Talos Linux is a modern Linux distribution built for Kubernetes.
MPL-2.0 License
Bot releases are visible (Hide)
Welcome to the v1.7.2 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Kubernetes: 1.30.1
Linux: 6.6.30
Talos is built with Go 1.22.3.
pkg/imager/quirks
to pkg/machinery
nil
machine config during installationPrevious release can be found at v1.7.1
ghcr.io/siderolabs/flannel:v0.25.1
ghcr.io/siderolabs/install-cni:v1.7.0-1-gbb76755
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.13
registry.k8s.io/kube-apiserver:v1.30.1
registry.k8s.io/kube-controller-manager:v1.30.1
registry.k8s.io/kube-scheduler:v1.30.1
registry.k8s.io/kube-proxy:v1.30.1
ghcr.io/siderolabs/kubelet:v1.30.1
ghcr.io/siderolabs/installer:v1.7.2
registry.k8s.io/pause:3.8
Published by talos-bot 6 months ago
Welcome to the v1.8.0-alpha.0 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Linux: 6.6.29
containerd: 1.7.16
Talos is built with Go 1.22.2.
Talos Linux now compresses kernel and initramfs using ZSTD.
Linux arm64 kernel is now compressed (previously it was uncompressed).
talosctl cluster create --input-dir
--non-masquerade-cidrs
flag to talosctl cluster create
host-dns
servicepkg/imager/quirks
to pkg/machinery
Previous release can be found at v1.7.0
ghcr.io/siderolabs/flannel:v0.25.1
ghcr.io/siderolabs/install-cni:v1.8.0-alpha.0
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.13
registry.k8s.io/kube-apiserver:v1.30.0
registry.k8s.io/kube-controller-manager:v1.30.0
registry.k8s.io/kube-scheduler:v1.30.0
registry.k8s.io/kube-proxy:v1.30.0
ghcr.io/siderolabs/kubelet:v1.30.0
ghcr.io/siderolabs/installer:v1.8.0-alpha.0
registry.k8s.io/pause:3.8
Published by talos-bot 6 months ago
Welcome to the v1.7.1 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Linux: 6.6.29
containerd: 1.7.16
Talos is built with Go 1.22.2.
host-dns
servicePrevious release can be found at v1.7.0
ghcr.io/siderolabs/flannel:v0.25.1
ghcr.io/siderolabs/install-cni:v1.7.0-1-gbb76755
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.13
registry.k8s.io/kube-apiserver:v1.30.0
registry.k8s.io/kube-controller-manager:v1.30.0
registry.k8s.io/kube-scheduler:v1.30.0
registry.k8s.io/kube-proxy:v1.30.0
ghcr.io/siderolabs/kubelet:v1.30.0
ghcr.io/siderolabs/installer:v1.7.1
registry.k8s.io/pause:3.8
Published by talos-bot 6 months ago
Welcome to the v1.7.0 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Documentation on What's New in Talos 1.7.0
Talos Linux now supports rotating the root CA certificate and key for Talos API and Kubernetes API.
Talos Linux now supports physical: true
qualifier for device selectors, it selects non-virtual network interfaces (i.e. en0
is selected, while bond0
is not).
Talos Linux now provides a caching DNS resolver for host workloads (including host networking pods). It can be disabled with:
machine:
features:
hostDNS:
enabled: false
You can also enable dns caching for k8s pods with:
machine:
features:
hostDNS:
enabled: true
forwardKubeDNSToHost: true
Please note that on running cluster you will have to kill CoreDNS pods for this change to apply.
If you want to can also enable the resolving of member addresses through their host and node names:
machine:
features:
hostDNS:
enabled: true
resolveMemberNames: true
Talos now supports supplying configuration files and environment variables for extension services.
The extension service configuration is a separate config document. An example is shown below:
---
apiVersion: v1alpha1
kind: ExtensionServiceConfig
name: nut-client
configFiles:
- content: MONITOR ${upsmonHost} 1 remote pass password
mountPath: /usr/local/etc/nut/upsmon.conf
environment:
- UPS_NAME=ups
For documentation, see Extension Services Config Files.
Note: The use of environmentFile
in extension service spec is now deprecated and will be removed in a future release of Talos.
Use ExtensionServiceConfig
instead.
Talos Linux now forces kubelet
and kube-proxy
to use iptables-nft
instead of iptables-legacy
(xtables
) which was the default
before Talos 1.7.0.
Container images based on iptables-wrapper
should work without changes, but if there was a direct call to legacy
mode of iptables
, make sure
to update to use iptables-nft
.
The command talosctl upgrade-k8s
now supports specifying custom image references for Kubernetes components via --*-image
flags.
The default behavior is unchanged, and the flags are optional.
Talos Linux disables by default a KubeSpan feature to harvest additional endpoints from KubeSpan members.
This feature turned out to be less helpful than expected and caused unnecessary performance issues.
Previous behavior can be restored with:
machine:
network:
kubespan:
harvestExtraEndpoints: true
Talos Linux now supports setting extra tags when sending logs in JSON format:
machine:
logging:
destinations:
- endpoint: "udp://127.0.0.1:12345/"
format: "json_lines"
extraTags:
server: s03-rack07
Default NTP server was updated to be time.cloudflare.com
instead of pool.ntp.org
.
Default server is only used if the user does not specify any NTP servers in the configuration.
Talos Linux can now sync to PTP devices (e.g. provided by the hypervisor) skipping the network time servers.
In order to activate PTP sync, set machine.time.servers
to the PTP device name (e.g. /dev/ptp0
):
machine:
time:
servers:
- /dev/ptp0
Talos Linux now supports OpenNebula platform.
Talos Linux now supports Akamai Connected Cloud provider (platform akamai
).
Talos Linux starting from this release uses RSA key for Kubernetes API Server Service Account instead of ECDSA key to provide better compatibility with external OpenID Connect implementations.
Talos has split the SBC's (Single Board Computers) into separate repositories.
There will not be any more SBC specific release assets as part of Talos release.
The default Talos Installer image will stop working for SBC's and will fail the upgrade, if used, starting from Talos v1.7.0.
The SBC's images and installers can be generated on the fly using Image Factory or using Imager for custom images.
The list of official SBC's images supported by Image Factory can be found in the Overlays repository.
Talos Linux now provides a way to configure systemd-boot ISO 'secure-boot-enroll' option while generating a SecureBoot ISO image:
output:
kind: iso
isoOptions:
sdBootEnrollKeys: force # default is still if-safe
outFormat: raw
Talos Linux now starts a basic syslog receiver listening on /dev/log
.
The receiver can mostly parse both RFC3164 and RFC5424 messages and writes them as JSON formatted message.
The logs can be viewed via talosctl logs syslogd
.
This is mostly implemented for extension services that log to syslog.
Linux: 6.6.28
etcd: 3.5.11
Kubernetes: 1.30.0
containerd: 1.7.15
runc: 1.1.12
Flannel: 0.25.1
Talos is built with Go 1.22.2.
Talos Linux now supports hardware watchdog timers configuration.
If enabled, and the machine becomes unresponsive, the hardware watchdog will reset the machine.
The watchdog can be enabled with the following configuration document:
apiVersion: v1alpha1
kind: WatchdogTimerConfig
device: /dev/watchdog0
timeout: 3m0s
ExtraInfo
field for extensionssiderolink-launch
subcommandgo-talos-support
librarytalosctl upgrade-k8s
Install
for imager overlayslogs
command completionstalos_version_contract
for TF teststalosctl cluster create
DNSUpstreamController
environmentFile
for extensionsExtensionServicesConfig
DNSResolveCacheController
mptspi
drivertalosctl config new
talosctl gen secureboot
--nodes
talosctl disks
talosctl cluster create
actor id
to the SideroLink events sinkmerge.Merge
if map value is nilSyncMap
and bump stuffPREEMPT_NONE
as recommended for serversagent
packagePrevious release can be found at v1.6.0
ghcr.io/siderolabs/flannel:v0.25.1
ghcr.io/siderolabs/install-cni:v1.7.0-1-gbb76755
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.13
registry.k8s.io/kube-apiserver:v1.30.0
registry.k8s.io/kube-controller-manager:v1.30.0
registry.k8s.io/kube-scheduler:v1.30.0
registry.k8s.io/kube-proxy:v1.30.0
ghcr.io/siderolabs/kubelet:v1.30.0
ghcr.io/siderolabs/installer:v1.7.0
registry.k8s.io/pause:3.8
Published by talos-bot 6 months ago
Welcome to the v1.7.0-beta.1 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos Linux now supports rotating the root CA certificate and key for Talos API and Kubernetes API.
Talos Linux now supports physical: true
qualifier for device selectors, it selects non-virtual network interfaces (i.e. en0
is selected, while bond0
is not).
Talos Linux now provides a caching DNS resolver for host workloads (including host networking pods). It can be disabled with:
machine:
features:
hostDNS:
enabled: false
You can also enable dns caching for k8s pods with:
machine:
features:
hostDNS:
enabled: true
forwardKubeDNSToHost: true
Please note that on running cluster you will have to kill CoreDNS pods for this change to apply.
Talos now supports supplying configuration files and environment variables for extension services.
The extension service configuration is a separate config document. An example is shown below:
---
apiVersion: v1alpha1
kind: ExtensionServiceConfig
name: nut-client
configFiles:
- content: MONITOR ${upsmonHost} 1 remote pass password
mountPath: /usr/local/etc/nut/upsmon.conf
environment:
- UPS_NAME=ups
For documentation, see Extension Services Config Files.
Note: The use of environmentFile
in extension service spec is now deprecated and will be removed in a future release of Talos.
Use ExtensionServiceConfig
instead.
Talos Linux now forces kubelet
and kube-proxy
to use iptables-nft
instead of iptables-legacy
(xtables
) which was the default
before Talos 1.7.0.
Container images based on iptables-wrapper
should work without changes, but if there was a direct call to legacy
mode of iptables
, make sure
to update to use iptables-nft
.
The command talosctl upgrade-k8s
now supports specifying custom image references for Kubernetes components via --*-image
flags.
The default behavior is unchanged, and the flags are optional.
Talos Linux disables by default a KubeSpan feature to harvest additional endpoints from KubeSpan members.
This feature turned out to be less helpful than expected and caused unnecessary performance issues.
Previous behavior can be restored with:
machine:
network:
kubespan:
harvestExtraEndpoints: true
Talos Linux now supports setting extra tags when sending logs in JSON format:
machine:
logging:
destinations:
- endpoint: "udp://127.0.0.1:12345/"
format: "json_lines"
extraTags:
server: s03-rack07
Default NTP server was updated to be time.cloudflare.com
instead of pool.ntp.org
.
Default server is only used if the user does not specify any NTP servers in the configuration.
Talos Linux can now sync to PTP devices (e.g. provided by the hypervisor) skipping the network time servers.
In order to activate PTP sync, set machine.time.servers
to the PTP device name (e.g. /dev/ptp0
):
machine:
time:
servers:
- /dev/ptp0
Talos Linux now supports OpenNebula platform.
Talos Linux now supports Akamai Connected Cloud provider (platform akamai
).
Talos Linux starting from this release uses RSA key for Kubernetes API Server Service Account instead of ECDSA key to provide better compatibility with external OpenID Connect implementations.
Talos has split the SBC's (Single Board Computers) into separate repositories.
There will not be any more SBC specific release assets as part of Talos release.
The default Talos Installer image will stop working for SBC's and will fail the upgrade, if used, starting from Talos v1.7.0.
The SBC's images and installers can be generated on the fly using Image Factory or using Imager for custom images.
The list of official SBC's images supported by Image Factory can be found in the Overlays repository.
Talos Linux now provides a way to configure systemd-boot ISO 'secure-boot-enroll' option while generating a SecureBoot ISO image:
output:
kind: iso
isoOptions:
sdBootEnrollKeys: force # default is still if-safe
outFormat: raw
Talos Linux now starts a basic syslog receiver listening on /dev/log
.
The receiver can mostly parse both RFC3164 and RFC5424 messages and writes them as JSON formatted message.
The logs can be viewed via talosctl logs syslogd
.
This is mostly implemented for extension services that log to syslog.
Linux: 6.6.26
etcd: 3.5.11
Kubernetes: 1.30.0-rc.2
containerd: 1.7.15
runc: 1.1.12
Flannel: 0.24.4
Talos is built with Go 1.22.2.
Talos Linux now supports hardware watchdog timers configuration.
If enabled, and the machine becomes unresponsive, the hardware watchdog will reset the machine.
The watchdog can be enabled with the following configuration document:
apiVersion: v1alpha1
kind: WatchdogTimerConfig
device: /dev/watchdog0
timeout: 3m0s
ExtraInfo
field for extensionssiderolink-launch
subcommandgo-talos-support
librarytalosctl upgrade-k8s
Install
for imager overlayslogs
command completionstalos_version_contract
for TF teststalosctl cluster create
DNSUpstreamController
environmentFile
for extensionsExtensionServicesConfig
DNSResolveCacheController
mptspi
drivertalosctl config new
talosctl gen secureboot
--nodes
talosctl disks
talosctl cluster create
actor id
to the SideroLink events sinkmerge.Merge
if map value is nilSyncMap
and bump stuffPREEMPT_NONE
as recommended for serversagent
packagePrevious release can be found at v1.6.0
ghcr.io/siderolabs/flannel:v0.24.4
ghcr.io/siderolabs/install-cni:v1.7.0-1-gbb76755
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.13
registry.k8s.io/kube-apiserver:v1.30.0-rc.2
registry.k8s.io/kube-controller-manager:v1.30.0-rc.2
registry.k8s.io/kube-scheduler:v1.30.0-rc.2
registry.k8s.io/kube-proxy:v1.30.0-rc.2
ghcr.io/siderolabs/kubelet:v1.30.0-rc.2
ghcr.io/siderolabs/installer:v1.7.0-beta.1
registry.k8s.io/pause:3.8
Published by talos-bot 7 months ago
Welcome to the v1.7.0-beta.0 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos Linux now supports rotating the root CA certificate and key for Talos API and Kubernetes API.
Talos Linux now supports physical: true
qualifier for device selectors, it selects non-virtual network interfaces (i.e. en0
is selected, while bond0
is not).
Talos Linux now provides a caching DNS resolver for host workloads (including host networking pods). It can be disabled with:
machine:
features:
hostDNS:
enabled: false
Talos now supports supplying configuration files and environment variables for extension services.
The extension service configuration is a separate config document. An example is shown below:
---
apiVersion: v1alpha1
kind: ExtensionServiceConfig
name: nut-client
configFiles:
- content: MONITOR ${upsmonHost} 1 remote pass password
mountPath: /usr/local/etc/nut/upsmon.conf
environment:
- UPS_NAME=ups
For documentation, see Extension Services Config Files.
Note: The use of environmentFile
in extension service spec is now deprecated and will be removed in a future release of Talos.
Use ExtensionServiceConfig
instead.
The command talosctl upgrade-k8s
now supports specifying custom image references for Kubernetes components via --*-image
flags.
The default behavior is unchanged, and the flags are optional.
Talos Linux disables by default a KubeSpan feature to harvest additional endpoints from KubeSpan members.
This feature turned out to be less helpful than expected and caused unnecessary performance issues.
Previous behavior can be restored with:
machine:
network:
kubespan:
harvestExtraEndpoints: true
Talos Linux now supports setting extra tags when sending logs in JSON format:
machine:
logging:
destinations:
- endpoint: "udp://127.0.0.1:12345/"
format: "json_lines"
extraTags:
server: s03-rack07
Default NTP server was updated to be time.cloudflare.com
instead of pool.ntp.org
.
Default server is only used if the user does not specify any NTP servers in the configuration.
Talos Linux can now sync to PTP devices (e.g. provided by the hypervisor) skipping the network time servers.
In order to activate PTP sync, set machine.time.servers
to the PTP device name (e.g. /dev/ptp0
):
machine:
time:
servers:
- /dev/ptp0
Talos Linux now supports OpenNebula platform.
Talos Linux now supports Akamai Connected Cloud provider (platform akamai
).
Talos Linux starting from this release uses RSA key for Kubernetes API Server Service Account instead of ECDSA key to provide better compatibility with external OpenID Connect implementations.
Talos has split the SBC's (Single Board Computers) into separate repositories.
There will not be any more SBC specific release assets as part of Talos release.
The default Talos Installer image will stop working for SBC's and will fail the upgrade, if used, starting from Talos v1.7.0.
The SBC's images and installers can be generated on the fly using Image Factory or using Imager for custom images.
The list of official SBC's images supported by Image Factory can be found in the Overlays repository.
Talos Linux now provides a way to configure systemd-boot ISO 'secure-boot-enroll' option while generating a SecureBoot ISO image:
output:
kind: iso
isoOptions:
sdBootEnrollKeys: force # default is still if-safe
outFormat: raw
Talos Linux now starts a basic syslog receiver listening on /dev/log
.
The receiver can mostly parse both RFC3164 and RFC5424 messages and writes them as JSON formatted message.
The logs can be viewed via talosctl logs syslogd
.
This is mostly implemented for extension services that log to syslog.
Linux: 6.6.24
etcd: 3.5.11
Kubernetes: 1.30.0-rc.1
containerd: 1.7.14
runc: 1.1.12
Flannel: 0.24.4
Talos is built with Go 1.22.2.
Talos Linux now supports hardware watchdog timers configuration.
If enabled, and the machine becomes unresponsive, the hardware watchdog will reset the machine.
The watchdog can be enabled with the following configuration document:
apiVersion: v1alpha1
kind: WatchdogTimerConfig
device: /dev/watchdog0
timeout: 3m0s
ExtraInfo
field for extensionssiderolink-launch
subcommandgo-talos-support
librarytalosctl upgrade-k8s
Install
for imager overlayslogs
command completionstalos_version_contract
for TF teststalosctl cluster create
DNSUpstreamController
environmentFile
for extensionsExtensionServicesConfig
DNSResolveCacheController
mptspi
drivertalosctl config new
talosctl gen secureboot
--nodes
talosctl disks
talosctl cluster create
actor id
to the SideroLink events sinkmerge.Merge
if map value is nilExtraInfo
field for extensionssiderolink-launch
subcommandgo-talos-support
librarytalosctl upgrade-k8s
SyncMap
and bump stuffPREEMPT_NONE
as recommended for serversagent
packagePrevious release can be found at v1.6.0
ghcr.io/siderolabs/flannel:v0.24.4
ghcr.io/siderolabs/install-cni:v1.7.0-1-gbb76755
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.13
registry.k8s.io/kube-apiserver:v1.30.0-rc.1
registry.k8s.io/kube-controller-manager:v1.30.0-rc.1
registry.k8s.io/kube-scheduler:v1.30.0-rc.1
registry.k8s.io/kube-proxy:v1.30.0-rc.1
ghcr.io/siderolabs/kubelet:v1.30.0-rc.1
ghcr.io/siderolabs/installer:v1.7.0-beta.0
registry.k8s.io/pause:3.8
Published by talos-bot 7 months ago
Welcome to the v1.6.7 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos is built with Go 1.21.8.
talosctl upgrade-k8s
Previous release can be found at v1.6.6
ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0-2-g9234398
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.11
registry.k8s.io/kube-apiserver:v1.29.3
registry.k8s.io/kube-controller-manager:v1.29.3
registry.k8s.io/kube-scheduler:v1.29.3
registry.k8s.io/kube-proxy:v1.29.3
ghcr.io/siderolabs/kubelet:v1.29.3
ghcr.io/siderolabs/installer:v1.6.7
registry.k8s.io/pause:3.8
Published by talos-bot 7 months ago
Welcome to the v1.7.0-alpha.1 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos Linux now supports physical: true
qualifier for device selectors, it selects non-virtual network interfaces (i.e. en0
is selected, while bond0
is not).
Talos Linux now provides a caching DNS resolver for host workloads (including host networking pods). It can be disabled with:
machine:
features:
localDNS: false
Talos now supports supplying configuration files and environment variables for extension services.
The extension service configuration is a separate config document. An example is shown below:
---
apiVersion: v1alpha1
kind: ExtensionServiceConfig
name: nut-client
configFiles:
- content: MONITOR ${upsmonHost} 1 remote pass password
mountPath: /usr/local/etc/nut/upsmon.conf
environment:
- UPS_NAME=ups
For documentation, see Extension Services Config Files.
Note: The use of environmentFile
in extension service spec is now deprecated and will be removed in a future release of Talos.
Use ExtensionServiceConfig
instead.
The command talosctl upgrade-k8s
now supports specifying custom image references for Kubernetes components via --*-image
flags.
The default behavior is unchanged, and the flags are optional.
Talos Linux disables by default a KubeSpan feature to harvest additional endpoints from KubeSpan members.
This feature turned out to be less helpful than expected and caused unnecessary performance issues.
Previous behavior can be restored with:
machine:
network:
kubespan:
harvestExtraEndpoints: true
Default NTP server was updated to be time.cloudflare.com
instead of pool.ntp.org
.
Default server is only used if the user does not specify any NTP servers in the configuration.
Talos Linux now supports OpenNebula platform.
DRBD extension is disabled in this release due to incompatibility with the latest Linux kernel.
Talos Linux starting from this release uses RSA key for Kubernetes API Server Service Account instead of ECDSA key to provide better compatibility with external OpenID Connect implementations.
Talos core will drop support for SBC's and will not include the SBC binaries in the release.
Overlays are being developed to support SBC's.
Talos Linux now provides a way to configure systemd-boot ISO 'secure-boot-enroll' option while generating a SecureBoot ISO image:
output:
kind: iso
isoOptions:
sdBootEnrollKeys: force # default is still if-safe
outFormat: raw
Talos Linux now starts a basic syslog receiver listening on /dev/log
.
The receiver can mostly parse both RFC3164 and RFC5424 messages and writes them as JSON formatted message.
The logs can be viewed via talosctl logs syslogd
.
This is mostly implemented for extension services that log to syslog.
Linux: 6.6.21
etcd: 3.5.11
Kubernetes: 1.30.0-beta.0
containerd: 1.7.14
runc: 1.1.12
Flannel: 0.24.1
Talos is built with Go 1.22.1.
Install
for imager overlayslogs
command completionstalos_version_contract
for TF teststalosctl cluster create
DNSUpstreamController
environmentFile
for extensionsExtensionServicesConfig
DNSResolveCacheController
mptspi
drivertalosctl config new
talosctl gen secureboot
--nodes
talosctl disks
talosctl cluster create
actor id
to the SideroLink events sinkmerge.Merge
if map value is nilInstall
for imager overlayslogs
command completionstalos_version_contract
for TF teststalosctl cluster create
DNSUpstreamController
environmentFile
for extensionsExtensionServicesConfig
DNSResolveCacheController
SyncMap
and bump stuffPREEMPT_NONE
as recommended for serversPrevious release can be found at v1.6.0
ghcr.io/siderolabs/flannel:v0.24.1
ghcr.io/siderolabs/install-cni:v1.7.0-alpha.0-3-g47bb718
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.12
registry.k8s.io/kube-apiserver:v1.30.0-beta.0
registry.k8s.io/kube-controller-manager:v1.30.0-beta.0
registry.k8s.io/kube-scheduler:v1.30.0-beta.0
registry.k8s.io/kube-proxy:v1.30.0-beta.0
ghcr.io/siderolabs/kubelet:v1.30.0-beta.0
ghcr.io/siderolabs/installer:v1.7.0-alpha.1
registry.k8s.io/pause:3.8
Published by talos-bot 8 months ago
Welcome to the v1.6.6 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos is built with Go 1.21.8.
Previous release can be found at v1.6.5
ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0-2-g9234398
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.11
registry.k8s.io/kube-apiserver:v1.29.2
registry.k8s.io/kube-controller-manager:v1.29.2
registry.k8s.io/kube-scheduler:v1.29.2
registry.k8s.io/kube-proxy:v1.29.2
ghcr.io/siderolabs/kubelet:v1.29.2
ghcr.io/siderolabs/installer:v1.6.6
registry.k8s.io/pause:3.8
Published by talos-bot 8 months ago
Welcome to the v1.6.5 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
The command talosctl upgrade-k8s
now supports specifying custom image references for Kubernetes components via --*-image
flags.
The default behavior is unchanged, and the flags are optional.
Kubernetes: 1.29.2
Linux: 6.1.78
Talos is built with Go 1.21.6.
PREEMPT_NONE
as recommended for serversPrevious release can be found at v1.6.4
ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0-1-g113887a
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.11
registry.k8s.io/kube-apiserver:v1.29.2
registry.k8s.io/kube-controller-manager:v1.29.2
registry.k8s.io/kube-scheduler:v1.29.2
registry.k8s.io/kube-proxy:v1.29.2
ghcr.io/siderolabs/kubelet:v1.29.2
ghcr.io/siderolabs/installer:v1.6.5
registry.k8s.io/pause:3.8
Published by talos-bot 9 months ago
Welcome to the v1.5.6 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Linux: 6.1.74
containerd: 1.6.28
runc: 1.1.12
See CVE-2024-21626 for the runc update.
Talos is built with Go 1.20.13.
talosctl disks
FilterInPlace
method to maps and update modulePrevious release can be found at v1.5.5
ghcr.io/siderolabs/flannel:v0.22.1
ghcr.io/siderolabs/install-cni:v1.5.0-3-gb43c4e4
registry.k8s.io/coredns/coredns:v1.10.1
gcr.io/etcd-development/etcd:v3.5.10
registry.k8s.io/kube-apiserver:v1.28.3
registry.k8s.io/kube-controller-manager:v1.28.3
registry.k8s.io/kube-scheduler:v1.28.3
registry.k8s.io/kube-proxy:v1.28.3
ghcr.io/siderolabs/kubelet:v1.28.3
ghcr.io/siderolabs/installer:v1.5.6
registry.k8s.io/pause:3.6
Published by talos-bot 9 months ago
Welcome to the v1.7.0-alpha.0 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos Linux now supports physical: true
qualifier for device selectors, it selects non-virtual network interfaces (i.e. en0
is selected, while bond0
is not).
Talos Linux now provides a caching DNS resolver for host workloads (including host networking pods). It can be disabled with:
machine:
features:
localDNS: false
ZFS and DRBD extensions are disabled in this release due to incompatibility with the latest Linux kernel.
Talos Linux starting from this release uses RSA key for Kubernetes API Server Service Account instead of ECDSA key to provide better compatibility with external OpenID Connect implementations.
Linux: 6.6.14
etcd: 3.5.11
Kubernetes: 1.29.1
containerd: 1.7.13
runc: 1.1.12
Flannel: 0.24.1
Talos is built with Go 1.21.6.
mptspi
drivertalosctl config new
talosctl gen secureboot
--nodes
talosctl disks
talosctl cluster create
actor id
to the SideroLink events sinkmerge.Merge
if map value is nilPrevious release can be found at v1.6.0
ghcr.io/siderolabs/flannel:v0.24.1
ghcr.io/siderolabs/install-cni:v1.7.0-alpha.0
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.12
registry.k8s.io/kube-apiserver:v1.29.1
registry.k8s.io/kube-controller-manager:v1.29.1
registry.k8s.io/kube-scheduler:v1.29.1
registry.k8s.io/kube-proxy:v1.29.1
ghcr.io/siderolabs/kubelet:v1.29.1
ghcr.io/siderolabs/installer:v1.7.0-alpha.0
registry.k8s.io/pause:3.8
Published by talos-bot 9 months ago
Welcome to the v1.6.4 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
containerd: 1.7.13
runc: 1.1.12
See CVE-2024-21626 for the runc update.
Talos is built with Go 1.21.6.
Previous release can be found at v1.6.3
ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0-1-g113887a
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.11
registry.k8s.io/kube-apiserver:v1.29.1
registry.k8s.io/kube-controller-manager:v1.29.1
registry.k8s.io/kube-scheduler:v1.29.1
registry.k8s.io/kube-proxy:v1.29.1
ghcr.io/siderolabs/kubelet:v1.29.1
ghcr.io/siderolabs/installer:v1.6.4
registry.k8s.io/pause:3.8
Published by talos-bot 9 months ago
Welcome to the v1.6.3 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Linux: 6.1.74
Kubernetes: 1.29.1
Talos is built with Go 1.21.6.
Previous release can be found at v1.6.2
ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0-1-g113887a
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.11
registry.k8s.io/kube-apiserver:v1.29.1
registry.k8s.io/kube-controller-manager:v1.29.1
registry.k8s.io/kube-scheduler:v1.29.1
registry.k8s.io/kube-proxy:v1.29.1
ghcr.io/siderolabs/kubelet:v1.29.1
ghcr.io/siderolabs/installer:v1.6.3
registry.k8s.io/pause:3.8
Published by talos-bot 9 months ago
Welcome to the v1.6.2 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Linux: 6.1.73
Talos is built with Go 1.21.6.
talosctl gen secureboot
--nodes
talosctl disks
talosctl cluster create
Previous release can be found at v1.6.1
ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0-1-g113887a
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.11
registry.k8s.io/kube-apiserver:v1.29.0
registry.k8s.io/kube-controller-manager:v1.29.0
registry.k8s.io/kube-scheduler:v1.29.0
registry.k8s.io/kube-proxy:v1.29.0
ghcr.io/siderolabs/kubelet:v1.29.0
ghcr.io/siderolabs/installer:v1.6.2
registry.k8s.io/pause:3.8
Published by talos-bot 10 months ago
Welcome to the v1.6.1 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Linux: 6.1.69
containerd: 1.7.11
Talos is built with Go 1.21.5.
Previous release can be found at v1.6.0
ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0-1-g113887a
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.11
registry.k8s.io/kube-apiserver:v1.29.0
registry.k8s.io/kube-controller-manager:v1.29.0
registry.k8s.io/kube-scheduler:v1.29.0
registry.k8s.io/kube-proxy:v1.29.0
ghcr.io/siderolabs/kubelet:v1.29.0
ghcr.io/siderolabs/installer:v1.6.1
registry.k8s.io/pause:3.8
Published by talos-bot 10 months ago
Welcome to the v1.6.0 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos Linux when running on the metal
platform can be configured to authenticate the machine configuration download using OAuth2 device flow.
Previously, network device selectors only matched the first link, now the configuration is applied to all matching links.
Talos now starts Extension Services early in the boot process, this allows guest agents to be started in maintenance mode.
Starting with Talos 1.6, there is no Linux firmware included in the initramfs.
Customers who need Linux firmware can pull them as extension during install time using the image factory service.
If the initial boot requires firmware, a custom iso can be built with the firmware included using the image factory service.
This also ensures that the linux-firmware is not tied to a specific Talos version.
Talos Linux now supports customizing default Flannel manifest with extra arguments for flanneld.
cluster:
network:
cni:
flannel:
extraArgs:
- --iface-can-reach=192.168.1.1
Talos Linux now supports configuring the ingress firewall rules.
Talos and Imager now supports dropping kernel arguments specified in .machine.install.extraKernelArgs
or as --extra-kernel-arg
to imager.
Any kernel argument that starts with a -
is dropped. Kernel arguments to be dropped can be specified either as -<key>
which would remove all arguments that start with <key>
or as -<key>=<value>
which would remove the exact argument.
Talos now supports specifying the kube-scheduler configuration in the Talos configuration file.
It can be set under cluster.scheduler.config
and kube-scheduler will be automatically configured to with the correct flags.
Talos now supports specifying the kubelet credential provider configuration in the Talos configuration file.
It can be set under machine.kubelet.credentialProviderConfig
and kubelet will be automatically configured to with the correct flags.
The credential binaries are expected to be present under /usr/local/lib/kubelet/credentialproviders
.
Talos System Extensions can be used to install the credential binaries.
KubePrism is enabled by default on port 7445.
Talos now handles sysctl/sysfs key names in line with sysctl.conf(5):
Example (both sysctls are equivalent):
machine:
sysctls:
net/ipv6/conf/eth0.100/disable_ipv6: "1"
net.ipv6.conf.eth0/100.disable_ipv6: "1"
The command images
deprecated in Talos 1.5 was removed, please use talosctl images default
instead.
Linux: 6.1.67
containerd: 1.7.10
CoreDNS: 1.11.1
Kubernetes: 1.29.0
Flannel: 0.23.0
etcd: 3.5.11
runc: 1.1.10
Talos is built with Go 1.21.5.
Talos Linux now supports specifying user disks in .machine.disks
machine configuration links via udev
symlinks, e.g. /dev/disk/by-id/XXXX
.
actor id
to the SideroLink events sinkmerge.Merge
if map value is nilflanneld
Provision
rpc call.der
output talosctl gen secureboot pcr
disk.*
rpi_4
board on upgradeimager
tcell
library on initluks2
if not setgithub.com/blang/semver/v4
actor id
to the SideroLink events sinkFilterInPlace
method to maps and update modulePLATFORM
-pkgs
for upstream kernel modulesgolang.org/x/net
to 0.8.0Previous release can be found at v1.5.0
ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0-1-g113887a
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.11
registry.k8s.io/kube-apiserver:v1.29.0
registry.k8s.io/kube-controller-manager:v1.29.0
registry.k8s.io/kube-scheduler:v1.29.0
registry.k8s.io/kube-proxy:v1.29.0
ghcr.io/siderolabs/kubelet:v1.29.0
ghcr.io/siderolabs/installer:v1.6.0
registry.k8s.io/pause:3.8
Published by talos-bot 11 months ago
Welcome to the v1.6.0-beta.1 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos Linux when running on the metal
platform can be configured to authenticate the machine configuration download using OAuth2 device flow.
Previously, network device selectors only matched the first link, now the configuration is applied to all matching links.
Talos now starts Extension Services early in the boot process, this allows guest agents to be started in maintenance mode.
Starting with Talos 1.6, there is no Linux firmware included in the initramfs.
Customers who need Linux firmware can pull them as extension during install time using the image factory service.
If the initial boot requires firmware, a custom iso can be built with the firmware included using the image factory service.
This also ensures that the linux-firmware is not tied to a specific Talos version.
Talos Linux now supports customizing default Flannel manifest with extra arguments for flanneld.
cluster:
network:
cni:
flannel:
extraArgs:
- --iface-can-reach=192.168.1.1
Talos Linux now supports configuring the ingress firewall rules.
Talos and Imager now supports dropping kernel arguments specified in .machine.install.extraKernelArgs
or as --extra-kernel-arg
to imager.
Any kernel argument that starts with a -
is dropped. Kernel arguments to be dropped can be specified either as -<key>
which would remove all arguments that start with <key>
or as -<key>=<value>
which would remove the exact argument.
Talos now supports specifying the kube-scheduler configuration in the Talos configuration file.
It can be set under cluster.scheduler.config
and kube-scheduler will be automatically configured to with the correct flags.
Talos now supports specifying the kubelet credential provider configuration in the Talos configuration file.
It can be set under machine.kubelet.credentialProviderConfig
and kubelet will be automatically configured to with the correct flags.
The credential binaries are expected to be present under /usr/local/lib/kubelet/credentialproviders
.
Talos System Extensions can be used to install the credential binaries.
KubePrism is enabled by default on port 7445.
Talos now handles sysctl/sysfs key names in line with sysctl.conf(5):
Example (both sysctls are equivalent):
machine:
sysctls:
net/ipv6/conf/eth0.100/disable_ipv6: "1"
net.ipv6.conf.eth0/100.disable_ipv6: "1"
The command images
deprecated in Talos 1.5 was removed, please use talosctl images default
instead.
Linux: 6.1.65
containerd: 1.7.10
CoreDNS: 1.11.1
Kubernetes: 1.29.0-rc.1
Flannel: 0.23.0
etcd: 3.5.11
runc: 1.1.10
Talos is built with Go 1.21.4.
Talos Linux now supports specifying user disks in .machine.disks
machine configuration links via udev
symlinks, e.g. /dev/disk/by-id/XXXX
.
merge.Merge
if map value is nilflanneld
Provision
rpc call.der
output talosctl gen secureboot pcr
disk.*
rpi_4
board on upgradeimager
tcell
library on initluks2
if not setgithub.com/blang/semver/v4
merge.Merge
if map value is nilFilterInPlace
method to maps and update modulePLATFORM
-pkgs
for upstream kernel modulesgolang.org/x/net
to 0.8.0Previous release can be found at v1.5.0
ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0-1-g113887a
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.11
registry.k8s.io/kube-apiserver:v1.29.0-rc.1
registry.k8s.io/kube-controller-manager:v1.29.0-rc.1
registry.k8s.io/kube-scheduler:v1.29.0-rc.1
registry.k8s.io/kube-proxy:v1.29.0-rc.1
ghcr.io/siderolabs/kubelet:v1.29.0-rc.1
ghcr.io/siderolabs/installer:v1.6.0-beta.1
registry.k8s.io/pause:3.8
Published by talos-bot 11 months ago
Welcome to the v1.6.0-beta.0 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos now supports specifying the kubelet credential provider configuration in the Talos configuration file.
It can be set under machine.kubelet.credentialProviderConfig
and kubelet will be automatically configured to with the correct flags.
The credential binaries are expected to be present under /usr/local/lib/kubelet/credentialproviders
.
Talos System Extensions can be used to install the credential binaries.
Previously, network device selectors only matched the first link, now the configuration is applied to all matching links.
Talos now starts Extension Services early in the boot process, this allows guest agents to be started in maintenance mode.
Starting with Talos 1.6, there is no Linux firmware included in the initramfs.
Customers who need Linux firmware can pull them as extension during install time using the image factory service.
If the initial boot requires firmware, a custom iso can be built with the firmware included using the image factory service.
This also ensures that the linux-firmware is not tied to a specific Talos version.
Talos and Imager now supports dropping kernel arguments specified in .machine.install.extraKernelArgs
or as --extra-kernel-arg
to imager.
Any kernel argument that starts with a -
is dropped. Kernel arguments to be dropped can be specified either as -<key>
which would remove all arguments that start with <key>
or as -<key>=<value>
which would remove the exact argument.
Talos now supports specifying the kube-scheduler configuration in the Talos configuration file.
It can be set under cluster.scheduler.config
and kube-scheduler will be automatically configured to with the correct flags.
KubePrism is enabled by default on port 7445.
Talos now handles sysctl/sysfs key names in line with sysctl.conf(5):
Example (both sysctls are equivalent):
machine:
sysctls:
net/ipv6/conf/eth0.100/disable_ipv6: "1"
net.ipv6.conf.eth0/100.disable_ipv6: "1"
The command images
deprecated in Talos 1.5 was removed, please use talosctl images default
instead.
Linux: 6.1.64
containerd: 1.7.10
CoreDNS: 1.11.1
Kubernetes: 1.29.0-rc.1
Flannel: 0.23.0
etcd: 3.5.10
runc: 1.1.10
Talos is built with Go 1.21.4.
flanneld
Provision
rpc call.der
output talosctl gen secureboot pcr
disk.*
rpi_4
board on upgradeimager
tcell
library on initluks2
if not setgithub.com/blang/semver/v4
flanneld
Provision
rpc callFilterInPlace
method to maps and update modulePLATFORM
-pkgs
for upstream kernel modulesgolang.org/x/net
to 0.8.0Previous release can be found at v1.5.0
ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.10
registry.k8s.io/kube-apiserver:v1.29.0-rc.1
registry.k8s.io/kube-controller-manager:v1.29.0-rc.1
registry.k8s.io/kube-scheduler:v1.29.0-rc.1
registry.k8s.io/kube-proxy:v1.29.0-rc.1
ghcr.io/siderolabs/kubelet:v1.29.0-rc.1
ghcr.io/siderolabs/installer:v1.6.0-beta.0
registry.k8s.io/pause:3.8
Published by talos-bot 11 months ago
Welcome to the v1.6.0-alpha.2 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Talos now supports specifying the kubelet credential provider configuration in the Talos configuration file.
It can be set under machine.kubelet.credentialProviderConfig
and kubelet will be automatically configured to with the correct flags.
The credential binaries are expected to be present under /usr/local/lib/kubelet/credentialproviders
.
Talos System Extensions can be used to install the credential binaries.
Previously, network device selectors only matched the first link, now the configuration is applied to all matching links.
Starting with Talos 1.6, there is no Linux firmware included in the initramfs.
Customers who need Linux firmware can pull them as extension during install time using the image factory service.
If the initial boot requires firmware, a custom iso can be built with the firmware included using the image factory service.
This also ensures that the linux-firmware is not tied to a specific Talos version.
Talos now supports specifying the kube-scheduler configuration in the Talos configuration file.
It can be set under cluster.scheduler.config
and kube-scheduler will be automatically configured to with the correct flags.
KubePrism is enabled by default on port 7445.
Talos now handles sysctl/sysfs key names in line with sysctl.conf(5):
Example (both sysctls are equivalent):
machine:
sysctls:
net/ipv6/conf/eth0.100/disable_ipv6: "1"
net.ipv6.conf.eth0/100.disable_ipv6: "1"
The command images
deprecated in Talos 1.5 was removed, please use talosctl images default
instead.
Linux: 6.1.63
containerd: 1.7.9
CoreDNS: 1.11.1
Kubernetes: 1.29.0-alpha.3
Flannel: 0.22.3
etcd: 3.5.10
runc: 1.1.10
Talos is built with Go 1.21.4.
.der
output talosctl gen secureboot pcr
disk.*
rpi_4
board on upgradeimager
tcell
library on initluks2
if not setgithub.com/blang/semver/v4
.der
output talosctl gen secureboot pcr
FilterInPlace
method to maps and update modulePLATFORM
-pkgs
for upstream kernel modulesgolang.org/x/net
to 0.8.0Previous release can be found at v1.5.0
ghcr.io/siderolabs/flannel:v0.22.3
ghcr.io/siderolabs/install-cni:v1.6.0-alpha.0-5-ge8e801b
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.10
registry.k8s.io/kube-apiserver:v1.29.0-alpha.3
registry.k8s.io/kube-controller-manager:v1.29.0-alpha.3
registry.k8s.io/kube-scheduler:v1.29.0-alpha.3
registry.k8s.io/kube-proxy:v1.29.0-alpha.3
ghcr.io/siderolabs/kubelet:v1.29.0-alpha.3
ghcr.io/siderolabs/installer:v1.6.0-alpha.2
registry.k8s.io/pause:3.8