolabs/go-blockdevice@2a1baad fix: correctly build paths for mmcblk devices
siderolabs/go-blockdevice@8076344 fix: return proper disk size from GetDisks function
siderolabs/go-blockdevice@8742133 chore: add common method to list available disks using /sys/block
siderolabs/go-blockdevice@c4b5833 feat: implement "fast" wipe
siderolabs/go-blockdevice@b4e67d7 feat: return resize status from Resize() function
siderolabs/go-blockdevice@ceae64e fix: sync kernel partition table incrementally
siderolabs/go-blockdevice@2cb9516 fix: return correct error value from blkpg functions
siderolabs/go-blockdevice@cebe43d refactor: expose InsertAt method via interface
siderolabs/go-blockdevice@c40dcd8 fix: properly inform kernel about partition deletion
siderolabs/go-blockdevice@bb8ac5d feat: implement disk wiping via several methods
siderolabs/go-blockdevice@23fb7dc feat: expose partition name (label)
siderolabs/go-blockdevice@ff3a821 feat: implement 'InsertAt' method to insert partitions at any position
siderolabs/go-blockdevice@3d1ce4f fix: calculate last lba of partition correctly
siderolabs/go-blockdevice@b71540f feat: copy initial version from talos-systems/talos
siderolabs/go-blockdevice@ca3c078 Initial commit

Changes from siderolabs/pkgs

siderolabs/pkgs@0ac7773 chore: use generic raspberry pi u-boot
siderolabs/pkgs@d5633d4 chore: bump kernel to 5.15.70
siderolabs/pkgs@39c0d43 feat: add generic rpi_arm64_defconfig configuration
siderolabs/pkgs@ed269ca chore: bump kernel to 5.15.69
siderolabs/pkgs@f2f8333 fix: no slack notifications on failure
siderolabs/pkgs@6f0af33 chore: disable drone slack pipeline for renovate
siderolabs/pkgs@32aea3f chore: disable drone for renovate/dependabot
siderolabs/pkgs@44579f0 fix: rollback xfsprogs to 5.18.0
siderolabs/pkgs@792c0e3 feat: add gasket driver package
siderolabs/pkgs@07f1898 chore: update deps
siderolabs/pkgs@f78f410 chore: enable conntrack zones and timestamps
siderolabs/pkgs@049b3c6 chore: enable intel ice drivers
siderolabs/pkgs@606ff32 chore: bump deps
siderolabs/pkgs@eee5c8a chore: disable irc in conntrack
siderolabs/pkgs@70e6c46 chore: bump kernel to 5.15.64
siderolabs/pkgs@e510321 chore: update renovate config
siderolabs/pkgs@d1fa510 feat: enable renovate bot
siderolabs/pkgs@e427a77 chore: bump runc to v1.1.4
siderolabs/pkgs@40e1215 chore: enable nfsv4.2 client support
siderolabs/pkgs@15efada chore: bump kernel to 5.15.63
siderolabs/pkgs@e70e3c1 fix: nvidia oss pkg name
siderolabs/pkgs@30b8d79 chore: bump kernel to 5.15.62
siderolabs/pkgs@862c392 chore: bump gcc to 12.2.0
siderolabs/pkgs@2ecd14e fix: containerd version
siderolabs/pkgs@01df058 feat: add NanoPi R4S configuration
siderolabs/pkgs@d4cb33b chore: bump containerd to v1.6.8

Changes from siderolabs/tools

siderolabs/tools@5df6589 chore: disable drone for renovate/dependabot
siderolabs/tools@1f00d2e fix: revert gawk to 5.1.1
siderolabs/tools@feeda1f chore: bump grpc-go
siderolabs/tools@8542014 chore: bump deps
siderolabs/tools@e5c4968 chore: update renovate config
siderolabs/tools@f34f94d chore: update renovate config
siderolabs/tools@cef4cc6 chore: update renovate config
siderolabs/tools@bab8e9e chore: add libbpf to tools
siderolabs/tools@0a15f7b chore: build pahole properly
siderolabs/tools@a322d06 chore: remove img
siderolabs/tools@c7ff47b feat: enable renovate dependency updates (3/3)
siderolabs/tools@6e095cf feat: enable renovate dependency updates (2/n)
siderolabs/tools@bad1ad1 feat: add renovatebot
siderolabs/tools@7d6f9c3 chore: bump gcc to 12.2.0
siderolabs/tools@2719b4b chore: bump toolchain

Dependency Changes

cloud.google.com/go/compute v1.8.0 -> v1.10.0
github.com/aws/aws-sdk-go v1.44.76 -> v1.44.105
github.com/cosi-project/runtime v0.1.1 -> v0.2.0-alpha.1
github.com/docker/docker v20.10.17 -> v20.10.18
github.com/google/go-cmp v0.5.8 -> v0.5.9
github.com/google/nftables 2eca00135732 -> cbeb0fb1eccf
github.com/hetznercloud/hcloud-go v1.35.2 -> v1.35.3
github.com/insomniacslk/dhcp 509691fd59ec -> 043f1726f02e
github.com/mdlayher/ethtool 856bd6cb8a38 -> 0e16326d06d1
github.com/mdlayher/netlink v1.6.0 -> v1.6.2
github.com/opencontainers/image-spec c5a74bcca799 -> v1.1.0-rc1
github.com/packethost/packngo v0.25.0 -> v0.26.0
github.com/rivo/tview 0e6b21a48e96 -> 2e69b7385a37
github.com/siderolabs/crypto v0.4.0 new
github.com/siderolabs/discovery-api v0.1.1 new
github.com/siderolabs/discovery-client v0.1.1 -> v0.1.2
github.com/siderolabs/gen v0.2.0 new
github.com/siderolabs/go-blockdevice v0.4.0 new
github.com/siderolabs/pkgs v1.2.0-8-g970860d -> v1.3.0-alpha.0-25-g0ac7773
github.com/siderolabs/tools v1.2.0 -> v1.3.0-alpha.0-14-g5df6589
github.com/vmware-tanzu/sonobuoy v0.56.9 -> v0.56.10
go.etcd.io/etcd/api/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/client/pkg/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/client/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/etcdutl/v3 v3.5.4 -> v3.5.5
go.uber.org/atomic v1.9.0 -> v1.10.0
go.uber.org/zap v1.22.0 -> v1.23.0
go4.org/netipx 797b0c90d8ab new
golang.org/x/net 3211cb980234 -> 8be639271d50
golang.org/x/sync 886fb9371eb4 -> 7f9b1623fab7
golang.org/x/sys fbc7d0a398ab -> fb04ddd9f9c8
golang.org/x/term a9ba230a4035 -> 7a66f970e087
golang.org/x/time e5dcc9cfc0b9 -> f3bd1da661af
golang.zx2c4.com/wireguard/wgctrl 3d4a969bb56b -> 473347a5e6e3
google.golang.org/grpc v1.48.0 -> v1.49.0
k8s.io/api v0.25.0 -> v0.26.0-alpha.1
k8s.io/apimachinery v0.25.0 -> v0.26.0-alpha.1
k8s.io/apiserver v0.25.0 -> v0.26.0-alpha.1
k8s.io/client-go v0.25.0 -> v0.26.0-alpha.1
k8s.io/component-base v0.25.0 -> v0.26.0-alpha.1
k8s.io/cri-api v0.25.0 -> v0.26.0-alpha.1
k8s.io/kubectl v0.25.0 -> v0.26.0-alpha.1
k8s.io/kubelet v0.25.0 -> v0.26.0-alpha.1
kernel.org/pub/linux/libs/security/libcap/cap v1.2.65 -> v1.2.66

Previous release can be found at v1.2.0

Images

ghcr.io/siderolabs/flannel:v0.19.2
ghcr.io/siderolabs/install-cni:v1.2.0
docker.io/coredns/coredns:1.10.0
gcr.io/etcd-development/etcd:v3.5.5
k8s.gcr.io/kube-apiserver:v1.26.0-alpha.1
k8s.gcr.io/kube-controller-manager:v1.26.0-alpha.1
k8s.gcr.io/kube-scheduler:v1.26.0-alpha.1
k8s.gcr.io/kube-proxy:v1.26.0-alpha.1
ghcr.io/siderolabs/kubelet:v1.26.0-alpha.1
ghcr.io/siderolabs/installer:v1.3.0-alpha.0
k8s.gcr.io/pause:3.6

talos - v1.2.3

Published by talos-bot about 2 years ago

Talos 1.2.3 (2022-09-20)

Welcome to the v1.2.3 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Kubernetes: v1.25.1
etcd: v3.5.5
Linux: 5.15.68

Contributors

Andrey Smirnov
Dmitriy Matrenichev
Noel Georgi

Changes

siderolabs/talos@40cb1b493 release(v1.2.3): prepare release
siderolabs/talos@19cb6203c chore: add ice drivers
siderolabs/talos@4e23aa2a7 feat: update etcd to v3.5.5
siderolabs/talos@4754b59ce feat: update Kubernetes to v1.25.1
siderolabs/talos@b00186463 chore: return InvalidArgument on invalid config in maintenance mode
siderolabs/talos@1d7d8d5dd fix: set etcd options consistently
siderolabs/talos@88861e770 chore: mark machine configuration validation failure as InvalidArgument
siderolabs/talos@04406b0ba chore: add output of VLANSpec encoding to tests
siderolabs/talos@1d522938d fix: ensure that custom Decoder gets called for netaddr.IP

Changes from siderolabs/pkgs

siderolabs/pkgs@eb07d7c chore: bump kernel + enable intel ice drivers

Dependency Changes

github.com/siderolabs/pkgs v1.2.0-10-g0f4351f -> v1.2.0-11-geb07d7c
go.etcd.io/etcd/api/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/client/pkg/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/client/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/etcdutl/v3 v3.5.4 -> v3.5.5
go.uber.org/atomic v1.9.0 -> v1.10.0
go.uber.org/zap v1.22.0 -> v1.23.0
golang.org/x/net 3211cb980234 -> bea034e7d591
golang.org/x/sync 886fb9371eb4 -> f12130a52804
golang.org/x/sys fbc7d0a398ab -> aba9fc2a8ff2
k8s.io/api v0.25.0 -> v0.25.1
k8s.io/apimachinery v0.25.0 -> v0.25.1
k8s.io/apiserver v0.25.0 -> v0.25.1
k8s.io/client-go v0.25.0 -> v0.25.1
k8s.io/component-base v0.25.0 -> v0.25.1
k8s.io/cri-api v0.25.0 -> v0.25.1
k8s.io/kubectl v0.25.0 -> v0.25.1
k8s.io/kubelet v0.25.0 -> v0.25.1

Previous release can be found at v1.2.2

Images

ghcr.io/siderolabs/flannel:v0.19.2
ghcr.io/siderolabs/install-cni:v1.2.0-1-g116c5a9
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.5
k8s.gcr.io/kube-apiserver:v1.25.1
k8s.gcr.io/kube-controller-manager:v1.25.1
k8s.gcr.io/kube-scheduler:v1.25.1
k8s.gcr.io/kube-proxy:v1.25.1
ghcr.io/siderolabs/kubelet:v1.25.1
ghcr.io/siderolabs/installer:v1.2.3
k8s.gcr.io/pause:3.6

talos - v1.2.2

Published by talos-bot about 2 years ago

Talos 1.2.2 (2022-09-13)

Welcome to the v1.2.2 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

CVE-2022-36103

This releases fixes CVE-2022-36103.

Component Updates

Linux: 5.15.67

Talos is built with Go 1.19.1.

Contributors

Andrey Smirnov
Noel Georgi
Dmitriy Matrenichev

Changes

siderolabs/talos@dc8bf1717 release(v1.2.2): prepare release
siderolabs/talos@6ba6b91ae test: fix api controller test
siderolabs/talos@b644fbde2 fix: stop worker nodes from acting as apid routers
siderolabs/talos@d0a0341f6 fix: never sign client certificate requests in trustd
siderolabs/talos@39c68b625 fix: include all node addresses into etcd cert SANs
siderolabs/talos@09140a855 fix: list COSI APIs for the apid authenticator
siderolabs/talos@015c6d438 fix: pass a pointer to specs.Mount into protoenc.Marshal
siderolabs/talos@577ff4fb8 chore: bump kernel to 5.15.67

Changes from siderolabs/pkgs

siderolabs/pkgs@0f4351f chore: bump kernel to 5.15.67

Changes from talos-systems/crypto

talos-systems/crypto@f60380e feat: allow CSR template subject field to be overridden

Dependency Changes

github.com/siderolabs/pkgs v1.2.0-9-gb264dc2 -> v1.2.0-10-g0f4351f
github.com/talos-systems/crypto v0.3.6 -> v0.3.7

Previous release can be found at v1.2.1

Images

ghcr.io/siderolabs/flannel:v0.19.2
ghcr.io/siderolabs/install-cni:v1.2.0-1-g116c5a9
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.4
k8s.gcr.io/kube-apiserver:v1.25.0
k8s.gcr.io/kube-controller-manager:v1.25.0
k8s.gcr.io/kube-scheduler:v1.25.0
k8s.gcr.io/kube-proxy:v1.25.0
ghcr.io/siderolabs/kubelet:v1.25.0
ghcr.io/siderolabs/installer:v1.2.2
k8s.gcr.io/pause:3.6

talos -

Published by talos-bot about 2 years ago

Talos 1.2.1 (2022-09-07)

Welcome to the v1.2.1 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Flannel: v0.19.2
Linux: 5.15.65

Talos is built with Go 1.19.1.

Contributors

Noel Georgi
Andrey Smirnov
Utku Ozdemir

Changes

siderolabs/talos@2f3b58b41 release(v1.2.1): prepare release
siderolabs/talos@a5ecc1a9a chore: bump kernel and go
siderolabs/talos@6efe6144d fix: automatically discard VIPs for etcd advertised addresses
siderolabs/talos@0e4cead3f fix: flip the client-server version check
siderolabs/talos@b902247ee fix: prevent panic on health check if a member has no IPs
siderolabs/talos@2921221ff feat: update Flannel to v0.19.2
siderolabs/talos@7a0e3738f chore: remove capi hacks

Changes from siderolabs/extras

siderolabs/extras@116c5a9 chore: bump go to 1.19.1

Changes from siderolabs/pkgs

siderolabs/pkgs@b264dc2 chore: bump kernel and go

Changes from siderolabs/tools

siderolabs/tools@ccc64f9 chore: bump go to 1.19.1

Dependency Changes

github.com/siderolabs/extras v1.2.0 -> v1.2.0-1-g116c5a9
github.com/siderolabs/pkgs v1.2.0-8-g970860d -> v1.2.0-9-gb264dc2
github.com/siderolabs/tools v1.2.0 -> v1.2.0-1-gccc64f9

Previous release can be found at v1.2.0

Images

ghcr.io/siderolabs/flannel:v0.19.2
ghcr.io/siderolabs/install-cni:v1.2.0-1-g116c5a9
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.4
k8s.gcr.io/kube-apiserver:v1.25.0
k8s.gcr.io/kube-controller-manager:v1.25.0
k8s.gcr.io/kube-scheduler:v1.25.0
k8s.gcr.io/kube-proxy:v1.25.0
ghcr.io/siderolabs/kubelet:v1.25.0
ghcr.io/siderolabs/installer:v1.2.1
k8s.gcr.io/pause:3.6

talos - v1.2.0

Published by talos-bot about 2 years ago

Talos 1.2.0 (2022-09-01)

Welcome to the v1.2.0 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Talos API access from Kubernetes

Talos now supports access to its API from within Kubernetes. It can be configured in the machine config as below:

machine:
  features:
    kubernetesTalosAPIAccess:
      enabled: true
      allowedRoles:
        - os:reader
      allowedKubernetesNamespaces:
        - kube-system

This feature introduces a new custom resource definition, serviceaccounts.talos.dev.
Creating custom resources of this type will provide credentials to access Talos API from within Kubernetes.

The new CLI subcommand talosctl inject serviceaccount can be used to configure Kubernetes manifests with Talos service accounts as below:

talosctl inject serviceaccount -f manifests.yaml > manifests-injected.yaml
kubectl apply -f manifests-injected.yaml

See documentation for more details.

Apply Config Patches

talosctl apply-config now supports patching the machine config file in memory before submitting it to the node.

Etcd Configuration

Configuration setting cluster.etcd.subnet is deprecated, but still supported.

Two new configuration settings are introduce to control precisely which subnet is used for etcd peer communication:

cluster:
  etcd:
    advertisedSubnets:
       - 10.0.0.0/24
    listenSubnets:
       - 10.0.0.0/24
       - 192.168.0.0/24

The advertisedSubnets setting is used to control which subnet is used for etcd peer communication, it will be advertised
by each peer for other peers to connect to. If advertiseSubnets is set, listenSubnets defaults to the same value, so that
etcd only listens on the same subnet as it advertises. Additional subnets can be configured in listenSubnets if needed.

Default behavior hasn't changed - if the advertisedSubnets is not set, Talos picks up the first available network address as
advertised address and etcd is configured to listen on all interfaces.

Note: most of the etcd configuration changes are accepted on the fly, but they are fully applied only after reboot.

Generating Talos secrets from PKI directory

It is now possible to generate a secrets bundle from a Kubernetes PKI directory (e.g. /etc/kubernetes/pki).

You can also specify a bootstrap token to be used in the secrets bundle.

This secrets bundle can then be used to generate a machine config.

This facilitates migrating clusters (e.g. created using kubeadm) to Talos.

talosctl gen secrets --kubernetes-bootstrap-token znzio1.1ifu15frz7jd59pv --from-kubernetes-pki /etc/kubernetes/pki
talosctl gen config --with-secrets secrets.yaml my-cluster https://172.20.0.1:6443

Kubernetes ControlPlane Components

Talos now run all Kubernetes Control Plane Components with the CRI default Seccomp Profile and other recommendations as described in
KEP-2568.

Kubelet Default Runtime Seccomp Profile

Talos now runs Kubelet with the CRI default Seccomp Profile enabled.
This can be disabled by setting .machine.kubelet.defaultRuntimeSeccompProfileEnabled to false.

This is not enabled automatically on upgrades, so upgrading to Talos v1.2 needs this to be explicitly enabled.

Kubernetes Control Plane labels and taints

Talos now defaults to node-role.kubernetes.io/control-plane label/taint.
On upgrades Talos now removes the node-role.kubernetes.io/master label/taint on control-plane nodes and replaces it with the node-role.kubernetes.io/control-plane label/taint.
Workloads that tolerate the old taints or having node selectors with the old labels will need to be updated.

Kubernetes Discovery Backend

Kubernetes cluster discovery backend is now disabled by default for new clusters.
This backend doesn't provide any benefits over the Discovery Service based backend, while it
causes issues for KubeSpan enabled clusters when control plane endpoint is KubeSpan-routed.

For air-gapped installations when the Discovery Service is not enabled, Kubernetes Discovery Backend can be enabled by applying
the following machine configuration patch:

cluster:
  discovery:
    registries:
      kubernetes:
        disabled: false

KubeSpan Kubernetes Network Advertisement

KubeSpan no longer by default advertises Kubernetes pod networks of the node over KubeSpan.
This means that CNI should handle encapsulation of pod-to-pod traffic into the node-to-node tunnel,
and node-to-node traffic will be handled by KubeSpan.
This provides better compatibility with popular CNIs like Calico and Cilium.

Old behavior can be restored by setting .machine.kubespan.advertiseKubernetesNetworks = true in the machine config.

MachineConfig `.cluster.allowSchedulingOnMasters` deprecated

The .cluster.allowSchedulingOnMasters is deprecated and replaced by .cluster.allowSchedulingOnControlPlanes.
The .cluster.allowSchedulingOnMasters will be removed in a future release of Talos.
If both .cluster.allowSchedulingOnMasters and .cluster.allowSchedulingOnControlPlanes are set to true, the .cluster.allowSchedulingOnControlPlanes will be used.

`k8s.gcr.io` mirror configuration

Talos now defaults to adding a registry mirror configuration in the machineconfig for k8s.gcr.io pointing to both registry.k8s.io and k8s.gcr.io unless overridden.
This is in line with the Kubernetes 1.25 release having the new registry.k8s.io registry endpoint.

This is only enabled by default on newly generated configurations and not on upgrades.
This can be enabled with a machine configuration as follows:

machine:
  registries:
    mirrors:
      k8s.gcr.io:
        endpoints:
          - https://registry.k8s.io
          - https://k8s.gcr.io

Network bridge support

Talos now supports configuring Linux bridges. It can be configured in the machine config like the following:

machine:
  network:
    interfaces:
      - interface: br0
        bridge:
          stp:
            enabled: true
          interfaces:
            - eth0
            - eth1

See documentation for more details.

VLAN support in cmdline arguments

Talos now supports dracut-style vlan kernel argument to allow
installing Talos Linux in networks where ports are not tagged
with a default VLAN:

vlan=eth1.5:eth1 ip=172.20.0.2::172.20.0.1:255.255.255.0::eth1.5:::::

NVIDIA GPU support promoted to beta

NVIDIA GPU support on Talos has been promoted to beta and SideroLabs now publishes the NVIDIA Open GPU Kernel Modules as a system extension making it easier to run GPU workloads on Talos. Refer to enabling NVIDIA GPU support docs here:

Packet Capture

Talos now supports capturing packets on a network interface with talosctl pcap command:

talosctl pcap --interface eth0

Seccomp Profiles

Talos now supports creating custom seccomp profiles on the host machine which in turn can be used by Kubernetes workloads.
It can be configured in the machine config as below:

machine:
  seccompProfiles:
    - name: audit.json
      value:
        defaultAction: SCMP_ACT_LOG
    - name: deny.json
      value: {"defaultAction":"SCMP_ACT_LOG"}

This profile data can be either configured as a YAML definition or as a JSON string.

The profiles are created on the host under /var/lib/kubelet/seccomp/profiles.

See documentation for more details.

Stable Default Hostname

Talos now generates the default hostname (when there is no explicitly specified hostname) for the nodes based on the
node id (e.g. talos-2gd-76y) instead of using the DHCP assigned IP address (e.g. talos-172-20-0-2).

This ensures that the node hostname is not changed when DHCP assigns a new IP to a node.

Please note: the stable hostname generation algorithm changed between v1.2.0-beta.0 and v1.2.0-beta.1, please take care when upgrading
from versions >= 1.2.0-alpha.1 to versions >= 1.2.0-beta.1 when using stable default hostname feature.

Strategic merge machine configuration patching

In addition to JSON (RFC6902) patches Talos now supports strategic merge patching.

For example, machine hostname can be set with the following patch:

machine:
  network:
    hostname: worker1

Patch format is detected automatically.

Variable substitution for URL query parameter in the talos.config kernel parameter

The kernel parameter talos.config can now substitute system information into placeholders inside its URL query values. This example shows all supported variables:

http://example.com/metadata?h=${hostname}&m=${mac}&s=${serial}&u=${uuid}

talosctl

--masters flag on talosctl cluster create is deprecated. Use --controlplanes instead.

Tracking progress of shutdown, reboot, reset and upgrade from CLI

talosctl subcommands shutdown, reboot, reset and upgrade now have a new flag --wait to
wait until the operation is completed, displaying information on the current status of each node.
A new --debug flag is added to these commands to get the kernel logs output from these nodes if the operation fails.

track-cli-action-progress

Component Updates

Linux: 5.15.64
Flannel 0.19.1
containerd 1.6.8
runc: v1.1.4
Kubernetes: v1.25.0

Talos is built with Go 1.19.

Contributors

Andrey Smirnov
Noel Georgi
Utku Ozdemir
Artem Chernyshev
Dmitriy Matrenichev
Philipp Sauter
Tim Jones
Spencer Smith
Davincible
Eirik Askheim
Steve Francis
AMet
Alex Wied
Bermi Ferrer
Branden Cash
Charlie Haley
Christoph Schmatzler
Dennis Marttinen
Eng Zer Jun
Flightkick
Florian Klink
Gwyn
Han Cen
Larry Rosenman
Markus Reiter
Matthew Richardson
Nico Berlee
Rio Kierkels
Robert Wunderer
RyanSquared
Serge Logvinov
Seán C McCord
Tommy Botten Jensen
Trevor Sullivan
hobyte
nett_hier
zebernst

Changes

siderolabs/talos@c568770c4 release(v1.2.0): prepare release
siderolabs/talos@d77c05dc1 chore: update kernel to 5.15.64
siderolabs/talos@ece66fe9a fix: properly handle configContext being nil in Talos client
siderolabs/talos@a3a29ecd8 fix: change the type of returned gRPC connection object from the client
siderolabs/talos@623414195 fix: expose Talos client gRPC connection via the function Conn
siderolabs/talos@7b0a272e1 release(v1.2.0-beta.2): prepare release
siderolabs/talos@e2ad58478 test: fix cli reboot test
siderolabs/talos@d761a2012 feat: track progress of action API calls
siderolabs/talos@7ee20e88e fix: limit apid backoff max delay
siderolabs/talos@80448a2f0 fix: always abort the maintenance service
siderolabs/talos@3ba53de25 fix: get command in the case 'nodes' are not set in the context
siderolabs/talos@96c45e93d fix: correctly render hosts.toml with multiple endpoints
siderolabs/talos@6ec782bef feat: check client <> server version in some Talos commands
siderolabs/talos@911058d9f feat: remove the machine from the discovery service on reset
siderolabs/talos@f543f9775 fix: update etcd certificates when node addresses changes
siderolabs/talos@88c9479b2 test: re-enable upgrade tests
siderolabs/talos@867d2a439 chore: bump k8s to v1.25.0
siderolabs/talos@4db40b6b8 fix: properly read kexec disabled sysctl
siderolabs/talos@a620c8840 chore: limit GOMAXPROCS for Talos services
siderolabs/talos@ba9cfd13f fix: update COSI to the version with gRPC Wait fix
siderolabs/talos@a8e99e310 chore: bump kernel and runc
siderolabs/talos@2eed499dc fix: bump rtnetlink to 1.2.2
siderolabs/talos@4f54e9b46 release(v1.2.0-beta.1): prepare release
siderolabs/talos@cb492c163 fix: don't wait for the hostname in maintenance mode
siderolabs/talos@f8a5a1a56 fix: stable default hostname bias
siderolabs/talos@465f60c6c feat: update etcd advertised peer addresses on the fly
siderolabs/talos@30707d064 chore: bump kubernetes to v1.25.0-rc.1
siderolabs/talos@518da6c72 fix: make 'ca', 'crt' and 'key' flags optional for 'talosctl config add'
siderolabs/talos@28ffff59a fix: handle grub config being empty in the Revert function
siderolabs/talos@6f89c8f7b fix: clean up cancelCtxMu leftovers in PriorityLock
siderolabs/talos@9bbb6a943 fix: surround cancelCtx with the mutex
siderolabs/talos@f04b9f88c fix: talosctl edit mc loop
siderolabs/talos@5b4261499 docs: nvidia gpu beta support
siderolabs/talos@653acb8df chore: bump kernel to 5.15.62
siderolabs/talos@3bbcc116e chore: bump containerd to v1.6.8
siderolabs/talos@d6dbac444 docs: correct link to api access from k8s
siderolabs/talos@20d0b56a4 release(v1.2.0-beta.0): prepare release
siderolabs/talos@f37da96ef feat: enable talos client to connect to Talos through an auth proxy
siderolabs/talos@123d32174 chore: validate that etcd ca is not empty
siderolabs/talos@0fe4492e7 chore: bump golangci-lint from 1.47.2 to 1.48.0
siderolabs/talos@7e527777e chore: update API descriptors
siderolabs/talos@65098c14e chore: bump to the final released versions
siderolabs/talos@9512e8f30 feat: allow modules to be loaded via extension
siderolabs/talos@2c482936b chore: bump dependencies
siderolabs/talos@586e29dfc feat: add event actor id to client api and events cmd
siderolabs/talos@9baca4966 refactor: implement COSI resource API for Talos
siderolabs/talos@d04211f85 feat: add new event watch fn and return action responses on API
siderolabs/talos@f88d08e21 docs: clarification of AWS set up process
siderolabs/talos@b48adb8ec chore: revert kernel with BTF support
siderolabs/talos@e422ea63d chore: add proto definitions for common types
siderolabs/talos@5c6648e3d fix: make talosctl command return nonzero error codes if it had errors
siderolabs/talos@dce923f74 feat: allow configuring etcd listen addresses
siderolabs/talos@4c3485ae3 feat: update Kubernetes to 1.25.0-rc.0
siderolabs/talos@ea6ceab24 chore: bump kernel to 5.15.60
siderolabs/talos@20a564085 fix: introduce 'routed' NodeAddresses and use them in kubelet
siderolabs/talos@f1de47894 docs: verbiage in Digital Ocean tutorial
siderolabs/talos@6b23deddc feat: support custom ports for connecting to apid from talosctl
siderolabs/talos@07cd0924e fix: recursive seccomp mounts
siderolabs/talos@696f2b735 chore: update kernel to the version with BTF support
siderolabs/talos@b5da686a7 feat: add actor ID to events & emit an initial empty event
siderolabs/talos@fec0ed29d fix: add missing LinkStatusType registration
siderolabs/talos@13499fc30 feat: support patching the machine config in the apply-config cmd
siderolabs/talos@be351dcb9 release(v1.2.0-alpha.2): prepare release
siderolabs/talos@5dd1b4002 feat: disable Kubernetes discovery backend by default
siderolabs/talos@b62b18a97 feat: bump k8s to v1.25.0-beta.0
siderolabs/talos@7b80a747b feat: add protobuf encoding/decoding for Go structs
siderolabs/talos@00c3ee3ac docs: remove obsolete references to init nodes
siderolabs/talos@6eefa9d9c fix: properly filter resources in maintenance server
siderolabs/talos@fa5aad01a docs: fix issues in GCP docs
siderolabs/talos@98f056603 chore: bump dependencies
siderolabs/talos@84e712a9f feat: introduce Talos API access from Kubernetes
siderolabs/talos@d7be30892 chore: bump kernel to 5.15.59
siderolabs/talos@c2c2d65bc refactor: use COSI access filter for resource access
siderolabs/talos@1dee0579e feat: add support for proxying one-to-one to apid
siderolabs/talos@86eb01cd6 docs: add missing dev tools
siderolabs/talos@4fd676c04 docs: fix typo in theila name
siderolabs/talos@856beb21c feat: containerd 1.6.7, Flannel 1.19.1
siderolabs/talos@e97b9f6d3 feat: support dhcp options for vlan
siderolabs/talos@92314e47b refactor: use controllers/resources to feed trustd with data
siderolabs/talos@80d298abf feat: support skipping node registration
siderolabs/talos@7795de313 fix: use controllers/resources for etcd configuration
siderolabs/talos@f9b664c94 fix: reload trusted CA list when client is recreated
siderolabs/talos@8847ccd03 fix: shutdown some streaming API calls when machined API is shuting down
siderolabs/talos@f95b53726 fix: allow files in extension spec
siderolabs/talos@1a8f6ec8e fix: don't advertise Kubernetes pod networks over KubeSpan by default
siderolabs/talos@e3d4a0e4d fix: make reset work even if the node is not bootstrapped/not joined
siderolabs/talos@a6b010a8b chore: update Go to 1.19, Linux to 5.15.58
siderolabs/talos@fb058a7c9 test: use T.TempDir to create temporary test directory
siderolabs/talos@6fc38bae6 fix: iterate over etcd members endpoints for member promotion
siderolabs/talos@c70b692fb fix: update default address if removed from the host
siderolabs/talos@cf620d473 feat: read talosconfig from secrets directory
siderolabs/talos@1ad8e6122 fix: keep entire vlan id when parsing cmdline
siderolabs/talos@fe2ee3b10 feat: implement MachineStatus resource
siderolabs/talos@670d274c4 chore: bump dependencies
siderolabs/talos@08d2612e0 docs: bond devices are comma separated
siderolabs/talos@c3c3e14db chore: add gotagsrewrite tool and use it to add tags to resources
siderolabs/talos@2e790526f refactor: make apid stop gracefully and be stopped late
siderolabs/talos@0cdf22243 fix: retry Conflict errors when upgrading k8s manifests
siderolabs/talos@1db097f50 release(v1.2.0-alpha.1): prepare release
siderolabs/talos@5ac4947b6 feat: enable default seccomp profile for kubelet
siderolabs/talos@e5994ff7a fix: skip ResetDuringBoot test if the Cluster config is unknown
siderolabs/talos@8028e1074 fix: wait for boot done when rebooting a node in the integration tests
siderolabs/talos@ae1bec59e feat: allow running only one sequence at a time
siderolabs/talos@ec05aee04 fix: correctly unwrap errors when streaming
siderolabs/talos@7c7f2d8c3 feat: refactor disk size matcher to be compatible with DeepEqual
siderolabs/talos@3addea83b feat: introduce support for Talos API access from Kubernetes
siderolabs/talos@34d3a4164 docs: add missing <> to relref
siderolabs/talos@c4d2d20c4 fix: enable stable hostnames for worker configs as well
siderolabs/talos@0326bac1f chore: bump kernel to 5.15.57
siderolabs/talos@86820c33f chore: bump dependencies
siderolabs/talos@6e7dfeeb3 fix: data race in packet capture (part 2)
siderolabs/talos@c11e1dae7 docs: fix spelling and grammar errors
siderolabs/talos@30f7851d2 chore: bump golangci-lint from 1.45.2 to 1.47.2
siderolabs/talos@2cce9112d chore: bump goimports from 0.1.10 to 0.1.11
siderolabs/talos@18756c7ff fix: folder permissions of overlay mounted folders
siderolabs/talos@47c35dc47 feat: set stable default hostname based on machine-id
siderolabs/talos@1ed3df295 chore: support glibc apps extension spec
siderolabs/talos@a2aea9726 fix: write etcd PKI files in a controller
siderolabs/talos@bb4abc096 fix: regenerate kubelet certs when hostname changes
siderolabs/talos@d650afb6c chore: fix typo in powercycle
siderolabs/talos@644e803ad fix: use masks and different firewall mark for KubeSpan
siderolabs/talos@80444a43d fix: remove data race in pcap capture
siderolabs/talos@04a45dff2 docs: remove katacoda links
siderolabs/talos@065b59276 feat: implement packet capture API
siderolabs/talos@7c006cabc feat: update Kubernetes to 1.24.3
siderolabs/talos@551290195 chore: bump dependencies
siderolabs/talos@1677bcc4b fix: skip bond itself when matching interface (Equinix Metal)
siderolabs/talos@f1c2b5c55 feat: implement strategic merge patching for API server admission config
siderolabs/talos@be98cb82b feat: follow KEP-2568 non-root enhancements
siderolabs/talos@87ea1d961 fix: update kubelet kubeconfig when cluster control plane endpoint changes
siderolabs/talos@a75fe7600 feat: gen secrets from kubernetes pki dir
siderolabs/talos@a1d7b535a docs: add kubeadm migration guide
siderolabs/talos@9e0c56581 docs: guide for setting up synology-csi driver
siderolabs/talos@f0b8eea5e refactor: remove bootstrap sequence
siderolabs/talos@89c7da899 docs: add documentation for vagrant & libvirt
siderolabs/talos@014b85fdc docs: improve talos kubernetes upgrade note
siderolabs/talos@88bb017ed docs: remove old docs from site
siderolabs/talos@c92c90655 feat: build talosctl for FreeBSD
siderolabs/talos@616da3069 docs: update last release for 1.1
siderolabs/talos@091e6ef0e feat: resubstitute talos.config url variables on retry
siderolabs/talos@ec74ab38a feat: update Go to 1.18.4, Linux to 5.15.54
siderolabs/talos@641f6a1e4 feat: expose strategic merge config patches
siderolabs/talos@6e3d2d647 docs: fix disk encryption params
siderolabs/talos@c43d6a31d docs: fix typos
siderolabs/talos@551887528 chore: bump dependencies
siderolabs/talos@626ef05e6 fix: correct SANs for etcd certs
siderolabs/talos@83ce92c5f docs: fix theila docs
siderolabs/talos@8a038d40e fix: stabilize etcd join and promote sequences
siderolabs/talos@136122556 fix: use correct etcd cert path
siderolabs/talos@c170ec0b0 chore: bump kernel to 5.15.53
siderolabs/talos@d924901b7 feat: add cli subcommand to generate secrets
siderolabs/talos@34aabedd8 feat: more circular pkg from internal to pkg
siderolabs/talos@4f044e466 feat: implement strategic merge machine config patching
siderolabs/talos@c2a512608 fix: avoid double append of talos.platform kernel argument
siderolabs/talos@27dfe7c03 fix: perform accurate conflict resolution on overal (kubespan)
siderolabs/talos@e437445b4 chore: bump kernel to 5.15.52
siderolabs/talos@d27a6a4ac feat: add vlan support to cmdline
siderolabs/talos@fdca5d8a9 chore: bump dependencies
siderolabs/talos@ae3840dbc refactor: move kubeconfig package under public api
siderolabs/talos@184e113f3 chore: disable systeminfo controller in container
siderolabs/talos@86a0a7bdf refactor: use pointer types more in machine config structs
siderolabs/talos@3a1eb10e6 docs: update the Proxmox kvm64 note
siderolabs/talos@30e220fcd docs: kernel cmdline params updated on upgrades
siderolabs/talos@915de9cf9 docs: fix bridge documentation
siderolabs/talos@52cd12951 test: bump Talos versions in upgrade tests
siderolabs/talos@022581d80 release(v1.2.0-alpha.0): prepare release
siderolabs/talos@643e81cfe feat: add SenseLabs to ADOPTERS.md
siderolabs/talos@bdfee2b3b chore: bump kernel to 5.15.51
siderolabs/talos@36c44a651 fix: provide CA certificates in /etc/ssl/certs/ca-certificates.crt
siderolabs/talos@7ebd9bcce docs: fix pod security talos resource name
siderolabs/talos@57b625e0a refactor: avoid recreating grpc clients in service health checks
siderolabs/talos@a68a00f1b docs: recommend setting "host" Processor Type on proxmox
siderolabs/talos@923600a73 chore: bump kernel to 5.15.50
siderolabs/talos@758a9bf59 docs: add theila ui
siderolabs/talos@b81016e62 chore: update blockdevice library to v0.3.3
siderolabs/talos@284a2f959 fix: filter static pods correctly and optimize fetching
siderolabs/talos@61abf3111 docs: change command for cluster create to keep $HOME with sudo
siderolabs/talos@6ae1e9bf2 chore: bump dependencies
siderolabs/talos@2deff6b6e feat: add support for variable substitution in talos.config kernel parameter
siderolabs/talos@103c94225 fix: update crypto library with support for RSA-SHA*
siderolabs/talos@448de7194 docs: add UpCloud installation guide
siderolabs/talos@07014e0a8 fix: generate correct bootstrap manifests when only IPv6 CIDR is used
siderolabs/talos@465edbb47 fix: look for qemu-kvm binary
siderolabs/talos@63caa281a fix: create native image format for DigitalOcean
siderolabs/talos@f15ce549e fix: siderlink api assume port 443 with https schema
siderolabs/talos@797596229 feat: add support for configuring network bridges
siderolabs/talos@2b23fabcc docs: use SVG image for K8s conformance
siderolabs/talos@d4606c33e chore: bump kernel to 5.15.49
siderolabs/talos@cfb640222 docs: update docs for release 1.1
siderolabs/talos@b816d0b60 docs: fix the vendor information for Kubernetes conformance tests
siderolabs/talos@a167a5402 test: fix CLI nodes discovery without provisioner data
siderolabs/talos@916a30682 docs: add twitter meta info
siderolabs/talos@80090a3ed test: fix health endpoint cli test when discovery is disabled
siderolabs/talos@3c263bb44 chore: bump dependencies
siderolabs/talos@e8113527f chore: bump kubernetes to v1.24.2
siderolabs/talos@068f1b6d0 feat: add ctest package and base for test suite
siderolabs/talos@2aad3a1e4 chore: bump kernel to 5.15.48
siderolabs/talos@a31a858e0 docs: snippets for logging api server audit logs
siderolabs/talos@89aaaef9f chore: bump kernel to 5.15.47
siderolabs/talos@6759fcd4a feat: use discovery service on cluster health checks
siderolabs/talos@f54d90787 fix: enable orderly poweroff in hyper-v on Azure
siderolabs/talos@35475ce45 docs: openebs jiva example with iscsi-tools extension
siderolabs/talos@8d2be5e31 feat: extend node definition used in health checks
siderolabs/talos@7a11b4def fix: make talosctl bootstrap accept only single node
siderolabs/talos@217fba288 test: fix csi tests
siderolabs/talos@90bf34fed docs: fork docs for Talos 1.2
siderolabs/talos@a0dd010a8 docs: add link to discovery service in kubespan
siderolabs/talos@c0371410e fix: support SideroLink "secure" gRPC connection
siderolabs/talos@b03709620 feat: build Talos images with system extensions included
siderolabs/talos@43def7490 chore: bump kernel and runc
siderolabs/talos@4dbbf4ac5 chore: add generic methods and use them part #2
siderolabs/talos@7114292b6 docs: fix latest release version in docs
siderolabs/talos@da2985fe1 fix: respect local API server port
siderolabs/talos@e03266667 fix: correctly validate reboot mode in CLI
siderolabs/talos@70fc42409 chore: add generic methods and use them
siderolabs/talos@3ae8bdd92 chore: run xfs_repair on xfs filesystem returing EUCLEAN
siderolabs/talos@0c91c89f4 chore: revert day-two tests for csi tests
siderolabs/talos@f71b58312 feat: disallow anonymous requests by default (kube-apiserver)
siderolabs/talos@c19dd1b89 feat: add 'etcd members should be control plane nodes' health check
siderolabs/talos@f2997c0f2 chore: bump dependencies
siderolabs/talos@f3efec4b5 feat: update containerd 1.6.6, Linux 5.15.45, Flannel 0.18.1
siderolabs/talos@27f8e50ce fix: add ovmf image path for rhel
siderolabs/talos@87e7de30c docs: fix required ports
siderolabs/talos@c126f2ee8 chore: bump golang to 1.18.3
siderolabs/talos@c1aed6240 fix: wait for /var to be mounted in kubelet service controller
siderolabs/talos@d7a64f5d2 fix: improve vip operator shutdown sequence
siderolabs/talos@7b9dfcb85 chore: add 'make go-mod-outdated'

Changes since v1.2.0-beta.2

siderolabs/talos@c568770c4 release(v1.2.0): prepare release
siderolabs/talos@d77c05dc1 chore: update kernel to 5.15.64
siderolabs/talos@ece66fe9a fix: properly handle configContext being nil in Talos client
siderolabs/talos@a3a29ecd8 fix: change the type of returned gRPC connection object from the client
siderolabs/talos@623414195 fix: expose Talos client gRPC connection via the function Conn

Changes from siderolabs/discovery-client

siderolabs/discovery-client@ac5ab32 feat: support deleting an affiliate
siderolabs/discovery-client@27a5bee chore: rekres
siderolabs/discovery-client@a9a5e9b feat: initial client code
siderolabs/discovery-client@98eb999 chore: initial commit

Changes from siderolabs/extras

siderolabs/extras@d5b9cf7 chore: update to the final tagged pkgs
siderolabs/extras@da35a63 feat: update Go to 1.19
siderolabs/extras@17a319f chore: update Go to 1.18.4
siderolabs/extras@892407f chore: bump golang to 1.18.3

Changes from siderolabs/pkgs

siderolabs/pkgs@970860d chore: bump kernel to 5.15.64
siderolabs/pkgs@b115be6 chore: bump runc to v1.1.4
siderolabs/pkgs@d174702 chore: enable nfsv4.2 client support
siderolabs/pkgs@f1cfd26 chore: bump kernel to 5.15.63
siderolabs/pkgs@a7609bb fix: nvidia oss pkg name
siderolabs/pkgs@774e062 chore: bump kernel to 5.15.62
siderolabs/pkgs@8a338a3 fix: containerd version
siderolabs/pkgs@03efe67 chore: bump containerd to v1.6.8
siderolabs/pkgs@a2c572d chore: use final tagged tools image
siderolabs/pkgs@8cb7fff feat: add nvidia open gpu kernel modules
siderolabs/pkgs@165c278 feat: revert build kernel with BTF enabled
siderolabs/pkgs@b8062ef chore: bump nvidia drivers to 515.65.01
siderolabs/pkgs@737b510 chore: bump kernel to 5.15.60
siderolabs/pkgs@1ee594a feat(kernel): build kernel with BTF enabled
siderolabs/pkgs@7783ee3 chore: bump kernel to 5.15.59
siderolabs/pkgs@360d596 feat: update containerd to 1.6.7
siderolabs/pkgs@6feece4 feat: update Go to 1.19
siderolabs/pkgs@9ad3aeb chore: bump kernel to 5.15.58
siderolabs/pkgs@dcc0311 chore: bump kernel to 5.15.57
siderolabs/pkgs@b943a9d chore: update Go to 1.18.4
siderolabs/pkgs@a44e324 chore: bump kernel to 5.15.54
siderolabs/pkgs@247f567 chore: bump kernel to 5.15.53
siderolabs/pkgs@4fe9867 chore: bump openssl to 1.1.1q
siderolabs/pkgs@9ee662c chore: bump kernel to 5.15.52
siderolabs/pkgs@4412db8 chore: bump kernel to 5.15.51
siderolabs/pkgs@6fedbdc chore: bump tools
siderolabs/pkgs@f1f44e6 chore: bump kernel to 5.15.50
siderolabs/pkgs@388af5e chore: bump openssl to 1.1.1p
siderolabs/pkgs@ed75c50 chore: enable RANDOM_TRUST_BOOTLOADER by default
siderolabs/pkgs@7c243f6 chore: bump kernel to 5.15.49
siderolabs/pkgs@6e1269e chore: bump kernel to 5.15.48
siderolabs/pkgs@5d671a3 chore: bump nvidia drivers to 515.48.07
siderolabs/pkgs@b35d835 chore: bump kernel to 5.15.47
siderolabs/pkgs@6604d6b feat: hyperv arm64
siderolabs/pkgs@c474058 chore: bump nvidia driver to 515.43.04
siderolabs/pkgs@5bc7e34 feat: update runc to 1.1.3, libseccomp to 2.5.4
siderolabs/pkgs@c02cd7a chore: bump kernel to 5.15.46
siderolabs/pkgs@b9c72a5 feat: update containerd to 1.6.6
siderolabs/pkgs@f7786a3 chore: bump kernel to 5.15.45
siderolabs/pkgs@b1c207d feat: update containerd to 1.6.5
siderolabs/pkgs@4d47830 chore: bump golang to 1.18.3
siderolabs/pkgs@dc21e30 chore: bump kernel to 5.15.44

Changes from siderolabs/tools

siderolabs/tools@ac357ec feat: add pahole so kernel can be built with BTF support
siderolabs/tools@cd35510 feat: update Go to 1.19
siderolabs/tools@e83198d chore: bump git to v2.37.1
siderolabs/tools@0d669dd feat: update Go 1.18.4
siderolabs/tools@26b32d5 chore: bump openssl to 1.1.1q
siderolabs/tools@d8015e7 chore: bump curl to 7.84.0
siderolabs/tools@3ec03ed chore: bump openssl to 1.1.1p
siderolabs/tools@3df9e13 chore: bump golang to 1.18.3

Changes from talos-systems/crypto

talos-systems/crypto@e9df1b8 feat: add support for generating keys from RSA-SHA256 CAs

Changes from talos-systems/go-blockdevice

talos-systems/go-blockdevice@74ea471 feat: add freebsd stubs
talos-systems/go-blockdevice@9fa801c feat: add ReadOnly attribute to Disk

Changes from talos-systems/go-loadbalancer

talos-systems/go-loadbalancer@b578d47 feat: add a way to configure loadbalancer options

Changes from talos-systems/grpc-proxy

talos-systems/grpc-proxy@6dfa2cc fix: ignore errors on duplicate SetHeader calls

Dependency Changes

cloud.google.com/go/compute v1.6.1 -> v1.8.0
github.com/BurntSushi/toml v1.1.0 -> v1.2.0
github.com/aws/aws-sdk-go v1.44.24 -> v1.44.76
github.com/containerd/containerd v1.6.4 -> v1.6.8
github.com/containernetworking/cni v1.1.0 -> v1.1.2
github.com/cosi-project/runtime 95d06feaf8b5 -> v0.1.1
github.com/docker/docker v20.10.16 -> v20.10.17
github.com/emicklei/dot v0.16.0 -> v1.0.0
github.com/gertd/go-pluralize v0.2.1 new
github.com/google/gopacket v1.1.19 new
github.com/google/nftables a9775fb167d2 -> 2eca00135732
github.com/hashicorp/go-getter v1.6.1 -> v1.6.2
github.com/hashicorp/go-version v1.5.0 -> v1.6.0
github.com/hetznercloud/hcloud-go v1.33.2 -> v1.35.2
github.com/insomniacslk/dhcp 1ca156eafb9f -> 509691fd59ec
github.com/jsimonetti/rtnetlink v1.2.0 -> v1.2.2
github.com/martinlindhe/base36 v1.1.1 new
github.com/mattn/go-isatty v0.0.14 -> v0.0.16
github.com/packethost/packngo v0.24.0 -> v0.25.0
github.com/prometheus/procfs v0.7.3 -> v0.8.0
github.com/rivo/tview 9994674d60a8 -> 0e6b21a48e96
github.com/siderolabs/discovery-client v0.1.1 new
github.com/siderolabs/extras v1.1.0-1-g5800284 -> v1.2.0
github.com/siderolabs/pkgs v1.1.0-8-gfa9a488 -> v1.2.0-8-g970860d
github.com/siderolabs/tools v1.1.0-1-g134974c -> v1.2.0
github.com/spf13/cobra v1.4.0 -> v1.5.0
github.com/stretchr/testify v1.7.1 -> v1.8.0
github.com/talos-systems/crypto v0.3.5 -> v0.3.6
github.com/talos-systems/go-blockdevice v0.3.2 -> v0.3.4
github.com/talos-systems/go-loadbalancer v0.1.2 -> v0.1.3
github.com/talos-systems/grpc-proxy v0.3.0 -> v0.3.1
github.com/u-root/u-root v0.8.0 -> v0.9.0
github.com/vishvananda/netlink v1.2.0-beta -> v1.2.1-beta.2
github.com/vmware-tanzu/sonobuoy v0.56.6 -> v0.56.9
github.com/vmware/govmomi v0.28.0 -> v0.29.0
go.uber.org/zap v1.21.0 -> v1.22.0
golang.org/x/net 5463443f8c37 -> 3211cb980234
golang.org/x/sync 0976fa681c29 -> 886fb9371eb4
golang.org/x/sys bc2c85ada10a -> fbc7d0a398ab
golang.org/x/term 065cf7ba2467 -> a9ba230a4035
golang.org/x/time 583f2d630306 -> e5dcc9cfc0b9
google.golang.org/grpc v1.46.2 -> v1.48.0
google.golang.org/protobuf v1.28.0 -> v1.28.1
gopkg.in/yaml.v3 496545a6307b -> v3.0.1
inet.af/netaddr c74959edd3b6 -> 502d2d690317
k8s.io/api v0.24.2 -> v0.25.0
k8s.io/apimachinery v0.24.2 -> v0.25.0
k8s.io/apiserver v0.24.2 -> v0.25.0
k8s.io/client-go v0.24.2 -> v0.25.0
k8s.io/component-base v0.24.2 -> v0.25.0
k8s.io/cri-api v0.24.2 -> v0.25.0
k8s.io/kubectl v0.24.2 -> v0.25.0
k8s.io/kubelet v0.24.2 -> v0.25.0
kernel.org/pub/linux/libs/security/libcap/cap v1.2.64 -> v1.2.65

Previous release can be found at v1.1.0

Images

ghcr.io/siderolabs/flannel:v0.19.1
ghcr.io/siderolabs/install-cni:v1.2.0
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.4
k8s.gcr.io/kube-apiserver:v1.25.0
k8s.gcr.io/kube-controller-manager:v1.25.0
k8s.gcr.io/kube-scheduler:v1.25.0
k8s.gcr.io/kube-proxy:v1.25.0
ghcr.io/siderolabs/kubelet:v1.25.0
ghcr.io/siderolabs/installer:v1.2.0
k8s.gcr.io/pause:3.6

talos - v1.2.0-beta.2

Published by talos-bot about 2 years ago

Talos 1.2.0-beta.2 (2022-08-30)

Welcome to the v1.2.0-beta.2 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Talos API access from Kubernetes

Talos now supports access to its API from within Kubernetes. It can be configured in the machine config as below:

machine:
  features:
    kubernetesTalosAPIAccess:
      enabled: true
      allowedRoles:
        - os:reader
      allowedKubernetesNamespaces:
        - kube-system

This feature introduces a new custom resource definition, serviceaccounts.talos.dev.
Creating custom resources of this type will provide credentials to access Talos API from within Kubernetes.

The new CLI subcommand talosctl inject serviceaccount can be used to configure Kubernetes manifests with Talos service accounts as below:

talosctl inject serviceaccount -f manifests.yaml > manifests-injected.yaml
kubectl apply -f manifests-injected.yaml

See documentation for more details.

Apply Config Patches

talosctl apply-config now supports patching the machine config file in memory before submitting it to the node.

Etcd Configuration

Configuration setting cluster.etcd.subnet is deprecated, but still supported.

Two new configuration settings are introduce to control precisely which subnet is used for etcd peer communication:

cluster:
  etcd:
    advertisedSubnets:
       - 10.0.0.0/24
    listenSubnets:
       - 10.0.0.0/24
       - 192.168.0.0/24

Default behavior hasn't changed - if the advertisedSubnets is not set, Talos picks up the first available network address as
advertised address and etcd is configured to listen on all interfaces.

Note: most of the etcd configuration changes are accepted on the fly, but they are fully applied only after reboot.

Generating Talos secrets from PKI directory

It is now possible to generate a secrets bundle from a Kubernetes PKI directory (e.g. /etc/kubernetes/pki).

You can also specify a bootstrap token to be used in the secrets bundle.

This secrets bundle can then be used to generate a machine config.

This facilitates migrating clusters (e.g. created using kubeadm) to Talos.

talosctl gen secrets --kubernetes-bootstrap-token znzio1.1ifu15frz7jd59pv --from-kubernetes-pki /etc/kubernetes/pki
talosctl gen config --with-secrets secrets.yaml my-cluster https://172.20.0.1:6443

Kubernetes ControlPlane Components

Talos now run all Kubernetes Control Plane Components with the CRI default Seccomp Profile and other recommendations as described in
KEP-2568.

Kubelet Default Runtime Seccomp Profile

Talos now runs Kubelet with the CRI default Seccomp Profile enabled.
This can be disabled by setting .machine.kubelet.defaultRuntimeSeccompProfileEnabled to false.

This is not enabled automatically on upgrades, so upgrading to Talos v1.2 needs this to be explicitly enabled.

Kubernetes Control Plane labels and taints

Kubernetes Discovery Backend

For air-gapped installations when the Discovery Service is not enabled, Kubernetes Discovery Backend can be enabled by applying
the following machine configuration patch:

cluster:
  discovery:
    registries:
      kubernetes:
        disabled: false

KubeSpan Kubernetes Network Advertisement

Old behavior can be restored by setting .machine.kubespan.advertiseKubernetesNetworks = true in the machine config.

MachineConfig `.cluster.allowSchedulingOnMasters` deprecated

`k8s.gcr.io` mirror configuration

This is only enabled by default on newly generated configurations and not on upgrades.
This can be enabled with a machine configuration as follows:

machine:
  registries:
    mirrors:
      k8s.gcr.io:
        endpoints:
          - https://registry.k8s.io
          - https://k8s.gcr.io

Network bridge support

Talos now supports configuring Linux bridges. It can be configured in the machine config like the following:

machine:
  network:
    interfaces:
      - interface: br0
        bridge:
          stp:
            enabled: true
          interfaces:
            - eth0
            - eth1

See documentation for more details.

VLAN support in cmdline arguments

Talos now supports dracut-style vlan kernel argument to allow
installing Talos Linux in networks where ports are not tagged
with a default VLAN:

vlan=eth1.5:eth1 ip=172.20.0.2::172.20.0.1:255.255.255.0::eth1.5:::::

NVIDIA GPU support promoted to beta

Packet Capture

Talos now supports capturing packets on a network interface with talosctl pcap command:

talosctl pcap --interface eth0

Seccomp Profiles

Talos now supports creating custom seccomp profiles on the host machine which in turn can be used by Kubernetes workloads.
It can be configured in the machine config as below:

machine:
  seccompProfiles:
    - name: audit.json
      value:
        defaultAction: SCMP_ACT_LOG
    - name: deny.json
      value: {"defaultAction":"SCMP_ACT_LOG"}

This profile data can be either configured as a YAML definition or as a JSON string.

The profiles are created on the host under /var/lib/kubelet/seccomp/profiles.

See documentation for more details.

Stable Default Hostname

This ensures that the node hostname is not changed when DHCP assigns a new IP to a node.

Strategic merge machine configuration patching

In addition to JSON (RFC6902) patches Talos now supports strategic merge patching.

For example, machine hostname can be set with the following patch:

machine:
  network:
    hostname: worker1

Patch format is detected automatically.

Variable substitution for URL query parameter in the talos.config kernel parameter

The kernel parameter talos.config can now substitute system information into placeholders inside its URL query values. This example shows all supported variables:

http://example.com/metadata?h=${hostname}&m=${mac}&s=${serial}&u=${uuid}

talosctl

--masters flag on talosctl cluster create is deprecated. Use --controlplanes instead.

Tracking progress of shutdown, reboot, reset and upgrade from CLI

track-cli-action-progress

Component Updates

Linux: 5.15.63
Flannel 0.19.1
containerd 1.6.8
runc: v1.1.4
Kubernetes: v1.25.0

Talos is built with Go 1.19.

Contributors

Andrey Smirnov
Noel Georgi
Utku Ozdemir
Dmitriy Matrenichev
Artem Chernyshev
Philipp Sauter
Tim Jones
Spencer Smith
Davincible
Eirik Askheim
Steve Francis
AMet
Alex Wied
Bermi Ferrer
Branden Cash
Charlie Haley
Christoph Schmatzler
Dennis Marttinen
Eng Zer Jun
Flightkick
Florian Klink
Gwyn
Han Cen
Larry Rosenman
Markus Reiter
Matthew Richardson
Nico Berlee
Rio Kierkels
Robert Wunderer
RyanSquared
Serge Logvinov
Seán C McCord
Tommy Botten Jensen
Trevor Sullivan
hobyte
nett_hier
zebernst

Changes

siderolabs/talos@7b0a272e1 release(v1.2.0-beta.2): prepare release
siderolabs/talos@e2ad58478 test: fix cli reboot test
siderolabs/talos@d761a2012 feat: track progress of action API calls
siderolabs/talos@7ee20e88e fix: limit apid backoff max delay
siderolabs/talos@80448a2f0 fix: always abort the maintenance service
siderolabs/talos@3ba53de25 fix: get command in the case 'nodes' are not set in the context
siderolabs/talos@96c45e93d fix: correctly render hosts.toml with multiple endpoints
siderolabs/talos@6ec782bef feat: check client <> server version in some Talos commands
siderolabs/talos@911058d9f feat: remove the machine from the discovery service on reset
siderolabs/talos@f543f9775 fix: update etcd certificates when node addresses changes
siderolabs/talos@88c9479b2 test: re-enable upgrade tests
siderolabs/talos@867d2a439 chore: bump k8s to v1.25.0
siderolabs/talos@4db40b6b8 fix: properly read kexec disabled sysctl
siderolabs/talos@a620c8840 chore: limit GOMAXPROCS for Talos services
siderolabs/talos@ba9cfd13f fix: update COSI to the version with gRPC Wait fix
siderolabs/talos@a8e99e310 chore: bump kernel and runc
siderolabs/talos@2eed499dc fix: bump rtnetlink to 1.2.2
siderolabs/talos@4f54e9b46 release(v1.2.0-beta.1): prepare release
siderolabs/talos@cb492c163 fix: don't wait for the hostname in maintenance mode
siderolabs/talos@f8a5a1a56 fix: stable default hostname bias
siderolabs/talos@465f60c6c feat: update etcd advertised peer addresses on the fly
siderolabs/talos@30707d064 chore: bump kubernetes to v1.25.0-rc.1
siderolabs/talos@518da6c72 fix: make 'ca', 'crt' and 'key' flags optional for 'talosctl config add'
siderolabs/talos@28ffff59a fix: handle grub config being empty in the Revert function
siderolabs/talos@6f89c8f7b fix: clean up cancelCtxMu leftovers in PriorityLock
siderolabs/talos@9bbb6a943 fix: surround cancelCtx with the mutex
siderolabs/talos@f04b9f88c fix: talosctl edit mc loop
siderolabs/talos@5b4261499 docs: nvidia gpu beta support
siderolabs/talos@653acb8df chore: bump kernel to 5.15.62
siderolabs/talos@3bbcc116e chore: bump containerd to v1.6.8
siderolabs/talos@d6dbac444 docs: correct link to api access from k8s
siderolabs/talos@20d0b56a4 release(v1.2.0-beta.0): prepare release
siderolabs/talos@f37da96ef feat: enable talos client to connect to Talos through an auth proxy
siderolabs/talos@123d32174 chore: validate that etcd ca is not empty
siderolabs/talos@0fe4492e7 chore: bump golangci-lint from 1.47.2 to 1.48.0
siderolabs/talos@7e527777e chore: update API descriptors
siderolabs/talos@65098c14e chore: bump to the final released versions
siderolabs/talos@9512e8f30 feat: allow modules to be loaded via extension
siderolabs/talos@2c482936b chore: bump dependencies
siderolabs/talos@586e29dfc feat: add event actor id to client api and events cmd
siderolabs/talos@9baca4966 refactor: implement COSI resource API for Talos
siderolabs/talos@d04211f85 feat: add new event watch fn and return action responses on API
siderolabs/talos@f88d08e21 docs: clarification of AWS set up process
siderolabs/talos@b48adb8ec chore: revert kernel with BTF support
siderolabs/talos@e422ea63d chore: add proto definitions for common types
siderolabs/talos@5c6648e3d fix: make talosctl command return nonzero error codes if it had errors
siderolabs/talos@dce923f74 feat: allow configuring etcd listen addresses
siderolabs/talos@4c3485ae3 feat: update Kubernetes to 1.25.0-rc.0
siderolabs/talos@ea6ceab24 chore: bump kernel to 5.15.60
siderolabs/talos@20a564085 fix: introduce 'routed' NodeAddresses and use them in kubelet
siderolabs/talos@f1de47894 docs: verbiage in Digital Ocean tutorial
siderolabs/talos@6b23deddc feat: support custom ports for connecting to apid from talosctl
siderolabs/talos@07cd0924e fix: recursive seccomp mounts
siderolabs/talos@696f2b735 chore: update kernel to the version with BTF support
siderolabs/talos@b5da686a7 feat: add actor ID to events & emit an initial empty event
siderolabs/talos@fec0ed29d fix: add missing LinkStatusType registration
siderolabs/talos@13499fc30 feat: support patching the machine config in the apply-config cmd
siderolabs/talos@be351dcb9 release(v1.2.0-alpha.2): prepare release
siderolabs/talos@5dd1b4002 feat: disable Kubernetes discovery backend by default
siderolabs/talos@b62b18a97 feat: bump k8s to v1.25.0-beta.0
siderolabs/talos@7b80a747b feat: add protobuf encoding/decoding for Go structs
siderolabs/talos@00c3ee3ac docs: remove obsolete references to init nodes
siderolabs/talos@6eefa9d9c fix: properly filter resources in maintenance server
siderolabs/talos@fa5aad01a docs: fix issues in GCP docs
siderolabs/talos@98f056603 chore: bump dependencies
siderolabs/talos@84e712a9f feat: introduce Talos API access from Kubernetes
siderolabs/talos@d7be30892 chore: bump kernel to 5.15.59
siderolabs/talos@c2c2d65bc refactor: use COSI access filter for resource access
siderolabs/talos@1dee0579e feat: add support for proxying one-to-one to apid
siderolabs/talos@86eb01cd6 docs: add missing dev tools
siderolabs/talos@4fd676c04 docs: fix typo in theila name
siderolabs/talos@856beb21c feat: containerd 1.6.7, Flannel 1.19.1
siderolabs/talos@e97b9f6d3 feat: support dhcp options for vlan
siderolabs/talos@92314e47b refactor: use controllers/resources to feed trustd with data
siderolabs/talos@80d298abf feat: support skipping node registration
siderolabs/talos@7795de313 fix: use controllers/resources for etcd configuration
siderolabs/talos@f9b664c94 fix: reload trusted CA list when client is recreated
siderolabs/talos@8847ccd03 fix: shutdown some streaming API calls when machined API is shuting down
siderolabs/talos@f95b53726 fix: allow files in extension spec
siderolabs/talos@1a8f6ec8e fix: don't advertise Kubernetes pod networks over KubeSpan by default
siderolabs/talos@e3d4a0e4d fix: make reset work even if the node is not bootstrapped/not joined
siderolabs/talos@a6b010a8b chore: update Go to 1.19, Linux to 5.15.58
siderolabs/talos@fb058a7c9 test: use T.TempDir to create temporary test directory
siderolabs/talos@6fc38bae6 fix: iterate over etcd members endpoints for member promotion
siderolabs/talos@c70b692fb fix: update default address if removed from the host
siderolabs/talos@cf620d473 feat: read talosconfig from secrets directory
siderolabs/talos@1ad8e6122 fix: keep entire vlan id when parsing cmdline
siderolabs/talos@fe2ee3b10 feat: implement MachineStatus resource
siderolabs/talos@670d274c4 chore: bump dependencies
siderolabs/talos@08d2612e0 docs: bond devices are comma separated
siderolabs/talos@c3c3e14db chore: add gotagsrewrite tool and use it to add tags to resources
siderolabs/talos@2e790526f refactor: make apid stop gracefully and be stopped late
siderolabs/talos@0cdf22243 fix: retry Conflict errors when upgrading k8s manifests
siderolabs/talos@1db097f50 release(v1.2.0-alpha.1): prepare release
siderolabs/talos@5ac4947b6 feat: enable default seccomp profile for kubelet
siderolabs/talos@e5994ff7a fix: skip ResetDuringBoot test if the Cluster config is unknown
siderolabs/talos@8028e1074 fix: wait for boot done when rebooting a node in the integration tests
siderolabs/talos@ae1bec59e feat: allow running only one sequence at a time
siderolabs/talos@ec05aee04 fix: correctly unwrap errors when streaming
siderolabs/talos@7c7f2d8c3 feat: refactor disk size matcher to be compatible with DeepEqual
siderolabs/talos@3addea83b feat: introduce support for Talos API access from Kubernetes
siderolabs/talos@34d3a4164 docs: add missing <> to relref
siderolabs/talos@c4d2d20c4 fix: enable stable hostnames for worker configs as well
siderolabs/talos@0326bac1f chore: bump kernel to 5.15.57
siderolabs/talos@86820c33f chore: bump dependencies
siderolabs/talos@6e7dfeeb3 fix: data race in packet capture (part 2)
siderolabs/talos@c11e1dae7 docs: fix spelling and grammar errors
siderolabs/talos@30f7851d2 chore: bump golangci-lint from 1.45.2 to 1.47.2
siderolabs/talos@2cce9112d chore: bump goimports from 0.1.10 to 0.1.11
siderolabs/talos@18756c7ff fix: folder permissions of overlay mounted folders
siderolabs/talos@47c35dc47 feat: set stable default hostname based on machine-id
siderolabs/talos@1ed3df295 chore: support glibc apps extension spec
siderolabs/talos@a2aea9726 fix: write etcd PKI files in a controller
siderolabs/talos@bb4abc096 fix: regenerate kubelet certs when hostname changes
siderolabs/talos@d650afb6c chore: fix typo in powercycle
siderolabs/talos@644e803ad fix: use masks and different firewall mark for KubeSpan
siderolabs/talos@80444a43d fix: remove data race in pcap capture
siderolabs/talos@04a45dff2 docs: remove katacoda links
siderolabs/talos@065b59276 feat: implement packet capture API
siderolabs/talos@7c006cabc feat: update Kubernetes to 1.24.3
siderolabs/talos@551290195 chore: bump dependencies
siderolabs/talos@1677bcc4b fix: skip bond itself when matching interface (Equinix Metal)
siderolabs/talos@f1c2b5c55 feat: implement strategic merge patching for API server admission config
siderolabs/talos@be98cb82b feat: follow KEP-2568 non-root enhancements
siderolabs/talos@87ea1d961 fix: update kubelet kubeconfig when cluster control plane endpoint changes
siderolabs/talos@a75fe7600 feat: gen secrets from kubernetes pki dir
siderolabs/talos@a1d7b535a docs: add kubeadm migration guide
siderolabs/talos@9e0c56581 docs: guide for setting up synology-csi driver
siderolabs/talos@f0b8eea5e refactor: remove bootstrap sequence
siderolabs/talos@89c7da899 docs: add documentation for vagrant & libvirt
siderolabs/talos@014b85fdc docs: improve talos kubernetes upgrade note
siderolabs/talos@88bb017ed docs: remove old docs from site
siderolabs/talos@c92c90655 feat: build talosctl for FreeBSD
siderolabs/talos@616da3069 docs: update last release for 1.1
siderolabs/talos@091e6ef0e feat: resubstitute talos.config url variables on retry
siderolabs/talos@ec74ab38a feat: update Go to 1.18.4, Linux to 5.15.54
siderolabs/talos@641f6a1e4 feat: expose strategic merge config patches
siderolabs/talos@6e3d2d647 docs: fix disk encryption params
siderolabs/talos@c43d6a31d docs: fix typos
siderolabs/talos@551887528 chore: bump dependencies
siderolabs/talos@626ef05e6 fix: correct SANs for etcd certs
siderolabs/talos@83ce92c5f docs: fix theila docs
siderolabs/talos@8a038d40e fix: stabilize etcd join and promote sequences
siderolabs/talos@136122556 fix: use correct etcd cert path
siderolabs/talos@c170ec0b0 chore: bump kernel to 5.15.53
siderolabs/talos@d924901b7 feat: add cli subcommand to generate secrets
siderolabs/talos@34aabedd8 feat: more circular pkg from internal to pkg
siderolabs/talos@4f044e466 feat: implement strategic merge machine config patching
siderolabs/talos@c2a512608 fix: avoid double append of talos.platform kernel argument
siderolabs/talos@27dfe7c03 fix: perform accurate conflict resolution on overal (kubespan)
siderolabs/talos@e437445b4 chore: bump kernel to 5.15.52
siderolabs/talos@d27a6a4ac feat: add vlan support to cmdline
siderolabs/talos@fdca5d8a9 chore: bump dependencies
siderolabs/talos@ae3840dbc refactor: move kubeconfig package under public api
siderolabs/talos@184e113f3 chore: disable systeminfo controller in container
siderolabs/talos@86a0a7bdf refactor: use pointer types more in machine config structs
siderolabs/talos@3a1eb10e6 docs: update the Proxmox kvm64 note
siderolabs/talos@30e220fcd docs: kernel cmdline params updated on upgrades
siderolabs/talos@915de9cf9 docs: fix bridge documentation
siderolabs/talos@52cd12951 test: bump Talos versions in upgrade tests
siderolabs/talos@022581d80 release(v1.2.0-alpha.0): prepare release
siderolabs/talos@643e81cfe feat: add SenseLabs to ADOPTERS.md
siderolabs/talos@bdfee2b3b chore: bump kernel to 5.15.51
siderolabs/talos@36c44a651 fix: provide CA certificates in /etc/ssl/certs/ca-certificates.crt
siderolabs/talos@7ebd9bcce docs: fix pod security talos resource name
siderolabs/talos@57b625e0a refactor: avoid recreating grpc clients in service health checks
siderolabs/talos@a68a00f1b docs: recommend setting "host" Processor Type on proxmox
siderolabs/talos@923600a73 chore: bump kernel to 5.15.50
siderolabs/talos@758a9bf59 docs: add theila ui
siderolabs/talos@b81016e62 chore: update blockdevice library to v0.3.3
siderolabs/talos@284a2f959 fix: filter static pods correctly and optimize fetching
siderolabs/talos@61abf3111 docs: change command for cluster create to keep $HOME with sudo
siderolabs/talos@6ae1e9bf2 chore: bump dependencies
siderolabs/talos@2deff6b6e feat: add support for variable substitution in talos.config kernel parameter
siderolabs/talos@103c94225 fix: update crypto library with support for RSA-SHA*
siderolabs/talos@448de7194 docs: add UpCloud installation guide
siderolabs/talos@07014e0a8 fix: generate correct bootstrap manifests when only IPv6 CIDR is used
siderolabs/talos@465edbb47 fix: look for qemu-kvm binary
siderolabs/talos@63caa281a fix: create native image format for DigitalOcean
siderolabs/talos@f15ce549e fix: siderlink api assume port 443 with https schema
siderolabs/talos@797596229 feat: add support for configuring network bridges
siderolabs/talos@2b23fabcc docs: use SVG image for K8s conformance
siderolabs/talos@d4606c33e chore: bump kernel to 5.15.49
siderolabs/talos@cfb640222 docs: update docs for release 1.1
siderolabs/talos@b816d0b60 docs: fix the vendor information for Kubernetes conformance tests
siderolabs/talos@a167a5402 test: fix CLI nodes discovery without provisioner data
siderolabs/talos@916a30682 docs: add twitter meta info
siderolabs/talos@80090a3ed test: fix health endpoint cli test when discovery is disabled
siderolabs/talos@3c263bb44 chore: bump dependencies
siderolabs/talos@e8113527f chore: bump kubernetes to v1.24.2
siderolabs/talos@068f1b6d0 feat: add ctest package and base for test suite
siderolabs/talos@2aad3a1e4 chore: bump kernel to 5.15.48
siderolabs/talos@a31a858e0 docs: snippets for logging api server audit logs
siderolabs/talos@89aaaef9f chore: bump kernel to 5.15.47
siderolabs/talos@6759fcd4a feat: use discovery service on cluster health checks
siderolabs/talos@f54d90787 fix: enable orderly poweroff in hyper-v on Azure
siderolabs/talos@35475ce45 docs: openebs jiva example with iscsi-tools extension
siderolabs/talos@8d2be5e31 feat: extend node definition used in health checks
siderolabs/talos@7a11b4def fix: make talosctl bootstrap accept only single node
siderolabs/talos@217fba288 test: fix csi tests
siderolabs/talos@90bf34fed docs: fork docs for Talos 1.2
siderolabs/talos@a0dd010a8 docs: add link to discovery service in kubespan
siderolabs/talos@c0371410e fix: support SideroLink "secure" gRPC connection
siderolabs/talos@b03709620 feat: build Talos images with system extensions included
siderolabs/talos@43def7490 chore: bump kernel and runc
siderolabs/talos@4dbbf4ac5 chore: add generic methods and use them part #2
siderolabs/talos@7114292b6 docs: fix latest release version in docs
siderolabs/talos@da2985fe1 fix: respect local API server port
siderolabs/talos@e03266667 fix: correctly validate reboot mode in CLI
siderolabs/talos@70fc42409 chore: add generic methods and use them
siderolabs/talos@3ae8bdd92 chore: run xfs_repair on xfs filesystem returing EUCLEAN
siderolabs/talos@0c91c89f4 chore: revert day-two tests for csi tests
siderolabs/talos@f71b58312 feat: disallow anonymous requests by default (kube-apiserver)
siderolabs/talos@c19dd1b89 feat: add 'etcd members should be control plane nodes' health check
siderolabs/talos@f2997c0f2 chore: bump dependencies
siderolabs/talos@f3efec4b5 feat: update containerd 1.6.6, Linux 5.15.45, Flannel 0.18.1
siderolabs/talos@27f8e50ce fix: add ovmf image path for rhel
siderolabs/talos@87e7de30c docs: fix required ports
siderolabs/talos@c126f2ee8 chore: bump golang to 1.18.3
siderolabs/talos@c1aed6240 fix: wait for /var to be mounted in kubelet service controller
siderolabs/talos@d7a64f5d2 fix: improve vip operator shutdown sequence
siderolabs/talos@7b9dfcb85 chore: add 'make go-mod-outdated'

Changes since v1.2.0-beta.1

siderolabs/talos@7b0a272e1 release(v1.2.0-beta.2): prepare release
siderolabs/talos@e2ad58478 test: fix cli reboot test
siderolabs/talos@d761a2012 feat: track progress of action API calls
siderolabs/talos@7ee20e88e fix: limit apid backoff max delay
siderolabs/talos@80448a2f0 fix: always abort the maintenance service
siderolabs/talos@3ba53de25 fix: get command in the case 'nodes' are not set in the context
siderolabs/talos@96c45e93d fix: correctly render hosts.toml with multiple endpoints
siderolabs/talos@6ec782bef feat: check client <> server version in some Talos commands
siderolabs/talos@911058d9f feat: remove the machine from the discovery service on reset
siderolabs/talos@f543f9775 fix: update etcd certificates when node addresses changes
siderolabs/talos@88c9479b2 test: re-enable upgrade tests
siderolabs/talos@867d2a439 chore: bump k8s to v1.25.0
siderolabs/talos@4db40b6b8 fix: properly read kexec disabled sysctl
siderolabs/talos@a620c8840 chore: limit GOMAXPROCS for Talos services
siderolabs/talos@ba9cfd13f fix: update COSI to the version with gRPC Wait fix
siderolabs/talos@a8e99e310 chore: bump kernel and runc
siderolabs/talos@2eed499dc fix: bump rtnetlink to 1.2.2

Changes from siderolabs/discovery-client

siderolabs/discovery-client@ac5ab32 feat: support deleting an affiliate
siderolabs/discovery-client@27a5bee chore: rekres
siderolabs/discovery-client@a9a5e9b feat: initial client code
siderolabs/discovery-client@98eb999 chore: initial commit

Changes from siderolabs/extras

siderolabs/extras@d5b9cf7 chore: update to the final tagged pkgs
siderolabs/extras@da35a63 feat: update Go to 1.19
siderolabs/extras@17a319f chore: update Go to 1.18.4
siderolabs/extras@892407f chore: bump golang to 1.18.3

Changes from siderolabs/pkgs

siderolabs/pkgs@b115be6 chore: bump runc to v1.1.4
siderolabs/pkgs@d174702 chore: enable nfsv4.2 client support
siderolabs/pkgs@f1cfd26 chore: bump kernel to 5.15.63
siderolabs/pkgs@a7609bb fix: nvidia oss pkg name
siderolabs/pkgs@774e062 chore: bump kernel to 5.15.62
siderolabs/pkgs@8a338a3 fix: containerd version
siderolabs/pkgs@03efe67 chore: bump containerd to v1.6.8
siderolabs/pkgs@a2c572d chore: use final tagged tools image
siderolabs/pkgs@8cb7fff feat: add nvidia open gpu kernel modules
siderolabs/pkgs@165c278 feat: revert build kernel with BTF enabled
siderolabs/pkgs@b8062ef chore: bump nvidia drivers to 515.65.01
siderolabs/pkgs@737b510 chore: bump kernel to 5.15.60
siderolabs/pkgs@1ee594a feat(kernel): build kernel with BTF enabled
siderolabs/pkgs@7783ee3 chore: bump kernel to 5.15.59
siderolabs/pkgs@360d596 feat: update containerd to 1.6.7
siderolabs/pkgs@6feece4 feat: update Go to 1.19
siderolabs/pkgs@9ad3aeb chore: bump kernel to 5.15.58
siderolabs/pkgs@dcc0311 chore: bump kernel to 5.15.57
siderolabs/pkgs@b943a9d chore: update Go to 1.18.4
siderolabs/pkgs@a44e324 chore: bump kernel to 5.15.54
siderolabs/pkgs@247f567 chore: bump kernel to 5.15.53
siderolabs/pkgs@4fe9867 chore: bump openssl to 1.1.1q
siderolabs/pkgs@9ee662c chore: bump kernel to 5.15.52
siderolabs/pkgs@4412db8 chore: bump kernel to 5.15.51
siderolabs/pkgs@6fedbdc chore: bump tools
siderolabs/pkgs@f1f44e6 chore: bump kernel to 5.15.50
siderolabs/pkgs@388af5e chore: bump openssl to 1.1.1p
siderolabs/pkgs@ed75c50 chore: enable RANDOM_TRUST_BOOTLOADER by default
siderolabs/pkgs@7c243f6 chore: bump kernel to 5.15.49
siderolabs/pkgs@6e1269e chore: bump kernel to 5.15.48
siderolabs/pkgs@5d671a3 chore: bump nvidia drivers to 515.48.07
siderolabs/pkgs@b35d835 chore: bump kernel to 5.15.47
siderolabs/pkgs@6604d6b feat: hyperv arm64
siderolabs/pkgs@c474058 chore: bump nvidia driver to 515.43.04
siderolabs/pkgs@5bc7e34 feat: update runc to 1.1.3, libseccomp to 2.5.4
siderolabs/pkgs@c02cd7a chore: bump kernel to 5.15.46
siderolabs/pkgs@b9c72a5 feat: update containerd to 1.6.6
siderolabs/pkgs@f7786a3 chore: bump kernel to 5.15.45
siderolabs/pkgs@b1c207d feat: update containerd to 1.6.5
siderolabs/pkgs@4d47830 chore: bump golang to 1.18.3
siderolabs/pkgs@dc21e30 chore: bump kernel to 5.15.44

Changes from siderolabs/tools

siderolabs/tools@ac357ec feat: add pahole so kernel can be built with BTF support
siderolabs/tools@cd35510 feat: update Go to 1.19
siderolabs/tools@e83198d chore: bump git to v2.37.1
siderolabs/tools@0d669dd feat: update Go 1.18.4
siderolabs/tools@26b32d5 chore: bump openssl to 1.1.1q
siderolabs/tools@d8015e7 chore: bump curl to 7.84.0
siderolabs/tools@3ec03ed chore: bump openssl to 1.1.1p
siderolabs/tools@3df9e13 chore: bump golang to 1.18.3

Changes from talos-systems/crypto

talos-systems/crypto@e9df1b8 feat: add support for generating keys from RSA-SHA256 CAs

Changes from talos-systems/go-blockdevice

talos-systems/go-blockdevice@74ea471 feat: add freebsd stubs
talos-systems/go-blockdevice@9fa801c feat: add ReadOnly attribute to Disk

Changes from talos-systems/go-loadbalancer

talos-systems/go-loadbalancer@b578d47 feat: add a way to configure loadbalancer options

Changes from talos-systems/grpc-proxy

talos-systems/grpc-proxy@6dfa2cc fix: ignore errors on duplicate SetHeader calls

Dependency Changes

cloud.google.com/go/compute v1.6.1 -> v1.8.0
github.com/BurntSushi/toml v1.1.0 -> v1.2.0
github.com/aws/aws-sdk-go v1.44.24 -> v1.44.76
github.com/containerd/containerd v1.6.4 -> v1.6.8
github.com/containernetworking/cni v1.1.0 -> v1.1.2
github.com/cosi-project/runtime 95d06feaf8b5 -> v0.1.1
github.com/docker/docker v20.10.16 -> v20.10.17
github.com/emicklei/dot v0.16.0 -> v1.0.0
github.com/gertd/go-pluralize v0.2.1 new
github.com/google/gopacket v1.1.19 new
github.com/google/nftables a9775fb167d2 -> 2eca00135732
github.com/hashicorp/go-getter v1.6.1 -> v1.6.2
github.com/hashicorp/go-version v1.5.0 -> v1.6.0
github.com/hetznercloud/hcloud-go v1.33.2 -> v1.35.2
github.com/insomniacslk/dhcp 1ca156eafb9f -> 509691fd59ec
github.com/jsimonetti/rtnetlink v1.2.0 -> v1.2.2
github.com/martinlindhe/base36 v1.1.1 new
github.com/mattn/go-isatty v0.0.14 -> v0.0.16
github.com/packethost/packngo v0.24.0 -> v0.25.0
github.com/prometheus/procfs v0.7.3 -> v0.8.0
github.com/rivo/tview 9994674d60a8 -> 0e6b21a48e96
github.com/siderolabs/discovery-client v0.1.1 new
github.com/siderolabs/extras v1.1.0-1-g5800284 -> v1.2.0
github.com/siderolabs/pkgs v1.1.0-8-gfa9a488 -> v1.2.0-7-gb115be6
github.com/siderolabs/tools v1.1.0-1-g134974c -> v1.2.0
github.com/spf13/cobra v1.4.0 -> v1.5.0
github.com/stretchr/testify v1.7.1 -> v1.8.0
github.com/talos-systems/crypto v0.3.5 -> v0.3.6
github.com/talos-systems/go-blockdevice v0.3.2 -> v0.3.4
github.com/talos-systems/go-loadbalancer v0.1.2 -> v0.1.3
github.com/talos-systems/grpc-proxy v0.3.0 -> v0.3.1
github.com/u-root/u-root v0.8.0 -> v0.9.0
github.com/vishvananda/netlink v1.2.0-beta -> v1.2.1-beta.2
github.com/vmware-tanzu/sonobuoy v0.56.6 -> v0.56.9
github.com/vmware/govmomi v0.28.0 -> v0.29.0
go.uber.org/zap v1.21.0 -> v1.22.0
golang.org/x/net 5463443f8c37 -> 3211cb980234
golang.org/x/sync 0976fa681c29 -> 886fb9371eb4
golang.org/x/sys bc2c85ada10a -> fbc7d0a398ab
golang.org/x/term 065cf7ba2467 -> a9ba230a4035
golang.org/x/time 583f2d630306 -> e5dcc9cfc0b9
google.golang.org/grpc v1.46.2 -> v1.48.0
google.golang.org/protobuf v1.28.0 -> v1.28.1
gopkg.in/yaml.v3 496545a6307b -> v3.0.1
inet.af/netaddr c74959edd3b6 -> 502d2d690317
k8s.io/api v0.24.2 -> v0.25.0
k8s.io/apimachinery v0.24.2 -> v0.25.0
k8s.io/apiserver v0.24.2 -> v0.25.0
k8s.io/client-go v0.24.2 -> v0.25.0
k8s.io/component-base v0.24.2 -> v0.25.0
k8s.io/cri-api v0.24.2 -> v0.25.0
k8s.io/kubectl v0.24.2 -> v0.25.0
k8s.io/kubelet v0.24.2 -> v0.25.0
kernel.org/pub/linux/libs/security/libcap/cap v1.2.64 -> v1.2.65

Previous release can be found at v1.1.0

Images

ghcr.io/siderolabs/flannel:v0.19.1
ghcr.io/siderolabs/install-cni:v1.2.0
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.4
k8s.gcr.io/kube-apiserver:v1.25.0
k8s.gcr.io/kube-controller-manager:v1.25.0
k8s.gcr.io/kube-scheduler:v1.25.0
k8s.gcr.io/kube-proxy:v1.25.0
ghcr.io/siderolabs/kubelet:v1.25.0
ghcr.io/siderolabs/installer:v1.2.0-beta.2
k8s.gcr.io/pause:3.6

talos - v1.2.0-beta.1

Published by talos-bot about 2 years ago

Talos 1.2.0-beta.1 (2022-08-23)

Welcome to the v1.2.0-beta.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Talos API access from Kubernetes

Talos now supports access to its API from within Kubernetes. It can be configured in the machine config as below:

machine:
  features:
    kubernetesTalosAPIAccess:
      enabled: true
      allowedRoles:
        - os:reader
      allowedKubernetesNamespaces:
        - kube-system

This feature introduces a new custom resource definition, serviceaccounts.talos.dev.
Creating custom resources of this type will provide credentials to access Talos API from within Kubernetes.

The new CLI subcommand talosctl inject serviceaccount can be used to configure Kubernetes manifests with Talos service accounts as below:

talosctl inject serviceaccount -f manifests.yaml > manifests-injected.yaml
kubectl apply -f manifests-injected.yaml

See documentation for more details.

Apply Config Patches

talosctl apply-config now supports patching the machine config file in memory before submitting it to the node.

Etcd Configuration

Configuration setting cluster.etcd.subnet is deprecated, but still supported.

Two new configuration settings are introduce to control precisely which subnet is used for etcd peer communication:

cluster:
  etcd:
    advertisedSubnets:
       - 10.0.0.0/24
    listenSubnets:
       - 10.0.0.0/24
       - 192.168.0.0/24

Default behavior hasn't changed - if the advertisedSubnets is not set, Talos picks up the first available network address as
advertised address and etcd is configured to listen on all interfaces.

Note: most of the etcd configuration changes are accepted on the fly, but they are fully applied only after reboot.

Generating Talos secrets from PKI directory

It is now possible to generate a secrets bundle from a Kubernetes PKI directory (e.g. /etc/kubernetes/pki).

You can also specify a bootstrap token to be used in the secrets bundle.

This secrets bundle can then be used to generate a machine config.

This facilitates migrating clusters (e.g. created using kubeadm) to Talos.

talosctl gen secrets --kubernetes-bootstrap-token znzio1.1ifu15frz7jd59pv --from-kubernetes-pki /etc/kubernetes/pki
talosctl gen config --with-secrets secrets.yaml my-cluster https://172.20.0.1:6443

Kubernetes ControlPlane Components

Talos now run all Kubernetes Control Plane Components with the CRI default Seccomp Profile and other recommendations as described in
KEP-2568.

Kubelet Default Runtime Seccomp Profile

Talos now runs Kubelet with the CRI default Seccomp Profile enabled.
This can be disabled by setting .machine.kubelet.defaultRuntimeSeccompProfileEnabled to false.

This is not enabled automatically on upgrades, so upgrading to Talos v1.2 needs this to be explicitly enabled.

Kubernetes Control Plane labels and taints

Kubernetes Discovery Backend

For air-gapped installations when the Discovery Service is not enabled, Kubernetes Discovery Backend can be enabled by applying
the following machine configuration patch:

cluster:
  discovery:
    registries:
      kubernetes:
        disabled: false

KubeSpan Kubernetes Network Advertisement

Old behavior can be restored by setting .machine.kubespan.advertiseKubernetesNetworks = true in the machine config.

MachineConfig `.cluster.allowSchedulingOnMasters` deprecated

`k8s.gcr.io` mirror configuration

This is only enabled by default on newly generated configurations and not on upgrades.
This can be enabled with a machine configuration as follows:

machine:
  registries:
    mirrors:
      k8s.gcr.io:
        endpoints:
          - https://registry.k8s.io
          - https://k8s.gcr.io

Network bridge support

Talos now supports configuring Linux bridges. It can be configured in the machine config like the following:

machine:
  network:
    interfaces:
      - interface: br0
        bridge:
          stp:
            enabled: true
          interfaces:
            - eth0
            - eth1

See documentation for more details.

VLAN support in cmdline arguments

Talos now supports dracut-style vlan kernel argument to allow
installing Talos Linux in networks where ports are not tagged
with a default VLAN:

vlan=eth1.5:eth1 ip=172.20.0.2::172.20.0.1:255.255.255.0::eth1.5:::::

NVIDIA GPU support promoted to beta

Packet Capture

Talos now supports capturing packets on a network interface with talosctl pcap command:

talosctl pcap --interface eth0

Seccomp Profiles

Talos now supports creating custom seccomp profiles on the host machine which in turn can be used by Kubernetes workloads.
It can be configured in the machine config as below:

machine:
  seccompProfiles:
    - name: audit.json
      value:
        defaultAction: SCMP_ACT_LOG
    - name: deny.json
      value: {"defaultAction":"SCMP_ACT_LOG"}

This profile data can be either configured as a YAML definition or as a JSON string.

The profiles are created on the host under /var/lib/kubelet/seccomp/profiles.

See documentation for more details.

Stable Default Hostname

This ensures that the node hostname is not changed when DHCP assigns a new IP to a node.

Strategic merge machine configuration patching

In addition to JSON (RFC6902) patches Talos now supports strategic merge patching.

For example, machine hostname can be set with the following patch:

machine:
  network:
    hostname: worker1

Patch format is detected automatically.

Variable substitution for URL query parameter in the talos.config kernel parameter

The kernel parameter talos.config can now substitute system information into placeholders inside its URL query values. This example shows all supported variables:

http://example.com/metadata?h=${hostname}&m=${mac}&s=${serial}&u=${uuid}

talosctl

--masters flag on talosctl cluster create is deprecated. Use --controlplanes instead.

Component Updates

Linux: 5.15.62
Flannel 0.19.1
containerd 1.6.8
Kubernetes: v1.25.0-rc.1

Talos is built with Go 1.19.

Contributors

Andrey Smirnov
Noel Georgi
Utku Ozdemir
Dmitriy Matrenichev
Artem Chernyshev
Philipp Sauter
Tim Jones
Spencer Smith
Davincible
Eirik Askheim
Steve Francis
AMet
Alex Wied
Bermi Ferrer
Branden Cash
Charlie Haley
Christoph Schmatzler
Dennis Marttinen
Eng Zer Jun
Flightkick
Florian Klink
Gwyn
Han Cen
Larry Rosenman
Markus Reiter
Matthew Richardson
Nico Berlee
Rio Kierkels
Robert Wunderer
RyanSquared
Serge Logvinov
Seán C McCord
Tommy Botten Jensen
Trevor Sullivan
hobyte
nett_hier
zebernst

Changes

siderolabs/talos@4f54e9b46 release(v1.2.0-beta.1): prepare release
siderolabs/talos@cb492c163 fix: don't wait for the hostname in maintenance mode
siderolabs/talos@f8a5a1a56 fix: stable default hostname bias
siderolabs/talos@465f60c6c feat: update etcd advertised peer addresses on the fly
siderolabs/talos@30707d064 chore: bump kubernetes to v1.25.0-rc.1
siderolabs/talos@518da6c72 fix: make 'ca', 'crt' and 'key' flags optional for 'talosctl config add'
siderolabs/talos@28ffff59a fix: handle grub config being empty in the Revert function
siderolabs/talos@6f89c8f7b fix: clean up cancelCtxMu leftovers in PriorityLock
siderolabs/talos@9bbb6a943 fix: surround cancelCtx with the mutex
siderolabs/talos@f04b9f88c fix: talosctl edit mc loop
siderolabs/talos@5b4261499 docs: nvidia gpu beta support
siderolabs/talos@653acb8df chore: bump kernel to 5.15.62
siderolabs/talos@3bbcc116e chore: bump containerd to v1.6.8
siderolabs/talos@d6dbac444 docs: correct link to api access from k8s
siderolabs/talos@20d0b56a4 release(v1.2.0-beta.0): prepare release
siderolabs/talos@f37da96ef feat: enable talos client to connect to Talos through an auth proxy
siderolabs/talos@123d32174 chore: validate that etcd ca is not empty
siderolabs/talos@0fe4492e7 chore: bump golangci-lint from 1.47.2 to 1.48.0
siderolabs/talos@7e527777e chore: update API descriptors
siderolabs/talos@65098c14e chore: bump to the final released versions
siderolabs/talos@9512e8f30 feat: allow modules to be loaded via extension
siderolabs/talos@2c482936b chore: bump dependencies
siderolabs/talos@586e29dfc feat: add event actor id to client api and events cmd
siderolabs/talos@9baca4966 refactor: implement COSI resource API for Talos
siderolabs/talos@d04211f85 feat: add new event watch fn and return action responses on API
siderolabs/talos@f88d08e21 docs: clarification of AWS set up process
siderolabs/talos@b48adb8ec chore: revert kernel with BTF support
siderolabs/talos@e422ea63d chore: add proto definitions for common types
siderolabs/talos@5c6648e3d fix: make talosctl command return nonzero error codes if it had errors
siderolabs/talos@dce923f74 feat: allow configuring etcd listen addresses
siderolabs/talos@4c3485ae3 feat: update Kubernetes to 1.25.0-rc.0
siderolabs/talos@ea6ceab24 chore: bump kernel to 5.15.60
siderolabs/talos@20a564085 fix: introduce 'routed' NodeAddresses and use them in kubelet
siderolabs/talos@f1de47894 docs: verbiage in Digital Ocean tutorial
siderolabs/talos@6b23deddc feat: support custom ports for connecting to apid from talosctl
siderolabs/talos@07cd0924e fix: recursive seccomp mounts
siderolabs/talos@696f2b735 chore: update kernel to the version with BTF support
siderolabs/talos@b5da686a7 feat: add actor ID to events & emit an initial empty event
siderolabs/talos@fec0ed29d fix: add missing LinkStatusType registration
siderolabs/talos@13499fc30 feat: support patching the machine config in the apply-config cmd
siderolabs/talos@be351dcb9 release(v1.2.0-alpha.2): prepare release
siderolabs/talos@5dd1b4002 feat: disable Kubernetes discovery backend by default
siderolabs/talos@b62b18a97 feat: bump k8s to v1.25.0-beta.0
siderolabs/talos@7b80a747b feat: add protobuf encoding/decoding for Go structs
siderolabs/talos@00c3ee3ac docs: remove obsolete references to init nodes
siderolabs/talos@6eefa9d9c fix: properly filter resources in maintenance server
siderolabs/talos@fa5aad01a docs: fix issues in GCP docs
siderolabs/talos@98f056603 chore: bump dependencies
siderolabs/talos@84e712a9f feat: introduce Talos API access from Kubernetes
siderolabs/talos@d7be30892 chore: bump kernel to 5.15.59
siderolabs/talos@c2c2d65bc refactor: use COSI access filter for resource access
siderolabs/talos@1dee0579e feat: add support for proxying one-to-one to apid
siderolabs/talos@86eb01cd6 docs: add missing dev tools
siderolabs/talos@4fd676c04 docs: fix typo in theila name
siderolabs/talos@856beb21c feat: containerd 1.6.7, Flannel 1.19.1
siderolabs/talos@e97b9f6d3 feat: support dhcp options for vlan
siderolabs/talos@92314e47b refactor: use controllers/resources to feed trustd with data
siderolabs/talos@80d298abf feat: support skipping node registration
siderolabs/talos@7795de313 fix: use controllers/resources for etcd configuration
siderolabs/talos@f9b664c94 fix: reload trusted CA list when client is recreated
siderolabs/talos@8847ccd03 fix: shutdown some streaming API calls when machined API is shuting down
siderolabs/talos@f95b53726 fix: allow files in extension spec
siderolabs/talos@1a8f6ec8e fix: don't advertise Kubernetes pod networks over KubeSpan by default
siderolabs/talos@e3d4a0e4d fix: make reset work even if the node is not bootstrapped/not joined
siderolabs/talos@a6b010a8b chore: update Go to 1.19, Linux to 5.15.58
siderolabs/talos@fb058a7c9 test: use T.TempDir to create temporary test directory
siderolabs/talos@6fc38bae6 fix: iterate over etcd members endpoints for member promotion
siderolabs/talos@c70b692fb fix: update default address if removed from the host
siderolabs/talos@cf620d473 feat: read talosconfig from secrets directory
siderolabs/talos@1ad8e6122 fix: keep entire vlan id when parsing cmdline
siderolabs/talos@fe2ee3b10 feat: implement MachineStatus resource
siderolabs/talos@670d274c4 chore: bump dependencies
siderolabs/talos@08d2612e0 docs: bond devices are comma separated
siderolabs/talos@c3c3e14db chore: add gotagsrewrite tool and use it to add tags to resources
siderolabs/talos@2e790526f refactor: make apid stop gracefully and be stopped late
siderolabs/talos@0cdf22243 fix: retry Conflict errors when upgrading k8s manifests
siderolabs/talos@1db097f50 release(v1.2.0-alpha.1): prepare release
siderolabs/talos@5ac4947b6 feat: enable default seccomp profile for kubelet
siderolabs/talos@e5994ff7a fix: skip ResetDuringBoot test if the Cluster config is unknown
siderolabs/talos@8028e1074 fix: wait for boot done when rebooting a node in the integration tests
siderolabs/talos@ae1bec59e feat: allow running only one sequence at a time
siderolabs/talos@ec05aee04 fix: correctly unwrap errors when streaming
siderolabs/talos@7c7f2d8c3 feat: refactor disk size matcher to be compatible with DeepEqual
siderolabs/talos@3addea83b feat: introduce support for Talos API access from Kubernetes
siderolabs/talos@34d3a4164 docs: add missing <> to relref
siderolabs/talos@c4d2d20c4 fix: enable stable hostnames for worker configs as well
siderolabs/talos@0326bac1f chore: bump kernel to 5.15.57
siderolabs/talos@86820c33f chore: bump dependencies
siderolabs/talos@6e7dfeeb3 fix: data race in packet capture (part 2)
siderolabs/talos@c11e1dae7 docs: fix spelling and grammar errors
siderolabs/talos@30f7851d2 chore: bump golangci-lint from 1.45.2 to 1.47.2
siderolabs/talos@2cce9112d chore: bump goimports from 0.1.10 to 0.1.11
siderolabs/talos@18756c7ff fix: folder permissions of overlay mounted folders
siderolabs/talos@47c35dc47 feat: set stable default hostname based on machine-id
siderolabs/talos@1ed3df295 chore: support glibc apps extension spec
siderolabs/talos@a2aea9726 fix: write etcd PKI files in a controller
siderolabs/talos@bb4abc096 fix: regenerate kubelet certs when hostname changes
siderolabs/talos@d650afb6c chore: fix typo in powercycle
siderolabs/talos@644e803ad fix: use masks and different firewall mark for KubeSpan
siderolabs/talos@80444a43d fix: remove data race in pcap capture
siderolabs/talos@04a45dff2 docs: remove katacoda links
siderolabs/talos@065b59276 feat: implement packet capture API
siderolabs/talos@7c006cabc feat: update Kubernetes to 1.24.3
siderolabs/talos@551290195 chore: bump dependencies
siderolabs/talos@1677bcc4b fix: skip bond itself when matching interface (Equinix Metal)
siderolabs/talos@f1c2b5c55 feat: implement strategic merge patching for API server admission config
siderolabs/talos@be98cb82b feat: follow KEP-2568 non-root enhancements
siderolabs/talos@87ea1d961 fix: update kubelet kubeconfig when cluster control plane endpoint changes
siderolabs/talos@a75fe7600 feat: gen secrets from kubernetes pki dir
siderolabs/talos@a1d7b535a docs: add kubeadm migration guide
siderolabs/talos@9e0c56581 docs: guide for setting up synology-csi driver
siderolabs/talos@f0b8eea5e refactor: remove bootstrap sequence
siderolabs/talos@89c7da899 docs: add documentation for vagrant & libvirt
siderolabs/talos@014b85fdc docs: improve talos kubernetes upgrade note
siderolabs/talos@88bb017ed docs: remove old docs from site
siderolabs/talos@c92c90655 feat: build talosctl for FreeBSD
siderolabs/talos@616da3069 docs: update last release for 1.1
siderolabs/talos@091e6ef0e feat: resubstitute talos.config url variables on retry
siderolabs/talos@ec74ab38a feat: update Go to 1.18.4, Linux to 5.15.54
siderolabs/talos@641f6a1e4 feat: expose strategic merge config patches
siderolabs/talos@6e3d2d647 docs: fix disk encryption params
siderolabs/talos@c43d6a31d docs: fix typos
siderolabs/talos@551887528 chore: bump dependencies
siderolabs/talos@626ef05e6 fix: correct SANs for etcd certs
siderolabs/talos@83ce92c5f docs: fix theila docs
siderolabs/talos@8a038d40e fix: stabilize etcd join and promote sequences
siderolabs/talos@136122556 fix: use correct etcd cert path
siderolabs/talos@c170ec0b0 chore: bump kernel to 5.15.53
siderolabs/talos@d924901b7 feat: add cli subcommand to generate secrets
siderolabs/talos@34aabedd8 feat: more circular pkg from internal to pkg
siderolabs/talos@4f044e466 feat: implement strategic merge machine config patching
siderolabs/talos@c2a512608 fix: avoid double append of talos.platform kernel argument
siderolabs/talos@27dfe7c03 fix: perform accurate conflict resolution on overal (kubespan)
siderolabs/talos@e437445b4 chore: bump kernel to 5.15.52
siderolabs/talos@d27a6a4ac feat: add vlan support to cmdline
siderolabs/talos@fdca5d8a9 chore: bump dependencies
siderolabs/talos@ae3840dbc refactor: move kubeconfig package under public api
siderolabs/talos@184e113f3 chore: disable systeminfo controller in container
siderolabs/talos@86a0a7bdf refactor: use pointer types more in machine config structs
siderolabs/talos@3a1eb10e6 docs: update the Proxmox kvm64 note
siderolabs/talos@30e220fcd docs: kernel cmdline params updated on upgrades
siderolabs/talos@915de9cf9 docs: fix bridge documentation
siderolabs/talos@52cd12951 test: bump Talos versions in upgrade tests
siderolabs/talos@022581d80 release(v1.2.0-alpha.0): prepare release
siderolabs/talos@643e81cfe feat: add SenseLabs to ADOPTERS.md
siderolabs/talos@bdfee2b3b chore: bump kernel to 5.15.51
siderolabs/talos@36c44a651 fix: provide CA certificates in /etc/ssl/certs/ca-certificates.crt
siderolabs/talos@7ebd9bcce docs: fix pod security talos resource name
siderolabs/talos@57b625e0a refactor: avoid recreating grpc clients in service health checks
siderolabs/talos@a68a00f1b docs: recommend setting "host" Processor Type on proxmox
siderolabs/talos@923600a73 chore: bump kernel to 5.15.50
siderolabs/talos@758a9bf59 docs: add theila ui
siderolabs/talos@b81016e62 chore: update blockdevice library to v0.3.3
siderolabs/talos@284a2f959 fix: filter static pods correctly and optimize fetching
siderolabs/talos@61abf3111 docs: change command for cluster create to keep $HOME with sudo
siderolabs/talos@6ae1e9bf2 chore: bump dependencies
siderolabs/talos@2deff6b6e feat: add support for variable substitution in talos.config kernel parameter
siderolabs/talos@103c94225 fix: update crypto library with support for RSA-SHA*
siderolabs/talos@448de7194 docs: add UpCloud installation guide
siderolabs/talos@07014e0a8 fix: generate correct bootstrap manifests when only IPv6 CIDR is used
siderolabs/talos@465edbb47 fix: look for qemu-kvm binary
siderolabs/talos@63caa281a fix: create native image format for DigitalOcean
siderolabs/talos@f15ce549e fix: siderlink api assume port 443 with https schema
siderolabs/talos@797596229 feat: add support for configuring network bridges
siderolabs/talos@2b23fabcc docs: use SVG image for K8s conformance
siderolabs/talos@d4606c33e chore: bump kernel to 5.15.49
siderolabs/talos@cfb640222 docs: update docs for release 1.1
siderolabs/talos@b816d0b60 docs: fix the vendor information for Kubernetes conformance tests
siderolabs/talos@a167a5402 test: fix CLI nodes discovery without provisioner data
siderolabs/talos@916a30682 docs: add twitter meta info
siderolabs/talos@80090a3ed test: fix health endpoint cli test when discovery is disabled
siderolabs/talos@3c263bb44 chore: bump dependencies
siderolabs/talos@e8113527f chore: bump kubernetes to v1.24.2
siderolabs/talos@068f1b6d0 feat: add ctest package and base for test suite
siderolabs/talos@2aad3a1e4 chore: bump kernel to 5.15.48
siderolabs/talos@a31a858e0 docs: snippets for logging api server audit logs
siderolabs/talos@89aaaef9f chore: bump kernel to 5.15.47
siderolabs/talos@6759fcd4a feat: use discovery service on cluster health checks
siderolabs/talos@f54d90787 fix: enable orderly poweroff in hyper-v on Azure
siderolabs/talos@35475ce45 docs: openebs jiva example with iscsi-tools extension
siderolabs/talos@8d2be5e31 feat: extend node definition used in health checks
siderolabs/talos@7a11b4def fix: make talosctl bootstrap accept only single node
siderolabs/talos@217fba288 test: fix csi tests
siderolabs/talos@90bf34fed docs: fork docs for Talos 1.2
siderolabs/talos@a0dd010a8 docs: add link to discovery service in kubespan
siderolabs/talos@c0371410e fix: support SideroLink "secure" gRPC connection
siderolabs/talos@b03709620 feat: build Talos images with system extensions included
siderolabs/talos@43def7490 chore: bump kernel and runc
siderolabs/talos@4dbbf4ac5 chore: add generic methods and use them part #2
siderolabs/talos@7114292b6 docs: fix latest release version in docs
siderolabs/talos@da2985fe1 fix: respect local API server port
siderolabs/talos@e03266667 fix: correctly validate reboot mode in CLI
siderolabs/talos@70fc42409 chore: add generic methods and use them
siderolabs/talos@3ae8bdd92 chore: run xfs_repair on xfs filesystem returing EUCLEAN
siderolabs/talos@0c91c89f4 chore: revert day-two tests for csi tests
siderolabs/talos@f71b58312 feat: disallow anonymous requests by default (kube-apiserver)
siderolabs/talos@c19dd1b89 feat: add 'etcd members should be control plane nodes' health check
siderolabs/talos@f2997c0f2 chore: bump dependencies
siderolabs/talos@f3efec4b5 feat: update containerd 1.6.6, Linux 5.15.45, Flannel 0.18.1
siderolabs/talos@27f8e50ce fix: add ovmf image path for rhel
siderolabs/talos@87e7de30c docs: fix required ports
siderolabs/talos@c126f2ee8 chore: bump golang to 1.18.3
siderolabs/talos@c1aed6240 fix: wait for /var to be mounted in kubelet service controller
siderolabs/talos@d7a64f5d2 fix: improve vip operator shutdown sequence
siderolabs/talos@7b9dfcb85 chore: add 'make go-mod-outdated'

Changes since v1.2.0-beta.0

siderolabs/talos@4f54e9b46 release(v1.2.0-beta.1): prepare release
siderolabs/talos@cb492c163 fix: don't wait for the hostname in maintenance mode
siderolabs/talos@f8a5a1a56 fix: stable default hostname bias
siderolabs/talos@465f60c6c feat: update etcd advertised peer addresses on the fly
siderolabs/talos@30707d064 chore: bump kubernetes to v1.25.0-rc.1
siderolabs/talos@518da6c72 fix: make 'ca', 'crt' and 'key' flags optional for 'talosctl config add'
siderolabs/talos@28ffff59a fix: handle grub config being empty in the Revert function
siderolabs/talos@6f89c8f7b fix: clean up cancelCtxMu leftovers in PriorityLock
siderolabs/talos@9bbb6a943 fix: surround cancelCtx with the mutex
siderolabs/talos@f04b9f88c fix: talosctl edit mc loop
siderolabs/talos@5b4261499 docs: nvidia gpu beta support
siderolabs/talos@653acb8df chore: bump kernel to 5.15.62
siderolabs/talos@3bbcc116e chore: bump containerd to v1.6.8
siderolabs/talos@d6dbac444 docs: correct link to api access from k8s

Changes from siderolabs/extras

siderolabs/extras@d5b9cf7 chore: update to the final tagged pkgs
siderolabs/extras@da35a63 feat: update Go to 1.19
siderolabs/extras@17a319f chore: update Go to 1.18.4
siderolabs/extras@892407f chore: bump golang to 1.18.3

Changes from siderolabs/pkgs

siderolabs/pkgs@a7609bb fix: nvidia oss pkg name
siderolabs/pkgs@774e062 chore: bump kernel to 5.15.62
siderolabs/pkgs@8a338a3 fix: containerd version
siderolabs/pkgs@03efe67 chore: bump containerd to v1.6.8
siderolabs/pkgs@a2c572d chore: use final tagged tools image
siderolabs/pkgs@8cb7fff feat: add nvidia open gpu kernel modules
siderolabs/pkgs@165c278 feat: revert build kernel with BTF enabled
siderolabs/pkgs@b8062ef chore: bump nvidia drivers to 515.65.01
siderolabs/pkgs@737b510 chore: bump kernel to 5.15.60
siderolabs/pkgs@1ee594a feat(kernel): build kernel with BTF enabled
siderolabs/pkgs@7783ee3 chore: bump kernel to 5.15.59
siderolabs/pkgs@360d596 feat: update containerd to 1.6.7
siderolabs/pkgs@6feece4 feat: update Go to 1.19
siderolabs/pkgs@9ad3aeb chore: bump kernel to 5.15.58
siderolabs/pkgs@dcc0311 chore: bump kernel to 5.15.57
siderolabs/pkgs@b943a9d chore: update Go to 1.18.4
siderolabs/pkgs@a44e324 chore: bump kernel to 5.15.54
siderolabs/pkgs@247f567 chore: bump kernel to 5.15.53
siderolabs/pkgs@4fe9867 chore: bump openssl to 1.1.1q
siderolabs/pkgs@9ee662c chore: bump kernel to 5.15.52
siderolabs/pkgs@4412db8 chore: bump kernel to 5.15.51
siderolabs/pkgs@6fedbdc chore: bump tools
siderolabs/pkgs@f1f44e6 chore: bump kernel to 5.15.50
siderolabs/pkgs@388af5e chore: bump openssl to 1.1.1p
siderolabs/pkgs@ed75c50 chore: enable RANDOM_TRUST_BOOTLOADER by default
siderolabs/pkgs@7c243f6 chore: bump kernel to 5.15.49
siderolabs/pkgs@6e1269e chore: bump kernel to 5.15.48
siderolabs/pkgs@5d671a3 chore: bump nvidia drivers to 515.48.07
siderolabs/pkgs@b35d835 chore: bump kernel to 5.15.47
siderolabs/pkgs@6604d6b feat: hyperv arm64
siderolabs/pkgs@c474058 chore: bump nvidia driver to 515.43.04
siderolabs/pkgs@5bc7e34 feat: update runc to 1.1.3, libseccomp to 2.5.4
siderolabs/pkgs@c02cd7a chore: bump kernel to 5.15.46
siderolabs/pkgs@b9c72a5 feat: update containerd to 1.6.6
siderolabs/pkgs@f7786a3 chore: bump kernel to 5.15.45
siderolabs/pkgs@b1c207d feat: update containerd to 1.6.5
siderolabs/pkgs@4d47830 chore: bump golang to 1.18.3
siderolabs/pkgs@dc21e30 chore: bump kernel to 5.15.44

Changes from siderolabs/tools

siderolabs/tools@ac357ec feat: add pahole so kernel can be built with BTF support
siderolabs/tools@cd35510 feat: update Go to 1.19
siderolabs/tools@e83198d chore: bump git to v2.37.1
siderolabs/tools@0d669dd feat: update Go 1.18.4
siderolabs/tools@26b32d5 chore: bump openssl to 1.1.1q
siderolabs/tools@d8015e7 chore: bump curl to 7.84.0
siderolabs/tools@3ec03ed chore: bump openssl to 1.1.1p
siderolabs/tools@3df9e13 chore: bump golang to 1.18.3

Changes from talos-systems/crypto

talos-systems/crypto@e9df1b8 feat: add support for generating keys from RSA-SHA256 CAs

Changes from talos-systems/go-blockdevice

talos-systems/go-blockdevice@74ea471 feat: add freebsd stubs
talos-systems/go-blockdevice@9fa801c feat: add ReadOnly attribute to Disk

Changes from talos-systems/go-loadbalancer

talos-systems/go-loadbalancer@b578d47 feat: add a way to configure loadbalancer options

Changes from talos-systems/grpc-proxy

talos-systems/grpc-proxy@6dfa2cc fix: ignore errors on duplicate SetHeader calls

Dependency Changes

cloud.google.com/go/compute v1.6.1 -> v1.8.0
github.com/BurntSushi/toml v1.1.0 -> v1.2.0
github.com/aws/aws-sdk-go v1.44.24 -> v1.44.76
github.com/containerd/containerd v1.6.4 -> v1.6.8
github.com/containernetworking/cni v1.1.0 -> v1.1.2
github.com/cosi-project/runtime 95d06feaf8b5 -> v0.1.0
github.com/docker/docker v20.10.16 -> v20.10.17
github.com/emicklei/dot v0.16.0 -> v1.0.0
github.com/gertd/go-pluralize v0.2.1 new
github.com/google/gopacket v1.1.19 new
github.com/google/nftables a9775fb167d2 -> 2eca00135732
github.com/hashicorp/go-getter v1.6.1 -> v1.6.2
github.com/hashicorp/go-version v1.5.0 -> v1.6.0
github.com/hetznercloud/hcloud-go v1.33.2 -> v1.35.2
github.com/insomniacslk/dhcp 1ca156eafb9f -> 509691fd59ec
github.com/jsimonetti/rtnetlink v1.2.0 -> v1.2.1
github.com/martinlindhe/base36 v1.1.1 new
github.com/mattn/go-isatty v0.0.14 -> v0.0.16
github.com/packethost/packngo v0.24.0 -> v0.25.0
github.com/prometheus/procfs v0.7.3 -> v0.8.0
github.com/rivo/tview 9994674d60a8 -> 0e6b21a48e96
github.com/siderolabs/extras v1.1.0-1-g5800284 -> v1.2.0
github.com/siderolabs/pkgs v1.1.0-8-gfa9a488 -> v1.2.0-4-ga7609bb
github.com/siderolabs/tools v1.1.0-1-g134974c -> v1.2.0
github.com/spf13/cobra v1.4.0 -> v1.5.0
github.com/stretchr/testify v1.7.1 -> v1.8.0
github.com/talos-systems/crypto v0.3.5 -> v0.3.6
github.com/talos-systems/go-blockdevice v0.3.2 -> v0.3.4
github.com/talos-systems/go-loadbalancer v0.1.2 -> v0.1.3
github.com/talos-systems/grpc-proxy v0.3.0 -> v0.3.1
github.com/u-root/u-root v0.8.0 -> v0.9.0
github.com/vishvananda/netlink v1.2.0-beta -> v1.2.1-beta.2
github.com/vmware-tanzu/sonobuoy v0.56.6 -> v0.56.9
github.com/vmware/govmomi v0.28.0 -> v0.29.0
go.uber.org/zap v1.21.0 -> v1.22.0
golang.org/x/net 5463443f8c37 -> 3211cb980234
golang.org/x/sync 0976fa681c29 -> 886fb9371eb4
golang.org/x/sys bc2c85ada10a -> fbc7d0a398ab
golang.org/x/term 065cf7ba2467 -> a9ba230a4035
golang.org/x/time 583f2d630306 -> e5dcc9cfc0b9
google.golang.org/grpc v1.46.2 -> v1.48.0
google.golang.org/protobuf v1.28.0 -> v1.28.1
gopkg.in/yaml.v3 496545a6307b -> v3.0.1
inet.af/netaddr c74959edd3b6 -> 502d2d690317
k8s.io/api v0.24.2 -> v0.25.0-rc.1
k8s.io/apimachinery v0.24.2 -> v0.25.0-rc.1
k8s.io/apiserver v0.24.2 -> v0.25.0-rc.1
k8s.io/client-go v0.24.2 -> v0.25.0-rc.1
k8s.io/component-base v0.24.2 -> v0.25.0-rc.1
k8s.io/cri-api v0.24.2 -> v0.25.0-rc.1
k8s.io/kubectl v0.24.2 -> v0.25.0-rc.1
k8s.io/kubelet v0.24.2 -> v0.25.0-rc.1
kernel.org/pub/linux/libs/security/libcap/cap v1.2.64 -> v1.2.65

Previous release can be found at v1.1.0

Images

ghcr.io/siderolabs/flannel:v0.19.1
ghcr.io/siderolabs/install-cni:v1.2.0
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.4
k8s.gcr.io/kube-apiserver:v1.25.0-rc.1
k8s.gcr.io/kube-controller-manager:v1.25.0-rc.1
k8s.gcr.io/kube-scheduler:v1.25.0-rc.1
k8s.gcr.io/kube-proxy:v1.25.0-rc.1
ghcr.io/siderolabs/kubelet:v1.25.0-rc.1
ghcr.io/siderolabs/installer:v1.2.0-beta.1
k8s.gcr.io/pause:3.6

talos - v1.2.0-beta.0

Published by talos-bot about 2 years ago

Talos 1.2.0-beta.0 (2022-08-15)

Welcome to the v1.2.0-beta.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Talos API access from Kubernetes

Talos now supports access to its API from within Kubernetes. It can be configured in the machine config as below:

machine:
  features:
    kubernetesTalosAPIAccess:
      enabled: true
      allowedRoles:
        - os:reader
      allowedKubernetesNamespaces:
        - kube-system

This feature introduces a new custom resource definition, serviceaccounts.talos.dev.
Creating custom resources of this type will provide credentials to access Talos API from within Kubernetes.

The new CLI subcommand talosctl inject serviceaccount can be used to configure Kubernetes manifests with Talos service accounts as below:

talosctl inject serviceaccount -f manifests.yaml > manifests-injected.yaml
kubectl apply -f manifests-injected.yaml

See documentation for more details.

Apply Config Patches

talosctl apply-config now supports patching the machine config file in memory before submitting it to the node.

Generating Talos secrets from PKI directory

It is now possible to generate a secrets bundle from a Kubernetes PKI directory (e.g. /etc/kubernetes/pki).

You can also specify a bootstrap token to be used in the secrets bundle.

This secrets bundle can then be used to generate a machine config.

This facilitates migrating clusters (e.g. created using kubeadm) to Talos.

talosctl gen secrets --kubernetes-bootstrap-token znzio1.1ifu15frz7jd59pv --from-kubernetes-pki /etc/kubernetes/pki
talosctl gen config --with-secrets secrets.yaml my-cluster https://172.20.0.1:6443

Kubernetes ControlPlane Components

Talos now run all Kubernetes Control Plane Components with the CRI default Seccomp Profile and other recommendations as described in
KEP-2568.

Kubelet Default Runtime Seccomp Profile

Talos now runs Kubelet with the CRI default Seccomp Profile enabled.
This can be disabled by setting .machine.kubelet.defaultRuntimeSeccompProfileEnabled to false.

This is not enabled automatically on upgrades, so upgrading to Talos v1.2 needs this to be explicitly enabled.

Kubernetes Control Plane labels and taints

Kubernetes Discovery Backend

For air-gapped installations when the Discovery Service is not enabled, Kubernetes Discovery Backend can be enabled by applying
the following machine configuration patch:

cluster:
  discovery:
    registries:
      kubernetes:
        disabled: false

KubeSpan Kubernetes Network Advertisement

Old behavior can be restored by setting .machine.kubespan.advertiseKubernetesNetworks = true in the machine config.

MachineConfig `.cluster.allowSchedulingOnMasters` deprecated

`k8s.gcr.io` mirror configuration

This is only enabled by default on newly generated configurations and not on upgrades.
This can be enabled with a machine configuration as follows:

machine:
  registries:
    mirrors:
      k8s.gcr.io:
        endpoints:
          - https://registry.k8s.io
          - https://k8s.gcr.io

Network bridge support

Talos now supports configuring Linux bridges. It can be configured in the machine config like the following:

machine:
  network:
    interfaces:
      - interface: br0
        bridge:
          stp:
            enabled: true
          interfaces:
            - eth0
            - eth1

See documentation for more details.

VLAN support in cmdline arguments

Talos now supports dracut-style vlan kernel argument to allow
installing Talos Linux in networks where ports are not tagged
with a default VLAN:

vlan=eth1.5:eth1 ip=172.20.0.2::172.20.0.1:255.255.255.0::eth1.5:::::

Packet Capture

Talos now supports capturing packets on a network interface with talosctl pcap command:

talosctl pcap --interface eth0

Seccomp Profiles

Talos now supports creating custom seccomp profiles on the host machine which in turn can be used by Kubernetes workloads.
It can be configured in the machine config as below:

machine:
  seccompProfiles:
    - name: audit.json
      value:
        defaultAction: SCMP_ACT_LOG
    - name: deny.json
      value: {"defaultAction":"SCMP_ACT_LOG"}

This profile data can be either configured as a YAML definition or as a JSON string.

The profiles are created on the host under /var/lib/kubelet/seccomp/profiles.

See documentation for more details.

Stable Default Hostname

This ensures that the node hostname is not changed when DHCP assigns a new IP to a node.

Strategic merge machine configuration patching

In addition to JSON (RFC6902) patches Talos now supports strategic merge patching.

For example, machine hostname can be set with the following patch:

machine:
  network:
    hostname: worker1

Patch format is detected automatically.

Variable substitution for URL query parameter in the talos.config kernel parameter

The kernel parameter talos.config can now substitute system information into placeholders inside its URL query values. This example shows all supported variables:

http://example.com/metadata?h=${hostname}&m=${mac}&s=${serial}&u=${uuid}

talosctl

--masters flag on talosctl cluster create is deprecated. Use --controlplanes instead.

Component Updates

Linux: 5.15.60
Flannel 0.19.1
containerd 1.16.7
Kubernetes: v1.25.0-rc.0

Talos is built with Go 1.19.

Contributors

Andrey Smirnov
Noel Georgi
Utku Ozdemir
Dmitriy Matrenichev
Philipp Sauter
Artem Chernyshev
Tim Jones
Spencer Smith
Davincible
Eirik Askheim
Steve Francis
AMet
Alex Wied
Bermi Ferrer
Charlie Haley
Christoph Schmatzler
Dennis Marttinen
Eng Zer Jun
Flightkick
Florian Klink
Gwyn
Han Cen
Larry Rosenman
Markus Reiter
Matthew Richardson
Nico Berlee
Rio Kierkels
Robert Wunderer
RyanSquared
Serge Logvinov
Seán C McCord
Tommy Botten Jensen
Trevor Sullivan
hobyte
nett_hier
zebernst

Changes

siderolabs/talos@20d0b56a4 release(v1.2.0-beta.0): prepare release
siderolabs/talos@f37da96ef feat: enable talos client to connect to Talos through an auth proxy
siderolabs/talos@123d32174 chore: validate that etcd ca is not empty
siderolabs/talos@0fe4492e7 chore: bump golangci-lint from 1.47.2 to 1.48.0
siderolabs/talos@7e527777e chore: update API descriptors
siderolabs/talos@65098c14e chore: bump to the final released versions
siderolabs/talos@9512e8f30 feat: allow modules to be loaded via extension
siderolabs/talos@2c482936b chore: bump dependencies
siderolabs/talos@586e29dfc feat: add event actor id to client api and events cmd
siderolabs/talos@9baca4966 refactor: implement COSI resource API for Talos
siderolabs/talos@d04211f85 feat: add new event watch fn and return action responses on API
siderolabs/talos@f88d08e21 docs: clarification of AWS set up process
siderolabs/talos@b48adb8ec chore: revert kernel with BTF support
siderolabs/talos@e422ea63d chore: add proto definitions for common types
siderolabs/talos@5c6648e3d fix: make talosctl command return nonzero error codes if it had errors
siderolabs/talos@dce923f74 feat: allow configuring etcd listen addresses
siderolabs/talos@4c3485ae3 feat: update Kubernetes to 1.25.0-rc.0
siderolabs/talos@ea6ceab24 chore: bump kernel to 5.15.60
siderolabs/talos@20a564085 fix: introduce 'routed' NodeAddresses and use them in kubelet
siderolabs/talos@f1de47894 docs: verbiage in Digital Ocean tutorial
siderolabs/talos@6b23deddc feat: support custom ports for connecting to apid from talosctl
siderolabs/talos@07cd0924e fix: recursive seccomp mounts
siderolabs/talos@696f2b735 chore: update kernel to the version with BTF support
siderolabs/talos@b5da686a7 feat: add actor ID to events & emit an initial empty event
siderolabs/talos@fec0ed29d fix: add missing LinkStatusType registration
siderolabs/talos@13499fc30 feat: support patching the machine config in the apply-config cmd
siderolabs/talos@be351dcb9 release(v1.2.0-alpha.2): prepare release
siderolabs/talos@5dd1b4002 feat: disable Kubernetes discovery backend by default
siderolabs/talos@b62b18a97 feat: bump k8s to v1.25.0-beta.0
siderolabs/talos@7b80a747b feat: add protobuf encoding/decoding for Go structs
siderolabs/talos@00c3ee3ac docs: remove obsolete references to init nodes
siderolabs/talos@6eefa9d9c fix: properly filter resources in maintenance server
siderolabs/talos@fa5aad01a docs: fix issues in GCP docs
siderolabs/talos@98f056603 chore: bump dependencies
siderolabs/talos@84e712a9f feat: introduce Talos API access from Kubernetes
siderolabs/talos@d7be30892 chore: bump kernel to 5.15.59
siderolabs/talos@c2c2d65bc refactor: use COSI access filter for resource access
siderolabs/talos@1dee0579e feat: add support for proxying one-to-one to apid
siderolabs/talos@86eb01cd6 docs: add missing dev tools
siderolabs/talos@4fd676c04 docs: fix typo in theila name
siderolabs/talos@856beb21c feat: containerd 1.6.7, Flannel 1.19.1
siderolabs/talos@e97b9f6d3 feat: support dhcp options for vlan
siderolabs/talos@92314e47b refactor: use controllers/resources to feed trustd with data
siderolabs/talos@80d298abf feat: support skipping node registration
siderolabs/talos@7795de313 fix: use controllers/resources for etcd configuration
siderolabs/talos@f9b664c94 fix: reload trusted CA list when client is recreated
siderolabs/talos@8847ccd03 fix: shutdown some streaming API calls when machined API is shuting down
siderolabs/talos@f95b53726 fix: allow files in extension spec
siderolabs/talos@1a8f6ec8e fix: don't advertise Kubernetes pod networks over KubeSpan by default
siderolabs/talos@e3d4a0e4d fix: make reset work even if the node is not bootstrapped/not joined
siderolabs/talos@a6b010a8b chore: update Go to 1.19, Linux to 5.15.58
siderolabs/talos@fb058a7c9 test: use T.TempDir to create temporary test directory
siderolabs/talos@6fc38bae6 fix: iterate over etcd members endpoints for member promotion
siderolabs/talos@c70b692fb fix: update default address if removed from the host
siderolabs/talos@cf620d473 feat: read talosconfig from secrets directory
siderolabs/talos@1ad8e6122 fix: keep entire vlan id when parsing cmdline
siderolabs/talos@fe2ee3b10 feat: implement MachineStatus resource
siderolabs/talos@670d274c4 chore: bump dependencies
siderolabs/talos@08d2612e0 docs: bond devices are comma separated
siderolabs/talos@c3c3e14db chore: add gotagsrewrite tool and use it to add tags to resources
siderolabs/talos@2e790526f refactor: make apid stop gracefully and be stopped late
siderolabs/talos@0cdf22243 fix: retry Conflict errors when upgrading k8s manifests
siderolabs/talos@1db097f50 release(v1.2.0-alpha.1): prepare release
siderolabs/talos@5ac4947b6 feat: enable default seccomp profile for kubelet
siderolabs/talos@e5994ff7a fix: skip ResetDuringBoot test if the Cluster config is unknown
siderolabs/talos@8028e1074 fix: wait for boot done when rebooting a node in the integration tests
siderolabs/talos@ae1bec59e feat: allow running only one sequence at a time
siderolabs/talos@ec05aee04 fix: correctly unwrap errors when streaming
siderolabs/talos@7c7f2d8c3 feat: refactor disk size matcher to be compatible with DeepEqual
siderolabs/talos@3addea83b feat: introduce support for Talos API access from Kubernetes
siderolabs/talos@34d3a4164 docs: add missing <> to relref
siderolabs/talos@c4d2d20c4 fix: enable stable hostnames for worker configs as well
siderolabs/talos@0326bac1f chore: bump kernel to 5.15.57
siderolabs/talos@86820c33f chore: bump dependencies
siderolabs/talos@6e7dfeeb3 fix: data race in packet capture (part 2)
siderolabs/talos@c11e1dae7 docs: fix spelling and grammar errors
siderolabs/talos@30f7851d2 chore: bump golangci-lint from 1.45.2 to 1.47.2
siderolabs/talos@2cce9112d chore: bump goimports from 0.1.10 to 0.1.11
siderolabs/talos@18756c7ff fix: folder permissions of overlay mounted folders
siderolabs/talos@47c35dc47 feat: set stable default hostname based on machine-id
siderolabs/talos@1ed3df295 chore: support glibc apps extension spec
siderolabs/talos@a2aea9726 fix: write etcd PKI files in a controller
siderolabs/talos@bb4abc096 fix: regenerate kubelet certs when hostname changes
siderolabs/talos@d650afb6c chore: fix typo in powercycle
siderolabs/talos@644e803ad fix: use masks and different firewall mark for KubeSpan
siderolabs/talos@80444a43d fix: remove data race in pcap capture
siderolabs/talos@04a45dff2 docs: remove katacoda links
siderolabs/talos@065b59276 feat: implement packet capture API
siderolabs/talos@7c006cabc feat: update Kubernetes to 1.24.3
siderolabs/talos@551290195 chore: bump dependencies
siderolabs/talos@1677bcc4b fix: skip bond itself when matching interface (Equinix Metal)
siderolabs/talos@f1c2b5c55 feat: implement strategic merge patching for API server admission config
siderolabs/talos@be98cb82b feat: follow KEP-2568 non-root enhancements
siderolabs/talos@87ea1d961 fix: update kubelet kubeconfig when cluster control plane endpoint changes
siderolabs/talos@a75fe7600 feat: gen secrets from kubernetes pki dir
siderolabs/talos@a1d7b535a docs: add kubeadm migration guide
siderolabs/talos@9e0c56581 docs: guide for setting up synology-csi driver
siderolabs/talos@f0b8eea5e refactor: remove bootstrap sequence
siderolabs/talos@89c7da899 docs: add documentation for vagrant & libvirt
siderolabs/talos@014b85fdc docs: improve talos kubernetes upgrade note
siderolabs/talos@88bb017ed docs: remove old docs from site
siderolabs/talos@c92c90655 feat: build talosctl for FreeBSD
siderolabs/talos@616da3069 docs: update last release for 1.1
siderolabs/talos@091e6ef0e feat: resubstitute talos.config url variables on retry
siderolabs/talos@ec74ab38a feat: update Go to 1.18.4, Linux to 5.15.54
siderolabs/talos@641f6a1e4 feat: expose strategic merge config patches
siderolabs/talos@6e3d2d647 docs: fix disk encryption params
siderolabs/talos@c43d6a31d docs: fix typos
siderolabs/talos@551887528 chore: bump dependencies
siderolabs/talos@626ef05e6 fix: correct SANs for etcd certs
siderolabs/talos@83ce92c5f docs: fix theila docs
siderolabs/talos@8a038d40e fix: stabilize etcd join and promote sequences
siderolabs/talos@136122556 fix: use correct etcd cert path
siderolabs/talos@c170ec0b0 chore: bump kernel to 5.15.53
siderolabs/talos@d924901b7 feat: add cli subcommand to generate secrets
siderolabs/talos@34aabedd8 feat: more circular pkg from internal to pkg
siderolabs/talos@4f044e466 feat: implement strategic merge machine config patching
siderolabs/talos@c2a512608 fix: avoid double append of talos.platform kernel argument
siderolabs/talos@27dfe7c03 fix: perform accurate conflict resolution on overal (kubespan)
siderolabs/talos@e437445b4 chore: bump kernel to 5.15.52
siderolabs/talos@d27a6a4ac feat: add vlan support to cmdline
siderolabs/talos@fdca5d8a9 chore: bump dependencies
siderolabs/talos@ae3840dbc refactor: move kubeconfig package under public api
siderolabs/talos@184e113f3 chore: disable systeminfo controller in container
siderolabs/talos@86a0a7bdf refactor: use pointer types more in machine config structs
siderolabs/talos@3a1eb10e6 docs: update the Proxmox kvm64 note
siderolabs/talos@30e220fcd docs: kernel cmdline params updated on upgrades
siderolabs/talos@915de9cf9 docs: fix bridge documentation
siderolabs/talos@52cd12951 test: bump Talos versions in upgrade tests
siderolabs/talos@022581d80 release(v1.2.0-alpha.0): prepare release
siderolabs/talos@643e81cfe feat: add SenseLabs to ADOPTERS.md
siderolabs/talos@bdfee2b3b chore: bump kernel to 5.15.51
siderolabs/talos@36c44a651 fix: provide CA certificates in /etc/ssl/certs/ca-certificates.crt
siderolabs/talos@7ebd9bcce docs: fix pod security talos resource name
siderolabs/talos@57b625e0a refactor: avoid recreating grpc clients in service health checks
siderolabs/talos@a68a00f1b docs: recommend setting "host" Processor Type on proxmox
siderolabs/talos@923600a73 chore: bump kernel to 5.15.50
siderolabs/talos@758a9bf59 docs: add theila ui
siderolabs/talos@b81016e62 chore: update blockdevice library to v0.3.3
siderolabs/talos@284a2f959 fix: filter static pods correctly and optimize fetching
siderolabs/talos@61abf3111 docs: change command for cluster create to keep $HOME with sudo
siderolabs/talos@6ae1e9bf2 chore: bump dependencies
siderolabs/talos@2deff6b6e feat: add support for variable substitution in talos.config kernel parameter
siderolabs/talos@103c94225 fix: update crypto library with support for RSA-SHA*
siderolabs/talos@448de7194 docs: add UpCloud installation guide
siderolabs/talos@07014e0a8 fix: generate correct bootstrap manifests when only IPv6 CIDR is used
siderolabs/talos@465edbb47 fix: look for qemu-kvm binary
siderolabs/talos@63caa281a fix: create native image format for DigitalOcean
siderolabs/talos@f15ce549e fix: siderlink api assume port 443 with https schema
siderolabs/talos@797596229 feat: add support for configuring network bridges
siderolabs/talos@2b23fabcc docs: use SVG image for K8s conformance
siderolabs/talos@d4606c33e chore: bump kernel to 5.15.49
siderolabs/talos@cfb640222 docs: update docs for release 1.1
siderolabs/talos@b816d0b60 docs: fix the vendor information for Kubernetes conformance tests
siderolabs/talos@a167a5402 test: fix CLI nodes discovery without provisioner data
siderolabs/talos@916a30682 docs: add twitter meta info
siderolabs/talos@80090a3ed test: fix health endpoint cli test when discovery is disabled
siderolabs/talos@3c263bb44 chore: bump dependencies
siderolabs/talos@e8113527f chore: bump kubernetes to v1.24.2
siderolabs/talos@068f1b6d0 feat: add ctest package and base for test suite
siderolabs/talos@2aad3a1e4 chore: bump kernel to 5.15.48
siderolabs/talos@a31a858e0 docs: snippets for logging api server audit logs
siderolabs/talos@89aaaef9f chore: bump kernel to 5.15.47
siderolabs/talos@6759fcd4a feat: use discovery service on cluster health checks
siderolabs/talos@f54d90787 fix: enable orderly poweroff in hyper-v on Azure
siderolabs/talos@35475ce45 docs: openebs jiva example with iscsi-tools extension
siderolabs/talos@8d2be5e31 feat: extend node definition used in health checks
siderolabs/talos@7a11b4def fix: make talosctl bootstrap accept only single node
siderolabs/talos@217fba288 test: fix csi tests
siderolabs/talos@90bf34fed docs: fork docs for Talos 1.2
siderolabs/talos@a0dd010a8 docs: add link to discovery service in kubespan
siderolabs/talos@c0371410e fix: support SideroLink "secure" gRPC connection
siderolabs/talos@b03709620 feat: build Talos images with system extensions included
siderolabs/talos@43def7490 chore: bump kernel and runc
siderolabs/talos@4dbbf4ac5 chore: add generic methods and use them part #2
siderolabs/talos@7114292b6 docs: fix latest release version in docs
siderolabs/talos@da2985fe1 fix: respect local API server port
siderolabs/talos@e03266667 fix: correctly validate reboot mode in CLI
siderolabs/talos@70fc42409 chore: add generic methods and use them
siderolabs/talos@3ae8bdd92 chore: run xfs_repair on xfs filesystem returing EUCLEAN
siderolabs/talos@0c91c89f4 chore: revert day-two tests for csi tests
siderolabs/talos@f71b58312 feat: disallow anonymous requests by default (kube-apiserver)
siderolabs/talos@c19dd1b89 feat: add 'etcd members should be control plane nodes' health check
siderolabs/talos@f2997c0f2 chore: bump dependencies
siderolabs/talos@f3efec4b5 feat: update containerd 1.6.6, Linux 5.15.45, Flannel 0.18.1
siderolabs/talos@27f8e50ce fix: add ovmf image path for rhel
siderolabs/talos@87e7de30c docs: fix required ports
siderolabs/talos@c126f2ee8 chore: bump golang to 1.18.3
siderolabs/talos@c1aed6240 fix: wait for /var to be mounted in kubelet service controller
siderolabs/talos@d7a64f5d2 fix: improve vip operator shutdown sequence
siderolabs/talos@7b9dfcb85 chore: add 'make go-mod-outdated'

Changes since v1.2.0-alpha.2

siderolabs/talos@20d0b56a4 release(v1.2.0-beta.0): prepare release
siderolabs/talos@f37da96ef feat: enable talos client to connect to Talos through an auth proxy
siderolabs/talos@123d32174 chore: validate that etcd ca is not empty
siderolabs/talos@0fe4492e7 chore: bump golangci-lint from 1.47.2 to 1.48.0
siderolabs/talos@7e527777e chore: update API descriptors
siderolabs/talos@65098c14e chore: bump to the final released versions
siderolabs/talos@9512e8f30 feat: allow modules to be loaded via extension
siderolabs/talos@2c482936b chore: bump dependencies
siderolabs/talos@586e29dfc feat: add event actor id to client api and events cmd
siderolabs/talos@9baca4966 refactor: implement COSI resource API for Talos
siderolabs/talos@d04211f85 feat: add new event watch fn and return action responses on API
siderolabs/talos@f88d08e21 docs: clarification of AWS set up process
siderolabs/talos@b48adb8ec chore: revert kernel with BTF support
siderolabs/talos@e422ea63d chore: add proto definitions for common types
siderolabs/talos@5c6648e3d fix: make talosctl command return nonzero error codes if it had errors
siderolabs/talos@dce923f74 feat: allow configuring etcd listen addresses
siderolabs/talos@4c3485ae3 feat: update Kubernetes to 1.25.0-rc.0
siderolabs/talos@ea6ceab24 chore: bump kernel to 5.15.60
siderolabs/talos@20a564085 fix: introduce 'routed' NodeAddresses and use them in kubelet
siderolabs/talos@f1de47894 docs: verbiage in Digital Ocean tutorial
siderolabs/talos@6b23deddc feat: support custom ports for connecting to apid from talosctl
siderolabs/talos@07cd0924e fix: recursive seccomp mounts
siderolabs/talos@696f2b735 chore: update kernel to the version with BTF support
siderolabs/talos@b5da686a7 feat: add actor ID to events & emit an initial empty event
siderolabs/talos@fec0ed29d fix: add missing LinkStatusType registration
siderolabs/talos@13499fc30 feat: support patching the machine config in the apply-config cmd

Changes from siderolabs/extras

siderolabs/extras@d5b9cf7 chore: update to the final tagged pkgs
siderolabs/extras@da35a63 feat: update Go to 1.19
siderolabs/extras@17a319f chore: update Go to 1.18.4
siderolabs/extras@892407f chore: bump golang to 1.18.3

Changes from siderolabs/pkgs

siderolabs/pkgs@a2c572d chore: use final tagged tools image
siderolabs/pkgs@8cb7fff feat: add nvidia open gpu kernel modules
siderolabs/pkgs@165c278 feat: revert build kernel with BTF enabled
siderolabs/pkgs@b8062ef chore: bump nvidia drivers to 515.65.01
siderolabs/pkgs@737b510 chore: bump kernel to 5.15.60
siderolabs/pkgs@1ee594a feat(kernel): build kernel with BTF enabled
siderolabs/pkgs@7783ee3 chore: bump kernel to 5.15.59
siderolabs/pkgs@360d596 feat: update containerd to 1.6.7
siderolabs/pkgs@6feece4 feat: update Go to 1.19
siderolabs/pkgs@9ad3aeb chore: bump kernel to 5.15.58
siderolabs/pkgs@dcc0311 chore: bump kernel to 5.15.57
siderolabs/pkgs@b943a9d chore: update Go to 1.18.4
siderolabs/pkgs@a44e324 chore: bump kernel to 5.15.54
siderolabs/pkgs@247f567 chore: bump kernel to 5.15.53
siderolabs/pkgs@4fe9867 chore: bump openssl to 1.1.1q
siderolabs/pkgs@9ee662c chore: bump kernel to 5.15.52
siderolabs/pkgs@4412db8 chore: bump kernel to 5.15.51
siderolabs/pkgs@6fedbdc chore: bump tools
siderolabs/pkgs@f1f44e6 chore: bump kernel to 5.15.50
siderolabs/pkgs@388af5e chore: bump openssl to 1.1.1p
siderolabs/pkgs@ed75c50 chore: enable RANDOM_TRUST_BOOTLOADER by default
siderolabs/pkgs@7c243f6 chore: bump kernel to 5.15.49
siderolabs/pkgs@6e1269e chore: bump kernel to 5.15.48
siderolabs/pkgs@5d671a3 chore: bump nvidia drivers to 515.48.07
siderolabs/pkgs@b35d835 chore: bump kernel to 5.15.47
siderolabs/pkgs@6604d6b feat: hyperv arm64
siderolabs/pkgs@c474058 chore: bump nvidia driver to 515.43.04
siderolabs/pkgs@5bc7e34 feat: update runc to 1.1.3, libseccomp to 2.5.4
siderolabs/pkgs@c02cd7a chore: bump kernel to 5.15.46
siderolabs/pkgs@b9c72a5 feat: update containerd to 1.6.6
siderolabs/pkgs@f7786a3 chore: bump kernel to 5.15.45
siderolabs/pkgs@b1c207d feat: update containerd to 1.6.5
siderolabs/pkgs@4d47830 chore: bump golang to 1.18.3
siderolabs/pkgs@dc21e30 chore: bump kernel to 5.15.44

Changes from siderolabs/tools

siderolabs/tools@ac357ec feat: add pahole so kernel can be built with BTF support
siderolabs/tools@cd35510 feat: update Go to 1.19
siderolabs/tools@e83198d chore: bump git to v2.37.1
siderolabs/tools@0d669dd feat: update Go 1.18.4
siderolabs/tools@26b32d5 chore: bump openssl to 1.1.1q
siderolabs/tools@d8015e7 chore: bump curl to 7.84.0
siderolabs/tools@3ec03ed chore: bump openssl to 1.1.1p
siderolabs/tools@3df9e13 chore: bump golang to 1.18.3

Changes from talos-systems/crypto

talos-systems/crypto@e9df1b8 feat: add support for generating keys from RSA-SHA256 CAs

Changes from talos-systems/go-blockdevice

talos-systems/go-blockdevice@74ea471 feat: add freebsd stubs
talos-systems/go-blockdevice@9fa801c feat: add ReadOnly attribute to Disk

Changes from talos-systems/go-loadbalancer

talos-systems/go-loadbalancer@b578d47 feat: add a way to configure loadbalancer options

Changes from talos-systems/grpc-proxy

talos-systems/grpc-proxy@6dfa2cc fix: ignore errors on duplicate SetHeader calls

Dependency Changes

cloud.google.com/go/compute v1.6.1 -> v1.8.0
github.com/BurntSushi/toml v1.1.0 -> v1.2.0
github.com/aws/aws-sdk-go v1.44.24 -> v1.44.76
github.com/containerd/containerd v1.6.4 -> v1.6.8
github.com/containernetworking/cni v1.1.0 -> v1.1.2
github.com/cosi-project/runtime 95d06feaf8b5 -> v0.1.0
github.com/docker/docker v20.10.16 -> v20.10.17
github.com/emicklei/dot v0.16.0 -> v1.0.0
github.com/gertd/go-pluralize v0.2.1 new
github.com/google/gopacket v1.1.19 new
github.com/google/nftables a9775fb167d2 -> 2eca00135732
github.com/hashicorp/go-getter v1.6.1 -> v1.6.2
github.com/hashicorp/go-version v1.5.0 -> v1.6.0
github.com/hetznercloud/hcloud-go v1.33.2 -> v1.35.2
github.com/insomniacslk/dhcp 1ca156eafb9f -> 509691fd59ec
github.com/jsimonetti/rtnetlink v1.2.0 -> v1.2.1
github.com/martinlindhe/base36 v1.1.1 new
github.com/mattn/go-isatty v0.0.14 -> v0.0.16
github.com/packethost/packngo v0.24.0 -> v0.25.0
github.com/prometheus/procfs v0.7.3 -> v0.8.0
github.com/rivo/tview 9994674d60a8 -> 0e6b21a48e96
github.com/siderolabs/extras v1.1.0-1-g5800284 -> v1.2.0
github.com/siderolabs/pkgs v1.1.0-8-gfa9a488 -> v1.2.0
github.com/siderolabs/tools v1.1.0-1-g134974c -> v1.2.0
github.com/spf13/cobra v1.4.0 -> v1.5.0
github.com/stretchr/testify v1.7.1 -> v1.8.0
github.com/talos-systems/crypto v0.3.5 -> v0.3.6
github.com/talos-systems/go-blockdevice v0.3.2 -> v0.3.4
github.com/talos-systems/go-loadbalancer v0.1.2 -> v0.1.3
github.com/talos-systems/grpc-proxy v0.3.0 -> v0.3.1
github.com/u-root/u-root v0.8.0 -> v0.9.0
github.com/vishvananda/netlink v1.2.0-beta -> v1.2.1-beta.2
github.com/vmware-tanzu/sonobuoy v0.56.6 -> v0.56.9
github.com/vmware/govmomi v0.28.0 -> v0.29.0
go.uber.org/zap v1.21.0 -> v1.22.0
golang.org/x/net 5463443f8c37 -> 3211cb980234
golang.org/x/sync 0976fa681c29 -> 886fb9371eb4
golang.org/x/sys bc2c85ada10a -> fbc7d0a398ab
golang.org/x/term 065cf7ba2467 -> a9ba230a4035
golang.org/x/time 583f2d630306 -> e5dcc9cfc0b9
google.golang.org/grpc v1.46.2 -> v1.48.0
google.golang.org/protobuf v1.28.0 -> v1.28.1
gopkg.in/yaml.v3 496545a6307b -> v3.0.1
inet.af/netaddr c74959edd3b6 -> 502d2d690317
k8s.io/api v0.24.2 -> v0.25.0-rc.0
k8s.io/apimachinery v0.24.2 -> v0.25.0-rc.0
k8s.io/apiserver v0.24.2 -> v0.25.0-rc.0
k8s.io/client-go v0.24.2 -> v0.25.0-rc.0
k8s.io/component-base v0.24.2 -> v0.25.0-rc.0
k8s.io/cri-api v0.24.2 -> v0.25.0-rc.0
k8s.io/kubectl v0.24.2 -> v0.25.0-rc.0
k8s.io/kubelet v0.24.2 -> v0.25.0-rc.0
kernel.org/pub/linux/libs/security/libcap/cap v1.2.64 -> v1.2.65

Previous release can be found at v1.1.0

Images

ghcr.io/siderolabs/flannel:v0.19.1
ghcr.io/siderolabs/install-cni:v1.2.0
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.4
k8s.gcr.io/kube-apiserver:v1.25.0-rc.0
k8s.gcr.io/kube-controller-manager:v1.25.0-rc.0
k8s.gcr.io/kube-scheduler:v1.25.0-rc.0
k8s.gcr.io/kube-proxy:v1.25.0-rc.0
ghcr.io/siderolabs/kubelet:v1.25.0-rc.0
ghcr.io/siderolabs/installer:v1.2.0-beta.0
k8s.gcr.io/pause:3.6

talos -

Published by talos-bot about 2 years ago

Talos 1.2.0-alpha.2 (2022-08-10)

Welcome to the v1.2.0-alpha.2 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Talos API access from Kubernetes

Talos now supports access to its API from within Kubernetes. It can be configured in the machine config as below:

machine:
  features:
    kubernetesTalosAPIAccess:
      enabled: true
      allowedRoles:
        - os:reader
      allowedKubernetesNamespaces:
        - kube-system

This feature introduces a new custom resource definition, serviceaccounts.talos.dev.
Creating custom resources of this type will provide credentials to access Talos API from within Kubernetes.

The new CLI subcommand talosctl inject serviceaccount can be used to configure Kubernetes manifests with Talos service accounts as below:

talosctl inject serviceaccount -f manifests.yaml > manifests-injected.yaml
kubectl apply -f manifests-injected.yaml

See documentation for more details.

Generating Talos secrets from PKI directory

It is now possible to generate a secrets bundle from a Kubernetes PKI directory (e.g. /etc/kubernetes/pki).

You can also specify a bootstrap token to be used in the secrets bundle.

This secrets bundle can then be used to generate a machine config.

This facilitates migrating clusters (e.g. created using kubeadm) to Talos.

talosctl gen secrets --kubernetes-bootstrap-token znzio1.1ifu15frz7jd59pv --from-kubernetes-pki /etc/kubernetes/pki
talosctl gen config --with-secrets secrets.yaml my-cluster https://172.20.0.1:6443

Kubernetes ControlPlane Components

Talos now run all Kubernetes Control Plane Components with the CRI default Seccomp Profile and other recommendations as described in
KEP-2568.

Kubelet Default Runtime Seccomp Profile

Talos now runs Kubelet with the CRI default Seccomp Profile enabled.
This can be disabled by setting .machine.kubelet.defaultRuntimeSeccompProfileEnabled to false.

This is not enabled automatically on upgrades, so upgrading to Talos v1.2 needs this to be explicitly enabled.

Kubernetes Control Plane labels and taints

Kubernetes Discovery Backend

For air-gapped installations when the Discovery Service is not enabled, Kubernetes Discovery Backend can be enabled by applying
the following machine configuration patch:

cluster:
  discovery:
    registries:
      kubernetes:
        disabled: false

KubeSpan Kubernetes Network Advertisement

Old behavior can be restored by setting .machine.kubespan.advertiseKubernetesNetworks = true in the machine config.

MachineConfig `.cluster.allowSchedulingOnMasters` deprecated

`k8s.gcr.io` mirror configuration

This is only enabled by default on newly generated configurations and not on upgrades.
This can be enabled with a machine configuration as follows:

machine:
  registries:
    mirrors:
      k8s.gcr.io:
        endpoints:
          - https://registry.k8s.io
          - https://k8s.gcr.io

Network bridge support

Talos now supports configuring Linux bridges. It can be configured in the machine config like the following:

machine:
  network:
    interfaces:
      - interface: br0
        bridge:
          stp:
            enabled: true
          interfaces:
            - eth0
            - eth1

See documentation for more details.

VLAN support in cmdline arguments

Talos now supports dracut-style vlan kernel argument to allow
installing Talos Linux in networks where ports are not tagged
with a default VLAN:

vlan=eth1.5:eth1 ip=172.20.0.2::172.20.0.1:255.255.255.0::eth1.5:::::

Packet Capture

Talos now supports capturing packets on a network interface with talosctl pcap command:

talosctl pcap --interface eth0

Seccomp Profiles

Talos now supports creating custom seccomp profiles on the host machine which in turn can be used by Kubernetes workloads.
It can be configured in the machine config as below:

machine:
  seccompProfiles:
    - name: audit.json
      value:
        defaultAction: SCMP_ACT_LOG
    - name: deny.json
      value: {"defaultAction":"SCMP_ACT_LOG"}

This profile data can be either configured as a YAML definition or as a JSON string.

The profiles are created on the host under /var/lib/seccomp/profiles and bind mounted at /var/lib/kubelet/seccomp/profiles so Kubelet can use it.

See documentation for more details.

Stable Default Hostname

This ensures that the node hostname is not changed when DHCP assigns a new IP to a node.

Strategic merge machine configuration patching

In addition to JSON (RFC6902) patches Talos now supports strategic merge patching.

For example, machine hostname can be set with the following patch:

machine:
  network:
    hostname: worker1

Patch format is detected automatically.

Variable substitution for URL query parameter in the talos.config kernel parameter

The kernel parameter talos.config can now substitute system information into placeholders inside its URL query values. This example shows all supported variables:

http://example.com/metadata?h=${hostname}&m=${mac}&s=${serial}&u=${uuid}

talosctl

--masters flag on talosctl cluster create is deprecated. Use --controlplanes instead.

Component Updates

Linux: 5.15.59
Flannel 0.19.1
containerd 1.16.7
Kubernetes: v1.25.0-beta.0

Talos is built with Go 1.19.

Contributors

Andrey Smirnov
Noel Georgi
Utku Ozdemir
Dmitriy Matrenichev
Philipp Sauter
Tim Jones
Artem Chernyshev
Spencer Smith
Davincible
Eirik Askheim
AMet
Alex Wied
Bermi Ferrer
Christoph Schmatzler
Dennis Marttinen
Eng Zer Jun
Flightkick
Florian Klink
Gwyn
Han Cen
Larry Rosenman
Markus Reiter
Matthew Richardson
Nico Berlee
Rio Kierkels
RyanSquared
Serge Logvinov
Seán C McCord
Steve Francis
Tommy Botten Jensen
hobyte
nett_hier
zebernst

Changes

siderolabs/talos@be351dcb9 release(v1.2.0-alpha.2): prepare release
siderolabs/talos@5dd1b4002 feat: disable Kubernetes discovery backend by default
siderolabs/talos@b62b18a97 feat: bump k8s to v1.25.0-beta.0
siderolabs/talos@7b80a747b feat: add protobuf encoding/decoding for Go structs
siderolabs/talos@00c3ee3ac docs: remove obsolete references to init nodes
siderolabs/talos@6eefa9d9c fix: properly filter resources in maintenance server
siderolabs/talos@fa5aad01a docs: fix issues in GCP docs
siderolabs/talos@98f056603 chore: bump dependencies
siderolabs/talos@84e712a9f feat: introduce Talos API access from Kubernetes
siderolabs/talos@d7be30892 chore: bump kernel to 5.15.59
siderolabs/talos@c2c2d65bc refactor: use COSI access filter for resource access
siderolabs/talos@1dee0579e feat: add support for proxying one-to-one to apid
siderolabs/talos@86eb01cd6 docs: add missing dev tools
siderolabs/talos@4fd676c04 docs: fix typo in theila name
siderolabs/talos@856beb21c feat: containerd 1.6.7, Flannel 1.19.1
siderolabs/talos@e97b9f6d3 feat: support dhcp options for vlan
siderolabs/talos@92314e47b refactor: use controllers/resources to feed trustd with data
siderolabs/talos@80d298abf feat: support skipping node registration
siderolabs/talos@7795de313 fix: use controllers/resources for etcd configuration
siderolabs/talos@f9b664c94 fix: reload trusted CA list when client is recreated
siderolabs/talos@8847ccd03 fix: shutdown some streaming API calls when machined API is shuting down
siderolabs/talos@f95b53726 fix: allow files in extension spec
siderolabs/talos@1a8f6ec8e fix: don't advertise Kubernetes pod networks over KubeSpan by default
siderolabs/talos@e3d4a0e4d fix: make reset work even if the node is not bootstrapped/not joined
siderolabs/talos@a6b010a8b chore: update Go to 1.19, Linux to 5.15.58
siderolabs/talos@fb058a7c9 test: use T.TempDir to create temporary test directory
siderolabs/talos@6fc38bae6 fix: iterate over etcd members endpoints for member promotion
siderolabs/talos@c70b692fb fix: update default address if removed from the host
siderolabs/talos@cf620d473 feat: read talosconfig from secrets directory
siderolabs/talos@1ad8e6122 fix: keep entire vlan id when parsing cmdline
siderolabs/talos@fe2ee3b10 feat: implement MachineStatus resource
siderolabs/talos@670d274c4 chore: bump dependencies
siderolabs/talos@08d2612e0 docs: bond devices are comma separated
siderolabs/talos@c3c3e14db chore: add gotagsrewrite tool and use it to add tags to resources
siderolabs/talos@2e790526f refactor: make apid stop gracefully and be stopped late
siderolabs/talos@0cdf22243 fix: retry Conflict errors when upgrading k8s manifests
siderolabs/talos@1db097f50 release(v1.2.0-alpha.1): prepare release
siderolabs/talos@5ac4947b6 feat: enable default seccomp profile for kubelet
siderolabs/talos@e5994ff7a fix: skip ResetDuringBoot test if the Cluster config is unknown
siderolabs/talos@8028e1074 fix: wait for boot done when rebooting a node in the integration tests
siderolabs/talos@ae1bec59e feat: allow running only one sequence at a time
siderolabs/talos@ec05aee04 fix: correctly unwrap errors when streaming
siderolabs/talos@7c7f2d8c3 feat: refactor disk size matcher to be compatible with DeepEqual
siderolabs/talos@3addea83b feat: introduce support for Talos API access from Kubernetes
siderolabs/talos@34d3a4164 docs: add missing <> to relref
siderolabs/talos@c4d2d20c4 fix: enable stable hostnames for worker configs as well
siderolabs/talos@0326bac1f chore: bump kernel to 5.15.57
siderolabs/talos@86820c33f chore: bump dependencies
siderolabs/talos@6e7dfeeb3 fix: data race in packet capture (part 2)
siderolabs/talos@c11e1dae7 docs: fix spelling and grammar errors
siderolabs/talos@30f7851d2 chore: bump golangci-lint from 1.45.2 to 1.47.2
siderolabs/talos@2cce9112d chore: bump goimports from 0.1.10 to 0.1.11
siderolabs/talos@18756c7ff fix: folder permissions of overlay mounted folders
siderolabs/talos@47c35dc47 feat: set stable default hostname based on machine-id
siderolabs/talos@1ed3df295 chore: support glibc apps extension spec
siderolabs/talos@a2aea9726 fix: write etcd PKI files in a controller
siderolabs/talos@bb4abc096 fix: regenerate kubelet certs when hostname changes
siderolabs/talos@d650afb6c chore: fix typo in powercycle
siderolabs/talos@644e803ad fix: use masks and different firewall mark for KubeSpan
siderolabs/talos@80444a43d fix: remove data race in pcap capture
siderolabs/talos@04a45dff2 docs: remove katacoda links
siderolabs/talos@065b59276 feat: implement packet capture API
siderolabs/talos@7c006cabc feat: update Kubernetes to 1.24.3
siderolabs/talos@551290195 chore: bump dependencies
siderolabs/talos@1677bcc4b fix: skip bond itself when matching interface (Equinix Metal)
siderolabs/talos@f1c2b5c55 feat: implement strategic merge patching for API server admission config
siderolabs/talos@be98cb82b feat: follow KEP-2568 non-root enhancements
siderolabs/talos@87ea1d961 fix: update kubelet kubeconfig when cluster control plane endpoint changes
siderolabs/talos@a75fe7600 feat: gen secrets from kubernetes pki dir
siderolabs/talos@a1d7b535a docs: add kubeadm migration guide
siderolabs/talos@9e0c56581 docs: guide for setting up synology-csi driver
siderolabs/talos@f0b8eea5e refactor: remove bootstrap sequence
siderolabs/talos@89c7da899 docs: add documentation for vagrant & libvirt
siderolabs/talos@014b85fdc docs: improve talos kubernetes upgrade note
siderolabs/talos@88bb017ed docs: remove old docs from site
siderolabs/talos@c92c90655 feat: build talosctl for FreeBSD
siderolabs/talos@616da3069 docs: update last release for 1.1
siderolabs/talos@091e6ef0e feat: resubstitute talos.config url variables on retry
siderolabs/talos@ec74ab38a feat: update Go to 1.18.4, Linux to 5.15.54
siderolabs/talos@641f6a1e4 feat: expose strategic merge config patches
siderolabs/talos@6e3d2d647 docs: fix disk encryption params
siderolabs/talos@c43d6a31d docs: fix typos
siderolabs/talos@551887528 chore: bump dependencies
siderolabs/talos@626ef05e6 fix: correct SANs for etcd certs
siderolabs/talos@83ce92c5f docs: fix theila docs
siderolabs/talos@8a038d40e fix: stabilize etcd join and promote sequences
siderolabs/talos@136122556 fix: use correct etcd cert path
siderolabs/talos@c170ec0b0 chore: bump kernel to 5.15.53
siderolabs/talos@d924901b7 feat: add cli subcommand to generate secrets
siderolabs/talos@34aabedd8 feat: more circular pkg from internal to pkg
siderolabs/talos@4f044e466 feat: implement strategic merge machine config patching
siderolabs/talos@c2a512608 fix: avoid double append of talos.platform kernel argument
siderolabs/talos@27dfe7c03 fix: perform accurate conflict resolution on overal (kubespan)
siderolabs/talos@e437445b4 chore: bump kernel to 5.15.52
siderolabs/talos@d27a6a4ac feat: add vlan support to cmdline
siderolabs/talos@fdca5d8a9 chore: bump dependencies
siderolabs/talos@ae3840dbc refactor: move kubeconfig package under public api
siderolabs/talos@184e113f3 chore: disable systeminfo controller in container
siderolabs/talos@86a0a7bdf refactor: use pointer types more in machine config structs
siderolabs/talos@3a1eb10e6 docs: update the Proxmox kvm64 note
siderolabs/talos@30e220fcd docs: kernel cmdline params updated on upgrades
siderolabs/talos@915de9cf9 docs: fix bridge documentation
siderolabs/talos@52cd12951 test: bump Talos versions in upgrade tests
siderolabs/talos@022581d80 release(v1.2.0-alpha.0): prepare release
siderolabs/talos@643e81cfe feat: add SenseLabs to ADOPTERS.md
siderolabs/talos@bdfee2b3b chore: bump kernel to 5.15.51
siderolabs/talos@36c44a651 fix: provide CA certificates in /etc/ssl/certs/ca-certificates.crt
siderolabs/talos@7ebd9bcce docs: fix pod security talos resource name
siderolabs/talos@57b625e0a refactor: avoid recreating grpc clients in service health checks
siderolabs/talos@a68a00f1b docs: recommend setting "host" Processor Type on proxmox
siderolabs/talos@923600a73 chore: bump kernel to 5.15.50
siderolabs/talos@758a9bf59 docs: add theila ui
siderolabs/talos@b81016e62 chore: update blockdevice library to v0.3.3
siderolabs/talos@284a2f959 fix: filter static pods correctly and optimize fetching
siderolabs/talos@61abf3111 docs: change command for cluster create to keep $HOME with sudo
siderolabs/talos@6ae1e9bf2 chore: bump dependencies
siderolabs/talos@2deff6b6e feat: add support for variable substitution in talos.config kernel parameter
siderolabs/talos@103c94225 fix: update crypto library with support for RSA-SHA*
siderolabs/talos@448de7194 docs: add UpCloud installation guide
siderolabs/talos@07014e0a8 fix: generate correct bootstrap manifests when only IPv6 CIDR is used
siderolabs/talos@465edbb47 fix: look for qemu-kvm binary
siderolabs/talos@63caa281a fix: create native image format for DigitalOcean
siderolabs/talos@f15ce549e fix: siderlink api assume port 443 with https schema
siderolabs/talos@797596229 feat: add support for configuring network bridges
siderolabs/talos@2b23fabcc docs: use SVG image for K8s conformance
siderolabs/talos@d4606c33e chore: bump kernel to 5.15.49
siderolabs/talos@cfb640222 docs: update docs for release 1.1
siderolabs/talos@b816d0b60 docs: fix the vendor information for Kubernetes conformance tests
siderolabs/talos@a167a5402 test: fix CLI nodes discovery without provisioner data
siderolabs/talos@916a30682 docs: add twitter meta info
siderolabs/talos@80090a3ed test: fix health endpoint cli test when discovery is disabled
siderolabs/talos@3c263bb44 chore: bump dependencies
siderolabs/talos@e8113527f chore: bump kubernetes to v1.24.2
siderolabs/talos@068f1b6d0 feat: add ctest package and base for test suite
siderolabs/talos@2aad3a1e4 chore: bump kernel to 5.15.48
siderolabs/talos@a31a858e0 docs: snippets for logging api server audit logs
siderolabs/talos@89aaaef9f chore: bump kernel to 5.15.47
siderolabs/talos@6759fcd4a feat: use discovery service on cluster health checks
siderolabs/talos@f54d90787 fix: enable orderly poweroff in hyper-v on Azure
siderolabs/talos@35475ce45 docs: openebs jiva example with iscsi-tools extension
siderolabs/talos@8d2be5e31 feat: extend node definition used in health checks
siderolabs/talos@7a11b4def fix: make talosctl bootstrap accept only single node
siderolabs/talos@217fba288 test: fix csi tests
siderolabs/talos@90bf34fed docs: fork docs for Talos 1.2
siderolabs/talos@a0dd010a8 docs: add link to discovery service in kubespan
siderolabs/talos@c0371410e fix: support SideroLink "secure" gRPC connection
siderolabs/talos@b03709620 feat: build Talos images with system extensions included
siderolabs/talos@43def7490 chore: bump kernel and runc
siderolabs/talos@4dbbf4ac5 chore: add generic methods and use them part #2
siderolabs/talos@7114292b6 docs: fix latest release version in docs
siderolabs/talos@da2985fe1 fix: respect local API server port
siderolabs/talos@e03266667 fix: correctly validate reboot mode in CLI
siderolabs/talos@70fc42409 chore: add generic methods and use them
siderolabs/talos@3ae8bdd92 chore: run xfs_repair on xfs filesystem returing EUCLEAN
siderolabs/talos@0c91c89f4 chore: revert day-two tests for csi tests
siderolabs/talos@f71b58312 feat: disallow anonymous requests by default (kube-apiserver)
siderolabs/talos@c19dd1b89 feat: add 'etcd members should be control plane nodes' health check
siderolabs/talos@f2997c0f2 chore: bump dependencies
siderolabs/talos@f3efec4b5 feat: update containerd 1.6.6, Linux 5.15.45, Flannel 0.18.1
siderolabs/talos@27f8e50ce fix: add ovmf image path for rhel
siderolabs/talos@87e7de30c docs: fix required ports
siderolabs/talos@c126f2ee8 chore: bump golang to 1.18.3
siderolabs/talos@c1aed6240 fix: wait for /var to be mounted in kubelet service controller
siderolabs/talos@d7a64f5d2 fix: improve vip operator shutdown sequence
siderolabs/talos@7b9dfcb85 chore: add 'make go-mod-outdated'

Changes since v1.2.0-alpha.1

siderolabs/talos@be351dcb9 release(v1.2.0-alpha.2): prepare release
siderolabs/talos@5dd1b4002 feat: disable Kubernetes discovery backend by default
siderolabs/talos@b62b18a97 feat: bump k8s to v1.25.0-beta.0
siderolabs/talos@7b80a747b feat: add protobuf encoding/decoding for Go structs
siderolabs/talos@00c3ee3ac docs: remove obsolete references to init nodes
siderolabs/talos@6eefa9d9c fix: properly filter resources in maintenance server
siderolabs/talos@fa5aad01a docs: fix issues in GCP docs
siderolabs/talos@98f056603 chore: bump dependencies
siderolabs/talos@84e712a9f feat: introduce Talos API access from Kubernetes
siderolabs/talos@d7be30892 chore: bump kernel to 5.15.59
siderolabs/talos@c2c2d65bc refactor: use COSI access filter for resource access
siderolabs/talos@1dee0579e feat: add support for proxying one-to-one to apid
siderolabs/talos@86eb01cd6 docs: add missing dev tools
siderolabs/talos@4fd676c04 docs: fix typo in theila name
siderolabs/talos@856beb21c feat: containerd 1.6.7, Flannel 1.19.1
siderolabs/talos@e97b9f6d3 feat: support dhcp options for vlan
siderolabs/talos@92314e47b refactor: use controllers/resources to feed trustd with data
siderolabs/talos@80d298abf feat: support skipping node registration
siderolabs/talos@7795de313 fix: use controllers/resources for etcd configuration
siderolabs/talos@f9b664c94 fix: reload trusted CA list when client is recreated
siderolabs/talos@8847ccd03 fix: shutdown some streaming API calls when machined API is shuting down
siderolabs/talos@f95b53726 fix: allow files in extension spec
siderolabs/talos@1a8f6ec8e fix: don't advertise Kubernetes pod networks over KubeSpan by default
siderolabs/talos@e3d4a0e4d fix: make reset work even if the node is not bootstrapped/not joined
siderolabs/talos@a6b010a8b chore: update Go to 1.19, Linux to 5.15.58
siderolabs/talos@fb058a7c9 test: use T.TempDir to create temporary test directory
siderolabs/talos@6fc38bae6 fix: iterate over etcd members endpoints for member promotion
siderolabs/talos@c70b692fb fix: update default address if removed from the host
siderolabs/talos@cf620d473 feat: read talosconfig from secrets directory
siderolabs/talos@1ad8e6122 fix: keep entire vlan id when parsing cmdline
siderolabs/talos@fe2ee3b10 feat: implement MachineStatus resource
siderolabs/talos@670d274c4 chore: bump dependencies
siderolabs/talos@08d2612e0 docs: bond devices are comma separated
siderolabs/talos@c3c3e14db chore: add gotagsrewrite tool and use it to add tags to resources
siderolabs/talos@2e790526f refactor: make apid stop gracefully and be stopped late
siderolabs/talos@0cdf22243 fix: retry Conflict errors when upgrading k8s manifests

Changes from siderolabs/extras

siderolabs/extras@da35a63 feat: update Go to 1.19
siderolabs/extras@17a319f chore: update Go to 1.18.4
siderolabs/extras@892407f chore: bump golang to 1.18.3

Changes from siderolabs/pkgs

siderolabs/pkgs@7783ee3 chore: bump kernel to 5.15.59
siderolabs/pkgs@360d596 feat: update containerd to 1.6.7
siderolabs/pkgs@6feece4 feat: update Go to 1.19
siderolabs/pkgs@9ad3aeb chore: bump kernel to 5.15.58
siderolabs/pkgs@dcc0311 chore: bump kernel to 5.15.57
siderolabs/pkgs@b943a9d chore: update Go to 1.18.4
siderolabs/pkgs@a44e324 chore: bump kernel to 5.15.54
siderolabs/pkgs@247f567 chore: bump kernel to 5.15.53
siderolabs/pkgs@4fe9867 chore: bump openssl to 1.1.1q
siderolabs/pkgs@9ee662c chore: bump kernel to 5.15.52
siderolabs/pkgs@4412db8 chore: bump kernel to 5.15.51
siderolabs/pkgs@6fedbdc chore: bump tools
siderolabs/pkgs@f1f44e6 chore: bump kernel to 5.15.50
siderolabs/pkgs@388af5e chore: bump openssl to 1.1.1p
siderolabs/pkgs@ed75c50 chore: enable RANDOM_TRUST_BOOTLOADER by default
siderolabs/pkgs@7c243f6 chore: bump kernel to 5.15.49
siderolabs/pkgs@6e1269e chore: bump kernel to 5.15.48
siderolabs/pkgs@5d671a3 chore: bump nvidia drivers to 515.48.07
siderolabs/pkgs@b35d835 chore: bump kernel to 5.15.47
siderolabs/pkgs@6604d6b feat: hyperv arm64
siderolabs/pkgs@c474058 chore: bump nvidia driver to 515.43.04
siderolabs/pkgs@5bc7e34 feat: update runc to 1.1.3, libseccomp to 2.5.4
siderolabs/pkgs@c02cd7a chore: bump kernel to 5.15.46
siderolabs/pkgs@b9c72a5 feat: update containerd to 1.6.6
siderolabs/pkgs@f7786a3 chore: bump kernel to 5.15.45
siderolabs/pkgs@b1c207d feat: update containerd to 1.6.5
siderolabs/pkgs@4d47830 chore: bump golang to 1.18.3
siderolabs/pkgs@dc21e30 chore: bump kernel to 5.15.44

Changes from siderolabs/tools

siderolabs/tools@cd35510 feat: update Go to 1.19
siderolabs/tools@e83198d chore: bump git to v2.37.1
siderolabs/tools@0d669dd feat: update Go 1.18.4
siderolabs/tools@26b32d5 chore: bump openssl to 1.1.1q
siderolabs/tools@d8015e7 chore: bump curl to 7.84.0
siderolabs/tools@3ec03ed chore: bump openssl to 1.1.1p
siderolabs/tools@3df9e13 chore: bump golang to 1.18.3

Changes from talos-systems/crypto

talos-systems/crypto@e9df1b8 feat: add support for generating keys from RSA-SHA256 CAs

Changes from talos-systems/go-blockdevice

talos-systems/go-blockdevice@74ea471 feat: add freebsd stubs
talos-systems/go-blockdevice@9fa801c feat: add ReadOnly attribute to Disk

Changes from talos-systems/grpc-proxy

talos-systems/grpc-proxy@6dfa2cc fix: ignore errors on duplicate SetHeader calls

Dependency Changes

cloud.google.com/go/compute v1.6.1 -> v1.7.0
github.com/BurntSushi/toml v1.1.0 -> v1.2.0
github.com/aws/aws-sdk-go v1.44.24 -> v1.44.71
github.com/containerd/containerd v1.6.4 -> v1.6.8
github.com/containernetworking/cni v1.1.0 -> v1.1.2
github.com/cosi-project/runtime 95d06feaf8b5 -> cd5f564066ad
github.com/docker/docker v20.10.16 -> v20.10.17
github.com/emicklei/dot v0.16.0 -> v1.0.0
github.com/google/gopacket v1.1.19 new
github.com/google/nftables a9775fb167d2 -> 2eca00135732
github.com/hashicorp/go-getter v1.6.1 -> v1.6.2
github.com/hashicorp/go-version v1.5.0 -> v1.6.0
github.com/hetznercloud/hcloud-go v1.33.2 -> v1.35.2
github.com/jsimonetti/rtnetlink v1.2.0 -> v1.2.1
github.com/martinlindhe/base36 v1.1.1 new
github.com/packethost/packngo v0.24.0 -> v0.25.0
github.com/prometheus/procfs v0.7.3 -> v0.8.0
github.com/rivo/tview 9994674d60a8 -> 37ad0bb93703
github.com/siderolabs/extras v1.1.0-1-g5800284 -> v1.2.0-alpha.0-2-gda35a63
github.com/siderolabs/pkgs v1.1.0-8-gfa9a488 -> v1.2.0-alpha.0-27-g7783ee3
github.com/siderolabs/tools v1.1.0-1-g134974c -> v1.2.0-alpha.0-6-gcd35510
github.com/spf13/cobra v1.4.0 -> v1.5.0
github.com/stretchr/testify v1.7.1 -> v1.8.0
github.com/talos-systems/crypto v0.3.5 -> e9df1b8ca74c
github.com/talos-systems/go-blockdevice v0.3.2 -> v0.3.4
github.com/talos-systems/grpc-proxy v0.3.0 -> v0.3.1
github.com/u-root/u-root v0.8.0 -> v0.9.0
github.com/vishvananda/netlink v1.2.0-beta -> v1.2.1-beta.2
github.com/vmware-tanzu/sonobuoy v0.56.6 -> v0.56.9
github.com/vmware/govmomi v0.28.0 -> v0.29.0
golang.org/x/net 5463443f8c37 -> a33c5aa5df48
golang.org/x/sync 0976fa681c29 -> 886fb9371eb4
golang.org/x/sys bc2c85ada10a -> 1c4a2a72c664
golang.org/x/term 065cf7ba2467 -> a9ba230a4035
golang.org/x/time 583f2d630306 -> e5dcc9cfc0b9
google.golang.org/grpc v1.46.2 -> v1.48.0
google.golang.org/protobuf v1.28.0 -> v1.28.1
gopkg.in/yaml.v3 496545a6307b -> v3.0.1
inet.af/netaddr c74959edd3b6 -> 097006376321
k8s.io/api v0.24.2 -> v0.25.0-beta.0
k8s.io/apimachinery v0.24.2 -> v0.25.0-beta.0
k8s.io/apiserver v0.24.2 -> v0.25.0-beta.0
k8s.io/client-go v0.24.2 -> v0.25.0-beta.0
k8s.io/component-base v0.24.2 -> v0.25.0-beta.0
k8s.io/cri-api v0.24.2 -> v0.25.0-beta.0
k8s.io/kubectl v0.24.2 -> v0.25.0-beta.0
k8s.io/kubelet v0.24.2 -> v0.25.0-beta.0
kernel.org/pub/linux/libs/security/libcap/cap v1.2.64 -> v1.2.65

Previous release can be found at v1.1.0

Images

ghcr.io/siderolabs/flannel:v0.19.1
ghcr.io/siderolabs/install-cni:v1.2.0-alpha.0-2-gda35a63
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.4
k8s.gcr.io/kube-apiserver:v1.25.0-beta.0
k8s.gcr.io/kube-controller-manager:v1.25.0-beta.0
k8s.gcr.io/kube-scheduler:v1.25.0-beta.0
k8s.gcr.io/kube-proxy:v1.25.0-beta.0
ghcr.io/siderolabs/kubelet:v1.25.0-beta.0
ghcr.io/siderolabs/installer:v1.2.0-alpha.2
k8s.gcr.io/pause:3.6

talos - v1.2.0-alpha.1

Published by talos-bot about 2 years ago

Talos 1.2.0-alpha.1 (2022-07-28)

Welcome to the v1.2.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Generating Talos secrets from PKI directory

It is now possible to generate a secrets bundle from a Kubernetes PKI directory (e.g. /etc/kubernetes/pki).

You can also specify a bootstrap token to be used in the secrets bundle.

This secrets bundle can then be used to generate a machine config.

This facilitates migrating clusters (e.g. created using kubeadm) to Talos.

talosctl gen secrets --kubernetes-bootstrap-token znzio1.1ifu15frz7jd59pv --from-kubernetes-pki /etc/kubernetes/pki
talosctl gen config --with-secrets secrets.yaml my-cluster https://172.20.0.1:6443

Kubernetes ControlPlane Components

Talos now run all Kubernetes Control Plane Components with the CRI default Seccomp Profile and other recommendations as described in
KEP-2568.

Kubelet Default Runtime Seccomp Profile

Talos now runs Kubelet with the CRI default Seccomp Profile enabled.
This can be disabled by setting .machine.kubelet.defaultRuntimeSeccompProfileEnabled to false.

This is not enabled automatically on upgrades, so upgrading to Talos v1.2 needs this to be explicitly enabled.

Network bridge support

Talos now supports configuring Linux bridges. It can be configured in the machine config like the following:

machine:
  network:
    interfaces:
      - interface: br0
        bridge:
          stp:
            enabled: true
          interfaces:
            - eth0
            - eth1

See documentation for more details.

VLAN support in cmdline arguments

Talos now supports dracut-style vlan kernel argument to allow
installing Talos Linux in networks where ports are not tagged
with a default VLAN:

vlan=eth1.5:eth1 ip=172.20.0.2::172.20.0.1:255.255.255.0::eth1.5:::::

Packet Capture

Talos now supports capturing packets on a network interface with talosctl pcap command:

talosctl pcap --interface eth0

Seccomp Profiles

Talos now supports creating custom seccomp profiles on the host machine which in turn can be used by Kubernetes workloads.
It can be configured in the machine config as below:

machine:
  seccompProfiles:
    - name: audit.json
      value:
        defaultAction: SCMP_ACT_LOG
    - name: deny.json
      value: {"defaultAction":"SCMP_ACT_LOG"}

This profile data can be either configured as a YAML definition or as a JSON string.

The profiles are created on the host under /var/lib/seccomp/profiles and bind mounted at /var/lib/kubelet/seccomp/profiles so Kubelet can use it.

See documentation for more details.

Stable Default Hostname

This ensures that the node hostname is not changed when DHCP assigns a new IP to a node.

Strategic merge machine configuration patching

In addition to JSON (RFC6902) patches Talos now supports strategic merge patching.

For example, machine hostname can be set with the following patch:

machine:
  network:
    hostname: worker1

Patch format is detected automatically.

Variable substitution for URL query parameter in the talos.config kernel parameter

The kernel parameter talos.config can now substitute system information into placeholders inside its URL query values. This example shows all supported variables:

http://example.com/metadata?h=${hostname}&m=${mac}&s=${serial}&u=${uuid}

Component Updates

Linux: 5.15.57

Talos is built with Go 1.18.4.

Contributors

Andrey Smirnov
Noel Georgi
Utku Ozdemir
Dmitriy Matrenichev
Philipp Sauter
Tim Jones
Spencer Smith
Artem Chernyshev
Davincible
AMet
Alex Wied
Bermi Ferrer
Christoph Schmatzler
Dennis Marttinen
Eirik Askheim
Florian Klink
Han Cen
Larry Rosenman
Markus Reiter
Matthew Richardson
Nico Berlee
Rio Kierkels
RyanSquared
Serge Logvinov
Seán C McCord
hobyte
nett_hier
zebernst

Changes

siderolabs/talos@1db097f50 release(v1.2.0-alpha.1): prepare release
siderolabs/talos@5ac4947b6 feat: enable default seccomp profile for kubelet
siderolabs/talos@e5994ff7a fix: skip ResetDuringBoot test if the Cluster config is unknown
siderolabs/talos@8028e1074 fix: wait for boot done when rebooting a node in the integration tests
siderolabs/talos@ae1bec59e feat: allow running only one sequence at a time
siderolabs/talos@ec05aee04 fix: correctly unwrap errors when streaming
siderolabs/talos@7c7f2d8c3 feat: refactor disk size matcher to be compatible with DeepEqual
siderolabs/talos@3addea83b feat: introduce support for Talos API access from Kubernetes
siderolabs/talos@34d3a4164 docs: add missing <> to relref
siderolabs/talos@c4d2d20c4 fix: enable stable hostnames for worker configs as well
siderolabs/talos@0326bac1f chore: bump kernel to 5.15.57
siderolabs/talos@86820c33f chore: bump dependencies
siderolabs/talos@6e7dfeeb3 fix: data race in packet capture (part 2)
siderolabs/talos@c11e1dae7 docs: fix spelling and grammar errors
siderolabs/talos@30f7851d2 chore: bump golangci-lint from 1.45.2 to 1.47.2
siderolabs/talos@2cce9112d chore: bump goimports from 0.1.10 to 0.1.11
siderolabs/talos@18756c7ff fix: folder permissions of overlay mounted folders
siderolabs/talos@47c35dc47 feat: set stable default hostname based on machine-id
siderolabs/talos@1ed3df295 chore: support glibc apps extension spec
siderolabs/talos@a2aea9726 fix: write etcd PKI files in a controller
siderolabs/talos@bb4abc096 fix: regenerate kubelet certs when hostname changes
siderolabs/talos@d650afb6c chore: fix typo in powercycle
siderolabs/talos@644e803ad fix: use masks and different firewall mark for KubeSpan
siderolabs/talos@80444a43d fix: remove data race in pcap capture
siderolabs/talos@04a45dff2 docs: remove katacoda links
siderolabs/talos@065b59276 feat: implement packet capture API
siderolabs/talos@7c006cabc feat: update Kubernetes to 1.24.3
siderolabs/talos@551290195 chore: bump dependencies
siderolabs/talos@1677bcc4b fix: skip bond itself when matching interface (Equinix Metal)
siderolabs/talos@f1c2b5c55 feat: implement strategic merge patching for API server admission config
siderolabs/talos@be98cb82b feat: follow KEP-2568 non-root enhancements
siderolabs/talos@87ea1d961 fix: update kubelet kubeconfig when cluster control plane endpoint changes
siderolabs/talos@a75fe7600 feat: gen secrets from kubernetes pki dir
siderolabs/talos@a1d7b535a docs: add kubeadm migration guide
siderolabs/talos@9e0c56581 docs: guide for setting up synology-csi driver
siderolabs/talos@f0b8eea5e refactor: remove bootstrap sequence
siderolabs/talos@89c7da899 docs: add documentation for vagrant & libvirt
siderolabs/talos@014b85fdc docs: improve talos kubernetes upgrade note
siderolabs/talos@88bb017ed docs: remove old docs from site
siderolabs/talos@c92c90655 feat: build talosctl for FreeBSD
siderolabs/talos@616da3069 docs: update last release for 1.1
siderolabs/talos@091e6ef0e feat: resubstitute talos.config url variables on retry
siderolabs/talos@ec74ab38a feat: update Go to 1.18.4, Linux to 5.15.54
siderolabs/talos@641f6a1e4 feat: expose strategic merge config patches
siderolabs/talos@6e3d2d647 docs: fix disk encryption params
siderolabs/talos@c43d6a31d docs: fix typos
siderolabs/talos@551887528 chore: bump dependencies
siderolabs/talos@626ef05e6 fix: correct SANs for etcd certs
siderolabs/talos@83ce92c5f docs: fix theila docs
siderolabs/talos@8a038d40e fix: stabilize etcd join and promote sequences
siderolabs/talos@136122556 fix: use correct etcd cert path
siderolabs/talos@c170ec0b0 chore: bump kernel to 5.15.53
siderolabs/talos@d924901b7 feat: add cli subcommand to generate secrets
siderolabs/talos@34aabedd8 feat: more circular pkg from internal to pkg
siderolabs/talos@4f044e466 feat: implement strategic merge machine config patching
siderolabs/talos@c2a512608 fix: avoid double append of talos.platform kernel argument
siderolabs/talos@27dfe7c03 fix: perform accurate conflict resolution on overal (kubespan)
siderolabs/talos@e437445b4 chore: bump kernel to 5.15.52
siderolabs/talos@d27a6a4ac feat: add vlan support to cmdline
siderolabs/talos@fdca5d8a9 chore: bump dependencies
siderolabs/talos@ae3840dbc refactor: move kubeconfig package under public api
siderolabs/talos@184e113f3 chore: disable systeminfo controller in container
siderolabs/talos@86a0a7bdf refactor: use pointer types more in machine config structs
siderolabs/talos@3a1eb10e6 docs: update the Proxmox kvm64 note
siderolabs/talos@30e220fcd docs: kernel cmdline params updated on upgrades
siderolabs/talos@915de9cf9 docs: fix bridge documentation
siderolabs/talos@52cd12951 test: bump Talos versions in upgrade tests
siderolabs/talos@022581d80 release(v1.2.0-alpha.0): prepare release
siderolabs/talos@643e81cfe feat: add SenseLabs to ADOPTERS.md
siderolabs/talos@bdfee2b3b chore: bump kernel to 5.15.51
siderolabs/talos@36c44a651 fix: provide CA certificates in /etc/ssl/certs/ca-certificates.crt
siderolabs/talos@7ebd9bcce docs: fix pod security talos resource name
siderolabs/talos@57b625e0a refactor: avoid recreating grpc clients in service health checks
siderolabs/talos@a68a00f1b docs: recommend setting "host" Processor Type on proxmox
siderolabs/talos@923600a73 chore: bump kernel to 5.15.50
siderolabs/talos@758a9bf59 docs: add theila ui
siderolabs/talos@b81016e62 chore: update blockdevice library to v0.3.3
siderolabs/talos@284a2f959 fix: filter static pods correctly and optimize fetching
siderolabs/talos@61abf3111 docs: change command for cluster create to keep $HOME with sudo
siderolabs/talos@6ae1e9bf2 chore: bump dependencies
siderolabs/talos@2deff6b6e feat: add support for variable substitution in talos.config kernel parameter
siderolabs/talos@103c94225 fix: update crypto library with support for RSA-SHA*
siderolabs/talos@448de7194 docs: add UpCloud installation guide
siderolabs/talos@07014e0a8 fix: generate correct bootstrap manifests when only IPv6 CIDR is used
siderolabs/talos@465edbb47 fix: look for qemu-kvm binary
siderolabs/talos@63caa281a fix: create native image format for DigitalOcean
siderolabs/talos@f15ce549e fix: siderlink api assume port 443 with https schema
siderolabs/talos@797596229 feat: add support for configuring network bridges
siderolabs/talos@2b23fabcc docs: use SVG image for K8s conformance
siderolabs/talos@d4606c33e chore: bump kernel to 5.15.49
siderolabs/talos@cfb640222 docs: update docs for release 1.1
siderolabs/talos@b816d0b60 docs: fix the vendor information for Kubernetes conformance tests
siderolabs/talos@a167a5402 test: fix CLI nodes discovery without provisioner data
siderolabs/talos@916a30682 docs: add twitter meta info
siderolabs/talos@80090a3ed test: fix health endpoint cli test when discovery is disabled
siderolabs/talos@3c263bb44 chore: bump dependencies
siderolabs/talos@e8113527f chore: bump kubernetes to v1.24.2
siderolabs/talos@068f1b6d0 feat: add ctest package and base for test suite
siderolabs/talos@2aad3a1e4 chore: bump kernel to 5.15.48
siderolabs/talos@a31a858e0 docs: snippets for logging api server audit logs
siderolabs/talos@89aaaef9f chore: bump kernel to 5.15.47
siderolabs/talos@6759fcd4a feat: use discovery service on cluster health checks
siderolabs/talos@f54d90787 fix: enable orderly poweroff in hyper-v on Azure
siderolabs/talos@35475ce45 docs: openebs jiva example with iscsi-tools extension
siderolabs/talos@8d2be5e31 feat: extend node definition used in health checks
siderolabs/talos@7a11b4def fix: make talosctl bootstrap accept only single node
siderolabs/talos@217fba288 test: fix csi tests
siderolabs/talos@90bf34fed docs: fork docs for Talos 1.2
siderolabs/talos@a0dd010a8 docs: add link to discovery service in kubespan
siderolabs/talos@c0371410e fix: support SideroLink "secure" gRPC connection
siderolabs/talos@b03709620 feat: build Talos images with system extensions included
siderolabs/talos@43def7490 chore: bump kernel and runc
siderolabs/talos@4dbbf4ac5 chore: add generic methods and use them part #2
siderolabs/talos@7114292b6 docs: fix latest release version in docs
siderolabs/talos@da2985fe1 fix: respect local API server port
siderolabs/talos@e03266667 fix: correctly validate reboot mode in CLI
siderolabs/talos@70fc42409 chore: add generic methods and use them
siderolabs/talos@3ae8bdd92 chore: run xfs_repair on xfs filesystem returing EUCLEAN
siderolabs/talos@0c91c89f4 chore: revert day-two tests for csi tests
siderolabs/talos@f71b58312 feat: disallow anonymous requests by default (kube-apiserver)
siderolabs/talos@c19dd1b89 feat: add 'etcd members should be control plane nodes' health check
siderolabs/talos@f2997c0f2 chore: bump dependencies
siderolabs/talos@f3efec4b5 feat: update containerd 1.6.6, Linux 5.15.45, Flannel 0.18.1
siderolabs/talos@27f8e50ce fix: add ovmf image path for rhel
siderolabs/talos@87e7de30c docs: fix required ports
siderolabs/talos@c126f2ee8 chore: bump golang to 1.18.3
siderolabs/talos@c1aed6240 fix: wait for /var to be mounted in kubelet service controller
siderolabs/talos@d7a64f5d2 fix: improve vip operator shutdown sequence
siderolabs/talos@7b9dfcb85 chore: add 'make go-mod-outdated'

Changes since v1.2.0-alpha.0

siderolabs/talos@1db097f50 release(v1.2.0-alpha.1): prepare release
siderolabs/talos@5ac4947b6 feat: enable default seccomp profile for kubelet
siderolabs/talos@e5994ff7a fix: skip ResetDuringBoot test if the Cluster config is unknown
siderolabs/talos@8028e1074 fix: wait for boot done when rebooting a node in the integration tests
siderolabs/talos@ae1bec59e feat: allow running only one sequence at a time
siderolabs/talos@ec05aee04 fix: correctly unwrap errors when streaming
siderolabs/talos@7c7f2d8c3 feat: refactor disk size matcher to be compatible with DeepEqual
siderolabs/talos@3addea83b feat: introduce support for Talos API access from Kubernetes
siderolabs/talos@34d3a4164 docs: add missing <> to relref
siderolabs/talos@c4d2d20c4 fix: enable stable hostnames for worker configs as well
siderolabs/talos@0326bac1f chore: bump kernel to 5.15.57
siderolabs/talos@86820c33f chore: bump dependencies
siderolabs/talos@6e7dfeeb3 fix: data race in packet capture (part 2)
siderolabs/talos@c11e1dae7 docs: fix spelling and grammar errors
siderolabs/talos@30f7851d2 chore: bump golangci-lint from 1.45.2 to 1.47.2
siderolabs/talos@2cce9112d chore: bump goimports from 0.1.10 to 0.1.11
siderolabs/talos@18756c7ff fix: folder permissions of overlay mounted folders
siderolabs/talos@47c35dc47 feat: set stable default hostname based on machine-id
siderolabs/talos@1ed3df295 chore: support glibc apps extension spec
siderolabs/talos@a2aea9726 fix: write etcd PKI files in a controller
siderolabs/talos@bb4abc096 fix: regenerate kubelet certs when hostname changes
siderolabs/talos@d650afb6c chore: fix typo in powercycle
siderolabs/talos@644e803ad fix: use masks and different firewall mark for KubeSpan
siderolabs/talos@80444a43d fix: remove data race in pcap capture
siderolabs/talos@04a45dff2 docs: remove katacoda links
siderolabs/talos@065b59276 feat: implement packet capture API
siderolabs/talos@7c006cabc feat: update Kubernetes to 1.24.3
siderolabs/talos@551290195 chore: bump dependencies
siderolabs/talos@1677bcc4b fix: skip bond itself when matching interface (Equinix Metal)
siderolabs/talos@f1c2b5c55 feat: implement strategic merge patching for API server admission config
siderolabs/talos@be98cb82b feat: follow KEP-2568 non-root enhancements
siderolabs/talos@87ea1d961 fix: update kubelet kubeconfig when cluster control plane endpoint changes
siderolabs/talos@a75fe7600 feat: gen secrets from kubernetes pki dir
siderolabs/talos@a1d7b535a docs: add kubeadm migration guide
siderolabs/talos@9e0c56581 docs: guide for setting up synology-csi driver
siderolabs/talos@f0b8eea5e refactor: remove bootstrap sequence
siderolabs/talos@89c7da899 docs: add documentation for vagrant & libvirt
siderolabs/talos@014b85fdc docs: improve talos kubernetes upgrade note
siderolabs/talos@88bb017ed docs: remove old docs from site
siderolabs/talos@c92c90655 feat: build talosctl for FreeBSD
siderolabs/talos@616da3069 docs: update last release for 1.1
siderolabs/talos@091e6ef0e feat: resubstitute talos.config url variables on retry
siderolabs/talos@ec74ab38a feat: update Go to 1.18.4, Linux to 5.15.54
siderolabs/talos@641f6a1e4 feat: expose strategic merge config patches
siderolabs/talos@6e3d2d647 docs: fix disk encryption params
siderolabs/talos@c43d6a31d docs: fix typos
siderolabs/talos@551887528 chore: bump dependencies
siderolabs/talos@626ef05e6 fix: correct SANs for etcd certs
siderolabs/talos@83ce92c5f docs: fix theila docs
siderolabs/talos@8a038d40e fix: stabilize etcd join and promote sequences
siderolabs/talos@136122556 fix: use correct etcd cert path
siderolabs/talos@c170ec0b0 chore: bump kernel to 5.15.53
siderolabs/talos@d924901b7 feat: add cli subcommand to generate secrets
siderolabs/talos@34aabedd8 feat: more circular pkg from internal to pkg
siderolabs/talos@4f044e466 feat: implement strategic merge machine config patching
siderolabs/talos@c2a512608 fix: avoid double append of talos.platform kernel argument
siderolabs/talos@27dfe7c03 fix: perform accurate conflict resolution on overal (kubespan)
siderolabs/talos@e437445b4 chore: bump kernel to 5.15.52
siderolabs/talos@d27a6a4ac feat: add vlan support to cmdline
siderolabs/talos@fdca5d8a9 chore: bump dependencies
siderolabs/talos@ae3840dbc refactor: move kubeconfig package under public api
siderolabs/talos@184e113f3 chore: disable systeminfo controller in container
siderolabs/talos@86a0a7bdf refactor: use pointer types more in machine config structs
siderolabs/talos@3a1eb10e6 docs: update the Proxmox kvm64 note
siderolabs/talos@30e220fcd docs: kernel cmdline params updated on upgrades
siderolabs/talos@915de9cf9 docs: fix bridge documentation
siderolabs/talos@52cd12951 test: bump Talos versions in upgrade tests

Changes from siderolabs/extras

siderolabs/extras@17a319f chore: update Go to 1.18.4
siderolabs/extras@892407f chore: bump golang to 1.18.3

Changes from siderolabs/pkgs

siderolabs/pkgs@dcc0311 chore: bump kernel to 5.15.57
siderolabs/pkgs@b943a9d chore: update Go to 1.18.4
siderolabs/pkgs@a44e324 chore: bump kernel to 5.15.54
siderolabs/pkgs@247f567 chore: bump kernel to 5.15.53
siderolabs/pkgs@4fe9867 chore: bump openssl to 1.1.1q
siderolabs/pkgs@9ee662c chore: bump kernel to 5.15.52
siderolabs/pkgs@4412db8 chore: bump kernel to 5.15.51
siderolabs/pkgs@6fedbdc chore: bump tools
siderolabs/pkgs@f1f44e6 chore: bump kernel to 5.15.50
siderolabs/pkgs@388af5e chore: bump openssl to 1.1.1p
siderolabs/pkgs@ed75c50 chore: enable RANDOM_TRUST_BOOTLOADER by default
siderolabs/pkgs@7c243f6 chore: bump kernel to 5.15.49
siderolabs/pkgs@6e1269e chore: bump kernel to 5.15.48
siderolabs/pkgs@5d671a3 chore: bump nvidia drivers to 515.48.07
siderolabs/pkgs@b35d835 chore: bump kernel to 5.15.47
siderolabs/pkgs@6604d6b feat: hyperv arm64
siderolabs/pkgs@c474058 chore: bump nvidia driver to 515.43.04
siderolabs/pkgs@5bc7e34 feat: update runc to 1.1.3, libseccomp to 2.5.4
siderolabs/pkgs@c02cd7a chore: bump kernel to 5.15.46
siderolabs/pkgs@b9c72a5 feat: update containerd to 1.6.6
siderolabs/pkgs@f7786a3 chore: bump kernel to 5.15.45
siderolabs/pkgs@b1c207d feat: update containerd to 1.6.5
siderolabs/pkgs@4d47830 chore: bump golang to 1.18.3
siderolabs/pkgs@dc21e30 chore: bump kernel to 5.15.44

Changes from siderolabs/tools

siderolabs/tools@0d669dd feat: update Go 1.18.4
siderolabs/tools@26b32d5 chore: bump openssl to 1.1.1q
siderolabs/tools@d8015e7 chore: bump curl to 7.84.0
siderolabs/tools@3ec03ed chore: bump openssl to 1.1.1p
siderolabs/tools@3df9e13 chore: bump golang to 1.18.3

Changes from talos-systems/crypto

talos-systems/crypto@e9df1b8 feat: add support for generating keys from RSA-SHA256 CAs

Changes from talos-systems/go-blockdevice

talos-systems/go-blockdevice@74ea471 feat: add freebsd stubs
talos-systems/go-blockdevice@9fa801c feat: add ReadOnly attribute to Disk

Changes from talos-systems/grpc-proxy

talos-systems/grpc-proxy@6dfa2cc fix: ignore errors on duplicate SetHeader calls

Dependency Changes

cloud.google.com/go/compute v1.6.1 -> v1.7.0
github.com/BurntSushi/toml v1.1.0 -> v1.2.0
github.com/aws/aws-sdk-go v1.44.24 -> v1.44.61
github.com/containerd/containerd v1.6.4 -> v1.6.6
github.com/containernetworking/cni v1.1.0 -> v1.1.1
github.com/cosi-project/runtime 95d06feaf8b5 -> 22c6aa1ca7ec
github.com/docker/docker v20.10.16 -> v20.10.17
github.com/emicklei/dot v0.16.0 -> v1.0.0
github.com/google/gopacket v1.1.19 new
github.com/google/nftables a9775fb167d2 -> a346d51f53b3
github.com/hashicorp/go-getter v1.6.1 -> v1.6.2
github.com/hashicorp/go-version v1.5.0 -> v1.6.0
github.com/hetznercloud/hcloud-go v1.33.2 -> v1.35.1
github.com/martinlindhe/base36 v1.1.1 new
github.com/packethost/packngo v0.24.0 -> v0.25.0
github.com/rivo/tview 9994674d60a8 -> 73bf2902b59a
github.com/siderolabs/extras v1.1.0-1-g5800284 -> v1.2.0-alpha.0-1-g17a319f
github.com/siderolabs/pkgs v1.1.0-8-gfa9a488 -> v1.2.0-alpha.0-23-gdcc0311
github.com/siderolabs/tools v1.1.0-1-g134974c -> v1.2.0-alpha.0-4-g0d669dd
github.com/spf13/cobra v1.4.0 -> v1.5.0
github.com/stretchr/testify v1.7.1 -> v1.8.0
github.com/talos-systems/crypto v0.3.5 -> e9df1b8ca74c
github.com/talos-systems/go-blockdevice v0.3.2 -> v0.3.4
github.com/talos-systems/grpc-proxy v0.3.0 -> v0.3.1
github.com/vishvananda/netlink v1.2.0-beta -> v1.2.1-beta.2
github.com/vmware-tanzu/sonobuoy v0.56.6 -> v0.56.8
github.com/vmware/govmomi v0.28.0 -> v0.29.0
golang.org/x/net 5463443f8c37 -> a158d28d115b
golang.org/x/sync 0976fa681c29 -> 886fb9371eb4
golang.org/x/sys bc2c85ada10a -> 8c9f86f7a55f
golang.org/x/term 065cf7ba2467 -> a9ba230a4035
golang.org/x/time 583f2d630306 -> e5dcc9cfc0b9
google.golang.org/grpc v1.46.2 -> v1.48.0
gopkg.in/yaml.v3 496545a6307b -> v3.0.1
inet.af/netaddr c74959edd3b6 -> 097006376321
k8s.io/api v0.24.2 -> v0.24.3
k8s.io/apiserver v0.24.2 -> v0.24.3
k8s.io/client-go v0.24.2 -> v0.24.3
k8s.io/component-base v0.24.2 -> v0.24.3
k8s.io/kubectl v0.24.2 -> v0.24.3
k8s.io/kubelet v0.24.2 -> v0.24.3
kernel.org/pub/linux/libs/security/libcap/cap v1.2.64 -> v1.2.65

Previous release can be found at v1.1.0

Images

ghcr.io/siderolabs/flannel:v0.18.1
ghcr.io/siderolabs/install-cni:v1.2.0-alpha.0-1-g17a319f
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.4
k8s.gcr.io/kube-apiserver:v1.24.3
k8s.gcr.io/kube-controller-manager:v1.24.3
k8s.gcr.io/kube-scheduler:v1.24.3
k8s.gcr.io/kube-proxy:v1.24.3
ghcr.io/siderolabs/kubelet:v1.24.3
ghcr.io/siderolabs/installer:v1.2.0-alpha.1
k8s.gcr.io/pause:3.6

talos - v1.1.2

Published by talos-bot about 2 years ago

Talos 1.1.2 (2022-07-26)

Welcome to the v1.1.2 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 5.15.57
Kubernetes: 1.24.3

Talos is built with Go 1.18.4.

Contributors

Andrey Smirnov
Noel Georgi

Changes

siderolabs/talos@08dd00063 release(v1.1.2): prepare release
siderolabs/talos@c5959d66f chore: fix typo in powercycle
siderolabs/talos@d8e893b25 fix: folder permissions of overlay mounted folders
siderolabs/talos@2ae1455c8 fix: use masks and different firewall mark for KubeSpan
siderolabs/talos@e88c1fba8 fix: skip bond itself when matching interface (Equinix Metal)
siderolabs/talos@2f419b5a8 feat: update Kubernetes to 1.24.3
siderolabs/talos@a958d16e6 chore: bump kernel to 5.15.57

Changes from siderolabs/pkgs

siderolabs/pkgs@9e269be chore: bump kernel to 5.15.57

Dependency Changes

github.com/siderolabs/pkgs v1.1.0-15-gf171197 -> v1.1.0-16-g9e269be
k8s.io/api v0.24.2 -> v0.24.3
k8s.io/apiserver v0.24.2 -> v0.24.3
k8s.io/client-go v0.24.2 -> v0.24.3
k8s.io/component-base v0.24.2 -> v0.24.3
k8s.io/kubectl v0.24.2 -> v0.24.3
k8s.io/kubelet v0.24.2 -> v0.24.3

Previous release can be found at v1.1.1

Images

ghcr.io/siderolabs/flannel:v0.18.1
ghcr.io/siderolabs/install-cni:v1.1.0-2-gcb03a5d
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.4
k8s.gcr.io/kube-apiserver:v1.24.3
k8s.gcr.io/kube-controller-manager:v1.24.3
k8s.gcr.io/kube-scheduler:v1.24.3
k8s.gcr.io/kube-proxy:v1.24.3
ghcr.io/siderolabs/kubelet:v1.24.3
ghcr.io/siderolabs/installer:v1.1.2
k8s.gcr.io/pause:3.6

talos - v1.1.1

Published by talos-bot over 2 years ago

Talos 1.1.1 (2022-07-13)

Welcome to the v1.1.1 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 5.15.54

Talos is built with Go 1.18.4.

Contributors

Andrey Smirnov
Noel Georgi
Davincible
Tim Jones

Changes

siderolabs/talos@40a050c6c release(v1.1.1): prepare release
siderolabs/talos@2a2eba470 feat: update Go to 1.18.4, Linux to 5.15.54
siderolabs/talos@6b7c6110c fix: stabilize etcd join and promote sequences
siderolabs/talos@6dbc086b0 fix: use correct etcd cert path
siderolabs/talos@56daca8f3 fix: siderlink api assume port 443 with https schema
siderolabs/talos@f9f1c432f fix: provide CA certificates in /etc/ssl/certs/ca-certificates.crt
siderolabs/talos@2cd61a544 chore: update blockdevice library to v0.3.3
siderolabs/talos@a76a90a43 fix: generate correct bootstrap manifests when only IPv6 CIDR is used
siderolabs/talos@76d048ffc fix: look for qemu-kvm binary
siderolabs/talos@e80ea3ebf chore: bump kernel to 5.15.51
siderolabs/talos@01637362d chore: bump kernel to 5.15.50
siderolabs/talos@b8b553212 chore: bump kernel to 5.15.49

Changes from siderolabs/extras

siderolabs/extras@cb03a5d chore: update Go to 1.18.4

Changes from siderolabs/pkgs

siderolabs/pkgs@f171197 chore: update Go to 1.18.4
siderolabs/pkgs@049489d chore: bump kernel to 5.15.54
siderolabs/pkgs@9bbe83d chore: bump kernel to 5.15.53
siderolabs/pkgs@d63072d chore: bump kernel to 5.15.52
siderolabs/pkgs@7bd80cb chore: bump kernel to 5.15.51
siderolabs/pkgs@cddc8c1 chore: bump kernel to 5.15.50
siderolabs/pkgs@94831b3 chore: bump kernel to 5.15.49

Changes from siderolabs/tools

siderolabs/tools@9edfc1f feat: update Go 1.18.4

Dependency Changes

github.com/siderolabs/extras v1.1.0-1-g5800284 -> v1.1.0-2-gcb03a5d
github.com/siderolabs/pkgs v1.1.0-8-gfa9a488 -> v1.1.0-15-gf171197
github.com/siderolabs/tools v1.1.0-1-g134974c -> v1.1.0-2-g9edfc1f

Previous release can be found at v1.1.0

Images

ghcr.io/siderolabs/flannel:v0.18.1
ghcr.io/siderolabs/install-cni:v1.1.0-2-gcb03a5d
docker.io/coredns/coredns:1.9.3
gcr.io/etcd-development/etcd:v3.5.4
k8s.gcr.io/kube-apiserver:v1.24.2
k8s.gcr.io/kube-controller-manager:v1.24.2
k8s.gcr.io/kube-scheduler:v1.24.2
k8s.gcr.io/kube-proxy:v1.24.2
ghcr.io/siderolabs/kubelet:v1.24.2
ghcr.io/siderolabs/installer:v1.1.1
k8s.gcr.io/pause:3.6