talos

Talos 1.7.2 (2024-05-17)

Welcome to the v1.7.2 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Kubernetes: 1.30.1
Linux: 6.6.30

Talos is built with Go 1.22.3.

Contributors

• Andrey Smirnov
• Artem Chernyshev
• Bernard Gütermann
• Dmitriy Matrenichev
• Noel Georgi
• Spencer Smith
• Utku Ozdemir

Changes

• siderolabs/talos@f876025b3 release(v1.7.2): prepare release
• siderolabs/talos@53eff982f feat: update Kubernetes to 1.30.1
• siderolabs/talos@5bc446e85 chore: update project in GCP testing
• siderolabs/talos@abaff6084 fix: increase host dns packet ttl for pods
• siderolabs/talos@9189fdf4a chore: handle I/O error for xfs_repair
• siderolabs/talos@172569f56 fix: don't enable hostDNS for versions of Talos which do not have it
• siderolabs/talos@a91527ef7 chore: extract pkg/imager/quirks to pkg/machinery
• siderolabs/talos@5e1544432 fix: check for nil machine config during installation
• siderolabs/talos@44853ba0f feat: update Go to 1.22.3, Linux to 6.6.30
• siderolabs/talos@24c353235 fix: do not fail cli action tracker when boot id cannot be read
• siderolabs/talos@4aeb22f76 fix: use a fresh context for etcd unlock

Changes from siderolabs/pkgs

• siderolabs/pkgs@9caa8be fix: disable CONFIG_EFI_DISABLE_PCI_DMA option
• siderolabs/pkgs@4af5dcd feat: update Linux to 6.6.30
• siderolabs/pkgs@996f95d feat: update zfs package to v2.2.4
• siderolabs/pkgs@5e3978f feat: enable NFT FIB lookups
• siderolabs/pkgs@a3c7fbf feat: update Go to 1.22.3

Changes from siderolabs/tools

• siderolabs/tools@345db93 feat: update Go to 1.22.3

Dependency Changes

• github.com/siderolabs/pkgs v1.7.0-9-g76bd73c -> v1.7.0-14-g9caa8be
• github.com/siderolabs/talos/pkg/machinery v1.7.1 -> v1.7.2
• github.com/siderolabs/tools v1.7.0-1-g10b2a69 -> v1.7.0-2-g345db93
• k8s.io/api v0.30.0 -> v0.30.1
• k8s.io/apiserver v0.30.0 -> v0.30.1
• k8s.io/client-go v0.30.0 -> v0.30.1
• k8s.io/component-base v0.30.0 -> v0.30.1
• k8s.io/kube-scheduler v0.30.0 -> v0.30.1
• k8s.io/kubectl v0.30.0 -> v0.30.1
• k8s.io/kubelet v0.30.0 -> v0.30.1
• k8s.io/pod-security-admission v0.30.0 -> v0.30.1

Previous release can be found at v1.7.1

Images

ghcr.io/siderolabs/flannel:v0.25.1
ghcr.io/siderolabs/install-cni:v1.7.0-1-gbb76755
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.13
registry.k8s.io/kube-apiserver:v1.30.1
registry.k8s.io/kube-controller-manager:v1.30.1
registry.k8s.io/kube-scheduler:v1.30.1
registry.k8s.io/kube-proxy:v1.30.1
ghcr.io/siderolabs/kubelet:v1.30.1
ghcr.io/siderolabs/installer:v1.7.2
registry.k8s.io/pause:3.8

Talos 1.8.0-alpha.0 (2024-05-02)

Welcome to the v1.8.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.6.29
containerd: 1.7.16

Talos is built with Go 1.22.2.

ZSTD Compression

Talos Linux now compresses kernel and initramfs using ZSTD.
Linux arm64 kernel is now compressed (previously it was uncompressed).

Contributors

• Andrey Smirnov
• Dmitriy Matrenichev
• Utku Ozdemir
• Dmitry Sharshakov
• Artem Chernyshev
• Bernard Gütermann
• Birger J. Nordølum
• Dennis Marttinen
• Evan Johnson
• Grzegorz Rożniecki
• Igor Rzegocki
• Noel Georgi
• Spencer Smith
• darox
• looklose

Changes

• siderolabs/talos@8df5b85ec release(v1.8.0-alpha.0): prepare release
• siderolabs/talos@07f78182c fix: use a fresh context for etcd unlock
• siderolabs/talos@84cd7dbec feat: update Linux to 6.6.29
• siderolabs/talos@70fdca6a4 chore: update minimum hardware requirement for vmware ova
• siderolabs/talos@b690ffeb8 test: improve DNS resolver test stability
• siderolabs/talos@5aa0299b6 style: use correct capitalization for openstack
• siderolabs/talos@4c0c626b7 feat: use zstd compression in place of xz
• siderolabs/talos@98906ed6e fix: use reboot delay only in case of error
• siderolabs/talos@05fd042bb test: improve the reset integration tests
• siderolabs/talos@8cdf0f7cb docs: fix typo in Cilium instructions
• siderolabs/talos@dd1d279da fix: allow more flags in talosctl cluster create --input-dir
• siderolabs/talos@ef4394e58 chore: update kernel and other packages
• siderolabs/talos@ccdb4c8b1 chore: update google.golang.org/grpc to 1.63.2
• siderolabs/talos@c5b59df69 fix: wait for devices to be discovered before probing filesystems
• siderolabs/talos@0821b9c50 feat: add --non-masquerade-cidrs flag to talosctl cluster create
• siderolabs/talos@2bf613ad3 fix: add endpoints for "virtual" host-dns service
• siderolabs/talos@f4163aefe fix: bump priority of OpenStack routes if IPv6 and default gateway
• siderolabs/talos@6fbd1263c feat: report process MAC labels
• siderolabs/talos@d46032821 fix: return proper value from Bridge.STP instead of plain nil
• siderolabs/talos@bac1d00c3 chore: prepare for Talos 1.8
• siderolabs/talos@d6c8067e1 docs: make 1.7 docs the default
• siderolabs/talos@d7c3a0735 docs: add what's new for v1.7
• siderolabs/talos@908f67fa1 feat: add host dns support for resolving member addrs
• siderolabs/talos@0d20b637d feat: update Kubernetes to 1.30.0
• siderolabs/talos@ec69d7a78 chore: replace math/rand with math/rand/v2
• siderolabs/talos@89040ce43 chore: update go-blockdevice/v2 library to the latest version
• siderolabs/talos@0a785802e fix: overlay installer operations
• siderolabs/talos@b1b63f658 fix: mark overlay installer executable
• siderolabs/talos@3433fa13b feat: use container DNS when in container mode
• siderolabs/talos@5d07ac5a7 fix: close apid inter-backend connections gracefully for real
• siderolabs/talos@7ba18555b docs: fix typos in Akamai and AWS platform docs
• siderolabs/talos@3dd1f4e88 chore: extract pkg/imager/quirks to pkg/machinery
• siderolabs/talos@78bc3a433 docs: update Cilium docs
• siderolabs/talos@831f3d39e feat: update Flannel to v0.25.1
• siderolabs/talos@ea5b3ff0c feat: update Kubernetes to v1.30.0-rc.2
• siderolabs/talos@54dac5ed4 feat: update Linux 6.6.24, containerd 1.7.15
• siderolabs/talos@c51f146da docs: update Akamai platform docs
• siderolabs/talos@9550f5ff7 docs: fix getAuthenticationMethod and completePathFromNode docs
• siderolabs/talos@bfbd02abf fix: assign different priority to IPv6 default gateway on OpenStack
• siderolabs/talos@c8f674bd3 test: add a test for 'spin' container runtime
• siderolabs/talos@5390ccd48 chore: replace []byte with string and use go:embed for templates
• siderolabs/talos@ba7cdc8c8 chore: optimize DNSResolveCacheController
• siderolabs/talos@145f24063 fix: don't modify a global map of profiles
• siderolabs/talos@6fe91ad9c feat: provide Kubernets/Talos version compatibility for 1.8
• siderolabs/talos@909a5800e fix: generate secureboot ISO .der certificate correctly
• siderolabs/talos@b0fdc3c8c fix: make static pods check output consistent
• siderolabs/talos@c6ad0fcce fix: validate that workers don't get cluster CA key
• siderolabs/talos@3735add87 fix: reconnect to the logs stream in dashboard after reboot
• siderolabs/talos@9aa1e1b79 fix: present all accepted CAs to the kube-apiserver
• siderolabs/talos@336e61174 fix: close the apid connection to other machines gracefully
• siderolabs/talos@ff2c427b0 fix: pre-create nftables chain to make kubelet use nftables
• siderolabs/talos@5622f0e45 docs: change localDNS to hostDNS in release notes yaml section

Changes from siderolabs/discovery-client

• siderolabs/discovery-client@ca662d2 feat: export default GRPC dial options for the client
• siderolabs/discovery-client@7a767fa chore: bump Go, deps and rekres

Changes from siderolabs/extras

• siderolabs/extras@fa6663c feat: update Go to 1.22.2

Changes from siderolabs/pkgs

• siderolabs/pkgs@28c5696 feat: update Linux to 6.6.29
• siderolabs/pkgs@9c8a02c feat: update containerd to 1.7.16
• siderolabs/pkgs@ca6249b feat: compress amd64 Linux kernel using zstd
• siderolabs/pkgs@718a7da feat: enable SELinux
• siderolabs/pkgs@207481f feat(intel): add support for power management and ACPI options for Intel CPUs
• siderolabs/pkgs@dfa7dce feat: update Linux to 6.6.28
• siderolabs/pkgs@7b30b61 fix: use proper EFI zBoot image
• siderolabs/pkgs@010913b feat: update Linux 6.6.26, containerd 1.7.15
• siderolabs/pkgs@da397fa feat: enable BFQ IO scheduler
• siderolabs/pkgs@c839801 feat: enable zboot on arm64 with zstd compression
• siderolabs/pkgs@1b28e2c feat: go 1.22.2, Linux 6.6.24
• siderolabs/pkgs@05db2a8 fix: revert musl to 1.2.4

Changes from siderolabs/tools

• siderolabs/tools@bd405ff feat: update go to 1.22.2

Dependency Changes

• cloud.google.com/go/compute/metadata v0.2.3 -> v0.3.0
• github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 -> v1.5.2
• github.com/aws/aws-sdk-go-v2/config v1.27.10 -> v1.27.11
• github.com/aws/aws-sdk-go-v2/service/kms v1.30.1 -> v1.31.0
• github.com/containerd/containerd v1.7.14 -> v1.7.16
• github.com/containernetworking/cni v1.1.2 -> v1.2.0
• github.com/docker/docker v26.0.0 -> v26.0.2
• github.com/google/go-tpm ee6cbcd136f8 -> 1fb84445f623
• github.com/hetznercloud/hcloud-go/v2 v2.7.0 -> v2.7.2
• github.com/insomniacslk/dhcp c728f5dd21c8 -> f1cffa2c0c49
• github.com/klauspost/compress v1.17.7 new
• github.com/miekg/dns v1.1.58 -> v1.1.59
• github.com/prometheus/procfs v0.13.0 -> v0.14.0
• github.com/rivo/tview a22293bda944 -> e119d15762fe
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.25 -> v1.0.0-beta.26
• github.com/siderolabs/discovery-client v0.1.8 -> v0.1.9
• github.com/siderolabs/extras v1.7.0-1-gbb76755 -> v1.8.0-alpha.0
• github.com/siderolabs/pkgs v1.7.0-6-g29106c0 -> v1.8.0-alpha.0-10-g28c5696
• github.com/siderolabs/talos/pkg/machinery v1.7.0 -> v1.8.0-alpha.0
• github.com/siderolabs/tools v1.7.0-1-g10b2a69 -> v1.8.0-alpha.0
• golang.org/x/net v0.23.0 -> v0.24.0
• golang.org/x/oauth2 v0.18.0 -> v0.19.0
• golang.org/x/sync v0.6.0 -> v0.7.0
• golang.org/x/sys v0.18.0 -> v0.19.0
• golang.org/x/term v0.18.0 -> v0.19.0
• google.golang.org/grpc v1.62.1 -> v1.63.2

Previous release can be found at v1.7.0

Images

ghcr.io/siderolabs/flannel:v0.25.1
ghcr.io/siderolabs/install-cni:v1.8.0-alpha.0
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.13
registry.k8s.io/kube-apiserver:v1.30.0
registry.k8s.io/kube-controller-manager:v1.30.0
registry.k8s.io/kube-scheduler:v1.30.0
registry.k8s.io/kube-proxy:v1.30.0
ghcr.io/siderolabs/kubelet:v1.30.0
ghcr.io/siderolabs/installer:v1.8.0-alpha.0
registry.k8s.io/pause:3.8

Talos 1.7.1 (2024-05-01)

Welcome to the v1.7.1 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.6.29
containerd: 1.7.16

Talos is built with Go 1.22.2.

Contributors

• Andrey Smirnov
• Dmitriy Matrenichev
• Igor Rzegocki
• Spencer Smith

Changes

• siderolabs/talos@e9cb904e6 release(v1.7.1): prepare release
• siderolabs/talos@5614934c4 feat: update Linux to 6.6.29
• siderolabs/talos@1d9705af8 chore: update minimum hardware requirement for vmware ova
• siderolabs/talos@22e5753c3 test: improve DNS resolver test stability
• siderolabs/talos@498b68193 test: improve the reset integration tests
• siderolabs/talos@50023bc4e fix: wait for devices to be discovered before probing filesystems
• siderolabs/talos@41024e17a fix: bump priority of OpenStack routes if IPv6 and default gateway
• siderolabs/talos@bd41fee8c fix: add endpoints for "virtual" host-dns service
• siderolabs/talos@2db54c779 fix: return proper value from Bridge.STP instead of plain nil

Changes from siderolabs/pkgs

• siderolabs/pkgs@76bd73c feat: update Linux to 6.6.29
• siderolabs/pkgs@6d1f537 feat: update containerd to 1.7.16
• siderolabs/pkgs@bedd1de feat(intel): add support for power management and ACPI options for Intel CPUs

Dependency Changes

• github.com/containerd/containerd v1.7.14 -> v1.7.16
• github.com/siderolabs/pkgs v1.7.0-6-g29106c0 -> v1.7.0-9-g76bd73c
• github.com/siderolabs/talos/pkg/machinery v1.7.0 -> v1.7.1

Previous release can be found at v1.7.0

Images

ghcr.io/siderolabs/flannel:v0.25.1
ghcr.io/siderolabs/install-cni:v1.7.0-1-gbb76755
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.13
registry.k8s.io/kube-apiserver:v1.30.0
registry.k8s.io/kube-controller-manager:v1.30.0
registry.k8s.io/kube-scheduler:v1.30.0
registry.k8s.io/kube-proxy:v1.30.0
ghcr.io/siderolabs/kubelet:v1.30.0
ghcr.io/siderolabs/installer:v1.7.1
registry.k8s.io/pause:3.8

Talos 1.7.0 (2024-04-19)

Welcome to the v1.7.0 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Documentation on What's New in Talos 1.7.0

CA Rotation

Talos Linux now supports rotating the root CA certificate and key for Talos API and Kubernetes API.

Device Selectors

Talos Linux now supports physical: true qualifier for device selectors, it selects non-virtual network interfaces (i.e. en0 is selected, while bond0 is not).

DNS Caching

Talos Linux now provides a caching DNS resolver for host workloads (including host networking pods). It can be disabled with:

machine:
  features:
    hostDNS:
      enabled: false

You can also enable dns caching for k8s pods with:

machine:
  features:
    hostDNS:
      enabled: true
      forwardKubeDNSToHost: true

Please note that on running cluster you will have to kill CoreDNS pods for this change to apply.

If you want to can also enable the resolving of member addresses through their host and node names:

machine:
  features:
    hostDNS:
      enabled: true
      resolveMemberNames: true

Extension Services Config

Talos now supports supplying configuration files and environment variables for extension services.
The extension service configuration is a separate config document. An example is shown below:

---
apiVersion: v1alpha1
kind: ExtensionServiceConfig
name: nut-client
configFiles:
  - content: MONITOR ${upsmonHost} 1 remote pass password
    mountPath: /usr/local/etc/nut/upsmon.conf
environment:
  - UPS_NAME=ups

For documentation, see Extension Services Config Files.

Note: The use of environmentFile in extension service spec is now deprecated and will be removed in a future release of Talos.
Use ExtensionServiceConfig instead.

IPTables

Talos Linux now forces kubelet and kube-proxy to use iptables-nft instead of iptables-legacy (xtables) which was the default
before Talos 1.7.0.

Container images based on iptables-wrapper should work without changes, but if there was a direct call to legacy mode of iptables, make sure
to update to use iptables-nft.

Kubernetes Upgrade

The command talosctl upgrade-k8s now supports specifying custom image references for Kubernetes components via --*-image flags.
The default behavior is unchanged, and the flags are optional.

KubeSpan

Talos Linux disables by default a KubeSpan feature to harvest additional endpoints from KubeSpan members.
This feature turned out to be less helpful than expected and caused unnecessary performance issues.

Previous behavior can be restored with:

machine:
  network:
    kubespan:
        harvestExtraEndpoints: true

Logging

Talos Linux now supports setting extra tags when sending logs in JSON format:

machine:
  logging:
    destinations:
      - endpoint: "udp://127.0.0.1:12345/"
        format: "json_lines"
        extraTags:
          server: s03-rack07

Time Sync

Default NTP server was updated to be time.cloudflare.com instead of pool.ntp.org.
Default server is only used if the user does not specify any NTP servers in the configuration.

Talos Linux can now sync to PTP devices (e.g. provided by the hypervisor) skipping the network time servers.
In order to activate PTP sync, set machine.time.servers to the PTP device name (e.g. /dev/ptp0):

machine:
  time:
    servers:
      - /dev/ptp0

OpenNebula

Talos Linux now supports OpenNebula platform.

Platforms

Talos Linux now supports Akamai Connected Cloud provider (platform akamai).

Kubernetes API Server Service Account Key

Talos Linux starting from this release uses RSA key for Kubernetes API Server Service Account instead of ECDSA key to provide better compatibility with external OpenID Connect implementations.

SBC

Talos has split the SBC's (Single Board Computers) into separate repositories.
There will not be any more SBC specific release assets as part of Talos release.

The default Talos Installer image will stop working for SBC's and will fail the upgrade, if used, starting from Talos v1.7.0.

The SBC's images and installers can be generated on the fly using Image Factory or using Imager for custom images.
The list of official SBC's images supported by Image Factory can be found in the Overlays repository.

Secure Boot Image

Talos Linux now provides a way to configure systemd-boot ISO 'secure-boot-enroll' option while generating a SecureBoot ISO image:

output:
    kind: iso
    isoOptions:
        sdBootEnrollKeys: force # default is still if-safe
    outFormat: raw

Syslog

Talos Linux now starts a basic syslog receiver listening on /dev/log.
The receiver can mostly parse both RFC3164 and RFC5424 messages and writes them as JSON formatted message.
The logs can be viewed via talosctl logs syslogd.

This is mostly implemented for extension services that log to syslog.

Component Updates

Linux: 6.6.28
etcd: 3.5.11
Kubernetes: 1.30.0
containerd: 1.7.15
runc: 1.1.12
Flannel: 0.25.1

Talos is built with Go 1.22.2.

Hardware Watchdog Timers

Talos Linux now supports hardware watchdog timers configuration.
If enabled, and the machine becomes unresponsive, the hardware watchdog will reset the machine.

The watchdog can be enabled with the following configuration document:

apiVersion: v1alpha1
kind: WatchdogTimerConfig
device: /dev/watchdog0
timeout: 3m0s

Contributors

• Andrey Smirnov
• Noel Georgi
• Dmitriy Matrenichev
• Utku Ozdemir
• Andrey Smirnov
• Artem Chernyshev
• Dmitry Sharshakov
• Justin Garrison
• Radosław Piliszek
• Spencer Smith
• Anthony ARNAUD
• Steve Francis
• Anastasios Papagiannis
• Andrei Kvapil
• Andrian Zubovic
• AvnarJakob
• Cas de Reuver
• Christian Mohn
• Christian WALDBILLIG
• Dennis Marttinen
• Dmitry Sharshakov
• Drew Hess
• Evan Johnson
• ExtraClock
• Fabiano Fidêncio
• Henno Schooljan
• Hervé Werner
• JJGadgets
• Jacob McSwain
• Jean-Tiare Le Bigot
• Jonomir
• Kai Hanssen
• Konrad Eriksson
• Louis SCHNEIDER
• Matthieu S
• Michael Stephenson
• Nico Berlee
• Niklas Wik
• Pip Oomen
• Saiyam Pathak
• Sebastiaan Gerritsen
• Sebastian Gaiser
• Serge Logvinov
• Tim Jones
• bri
• ebcrypto
• edwinavalos
• fazledyn-or
• goodmost
• james-dreebot
• pardomue
• shurkys
• stereobutter

Changes

• siderolabs/talos@70fb41fff release(v1.7.0): prepare release
• siderolabs/talos@27e8455d7 chore: update extension filter for xen-guest-agent
• siderolabs/talos@3a2612df5 feat: update Linux to 6.6.28
• siderolabs/talos@d9760fc9b docs: add what's new for v1.7
• siderolabs/talos@83ad8d65c feat: add host dns support for resolving member addrs
• siderolabs/talos@24141f078 feat: update Kubernetes to 1.30.0
• siderolabs/talos@865239188 chore: update go-blockdevice/v2 library to the latest version
• siderolabs/talos@b72f0d7f9 fix: overlay installer operations
• siderolabs/talos@81cd2b16e fix: mark overlay installer executable
• siderolabs/talos@a690e30ef feat: update Flannel to v0.25.1
• siderolabs/talos@fa5c7ee70 fix: close apid inter-backend connections gracefully for real
• siderolabs/talos@d821322c7 feat: use container DNS when in container mode
• siderolabs/talos@77581447c release(v1.7.0-beta.1): prepare release
• siderolabs/talos@1c0a91728 chore: disable max of one commit
• siderolabs/talos@50d475b41 feat: update Kubernetes to v1.30.0-rc.2
• siderolabs/talos@a5b4a8a91 feat: update Linux 6.6.24, containerd 1.7.15
• siderolabs/talos@eea41cdae fix: assign different priority to IPv6 default gateway on OpenStack
• siderolabs/talos@d5932a390 chore: optimize DNSResolveCacheController
• siderolabs/talos@eca03b03c fix: don't modify a global map of profiles
• siderolabs/talos@4da63d1dd test: add a test for 'spin' container runtime
• siderolabs/talos@fb84efce3 feat: provide Kubernets/Talos version compatibility for 1.8
• siderolabs/talos@7d24ddd73 fix: generate secureboot ISO .der certificate correctly
• siderolabs/talos@028a5b4b1 fix: reconnect to the logs stream in dashboard after reboot
• siderolabs/talos@5019c9fa7 fix: present all accepted CAs to the kube-apiserver
• siderolabs/talos@09ef5b3c9 fix: validate that workers don't get cluster CA key
• siderolabs/talos@4f7cb9c3a fix: make static pods check output consistent
• siderolabs/talos@dd7d8d3aa fix: close the apid connection to other machines gracefully
• siderolabs/talos@41a54e8a0 fix: pre-create nftables chain to make kubelet use nftables
• siderolabs/talos@abf302fb5 docs: change localDNS to hostDNS in release notes yaml section
• siderolabs/talos@78f971370 release(v1.7.0-beta.0): prepare release
• siderolabs/talos@01d8b897c fix: make safeReset truly safe to call multiple times
• siderolabs/talos@653f838b0 feat: support multiple Docker cluster in talosctl cluster create
• siderolabs/talos@951904554 chore: bump dependencies (go 1.22.2)
• siderolabs/talos@862c76001 feat: add support for CoreDNS forwarding to host DNS
• siderolabs/talos@e8ae5ef63 feat: add akamai platform support
• siderolabs/talos@5c0f74b37 fix: don't announce the VIP on acquire failure
• siderolabs/talos@2f0fe10d5 chore: update sbc docs
• siderolabs/talos@1b17008e9 fix: handle more OpenStack link types
• siderolabs/talos@e7d804140 fix: always update firewall rules (kubespan)
• siderolabs/talos@78b9bd927 fix: report unsupported x86_64 microarchitecture level
• siderolabs/talos@71d90ba5f fix: retry in the fixed amount of time if grpc relay failed
• siderolabs/talos@d320498a4 chore: bump dependencies
• siderolabs/talos@3195e5d15 fix: force Flannel CNI to use KubePrism Kubernetes API endpoint
• siderolabs/talos@917043fb5 chore: bump tools, pkgs and extra to stable
• siderolabs/talos@f515741b5 chore: add equinix e2e-tests
• siderolabs/talos@117e60583 feat: add support for static extra fields for JSON logs
• siderolabs/talos@090143b03 fix: allow platform cmdline args to be platform-specific
• siderolabs/talos@7a68504b6 feat: support rotating Kubernetes CA
• siderolabs/talos@fac3dd043 fix: don't set default endpoints on gen config
• siderolabs/talos@8dc4910c4 chore: enable "WG over GRPC" testing in siderolink agent tests
• siderolabs/talos@bac366e43 chore: add ExtraInfo field for extensions
• siderolabs/talos@0fc24eeb0 feat: provide insecure flag to imager
• siderolabs/talos@a6b2f5456 feat: update Kubernetes to 1.30.0-rc.0, etcd to 3.5.13
• siderolabs/talos@0361ff895 docs: quickstart video and brew install
• siderolabs/talos@b752a8618 chore: talosctl: add openSUSE OVMF paths
• siderolabs/talos@945648914 feat: support hardware watchdog timers
• siderolabs/talos@949ad11a2 chore: import siderolink as siderolink-launch subcommand
• siderolabs/talos@ee51f04af chore: azure e2e
• siderolabs/talos@55dd41c0d chore: update coredns to v1.11.2 in required section
• siderolabs/talos@8eacc4ba8 feat: support rotation of Talos API CA
• siderolabs/talos@92808e3bc feat: report Docker node resources in cluster show
• siderolabs/talos@84ec8c16f feat: support syncing to PTP clocks
• siderolabs/talos@7d43c9aa6 chore: annotate installer errors
• siderolabs/talos@f737e6495 fix: populate routes to BGP neighbors (Equinix Metal)
• siderolabs/talos@19f15a840 chore: bump golangci-lint to 1.57.0
• siderolabs/talos@684011963 docs: add docs for overlays
• siderolabs/talos@9b6ec5929 chore: bump kernel
• siderolabs/talos@69f0466cd docs: remove repetitive words
• siderolabs/talos@113fb646e chore: use go-talos-support library
• siderolabs/talos@89fc68b45 fix: service lifecycle issues
• siderolabs/talos@ead37abf0 test: disable volume tests
• siderolabs/talos@c64523a7a feat: update Flannel to v0.24.4
• siderolabs/talos@15beb1478 feat: implement blockdevice watch controller
• siderolabs/talos@06e3bc0cb feat: implement Siderolink wireguard over GRPC
• siderolabs/talos@9afa70baf fix: patch correctly config in talosctl upgrade-k8s
• siderolabs/talos@3130caf95 chore: re-enable DRBD extension
• siderolabs/talos@3ba180d07 release(v1.7.0-alpha.1): prepare release
• siderolabs/talos@403ad93c3 feat: update dependencies
• siderolabs/talos@7376f34e8 fix: remove maintenance config when maintenance service is shut down
• siderolabs/talos@952801d8b fix: handle overlay partition options
• siderolabs/talos@465b9a4e6 fix: update discovery client with the fix for keepalive interval
• siderolabs/talos@1e9f866ac feat: update Kubernetes to v1.30.0-beta.0
• siderolabs/talos@d118a852b feat: implement Install for imager overlays
• siderolabs/talos@cd5a5a447 chore: migrate to go-grpc-middleware/v2
• siderolabs/talos@e3c2a6398 feat: set default NTP server to time.cloudflare.com
• siderolabs/talos@32e087760 chore: print all available logs containers in logs command completions
• siderolabs/talos@e89d755c5 fix: etcd config validation for worker
• siderolabs/talos@1aa3c9182 docs: add DreeBot to ADOPTERS.md
• siderolabs/talos@1bb6027cc fix: fix nil panic on maintenance upgrade with partial config
• siderolabs/talos@aa70bfb9d docs: add Redpill Linpro to adopters list
• siderolabs/talos@f02aeec92 fix: do not fail cluster create when input dir does not contain talosconfig
• siderolabs/talos@1ec6683e0 chore: use go-copy
• siderolabs/talos@3c8f51d70 chore: move cli formatters and version modules to machinery
• siderolabs/talos@8152a6dd6 feat: update Go to 1.22.1
• siderolabs/talos@8c7953991 docs: update replicated-local-storage-with-openebs-jiva.md
• siderolabs/talos@f23bd8144 fix: syslog parser
• siderolabs/talos@bbed07e03 feat: update Linux to 6.6.18
• siderolabs/talos@8125e754b feat: imager overlay
• siderolabs/talos@0b9b4da12 feat: update Kubernetes to 1.30.0-alpha.3
• siderolabs/talos@3a764029e docs: fix typo in word governor
• siderolabs/talos@d81d49000 chore: update CoreDNS renovate source
• siderolabs/talos@b2ad5dc5f fix: workaround a race in CNI setup (talosctl cluster create)
• siderolabs/talos@457507803 fix: provide auth when pulling images in the imager
• siderolabs/talos@e707175ab docs: update config patch in cilium docs
• siderolabs/talos@f8c556a1c chore: listen for dns requests on 127.0.0.53
• siderolabs/talos@8872a7a21 fix: ignore 'no such device' in addition to 'no such file'
• siderolabs/talos@1cb544353 chore: uki der certs in iso
• siderolabs/talos@67ac6933d fix: handle errors to watch apid/trustd certs
• siderolabs/talos@c79d69c2e fix: only set gateway if set in context (opennebula)
• siderolabs/talos@4575dd8e7 chore: allow not preallocated disks for QEMU cluster
• siderolabs/talos@0bddfea81 chore: add oceanbox.io to adopters
• siderolabs/talos@136427592 chore: use proper talos_version_contract for TF tests
• siderolabs/talos@6bf50fdc1 chore: disable x/net/trace in gRPC to enable dead code elimination
• siderolabs/talos@815a8e9cc feat: add partial config support to talosctl cluster create
• siderolabs/talos@64e9703f8 chore: add tests for the Kata Containers extension
• siderolabs/talos@9b6291925 feat: update pkgs
• siderolabs/talos@66f3ffdd4 fix: ensure that Talos runs in a pod (container)
• siderolabs/talos@9dbc33972 feat: add basic syslog implementation
• siderolabs/talos@0b7a27e6a feat: allow access to all resources over siderolink in maintenance mode
• siderolabs/talos@53721883d feat: support AWS KMS for the SecureBoot signing
• siderolabs/talos@7ee999f8a fix: disable KubeSpan endpoint harvesting by default
• siderolabs/talos@7b87c7fe9 chore: bump Go dependencies
• siderolabs/talos@8e9596d3c docs: rpi talosctl install update
• siderolabs/talos@493bb60f8 fix: correctly handle partial configs in DNSUpstreamController
• siderolabs/talos@6deb10ae2 chore: deprecate environmentFile for extensions
• siderolabs/talos@f8b4ee82a chore: update extensions test
• siderolabs/talos@1366ce14a feat: update Kubernetes to v1.30.0-alpha.2
• siderolabs/talos@559308ef7 fix: use MachineStatus resource to check for boot done
• siderolabs/talos@15e8bca2b feat: support environment in ExtensionServicesConfig
• siderolabs/talos@3fe82ec46 feat: custom image settings for k8s upgrade
• siderolabs/talos@fa3b93370 chore: replace fmt.Errorf with errors.New where possible
• siderolabs/talos@d4521ee9c feat: update kernel with sfc driver and LSM updates
• siderolabs/talos@2f0421b40 fix: run xfs_repair on invalid argument error
• siderolabs/talos@f868fb8e8 docs: update vmware tools url
• siderolabs/talos@fa2d34dd8 chore: enable v6 support on the same port
• siderolabs/talos@83e0b0c19 chore: adjust dns sockets settings
• siderolabs/talos@a1ec1705b chore: update Go to 1.22.0
• siderolabs/talos@76b50fcd4 chore: add Ænix to the Adopters list
• siderolabs/talos@5324d3916 chore: bump stuff
• siderolabs/talos@087b50f42 feat: support systemd-boot ISO enroll keys option
• siderolabs/talos@afa71d6b0 chore: use "handle-like" resource in DNSResolveCacheController
• siderolabs/talos@013e13070 fix: error with decoding config document with wrong apiVersion
• siderolabs/talos@1e77bb1c3 chore: allow custom pkgs to build talos
• siderolabs/talos@3f8a85f1b fix: unlock the upgrade mutex properly
• siderolabs/talos@61c3331b1 docs: update indentation in vip.md
• siderolabs/talos@383e528df chore: allow uuid-based hostnames in talosctl cluster create
• siderolabs/talos@1e6c8c4de feat: extensions services config
• siderolabs/talos@989ca3ade feat: add OpenNebula platform support
• siderolabs/talos@914f88778 docs: update nocloud.md Proxmox information
• siderolabs/talos@a04cc8015 fix: pass TTL when generating client certificate
• siderolabs/talos@3fe8c12ca fix: add log line about controller runtime failing
• siderolabs/talos@ddbabc7e5 fix: use a separate cgroup for each extension service
• siderolabs/talos@6ccdd2c09 chore: fix markdown-lint call
• siderolabs/talos@4184e617a chore: add test for wasmedge runtime extension
• siderolabs/talos@95ea3a6c6 chore: bump timeout in acquire tests
• siderolabs/talos@c19a505d8 chore: bump docker dind image
• siderolabs/talos@d7d4154d5 chore: remove channel blocking in qemu launch
• siderolabs/talos@029d7f7b9 release(v1.7.0-alpha.0): prepare release
• siderolabs/talos@2ff81c06b feat: update runc 1.1.12, containerd 1.7.13
• siderolabs/talos@9d8cd4d05 chore: drop deprecated method EtcdRemoveMember
• siderolabs/talos@17567f19b fix: take into account the moment seen when cleaning up CRI images
• siderolabs/talos@aa03204b8 docs: document the process of building custom kernel packages
• siderolabs/talos@7af48bd55 feat: use RSA key for kube-apiserver service account key
• siderolabs/talos@a5e13c696 fix: retry blockdevice open in the installer
• siderolabs/talos@593afeea3 fix: run the interactive installer loop to report errors
• siderolabs/talos@87be76b87 fix: be more tolerant to error handling in Mounts API
• siderolabs/talos@03add7503 docs: add section on using imager with extensions from tarball
• siderolabs/talos@ee0fb5eff docs: consolidate certificate management articles
• siderolabs/talos@9c14dea20 chore: bump coredns
• siderolabs/talos@ebeef2852 feat: implement local caching dns server
• siderolabs/talos@4a3691a27 docs: fix broken links in metal-network-configuration.md
• siderolabs/talos@c4ed189a6 docs: provide sane defaults for each release series in vmware script
• siderolabs/talos@8138d54c6 docs: clarify node taints/labels for worker nodes
• siderolabs/talos@b44551ccd feat: update Linux to 6.6.13
• siderolabs/talos@385707c5f docs: update vmware.sh
• siderolabs/talos@d1a79b845 docs: fix small typo in etcd maintenance guide
• siderolabs/talos@cf0603330 docs: copy generated JSON schema to host
• siderolabs/talos@f11139c22 docs: document local path provisioner install
• siderolabs/talos@e0dfbb8fb fix: allow META encoded values to be compressed
• siderolabs/talos@d677901b6 feat: implement device selector for 'physical'
• siderolabs/talos@7d1117289 docs: add missing talosconfig flag
• siderolabs/talos@8a1732bcb fix: pull in mptspi driver
• siderolabs/talos@c1e45071f refactor: use etcd configuration from the EtcdSpec resource
• siderolabs/talos@4e9b688d3 fix: use correct TTL for talosconfig in talosctl config new
• siderolabs/talos@fb5ad0555 feat: update Kubernetes default to 1.29.1
• siderolabs/talos@fe24139f3 docs: fork docs for v1.7
• siderolabs/talos@1c2d10ccc chore: bump dependencies
• siderolabs/talos@a599e3867 chore: allow custom registry to build installer/imager
• siderolabs/talos@3911ddf7b docs: add how-to for cert management
• siderolabs/talos@b0ee0bfba fix: strategic patch merging for audit policy
• siderolabs/talos@474eccdc4 fix: watch bufer overrun for RouteStatus
• siderolabs/talos@cc06b5d7a fix: fix .der output in talosctl gen secureboot
• siderolabs/talos@1dbb4abf4 fix: update discovery service client to v0.1.6
• siderolabs/talos@9782319c3 fix: support KubePrism settings in Kubernetes Discovery
• siderolabs/talos@6c5a0c281 feat: generate a single JSON schema for multidoc config
• siderolabs/talos@f70b47ddd fix: force KubePrism to connect using IPv4
• siderolabs/talos@d5321e085 fix: update kmsg with utf-8 fix
• siderolabs/talos@7fa7362dd fix: fix nodes on dashboard footer when node names are used in --nodes
• siderolabs/talos@ba88678f1 fix: merge ports and ingress configs correctly in NetworkRuleConfig
• siderolabs/talos@dea9bda2d fix: disk UUID & WWID always empty in talosctl disks
• siderolabs/talos@8dc112f36 chore: pull in NBD modules
• siderolabs/talos@f6926faab fix: default priority for ipv6
• siderolabs/talos@e8758dcba chore: support http downloads for assets in talosctl cluster create
• siderolabs/talos@265f21be0 fix: replace the filemap implementation to not buffer in memory
• siderolabs/talos@8db3c5b3c fix: pick correctly base installer image layers
• siderolabs/talos@0a30ef784 fix: imager should support different Talos versions
• siderolabs/talos@d6342cda5 docs: update latest version to v1.6.1
• siderolabs/talos@e6e422b92 chore: bump dependencies
• siderolabs/talos@5a19d078a fix: properly overwrite files on install
• siderolabs/talos@9eb6cea78 docs: secureboot sd-boot menu clarification
• siderolabs/talos@01f0cbe61 feat: support iPXE direct booting in talosctl cluster create
• siderolabs/talos@3ba84701d feat: pull in kernel modules for mlx Infiniband and VFIO
• siderolabs/talos@ba993e0ed docs: announce that SecureBoot is available
• siderolabs/talos@241bc9312 fix: update the way secureboot signer fetches certificate (azure)
• siderolabs/talos@59b62398f chore: modernize machined/pkg/controllers/k8s
• siderolabs/talos@760f793d5 fix: use correct prefix when installing SBC files
• siderolabs/talos@0b94550c4 chore: fix the gvisor test
• siderolabs/talos@3a787c1d6 docs: update 1.6 docs with Noel's feedback
• siderolabs/talos@d803e40ef docs: provide documentation for Talos 1.6
• siderolabs/talos@9a185a30f feat: update Kubernetes to v1.29.0
• siderolabs/talos@5934815d2 chore: split more kernel modules on amd64
• siderolabs/talos@10c59a6b9 fix: leave discovery service later in the reset sequence
• siderolabs/talos@0c86ca1cc chore: enable kubespan+firewall for cilium tests
• siderolabs/talos@98fd722d5 feat: provide compatibility for future Talos 1.7
• siderolabs/talos@131a1b167 fix: add a KubeSpan option to disable extra endpoint harvesting
• siderolabs/talos@4547ad9af feat: send actor id to the SideroLink events sink
• siderolabs/talos@04e774547 docs: cap max heading level
• siderolabs/talos@6bb1e99aa chore: optimize pcap dump
• siderolabs/talos@4f9d3b975 feat: update Kubernetes to v1.29.0-rc.2
• siderolabs/talos@46121c9fe docs: rework machine config documentation generation
• siderolabs/talos@e128d3c82 fix: talosctl cluster create not to enforce kubeprism always
• siderolabs/talos@320064c5a feat: update Go 1.21.5, Linux 6.1.65, etcd 3.5.11
• siderolabs/talos@270604bea fix: support user disks via symlinks
• siderolabs/talos@4f195dd27 chore: fix the release.toml
• siderolabs/talos@474fa0480 fix: store and execute desired action on emergency action
• siderolabs/talos@515ae2a18 docs: extend hetzner-cloud docs for arm64
• siderolabs/talos@eecc4dbd5 fix: trim leading spaces\newlines in inline manifest contents
• siderolabs/talos@dbf274ddf fix: skip writing the file if the contents haven't changed
• siderolabs/talos@6329222bd fix: do not panic in merge.Merge if map value is nil

Changes since v1.7.0-beta.1

• siderolabs/talos@70fb41fff release(v1.7.0): prepare release
• siderolabs/talos@27e8455d7 chore: update extension filter for xen-guest-agent
• siderolabs/talos@3a2612df5 feat: update Linux to 6.6.28
• siderolabs/talos@d9760fc9b docs: add what's new for v1.7
• siderolabs/talos@83ad8d65c feat: add host dns support for resolving member addrs
• siderolabs/talos@24141f078 feat: update Kubernetes to 1.30.0
• siderolabs/talos@865239188 chore: update go-blockdevice/v2 library to the latest version
• siderolabs/talos@b72f0d7f9 fix: overlay installer operations
• siderolabs/talos@81cd2b16e fix: mark overlay installer executable
• siderolabs/talos@a690e30ef feat: update Flannel to v0.25.1
• siderolabs/talos@fa5c7ee70 fix: close apid inter-backend connections gracefully for real
• siderolabs/talos@d821322c7 feat: use container DNS when in container mode

Changes from siderolabs/crypto

• siderolabs/crypto@c240482 feat: provide dynamic client CA matching
• siderolabs/crypto@2f4f911 feat: add PEMEncodedCertificate wrapper
• siderolabs/crypto@1c94bb3 chore: bump dependencies

Changes from siderolabs/discovery-api

• siderolabs/discovery-api@e1dc7bb chore: rekres, update dependencies

Changes from siderolabs/discovery-client

• siderolabs/discovery-client@f4095a1 chore: bump discovery API to v0.1.4
• siderolabs/discovery-client@fbb1cea fix: keepalive interval calculation
• siderolabs/discovery-client@ff8f4be fix: enable gRPC keepalives

Changes from siderolabs/extras

• siderolabs/extras@bb76755 feat: update Go to 1.22.2
• siderolabs/extras@de984c5 chore: bump pkgs to stable
• siderolabs/extras@47bb718 chore: update base pkgs
• siderolabs/extras@60793cd feat: update Go to 1.22.1
• siderolabs/extras@c4934e1 feat: update Go to 1.22
• siderolabs/extras@8909d6f chore: update Go to 1.21.5

Changes from siderolabs/gen

• siderolabs/gen@238baf9 chore: add typesafe SyncMap and bump stuff

Changes from siderolabs/go-api-signature

• siderolabs/go-api-signature@cf2bd06 chore: bump dependencies
• siderolabs/go-api-signature@370cebf fix: always print the login URL on key renew flow
• siderolabs/go-api-signature@d28609a feat: move in the cli grpc interceptor logic, support service account in env
• siderolabs/go-api-signature@4602acc chore: add a dummy workflow
• siderolabs/go-api-signature@cfd21b6 fix: support validating signatures generated with the time in the future
• siderolabs/go-api-signature@74dd3dc chore: bump deps
• siderolabs/go-api-signature@d78bedb chore: bump deps
• siderolabs/go-api-signature@a034e9f feat: replace scopes with roles
• siderolabs/go-api-signature@5b4f3bb chore: run rekres
• siderolabs/go-api-signature@9dba116 chore: remove time.Sleep hack
• siderolabs/go-api-signature@e84e686 chore: bump dependencies
• siderolabs/go-api-signature@8baaf8a chore: bump deps
• siderolabs/go-api-signature@5f27e1e chore: add renovate bot and bump deps
• siderolabs/go-api-signature@69886dc feat: allow custom validations on PGP key
• siderolabs/go-api-signature@63d4da3 fix: limit clock skew for short-lived keys
• siderolabs/go-api-signature@cdb9722 feat: add support for +-5 min clock skew
• siderolabs/go-api-signature@7b80a50 refactor: use options pattern in RegisterPGPPublicKey
• siderolabs/go-api-signature@c647861 feat: add scopes to RegisterPublicKeyRequest
• siderolabs/go-api-signature@5d3647e feat: provide more client PGP functions
• siderolabs/go-api-signature@2b682ec feat: initial version
• siderolabs/go-api-signature@a4c2943 chore: initial commit

Changes from siderolabs/go-copy

• siderolabs/go-copy@aa4ade4 chore: add initial code
• siderolabs/go-copy@52a6d48 chore: go-copy repo

Changes from siderolabs/go-debug

• siderolabs/go-debug@0c2be80 chore: run rekres (update to Go 1.22)

Changes from siderolabs/go-kmsg

• siderolabs/go-kmsg@e358d13 fix: decode escape sequences while reading from kmsg
• siderolabs/go-kmsg@4297bd5 feat: add BSD support

Changes from siderolabs/go-kubernetes

• siderolabs/go-kubernetes@ddd4c69 feat: add support for Kubernetes 1.30

Changes from siderolabs/go-loadbalancer

• siderolabs/go-loadbalancer@aab4671 chore: rekres, update dependencies

Changes from siderolabs/go-talos-support

• siderolabs/go-talos-support@20a1135 feat: add modules for getting Talos support bundle (#1)
• siderolabs/go-talos-support@afa24c4 feat: initial commit

Changes from siderolabs/pkgs

• siderolabs/pkgs@29106c0 feat: update Linux to 6.6.28
• siderolabs/pkgs@b7f1920 feat: update Linux 6.6.26, containerd 1.7.15
• siderolabs/pkgs@8dc249d feat: enable BFQ IO scheduler
• siderolabs/pkgs@3b6e2a8 chore: disable max of one commit
• siderolabs/pkgs@6101299 feat: go 1.22.2, Linux 6.6.24
• siderolabs/pkgs@d57b0ad fix: revert musl to 1.2.4
• siderolabs/pkgs@dd71e02 fix: xz vulnerability
• siderolabs/pkgs@22c8dd4 chore: bump deps
• siderolabs/pkgs@aefe000 feat: configure kernel to include AppArmor LSM
• siderolabs/pkgs@5ce8467 chore: drop efi runtime services test framework
• siderolabs/pkgs@5861223 fix: kernel boot on arm64 metal
• siderolabs/pkgs@6364d99 chore: kconfig cleanup
• siderolabs/pkgs@b65c085 feat: enable CONFIG_TLS as a module
• siderolabs/pkgs@bb981f8 feat: update GRUB to 2.12
• siderolabs/pkgs@6f35841 chore: drop all sbc stuff from pkgs
• siderolabs/pkgs@f4335dc fix: kernel hardening check script
• siderolabs/pkgs@b61df1c feat: enable CONFIG_WATCHDOG_SYSFS
• siderolabs/pkgs@4a9a027 feat: re-enable DRBD
• siderolabs/pkgs@c42c163 chore: remove unused vars
• siderolabs/pkgs@8804a60 chore: update dependencies
• siderolabs/pkgs@a587b42 feat: enable most common amd64 watchdog drivers
• siderolabs/pkgs@3aacf03 feat: update releases
• siderolabs/pkgs@e5c0c79 feat: build NVMe target module
• siderolabs/pkgs@cb39126 chore: re-enable zfs pkg
• siderolabs/pkgs@d9c1540 feat: update releases
• siderolabs/pkgs@1904994 feat: enable VRF module
• siderolabs/pkgs@87eb013 feat: disable PCI busmastering on bridges during boot
• siderolabs/pkgs@30f18c8 chore: remove symlinks and broken binaries
• siderolabs/pkgs@7811e5e chore: set PREEMPT_NONE as recommended for servers
• siderolabs/pkgs@65006ed fix: enable KFD support in kernel
• siderolabs/pkgs@510a3f9 feat: add support for Solarflare SFC9100 and SFC9200 family
• siderolabs/pkgs@4340508 feat: enable CONFIG_SECURITY_PATH and CONFIG_BPF_LSM
• siderolabs/pkgs@0ec4cc3 feat: update Go to 1.22
• siderolabs/pkgs@36c08ae feat: enable PSI (pressure stall information)
• siderolabs/pkgs@0853224 feat: update Linux to 6.6.16
• siderolabs/pkgs@96cc841 chore: bump deps
• siderolabs/pkgs@064fd58 feat: update Linux to 6.6.14, enable XDP
• siderolabs/pkgs@efbbd23 feat: update Linux to 6.6.13
• siderolabs/pkgs@dfb5026 chore: switch to git ref for raspberrypi firmware
• siderolabs/pkgs@4af2d0f feat: update Linux to 6.1.74
• siderolabs/pkgs@2358efe fix: enable FUSION_SPI driver
• siderolabs/pkgs@f376a53 chore: bump dependencies
• siderolabs/pkgs@583e519 feat: add v4l usb video class (webcam) drivers
• siderolabs/pkgs@2d3ca68 feat: enable NBD
• siderolabs/pkgs@f647edd feat: update Linux to 6.1.69
• siderolabs/pkgs@6af1691 feat: enable VFIO also on amd64
• siderolabs/pkgs@d633cd6 feat: enable modules for mlx infiniband
• siderolabs/pkgs@4c59641 fix: zfs module build
• siderolabs/pkgs@e325097 feat: enable nct6683 sensors as module
• siderolabs/pkgs@d6185ec feat: enable IRQ remapping on amd64
• siderolabs/pkgs@814dc60 feat: update containerd to 1.7.11
• siderolabs/pkgs@dd71790 chore: rekres to fix 'failed' build on main
• siderolabs/pkgs@a36dec4 feat: split more device drivers into modules
• siderolabs/pkgs@97270a2 feat: update Linux to 6.1.67
• siderolabs/pkgs@8a73907 feat: update Go to 1.21.5
• siderolabs/pkgs@8f0ffb9 feat: update zfs to v2.2.2

Changes from siderolabs/siderolink

• siderolabs/siderolink@5422b1c chore: quick fixes
• siderolabs/siderolink@9300968 feat: move actual logic into the agent package
• siderolabs/siderolink@8866351 chore: implement WireGuard over GRPC
• siderolabs/siderolink@7909156 chore: bump deps
• siderolabs/siderolink@eb221dd chore: bump deps

Changes from siderolabs/tools

• siderolabs/tools@10b2a69 feat: update go to 1.22.2
• siderolabs/tools@71eba29 fix: xz vulnerability
• siderolabs/tools@7e1b2d8 chore: update toolchain
• siderolabs/tools@901b4fc chore: bump deps
• siderolabs/tools@dfee984 chore: bump systemd
• siderolabs/tools@cb5fd56 chore: update xz to 5.6.1
• siderolabs/tools@14bf457 fix: use musl 1.2.4 in tools, revert kmod back to 32
• siderolabs/tools@6c1f73d fix: revert kmod to version 31
• siderolabs/tools@59fd552 feat: update releases
• siderolabs/tools@eff5d16 feat: update Go to 1.22.1
• siderolabs/tools@b6b4d9e feat: update Go to 1.22
• siderolabs/tools@f4b41d1 fix: rust toolchain
• siderolabs/tools@8cc79e6 feat: update dependencies
• siderolabs/tools@c7076eb chore: bump dependencies
• siderolabs/tools@a80a2aa feat: update Go to 1.21.6
• siderolabs/tools@b677a2b feat: add rust build stage
• siderolabs/tools@1659d82 feat: update Go to 1.21.5

Dependency Changes

• github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0 -> v1.11.1
• github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 -> v1.5.1
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.0.0 -> v1.1.0
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 -> v1.1.0
• github.com/alexflint/go-filemutex v1.3.0 new
• github.com/aws/aws-sdk-go-v2/config v1.25.6 -> v1.27.10
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.5 -> v1.16.1
• github.com/aws/aws-sdk-go-v2/service/kms v1.30.1 new
• github.com/aws/smithy-go v1.17.0 -> v1.20.2
• github.com/beevik/ntp v1.3.0 -> v1.3.1
• github.com/cenkalti/backoff/v4 v4.2.1 -> v4.3.0
• github.com/containerd/cgroups/v3 v3.0.2 -> v3.0.3
• github.com/containerd/containerd v1.7.9 -> v1.7.14
• github.com/containernetworking/plugins v1.3.0 -> v1.4.1
• github.com/coredns/coredns v1.11.2 new
• github.com/cosi-project/runtime v0.3.19 -> v0.4.1
• github.com/distribution/reference v0.5.0 -> v0.6.0
• github.com/docker/docker v24.0.7 -> v26.0.0
• github.com/docker/go-connections v0.4.0 -> v0.5.0
• github.com/foxboron/go-uefi 18b9ba9cd4c3 -> 48be911532c2
• github.com/gdamore/tcell/v2 v2.6.0 -> v2.7.4
• github.com/google/go-containerregistry v0.16.1 -> v0.19.1
• github.com/google/go-tpm v0.9.0 -> ee6cbcd136f8
• github.com/google/nftables v0.1.0 -> v0.2.0
• github.com/google/uuid v1.4.0 -> v1.6.0
• github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0 new
• github.com/hetznercloud/hcloud-go/v2 v2.4.0 -> v2.7.0
• github.com/insomniacslk/dhcp b0416c0f187a -> c728f5dd21c8
• github.com/jeromer/syslogparser v1.1.0 new
• github.com/jsimonetti/rtnetlink v1.4.0 -> v1.4.1
• github.com/klauspost/cpuid/v2 v2.2.7 new
• github.com/linode/go-metadata v0.2.0 new
• github.com/mdlayher/kobject 19ca17470d7d new
• github.com/miekg/dns v1.1.58 new
• github.com/opencontainers/image-spec v1.1.0-rc4 -> v1.1.0
• github.com/opencontainers/runtime-spec v1.1.0-rc.1 -> v1.2.0
• github.com/packethost/packngo v0.30.0 -> v0.31.0
• github.com/pmorjan/kmod v1.1.0 -> v1.1.1
• github.com/prometheus/procfs v0.12.0 -> v0.13.0
• github.com/rivo/tview 33a1d271f2b6 -> a22293bda944
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.21 -> v1.0.0-beta.25
• github.com/siderolabs/crypto v0.4.1 -> v0.4.4
• github.com/siderolabs/discovery-api v0.1.3 -> v0.1.4
• github.com/siderolabs/discovery-client v0.1.5 -> v0.1.8
• github.com/siderolabs/extras v1.6.0-1-g113887a -> v1.7.0-1-gbb76755
• github.com/siderolabs/gen v0.4.7 -> v0.4.8
• github.com/siderolabs/go-api-signature v0.3.2 new
• github.com/siderolabs/go-blockdevice/v2 3265299b0192 new
• github.com/siderolabs/go-copy v0.1.0 new
• github.com/siderolabs/go-debug v0.2.3 -> v0.3.0
• github.com/siderolabs/go-kmsg v0.1.3 -> v0.1.4
• github.com/siderolabs/go-kubernetes v0.2.8 -> v0.2.9
• github.com/siderolabs/go-loadbalancer v0.3.2 -> v0.3.3
• github.com/siderolabs/go-talos-support v0.1.0 new
• github.com/siderolabs/pkgs v1.6.0-5-g3ae2450 -> v1.7.0-6-g29106c0
• github.com/siderolabs/siderolink v0.3.4 -> v0.3.5
• github.com/siderolabs/talos/pkg/machinery v1.6.0 -> v1.7.0
• github.com/siderolabs/tools v1.6.0-1-g336d248 -> v1.7.0-1-g10b2a69
• github.com/stretchr/testify v1.8.4 -> v1.9.0
• github.com/u-root/u-root v0.11.0 -> v0.14.0
• github.com/ulikunitz/xz v0.5.11 -> v0.5.12
• go.etcd.io/etcd/api/v3 v3.5.11 -> v3.5.13
• go.etcd.io/etcd/client/pkg/v3 v3.5.11 -> v3.5.13
• go.etcd.io/etcd/client/v3 v3.5.11 -> v3.5.13
• go.etcd.io/etcd/etcdutl/v3 v3.5.11 -> v3.5.13
• go.uber.org/zap v1.26.0 -> v1.27.0
• go4.org/netipx 6213f710f925 -> fdeea329fbba
• golang.org/x/net v0.19.0 -> v0.23.0
• golang.org/x/oauth2 v0.15.0 -> v0.18.0
• golang.org/x/sync v0.5.0 -> v0.6.0
• golang.org/x/sys v0.15.0 -> v0.18.0
• golang.org/x/term v0.15.0 -> v0.18.0
• google.golang.org/grpc v1.59.0 -> v1.62.1
• google.golang.org/protobuf v1.31.0 -> v1.33.0
• k8s.io/api v0.29.0 -> v0.30.0
• k8s.io/apimachinery v0.29.0 -> v0.30.0
• k8s.io/apiserver v0.29.0 -> v0.30.0
• k8s.io/client-go v0.29.0 -> v0.30.0
• k8s.io/component-base v0.29.0 -> v0.30.0
• k8s.io/cri-api v0.29.0 -> v0.30.0
• k8s.io/klog/v2 v2.110.1 -> v2.120.1
• k8s.io/kube-scheduler v0.29.0 -> v0.30.0
• k8s.io/kubectl v0.29.0 -> v0.30.0
• k8s.io/kubelet v0.29.0 -> v0.30.0
• k8s.io/pod-security-admission v0.30.0 new

Previous release can be found at v1.6.0

Images

ghcr.io/siderolabs/flannel:v0.25.1
ghcr.io/siderolabs/install-cni:v1.7.0-1-gbb76755
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.13
registry.k8s.io/kube-apiserver:v1.30.0
registry.k8s.io/kube-controller-manager:v1.30.0
registry.k8s.io/kube-scheduler:v1.30.0
registry.k8s.io/kube-proxy:v1.30.0
ghcr.io/siderolabs/kubelet:v1.30.0
ghcr.io/siderolabs/installer:v1.7.0
registry.k8s.io/pause:3.8

Talos 1.7.0-beta.1 (2024-04-12)

Welcome to the v1.7.0-beta.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

CA Rotation

Talos Linux now supports rotating the root CA certificate and key for Talos API and Kubernetes API.

Device Selectors

Talos Linux now supports physical: true qualifier for device selectors, it selects non-virtual network interfaces (i.e. en0 is selected, while bond0 is not).

DNS Caching

Talos Linux now provides a caching DNS resolver for host workloads (including host networking pods). It can be disabled with:

machine:
  features:
    hostDNS:
      enabled: false

You can also enable dns caching for k8s pods with:

machine:
  features:
    hostDNS:
      enabled: true
      forwardKubeDNSToHost: true

Please note that on running cluster you will have to kill CoreDNS pods for this change to apply.

Extension Services Config

Talos now supports supplying configuration files and environment variables for extension services.
The extension service configuration is a separate config document. An example is shown below:

---
apiVersion: v1alpha1
kind: ExtensionServiceConfig
name: nut-client
configFiles:
  - content: MONITOR ${upsmonHost} 1 remote pass password
    mountPath: /usr/local/etc/nut/upsmon.conf
environment:
  - UPS_NAME=ups

For documentation, see Extension Services Config Files.

Note: The use of environmentFile in extension service spec is now deprecated and will be removed in a future release of Talos.
Use ExtensionServiceConfig instead.

IPTables

Talos Linux now forces kubelet and kube-proxy to use iptables-nft instead of iptables-legacy (xtables) which was the default
before Talos 1.7.0.

Container images based on iptables-wrapper should work without changes, but if there was a direct call to legacy mode of iptables, make sure
to update to use iptables-nft.

Kubernetes Upgrade

The command talosctl upgrade-k8s now supports specifying custom image references for Kubernetes components via --*-image flags.
The default behavior is unchanged, and the flags are optional.

KubeSpan

Talos Linux disables by default a KubeSpan feature to harvest additional endpoints from KubeSpan members.
This feature turned out to be less helpful than expected and caused unnecessary performance issues.

Previous behavior can be restored with:

machine:
  network:
    kubespan:
        harvestExtraEndpoints: true

Logging

Talos Linux now supports setting extra tags when sending logs in JSON format:

machine:
  logging:
    destinations:
      - endpoint: "udp://127.0.0.1:12345/"
        format: "json_lines"
        extraTags:
          server: s03-rack07

Time Sync

Default NTP server was updated to be time.cloudflare.com instead of pool.ntp.org.
Default server is only used if the user does not specify any NTP servers in the configuration.

Talos Linux can now sync to PTP devices (e.g. provided by the hypervisor) skipping the network time servers.
In order to activate PTP sync, set machine.time.servers to the PTP device name (e.g. /dev/ptp0):

machine:
  time:
    servers:
      - /dev/ptp0

OpenNebula

Talos Linux now supports OpenNebula platform.

Platforms

Talos Linux now supports Akamai Connected Cloud provider (platform akamai).

Kubernetes API Server Service Account Key

Talos Linux starting from this release uses RSA key for Kubernetes API Server Service Account instead of ECDSA key to provide better compatibility with external OpenID Connect implementations.

SBC

Talos has split the SBC's (Single Board Computers) into separate repositories.
There will not be any more SBC specific release assets as part of Talos release.

The default Talos Installer image will stop working for SBC's and will fail the upgrade, if used, starting from Talos v1.7.0.

The SBC's images and installers can be generated on the fly using Image Factory or using Imager for custom images.
The list of official SBC's images supported by Image Factory can be found in the Overlays repository.

Secure Boot Image

Talos Linux now provides a way to configure systemd-boot ISO 'secure-boot-enroll' option while generating a SecureBoot ISO image:

output:
    kind: iso
    isoOptions:
        sdBootEnrollKeys: force # default is still if-safe
    outFormat: raw

Syslog

Talos Linux now starts a basic syslog receiver listening on /dev/log.
The receiver can mostly parse both RFC3164 and RFC5424 messages and writes them as JSON formatted message.
The logs can be viewed via talosctl logs syslogd.

This is mostly implemented for extension services that log to syslog.

Component Updates

Linux: 6.6.26
etcd: 3.5.11
Kubernetes: 1.30.0-rc.2
containerd: 1.7.15
runc: 1.1.12
Flannel: 0.24.4

Talos is built with Go 1.22.2.

Hardware Watchdog Timers

Talos Linux now supports hardware watchdog timers configuration.
If enabled, and the machine becomes unresponsive, the hardware watchdog will reset the machine.

The watchdog can be enabled with the following configuration document:

apiVersion: v1alpha1
kind: WatchdogTimerConfig
device: /dev/watchdog0
timeout: 3m0s

Contributors

• Andrey Smirnov
• Noel Georgi
• Dmitriy Matrenichev
• Utku Ozdemir
• Andrey Smirnov
• Artem Chernyshev
• Dmitry Sharshakov
• Justin Garrison
• Radosław Piliszek
• Spencer Smith
• Anthony ARNAUD
• Steve Francis
• Anastasios Papagiannis
• Andrei Kvapil
• Andrian Zubovic
• AvnarJakob
• Cas de Reuver
• Christian Mohn
• Christian WALDBILLIG
• Dennis Marttinen
• Dmitry Sharshakov
• Drew Hess
• Evan Johnson
• ExtraClock
• Fabiano Fidêncio
• Henno Schooljan
• Hervé Werner
• JJGadgets
• Jacob McSwain
• Jean-Tiare Le Bigot
• Jonomir
• Kai Hanssen
• Konrad Eriksson
• Louis SCHNEIDER
• Matthieu S
• Michael Stephenson
• Nico Berlee
• Niklas Wik
• Pip Oomen
• Saiyam Pathak
• Sebastiaan Gerritsen
• Sebastian Gaiser
• Serge Logvinov
• Tim Jones
• bri
• ebcrypto
• edwinavalos
• fazledyn-or
• goodmost
• james-dreebot
• pardomue
• shurkys
• stereobutter

Changes

• siderolabs/talos@77581447c release(v1.7.0-beta.1): prepare release
• siderolabs/talos@1c0a91728 chore: disable max of one commit
• siderolabs/talos@50d475b41 feat: update Kubernetes to v1.30.0-rc.2
• siderolabs/talos@a5b4a8a91 feat: update Linux 6.6.24, containerd 1.7.15
• siderolabs/talos@eea41cdae fix: assign different priority to IPv6 default gateway on OpenStack
• siderolabs/talos@d5932a390 chore: optimize DNSResolveCacheController
• siderolabs/talos@eca03b03c fix: don't modify a global map of profiles
• siderolabs/talos@4da63d1dd test: add a test for 'spin' container runtime
• siderolabs/talos@fb84efce3 feat: provide Kubernets/Talos version compatibility for 1.8
• siderolabs/talos@7d24ddd73 fix: generate secureboot ISO .der certificate correctly
• siderolabs/talos@028a5b4b1 fix: reconnect to the logs stream in dashboard after reboot
• siderolabs/talos@5019c9fa7 fix: present all accepted CAs to the kube-apiserver
• siderolabs/talos@09ef5b3c9 fix: validate that workers don't get cluster CA key
• siderolabs/talos@4f7cb9c3a fix: make static pods check output consistent
• siderolabs/talos@dd7d8d3aa fix: close the apid connection to other machines gracefully
• siderolabs/talos@41a54e8a0 fix: pre-create nftables chain to make kubelet use nftables
• siderolabs/talos@abf302fb5 docs: change localDNS to hostDNS in release notes yaml section
• siderolabs/talos@78f971370 release(v1.7.0-beta.0): prepare release
• siderolabs/talos@01d8b897c fix: make safeReset truly safe to call multiple times
• siderolabs/talos@653f838b0 feat: support multiple Docker cluster in talosctl cluster create
• siderolabs/talos@951904554 chore: bump dependencies (go 1.22.2)
• siderolabs/talos@862c76001 feat: add support for CoreDNS forwarding to host DNS
• siderolabs/talos@e8ae5ef63 feat: add akamai platform support
• siderolabs/talos@5c0f74b37 fix: don't announce the VIP on acquire failure
• siderolabs/talos@2f0fe10d5 chore: update sbc docs
• siderolabs/talos@1b17008e9 fix: handle more OpenStack link types
• siderolabs/talos@e7d804140 fix: always update firewall rules (kubespan)
• siderolabs/talos@78b9bd927 fix: report unsupported x86_64 microarchitecture level
• siderolabs/talos@71d90ba5f fix: retry in the fixed amount of time if grpc relay failed
• siderolabs/talos@d320498a4 chore: bump dependencies
• siderolabs/talos@3195e5d15 fix: force Flannel CNI to use KubePrism Kubernetes API endpoint
• siderolabs/talos@917043fb5 chore: bump tools, pkgs and extra to stable
• siderolabs/talos@f515741b5 chore: add equinix e2e-tests
• siderolabs/talos@117e60583 feat: add support for static extra fields for JSON logs
• siderolabs/talos@090143b03 fix: allow platform cmdline args to be platform-specific
• siderolabs/talos@7a68504b6 feat: support rotating Kubernetes CA
• siderolabs/talos@fac3dd043 fix: don't set default endpoints on gen config
• siderolabs/talos@8dc4910c4 chore: enable "WG over GRPC" testing in siderolink agent tests
• siderolabs/talos@bac366e43 chore: add ExtraInfo field for extensions
• siderolabs/talos@0fc24eeb0 feat: provide insecure flag to imager
• siderolabs/talos@a6b2f5456 feat: update Kubernetes to 1.30.0-rc.0, etcd to 3.5.13
• siderolabs/talos@0361ff895 docs: quickstart video and brew install
• siderolabs/talos@b752a8618 chore: talosctl: add openSUSE OVMF paths
• siderolabs/talos@945648914 feat: support hardware watchdog timers
• siderolabs/talos@949ad11a2 chore: import siderolink as siderolink-launch subcommand
• siderolabs/talos@ee51f04af chore: azure e2e
• siderolabs/talos@55dd41c0d chore: update coredns to v1.11.2 in required section
• siderolabs/talos@8eacc4ba8 feat: support rotation of Talos API CA
• siderolabs/talos@92808e3bc feat: report Docker node resources in cluster show
• siderolabs/talos@84ec8c16f feat: support syncing to PTP clocks
• siderolabs/talos@7d43c9aa6 chore: annotate installer errors
• siderolabs/talos@f737e6495 fix: populate routes to BGP neighbors (Equinix Metal)
• siderolabs/talos@19f15a840 chore: bump golangci-lint to 1.57.0
• siderolabs/talos@684011963 docs: add docs for overlays
• siderolabs/talos@9b6ec5929 chore: bump kernel
• siderolabs/talos@69f0466cd docs: remove repetitive words
• siderolabs/talos@113fb646e chore: use go-talos-support library
• siderolabs/talos@89fc68b45 fix: service lifecycle issues
• siderolabs/talos@ead37abf0 test: disable volume tests
• siderolabs/talos@c64523a7a feat: update Flannel to v0.24.4
• siderolabs/talos@15beb1478 feat: implement blockdevice watch controller
• siderolabs/talos@06e3bc0cb feat: implement Siderolink wireguard over GRPC
• siderolabs/talos@9afa70baf fix: patch correctly config in talosctl upgrade-k8s
• siderolabs/talos@3130caf95 chore: re-enable DRBD extension
• siderolabs/talos@3ba180d07 release(v1.7.0-alpha.1): prepare release
• siderolabs/talos@403ad93c3 feat: update dependencies
• siderolabs/talos@7376f34e8 fix: remove maintenance config when maintenance service is shut down
• siderolabs/talos@952801d8b fix: handle overlay partition options
• siderolabs/talos@465b9a4e6 fix: update discovery client with the fix for keepalive interval
• siderolabs/talos@1e9f866ac feat: update Kubernetes to v1.30.0-beta.0
• siderolabs/talos@d118a852b feat: implement Install for imager overlays
• siderolabs/talos@cd5a5a447 chore: migrate to go-grpc-middleware/v2
• siderolabs/talos@e3c2a6398 feat: set default NTP server to time.cloudflare.com
• siderolabs/talos@32e087760 chore: print all available logs containers in logs command completions
• siderolabs/talos@e89d755c5 fix: etcd config validation for worker
• siderolabs/talos@1aa3c9182 docs: add DreeBot to ADOPTERS.md
• siderolabs/talos@1bb6027cc fix: fix nil panic on maintenance upgrade with partial config
• siderolabs/talos@aa70bfb9d docs: add Redpill Linpro to adopters list
• siderolabs/talos@f02aeec92 fix: do not fail cluster create when input dir does not contain talosconfig
• siderolabs/talos@1ec6683e0 chore: use go-copy
• siderolabs/talos@3c8f51d70 chore: move cli formatters and version modules to machinery
• siderolabs/talos@8152a6dd6 feat: update Go to 1.22.1
• siderolabs/talos@8c7953991 docs: update replicated-local-storage-with-openebs-jiva.md
• siderolabs/talos@f23bd8144 fix: syslog parser
• siderolabs/talos@bbed07e03 feat: update Linux to 6.6.18
• siderolabs/talos@8125e754b feat: imager overlay
• siderolabs/talos@0b9b4da12 feat: update Kubernetes to 1.30.0-alpha.3
• siderolabs/talos@3a764029e docs: fix typo in word governor
• siderolabs/talos@d81d49000 chore: update CoreDNS renovate source
• siderolabs/talos@b2ad5dc5f fix: workaround a race in CNI setup (talosctl cluster create)
• siderolabs/talos@457507803 fix: provide auth when pulling images in the imager
• siderolabs/talos@e707175ab docs: update config patch in cilium docs
• siderolabs/talos@f8c556a1c chore: listen for dns requests on 127.0.0.53
• siderolabs/talos@8872a7a21 fix: ignore 'no such device' in addition to 'no such file'
• siderolabs/talos@1cb544353 chore: uki der certs in iso
• siderolabs/talos@67ac6933d fix: handle errors to watch apid/trustd certs
• siderolabs/talos@c79d69c2e fix: only set gateway if set in context (opennebula)
• siderolabs/talos@4575dd8e7 chore: allow not preallocated disks for QEMU cluster
• siderolabs/talos@0bddfea81 chore: add oceanbox.io to adopters
• siderolabs/talos@136427592 chore: use proper talos_version_contract for TF tests
• siderolabs/talos@6bf50fdc1 chore: disable x/net/trace in gRPC to enable dead code elimination
• siderolabs/talos@815a8e9cc feat: add partial config support to talosctl cluster create
• siderolabs/talos@64e9703f8 chore: add tests for the Kata Containers extension
• siderolabs/talos@9b6291925 feat: update pkgs
• siderolabs/talos@66f3ffdd4 fix: ensure that Talos runs in a pod (container)
• siderolabs/talos@9dbc33972 feat: add basic syslog implementation
• siderolabs/talos@0b7a27e6a feat: allow access to all resources over siderolink in maintenance mode
• siderolabs/talos@53721883d feat: support AWS KMS for the SecureBoot signing
• siderolabs/talos@7ee999f8a fix: disable KubeSpan endpoint harvesting by default
• siderolabs/talos@7b87c7fe9 chore: bump Go dependencies
• siderolabs/talos@8e9596d3c docs: rpi talosctl install update
• siderolabs/talos@493bb60f8 fix: correctly handle partial configs in DNSUpstreamController
• siderolabs/talos@6deb10ae2 chore: deprecate environmentFile for extensions
• siderolabs/talos@f8b4ee82a chore: update extensions test
• siderolabs/talos@1366ce14a feat: update Kubernetes to v1.30.0-alpha.2
• siderolabs/talos@559308ef7 fix: use MachineStatus resource to check for boot done
• siderolabs/talos@15e8bca2b feat: support environment in ExtensionServicesConfig
• siderolabs/talos@3fe82ec46 feat: custom image settings for k8s upgrade
• siderolabs/talos@fa3b93370 chore: replace fmt.Errorf with errors.New where possible
• siderolabs/talos@d4521ee9c feat: update kernel with sfc driver and LSM updates
• siderolabs/talos@2f0421b40 fix: run xfs_repair on invalid argument error
• siderolabs/talos@f868fb8e8 docs: update vmware tools url
• siderolabs/talos@fa2d34dd8 chore: enable v6 support on the same port
• siderolabs/talos@83e0b0c19 chore: adjust dns sockets settings
• siderolabs/talos@a1ec1705b chore: update Go to 1.22.0
• siderolabs/talos@76b50fcd4 chore: add Ænix to the Adopters list
• siderolabs/talos@5324d3916 chore: bump stuff
• siderolabs/talos@087b50f42 feat: support systemd-boot ISO enroll keys option
• siderolabs/talos@afa71d6b0 chore: use "handle-like" resource in DNSResolveCacheController
• siderolabs/talos@013e13070 fix: error with decoding config document with wrong apiVersion
• siderolabs/talos@1e77bb1c3 chore: allow custom pkgs to build talos
• siderolabs/talos@3f8a85f1b fix: unlock the upgrade mutex properly
• siderolabs/talos@61c3331b1 docs: update indentation in vip.md
• siderolabs/talos@383e528df chore: allow uuid-based hostnames in talosctl cluster create
• siderolabs/talos@1e6c8c4de feat: extensions services config
• siderolabs/talos@989ca3ade feat: add OpenNebula platform support
• siderolabs/talos@914f88778 docs: update nocloud.md Proxmox information
• siderolabs/talos@a04cc8015 fix: pass TTL when generating client certificate
• siderolabs/talos@3fe8c12ca fix: add log line about controller runtime failing
• siderolabs/talos@ddbabc7e5 fix: use a separate cgroup for each extension service
• siderolabs/talos@6ccdd2c09 chore: fix markdown-lint call
• siderolabs/talos@4184e617a chore: add test for wasmedge runtime extension
• siderolabs/talos@95ea3a6c6 chore: bump timeout in acquire tests
• siderolabs/talos@c19a505d8 chore: bump docker dind image
• siderolabs/talos@d7d4154d5 chore: remove channel blocking in qemu launch
• siderolabs/talos@029d7f7b9 release(v1.7.0-alpha.0): prepare release
• siderolabs/talos@2ff81c06b feat: update runc 1.1.12, containerd 1.7.13
• siderolabs/talos@9d8cd4d05 chore: drop deprecated method EtcdRemoveMember
• siderolabs/talos@17567f19b fix: take into account the moment seen when cleaning up CRI images
• siderolabs/talos@aa03204b8 docs: document the process of building custom kernel packages
• siderolabs/talos@7af48bd55 feat: use RSA key for kube-apiserver service account key
• siderolabs/talos@a5e13c696 fix: retry blockdevice open in the installer
• siderolabs/talos@593afeea3 fix: run the interactive installer loop to report errors
• siderolabs/talos@87be76b87 fix: be more tolerant to error handling in Mounts API
• siderolabs/talos@03add7503 docs: add section on using imager with extensions from tarball
• siderolabs/talos@ee0fb5eff docs: consolidate certificate management articles
• siderolabs/talos@9c14dea20 chore: bump coredns
• siderolabs/talos@ebeef2852 feat: implement local caching dns server
• siderolabs/talos@4a3691a27 docs: fix broken links in metal-network-configuration.md
• siderolabs/talos@c4ed189a6 docs: provide sane defaults for each release series in vmware script
• siderolabs/talos@8138d54c6 docs: clarify node taints/labels for worker nodes
• siderolabs/talos@b44551ccd feat: update Linux to 6.6.13
• siderolabs/talos@385707c5f docs: update vmware.sh
• siderolabs/talos@d1a79b845 docs: fix small typo in etcd maintenance guide
• siderolabs/talos@cf0603330 docs: copy generated JSON schema to host
• siderolabs/talos@f11139c22 docs: document local path provisioner install
• siderolabs/talos@e0dfbb8fb fix: allow META encoded values to be compressed
• siderolabs/talos@d677901b6 feat: implement device selector for 'physical'
• siderolabs/talos@7d1117289 docs: add missing talosconfig flag
• siderolabs/talos@8a1732bcb fix: pull in mptspi driver
• siderolabs/talos@c1e45071f refactor: use etcd configuration from the EtcdSpec resource
• siderolabs/talos@4e9b688d3 fix: use correct TTL for talosconfig in talosctl config new
• siderolabs/talos@fb5ad0555 feat: update Kubernetes default to 1.29.1
• siderolabs/talos@fe24139f3 docs: fork docs for v1.7
• siderolabs/talos@1c2d10ccc chore: bump dependencies
• siderolabs/talos@a599e3867 chore: allow custom registry to build installer/imager
• siderolabs/talos@3911ddf7b docs: add how-to for cert management
• siderolabs/talos@b0ee0bfba fix: strategic patch merging for audit policy
• siderolabs/talos@474eccdc4 fix: watch bufer overrun for RouteStatus
• siderolabs/talos@cc06b5d7a fix: fix .der output in talosctl gen secureboot
• siderolabs/talos@1dbb4abf4 fix: update discovery service client to v0.1.6
• siderolabs/talos@9782319c3 fix: support KubePrism settings in Kubernetes Discovery
• siderolabs/talos@6c5a0c281 feat: generate a single JSON schema for multidoc config
• siderolabs/talos@f70b47ddd fix: force KubePrism to connect using IPv4
• siderolabs/talos@d5321e085 fix: update kmsg with utf-8 fix
• siderolabs/talos@7fa7362dd fix: fix nodes on dashboard footer when node names are used in --nodes
• siderolabs/talos@ba88678f1 fix: merge ports and ingress configs correctly in NetworkRuleConfig
• siderolabs/talos@dea9bda2d fix: disk UUID & WWID always empty in talosctl disks
• siderolabs/talos@8dc112f36 chore: pull in NBD modules
• siderolabs/talos@f6926faab fix: default priority for ipv6
• siderolabs/talos@e8758dcba chore: support http downloads for assets in talosctl cluster create
• siderolabs/talos@265f21be0 fix: replace the filemap implementation to not buffer in memory
• siderolabs/talos@8db3c5b3c fix: pick correctly base installer image layers
• siderolabs/talos@0a30ef784 fix: imager should support different Talos versions
• siderolabs/talos@d6342cda5 docs: update latest version to v1.6.1
• siderolabs/talos@e6e422b92 chore: bump dependencies
• siderolabs/talos@5a19d078a fix: properly overwrite files on install
• siderolabs/talos@9eb6cea78 docs: secureboot sd-boot menu clarification
• siderolabs/talos@01f0cbe61 feat: support iPXE direct booting in talosctl cluster create
• siderolabs/talos@3ba84701d feat: pull in kernel modules for mlx Infiniband and VFIO
• siderolabs/talos@ba993e0ed docs: announce that SecureBoot is available
• siderolabs/talos@241bc9312 fix: update the way secureboot signer fetches certificate (azure)
• siderolabs/talos@59b62398f chore: modernize machined/pkg/controllers/k8s
• siderolabs/talos@760f793d5 fix: use correct prefix when installing SBC files
• siderolabs/talos@0b94550c4 chore: fix the gvisor test
• siderolabs/talos@3a787c1d6 docs: update 1.6 docs with Noel's feedback
• siderolabs/talos@d803e40ef docs: provide documentation for Talos 1.6
• siderolabs/talos@9a185a30f feat: update Kubernetes to v1.29.0
• siderolabs/talos@5934815d2 chore: split more kernel modules on amd64
• siderolabs/talos@10c59a6b9 fix: leave discovery service later in the reset sequence
• siderolabs/talos@0c86ca1cc chore: enable kubespan+firewall for cilium tests
• siderolabs/talos@98fd722d5 feat: provide compatibility for future Talos 1.7
• siderolabs/talos@131a1b167 fix: add a KubeSpan option to disable extra endpoint harvesting
• siderolabs/talos@4547ad9af feat: send actor id to the SideroLink events sink
• siderolabs/talos@04e774547 docs: cap max heading level
• siderolabs/talos@6bb1e99aa chore: optimize pcap dump
• siderolabs/talos@4f9d3b975 feat: update Kubernetes to v1.29.0-rc.2
• siderolabs/talos@46121c9fe docs: rework machine config documentation generation
• siderolabs/talos@e128d3c82 fix: talosctl cluster create not to enforce kubeprism always
• siderolabs/talos@320064c5a feat: update Go 1.21.5, Linux 6.1.65, etcd 3.5.11
• siderolabs/talos@270604bea fix: support user disks via symlinks
• siderolabs/talos@4f195dd27 chore: fix the release.toml
• siderolabs/talos@474fa0480 fix: store and execute desired action on emergency action
• siderolabs/talos@515ae2a18 docs: extend hetzner-cloud docs for arm64
• siderolabs/talos@eecc4dbd5 fix: trim leading spaces\newlines in inline manifest contents
• siderolabs/talos@dbf274ddf fix: skip writing the file if the contents haven't changed
• siderolabs/talos@6329222bd fix: do not panic in merge.Merge if map value is nil

Changes since v1.7.0-beta.0

• siderolabs/talos@77581447c release(v1.7.0-beta.1): prepare release
• siderolabs/talos@1c0a91728 chore: disable max of one commit
• siderolabs/talos@50d475b41 feat: update Kubernetes to v1.30.0-rc.2
• siderolabs/talos@a5b4a8a91 feat: update Linux 6.6.24, containerd 1.7.15
• siderolabs/talos@eea41cdae fix: assign different priority to IPv6 default gateway on OpenStack
• siderolabs/talos@d5932a390 chore: optimize DNSResolveCacheController
• siderolabs/talos@eca03b03c fix: don't modify a global map of profiles
• siderolabs/talos@4da63d1dd test: add a test for 'spin' container runtime
• siderolabs/talos@fb84efce3 feat: provide Kubernets/Talos version compatibility for 1.8
• siderolabs/talos@7d24ddd73 fix: generate secureboot ISO .der certificate correctly
• siderolabs/talos@028a5b4b1 fix: reconnect to the logs stream in dashboard after reboot
• siderolabs/talos@5019c9fa7 fix: present all accepted CAs to the kube-apiserver
• siderolabs/talos@09ef5b3c9 fix: validate that workers don't get cluster CA key
• siderolabs/talos@4f7cb9c3a fix: make static pods check output consistent
• siderolabs/talos@dd7d8d3aa fix: close the apid connection to other machines gracefully
• siderolabs/talos@41a54e8a0 fix: pre-create nftables chain to make kubelet use nftables
• siderolabs/talos@abf302fb5 docs: change localDNS to hostDNS in release notes yaml section

Changes from siderolabs/crypto

• siderolabs/crypto@c240482 feat: provide dynamic client CA matching
• siderolabs/crypto@2f4f911 feat: add PEMEncodedCertificate wrapper
• siderolabs/crypto@1c94bb3 chore: bump dependencies

Changes from siderolabs/discovery-api

• siderolabs/discovery-api@e1dc7bb chore: rekres, update dependencies

Changes from siderolabs/discovery-client

• siderolabs/discovery-client@f4095a1 chore: bump discovery API to v0.1.4
• siderolabs/discovery-client@fbb1cea fix: keepalive interval calculation
• siderolabs/discovery-client@ff8f4be fix: enable gRPC keepalives

Changes from siderolabs/extras

• siderolabs/extras@bb76755 feat: update Go to 1.22.2
• siderolabs/extras@de984c5 chore: bump pkgs to stable
• siderolabs/extras@47bb718 chore: update base pkgs
• siderolabs/extras@60793cd feat: update Go to 1.22.1
• siderolabs/extras@c4934e1 feat: update Go to 1.22
• siderolabs/extras@8909d6f chore: update Go to 1.21.5

Changes from siderolabs/gen

• siderolabs/gen@238baf9 chore: add typesafe SyncMap and bump stuff

Changes from siderolabs/go-api-signature

• siderolabs/go-api-signature@cf2bd06 chore: bump dependencies
• siderolabs/go-api-signature@370cebf fix: always print the login URL on key renew flow
• siderolabs/go-api-signature@d28609a feat: move in the cli grpc interceptor logic, support service account in env
• siderolabs/go-api-signature@4602acc chore: add a dummy workflow
• siderolabs/go-api-signature@cfd21b6 fix: support validating signatures generated with the time in the future
• siderolabs/go-api-signature@74dd3dc chore: bump deps
• siderolabs/go-api-signature@d78bedb chore: bump deps
• siderolabs/go-api-signature@a034e9f feat: replace scopes with roles
• siderolabs/go-api-signature@5b4f3bb chore: run rekres
• siderolabs/go-api-signature@9dba116 chore: remove time.Sleep hack
• siderolabs/go-api-signature@e84e686 chore: bump dependencies
• siderolabs/go-api-signature@8baaf8a chore: bump deps
• siderolabs/go-api-signature@5f27e1e chore: add renovate bot and bump deps
• siderolabs/go-api-signature@69886dc feat: allow custom validations on PGP key
• siderolabs/go-api-signature@63d4da3 fix: limit clock skew for short-lived keys
• siderolabs/go-api-signature@cdb9722 feat: add support for +-5 min clock skew
• siderolabs/go-api-signature@7b80a50 refactor: use options pattern in RegisterPGPPublicKey
• siderolabs/go-api-signature@c647861 feat: add scopes to RegisterPublicKeyRequest
• siderolabs/go-api-signature@5d3647e feat: provide more client PGP functions
• siderolabs/go-api-signature@2b682ec feat: initial version
• siderolabs/go-api-signature@a4c2943 chore: initial commit

Changes from siderolabs/go-copy

• siderolabs/go-copy@aa4ade4 chore: add initial code
• siderolabs/go-copy@52a6d48 chore: go-copy repo

Changes from siderolabs/go-debug

• siderolabs/go-debug@0c2be80 chore: run rekres (update to Go 1.22)

Changes from siderolabs/go-kmsg

• siderolabs/go-kmsg@e358d13 fix: decode escape sequences while reading from kmsg
• siderolabs/go-kmsg@4297bd5 feat: add BSD support

Changes from siderolabs/go-kubernetes

• siderolabs/go-kubernetes@ddd4c69 feat: add support for Kubernetes 1.30

Changes from siderolabs/go-loadbalancer

• siderolabs/go-loadbalancer@aab4671 chore: rekres, update dependencies

Changes from siderolabs/go-talos-support

• siderolabs/go-talos-support@20a1135 feat: add modules for getting Talos support bundle (#1)
• siderolabs/go-talos-support@afa24c4 feat: initial commit

Changes from siderolabs/pkgs

• siderolabs/pkgs@b7f1920 feat: update Linux 6.6.26, containerd 1.7.15
• siderolabs/pkgs@8dc249d feat: enable BFQ IO scheduler
• siderolabs/pkgs@3b6e2a8 chore: disable max of one commit
• siderolabs/pkgs@6101299 feat: go 1.22.2, Linux 6.6.24
• siderolabs/pkgs@d57b0ad fix: revert musl to 1.2.4
• siderolabs/pkgs@dd71e02 fix: xz vulnerability
• siderolabs/pkgs@22c8dd4 chore: bump deps
• siderolabs/pkgs@aefe000 feat: configure kernel to include AppArmor LSM
• siderolabs/pkgs@5ce8467 chore: drop efi runtime services test framework
• siderolabs/pkgs@5861223 fix: kernel boot on arm64 metal
• siderolabs/pkgs@6364d99 chore: kconfig cleanup
• siderolabs/pkgs@b65c085 feat: enable CONFIG_TLS as a module
• siderolabs/pkgs@bb981f8 feat: update GRUB to 2.12
• siderolabs/pkgs@6f35841 chore: drop all sbc stuff from pkgs
• siderolabs/pkgs@f4335dc fix: kernel hardening check script
• siderolabs/pkgs@b61df1c feat: enable CONFIG_WATCHDOG_SYSFS
• siderolabs/pkgs@4a9a027 feat: re-enable DRBD
• siderolabs/pkgs@c42c163 chore: remove unused vars
• siderolabs/pkgs@8804a60 chore: update dependencies
• siderolabs/pkgs@a587b42 feat: enable most common amd64 watchdog drivers
• siderolabs/pkgs@3aacf03 feat: update releases
• siderolabs/pkgs@e5c0c79 feat: build NVMe target module
• siderolabs/pkgs@cb39126 chore: re-enable zfs pkg
• siderolabs/pkgs@d9c1540 feat: update releases
• siderolabs/pkgs@1904994 feat: enable VRF module
• siderolabs/pkgs@87eb013 feat: disable PCI busmastering on bridges during boot
• siderolabs/pkgs@30f18c8 chore: remove symlinks and broken binaries
• siderolabs/pkgs@7811e5e chore: set PREEMPT_NONE as recommended for servers
• siderolabs/pkgs@65006ed fix: enable KFD support in kernel
• siderolabs/pkgs@510a3f9 feat: add support for Solarflare SFC9100 and SFC9200 family
• siderolabs/pkgs@4340508 feat: enable CONFIG_SECURITY_PATH and CONFIG_BPF_LSM
• siderolabs/pkgs@0ec4cc3 feat: update Go to 1.22
• siderolabs/pkgs@36c08ae feat: enable PSI (pressure stall information)
• siderolabs/pkgs@0853224 feat: update Linux to 6.6.16
• siderolabs/pkgs@96cc841 chore: bump deps
• siderolabs/pkgs@064fd58 feat: update Linux to 6.6.14, enable XDP
• siderolabs/pkgs@efbbd23 feat: update Linux to 6.6.13
• siderolabs/pkgs@dfb5026 chore: switch to git ref for raspberrypi firmware
• siderolabs/pkgs@4af2d0f feat: update Linux to 6.1.74
• siderolabs/pkgs@2358efe fix: enable FUSION_SPI driver
• siderolabs/pkgs@f376a53 chore: bump dependencies
• siderolabs/pkgs@583e519 feat: add v4l usb video class (webcam) drivers
• siderolabs/pkgs@2d3ca68 feat: enable NBD
• siderolabs/pkgs@f647edd feat: update Linux to 6.1.69
• siderolabs/pkgs@6af1691 feat: enable VFIO also on amd64
• siderolabs/pkgs@d633cd6 feat: enable modules for mlx infiniband
• siderolabs/pkgs@4c59641 fix: zfs module build
• siderolabs/pkgs@e325097 feat: enable nct6683 sensors as module
• siderolabs/pkgs@d6185ec feat: enable IRQ remapping on amd64
• siderolabs/pkgs@814dc60 feat: update containerd to 1.7.11
• siderolabs/pkgs@dd71790 chore: rekres to fix 'failed' build on main
• siderolabs/pkgs@a36dec4 feat: split more device drivers into modules
• siderolabs/pkgs@97270a2 feat: update Linux to 6.1.67
• siderolabs/pkgs@8a73907 feat: update Go to 1.21.5
• siderolabs/pkgs@8f0ffb9 feat: update zfs to v2.2.2

Changes from siderolabs/siderolink

• siderolabs/siderolink@5422b1c chore: quick fixes
• siderolabs/siderolink@9300968 feat: move actual logic into the agent package
• siderolabs/siderolink@8866351 chore: implement WireGuard over GRPC
• siderolabs/siderolink@7909156 chore: bump deps
• siderolabs/siderolink@eb221dd chore: bump deps

Changes from siderolabs/tools

• siderolabs/tools@10b2a69 feat: update go to 1.22.2
• siderolabs/tools@71eba29 fix: xz vulnerability
• siderolabs/tools@7e1b2d8 chore: update toolchain
• siderolabs/tools@901b4fc chore: bump deps
• siderolabs/tools@dfee984 chore: bump systemd
• siderolabs/tools@cb5fd56 chore: update xz to 5.6.1
• siderolabs/tools@14bf457 fix: use musl 1.2.4 in tools, revert kmod back to 32
• siderolabs/tools@6c1f73d fix: revert kmod to version 31
• siderolabs/tools@59fd552 feat: update releases
• siderolabs/tools@eff5d16 feat: update Go to 1.22.1
• siderolabs/tools@b6b4d9e feat: update Go to 1.22
• siderolabs/tools@f4b41d1 fix: rust toolchain
• siderolabs/tools@8cc79e6 feat: update dependencies
• siderolabs/tools@c7076eb chore: bump dependencies
• siderolabs/tools@a80a2aa feat: update Go to 1.21.6
• siderolabs/tools@b677a2b feat: add rust build stage
• siderolabs/tools@1659d82 feat: update Go to 1.21.5

Dependency Changes

• github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0 -> v1.11.1
• github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 -> v1.5.1
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.0.0 -> v1.1.0
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 -> v1.1.0
• github.com/alexflint/go-filemutex v1.3.0 new
• github.com/aws/aws-sdk-go-v2/config v1.25.6 -> v1.27.10
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.5 -> v1.16.1
• github.com/aws/aws-sdk-go-v2/service/kms v1.30.1 new
• github.com/aws/smithy-go v1.17.0 -> v1.20.2
• github.com/beevik/ntp v1.3.0 -> v1.3.1
• github.com/cenkalti/backoff/v4 v4.2.1 -> v4.3.0
• github.com/containerd/cgroups/v3 v3.0.2 -> v3.0.3
• github.com/containerd/containerd v1.7.9 -> v1.7.14
• github.com/containernetworking/plugins v1.3.0 -> v1.4.1
• github.com/coredns/coredns v1.11.2 new
• github.com/cosi-project/runtime v0.3.19 -> v0.4.1
• github.com/distribution/reference v0.5.0 -> v0.6.0
• github.com/docker/docker v24.0.7 -> v26.0.0
• github.com/docker/go-connections v0.4.0 -> v0.5.0
• github.com/foxboron/go-uefi 18b9ba9cd4c3 -> 48be911532c2
• github.com/gdamore/tcell/v2 v2.6.0 -> v2.7.4
• github.com/google/go-containerregistry v0.16.1 -> v0.19.1
• github.com/google/go-tpm v0.9.0 -> ee6cbcd136f8
• github.com/google/nftables v0.1.0 -> v0.2.0
• github.com/google/uuid v1.4.0 -> v1.6.0
• github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0 new
• github.com/hetznercloud/hcloud-go/v2 v2.4.0 -> v2.7.0
• github.com/insomniacslk/dhcp b0416c0f187a -> c728f5dd21c8
• github.com/jeromer/syslogparser v1.1.0 new
• github.com/jsimonetti/rtnetlink v1.4.0 -> v1.4.1
• github.com/klauspost/cpuid/v2 v2.2.7 new
• github.com/linode/go-metadata v0.2.0 new
• github.com/mdlayher/kobject 19ca17470d7d new
• github.com/miekg/dns v1.1.58 new
• github.com/opencontainers/image-spec v1.1.0-rc4 -> v1.1.0
• github.com/opencontainers/runtime-spec v1.1.0-rc.1 -> v1.2.0
• github.com/packethost/packngo v0.30.0 -> v0.31.0
• github.com/pmorjan/kmod v1.1.0 -> v1.1.1
• github.com/prometheus/procfs v0.12.0 -> v0.13.0
• github.com/rivo/tview 33a1d271f2b6 -> a22293bda944
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.21 -> v1.0.0-beta.25
• github.com/siderolabs/crypto v0.4.1 -> v0.4.4
• github.com/siderolabs/discovery-api v0.1.3 -> v0.1.4
• github.com/siderolabs/discovery-client v0.1.5 -> v0.1.8
• github.com/siderolabs/extras v1.6.0-1-g113887a -> v1.7.0-1-gbb76755
• github.com/siderolabs/gen v0.4.7 -> v0.4.8
• github.com/siderolabs/go-api-signature v0.3.2 new
• github.com/siderolabs/go-blockdevice/v2 a5481f5272f2 new
• github.com/siderolabs/go-copy v0.1.0 new
• github.com/siderolabs/go-debug v0.2.3 -> v0.3.0
• github.com/siderolabs/go-kmsg v0.1.3 -> v0.1.4
• github.com/siderolabs/go-kubernetes v0.2.8 -> v0.2.9
• github.com/siderolabs/go-loadbalancer v0.3.2 -> v0.3.3
• github.com/siderolabs/go-talos-support v0.1.0 new
• github.com/siderolabs/pkgs v1.6.0-5-g3ae2450 -> v1.7.0-5-gb7f1920
• github.com/siderolabs/siderolink v0.3.4 -> v0.3.5
• github.com/siderolabs/talos/pkg/machinery v1.6.0 -> v1.7.0-beta.1
• github.com/siderolabs/tools v1.6.0-1-g336d248 -> v1.7.0-1-g10b2a69
• github.com/stretchr/testify v1.8.4 -> v1.9.0
• github.com/u-root/u-root v0.11.0 -> v0.14.0
• github.com/ulikunitz/xz v0.5.11 -> v0.5.12
• go.etcd.io/etcd/api/v3 v3.5.11 -> v3.5.13
• go.etcd.io/etcd/client/pkg/v3 v3.5.11 -> v3.5.13
• go.etcd.io/etcd/client/v3 v3.5.11 -> v3.5.13
• go.etcd.io/etcd/etcdutl/v3 v3.5.11 -> v3.5.13
• go.uber.org/zap v1.26.0 -> v1.27.0
• go4.org/netipx 6213f710f925 -> fdeea329fbba
• golang.org/x/net v0.19.0 -> v0.23.0
• golang.org/x/oauth2 v0.15.0 -> v0.18.0
• golang.org/x/sync v0.5.0 -> v0.6.0
• golang.org/x/sys v0.15.0 -> v0.18.0
• golang.org/x/term v0.15.0 -> v0.18.0
• google.golang.org/grpc v1.59.0 -> v1.62.1
• google.golang.org/protobuf v1.31.0 -> v1.33.0
• k8s.io/api v0.29.0 -> v0.30.0-rc.2
• k8s.io/apimachinery v0.29.0 -> v0.30.0-rc.2
• k8s.io/apiserver v0.29.0 -> v0.30.0-rc.2
• k8s.io/client-go v0.29.0 -> v0.30.0-rc.2
• k8s.io/component-base v0.29.0 -> v0.30.0-rc.2
• k8s.io/cri-api v0.29.0 -> v0.30.0-rc.2
• k8s.io/klog/v2 v2.110.1 -> v2.120.1
• k8s.io/kube-scheduler v0.29.0 -> v0.30.0-rc.2
• k8s.io/kubectl v0.29.0 -> v0.30.0-rc.2
• k8s.io/kubelet v0.29.0 -> v0.30.0-rc.2
• k8s.io/pod-security-admission v0.30.0-rc.2 new

Previous release can be found at v1.6.0

Images

ghcr.io/siderolabs/flannel:v0.24.4
ghcr.io/siderolabs/install-cni:v1.7.0-1-gbb76755
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.13
registry.k8s.io/kube-apiserver:v1.30.0-rc.2
registry.k8s.io/kube-controller-manager:v1.30.0-rc.2
registry.k8s.io/kube-scheduler:v1.30.0-rc.2
registry.k8s.io/kube-proxy:v1.30.0-rc.2
ghcr.io/siderolabs/kubelet:v1.30.0-rc.2
ghcr.io/siderolabs/installer:v1.7.0-beta.1
registry.k8s.io/pause:3.8

Talos 1.7.0-beta.0 (2024-04-05)

Welcome to the v1.7.0-beta.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

CA Rotation

Talos Linux now supports rotating the root CA certificate and key for Talos API and Kubernetes API.

Device Selectors

Talos Linux now supports physical: true qualifier for device selectors, it selects non-virtual network interfaces (i.e. en0 is selected, while bond0 is not).

DNS Caching

Talos Linux now provides a caching DNS resolver for host workloads (including host networking pods). It can be disabled with:

machine:
   features:
       hostDNS:
         enabled: false

Extension Services Config

Talos now supports supplying configuration files and environment variables for extension services.
The extension service configuration is a separate config document. An example is shown below:

---
apiVersion: v1alpha1
kind: ExtensionServiceConfig
name: nut-client
configFiles:
  - content: MONITOR ${upsmonHost} 1 remote pass password
    mountPath: /usr/local/etc/nut/upsmon.conf
environment:
  - UPS_NAME=ups

For documentation, see Extension Services Config Files.

Note: The use of environmentFile in extension service spec is now deprecated and will be removed in a future release of Talos.
Use ExtensionServiceConfig instead.

Kubernetes Upgrade

The command talosctl upgrade-k8s now supports specifying custom image references for Kubernetes components via --*-image flags.
The default behavior is unchanged, and the flags are optional.

KubeSpan

Talos Linux disables by default a KubeSpan feature to harvest additional endpoints from KubeSpan members.
This feature turned out to be less helpful than expected and caused unnecessary performance issues.

Previous behavior can be restored with:

machine:
  network:
    kubespan:
        harvestExtraEndpoints: true

Logging

Talos Linux now supports setting extra tags when sending logs in JSON format:

machine:
  logging:
    destinations:
      - endpoint: "udp://127.0.0.1:12345/"
        format: "json_lines"
        extraTags:
          server: s03-rack07

Time Sync

Default NTP server was updated to be time.cloudflare.com instead of pool.ntp.org.
Default server is only used if the user does not specify any NTP servers in the configuration.

Talos Linux can now sync to PTP devices (e.g. provided by the hypervisor) skipping the network time servers.
In order to activate PTP sync, set machine.time.servers to the PTP device name (e.g. /dev/ptp0):

machine:
  time:
    servers:
      - /dev/ptp0

OpenNebula

Talos Linux now supports OpenNebula platform.

Platforms

Talos Linux now supports Akamai Connected Cloud provider (platform akamai).

Kubernetes API Server Service Account Key

Talos Linux starting from this release uses RSA key for Kubernetes API Server Service Account instead of ECDSA key to provide better compatibility with external OpenID Connect implementations.

SBC

Talos has split the SBC's (Single Board Computers) into separate repositories.
There will not be any more SBC specific release assets as part of Talos release.

The default Talos Installer image will stop working for SBC's and will fail the upgrade, if used, starting from Talos v1.7.0.

The SBC's images and installers can be generated on the fly using Image Factory or using Imager for custom images.
The list of official SBC's images supported by Image Factory can be found in the Overlays repository.

Secure Boot Image

Talos Linux now provides a way to configure systemd-boot ISO 'secure-boot-enroll' option while generating a SecureBoot ISO image:

output:
    kind: iso
    isoOptions:
        sdBootEnrollKeys: force # default is still if-safe
    outFormat: raw

Syslog

Talos Linux now starts a basic syslog receiver listening on /dev/log.
The receiver can mostly parse both RFC3164 and RFC5424 messages and writes them as JSON formatted message.
The logs can be viewed via talosctl logs syslogd.

This is mostly implemented for extension services that log to syslog.

Component Updates

Linux: 6.6.24
etcd: 3.5.11
Kubernetes: 1.30.0-rc.1
containerd: 1.7.14
runc: 1.1.12
Flannel: 0.24.4

Talos is built with Go 1.22.2.

Hardware Watchdog Timers

Talos Linux now supports hardware watchdog timers configuration.
If enabled, and the machine becomes unresponsive, the hardware watchdog will reset the machine.

The watchdog can be enabled with the following configuration document:

apiVersion: v1alpha1
kind: WatchdogTimerConfig
device: /dev/watchdog0
timeout: 3m0s

Contributors

• Andrey Smirnov
• Noel Georgi
• Dmitriy Matrenichev
• Utku Ozdemir
• Andrey Smirnov
• Artem Chernyshev
• Dmitry Sharshakov
• Justin Garrison
• Radosław Piliszek
• Spencer Smith
• Anthony ARNAUD
• Steve Francis
• Anastasios Papagiannis
• Andrei Kvapil
• Andrian Zubovic
• AvnarJakob
• Cas de Reuver
• Christian Mohn
• Christian WALDBILLIG
• Dmitry Sharshakov
• Drew Hess
• Evan Johnson
• ExtraClock
• Fabiano Fidêncio
• Henno Schooljan
• Hervé Werner
• JJGadgets
• Jacob McSwain
• Jean-Tiare Le Bigot
• Jonomir
• Kai Hanssen
• Konrad Eriksson
• Louis SCHNEIDER
• Matthieu S
• Michael Stephenson
• Nico Berlee
• Niklas Wik
• Pip Oomen
• Saiyam Pathak
• Sebastiaan Gerritsen
• Sebastian Gaiser
• Serge Logvinov
• Tim Jones
• bri
• ebcrypto
• edwinavalos
• fazledyn-or
• goodmost
• james-dreebot
• pardomue
• shurkys
• stereobutter

Changes

• siderolabs/talos@78f971370 release(v1.7.0-beta.0): prepare release
• siderolabs/talos@01d8b897c fix: make safeReset truly safe to call multiple times
• siderolabs/talos@653f838b0 feat: support multiple Docker cluster in talosctl cluster create
• siderolabs/talos@951904554 chore: bump dependencies (go 1.22.2)
• siderolabs/talos@862c76001 feat: add support for CoreDNS forwarding to host DNS
• siderolabs/talos@e8ae5ef63 feat: add akamai platform support
• siderolabs/talos@5c0f74b37 fix: don't announce the VIP on acquire failure
• siderolabs/talos@2f0fe10d5 chore: update sbc docs
• siderolabs/talos@1b17008e9 fix: handle more OpenStack link types
• siderolabs/talos@e7d804140 fix: always update firewall rules (kubespan)
• siderolabs/talos@78b9bd927 fix: report unsupported x86_64 microarchitecture level
• siderolabs/talos@71d90ba5f fix: retry in the fixed amount of time if grpc relay failed
• siderolabs/talos@d320498a4 chore: bump dependencies
• siderolabs/talos@3195e5d15 fix: force Flannel CNI to use KubePrism Kubernetes API endpoint
• siderolabs/talos@917043fb5 chore: bump tools, pkgs and extra to stable
• siderolabs/talos@f515741b5 chore: add equinix e2e-tests
• siderolabs/talos@117e60583 feat: add support for static extra fields for JSON logs
• siderolabs/talos@090143b03 fix: allow platform cmdline args to be platform-specific
• siderolabs/talos@7a68504b6 feat: support rotating Kubernetes CA
• siderolabs/talos@fac3dd043 fix: don't set default endpoints on gen config
• siderolabs/talos@8dc4910c4 chore: enable "WG over GRPC" testing in siderolink agent tests
• siderolabs/talos@bac366e43 chore: add ExtraInfo field for extensions
• siderolabs/talos@0fc24eeb0 feat: provide insecure flag to imager
• siderolabs/talos@a6b2f5456 feat: update Kubernetes to 1.30.0-rc.0, etcd to 3.5.13
• siderolabs/talos@0361ff895 docs: quickstart video and brew install
• siderolabs/talos@b752a8618 chore: talosctl: add openSUSE OVMF paths
• siderolabs/talos@945648914 feat: support hardware watchdog timers
• siderolabs/talos@949ad11a2 chore: import siderolink as siderolink-launch subcommand
• siderolabs/talos@ee51f04af chore: azure e2e
• siderolabs/talos@55dd41c0d chore: update coredns to v1.11.2 in required section
• siderolabs/talos@8eacc4ba8 feat: support rotation of Talos API CA
• siderolabs/talos@92808e3bc feat: report Docker node resources in cluster show
• siderolabs/talos@84ec8c16f feat: support syncing to PTP clocks
• siderolabs/talos@7d43c9aa6 chore: annotate installer errors
• siderolabs/talos@f737e6495 fix: populate routes to BGP neighbors (Equinix Metal)
• siderolabs/talos@19f15a840 chore: bump golangci-lint to 1.57.0
• siderolabs/talos@684011963 docs: add docs for overlays
• siderolabs/talos@9b6ec5929 chore: bump kernel
• siderolabs/talos@69f0466cd docs: remove repetitive words
• siderolabs/talos@113fb646e chore: use go-talos-support library
• siderolabs/talos@89fc68b45 fix: service lifecycle issues
• siderolabs/talos@ead37abf0 test: disable volume tests
• siderolabs/talos@c64523a7a feat: update Flannel to v0.24.4
• siderolabs/talos@15beb1478 feat: implement blockdevice watch controller
• siderolabs/talos@06e3bc0cb feat: implement Siderolink wireguard over GRPC
• siderolabs/talos@9afa70baf fix: patch correctly config in talosctl upgrade-k8s
• siderolabs/talos@3130caf95 chore: re-enable DRBD extension
• siderolabs/talos@3ba180d07 release(v1.7.0-alpha.1): prepare release
• siderolabs/talos@403ad93c3 feat: update dependencies
• siderolabs/talos@7376f34e8 fix: remove maintenance config when maintenance service is shut down
• siderolabs/talos@952801d8b fix: handle overlay partition options
• siderolabs/talos@465b9a4e6 fix: update discovery client with the fix for keepalive interval
• siderolabs/talos@1e9f866ac feat: update Kubernetes to v1.30.0-beta.0
• siderolabs/talos@d118a852b feat: implement Install for imager overlays
• siderolabs/talos@cd5a5a447 chore: migrate to go-grpc-middleware/v2
• siderolabs/talos@e3c2a6398 feat: set default NTP server to time.cloudflare.com
• siderolabs/talos@32e087760 chore: print all available logs containers in logs command completions
• siderolabs/talos@e89d755c5 fix: etcd config validation for worker
• siderolabs/talos@1aa3c9182 docs: add DreeBot to ADOPTERS.md
• siderolabs/talos@1bb6027cc fix: fix nil panic on maintenance upgrade with partial config
• siderolabs/talos@aa70bfb9d docs: add Redpill Linpro to adopters list
• siderolabs/talos@f02aeec92 fix: do not fail cluster create when input dir does not contain talosconfig
• siderolabs/talos@1ec6683e0 chore: use go-copy
• siderolabs/talos@3c8f51d70 chore: move cli formatters and version modules to machinery
• siderolabs/talos@8152a6dd6 feat: update Go to 1.22.1
• siderolabs/talos@8c7953991 docs: update replicated-local-storage-with-openebs-jiva.md
• siderolabs/talos@f23bd8144 fix: syslog parser
• siderolabs/talos@bbed07e03 feat: update Linux to 6.6.18
• siderolabs/talos@8125e754b feat: imager overlay
• siderolabs/talos@0b9b4da12 feat: update Kubernetes to 1.30.0-alpha.3
• siderolabs/talos@3a764029e docs: fix typo in word governor
• siderolabs/talos@d81d49000 chore: update CoreDNS renovate source
• siderolabs/talos@b2ad5dc5f fix: workaround a race in CNI setup (talosctl cluster create)
• siderolabs/talos@457507803 fix: provide auth when pulling images in the imager
• siderolabs/talos@e707175ab docs: update config patch in cilium docs
• siderolabs/talos@f8c556a1c chore: listen for dns requests on 127.0.0.53
• siderolabs/talos@8872a7a21 fix: ignore 'no such device' in addition to 'no such file'
• siderolabs/talos@1cb544353 chore: uki der certs in iso
• siderolabs/talos@67ac6933d fix: handle errors to watch apid/trustd certs
• siderolabs/talos@c79d69c2e fix: only set gateway if set in context (opennebula)
• siderolabs/talos@4575dd8e7 chore: allow not preallocated disks for QEMU cluster
• siderolabs/talos@0bddfea81 chore: add oceanbox.io to adopters
• siderolabs/talos@136427592 chore: use proper talos_version_contract for TF tests
• siderolabs/talos@6bf50fdc1 chore: disable x/net/trace in gRPC to enable dead code elimination
• siderolabs/talos@815a8e9cc feat: add partial config support to talosctl cluster create
• siderolabs/talos@64e9703f8 chore: add tests for the Kata Containers extension
• siderolabs/talos@9b6291925 feat: update pkgs
• siderolabs/talos@66f3ffdd4 fix: ensure that Talos runs in a pod (container)
• siderolabs/talos@9dbc33972 feat: add basic syslog implementation
• siderolabs/talos@0b7a27e6a feat: allow access to all resources over siderolink in maintenance mode
• siderolabs/talos@53721883d feat: support AWS KMS for the SecureBoot signing
• siderolabs/talos@7ee999f8a fix: disable KubeSpan endpoint harvesting by default
• siderolabs/talos@7b87c7fe9 chore: bump Go dependencies
• siderolabs/talos@8e9596d3c docs: rpi talosctl install update
• siderolabs/talos@493bb60f8 fix: correctly handle partial configs in DNSUpstreamController
• siderolabs/talos@6deb10ae2 chore: deprecate environmentFile for extensions
• siderolabs/talos@f8b4ee82a chore: update extensions test
• siderolabs/talos@1366ce14a feat: update Kubernetes to v1.30.0-alpha.2
• siderolabs/talos@559308ef7 fix: use MachineStatus resource to check for boot done
• siderolabs/talos@15e8bca2b feat: support environment in ExtensionServicesConfig
• siderolabs/talos@3fe82ec46 feat: custom image settings for k8s upgrade
• siderolabs/talos@fa3b93370 chore: replace fmt.Errorf with errors.New where possible
• siderolabs/talos@d4521ee9c feat: update kernel with sfc driver and LSM updates
• siderolabs/talos@2f0421b40 fix: run xfs_repair on invalid argument error
• siderolabs/talos@f868fb8e8 docs: update vmware tools url
• siderolabs/talos@fa2d34dd8 chore: enable v6 support on the same port
• siderolabs/talos@83e0b0c19 chore: adjust dns sockets settings
• siderolabs/talos@a1ec1705b chore: update Go to 1.22.0
• siderolabs/talos@76b50fcd4 chore: add Ænix to the Adopters list
• siderolabs/talos@5324d3916 chore: bump stuff
• siderolabs/talos@087b50f42 feat: support systemd-boot ISO enroll keys option
• siderolabs/talos@afa71d6b0 chore: use "handle-like" resource in DNSResolveCacheController
• siderolabs/talos@013e13070 fix: error with decoding config document with wrong apiVersion
• siderolabs/talos@1e77bb1c3 chore: allow custom pkgs to build talos
• siderolabs/talos@3f8a85f1b fix: unlock the upgrade mutex properly
• siderolabs/talos@61c3331b1 docs: update indentation in vip.md
• siderolabs/talos@383e528df chore: allow uuid-based hostnames in talosctl cluster create
• siderolabs/talos@1e6c8c4de feat: extensions services config
• siderolabs/talos@989ca3ade feat: add OpenNebula platform support
• siderolabs/talos@914f88778 docs: update nocloud.md Proxmox information
• siderolabs/talos@a04cc8015 fix: pass TTL when generating client certificate
• siderolabs/talos@3fe8c12ca fix: add log line about controller runtime failing
• siderolabs/talos@ddbabc7e5 fix: use a separate cgroup for each extension service
• siderolabs/talos@6ccdd2c09 chore: fix markdown-lint call
• siderolabs/talos@4184e617a chore: add test for wasmedge runtime extension
• siderolabs/talos@95ea3a6c6 chore: bump timeout in acquire tests
• siderolabs/talos@c19a505d8 chore: bump docker dind image
• siderolabs/talos@d7d4154d5 chore: remove channel blocking in qemu launch
• siderolabs/talos@029d7f7b9 release(v1.7.0-alpha.0): prepare release
• siderolabs/talos@2ff81c06b feat: update runc 1.1.12, containerd 1.7.13
• siderolabs/talos@9d8cd4d05 chore: drop deprecated method EtcdRemoveMember
• siderolabs/talos@17567f19b fix: take into account the moment seen when cleaning up CRI images
• siderolabs/talos@aa03204b8 docs: document the process of building custom kernel packages
• siderolabs/talos@7af48bd55 feat: use RSA key for kube-apiserver service account key
• siderolabs/talos@a5e13c696 fix: retry blockdevice open in the installer
• siderolabs/talos@593afeea3 fix: run the interactive installer loop to report errors
• siderolabs/talos@87be76b87 fix: be more tolerant to error handling in Mounts API
• siderolabs/talos@03add7503 docs: add section on using imager with extensions from tarball
• siderolabs/talos@ee0fb5eff docs: consolidate certificate management articles
• siderolabs/talos@9c14dea20 chore: bump coredns
• siderolabs/talos@ebeef2852 feat: implement local caching dns server
• siderolabs/talos@4a3691a27 docs: fix broken links in metal-network-configuration.md
• siderolabs/talos@c4ed189a6 docs: provide sane defaults for each release series in vmware script
• siderolabs/talos@8138d54c6 docs: clarify node taints/labels for worker nodes
• siderolabs/talos@b44551ccd feat: update Linux to 6.6.13
• siderolabs/talos@385707c5f docs: update vmware.sh
• siderolabs/talos@d1a79b845 docs: fix small typo in etcd maintenance guide
• siderolabs/talos@cf0603330 docs: copy generated JSON schema to host
• siderolabs/talos@f11139c22 docs: document local path provisioner install
• siderolabs/talos@e0dfbb8fb fix: allow META encoded values to be compressed
• siderolabs/talos@d677901b6 feat: implement device selector for 'physical'
• siderolabs/talos@7d1117289 docs: add missing talosconfig flag
• siderolabs/talos@8a1732bcb fix: pull in mptspi driver
• siderolabs/talos@c1e45071f refactor: use etcd configuration from the EtcdSpec resource
• siderolabs/talos@4e9b688d3 fix: use correct TTL for talosconfig in talosctl config new
• siderolabs/talos@fb5ad0555 feat: update Kubernetes default to 1.29.1
• siderolabs/talos@fe24139f3 docs: fork docs for v1.7
• siderolabs/talos@1c2d10ccc chore: bump dependencies
• siderolabs/talos@a599e3867 chore: allow custom registry to build installer/imager
• siderolabs/talos@3911ddf7b docs: add how-to for cert management
• siderolabs/talos@b0ee0bfba fix: strategic patch merging for audit policy
• siderolabs/talos@474eccdc4 fix: watch bufer overrun for RouteStatus
• siderolabs/talos@cc06b5d7a fix: fix .der output in talosctl gen secureboot
• siderolabs/talos@1dbb4abf4 fix: update discovery service client to v0.1.6
• siderolabs/talos@9782319c3 fix: support KubePrism settings in Kubernetes Discovery
• siderolabs/talos@6c5a0c281 feat: generate a single JSON schema for multidoc config
• siderolabs/talos@f70b47ddd fix: force KubePrism to connect using IPv4
• siderolabs/talos@d5321e085 fix: update kmsg with utf-8 fix
• siderolabs/talos@7fa7362dd fix: fix nodes on dashboard footer when node names are used in --nodes
• siderolabs/talos@ba88678f1 fix: merge ports and ingress configs correctly in NetworkRuleConfig
• siderolabs/talos@dea9bda2d fix: disk UUID & WWID always empty in talosctl disks
• siderolabs/talos@8dc112f36 chore: pull in NBD modules
• siderolabs/talos@f6926faab fix: default priority for ipv6
• siderolabs/talos@e8758dcba chore: support http downloads for assets in talosctl cluster create
• siderolabs/talos@265f21be0 fix: replace the filemap implementation to not buffer in memory
• siderolabs/talos@8db3c5b3c fix: pick correctly base installer image layers
• siderolabs/talos@0a30ef784 fix: imager should support different Talos versions
• siderolabs/talos@d6342cda5 docs: update latest version to v1.6.1
• siderolabs/talos@e6e422b92 chore: bump dependencies
• siderolabs/talos@5a19d078a fix: properly overwrite files on install
• siderolabs/talos@9eb6cea78 docs: secureboot sd-boot menu clarification
• siderolabs/talos@01f0cbe61 feat: support iPXE direct booting in talosctl cluster create
• siderolabs/talos@3ba84701d feat: pull in kernel modules for mlx Infiniband and VFIO
• siderolabs/talos@ba993e0ed docs: announce that SecureBoot is available
• siderolabs/talos@241bc9312 fix: update the way secureboot signer fetches certificate (azure)
• siderolabs/talos@59b62398f chore: modernize machined/pkg/controllers/k8s
• siderolabs/talos@760f793d5 fix: use correct prefix when installing SBC files
• siderolabs/talos@0b94550c4 chore: fix the gvisor test
• siderolabs/talos@3a787c1d6 docs: update 1.6 docs with Noel's feedback
• siderolabs/talos@d803e40ef docs: provide documentation for Talos 1.6
• siderolabs/talos@9a185a30f feat: update Kubernetes to v1.29.0
• siderolabs/talos@5934815d2 chore: split more kernel modules on amd64
• siderolabs/talos@10c59a6b9 fix: leave discovery service later in the reset sequence
• siderolabs/talos@0c86ca1cc chore: enable kubespan+firewall for cilium tests
• siderolabs/talos@98fd722d5 feat: provide compatibility for future Talos 1.7
• siderolabs/talos@131a1b167 fix: add a KubeSpan option to disable extra endpoint harvesting
• siderolabs/talos@4547ad9af feat: send actor id to the SideroLink events sink
• siderolabs/talos@04e774547 docs: cap max heading level
• siderolabs/talos@6bb1e99aa chore: optimize pcap dump
• siderolabs/talos@4f9d3b975 feat: update Kubernetes to v1.29.0-rc.2
• siderolabs/talos@46121c9fe docs: rework machine config documentation generation
• siderolabs/talos@e128d3c82 fix: talosctl cluster create not to enforce kubeprism always
• siderolabs/talos@320064c5a feat: update Go 1.21.5, Linux 6.1.65, etcd 3.5.11
• siderolabs/talos@270604bea fix: support user disks via symlinks
• siderolabs/talos@4f195dd27 chore: fix the release.toml
• siderolabs/talos@474fa0480 fix: store and execute desired action on emergency action
• siderolabs/talos@515ae2a18 docs: extend hetzner-cloud docs for arm64
• siderolabs/talos@eecc4dbd5 fix: trim leading spaces\newlines in inline manifest contents
• siderolabs/talos@dbf274ddf fix: skip writing the file if the contents haven't changed
• siderolabs/talos@6329222bd fix: do not panic in merge.Merge if map value is nil

Changes since v1.7.0-alpha.1

• siderolabs/talos@78f971370 release(v1.7.0-beta.0): prepare release
• siderolabs/talos@01d8b897c fix: make safeReset truly safe to call multiple times
• siderolabs/talos@653f838b0 feat: support multiple Docker cluster in talosctl cluster create
• siderolabs/talos@951904554 chore: bump dependencies (go 1.22.2)
• siderolabs/talos@862c76001 feat: add support for CoreDNS forwarding to host DNS
• siderolabs/talos@e8ae5ef63 feat: add akamai platform support
• siderolabs/talos@5c0f74b37 fix: don't announce the VIP on acquire failure
• siderolabs/talos@2f0fe10d5 chore: update sbc docs
• siderolabs/talos@1b17008e9 fix: handle more OpenStack link types
• siderolabs/talos@e7d804140 fix: always update firewall rules (kubespan)
• siderolabs/talos@78b9bd927 fix: report unsupported x86_64 microarchitecture level
• siderolabs/talos@71d90ba5f fix: retry in the fixed amount of time if grpc relay failed
• siderolabs/talos@d320498a4 chore: bump dependencies
• siderolabs/talos@3195e5d15 fix: force Flannel CNI to use KubePrism Kubernetes API endpoint
• siderolabs/talos@917043fb5 chore: bump tools, pkgs and extra to stable
• siderolabs/talos@f515741b5 chore: add equinix e2e-tests
• siderolabs/talos@117e60583 feat: add support for static extra fields for JSON logs
• siderolabs/talos@090143b03 fix: allow platform cmdline args to be platform-specific
• siderolabs/talos@7a68504b6 feat: support rotating Kubernetes CA
• siderolabs/talos@fac3dd043 fix: don't set default endpoints on gen config
• siderolabs/talos@8dc4910c4 chore: enable "WG over GRPC" testing in siderolink agent tests
• siderolabs/talos@bac366e43 chore: add ExtraInfo field for extensions
• siderolabs/talos@0fc24eeb0 feat: provide insecure flag to imager
• siderolabs/talos@a6b2f5456 feat: update Kubernetes to 1.30.0-rc.0, etcd to 3.5.13
• siderolabs/talos@0361ff895 docs: quickstart video and brew install
• siderolabs/talos@b752a8618 chore: talosctl: add openSUSE OVMF paths
• siderolabs/talos@945648914 feat: support hardware watchdog timers
• siderolabs/talos@949ad11a2 chore: import siderolink as siderolink-launch subcommand
• siderolabs/talos@ee51f04af chore: azure e2e
• siderolabs/talos@55dd41c0d chore: update coredns to v1.11.2 in required section
• siderolabs/talos@8eacc4ba8 feat: support rotation of Talos API CA
• siderolabs/talos@92808e3bc feat: report Docker node resources in cluster show
• siderolabs/talos@84ec8c16f feat: support syncing to PTP clocks
• siderolabs/talos@7d43c9aa6 chore: annotate installer errors
• siderolabs/talos@f737e6495 fix: populate routes to BGP neighbors (Equinix Metal)
• siderolabs/talos@19f15a840 chore: bump golangci-lint to 1.57.0
• siderolabs/talos@684011963 docs: add docs for overlays
• siderolabs/talos@9b6ec5929 chore: bump kernel
• siderolabs/talos@69f0466cd docs: remove repetitive words
• siderolabs/talos@113fb646e chore: use go-talos-support library
• siderolabs/talos@89fc68b45 fix: service lifecycle issues
• siderolabs/talos@ead37abf0 test: disable volume tests
• siderolabs/talos@c64523a7a feat: update Flannel to v0.24.4
• siderolabs/talos@15beb1478 feat: implement blockdevice watch controller
• siderolabs/talos@06e3bc0cb feat: implement Siderolink wireguard over GRPC
• siderolabs/talos@9afa70baf fix: patch correctly config in talosctl upgrade-k8s
• siderolabs/talos@3130caf95 chore: re-enable DRBD extension

Changes from siderolabs/crypto

• siderolabs/crypto@c240482 feat: provide dynamic client CA matching
• siderolabs/crypto@2f4f911 feat: add PEMEncodedCertificate wrapper
• siderolabs/crypto@1c94bb3 chore: bump dependencies

Changes from siderolabs/discovery-api

• siderolabs/discovery-api@e1dc7bb chore: rekres, update dependencies

Changes from siderolabs/discovery-client

• siderolabs/discovery-client@f4095a1 chore: bump discovery API to v0.1.4
• siderolabs/discovery-client@fbb1cea fix: keepalive interval calculation
• siderolabs/discovery-client@ff8f4be fix: enable gRPC keepalives

Changes from siderolabs/extras

• siderolabs/extras@bb76755 feat: update Go to 1.22.2
• siderolabs/extras@de984c5 chore: bump pkgs to stable
• siderolabs/extras@47bb718 chore: update base pkgs
• siderolabs/extras@60793cd feat: update Go to 1.22.1
• siderolabs/extras@c4934e1 feat: update Go to 1.22
• siderolabs/extras@8909d6f chore: update Go to 1.21.5

Changes from siderolabs/gen

• siderolabs/gen@238baf9 chore: add typesafe SyncMap and bump stuff

Changes from siderolabs/go-api-signature

• siderolabs/go-api-signature@cf2bd06 chore: bump dependencies
• siderolabs/go-api-signature@370cebf fix: always print the login URL on key renew flow
• siderolabs/go-api-signature@d28609a feat: move in the cli grpc interceptor logic, support service account in env
• siderolabs/go-api-signature@4602acc chore: add a dummy workflow
• siderolabs/go-api-signature@cfd21b6 fix: support validating signatures generated with the time in the future
• siderolabs/go-api-signature@74dd3dc chore: bump deps
• siderolabs/go-api-signature@d78bedb chore: bump deps
• siderolabs/go-api-signature@a034e9f feat: replace scopes with roles
• siderolabs/go-api-signature@5b4f3bb chore: run rekres
• siderolabs/go-api-signature@9dba116 chore: remove time.Sleep hack
• siderolabs/go-api-signature@e84e686 chore: bump dependencies
• siderolabs/go-api-signature@8baaf8a chore: bump deps
• siderolabs/go-api-signature@5f27e1e chore: add renovate bot and bump deps
• siderolabs/go-api-signature@69886dc feat: allow custom validations on PGP key
• siderolabs/go-api-signature@63d4da3 fix: limit clock skew for short-lived keys
• siderolabs/go-api-signature@cdb9722 feat: add support for +-5 min clock skew
• siderolabs/go-api-signature@7b80a50 refactor: use options pattern in RegisterPGPPublicKey
• siderolabs/go-api-signature@c647861 feat: add scopes to RegisterPublicKeyRequest
• siderolabs/go-api-signature@5d3647e feat: provide more client PGP functions
• siderolabs/go-api-signature@2b682ec feat: initial version
• siderolabs/go-api-signature@a4c2943 chore: initial commit

Changes from siderolabs/go-copy

• siderolabs/go-copy@aa4ade4 chore: add initial code
• siderolabs/go-copy@52a6d48 chore: go-copy repo

Changes from siderolabs/go-debug

• siderolabs/go-debug@0c2be80 chore: run rekres (update to Go 1.22)

Changes from siderolabs/go-kmsg

• siderolabs/go-kmsg@e358d13 fix: decode escape sequences while reading from kmsg
• siderolabs/go-kmsg@4297bd5 feat: add BSD support

Changes from siderolabs/go-kubernetes

• siderolabs/go-kubernetes@ddd4c69 feat: add support for Kubernetes 1.30

Changes from siderolabs/go-loadbalancer

• siderolabs/go-loadbalancer@aab4671 chore: rekres, update dependencies

Changes from siderolabs/go-talos-support

• siderolabs/go-talos-support@20a1135 feat: add modules for getting Talos support bundle (#1)
• siderolabs/go-talos-support@afa24c4 feat: initial commit

Changes from siderolabs/pkgs

• siderolabs/pkgs@6101299 feat: go 1.22.2, Linux 6.6.24
• siderolabs/pkgs@d57b0ad fix: revert musl to 1.2.4
• siderolabs/pkgs@dd71e02 fix: xz vulnerability
• siderolabs/pkgs@22c8dd4 chore: bump deps
• siderolabs/pkgs@aefe000 feat: configure kernel to include AppArmor LSM
• siderolabs/pkgs@5ce8467 chore: drop efi runtime services test framework
• siderolabs/pkgs@5861223 fix: kernel boot on arm64 metal
• siderolabs/pkgs@6364d99 chore: kconfig cleanup
• siderolabs/pkgs@b65c085 feat: enable CONFIG_TLS as a module
• siderolabs/pkgs@bb981f8 feat: update GRUB to 2.12
• siderolabs/pkgs@6f35841 chore: drop all sbc stuff from pkgs
• siderolabs/pkgs@f4335dc fix: kernel hardening check script
• siderolabs/pkgs@b61df1c feat: enable CONFIG_WATCHDOG_SYSFS
• siderolabs/pkgs@4a9a027 feat: re-enable DRBD
• siderolabs/pkgs@c42c163 chore: remove unused vars
• siderolabs/pkgs@8804a60 chore: update dependencies
• siderolabs/pkgs@a587b42 feat: enable most common amd64 watchdog drivers
• siderolabs/pkgs@3aacf03 feat: update releases
• siderolabs/pkgs@e5c0c79 feat: build NVMe target module
• siderolabs/pkgs@cb39126 chore: re-enable zfs pkg
• siderolabs/pkgs@d9c1540 feat: update releases
• siderolabs/pkgs@1904994 feat: enable VRF module
• siderolabs/pkgs@87eb013 feat: disable PCI busmastering on bridges during boot
• siderolabs/pkgs@30f18c8 chore: remove symlinks and broken binaries
• siderolabs/pkgs@7811e5e chore: set PREEMPT_NONE as recommended for servers
• siderolabs/pkgs@65006ed fix: enable KFD support in kernel
• siderolabs/pkgs@510a3f9 feat: add support for Solarflare SFC9100 and SFC9200 family
• siderolabs/pkgs@4340508 feat: enable CONFIG_SECURITY_PATH and CONFIG_BPF_LSM
• siderolabs/pkgs@0ec4cc3 feat: update Go to 1.22
• siderolabs/pkgs@36c08ae feat: enable PSI (pressure stall information)
• siderolabs/pkgs@0853224 feat: update Linux to 6.6.16
• siderolabs/pkgs@96cc841 chore: bump deps
• siderolabs/pkgs@064fd58 feat: update Linux to 6.6.14, enable XDP
• siderolabs/pkgs@efbbd23 feat: update Linux to 6.6.13
• siderolabs/pkgs@dfb5026 chore: switch to git ref for raspberrypi firmware
• siderolabs/pkgs@4af2d0f feat: update Linux to 6.1.74
• siderolabs/pkgs@2358efe fix: enable FUSION_SPI driver
• siderolabs/pkgs@f376a53 chore: bump dependencies
• siderolabs/pkgs@583e519 feat: add v4l usb video class (webcam) drivers
• siderolabs/pkgs@2d3ca68 feat: enable NBD
• siderolabs/pkgs@f647edd feat: update Linux to 6.1.69
• siderolabs/pkgs@6af1691 feat: enable VFIO also on amd64
• siderolabs/pkgs@d633cd6 feat: enable modules for mlx infiniband
• siderolabs/pkgs@4c59641 fix: zfs module build
• siderolabs/pkgs@e325097 feat: enable nct6683 sensors as module
• siderolabs/pkgs@d6185ec feat: enable IRQ remapping on amd64
• siderolabs/pkgs@814dc60 feat: update containerd to 1.7.11
• siderolabs/pkgs@dd71790 chore: rekres to fix 'failed' build on main
• siderolabs/pkgs@a36dec4 feat: split more device drivers into modules
• siderolabs/pkgs@97270a2 feat: update Linux to 6.1.67
• siderolabs/pkgs@8a73907 feat: update Go to 1.21.5
• siderolabs/pkgs@8f0ffb9 feat: update zfs to v2.2.2

Changes from siderolabs/siderolink

• siderolabs/siderolink@5422b1c chore: quick fixes
• siderolabs/siderolink@9300968 feat: move actual logic into the agent package
• siderolabs/siderolink@8866351 chore: implement WireGuard over GRPC
• siderolabs/siderolink@7909156 chore: bump deps
• siderolabs/siderolink@eb221dd chore: bump deps

Changes from siderolabs/tools

• siderolabs/tools@10b2a69 feat: update go to 1.22.2
• siderolabs/tools@71eba29 fix: xz vulnerability
• siderolabs/tools@7e1b2d8 chore: update toolchain
• siderolabs/tools@901b4fc chore: bump deps
• siderolabs/tools@dfee984 chore: bump systemd
• siderolabs/tools@cb5fd56 chore: update xz to 5.6.1
• siderolabs/tools@14bf457 fix: use musl 1.2.4 in tools, revert kmod back to 32
• siderolabs/tools@6c1f73d fix: revert kmod to version 31
• siderolabs/tools@59fd552 feat: update releases
• siderolabs/tools@eff5d16 feat: update Go to 1.22.1
• siderolabs/tools@b6b4d9e feat: update Go to 1.22
• siderolabs/tools@f4b41d1 fix: rust toolchain
• siderolabs/tools@8cc79e6 feat: update dependencies
• siderolabs/tools@c7076eb chore: bump dependencies
• siderolabs/tools@a80a2aa feat: update Go to 1.21.6
• siderolabs/tools@b677a2b feat: add rust build stage
• siderolabs/tools@1659d82 feat: update Go to 1.21.5

Dependency Changes

• github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0 -> v1.11.1
• github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 -> v1.5.1
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.0.0 -> v1.1.0
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 -> v1.1.0
• github.com/alexflint/go-filemutex v1.3.0 new
• github.com/aws/aws-sdk-go-v2/config v1.25.6 -> v1.27.10
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.5 -> v1.16.1
• github.com/aws/aws-sdk-go-v2/service/kms v1.30.1 new
• github.com/aws/smithy-go v1.17.0 -> v1.20.2
• github.com/beevik/ntp v1.3.0 -> v1.3.1
• github.com/cenkalti/backoff/v4 v4.2.1 -> v4.3.0
• github.com/containerd/cgroups/v3 v3.0.2 -> v3.0.3
• github.com/containerd/containerd v1.7.9 -> v1.7.14
• github.com/containernetworking/plugins v1.3.0 -> v1.4.1
• github.com/coredns/coredns v1.11.2 new
• github.com/cosi-project/runtime v0.3.19 -> v0.4.1
• github.com/distribution/reference v0.5.0 -> v0.6.0
• github.com/docker/docker v24.0.7 -> v26.0.0
• github.com/docker/go-connections v0.4.0 -> v0.5.0
• github.com/foxboron/go-uefi 18b9ba9cd4c3 -> 48be911532c2
• github.com/gdamore/tcell/v2 v2.6.0 -> v2.7.4
• github.com/google/go-containerregistry v0.16.1 -> v0.19.1
• github.com/google/go-tpm v0.9.0 -> ee6cbcd136f8
• github.com/google/nftables v0.1.0 -> v0.2.0
• github.com/google/uuid v1.4.0 -> v1.6.0
• github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0 new
• github.com/hetznercloud/hcloud-go/v2 v2.4.0 -> v2.7.0
• github.com/insomniacslk/dhcp b0416c0f187a -> c728f5dd21c8
• github.com/jeromer/syslogparser v1.1.0 new
• github.com/jsimonetti/rtnetlink v1.4.0 -> v1.4.1
• github.com/klauspost/cpuid/v2 v2.2.7 new
• github.com/linode/go-metadata v0.2.0 new
• github.com/mdlayher/kobject 19ca17470d7d new
• github.com/miekg/dns v1.1.58 new
• github.com/opencontainers/image-spec v1.1.0-rc4 -> v1.1.0
• github.com/opencontainers/runtime-spec v1.1.0-rc.1 -> v1.2.0
• github.com/packethost/packngo v0.30.0 -> v0.31.0
• github.com/pmorjan/kmod v1.1.0 -> v1.1.1
• github.com/prometheus/procfs v0.12.0 -> v0.13.0
• github.com/rivo/tview 33a1d271f2b6 -> a22293bda944
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.21 -> v1.0.0-beta.25
• github.com/siderolabs/crypto v0.4.1 -> v0.4.4
• github.com/siderolabs/discovery-api v0.1.3 -> v0.1.4
• github.com/siderolabs/discovery-client v0.1.5 -> v0.1.8
• github.com/siderolabs/extras v1.6.0-1-g113887a -> v1.7.0-1-gbb76755
• github.com/siderolabs/gen v0.4.7 -> v0.4.8
• github.com/siderolabs/go-api-signature v0.3.2 new
• github.com/siderolabs/go-blockdevice/v2 a5481f5272f2 new
• github.com/siderolabs/go-copy v0.1.0 new
• github.com/siderolabs/go-debug v0.2.3 -> v0.3.0
• github.com/siderolabs/go-kmsg v0.1.3 -> v0.1.4
• github.com/siderolabs/go-kubernetes v0.2.8 -> v0.2.9
• github.com/siderolabs/go-loadbalancer v0.3.2 -> v0.3.3
• github.com/siderolabs/go-talos-support v0.1.0 new
• github.com/siderolabs/pkgs v1.6.0-5-g3ae2450 -> v1.7.0-2-g6101299
• github.com/siderolabs/siderolink v0.3.4 -> v0.3.5
• github.com/siderolabs/talos/pkg/machinery v1.6.0 -> v1.7.0-beta.0
• github.com/siderolabs/tools v1.6.0-1-g336d248 -> v1.7.0-1-g10b2a69
• github.com/stretchr/testify v1.8.4 -> v1.9.0
• github.com/u-root/u-root v0.11.0 -> v0.14.0
• github.com/ulikunitz/xz v0.5.11 -> v0.5.12
• go.etcd.io/etcd/api/v3 v3.5.11 -> v3.5.13
• go.etcd.io/etcd/client/pkg/v3 v3.5.11 -> v3.5.13
• go.etcd.io/etcd/client/v3 v3.5.11 -> v3.5.13
• go.etcd.io/etcd/etcdutl/v3 v3.5.11 -> v3.5.13
• go.uber.org/zap v1.26.0 -> v1.27.0
• go4.org/netipx 6213f710f925 -> fdeea329fbba
• golang.org/x/net v0.19.0 -> v0.23.0
• golang.org/x/oauth2 v0.15.0 -> v0.18.0
• golang.org/x/sync v0.5.0 -> v0.6.0
• golang.org/x/sys v0.15.0 -> v0.18.0
• golang.org/x/term v0.15.0 -> v0.18.0
• google.golang.org/grpc v1.59.0 -> v1.62.1
• google.golang.org/protobuf v1.31.0 -> v1.33.0
• k8s.io/api v0.29.0 -> v0.30.0-rc.1
• k8s.io/apimachinery v0.29.0 -> v0.30.0-rc.1
• k8s.io/apiserver v0.29.0 -> v0.30.0-rc.1
• k8s.io/client-go v0.29.0 -> v0.30.0-rc.1
• k8s.io/component-base v0.29.0 -> v0.30.0-rc.1
• k8s.io/cri-api v0.29.0 -> v0.30.0-rc.1
• k8s.io/klog/v2 v2.110.1 -> v2.120.1
• k8s.io/kube-scheduler v0.29.0 -> v0.30.0-rc.1
• k8s.io/kubectl v0.29.0 -> v0.30.0-rc.1
• k8s.io/kubelet v0.29.0 -> v0.30.0-rc.1
• k8s.io/pod-security-admission v0.30.0-rc.1 new

Previous release can be found at v1.6.0

Images

ghcr.io/siderolabs/flannel:v0.24.4
ghcr.io/siderolabs/install-cni:v1.7.0-1-gbb76755
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.13
registry.k8s.io/kube-apiserver:v1.30.0-rc.1
registry.k8s.io/kube-controller-manager:v1.30.0-rc.1
registry.k8s.io/kube-scheduler:v1.30.0-rc.1
registry.k8s.io/kube-proxy:v1.30.0-rc.1
ghcr.io/siderolabs/kubelet:v1.30.0-rc.1
ghcr.io/siderolabs/installer:v1.7.0-beta.0
registry.k8s.io/pause:3.8

Talos 1.6.7 (2024-03-20)

Welcome to the v1.6.7 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

• Linux: 6.1.82
• Kubernetes: 1.29.3

Talos is built with Go 1.21.8.

Contributors

• Andrey Smirnov
• Utku Ozdemir
• Noel Georgi

Changes

• siderolabs/talos@46c8ac102 release(v1.6.7): prepare release
• siderolabs/talos@9ef06f60f fix: service lifecycle issues
• siderolabs/talos@2c9159977 fix: patch correctly config in talosctl upgrade-k8s
• siderolabs/talos@16691dfd5 fix: remove maintenance config when maintenance service is shut down
• siderolabs/talos@5cbbbfa68 fix: fix nil panic on maintenance upgrade with partial config
• siderolabs/talos@3c942fe9d fix: etcd config validation for worker
• siderolabs/talos@a5920a157 feat: update Kubernetes to 1.29.3, Linux to 6.1.82

Changes from siderolabs/pkgs

• siderolabs/pkgs@df44f94 feat: update dependencies for Talos 1.6.7

Dependency Changes

• github.com/siderolabs/pkgs v1.6.0-26-g2961472 -> v1.6.0-27-gdf44f94
• github.com/siderolabs/talos/pkg/machinery v1.6.6 -> v1.6.7
• google.golang.org/protobuf v1.31.0 -> v1.33.0
• k8s.io/api v0.29.2 -> v0.29.3
• k8s.io/apimachinery v0.29.2 -> v0.29.3
• k8s.io/apiserver v0.29.2 -> v0.29.3
• k8s.io/client-go v0.29.2 -> v0.29.3
• k8s.io/component-base v0.29.2 -> v0.29.3
• k8s.io/cri-api v0.29.2 -> v0.29.3
• k8s.io/kube-scheduler v0.29.2 -> v0.29.3
• k8s.io/kubectl v0.29.2 -> v0.29.3
• k8s.io/kubelet v0.29.2 -> v0.29.3
• k8s.io/pod-security-admission v0.29.2 -> v0.29.3

Previous release can be found at v1.6.6

Images

ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0-2-g9234398
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.11
registry.k8s.io/kube-apiserver:v1.29.3
registry.k8s.io/kube-controller-manager:v1.29.3
registry.k8s.io/kube-scheduler:v1.29.3
registry.k8s.io/kube-proxy:v1.29.3
ghcr.io/siderolabs/kubelet:v1.29.3
ghcr.io/siderolabs/installer:v1.6.7
registry.k8s.io/pause:3.8

Talos 1.7.0-alpha.1 (2024-03-14)

Welcome to the v1.7.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Device Selectors

Talos Linux now supports physical: true qualifier for device selectors, it selects non-virtual network interfaces (i.e. en0 is selected, while bond0 is not).

DNS Caching

Talos Linux now provides a caching DNS resolver for host workloads (including host networking pods). It can be disabled with:

machine:
   features:
       localDNS: false

Extension Services Config

Talos now supports supplying configuration files and environment variables for extension services.
The extension service configuration is a separate config document. An example is shown below:

---
apiVersion: v1alpha1
kind: ExtensionServiceConfig
name: nut-client
configFiles:
  - content: MONITOR ${upsmonHost} 1 remote pass password
    mountPath: /usr/local/etc/nut/upsmon.conf
environment:
  - UPS_NAME=ups

For documentation, see Extension Services Config Files.

Note: The use of environmentFile in extension service spec is now deprecated and will be removed in a future release of Talos.
Use ExtensionServiceConfig instead.

Kubernetes Upgrade

The command talosctl upgrade-k8s now supports specifying custom image references for Kubernetes components via --*-image flags.
The default behavior is unchanged, and the flags are optional.

KubeSpan

Talos Linux disables by default a KubeSpan feature to harvest additional endpoints from KubeSpan members.
This feature turned out to be less helpful than expected and caused unnecessary performance issues.

Previous behavior can be restored with:

machine:
  network:
    kubespan:
        harvestExtraEndpoints: true

NTP

Default NTP server was updated to be time.cloudflare.com instead of pool.ntp.org.
Default server is only used if the user does not specify any NTP servers in the configuration.

OpenNebula

Talos Linux now supports OpenNebula platform.

Known Problems

DRBD extension is disabled in this release due to incompatibility with the latest Linux kernel.

Kubernetes API Server Service Account Key

Talos Linux starting from this release uses RSA key for Kubernetes API Server Service Account instead of ECDSA key to provide better compatibility with external OpenID Connect implementations.

SBC

Talos core will drop support for SBC's and will not include the SBC binaries in the release.
Overlays are being developed to support SBC's.

Secure Boot Image

Talos Linux now provides a way to configure systemd-boot ISO 'secure-boot-enroll' option while generating a SecureBoot ISO image:

output:
    kind: iso
    isoOptions:
        sdBootEnrollKeys: force # default is still if-safe
    outFormat: raw

Syslog

Talos Linux now starts a basic syslog receiver listening on /dev/log.
The receiver can mostly parse both RFC3164 and RFC5424 messages and writes them as JSON formatted message.
The logs can be viewed via talosctl logs syslogd.

This is mostly implemented for extension services that log to syslog.

Component Updates

Linux: 6.6.21
etcd: 3.5.11
Kubernetes: 1.30.0-beta.0
containerd: 1.7.14
runc: 1.1.12
Flannel: 0.24.1

Talos is built with Go 1.22.1.

Contributors

• Andrey Smirnov
• Noel Georgi
• Dmitriy Matrenichev
• Utku Ozdemir
• Andrey Smirnov
• Artem Chernyshev
• Radosław Piliszek
• Spencer Smith
• Anthony ARNAUD
• Justin Garrison
• Steve Francis
• Anastasios Papagiannis
• Andrei Kvapil
• Andrian Zubovic
• AvnarJakob
• Cas de Reuver
• Christian Mohn
• Christian WALDBILLIG
• Dmitry Sharshakov
• Dmitry Sharshakov
• Drew Hess
• ExtraClock
• Fabiano Fidêncio
• Henno Schooljan
• Hervé Werner
• JJGadgets
• Jacob McSwain
• Jonomir
• Kai Hanssen
• Louis SCHNEIDER
• Matthieu S
• Michael Stephenson
• Nico Berlee
• Pip Oomen
• Saiyam Pathak
• Sebastiaan Gerritsen
• Sebastian Gaiser
• Serge Logvinov
• Tim Jones
• bri
• ebcrypto
• edwinavalos
• fazledyn-or
• james-dreebot
• pardomue
• shurkys
• stereobutter

Changes

• siderolabs/talos@3ba180d07 release(v1.7.0-alpha.1): prepare release
• siderolabs/talos@403ad93c3 feat: update dependencies
• siderolabs/talos@7376f34e8 fix: remove maintenance config when maintenance service is shut down
• siderolabs/talos@952801d8b fix: handle overlay partition options
• siderolabs/talos@465b9a4e6 fix: update discovery client with the fix for keepalive interval
• siderolabs/talos@1e9f866ac feat: update Kubernetes to v1.30.0-beta.0
• siderolabs/talos@d118a852b feat: implement Install for imager overlays
• siderolabs/talos@cd5a5a447 chore: migrate to go-grpc-middleware/v2
• siderolabs/talos@e3c2a6398 feat: set default NTP server to time.cloudflare.com
• siderolabs/talos@32e087760 chore: print all available logs containers in logs command completions
• siderolabs/talos@e89d755c5 fix: etcd config validation for worker
• siderolabs/talos@1aa3c9182 docs: add DreeBot to ADOPTERS.md
• siderolabs/talos@1bb6027cc fix: fix nil panic on maintenance upgrade with partial config
• siderolabs/talos@aa70bfb9d docs: add Redpill Linpro to adopters list
• siderolabs/talos@f02aeec92 fix: do not fail cluster create when input dir does not contain talosconfig
• siderolabs/talos@1ec6683e0 chore: use go-copy
• siderolabs/talos@3c8f51d70 chore: move cli formatters and version modules to machinery
• siderolabs/talos@8152a6dd6 feat: update Go to 1.22.1
• siderolabs/talos@8c7953991 docs: update replicated-local-storage-with-openebs-jiva.md
• siderolabs/talos@f23bd8144 fix: syslog parser
• siderolabs/talos@bbed07e03 feat: update Linux to 6.6.18
• siderolabs/talos@8125e754b feat: imager overlay
• siderolabs/talos@0b9b4da12 feat: update Kubernetes to 1.30.0-alpha.3
• siderolabs/talos@3a764029e docs: fix typo in word governor
• siderolabs/talos@d81d49000 chore: update CoreDNS renovate source
• siderolabs/talos@b2ad5dc5f fix: workaround a race in CNI setup (talosctl cluster create)
• siderolabs/talos@457507803 fix: provide auth when pulling images in the imager
• siderolabs/talos@e707175ab docs: update config patch in cilium docs
• siderolabs/talos@f8c556a1c chore: listen for dns requests on 127.0.0.53
• siderolabs/talos@8872a7a21 fix: ignore 'no such device' in addition to 'no such file'
• siderolabs/talos@1cb544353 chore: uki der certs in iso
• siderolabs/talos@67ac6933d fix: handle errors to watch apid/trustd certs
• siderolabs/talos@c79d69c2e fix: only set gateway if set in context (opennebula)
• siderolabs/talos@4575dd8e7 chore: allow not preallocated disks for QEMU cluster
• siderolabs/talos@0bddfea81 chore: add oceanbox.io to adopters
• siderolabs/talos@136427592 chore: use proper talos_version_contract for TF tests
• siderolabs/talos@6bf50fdc1 chore: disable x/net/trace in gRPC to enable dead code elimination
• siderolabs/talos@815a8e9cc feat: add partial config support to talosctl cluster create
• siderolabs/talos@64e9703f8 chore: add tests for the Kata Containers extension
• siderolabs/talos@9b6291925 feat: update pkgs
• siderolabs/talos@66f3ffdd4 fix: ensure that Talos runs in a pod (container)
• siderolabs/talos@9dbc33972 feat: add basic syslog implementation
• siderolabs/talos@0b7a27e6a feat: allow access to all resources over siderolink in maintenance mode
• siderolabs/talos@53721883d feat: support AWS KMS for the SecureBoot signing
• siderolabs/talos@7ee999f8a fix: disable KubeSpan endpoint harvesting by default
• siderolabs/talos@7b87c7fe9 chore: bump Go dependencies
• siderolabs/talos@8e9596d3c docs: rpi talosctl install update
• siderolabs/talos@493bb60f8 fix: correctly handle partial configs in DNSUpstreamController
• siderolabs/talos@6deb10ae2 chore: deprecate environmentFile for extensions
• siderolabs/talos@f8b4ee82a chore: update extensions test
• siderolabs/talos@1366ce14a feat: update Kubernetes to v1.30.0-alpha.2
• siderolabs/talos@559308ef7 fix: use MachineStatus resource to check for boot done
• siderolabs/talos@15e8bca2b feat: support environment in ExtensionServicesConfig
• siderolabs/talos@3fe82ec46 feat: custom image settings for k8s upgrade
• siderolabs/talos@fa3b93370 chore: replace fmt.Errorf with errors.New where possible
• siderolabs/talos@d4521ee9c feat: update kernel with sfc driver and LSM updates
• siderolabs/talos@2f0421b40 fix: run xfs_repair on invalid argument error
• siderolabs/talos@f868fb8e8 docs: update vmware tools url
• siderolabs/talos@fa2d34dd8 chore: enable v6 support on the same port
• siderolabs/talos@83e0b0c19 chore: adjust dns sockets settings
• siderolabs/talos@a1ec1705b chore: update Go to 1.22.0
• siderolabs/talos@76b50fcd4 chore: add Ænix to the Adopters list
• siderolabs/talos@5324d3916 chore: bump stuff
• siderolabs/talos@087b50f42 feat: support systemd-boot ISO enroll keys option
• siderolabs/talos@afa71d6b0 chore: use "handle-like" resource in DNSResolveCacheController
• siderolabs/talos@013e13070 fix: error with decoding config document with wrong apiVersion
• siderolabs/talos@1e77bb1c3 chore: allow custom pkgs to build talos
• siderolabs/talos@3f8a85f1b fix: unlock the upgrade mutex properly
• siderolabs/talos@61c3331b1 docs: update indentation in vip.md
• siderolabs/talos@383e528df chore: allow uuid-based hostnames in talosctl cluster create
• siderolabs/talos@1e6c8c4de feat: extensions services config
• siderolabs/talos@989ca3ade feat: add OpenNebula platform support
• siderolabs/talos@914f88778 docs: update nocloud.md Proxmox information
• siderolabs/talos@a04cc8015 fix: pass TTL when generating client certificate
• siderolabs/talos@3fe8c12ca fix: add log line about controller runtime failing
• siderolabs/talos@ddbabc7e5 fix: use a separate cgroup for each extension service
• siderolabs/talos@6ccdd2c09 chore: fix markdown-lint call
• siderolabs/talos@4184e617a chore: add test for wasmedge runtime extension
• siderolabs/talos@95ea3a6c6 chore: bump timeout in acquire tests
• siderolabs/talos@c19a505d8 chore: bump docker dind image
• siderolabs/talos@d7d4154d5 chore: remove channel blocking in qemu launch
• siderolabs/talos@029d7f7b9 release(v1.7.0-alpha.0): prepare release
• siderolabs/talos@2ff81c06b feat: update runc 1.1.12, containerd 1.7.13
• siderolabs/talos@9d8cd4d05 chore: drop deprecated method EtcdRemoveMember
• siderolabs/talos@17567f19b fix: take into account the moment seen when cleaning up CRI images
• siderolabs/talos@aa03204b8 docs: document the process of building custom kernel packages
• siderolabs/talos@7af48bd55 feat: use RSA key for kube-apiserver service account key
• siderolabs/talos@a5e13c696 fix: retry blockdevice open in the installer
• siderolabs/talos@593afeea3 fix: run the interactive installer loop to report errors
• siderolabs/talos@87be76b87 fix: be more tolerant to error handling in Mounts API
• siderolabs/talos@03add7503 docs: add section on using imager with extensions from tarball
• siderolabs/talos@ee0fb5eff docs: consolidate certificate management articles
• siderolabs/talos@9c14dea20 chore: bump coredns
• siderolabs/talos@ebeef2852 feat: implement local caching dns server
• siderolabs/talos@4a3691a27 docs: fix broken links in metal-network-configuration.md
• siderolabs/talos@c4ed189a6 docs: provide sane defaults for each release series in vmware script
• siderolabs/talos@8138d54c6 docs: clarify node taints/labels for worker nodes
• siderolabs/talos@b44551ccd feat: update Linux to 6.6.13
• siderolabs/talos@385707c5f docs: update vmware.sh
• siderolabs/talos@d1a79b845 docs: fix small typo in etcd maintenance guide
• siderolabs/talos@cf0603330 docs: copy generated JSON schema to host
• siderolabs/talos@f11139c22 docs: document local path provisioner install
• siderolabs/talos@e0dfbb8fb fix: allow META encoded values to be compressed
• siderolabs/talos@d677901b6 feat: implement device selector for 'physical'
• siderolabs/talos@7d1117289 docs: add missing talosconfig flag
• siderolabs/talos@8a1732bcb fix: pull in mptspi driver
• siderolabs/talos@c1e45071f refactor: use etcd configuration from the EtcdSpec resource
• siderolabs/talos@4e9b688d3 fix: use correct TTL for talosconfig in talosctl config new
• siderolabs/talos@fb5ad0555 feat: update Kubernetes default to 1.29.1
• siderolabs/talos@fe24139f3 docs: fork docs for v1.7
• siderolabs/talos@1c2d10ccc chore: bump dependencies
• siderolabs/talos@a599e3867 chore: allow custom registry to build installer/imager
• siderolabs/talos@3911ddf7b docs: add how-to for cert management
• siderolabs/talos@b0ee0bfba fix: strategic patch merging for audit policy
• siderolabs/talos@474eccdc4 fix: watch bufer overrun for RouteStatus
• siderolabs/talos@cc06b5d7a fix: fix .der output in talosctl gen secureboot
• siderolabs/talos@1dbb4abf4 fix: update discovery service client to v0.1.6
• siderolabs/talos@9782319c3 fix: support KubePrism settings in Kubernetes Discovery
• siderolabs/talos@6c5a0c281 feat: generate a single JSON schema for multidoc config
• siderolabs/talos@f70b47ddd fix: force KubePrism to connect using IPv4
• siderolabs/talos@d5321e085 fix: update kmsg with utf-8 fix
• siderolabs/talos@7fa7362dd fix: fix nodes on dashboard footer when node names are used in --nodes
• siderolabs/talos@ba88678f1 fix: merge ports and ingress configs correctly in NetworkRuleConfig
• siderolabs/talos@dea9bda2d fix: disk UUID & WWID always empty in talosctl disks
• siderolabs/talos@8dc112f36 chore: pull in NBD modules
• siderolabs/talos@f6926faab fix: default priority for ipv6
• siderolabs/talos@e8758dcba chore: support http downloads for assets in talosctl cluster create
• siderolabs/talos@265f21be0 fix: replace the filemap implementation to not buffer in memory
• siderolabs/talos@8db3c5b3c fix: pick correctly base installer image layers
• siderolabs/talos@0a30ef784 fix: imager should support different Talos versions
• siderolabs/talos@d6342cda5 docs: update latest version to v1.6.1
• siderolabs/talos@e6e422b92 chore: bump dependencies
• siderolabs/talos@5a19d078a fix: properly overwrite files on install
• siderolabs/talos@9eb6cea78 docs: secureboot sd-boot menu clarification
• siderolabs/talos@01f0cbe61 feat: support iPXE direct booting in talosctl cluster create
• siderolabs/talos@3ba84701d feat: pull in kernel modules for mlx Infiniband and VFIO
• siderolabs/talos@ba993e0ed docs: announce that SecureBoot is available
• siderolabs/talos@241bc9312 fix: update the way secureboot signer fetches certificate (azure)
• siderolabs/talos@59b62398f chore: modernize machined/pkg/controllers/k8s
• siderolabs/talos@760f793d5 fix: use correct prefix when installing SBC files
• siderolabs/talos@0b94550c4 chore: fix the gvisor test
• siderolabs/talos@3a787c1d6 docs: update 1.6 docs with Noel's feedback
• siderolabs/talos@d803e40ef docs: provide documentation for Talos 1.6
• siderolabs/talos@9a185a30f feat: update Kubernetes to v1.29.0
• siderolabs/talos@5934815d2 chore: split more kernel modules on amd64
• siderolabs/talos@10c59a6b9 fix: leave discovery service later in the reset sequence
• siderolabs/talos@0c86ca1cc chore: enable kubespan+firewall for cilium tests
• siderolabs/talos@98fd722d5 feat: provide compatibility for future Talos 1.7
• siderolabs/talos@131a1b167 fix: add a KubeSpan option to disable extra endpoint harvesting
• siderolabs/talos@4547ad9af feat: send actor id to the SideroLink events sink
• siderolabs/talos@04e774547 docs: cap max heading level
• siderolabs/talos@6bb1e99aa chore: optimize pcap dump
• siderolabs/talos@4f9d3b975 feat: update Kubernetes to v1.29.0-rc.2
• siderolabs/talos@46121c9fe docs: rework machine config documentation generation
• siderolabs/talos@e128d3c82 fix: talosctl cluster create not to enforce kubeprism always
• siderolabs/talos@320064c5a feat: update Go 1.21.5, Linux 6.1.65, etcd 3.5.11
• siderolabs/talos@270604bea fix: support user disks via symlinks
• siderolabs/talos@4f195dd27 chore: fix the release.toml
• siderolabs/talos@474fa0480 fix: store and execute desired action on emergency action
• siderolabs/talos@515ae2a18 docs: extend hetzner-cloud docs for arm64
• siderolabs/talos@eecc4dbd5 fix: trim leading spaces\newlines in inline manifest contents
• siderolabs/talos@dbf274ddf fix: skip writing the file if the contents haven't changed
• siderolabs/talos@6329222bd fix: do not panic in merge.Merge if map value is nil

Changes since v1.7.0-alpha.0

• siderolabs/talos@3ba180d07 release(v1.7.0-alpha.1): prepare release
• siderolabs/talos@403ad93c3 feat: update dependencies
• siderolabs/talos@7376f34e8 fix: remove maintenance config when maintenance service is shut down
• siderolabs/talos@952801d8b fix: handle overlay partition options
• siderolabs/talos@465b9a4e6 fix: update discovery client with the fix for keepalive interval
• siderolabs/talos@1e9f866ac feat: update Kubernetes to v1.30.0-beta.0
• siderolabs/talos@d118a852b feat: implement Install for imager overlays
• siderolabs/talos@cd5a5a447 chore: migrate to go-grpc-middleware/v2
• siderolabs/talos@e3c2a6398 feat: set default NTP server to time.cloudflare.com
• siderolabs/talos@32e087760 chore: print all available logs containers in logs command completions
• siderolabs/talos@e89d755c5 fix: etcd config validation for worker
• siderolabs/talos@1aa3c9182 docs: add DreeBot to ADOPTERS.md
• siderolabs/talos@1bb6027cc fix: fix nil panic on maintenance upgrade with partial config
• siderolabs/talos@aa70bfb9d docs: add Redpill Linpro to adopters list
• siderolabs/talos@f02aeec92 fix: do not fail cluster create when input dir does not contain talosconfig
• siderolabs/talos@1ec6683e0 chore: use go-copy
• siderolabs/talos@3c8f51d70 chore: move cli formatters and version modules to machinery
• siderolabs/talos@8152a6dd6 feat: update Go to 1.22.1
• siderolabs/talos@8c7953991 docs: update replicated-local-storage-with-openebs-jiva.md
• siderolabs/talos@f23bd8144 fix: syslog parser
• siderolabs/talos@bbed07e03 feat: update Linux to 6.6.18
• siderolabs/talos@8125e754b feat: imager overlay
• siderolabs/talos@0b9b4da12 feat: update Kubernetes to 1.30.0-alpha.3
• siderolabs/talos@3a764029e docs: fix typo in word governor
• siderolabs/talos@d81d49000 chore: update CoreDNS renovate source
• siderolabs/talos@b2ad5dc5f fix: workaround a race in CNI setup (talosctl cluster create)
• siderolabs/talos@457507803 fix: provide auth when pulling images in the imager
• siderolabs/talos@e707175ab docs: update config patch in cilium docs
• siderolabs/talos@f8c556a1c chore: listen for dns requests on 127.0.0.53
• siderolabs/talos@8872a7a21 fix: ignore 'no such device' in addition to 'no such file'
• siderolabs/talos@1cb544353 chore: uki der certs in iso
• siderolabs/talos@67ac6933d fix: handle errors to watch apid/trustd certs
• siderolabs/talos@c79d69c2e fix: only set gateway if set in context (opennebula)
• siderolabs/talos@4575dd8e7 chore: allow not preallocated disks for QEMU cluster
• siderolabs/talos@0bddfea81 chore: add oceanbox.io to adopters
• siderolabs/talos@136427592 chore: use proper talos_version_contract for TF tests
• siderolabs/talos@6bf50fdc1 chore: disable x/net/trace in gRPC to enable dead code elimination
• siderolabs/talos@815a8e9cc feat: add partial config support to talosctl cluster create
• siderolabs/talos@64e9703f8 chore: add tests for the Kata Containers extension
• siderolabs/talos@9b6291925 feat: update pkgs
• siderolabs/talos@66f3ffdd4 fix: ensure that Talos runs in a pod (container)
• siderolabs/talos@9dbc33972 feat: add basic syslog implementation
• siderolabs/talos@0b7a27e6a feat: allow access to all resources over siderolink in maintenance mode
• siderolabs/talos@53721883d feat: support AWS KMS for the SecureBoot signing
• siderolabs/talos@7ee999f8a fix: disable KubeSpan endpoint harvesting by default
• siderolabs/talos@7b87c7fe9 chore: bump Go dependencies
• siderolabs/talos@8e9596d3c docs: rpi talosctl install update
• siderolabs/talos@493bb60f8 fix: correctly handle partial configs in DNSUpstreamController
• siderolabs/talos@6deb10ae2 chore: deprecate environmentFile for extensions
• siderolabs/talos@f8b4ee82a chore: update extensions test
• siderolabs/talos@1366ce14a feat: update Kubernetes to v1.30.0-alpha.2
• siderolabs/talos@559308ef7 fix: use MachineStatus resource to check for boot done
• siderolabs/talos@15e8bca2b feat: support environment in ExtensionServicesConfig
• siderolabs/talos@3fe82ec46 feat: custom image settings for k8s upgrade
• siderolabs/talos@fa3b93370 chore: replace fmt.Errorf with errors.New where possible
• siderolabs/talos@d4521ee9c feat: update kernel with sfc driver and LSM updates
• siderolabs/talos@2f0421b40 fix: run xfs_repair on invalid argument error
• siderolabs/talos@f868fb8e8 docs: update vmware tools url
• siderolabs/talos@fa2d34dd8 chore: enable v6 support on the same port
• siderolabs/talos@83e0b0c19 chore: adjust dns sockets settings
• siderolabs/talos@a1ec1705b chore: update Go to 1.22.0
• siderolabs/talos@76b50fcd4 chore: add Ænix to the Adopters list
• siderolabs/talos@5324d3916 chore: bump stuff
• siderolabs/talos@087b50f42 feat: support systemd-boot ISO enroll keys option
• siderolabs/talos@afa71d6b0 chore: use "handle-like" resource in DNSResolveCacheController
• siderolabs/talos@013e13070 fix: error with decoding config document with wrong apiVersion
• siderolabs/talos@1e77bb1c3 chore: allow custom pkgs to build talos
• siderolabs/talos@3f8a85f1b fix: unlock the upgrade mutex properly
• siderolabs/talos@61c3331b1 docs: update indentation in vip.md
• siderolabs/talos@383e528df chore: allow uuid-based hostnames in talosctl cluster create
• siderolabs/talos@1e6c8c4de feat: extensions services config
• siderolabs/talos@989ca3ade feat: add OpenNebula platform support
• siderolabs/talos@914f88778 docs: update nocloud.md Proxmox information
• siderolabs/talos@a04cc8015 fix: pass TTL when generating client certificate
• siderolabs/talos@3fe8c12ca fix: add log line about controller runtime failing
• siderolabs/talos@ddbabc7e5 fix: use a separate cgroup for each extension service
• siderolabs/talos@6ccdd2c09 chore: fix markdown-lint call
• siderolabs/talos@4184e617a chore: add test for wasmedge runtime extension
• siderolabs/talos@95ea3a6c6 chore: bump timeout in acquire tests
• siderolabs/talos@c19a505d8 chore: bump docker dind image
• siderolabs/talos@d7d4154d5 chore: remove channel blocking in qemu launch

Changes from siderolabs/crypto

• siderolabs/crypto@1c94bb3 chore: bump dependencies

Changes from siderolabs/discovery-api

• siderolabs/discovery-api@e1dc7bb chore: rekres, update dependencies

Changes from siderolabs/discovery-client

• siderolabs/discovery-client@f4095a1 chore: bump discovery API to v0.1.4
• siderolabs/discovery-client@fbb1cea fix: keepalive interval calculation
• siderolabs/discovery-client@ff8f4be fix: enable gRPC keepalives

Changes from siderolabs/extras

• siderolabs/extras@47bb718 chore: update base pkgs
• siderolabs/extras@60793cd feat: update Go to 1.22.1
• siderolabs/extras@c4934e1 feat: update Go to 1.22
• siderolabs/extras@8909d6f chore: update Go to 1.21.5

Changes from siderolabs/gen

• siderolabs/gen@238baf9 chore: add typesafe SyncMap and bump stuff

Changes from siderolabs/go-api-signature

• siderolabs/go-api-signature@cf2bd06 chore: bump dependencies
• siderolabs/go-api-signature@370cebf fix: always print the login URL on key renew flow
• siderolabs/go-api-signature@d28609a feat: move in the cli grpc interceptor logic, support service account in env
• siderolabs/go-api-signature@4602acc chore: add a dummy workflow
• siderolabs/go-api-signature@cfd21b6 fix: support validating signatures generated with the time in the future
• siderolabs/go-api-signature@74dd3dc chore: bump deps
• siderolabs/go-api-signature@d78bedb chore: bump deps
• siderolabs/go-api-signature@a034e9f feat: replace scopes with roles
• siderolabs/go-api-signature@5b4f3bb chore: run rekres
• siderolabs/go-api-signature@9dba116 chore: remove time.Sleep hack
• siderolabs/go-api-signature@e84e686 chore: bump dependencies
• siderolabs/go-api-signature@8baaf8a chore: bump deps
• siderolabs/go-api-signature@5f27e1e chore: add renovate bot and bump deps
• siderolabs/go-api-signature@69886dc feat: allow custom validations on PGP key
• siderolabs/go-api-signature@63d4da3 fix: limit clock skew for short-lived keys
• siderolabs/go-api-signature@cdb9722 feat: add support for +-5 min clock skew
• siderolabs/go-api-signature@7b80a50 refactor: use options pattern in RegisterPGPPublicKey
• siderolabs/go-api-signature@c647861 feat: add scopes to RegisterPublicKeyRequest
• siderolabs/go-api-signature@5d3647e feat: provide more client PGP functions
• siderolabs/go-api-signature@2b682ec feat: initial version
• siderolabs/go-api-signature@a4c2943 chore: initial commit

Changes from siderolabs/go-copy

• siderolabs/go-copy@aa4ade4 chore: add initial code
• siderolabs/go-copy@52a6d48 chore: go-copy repo

Changes from siderolabs/go-debug

• siderolabs/go-debug@0c2be80 chore: run rekres (update to Go 1.22)

Changes from siderolabs/go-kmsg

• siderolabs/go-kmsg@e358d13 fix: decode escape sequences while reading from kmsg
• siderolabs/go-kmsg@4297bd5 feat: add BSD support

Changes from siderolabs/go-kubernetes

• siderolabs/go-kubernetes@ddd4c69 feat: add support for Kubernetes 1.30

Changes from siderolabs/go-loadbalancer

• siderolabs/go-loadbalancer@aab4671 chore: rekres, update dependencies

Changes from siderolabs/pkgs

• siderolabs/pkgs@8804a60 chore: update dependencies
• siderolabs/pkgs@a587b42 feat: enable most common amd64 watchdog drivers
• siderolabs/pkgs@3aacf03 feat: update releases
• siderolabs/pkgs@e5c0c79 feat: build NVMe target module
• siderolabs/pkgs@cb39126 chore: re-enable zfs pkg
• siderolabs/pkgs@d9c1540 feat: update releases
• siderolabs/pkgs@1904994 feat: enable VRF module
• siderolabs/pkgs@87eb013 feat: disable PCI busmastering on bridges during boot
• siderolabs/pkgs@30f18c8 chore: remove symlinks and broken binaries
• siderolabs/pkgs@7811e5e chore: set PREEMPT_NONE as recommended for servers
• siderolabs/pkgs@65006ed fix: enable KFD support in kernel
• siderolabs/pkgs@510a3f9 feat: add support for Solarflare SFC9100 and SFC9200 family
• siderolabs/pkgs@4340508 feat: enable CONFIG_SECURITY_PATH and CONFIG_BPF_LSM
• siderolabs/pkgs@0ec4cc3 feat: update Go to 1.22
• siderolabs/pkgs@36c08ae feat: enable PSI (pressure stall information)
• siderolabs/pkgs@0853224 feat: update Linux to 6.6.16
• siderolabs/pkgs@96cc841 chore: bump deps
• siderolabs/pkgs@064fd58 feat: update Linux to 6.6.14, enable XDP
• siderolabs/pkgs@efbbd23 feat: update Linux to 6.6.13
• siderolabs/pkgs@dfb5026 chore: switch to git ref for raspberrypi firmware
• siderolabs/pkgs@4af2d0f feat: update Linux to 6.1.74
• siderolabs/pkgs@2358efe fix: enable FUSION_SPI driver
• siderolabs/pkgs@f376a53 chore: bump dependencies
• siderolabs/pkgs@583e519 feat: add v4l usb video class (webcam) drivers
• siderolabs/pkgs@2d3ca68 feat: enable NBD
• siderolabs/pkgs@f647edd feat: update Linux to 6.1.69
• siderolabs/pkgs@6af1691 feat: enable VFIO also on amd64
• siderolabs/pkgs@d633cd6 feat: enable modules for mlx infiniband
• siderolabs/pkgs@4c59641 fix: zfs module build
• siderolabs/pkgs@e325097 feat: enable nct6683 sensors as module
• siderolabs/pkgs@d6185ec feat: enable IRQ remapping on amd64
• siderolabs/pkgs@814dc60 feat: update containerd to 1.7.11
• siderolabs/pkgs@dd71790 chore: rekres to fix 'failed' build on main
• siderolabs/pkgs@a36dec4 feat: split more device drivers into modules
• siderolabs/pkgs@97270a2 feat: update Linux to 6.1.67
• siderolabs/pkgs@8a73907 feat: update Go to 1.21.5
• siderolabs/pkgs@8f0ffb9 feat: update zfs to v2.2.2

Changes from siderolabs/tools

• siderolabs/tools@cb5fd56 chore: update xz to 5.6.1
• siderolabs/tools@14bf457 fix: use musl 1.2.4 in tools, revert kmod back to 32
• siderolabs/tools@6c1f73d fix: revert kmod to version 31
• siderolabs/tools@59fd552 feat: update releases
• siderolabs/tools@eff5d16 feat: update Go to 1.22.1
• siderolabs/tools@b6b4d9e feat: update Go to 1.22
• siderolabs/tools@f4b41d1 fix: rust toolchain
• siderolabs/tools@8cc79e6 feat: update dependencies
• siderolabs/tools@c7076eb chore: bump dependencies
• siderolabs/tools@a80a2aa feat: update Go to 1.21.6
• siderolabs/tools@b677a2b feat: add rust build stage
• siderolabs/tools@1659d82 feat: update Go to 1.21.5

Dependency Changes

• github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0 -> v1.10.0
• github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 -> v1.5.1
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.0.0 -> v1.1.0
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 -> v1.1.0
• github.com/alexflint/go-filemutex v1.3.0 new
• github.com/aws/aws-sdk-go-v2/config v1.25.6 -> v1.27.7
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.5 -> v1.15.3
• github.com/aws/aws-sdk-go-v2/service/kms v1.29.2 new
• github.com/aws/smithy-go v1.17.0 -> v1.20.1
• github.com/beevik/ntp v1.3.0 -> v1.3.1
• github.com/containerd/cgroups/v3 v3.0.2 -> v3.0.3
• github.com/containerd/containerd v1.7.9 -> v1.7.14
• github.com/containernetworking/plugins v1.3.0 -> v1.4.1
• github.com/coredns/coredns v1.11.1 new
• github.com/cosi-project/runtime v0.3.19 -> v0.4.0-alpha.9
• github.com/docker/docker v24.0.7 -> v25.0.4
• github.com/docker/go-connections v0.4.0 -> v0.5.0
• github.com/foxboron/go-uefi 18b9ba9cd4c3 -> 48be911532c2
• github.com/gdamore/tcell/v2 v2.6.0 -> v2.7.4
• github.com/google/go-containerregistry v0.16.1 -> v0.19.0
• github.com/google/go-tpm v0.9.0 -> ee6cbcd136f8
• github.com/google/nftables v0.1.0 -> v0.2.0
• github.com/google/uuid v1.4.0 -> v1.6.0
• github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0 new
• github.com/hetznercloud/hcloud-go/v2 v2.4.0 -> v2.6.0
• github.com/insomniacslk/dhcp b0416c0f187a -> c728f5dd21c8
• github.com/jeromer/syslogparser v1.1.0 new
• github.com/jsimonetti/rtnetlink v1.4.0 -> v1.4.1
• github.com/miekg/dns v1.1.58 new
• github.com/opencontainers/image-spec v1.1.0-rc4 -> v1.1.0
• github.com/opencontainers/runtime-spec v1.1.0-rc.1 -> v1.2.0
• github.com/packethost/packngo v0.30.0 -> v0.31.0
• github.com/pmorjan/kmod v1.1.0 -> v1.1.1
• github.com/prometheus/procfs v0.12.0 -> v0.13.0
• github.com/rivo/tview 33a1d271f2b6 -> e804876934a1
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.21 -> v1.0.0-beta.25
• github.com/siderolabs/crypto v0.4.1 -> v0.4.2
• github.com/siderolabs/discovery-api v0.1.3 -> v0.1.4
• github.com/siderolabs/discovery-client v0.1.5 -> v0.1.8
• github.com/siderolabs/extras v1.6.0-1-g113887a -> v1.7.0-alpha.0-3-g47bb718
• github.com/siderolabs/gen v0.4.7 -> v0.4.8
• github.com/siderolabs/go-api-signature v0.3.2 new
• github.com/siderolabs/go-copy v0.1.0 new
• github.com/siderolabs/go-debug v0.2.3 -> v0.3.0
• github.com/siderolabs/go-kmsg v0.1.3 -> v0.1.4
• github.com/siderolabs/go-kubernetes v0.2.8 -> v0.2.9
• github.com/siderolabs/go-loadbalancer v0.3.2 -> v0.3.3
• github.com/siderolabs/pkgs v1.6.0-5-g3ae2450 -> v1.7.0-alpha.0-35-g8804a60
• github.com/siderolabs/talos/pkg/machinery v1.6.0 -> v1.7.0-alpha.1
• github.com/siderolabs/tools v1.6.0-1-g336d248 -> v1.7.0-alpha.0-11-gcb5fd56
• github.com/stretchr/testify v1.8.4 -> v1.9.0
• github.com/u-root/u-root v0.11.0 -> v0.14.0
• go.etcd.io/etcd/api/v3 v3.5.11 -> v3.5.12
• go.etcd.io/etcd/client/pkg/v3 v3.5.11 -> v3.5.12
• go.etcd.io/etcd/client/v3 v3.5.11 -> v3.5.12
• go.etcd.io/etcd/etcdutl/v3 v3.5.11 -> v3.5.12
• go.uber.org/zap v1.26.0 -> v1.27.0
• go4.org/netipx 6213f710f925 -> fdeea329fbba
• golang.org/x/net v0.19.0 -> v0.22.0
• golang.org/x/oauth2 v0.15.0 -> v0.18.0
• golang.org/x/sync v0.5.0 -> v0.6.0
• golang.org/x/sys v0.15.0 -> v0.18.0
• golang.org/x/term v0.15.0 -> v0.18.0
• google.golang.org/grpc v1.59.0 -> v1.62.1
• google.golang.org/protobuf v1.31.0 -> v1.33.0
• k8s.io/api v0.29.0 -> v0.30.0-beta.0
• k8s.io/apimachinery v0.29.0 -> v0.30.0-beta.0
• k8s.io/apiserver v0.29.0 -> v0.30.0-beta.0
• k8s.io/client-go v0.29.0 -> v0.30.0-beta.0
• k8s.io/component-base v0.29.0 -> v0.30.0-beta.0
• k8s.io/cri-api v0.29.0 -> v0.30.0-beta.0
• k8s.io/klog/v2 v2.110.1 -> v2.120.1
• k8s.io/kube-scheduler v0.29.0 -> v0.30.0-beta.0
• k8s.io/kubectl v0.29.0 -> v0.30.0-beta.0
• k8s.io/kubelet v0.29.0 -> v0.30.0-beta.0
• k8s.io/pod-security-admission v0.30.0-beta.0 new

Previous release can be found at v1.6.0

Images

ghcr.io/siderolabs/flannel:v0.24.1
ghcr.io/siderolabs/install-cni:v1.7.0-alpha.0-3-g47bb718
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.12
registry.k8s.io/kube-apiserver:v1.30.0-beta.0
registry.k8s.io/kube-controller-manager:v1.30.0-beta.0
registry.k8s.io/kube-scheduler:v1.30.0-beta.0
registry.k8s.io/kube-proxy:v1.30.0-beta.0
ghcr.io/siderolabs/kubelet:v1.30.0-beta.0
ghcr.io/siderolabs/installer:v1.7.0-alpha.1
registry.k8s.io/pause:3.8

Talos 1.6.6 (2024-03-06)

Welcome to the v1.6.6 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

• Linux: 6.1.80

Talos is built with Go 1.21.8.

Contributors

• Andrey Smirnov

Changes

• siderolabs/talos@7dceba060 release(v1.6.6): prepare release
• siderolabs/talos@e4f712689 fix: workaround a race in CNI setup (talosctl cluster create)
• siderolabs/talos@38b5aed50 fix: provide auth when pulling images in the imager
• siderolabs/talos@4af77b5fd fix: handle errors to watch apid/trustd certs
• siderolabs/talos@2df2586f9 feat: update Linux to 6.1.80, Go to 1.21.8

Changes from siderolabs/extras

• siderolabs/extras@9234398 chore: update Go to 1.21.8

Changes from siderolabs/pkgs

• siderolabs/pkgs@2961472 feat: update Linux to 6.1.80, firmware to 20240220

Changes from siderolabs/tools

• siderolabs/tools@ae30965 feat: update Go to 1.21.8

Dependency Changes

• github.com/alexflint/go-filemutex v1.2.0 new
• github.com/siderolabs/extras v1.6.0-1-g113887a -> v1.6.0-2-g9234398
• github.com/siderolabs/pkgs v1.6.0-25-g6868f38 -> v1.6.0-26-g2961472
• github.com/siderolabs/talos/pkg/machinery v1.6.5 -> v1.6.6
• github.com/siderolabs/tools v1.6.0-2-g5e034ec -> v1.6.0-3-gae30965

Previous release can be found at v1.6.5

Images

ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0-2-g9234398
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.11
registry.k8s.io/kube-apiserver:v1.29.2
registry.k8s.io/kube-controller-manager:v1.29.2
registry.k8s.io/kube-scheduler:v1.29.2
registry.k8s.io/kube-proxy:v1.29.2
ghcr.io/siderolabs/kubelet:v1.29.2
ghcr.io/siderolabs/installer:v1.6.6
registry.k8s.io/pause:3.8

Talos 1.6.5 (2024-02-22)

Welcome to the v1.6.5 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Kubernetes Upgrade

The command talosctl upgrade-k8s now supports specifying custom image references for Kubernetes components via --*-image flags.
The default behavior is unchanged, and the flags are optional.

Component Updates

Kubernetes: 1.29.2
Linux: 6.1.78

Talos is built with Go 1.21.6.

Contributors

• Andrey Smirnov
• Noel Georgi
• Anastasios Papagiannis
• Andrian Zubovic
• Matthieu S
• Utku Ozdemir
• pardomue

Changes

• siderolabs/talos@22803bc5d release(v1.6.5): prepare release
• siderolabs/talos@e5c198a32 feat: update pkgs
• siderolabs/talos@54c60ddfb feat: allow access to all resources over siderolink in maintenance mode
• siderolabs/talos@c7f5ff73e fix: use MachineStatus resource to check for boot done
• siderolabs/talos@7d1378240 feat: support AWS KMS for the SecureBoot signing
• siderolabs/talos@c6e7a95cc feat: custom image settings for k8s upgrade
• siderolabs/talos@0f5e946f4 fix: ensure that Talos runs in a pod (container)
• siderolabs/talos@fd93ce1b6 feat: update kernel with sfc driver and LSM updates
• siderolabs/talos@36836878f fix: run xfs_repair on invalid argument error
• siderolabs/talos@6ea29d927 feat: support systemd-boot ISO enroll keys option
• siderolabs/talos@e993215fe fix: unlock the upgrade mutex properly
• siderolabs/talos@5515a6bab fix: use a separate cgroup for each extension service
• siderolabs/talos@e7935e6b9 feat: update Linux to 6.1.78
• siderolabs/talos@959627850 feat: update Kubernetes default to 1.29.2

Changes from siderolabs/pkgs

• siderolabs/pkgs@6868f38 feat: enable PSI (pressure stall information)
• siderolabs/pkgs@777cae9 feat: update Linux to 6.1.78
• siderolabs/pkgs@f71ff75 feat: enable VRF module
• siderolabs/pkgs@a7e36fb feat: add support for Solarflare SFC9100 and SFC9200 family
• siderolabs/pkgs@7146892 feat: enable CONFIG_SECURITY_PATH and CONFIG_BPF_LSM
• siderolabs/pkgs@73f3c03 feat: backport iPXE update from main
• siderolabs/pkgs@8ff728c chore: set PREEMPT_NONE as recommended for servers
• siderolabs/pkgs@b849795 fix: enable KFD support in kernel
• siderolabs/pkgs@0b8a78b feat: bring Linux to 6.1.76

Dependency Changes

• github.com/aws/aws-sdk-go-v2/service/kms v1.26.5 new
• github.com/siderolabs/pkgs v1.6.0-16-gb77ffb7 -> v1.6.0-25-g6868f38
• github.com/siderolabs/talos/pkg/machinery v1.6.4 -> v1.6.5
• k8s.io/api v0.29.1 -> v0.29.2
• k8s.io/apiserver v0.29.1 -> v0.29.2
• k8s.io/client-go v0.29.1 -> v0.29.2
• k8s.io/component-base v0.29.1 -> v0.29.2
• k8s.io/kube-scheduler v0.29.1 -> v0.29.2
• k8s.io/kubectl v0.29.1 -> v0.29.2
• k8s.io/kubelet v0.29.1 -> v0.29.2
• k8s.io/pod-security-admission v0.29.2 new

Previous release can be found at v1.6.4

Images

ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0-1-g113887a
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.11
registry.k8s.io/kube-apiserver:v1.29.2
registry.k8s.io/kube-controller-manager:v1.29.2
registry.k8s.io/kube-scheduler:v1.29.2
registry.k8s.io/kube-proxy:v1.29.2
ghcr.io/siderolabs/kubelet:v1.29.2
ghcr.io/siderolabs/installer:v1.6.5
registry.k8s.io/pause:3.8

Talos 1.5.6 (2024-02-02)

Welcome to the v1.5.6 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.1.74
containerd: 1.6.28
runc: 1.1.12

See CVE-2024-21626 for the runc update.

Talos is built with Go 1.20.13.

Contributors

• Andrey Smirnov
• Dmitriy Matrenichev
• Hervé Werner
• Jonomir
• Noel Georgi

Changes

• siderolabs/talos@26f0153ef release(v1.5.6): prepare release
• siderolabs/talos@e7475d8fd fix: take into account the moment seen when cleaning up CRI images
• siderolabs/talos@9b819ee1e fix: watch bufer overrun for RouteStatus
• siderolabs/talos@730913fdb fix: update kmsg with utf-8 fix
• siderolabs/talos@a3b48c696 fix: disk UUID & WWID always empty in talosctl disks
• siderolabs/talos@e4a23412f fix: skip writing the file if the contents haven't changed
• siderolabs/talos@8516708a5 fix: retry blockdevice open in the installer
• siderolabs/talos@d82b14eae fix: be more tolerant to error handling in Mounts API
• siderolabs/talos@d35002777 fix: ignore kernel command line in container mode
• siderolabs/talos@06424ad5d fix: allow extra kernel args for secureboot installer
• siderolabs/talos@985ed8de6 fix: set max msg recv size when proxying
• siderolabs/talos@1e5913806 feat: update runc 1.1.12, containerd 1.6.28, Linux 6.1.74

Changes from siderolabs/gen

• siderolabs/gen@efca710 chore: add FilterInPlace method to maps and update module
• siderolabs/gen@36a3ae3 feat: update module

Changes from siderolabs/go-kmsg

• siderolabs/go-kmsg@e358d13 fix: decode escape sequences while reading from kmsg
• siderolabs/go-kmsg@4297bd5 feat: add BSD support

Changes from siderolabs/pkgs

• siderolabs/pkgs@a550ab9 feat: update Go to 1.20.13
• siderolabs/pkgs@ae26536 feat: update containerd 1.6.28, runc 1.1.12, Linux 6.1.74

Changes from siderolabs/tools

• siderolabs/tools@02895ed feat: update Go to 1.20.13

Dependency Changes

• github.com/containerd/containerd v1.6.23 -> v1.6.28
• github.com/google/go-cmp v0.5.9 -> v0.6.0
• github.com/google/uuid v1.3.0 -> v1.3.1
• github.com/siderolabs/gen v0.4.5 -> v0.4.7
• github.com/siderolabs/go-kmsg v0.1.3 -> v0.1.4
• github.com/siderolabs/pkgs v1.5.0-15-gab5b0e5 -> v1.5.0-17-ga550ab9
• github.com/siderolabs/talos/pkg/machinery v1.5.5 -> v1.5.6
• github.com/siderolabs/tools v1.5.0-3-gc95372c -> v1.5.0-4-g02895ed
• golang.org/x/net v0.17.0 -> v0.18.0
• golang.org/x/sys v0.13.0 -> v0.16.0
• golang.org/x/term v0.13.0 -> v0.16.0
• golang.org/x/text v0.13.0 -> v0.14.0
• google.golang.org/grpc v1.58.3 -> v1.59.0

Previous release can be found at v1.5.5

Images

ghcr.io/siderolabs/flannel:v0.22.1
ghcr.io/siderolabs/install-cni:v1.5.0-3-gb43c4e4
registry.k8s.io/coredns/coredns:v1.10.1
gcr.io/etcd-development/etcd:v3.5.10
registry.k8s.io/kube-apiserver:v1.28.3
registry.k8s.io/kube-controller-manager:v1.28.3
registry.k8s.io/kube-scheduler:v1.28.3
registry.k8s.io/kube-proxy:v1.28.3
ghcr.io/siderolabs/kubelet:v1.28.3
ghcr.io/siderolabs/installer:v1.5.6
registry.k8s.io/pause:3.6

Talos 1.7.0-alpha.0 (2024-02-01)

Welcome to the v1.7.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Device Selectors

Talos Linux now supports physical: true qualifier for device selectors, it selects non-virtual network interfaces (i.e. en0 is selected, while bond0 is not).

DNS Caching

Talos Linux now provides a caching DNS resolver for host workloads (including host networking pods). It can be disabled with:

machine:
   features:
       localDNS: false

Known Problems

ZFS and DRBD extensions are disabled in this release due to incompatibility with the latest Linux kernel.

Kubernetes API Server Service Account Key

Talos Linux starting from this release uses RSA key for Kubernetes API Server Service Account instead of ECDSA key to provide better compatibility with external OpenID Connect implementations.

Component Updates

Linux: 6.6.14
etcd: 3.5.11
Kubernetes: 1.29.1
containerd: 1.7.13
runc: 1.1.12
Flannel: 0.24.1

Talos is built with Go 1.21.6.

Contributors

• Andrey Smirnov
• Dmitriy Matrenichev
• Utku Ozdemir
• Noel Georgi
• Andrey Smirnov
• Radosław Piliszek
• Artem Chernyshev
• Spencer Smith
• Steve Francis
• Anthony ARNAUD
• Cas de Reuver
• Christian Mohn
• Drew Hess
• ExtraClock
• Hervé Werner
• JJGadgets
• Jacob McSwain
• Jonomir
• Sebastian Gaiser
• Serge Logvinov
• Tim Jones
• edwinavalos
• stereobutter

Changes

• siderolabs/talos@029d7f7b9 release(v1.7.0-alpha.0): prepare release
• siderolabs/talos@2ff81c06b feat: update runc 1.1.12, containerd 1.7.13
• siderolabs/talos@9d8cd4d05 chore: drop deprecated method EtcdRemoveMember
• siderolabs/talos@17567f19b fix: take into account the moment seen when cleaning up CRI images
• siderolabs/talos@aa03204b8 docs: document the process of building custom kernel packages
• siderolabs/talos@7af48bd55 feat: use RSA key for kube-apiserver service account key
• siderolabs/talos@a5e13c696 fix: retry blockdevice open in the installer
• siderolabs/talos@593afeea3 fix: run the interactive installer loop to report errors
• siderolabs/talos@87be76b87 fix: be more tolerant to error handling in Mounts API
• siderolabs/talos@03add7503 docs: add section on using imager with extensions from tarball
• siderolabs/talos@ee0fb5eff docs: consolidate certificate management articles
• siderolabs/talos@9c14dea20 chore: bump coredns
• siderolabs/talos@ebeef2852 feat: implement local caching dns server
• siderolabs/talos@4a3691a27 docs: fix broken links in metal-network-configuration.md
• siderolabs/talos@c4ed189a6 docs: provide sane defaults for each release series in vmware script
• siderolabs/talos@8138d54c6 docs: clarify node taints/labels for worker nodes
• siderolabs/talos@b44551ccd feat: update Linux to 6.6.13
• siderolabs/talos@385707c5f docs: update vmware.sh
• siderolabs/talos@d1a79b845 docs: fix small typo in etcd maintenance guide
• siderolabs/talos@cf0603330 docs: copy generated JSON schema to host
• siderolabs/talos@f11139c22 docs: document local path provisioner install
• siderolabs/talos@e0dfbb8fb fix: allow META encoded values to be compressed
• siderolabs/talos@d677901b6 feat: implement device selector for 'physical'
• siderolabs/talos@7d1117289 docs: add missing talosconfig flag
• siderolabs/talos@8a1732bcb fix: pull in mptspi driver
• siderolabs/talos@c1e45071f refactor: use etcd configuration from the EtcdSpec resource
• siderolabs/talos@4e9b688d3 fix: use correct TTL for talosconfig in talosctl config new
• siderolabs/talos@fb5ad0555 feat: update Kubernetes default to 1.29.1
• siderolabs/talos@fe24139f3 docs: fork docs for v1.7
• siderolabs/talos@1c2d10ccc chore: bump dependencies
• siderolabs/talos@a599e3867 chore: allow custom registry to build installer/imager
• siderolabs/talos@3911ddf7b docs: add how-to for cert management
• siderolabs/talos@b0ee0bfba fix: strategic patch merging for audit policy
• siderolabs/talos@474eccdc4 fix: watch bufer overrun for RouteStatus
• siderolabs/talos@cc06b5d7a fix: fix .der output in talosctl gen secureboot
• siderolabs/talos@1dbb4abf4 fix: update discovery service client to v0.1.6
• siderolabs/talos@9782319c3 fix: support KubePrism settings in Kubernetes Discovery
• siderolabs/talos@6c5a0c281 feat: generate a single JSON schema for multidoc config
• siderolabs/talos@f70b47ddd fix: force KubePrism to connect using IPv4
• siderolabs/talos@d5321e085 fix: update kmsg with utf-8 fix
• siderolabs/talos@7fa7362dd fix: fix nodes on dashboard footer when node names are used in --nodes
• siderolabs/talos@ba88678f1 fix: merge ports and ingress configs correctly in NetworkRuleConfig
• siderolabs/talos@dea9bda2d fix: disk UUID & WWID always empty in talosctl disks
• siderolabs/talos@8dc112f36 chore: pull in NBD modules
• siderolabs/talos@f6926faab fix: default priority for ipv6
• siderolabs/talos@e8758dcba chore: support http downloads for assets in talosctl cluster create
• siderolabs/talos@265f21be0 fix: replace the filemap implementation to not buffer in memory
• siderolabs/talos@8db3c5b3c fix: pick correctly base installer image layers
• siderolabs/talos@0a30ef784 fix: imager should support different Talos versions
• siderolabs/talos@d6342cda5 docs: update latest version to v1.6.1
• siderolabs/talos@e6e422b92 chore: bump dependencies
• siderolabs/talos@5a19d078a fix: properly overwrite files on install
• siderolabs/talos@9eb6cea78 docs: secureboot sd-boot menu clarification
• siderolabs/talos@01f0cbe61 feat: support iPXE direct booting in talosctl cluster create
• siderolabs/talos@3ba84701d feat: pull in kernel modules for mlx Infiniband and VFIO
• siderolabs/talos@ba993e0ed docs: announce that SecureBoot is available
• siderolabs/talos@241bc9312 fix: update the way secureboot signer fetches certificate (azure)
• siderolabs/talos@59b62398f chore: modernize machined/pkg/controllers/k8s
• siderolabs/talos@760f793d5 fix: use correct prefix when installing SBC files
• siderolabs/talos@0b94550c4 chore: fix the gvisor test
• siderolabs/talos@3a787c1d6 docs: update 1.6 docs with Noel's feedback
• siderolabs/talos@d803e40ef docs: provide documentation for Talos 1.6
• siderolabs/talos@9a185a30f feat: update Kubernetes to v1.29.0
• siderolabs/talos@5934815d2 chore: split more kernel modules on amd64
• siderolabs/talos@10c59a6b9 fix: leave discovery service later in the reset sequence
• siderolabs/talos@0c86ca1cc chore: enable kubespan+firewall for cilium tests
• siderolabs/talos@98fd722d5 feat: provide compatibility for future Talos 1.7
• siderolabs/talos@131a1b167 fix: add a KubeSpan option to disable extra endpoint harvesting
• siderolabs/talos@4547ad9af feat: send actor id to the SideroLink events sink
• siderolabs/talos@04e774547 docs: cap max heading level
• siderolabs/talos@6bb1e99aa chore: optimize pcap dump
• siderolabs/talos@4f9d3b975 feat: update Kubernetes to v1.29.0-rc.2
• siderolabs/talos@46121c9fe docs: rework machine config documentation generation
• siderolabs/talos@e128d3c82 fix: talosctl cluster create not to enforce kubeprism always
• siderolabs/talos@320064c5a feat: update Go 1.21.5, Linux 6.1.65, etcd 3.5.11
• siderolabs/talos@270604bea fix: support user disks via symlinks
• siderolabs/talos@4f195dd27 chore: fix the release.toml
• siderolabs/talos@474fa0480 fix: store and execute desired action on emergency action
• siderolabs/talos@515ae2a18 docs: extend hetzner-cloud docs for arm64
• siderolabs/talos@eecc4dbd5 fix: trim leading spaces\newlines in inline manifest contents
• siderolabs/talos@dbf274ddf fix: skip writing the file if the contents haven't changed
• siderolabs/talos@6329222bd fix: do not panic in merge.Merge if map value is nil

Changes from siderolabs/discovery-client

• siderolabs/discovery-client@ff8f4be fix: enable gRPC keepalives

Changes from siderolabs/extras

• siderolabs/extras@8909d6f chore: update Go to 1.21.5

Changes from siderolabs/go-api-signature

• siderolabs/go-api-signature@370cebf fix: always print the login URL on key renew flow
• siderolabs/go-api-signature@d28609a feat: move in the cli grpc interceptor logic, support service account in env
• siderolabs/go-api-signature@4602acc chore: add a dummy workflow
• siderolabs/go-api-signature@cfd21b6 fix: support validating signatures generated with the time in the future
• siderolabs/go-api-signature@74dd3dc chore: bump deps
• siderolabs/go-api-signature@d78bedb chore: bump deps
• siderolabs/go-api-signature@a034e9f feat: replace scopes with roles
• siderolabs/go-api-signature@5b4f3bb chore: run rekres
• siderolabs/go-api-signature@9dba116 chore: remove time.Sleep hack
• siderolabs/go-api-signature@e84e686 chore: bump dependencies
• siderolabs/go-api-signature@8baaf8a chore: bump deps
• siderolabs/go-api-signature@5f27e1e chore: add renovate bot and bump deps
• siderolabs/go-api-signature@69886dc feat: allow custom validations on PGP key
• siderolabs/go-api-signature@63d4da3 fix: limit clock skew for short-lived keys
• siderolabs/go-api-signature@cdb9722 feat: add support for +-5 min clock skew
• siderolabs/go-api-signature@7b80a50 refactor: use options pattern in RegisterPGPPublicKey
• siderolabs/go-api-signature@c647861 feat: add scopes to RegisterPublicKeyRequest
• siderolabs/go-api-signature@5d3647e feat: provide more client PGP functions
• siderolabs/go-api-signature@2b682ec feat: initial version
• siderolabs/go-api-signature@a4c2943 chore: initial commit

Changes from siderolabs/go-kmsg

• siderolabs/go-kmsg@e358d13 fix: decode escape sequences while reading from kmsg
• siderolabs/go-kmsg@4297bd5 feat: add BSD support

Changes from siderolabs/pkgs

• siderolabs/pkgs@96cc841 chore: bump deps
• siderolabs/pkgs@064fd58 feat: update Linux to 6.6.14, enable XDP
• siderolabs/pkgs@efbbd23 feat: update Linux to 6.6.13
• siderolabs/pkgs@dfb5026 chore: switch to git ref for raspberrypi firmware
• siderolabs/pkgs@4af2d0f feat: update Linux to 6.1.74
• siderolabs/pkgs@2358efe fix: enable FUSION_SPI driver
• siderolabs/pkgs@f376a53 chore: bump dependencies
• siderolabs/pkgs@583e519 feat: add v4l usb video class (webcam) drivers
• siderolabs/pkgs@2d3ca68 feat: enable NBD
• siderolabs/pkgs@f647edd feat: update Linux to 6.1.69
• siderolabs/pkgs@6af1691 feat: enable VFIO also on amd64
• siderolabs/pkgs@d633cd6 feat: enable modules for mlx infiniband
• siderolabs/pkgs@4c59641 fix: zfs module build
• siderolabs/pkgs@e325097 feat: enable nct6683 sensors as module
• siderolabs/pkgs@d6185ec feat: enable IRQ remapping on amd64
• siderolabs/pkgs@814dc60 feat: update containerd to 1.7.11
• siderolabs/pkgs@dd71790 chore: rekres to fix 'failed' build on main
• siderolabs/pkgs@a36dec4 feat: split more device drivers into modules
• siderolabs/pkgs@97270a2 feat: update Linux to 6.1.67
• siderolabs/pkgs@8a73907 feat: update Go to 1.21.5
• siderolabs/pkgs@8f0ffb9 feat: update zfs to v2.2.2

Changes from siderolabs/tools

• siderolabs/tools@f4b41d1 fix: rust toolchain
• siderolabs/tools@8cc79e6 feat: update dependencies
• siderolabs/tools@c7076eb chore: bump dependencies
• siderolabs/tools@a80a2aa feat: update Go to 1.21.6
• siderolabs/tools@b677a2b feat: add rust build stage
• siderolabs/tools@1659d82 feat: update Go to 1.21.5

Dependency Changes

• github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0 -> v1.9.1
• github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 -> v1.5.1
• github.com/aws/aws-sdk-go-v2/config v1.25.6 -> v1.26.6
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.5 -> v1.14.11
• github.com/aws/smithy-go v1.17.0 -> v1.19.0
• github.com/beevik/ntp v1.3.0 -> v1.3.1
• github.com/containerd/cgroups/v3 v3.0.2 -> v3.0.3
• github.com/containerd/containerd v1.7.9 -> v1.7.13
• github.com/containernetworking/plugins v1.3.0 -> v1.4.0
• github.com/coredns/coredns v1.11.1 new
• github.com/cosi-project/runtime v0.3.19 -> v0.3.20
• github.com/docker/docker v24.0.7 -> v25.0.2
• github.com/docker/go-connections v0.4.0 -> v0.5.0
• github.com/emicklei/dot v1.6.0 -> v1.6.1
• github.com/foxboron/go-uefi 18b9ba9cd4c3 -> 48be911532c2
• github.com/gdamore/tcell/v2 v2.6.0 -> v2.7.0
• github.com/google/go-containerregistry v0.16.1 -> v0.19.0
• github.com/google/go-tpm v0.9.0 -> ee6cbcd136f8
• github.com/google/uuid v1.4.0 -> v1.6.0
• github.com/hetznercloud/hcloud-go/v2 v2.4.0 -> v2.6.0
• github.com/insomniacslk/dhcp b0416c0f187a -> 15c9b8791914
• github.com/jsimonetti/rtnetlink v1.4.0 -> v1.4.1
• github.com/miekg/dns v1.1.58 new
• github.com/opencontainers/image-spec v1.1.0-rc4 -> v1.1.0-rc6
• github.com/opencontainers/runtime-spec v1.1.0-rc.1 -> v1.1.0
• github.com/packethost/packngo v0.30.0 -> v0.31.0
• github.com/pin/tftp 2f79be2dba4e new
• github.com/pmorjan/kmod v1.1.0 -> v1.1.1
• github.com/rivo/tview 33a1d271f2b6 -> 8526c9fe1b54
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.21 -> v1.0.0-beta.22
• github.com/siderolabs/discovery-client v0.1.5 -> v0.1.6
• github.com/siderolabs/extras v1.6.0-1-g113887a -> v1.7.0-alpha.0
• github.com/siderolabs/go-api-signature v0.3.1 new
• github.com/siderolabs/go-kmsg v0.1.3 -> v0.1.4
• github.com/siderolabs/pkgs v1.6.0-5-g3ae2450 -> v1.7.0-alpha.0-19-g96cc841
• github.com/siderolabs/talos/pkg/machinery v1.6.0 -> v1.7.0-alpha.0
• github.com/siderolabs/tools v1.6.0-1-g336d248 -> v1.7.0-alpha.0-5-gf4b41d1
• github.com/u-root/u-root v0.11.0 -> v0.12.0
• go.etcd.io/etcd/api/v3 v3.5.11 -> v3.5.12
• go.etcd.io/etcd/client/pkg/v3 v3.5.11 -> v3.5.12
• go.etcd.io/etcd/client/v3 v3.5.11 -> v3.5.12
• go.etcd.io/etcd/etcdutl/v3 v3.5.11 -> v3.5.12
• go4.org/netipx 6213f710f925 -> fdeea329fbba
• golang.org/x/net v0.19.0 -> v0.20.0
• golang.org/x/oauth2 v0.15.0 -> v0.16.0
• golang.org/x/sync v0.5.0 -> v0.6.0
• golang.org/x/sys v0.15.0 -> v0.16.0
• golang.org/x/term v0.15.0 -> v0.16.0
• google.golang.org/grpc v1.59.0 -> v1.61.0
• google.golang.org/protobuf v1.31.0 -> v1.32.0
• k8s.io/api v0.29.0 -> v0.29.1
• k8s.io/apimachinery v0.29.0 -> v0.29.1
• k8s.io/apiserver v0.29.0 -> v0.29.1
• k8s.io/client-go v0.29.0 -> v0.29.1
• k8s.io/component-base v0.29.0 -> v0.29.1
• k8s.io/cri-api v0.29.0 -> v0.29.1
• k8s.io/klog/v2 v2.110.1 -> v2.120.1
• k8s.io/kube-scheduler v0.29.0 -> v0.29.1
• k8s.io/kubectl v0.29.0 -> v0.29.1
• k8s.io/kubelet v0.29.0 -> v0.29.1

Previous release can be found at v1.6.0

Images

ghcr.io/siderolabs/flannel:v0.24.1
ghcr.io/siderolabs/install-cni:v1.7.0-alpha.0
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.12
registry.k8s.io/kube-apiserver:v1.29.1
registry.k8s.io/kube-controller-manager:v1.29.1
registry.k8s.io/kube-scheduler:v1.29.1
registry.k8s.io/kube-proxy:v1.29.1
ghcr.io/siderolabs/kubelet:v1.29.1
ghcr.io/siderolabs/installer:v1.7.0-alpha.0
registry.k8s.io/pause:3.8

Talos 1.6.4 (2024-02-01)

Welcome to the v1.6.4 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

containerd: 1.7.13
runc: 1.1.12

See CVE-2024-21626 for the runc update.

Talos is built with Go 1.21.6.

Contributors

• Andrey Smirnov
• Andrey Smirnov
• Dmitriy Matrenichev
• Utku Ozdemir
• Noel Georgi
• Artem Chernyshev

Changes

• siderolabs/talos@431bcada7 release(v1.6.4): prepare release
• siderolabs/talos@040c535c6 fix: retry blockdevice open in the installer
• siderolabs/talos@00b34b254 fix: take into account the moment seen when cleaning up CRI images
• siderolabs/talos@c5ad166be fix: be more tolerant to error handling in Mounts API
• siderolabs/talos@b438f8a9b fix: run the interactive installer loop to report errors
• siderolabs/talos@12e83b7e3 docs: clarify node taints/labels for worker nodes
• siderolabs/talos@7840f8a89 feat: update containerd 1.7.13, runc 1.1.12

Changes from siderolabs/go-api-signature

• siderolabs/go-api-signature@370cebf fix: always print the login URL on key renew flow
• siderolabs/go-api-signature@d28609a feat: move in the cli grpc interceptor logic, support service account in env
• siderolabs/go-api-signature@4602acc chore: add a dummy workflow
• siderolabs/go-api-signature@cfd21b6 fix: support validating signatures generated with the time in the future
• siderolabs/go-api-signature@74dd3dc chore: bump deps
• siderolabs/go-api-signature@d78bedb chore: bump deps
• siderolabs/go-api-signature@a034e9f feat: replace scopes with roles
• siderolabs/go-api-signature@5b4f3bb chore: run rekres
• siderolabs/go-api-signature@9dba116 chore: remove time.Sleep hack
• siderolabs/go-api-signature@e84e686 chore: bump dependencies
• siderolabs/go-api-signature@8baaf8a chore: bump deps
• siderolabs/go-api-signature@5f27e1e chore: add renovate bot and bump deps
• siderolabs/go-api-signature@69886dc feat: allow custom validations on PGP key
• siderolabs/go-api-signature@63d4da3 fix: limit clock skew for short-lived keys
• siderolabs/go-api-signature@cdb9722 feat: add support for +-5 min clock skew
• siderolabs/go-api-signature@7b80a50 refactor: use options pattern in RegisterPGPPublicKey
• siderolabs/go-api-signature@c647861 feat: add scopes to RegisterPublicKeyRequest
• siderolabs/go-api-signature@5d3647e feat: provide more client PGP functions
• siderolabs/go-api-signature@2b682ec feat: initial version
• siderolabs/go-api-signature@a4c2943 chore: initial commit

Changes from siderolabs/pkgs

• siderolabs/pkgs@b77ffb7 chore: bump runc+containerd

Dependency Changes

• github.com/containerd/containerd v1.7.11 -> v1.7.13
• github.com/opencontainers/runtime-spec v1.1.0-rc.1 -> v1.1.0
• github.com/siderolabs/go-api-signature v0.3.1 new
• github.com/siderolabs/pkgs v1.6.0-15-gf51aedb -> v1.6.0-16-gb77ffb7
• github.com/siderolabs/talos/pkg/machinery v1.6.3 -> v1.6.4

Previous release can be found at v1.6.3

Images

ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0-1-g113887a
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.11
registry.k8s.io/kube-apiserver:v1.29.1
registry.k8s.io/kube-controller-manager:v1.29.1
registry.k8s.io/kube-scheduler:v1.29.1
registry.k8s.io/kube-proxy:v1.29.1
ghcr.io/siderolabs/kubelet:v1.29.1
ghcr.io/siderolabs/installer:v1.6.4
registry.k8s.io/pause:3.8

Talos 1.6.3 (2024-01-24)

Welcome to the v1.6.3 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.1.74
Kubernetes: 1.29.1

Talos is built with Go 1.21.6.

Contributors

• Andrey Smirnov

Changes

• siderolabs/talos@d53e07c1a release(v1.6.3): prepare release
• siderolabs/talos@815fef8c3 fix: allow META encoded values to be compressed
• siderolabs/talos@56e87f55b feat: update Kubernetes default to 1.29.1
• siderolabs/talos@63fc46f0a feat: update Linux to 6.1.74

Changes from siderolabs/pkgs

• siderolabs/pkgs@f51aedb fix: disable nct6883 on arm64
• siderolabs/pkgs@7ddbdb4 fix: enable FUSION_SPI driver
• siderolabs/pkgs@00d2978 feat: update Linux to 6.1.74

Dependency Changes

• github.com/siderolabs/pkgs v1.6.0-12-g0078a66 -> v1.6.0-15-gf51aedb
• github.com/siderolabs/talos/pkg/machinery v1.6.2 -> v1.6.3
• k8s.io/api v0.29.0 -> v0.29.1
• k8s.io/apimachinery v0.29.0 -> v0.29.1
• k8s.io/apiserver v0.29.0 -> v0.29.1
• k8s.io/client-go v0.29.0 -> v0.29.1
• k8s.io/component-base v0.29.0 -> v0.29.1
• k8s.io/cri-api v0.29.0 -> v0.29.1
• k8s.io/kube-scheduler v0.29.0 -> v0.29.1
• k8s.io/kubectl v0.29.0 -> v0.29.1
• k8s.io/kubelet v0.29.0 -> v0.29.1

Previous release can be found at v1.6.2

Images

ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0-1-g113887a
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.11
registry.k8s.io/kube-apiserver:v1.29.1
registry.k8s.io/kube-controller-manager:v1.29.1
registry.k8s.io/kube-scheduler:v1.29.1
registry.k8s.io/kube-proxy:v1.29.1
ghcr.io/siderolabs/kubelet:v1.29.1
ghcr.io/siderolabs/installer:v1.6.3
registry.k8s.io/pause:3.8

Talos 1.6.2 (2024-01-18)

Welcome to the v1.6.2 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.1.73

Talos is built with Go 1.21.6.

Contributors

• Andrey Smirnov
• Utku Ozdemir
• Dmitriy Matrenichev
• Drew Hess
• Hervé Werner
• JJGadgets
• Jonomir
• Serge Logvinov

Changes

• siderolabs/talos@26eee7553 release(v1.6.2): prepare release
• siderolabs/talos@f87a0468b fix: strategic patch merging for audit policy
• siderolabs/talos@36b913dba fix: watch bufer overrun for RouteStatus
• siderolabs/talos@3576d113c fix: fix .der output in talosctl gen secureboot
• siderolabs/talos@0191c3b2c fix: support KubePrism settings in Kubernetes Discovery
• siderolabs/talos@8fa6e93f0 fix: force KubePrism to connect using IPv4
• siderolabs/talos@e05eebca1 fix: update kmsg with utf-8 fix
• siderolabs/talos@37bfa60dd fix: merge ports and ingress configs correctly in NetworkRuleConfig
• siderolabs/talos@306c5cad2 fix: fix nodes on dashboard footer when node names are used in --nodes
• siderolabs/talos@530332d24 fix: disk UUID & WWID always empty in talosctl disks
• siderolabs/talos@440f56341 chore: pull in NBD modules
• siderolabs/talos@3ebdbabaf fix: default priority for ipv6
• siderolabs/talos@b47619543 fix: replace the filemap implementation to not buffer in memory
• siderolabs/talos@0ec551597 fix: imager should support different Talos versions
• siderolabs/talos@4b3168624 feat: support iPXE direct booting in talosctl cluster create
• siderolabs/talos@d98699c07 feat: update Linux 6.1.73, go 1.21.6

Changes from siderolabs/go-kmsg

• siderolabs/go-kmsg@e358d13 fix: decode escape sequences while reading from kmsg
• siderolabs/go-kmsg@4297bd5 feat: add BSD support

Changes from siderolabs/pkgs

• siderolabs/pkgs@0078a66 feat: enable NBD
• siderolabs/pkgs@31b9d61 feat: enable nct6683 sensors as module
• siderolabs/pkgs@f8c6a35 feat: go 1.21.6, linux 6.1.73

Changes from siderolabs/tools

• siderolabs/tools@5e034ec feat: update Go to 1.21.6

Dependency Changes

• github.com/pin/tftp 2f79be2dba4e new
• github.com/siderolabs/go-kmsg v0.1.3 -> v0.1.4
• github.com/siderolabs/pkgs v1.6.0-9-g8fa73db -> v1.6.0-12-g0078a66
• github.com/siderolabs/talos/pkg/machinery v1.6.1 -> v1.6.2
• github.com/siderolabs/tools v1.6.0-1-g336d248 -> v1.6.0-2-g5e034ec
• golang.org/x/sys v0.15.0 -> v0.16.0

Previous release can be found at v1.6.1

Images

ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0-1-g113887a
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.11
registry.k8s.io/kube-apiserver:v1.29.0
registry.k8s.io/kube-controller-manager:v1.29.0
registry.k8s.io/kube-scheduler:v1.29.0
registry.k8s.io/kube-proxy:v1.29.0
ghcr.io/siderolabs/kubelet:v1.29.0
ghcr.io/siderolabs/installer:v1.6.2
registry.k8s.io/pause:3.8

Talos 1.6.1 (2023-12-22)

Welcome to the v1.6.1 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.1.69
containerd: 1.7.11

Talos is built with Go 1.21.5.

Contributors

• Andrey Smirnov
• Radosław Piliszek

Changes

• siderolabs/talos@0af17af3a release(v1.6.1): prepare release
• siderolabs/talos@8355c9eef fix: properly overwrite files on install
• siderolabs/talos@2e9901751 fix: update the way secureboot signer fetches certificate (azure)
• siderolabs/talos@4caffd383 fix: use correct prefix when installing SBC files
• siderolabs/talos@9e56d539b feat: update Linux to 6.1.69, containerd to 1.7.11

Changes from siderolabs/pkgs

• siderolabs/pkgs@8fa73db feat: update Linux to 6.1.69
• siderolabs/pkgs@f36484e feat: update containerd to 1.7.11
• siderolabs/pkgs@6fdc79a feat: enable IRQ remapping on amd64
• siderolabs/pkgs@22cd9b4 chore: disable one commit check

Dependency Changes

• github.com/containerd/containerd v1.7.9 -> v1.7.11
• github.com/siderolabs/pkgs v1.6.0-5-g3ae2450 -> v1.6.0-9-g8fa73db
• github.com/siderolabs/talos/pkg/machinery v1.6.0 -> v1.6.1

Previous release can be found at v1.6.0

Images

ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0-1-g113887a
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.11
registry.k8s.io/kube-apiserver:v1.29.0
registry.k8s.io/kube-controller-manager:v1.29.0
registry.k8s.io/kube-scheduler:v1.29.0
registry.k8s.io/kube-proxy:v1.29.0
ghcr.io/siderolabs/kubelet:v1.29.0
ghcr.io/siderolabs/installer:v1.6.1
registry.k8s.io/pause:3.8

Talos 1.6.0 (2023-12-15)

Welcome to the v1.6.0 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

OAuth2 Machine Config Flow

Talos Linux when running on the metal platform can be configured to authenticate the machine configuration download using OAuth2 device flow.

Network Device Selectors

Previously, network device selectors only matched the first link, now the configuration is applied to all matching links.

Extension Services

Talos now starts Extension Services early in the boot process, this allows guest agents to be started in maintenance mode.

Linux Firmware

Starting with Talos 1.6, there is no Linux firmware included in the initramfs.
Customers who need Linux firmware can pull them as extension during install time using the image factory service.
If the initial boot requires firmware, a custom iso can be built with the firmware included using the image factory service.
This also ensures that the linux-firmware is not tied to a specific Talos version.

Flannel Configuration

Talos Linux now supports customizing default Flannel manifest with extra arguments for flanneld.

cluster:
  network:
    cni:
      flannel:
        extraArgs:
          - --iface-can-reach=192.168.1.1

Ingress Firewall

Talos Linux now supports configuring the ingress firewall rules.

Kernel Arguments

Talos and Imager now supports dropping kernel arguments specified in .machine.install.extraKernelArgs or as --extra-kernel-arg to imager.
Any kernel argument that starts with a - is dropped. Kernel arguments to be dropped can be specified either as -<key> which would remove all arguments that start with <key> or as -<key>=<value> which would remove the exact argument.

Kube-Scheduler Configuration

Talos now supports specifying the kube-scheduler configuration in the Talos configuration file.
It can be set under cluster.scheduler.config and kube-scheduler will be automatically configured to with the correct flags.

Kubelet Credential Provider Configuration

Talos now supports specifying the kubelet credential provider configuration in the Talos configuration file.
It can be set under machine.kubelet.credentialProviderConfig and kubelet will be automatically configured to with the correct flags.
The credential binaries are expected to be present under /usr/local/lib/kubelet/credentialproviders.
Talos System Extensions can be used to install the credential binaries.

KubePrism

KubePrism is enabled by default on port 7445.

Sysctl

Talos now handles sysctl/sysfs key names in line with sysctl.conf(5):

• if the first separator is '/', no conversion is done
• if the first separator is '.', dots and slashes are remapped

Example (both sysctls are equivalent):

machine:
  sysctls:
    net/ipv6/conf/eth0.100/disable_ipv6: "1"
    net.ipv6.conf.eth0/100.disable_ipv6: "1"

talosctl CLI

The command images deprecated in Talos 1.5 was removed, please use talosctl images default instead.

Component Updates

Linux: 6.1.67
containerd: 1.7.10
CoreDNS: 1.11.1
Kubernetes: 1.29.0
Flannel: 0.23.0
etcd: 3.5.11
runc: 1.1.10

Talos is built with Go 1.21.5.

User Disks

Talos Linux now supports specifying user disks in .machine.disks machine configuration links via udev symlinks, e.g. /dev/disk/by-id/XXXX.

Contributors

• Andrey Smirnov
• Noel Georgi
• Dmitriy Matrenichev
• Oscar Utbult
• Serge Logvinov
• Andrey Smirnov
• Artem Chernyshev
• Utku Ozdemir
• Nico Berlee
• Radosław Piliszek
• Steve Francis
• Thomas Way
• ndbrew
• Andrei Kvapil
• Christian Rolland
• Drew Hess
• Enno Boland
• Florian Berchtold
• Henry Sachs
• Jacob McSwain
• Jacob McSwain
• Jared Davenport
• Mans Matulewicz
• Nebula
• Sascha Desch
• Spencer Smith
• Thomas Lemarchand
• Tim Jones
• Zachary Milonas
• budimanjojo
• guoguangwu
• mikucat0309

Changes

• siderolabs/talos@eddd188c9 release(v1.6.0): prepare release
• siderolabs/talos@d42fd10c0 chore: fix the gvisor test
• siderolabs/talos@333c462c5 feat: update Kubernetes to v1.29.0
• siderolabs/talos@61e6df169 fix: leave discovery service later in the reset sequence
• siderolabs/talos@ef15a1f23 feat: provide compatibility for future Talos 1.7
• siderolabs/talos@c155602ca fix: add a KubeSpan option to disable extra endpoint harvesting
• siderolabs/talos@5371eedd6 feat: send actor id to the SideroLink events sink
• siderolabs/talos@997f83f1f docs: cap max heading level
• siderolabs/talos@d9db4cf76 feat: update Kubernetes to v1.29.0-rc.2
• siderolabs/talos@d510df5df chore: enable kubespan+firewall for cilium tests
• siderolabs/talos@b61b30056 chore: optimize pcap dump
• siderolabs/talos@007d9f673 feat: update Linux to 6.1.67
• siderolabs/talos@7b7fb367e release(v1.6.0-beta.1): prepare release
• siderolabs/talos@fe6661128 fix: talosctl cluster create not to enforce kubeprism always
• siderolabs/talos@41fc05438 fix: support user disks via symlinks
• siderolabs/talos@1fe7f2840 docs: rework machine config documentation generation
• siderolabs/talos@e45794064 chore: fix the release.toml
• siderolabs/talos@591cfb456 fix: store and execute desired action on emergency action
• siderolabs/talos@fee63ac26 fix: trim leading spaces\newlines in inline manifest contents
• siderolabs/talos@cc16b9689 fix: skip writing the file if the contents haven't changed
• siderolabs/talos@ecee92c90 fix: do not panic in merge.Merge if map value is nil
• siderolabs/talos@c2259bff3 feat: update Go 1.21.5, Linux 6.1.65, etcd 3.5.11
• siderolabs/talos@c4dff49b3 release(v1.6.0-beta.0): prepare release
• siderolabs/talos@d8a435f0e fix: initialize boot assets with defaults early
• siderolabs/talos@c6835de17 fix: pick etcd adverised addresses from 'current' addresses
• siderolabs/talos@6b5bc8b85 feat: update Linux to 6.1.64
• siderolabs/talos@e71e3e416 feat: support extra arguments for flanneld
• siderolabs/talos@36c8ddb5e feat: implement ingress firewall rules
• siderolabs/talos@0b111ecb8 fix: support slices of enums and fix NfTablesConntrackStateMatch
• siderolabs/talos@9a8521741 feat: improve nftables backend
• siderolabs/talos@db4e2539d feat: update Kubernetes 1.29.0-rc.1 and other bumps
• siderolabs/talos@7a4a92854 feat: support sanitized kernel args
• siderolabs/talos@f041b2629 chore: add tests for mdadm extension
• siderolabs/talos@e46e6a312 feat: implement nftables backend
• siderolabs/talos@ba827bf8b chore: support getting multiple endpoints from the Provision rpc call
• siderolabs/talos@dd45dd06c chore: add custom node taints
• siderolabs/talos@8e2307466 docs: fix talosctl pcap argument
• siderolabs/talos@e4a050cb1 docs: fix talosctl inspect dependencies example indentation
• siderolabs/talos@fbcf4264f docs: fix talosctl dashboard cli docs
• siderolabs/talos@70d53ee13 chore: deprecate .persist and .extensions
• siderolabs/talos@95e33f6fc release(v1.6.0-alpha.2): prepare release
• siderolabs/talos@514e514ba feat: update Linux 6.1.63, containerd 1.7.9
• siderolabs/talos@aca8b5e17 fix: ignore kernel command line in container mode
• siderolabs/talos@020a0eb63 docs: fix table formatting for bootstraprequest
• siderolabs/talos@0eb245e04 docs: fix talosctl pcap example indentation
• siderolabs/talos@de6caf534 docs: fix table formatting for machineservice api
• siderolabs/talos@27d208c26 feat: implement OAuth2 device flow for machine config
• siderolabs/talos@5c8fa2a80 chore: start containerd early in boot
• siderolabs/talos@95a252cfc docs: fix link in what is new page
• siderolabs/talos@0d3c3ed71 feat: support kube scheduler config
• siderolabs/talos@06941b7e5 fix: allow rootfs propagation configuration for extension services
• siderolabs/talos@57dc796f3 docs: update lastRelease to v1.5.5 in _index.md
• siderolabs/talos@21d944a64 docs: add timezone information
• siderolabs/talos@4f1ad16c7 feat: support kubelet credentialprovider config
• siderolabs/talos@71a3bf0e3 fix: allow extra kernel args for secureboot installer
• siderolabs/talos@f38eaaab8 feat: rework secureboot and PCR signing key
• siderolabs/talos@6eade3d5e chore: add ability to rewrite uuids and set unique tokens for Talos
• siderolabs/talos@e9c7ac17a fix: set max msg recv size when proxying
• siderolabs/talos@e22ab440d feat: update Linux 6.1.61, containerd 1.7.8, runc 1.1.10
• siderolabs/talos@8245361f9 feat: show first 32 bytes of response body on download error
• siderolabs/talos@75d3987c0 chore: drop sha1 from genereated pcr json
• siderolabs/talos@6f32d2990 feat: add .der output talosctl gen secureboot pcr
• siderolabs/talos@87c40da6c fix: proper logging in machined on startup
• siderolabs/talos@a54da5f64 fix: image build for nanopi_4s
• siderolabs/talos@6f3cd0593 refactor: update packet capture to use 'afpacket' interface
• siderolabs/talos@813442dd7 fix: don't validate machine.install if installed
• siderolabs/talos@dff60069c feat: update Kubernetes to 1.29.0-alpha.3
• siderolabs/talos@c97db5dfe chore: bump Go dependencies
• siderolabs/talos@807a9950a fix: use custom Talos/kernel version when generating UKI
• siderolabs/talos@eb94468a6 docs: add documentation for Image Factory
• siderolabs/talos@2e78513e1 refactor: drop the dependency link platform -> network ctrl
• siderolabs/talos@6dc776b8a fix: when writing to META in the installer/imager, use fixed name
• siderolabs/talos@3703041e9 chore: remove uneeded code
• siderolabs/talos@cbe6e7622 fix: generate images for SBCs using imager
• siderolabs/talos@5dff164f1 fix: fix error output of cli action tracker
• siderolabs/talos@ef5056122 feat: update etcd to 3.5.10
• siderolabs/talos@45ae80873 chore: bump go-api-signature dependency to v0.3.1
• siderolabs/talos@ffa5e05cb fix: make Talos work on Rockpi 4c boards again
• siderolabs/talos@8eba4c599 feat: generate secrets bundle from the machine config
• siderolabs/talos@c7de745f6 chore: drop deprecated code
• siderolabs/talos@cc0c3ab69 docs: update rpi_generic.md
• siderolabs/talos@a009f5c60 fix: accept sysctl paths with dots
• siderolabs/talos@4919f6ee2 feat: add GOMEMLIMIT to shipped manifests with memory limits
• siderolabs/talos@73ee576ea chore: update sonobuouy library, drop the fork
• siderolabs/talos@c23bc2f4a chore: support OCI layout as a source for profile input
• siderolabs/talos@154bbd70f docs: fix talos version in guide for docker
• siderolabs/talos@11d1f6163 release(v1.6.0-alpha.1): prepare release
• siderolabs/talos@9dfae8467 chore: update dependencies
• siderolabs/talos@38ce3c827 feat: nocloud prefer mac address
• siderolabs/talos@401e89411 feat: customize image size
• siderolabs/talos@865f08f86 docs: kubeadm migration guide improvements
• siderolabs/talos@c3e418200 refactor: use COSI runtime with new controller runtime DB
• siderolabs/talos@c1ee24465 feat: update Kubernetes to v1.29.0-alpha.2
• siderolabs/talos@0ff7350ab fix: oracle integration fixes
• siderolabs/talos@675bada45 test: add config generation stability tests
• siderolabs/talos@f9639fb53 test: fix 'talosctl gen' tests
• siderolabs/talos@6142d87a0 feat: hostname configuration improvements on the NoCloud platform
• siderolabs/talos@7bb205ebe fix: don't use runtime-specs Mount struct in machine config
• siderolabs/talos@d1b27926c feat: update Go to 1.21.3
• siderolabs/talos@b87092ab6 fix: handle secure boot state policy pcr digest error
• siderolabs/talos@498aeb8c3 docs: fix incorrect image suffix
• siderolabs/talos@c14a5d4f7 feat: support service account auth in cli
• siderolabs/talos@336aee0fd fix: use tpm2 hash algorithm constants and allow non-SHA-256 PCRs
• siderolabs/talos@69d8054c9 chore: drop UpdateEndpointSuite
• siderolabs/talos@ef7be16c8 fix: clear the encryption config in META when STATE is reset
• siderolabs/talos@5fc60d2ca feat: add Solarflare SFC9000 support
• siderolabs/talos@9b5cfdd0b chore: add tests for iscsi
• siderolabs/talos@b897764f8 docs: update proxmox.md
• siderolabs/talos@159f45bde docs: fix typos in CLI calls to endpoints
• siderolabs/talos@0bd1bdd74 chore: allow insecure access to installer base image (imager)
• siderolabs/talos@10ed13067 fix: the node IP for kubelet shouldn't change if nothing matches
• siderolabs/talos@e7575ecaa feat: support n-5 latest Kubernetes versions
• siderolabs/talos@e71508ec1 chore: update dependencies
• siderolabs/talos@6d7fa4668 docs: add metal network configuration guide
• siderolabs/talos@2b548ad0d feat: update containerd to 1.7.x
• siderolabs/talos@62dcfe81e fix: update kubernetes library to support 1.29 upgrades
• siderolabs/talos@52caf0763 feat: update Kubernetes to 1.29.0-alpha.1
• siderolabs/talos@390137447 feat: enable KubePrism by default
• siderolabs/talos@1beb5e86e docs: add KubePrism video
• siderolabs/talos@a52d3cda3 chore: update gen and COSI runtime
• siderolabs/talos@29b201d61 feat: enable common h/w sensors
• siderolabs/talos@9c2ba7c6f chore: add tests for chelsio drivers
• siderolabs/talos@5ca4d58dc fix: generate of modules.dep when on the machine
• siderolabs/talos@5efcccb6b chore: bump kernel to 6.1.54
• siderolabs/talos@29c767a02 docs: add control plane nodes as users of apid also for control plane nodes
• siderolabs/talos@4874cfb95 chore: fix typo
• siderolabs/talos@96f2a62ea test: update upgrade tests versions
• siderolabs/talos@f3a370acb feat: update Flannel to 0.22.3
• siderolabs/talos@efdee6965 feat: update Kubernetes to 1.28.2
• siderolabs/talos@e3b494058 fix: build CPU ucode correctly for early loader
• siderolabs/talos@c5bd0ac5c refactor: reimplement the depmod extension rebuilder
• siderolabs/talos@0b883f52a docs: add notes about stable addressing
• siderolabs/talos@3ef670a9e chore: pull in dm modules
• siderolabs/talos@8f4a36b0d docs: update aws to add command to allow KubeSpan wireguard port
• siderolabs/talos@a7edd0523 fix: set default route priority for hcloud platform
• siderolabs/talos@87c1b3ddd fix: calculate UKI ISO size dynamically
• siderolabs/talos@9698e4547 fix: handle correctly change of listen address for maintenance service
• siderolabs/talos@a096f05a5 chore: update gRPC library and enable shared write buffers
• siderolabs/talos@9e78fecca chore: improve image signing process
• siderolabs/talos@f00567e20 chore: add PKG_KERNEL arg to customize used kernel
• siderolabs/talos@2960f93ba feat: add readonly information to the disks API response
• siderolabs/talos@735bf9ed0 feat: bring in Google vNIC driver
• siderolabs/talos@3f5232075 feat: upgrade-k8s without comments
• siderolabs/talos@e44875106 docs: update deploying-cilium.md
• siderolabs/talos@7046cae43 chore: update gopacket to reduce init memory allocs
• siderolabs/talos@da73b563d chore: update Go to 1.21.1
• siderolabs/talos@5e11f08a6 fix: trim file path in the container image
• siderolabs/talos@3d2dad4e6 chore: show securtiystate on dashboard
• siderolabs/talos@b48510874 chore: e2e-aws cleanup
• siderolabs/talos@1eebbce35 chore: add output flag for talosctl config info
• siderolabs/talos@3fbed806c chore: add tests for util-linux extensions
• siderolabs/talos@7c514a1a6 docs: update header links
• siderolabs/talos@6058c3602 fix: shorten VLAN link names to fit into the limit of 15 characters
• siderolabs/talos@9c2f765c8 fix: allow network device selector to match multiple links
• siderolabs/talos@a04b98637 fix: update kubernetes library for 1.28 upgrade pre-checks
• siderolabs/talos@f7473e477 feat: update default Kubernetes to 1.28.1
• siderolabs/talos@d693604a1 chore: fix default image list in the release notes
• siderolabs/talos@d91b5b3a3 feat: set environment variables early in the boot
• siderolabs/talos@c918c0855 fix: set correct (1 year) talosconfig expiration
• siderolabs/talos@79bbdf454 fix: set proper timeouts for KubePrism loadbalancer
• siderolabs/talos@b8fb55d5c fix: use a mount prefix when installing a bootloader
• siderolabs/talos@44f59a804 feat: improve imager APIs
• siderolabs/talos@2d3ac925e refactor: update NTP spike detector
• siderolabs/talos@af0cc70e3 test: update e2e-aws to use worker groups
• siderolabs/talos@d03dc7a8a chore: validate new system extensions
• siderolabs/talos@bbeb489aa chore: drop firmware from initramfs
• siderolabs/talos@3c9f7a7de chore: re-enable nolintlint and typecheck linters
• siderolabs/talos@c51e2c9b4 feat: update CoreDNS to 1.11.1
• siderolabs/talos@8670450d2 release(v1.6.0-alpha.0): prepare release
• siderolabs/talos@6778ded29 feat: add e2e-aws for nvidia extensions
• siderolabs/talos@74c07ed71 chore: update Go to 1.21
• siderolabs/talos@a28d72e9c fix: ova contents to be named disk.*
• siderolabs/talos@c0ea4d7ba fix: properly calculate overal of node address with subnet filters
• siderolabs/talos@d6b2719e2 chore: drone: move extensions step to a function
• siderolabs/talos@9608ef56d chore: allow bridge traffic with DHCP broadcast traffic
• siderolabs/talos@c99316457 docs: fix the installing system extensions doc
• siderolabs/talos@833895940 chore: add tests for zfs extension
• siderolabs/talos@cb468c41c fix: copy proper modules to arm64 squashfs
• siderolabs/talos@ea0d6e8c6 fix: prevent dashboard crashes when process info is not available
• siderolabs/talos@e9077a6fb feat: filter the hostname to produce nodename
• siderolabs/talos@dc8361c1d fix: properly GC images supplied with both tag and digest
• siderolabs/talos@ccfa8de11 fix: automatically change rpi_4 board on upgrade
• siderolabs/talos@b56e8b7d9 fix: support 'List' type manifests
• siderolabs/talos@574d48e54 fix: use image digest when starting a container
• siderolabs/talos@175747cea fix: ntp query error with bare IPv6 address
• siderolabs/talos@c8b507fb2 docs: fix kubeprism typo
• siderolabs/talos@0cdcb2e0e docs: restructure docs for nvidia drivers for v1.4
• siderolabs/talos@676db9768 docs: fork docs for Talos 1.6
• siderolabs/talos@92ad18c18 fix: write correct capacity to the ovf
• siderolabs/talos@6b0373ebe chore: move bash tests to integration
• siderolabs/talos@52b3d8d37 docs: make Talos 1.5 documentation the default one
• siderolabs/talos@dc873df9b chore: fix the filenames of openstack images
• siderolabs/talos@b5c0e7b24 docs: update nvidia docs
• siderolabs/talos@9606e871e docs: update Jiva Pod Security Policy
• siderolabs/talos@a86ed4362 chore: update Kubernetes Go modules to 0.28.0
• siderolabs/talos@97b4e3e91 feat: update Kubernetes to 1.28.0
• siderolabs/talos@79ca1a3df feat: e2e-aws using tf code
• siderolabs/talos@bf3a5e011 chore: add version compatibility for Talos 1.6
• siderolabs/talos@969e8097c feat: update Kubernetes to 1.28.0-rc.1
• siderolabs/talos@ca41b611e chore: drone jsonnet cleanup
• siderolabs/talos@bc198e98e docs: retain cilium autoMount pending upstream hostPath fix
• siderolabs/talos@86c94eff8 refactor: docgen and config examples
• siderolabs/talos@ee6d639f6 fix: match routes on the priority properly
• siderolabs/talos@bff0d8f32 chore: fix dependencies in the release pipeline
• siderolabs/talos@e1b288679 refactor: compile regex in validation method on the first use
• siderolabs/talos@daa4c185a docs: add what's new and documentation for Talos 1.5
• siderolabs/talos@c4a1ca8d6 chore: remove <-errCh where possible in grpc methods
• siderolabs/talos@e0f383598 chore: clean up the output of the imager
• siderolabs/talos@fb536af4d chore: optimize memory usage of tcell library on init
• siderolabs/talos@7c86a365e chore: publish systemd-boot and systemd-stub assets
• siderolabs/talos@7d688ccfe fix: make encryption config provider default to luks2 if not set
• siderolabs/talos@80238a05a chore: unify semver under github.com/blang/semver/v4
• siderolabs/talos@0f1920bdd chore: provide a resource to peek into Linux clock adjustments
• siderolabs/talos@4eab3017b fix: calculate log2i properly
• siderolabs/talos@bcf284530 fix: update providerid prefix for aws
• siderolabs/talos@ac2aff5cc fix: fix azure portion of cloud uploader
• siderolabs/talos@793dcedc9 fix: fast-wipe the system disk on talosctl reset
• siderolabs/talos@76fa45afb docs: update cilium instructions

Changes since v1.6.0-beta.1

• siderolabs/talos@eddd188c9 release(v1.6.0): prepare release
• siderolabs/talos@d42fd10c0 chore: fix the gvisor test
• siderolabs/talos@333c462c5 feat: update Kubernetes to v1.29.0
• siderolabs/talos@61e6df169 fix: leave discovery service later in the reset sequence
• siderolabs/talos@ef15a1f23 feat: provide compatibility for future Talos 1.7
• siderolabs/talos@c155602ca fix: add a KubeSpan option to disable extra endpoint harvesting
• siderolabs/talos@5371eedd6 feat: send actor id to the SideroLink events sink
• siderolabs/talos@997f83f1f docs: cap max heading level
• siderolabs/talos@d9db4cf76 feat: update Kubernetes to v1.29.0-rc.2
• siderolabs/talos@d510df5df chore: enable kubespan+firewall for cilium tests
• siderolabs/talos@b61b30056 chore: optimize pcap dump
• siderolabs/talos@007d9f673 feat: update Linux to 6.1.67

Changes from siderolabs/extras

• siderolabs/extras@113887a chore: update Go to 1.21.5
• siderolabs/extras@8bffd15 feat: bump dependencies
• siderolabs/extras@e8e801b feat: update Go to 1.21.4
• siderolabs/extras@d816a02 chore: move project to using kres
• siderolabs/extras@3893789 chore: move to github workflows
• siderolabs/extras@6d48418 feat: update Go to 1.21.3
• siderolabs/extras@09d7c3e chore: update releases
• siderolabs/extras@a011245 feat: update Go to 1.21.1
• siderolabs/extras@d3f54c7 feat: update Go to 1.20.8

Changes from siderolabs/gen

• siderolabs/gen@efca710 chore: add FilterInPlace method to maps and update module
• siderolabs/gen@36a3ae3 feat: update module

Changes from siderolabs/go-blockdevice

• siderolabs/go-blockdevice@d9313ea fix: define softraid partition
• siderolabs/go-blockdevice@a75c4cc chore: rekres
• siderolabs/go-blockdevice@8a2102a feat: luks resize

Changes from siderolabs/go-kubernetes

• siderolabs/go-kubernetes@fa05430 chore: support kube-scheduler config version
• siderolabs/go-kubernetes@68bf392 feat: add dropped API resource for 1.29
• siderolabs/go-kubernetes@09fa006 fix: retry Windows connection errors
• siderolabs/go-kubernetes@3aa47a4 feat: support Kubernetes 1.29 upgrades
• siderolabs/go-kubernetes@ae33a4a feat: introduce support for Kubernetes version compatibility checks
• siderolabs/go-kubernetes@cf2754e chore: update to use GHA
• siderolabs/go-kubernetes@44e26b3 feat: update removed feature gates for 1.28

Changes from siderolabs/go-procfs

• siderolabs/go-procfs@9f72b22 feat: support removing kernel args
• siderolabs/go-procfs@4b4a6ff chore: rekres

Changes from siderolabs/go-retry

• siderolabs/go-retry@23b6fc2 fix: provider modern error unwrapping

Changes from siderolabs/pkgs

• siderolabs/pkgs@3ae2450 chore: rekres to fix 'failed' build on merge
• siderolabs/pkgs@1e2a377 feat: update Linux to 6.1.67
• siderolabs/pkgs@617d342 fix: revert: update grub to fix loading large initramfs
• siderolabs/pkgs@364d295 feat: update Go to 1.21.5
• siderolabs/pkgs@841c63d feat: update zfs to 2.1.14
• siderolabs/pkgs@a084b9f feat: bump depenendencies
• siderolabs/pkgs@e61c784 feat: bump dependencies
• siderolabs/pkgs@70919d8 fix: update grub to fix loading large initramfs
• siderolabs/pkgs@3aea711 feat: bump dependencies
• siderolabs/pkgs@d59cb3e feat(lvm2): configure thin support
• siderolabs/pkgs@252a59f feat: bump dependencies
• siderolabs/pkgs@0bb2a79 feat: update Go to 1.21.4
• siderolabs/pkgs@f57b0a9 chore: fix kernel target to honor PLATFORM
• siderolabs/pkgs@5f84302 chore: move to using kres
• siderolabs/pkgs@d7509f1 chore: bump deps
• siderolabs/pkgs@3a66437 chore: add gh workflows
• siderolabs/pkgs@2e892fd feat: update versions
• siderolabs/pkgs@37348d6 feat: update Go to 1.21.3
• siderolabs/pkgs@34f3c41 feat: add Solarflare SFC9000 support
• siderolabs/pkgs@0c84090 feat: update releases
• siderolabs/pkgs@19cdf71 feat: enable common sensors
• siderolabs/pkgs@acee18e chore: bump kernel to 6.1.54
• siderolabs/pkgs@1d16fd2 feat: add Chelsio support
• siderolabs/pkgs@4504f83 chore: rename kconfig-hardened-check
• siderolabs/pkgs@847a9c3 chore: enable dm thin provisioning
• siderolabs/pkgs@1401505 chore: drop -pkgs for upstream kernel modules
• siderolabs/pkgs@a62471d feat: add binfmt_misc support
• siderolabs/pkgs@518c441 feat: add gVNIC support
• siderolabs/pkgs@7d9e60e feat: update Go to 1.21.1
• siderolabs/pkgs@d3d7d29 chore: bump deps
• siderolabs/pkgs@3b70656 chore: fix cacert perms
• siderolabs/pkgs@cca80b7 feat: update Linux to 6.1.46
• siderolabs/pkgs@2e1c0b9 fix: nonfree kmod pkg name
• siderolabs/pkgs@cff5beb feat: add btrfs support
• siderolabs/pkgs@7717b7e chore: bump deps
• siderolabs/pkgs@2f19f18 feat: update containerd to 1.6.23
• siderolabs/pkgs@30d4b74 feat: update Go to 1.21
• siderolabs/pkgs@eda123d feat: update runc to 1.1.9
• siderolabs/pkgs@30cd584 chore: enable pushing of non-free packages
• siderolabs/pkgs@fb247b5 chore: update kernel and microcode

Changes from siderolabs/siderolink

• siderolabs/siderolink@be3b095 feat: add support for event's actor ID
• siderolabs/siderolink@9304096 chore: allow to specify several endpoints
• siderolabs/siderolink@5ab8f9d feat: allow persistent keepalive to be set for the peer
• siderolabs/siderolink@71dd308 chore: provide unique_token and Talos version in ProvisionRequest
• siderolabs/siderolink@0ee5425 chore: revert sys moduel to 0.13.0
• siderolabs/siderolink@6be9ba7 chore: bump deps
• siderolabs/siderolink@448cbe1 chore: bump golang.org/x/net to 0.8.0

Changes from siderolabs/tools

• siderolabs/tools@336d248 feat: update Go to 1.21.5
• siderolabs/tools@b707a3a feat: bump dependencies
• siderolabs/tools@ff7fe96 feat: update Go to 1.21.4
• siderolabs/tools@6216d64 fix: org name
• siderolabs/tools@4334b92 chore: move to using kres
• siderolabs/tools@024ef25 chore: bump deps
• siderolabs/tools@5a22409 chore: refactor github actions
• siderolabs/tools@9a05d12 feat: move to gh workflow
• siderolabs/tools@a4a52e2 chore: add dummy gh workflow
• siderolabs/tools@9c09b00 feat: update dependencies
• siderolabs/tools@35948af feat: update Go to 1.21.3
• siderolabs/tools@09023c1 feat: update OpenSSL to 3.1.3
• siderolabs/tools@7fa8bb5 feat: update releases
• siderolabs/tools@fa388de feat: update Go to 1.21.1
• siderolabs/tools@33fb4b3 feat: update Go to 1.21

Dependency Changes

• github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0 new
• github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 new
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.0.0 new
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 new
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.0.1 new
• github.com/aws/aws-sdk-go-v2/config v1.18.32 -> v1.25.6
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.7 -> v1.14.5
• github.com/aws/smithy-go v1.14.0 -> v1.17.0
• github.com/beevik/ntp v1.2.0 -> v1.3.0
• github.com/blang/semver/v4 v4.0.0 new
• github.com/containerd/cgroups/v3 v3.0.2 new
• github.com/containerd/containerd v1.6.23 -> v1.7.9
• github.com/cosi-project/runtime v0.3.1 -> v0.3.19
• github.com/distribution/reference v0.5.0 new
• github.com/docker/docker v24.0.5 -> v24.0.7
• github.com/fatih/color v1.15.0 -> v1.16.0
• github.com/foxboron/go-uefi 32187aa193d0 -> 18b9ba9cd4c3
• github.com/fsnotify/fsnotify v1.6.0 -> v1.7.0
• github.com/google/go-cmp v0.5.9 -> v0.6.0
• github.com/google/go-containerregistry v0.15.2 -> v0.16.1
• github.com/google/uuid v1.3.0 -> v1.4.0
• github.com/gopacket/gopacket v1.1.1 -> v1.2.0
• github.com/hetznercloud/hcloud-go/v2 v2.0.0 -> v2.4.0
• github.com/insomniacslk/dhcp 0f9eb93a696c -> b0416c0f187a
• github.com/jsimonetti/rtnetlink v1.3.4 -> v1.4.0
• github.com/mattn/go-isatty v0.0.19 -> v0.0.20
• github.com/mdp/qrterminal/v3 v3.2.0 new
• github.com/opencontainers/runtime-spec 1c3f411f0417 -> v1.1.0-rc.1
• github.com/pin/tftp/v3 v3.1.0 new
• github.com/prometheus/procfs v0.11.1 -> v0.12.0
• github.com/rivo/tview 6cc0565babaf -> 33a1d271f2b6
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.20 -> v1.0.0-beta.21
• github.com/siderolabs/extras v1.5.0 -> v1.6.0-1-g113887a
• github.com/siderolabs/gen v0.4.5 -> v0.4.7
• github.com/siderolabs/go-blockdevice v0.4.6 -> v0.4.7
• github.com/siderolabs/go-kubernetes v0.2.2 -> v0.2.8
• github.com/siderolabs/go-procfs v0.1.1 -> v0.1.2
• github.com/siderolabs/go-retry v0.3.2 -> v0.3.3
• github.com/siderolabs/pkgs v1.5.0-6-g2f2c9cd -> v1.6.0-5-g3ae2450
• github.com/siderolabs/siderolink v0.3.1 -> v0.3.4
• github.com/siderolabs/talos/pkg/machinery v1.5.0 -> v1.6.0
• github.com/siderolabs/tools v1.5.0 -> v1.6.0-1-g336d248
• github.com/spf13/cobra v1.7.0 -> v1.8.0
• github.com/vmware-tanzu/sonobuoy v0.56.17 -> v0.57.1
• go.etcd.io/etcd/api/v3 v3.5.9 -> v3.5.11
• go.etcd.io/etcd/client/pkg/v3 v3.5.9 -> v3.5.11
• go.etcd.io/etcd/client/v3 v3.5.9 -> v3.5.11
• go.etcd.io/etcd/etcdutl/v3 v3.5.9 -> v3.5.11
• go.uber.org/zap v1.25.0 -> v1.26.0
• go4.org/netipx ec4c8b891b28 -> 6213f710f925
• golang.org/x/net v0.13.0 -> v0.19.0
• golang.org/x/oauth2 v0.15.0 new
• golang.org/x/sync v0.3.0 -> v0.5.0
• golang.org/x/sys v0.10.0 -> v0.15.0
• golang.org/x/term v0.10.0 -> v0.15.0
• golang.org/x/text v0.11.0 -> v0.14.0
• golang.org/x/time v0.3.0 -> v0.5.0
• google.golang.org/grpc v1.57.0 -> v1.59.0
• k8s.io/api v0.28.0 -> v0.29.0
• k8s.io/apimachinery v0.28.0 -> v0.29.0
• k8s.io/apiserver v0.28.0 -> v0.29.0
• k8s.io/client-go v0.28.0 -> v0.29.0
• k8s.io/component-base v0.28.0 -> v0.29.0
• k8s.io/cri-api v0.28.0 -> v0.29.0
• k8s.io/klog/v2 v2.100.1 -> v2.110.1
• k8s.io/kube-scheduler v0.29.0 new
• k8s.io/kubectl v0.28.0 -> v0.29.0
• k8s.io/kubelet v0.28.0 -> v0.29.0
• sigs.k8s.io/yaml v1.3.0 -> v1.4.0

Previous release can be found at v1.5.0

Images

ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0-1-g113887a
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.11
registry.k8s.io/kube-apiserver:v1.29.0
registry.k8s.io/kube-controller-manager:v1.29.0
registry.k8s.io/kube-scheduler:v1.29.0
registry.k8s.io/kube-proxy:v1.29.0
ghcr.io/siderolabs/kubelet:v1.29.0
ghcr.io/siderolabs/installer:v1.6.0
registry.k8s.io/pause:3.8

Talos 1.6.0-beta.1 (2023-12-08)

Welcome to the v1.6.0-beta.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

OAuth2 Machine Config Flow

Talos Linux when running on the metal platform can be configured to authenticate the machine configuration download using OAuth2 device flow.

Network Device Selectors

Previously, network device selectors only matched the first link, now the configuration is applied to all matching links.

Extension Services

Talos now starts Extension Services early in the boot process, this allows guest agents to be started in maintenance mode.

Linux Firmware

Starting with Talos 1.6, there is no Linux firmware included in the initramfs.
Customers who need Linux firmware can pull them as extension during install time using the image factory service.
If the initial boot requires firmware, a custom iso can be built with the firmware included using the image factory service.
This also ensures that the linux-firmware is not tied to a specific Talos version.

Flannel Configuration

Talos Linux now supports customizing default Flannel manifest with extra arguments for flanneld.

cluster:
  network:
    cni:
      flannel:
        extraArgs:
          - --iface-can-reach=192.168.1.1

Ingress Firewall

Talos Linux now supports configuring the ingress firewall rules.

Kernel Arguments

Talos and Imager now supports dropping kernel arguments specified in .machine.install.extraKernelArgs or as --extra-kernel-arg to imager.
Any kernel argument that starts with a - is dropped. Kernel arguments to be dropped can be specified either as -<key> which would remove all arguments that start with <key> or as -<key>=<value> which would remove the exact argument.

Kube-Scheduler Configuration

Talos now supports specifying the kube-scheduler configuration in the Talos configuration file.
It can be set under cluster.scheduler.config and kube-scheduler will be automatically configured to with the correct flags.

Kubelet Credential Provider Configuration

Talos now supports specifying the kubelet credential provider configuration in the Talos configuration file.
It can be set under machine.kubelet.credentialProviderConfig and kubelet will be automatically configured to with the correct flags.
The credential binaries are expected to be present under /usr/local/lib/kubelet/credentialproviders.
Talos System Extensions can be used to install the credential binaries.

KubePrism

KubePrism is enabled by default on port 7445.

Sysctl

Talos now handles sysctl/sysfs key names in line with sysctl.conf(5):

• if the first separator is '/', no conversion is done
• if the first separator is '.', dots and slashes are remapped

Example (both sysctls are equivalent):

machine:
  sysctls:
    net/ipv6/conf/eth0.100/disable_ipv6: "1"
    net.ipv6.conf.eth0/100.disable_ipv6: "1"

talosctl CLI

The command images deprecated in Talos 1.5 was removed, please use talosctl images default instead.

Component Updates

Linux: 6.1.65
containerd: 1.7.10
CoreDNS: 1.11.1
Kubernetes: 1.29.0-rc.1
Flannel: 0.23.0
etcd: 3.5.11
runc: 1.1.10

Talos is built with Go 1.21.4.

User Disks

Talos Linux now supports specifying user disks in .machine.disks machine configuration links via udev symlinks, e.g. /dev/disk/by-id/XXXX.

Contributors

• Andrey Smirnov
• Noel Georgi
• Dmitriy Matrenichev
• Oscar Utbult
• Serge Logvinov
• Andrey Smirnov
• Utku Ozdemir
• Artem Chernyshev
• Nico Berlee
• Radosław Piliszek
• Steve Francis
• Thomas Way
• ndbrew
• Andrei Kvapil
• Christian Rolland
• Drew Hess
• Enno Boland
• Florian Berchtold
• Henry Sachs
• Jacob McSwain
• Jacob McSwain
• Jared Davenport
• Mans Matulewicz
• Nebula
• Sascha Desch
• Spencer Smith
• Thomas Lemarchand
• Tim Jones
• Zachary Milonas
• budimanjojo
• guoguangwu
• mikucat0309

Changes

• siderolabs/talos@7b7fb367e release(v1.6.0-beta.1): prepare release
• siderolabs/talos@fe6661128 fix: talosctl cluster create not to enforce kubeprism always
• siderolabs/talos@41fc05438 fix: support user disks via symlinks
• siderolabs/talos@1fe7f2840 docs: rework machine config documentation generation
• siderolabs/talos@e45794064 chore: fix the release.toml
• siderolabs/talos@591cfb456 fix: store and execute desired action on emergency action
• siderolabs/talos@fee63ac26 fix: trim leading spaces\newlines in inline manifest contents
• siderolabs/talos@cc16b9689 fix: skip writing the file if the contents haven't changed
• siderolabs/talos@ecee92c90 fix: do not panic in merge.Merge if map value is nil
• siderolabs/talos@c2259bff3 feat: update Go 1.21.5, Linux 6.1.65, etcd 3.5.11
• siderolabs/talos@c4dff49b3 release(v1.6.0-beta.0): prepare release
• siderolabs/talos@d8a435f0e fix: initialize boot assets with defaults early
• siderolabs/talos@c6835de17 fix: pick etcd adverised addresses from 'current' addresses
• siderolabs/talos@6b5bc8b85 feat: update Linux to 6.1.64
• siderolabs/talos@e71e3e416 feat: support extra arguments for flanneld
• siderolabs/talos@36c8ddb5e feat: implement ingress firewall rules
• siderolabs/talos@0b111ecb8 fix: support slices of enums and fix NfTablesConntrackStateMatch
• siderolabs/talos@9a8521741 feat: improve nftables backend
• siderolabs/talos@db4e2539d feat: update Kubernetes 1.29.0-rc.1 and other bumps
• siderolabs/talos@7a4a92854 feat: support sanitized kernel args
• siderolabs/talos@f041b2629 chore: add tests for mdadm extension
• siderolabs/talos@e46e6a312 feat: implement nftables backend
• siderolabs/talos@ba827bf8b chore: support getting multiple endpoints from the Provision rpc call
• siderolabs/talos@dd45dd06c chore: add custom node taints
• siderolabs/talos@8e2307466 docs: fix talosctl pcap argument
• siderolabs/talos@e4a050cb1 docs: fix talosctl inspect dependencies example indentation
• siderolabs/talos@fbcf4264f docs: fix talosctl dashboard cli docs
• siderolabs/talos@70d53ee13 chore: deprecate .persist and .extensions
• siderolabs/talos@95e33f6fc release(v1.6.0-alpha.2): prepare release
• siderolabs/talos@514e514ba feat: update Linux 6.1.63, containerd 1.7.9
• siderolabs/talos@aca8b5e17 fix: ignore kernel command line in container mode
• siderolabs/talos@020a0eb63 docs: fix table formatting for bootstraprequest
• siderolabs/talos@0eb245e04 docs: fix talosctl pcap example indentation
• siderolabs/talos@de6caf534 docs: fix table formatting for machineservice api
• siderolabs/talos@27d208c26 feat: implement OAuth2 device flow for machine config
• siderolabs/talos@5c8fa2a80 chore: start containerd early in boot
• siderolabs/talos@95a252cfc docs: fix link in what is new page
• siderolabs/talos@0d3c3ed71 feat: support kube scheduler config
• siderolabs/talos@06941b7e5 fix: allow rootfs propagation configuration for extension services
• siderolabs/talos@57dc796f3 docs: update lastRelease to v1.5.5 in _index.md
• siderolabs/talos@21d944a64 docs: add timezone information
• siderolabs/talos@4f1ad16c7 feat: support kubelet credentialprovider config
• siderolabs/talos@71a3bf0e3 fix: allow extra kernel args for secureboot installer
• siderolabs/talos@f38eaaab8 feat: rework secureboot and PCR signing key
• siderolabs/talos@6eade3d5e chore: add ability to rewrite uuids and set unique tokens for Talos
• siderolabs/talos@e9c7ac17a fix: set max msg recv size when proxying
• siderolabs/talos@e22ab440d feat: update Linux 6.1.61, containerd 1.7.8, runc 1.1.10
• siderolabs/talos@8245361f9 feat: show first 32 bytes of response body on download error
• siderolabs/talos@75d3987c0 chore: drop sha1 from genereated pcr json
• siderolabs/talos@6f32d2990 feat: add .der output talosctl gen secureboot pcr
• siderolabs/talos@87c40da6c fix: proper logging in machined on startup
• siderolabs/talos@a54da5f64 fix: image build for nanopi_4s
• siderolabs/talos@6f3cd0593 refactor: update packet capture to use 'afpacket' interface
• siderolabs/talos@813442dd7 fix: don't validate machine.install if installed
• siderolabs/talos@dff60069c feat: update Kubernetes to 1.29.0-alpha.3
• siderolabs/talos@c97db5dfe chore: bump Go dependencies
• siderolabs/talos@807a9950a fix: use custom Talos/kernel version when generating UKI
• siderolabs/talos@eb94468a6 docs: add documentation for Image Factory
• siderolabs/talos@2e78513e1 refactor: drop the dependency link platform -> network ctrl
• siderolabs/talos@6dc776b8a fix: when writing to META in the installer/imager, use fixed name
• siderolabs/talos@3703041e9 chore: remove uneeded code
• siderolabs/talos@cbe6e7622 fix: generate images for SBCs using imager
• siderolabs/talos@5dff164f1 fix: fix error output of cli action tracker
• siderolabs/talos@ef5056122 feat: update etcd to 3.5.10
• siderolabs/talos@45ae80873 chore: bump go-api-signature dependency to v0.3.1
• siderolabs/talos@ffa5e05cb fix: make Talos work on Rockpi 4c boards again
• siderolabs/talos@8eba4c599 feat: generate secrets bundle from the machine config
• siderolabs/talos@c7de745f6 chore: drop deprecated code
• siderolabs/talos@cc0c3ab69 docs: update rpi_generic.md
• siderolabs/talos@a009f5c60 fix: accept sysctl paths with dots
• siderolabs/talos@4919f6ee2 feat: add GOMEMLIMIT to shipped manifests with memory limits
• siderolabs/talos@73ee576ea chore: update sonobuouy library, drop the fork
• siderolabs/talos@c23bc2f4a chore: support OCI layout as a source for profile input
• siderolabs/talos@154bbd70f docs: fix talos version in guide for docker
• siderolabs/talos@11d1f6163 release(v1.6.0-alpha.1): prepare release
• siderolabs/talos@9dfae8467 chore: update dependencies
• siderolabs/talos@38ce3c827 feat: nocloud prefer mac address
• siderolabs/talos@401e89411 feat: customize image size
• siderolabs/talos@865f08f86 docs: kubeadm migration guide improvements
• siderolabs/talos@c3e418200 refactor: use COSI runtime with new controller runtime DB
• siderolabs/talos@c1ee24465 feat: update Kubernetes to v1.29.0-alpha.2
• siderolabs/talos@0ff7350ab fix: oracle integration fixes
• siderolabs/talos@675bada45 test: add config generation stability tests
• siderolabs/talos@f9639fb53 test: fix 'talosctl gen' tests
• siderolabs/talos@6142d87a0 feat: hostname configuration improvements on the NoCloud platform
• siderolabs/talos@7bb205ebe fix: don't use runtime-specs Mount struct in machine config
• siderolabs/talos@d1b27926c feat: update Go to 1.21.3
• siderolabs/talos@b87092ab6 fix: handle secure boot state policy pcr digest error
• siderolabs/talos@498aeb8c3 docs: fix incorrect image suffix
• siderolabs/talos@c14a5d4f7 feat: support service account auth in cli
• siderolabs/talos@336aee0fd fix: use tpm2 hash algorithm constants and allow non-SHA-256 PCRs
• siderolabs/talos@69d8054c9 chore: drop UpdateEndpointSuite
• siderolabs/talos@ef7be16c8 fix: clear the encryption config in META when STATE is reset
• siderolabs/talos@5fc60d2ca feat: add Solarflare SFC9000 support
• siderolabs/talos@9b5cfdd0b chore: add tests for iscsi
• siderolabs/talos@b897764f8 docs: update proxmox.md
• siderolabs/talos@159f45bde docs: fix typos in CLI calls to endpoints
• siderolabs/talos@0bd1bdd74 chore: allow insecure access to installer base image (imager)
• siderolabs/talos@10ed13067 fix: the node IP for kubelet shouldn't change if nothing matches
• siderolabs/talos@e7575ecaa feat: support n-5 latest Kubernetes versions
• siderolabs/talos@e71508ec1 chore: update dependencies
• siderolabs/talos@6d7fa4668 docs: add metal network configuration guide
• siderolabs/talos@2b548ad0d feat: update containerd to 1.7.x
• siderolabs/talos@62dcfe81e fix: update kubernetes library to support 1.29 upgrades
• siderolabs/talos@52caf0763 feat: update Kubernetes to 1.29.0-alpha.1
• siderolabs/talos@390137447 feat: enable KubePrism by default
• siderolabs/talos@1beb5e86e docs: add KubePrism video
• siderolabs/talos@a52d3cda3 chore: update gen and COSI runtime
• siderolabs/talos@29b201d61 feat: enable common h/w sensors
• siderolabs/talos@9c2ba7c6f chore: add tests for chelsio drivers
• siderolabs/talos@5ca4d58dc fix: generate of modules.dep when on the machine
• siderolabs/talos@5efcccb6b chore: bump kernel to 6.1.54
• siderolabs/talos@29c767a02 docs: add control plane nodes as users of apid also for control plane nodes
• siderolabs/talos@4874cfb95 chore: fix typo
• siderolabs/talos@96f2a62ea test: update upgrade tests versions
• siderolabs/talos@f3a370acb feat: update Flannel to 0.22.3
• siderolabs/talos@efdee6965 feat: update Kubernetes to 1.28.2
• siderolabs/talos@e3b494058 fix: build CPU ucode correctly for early loader
• siderolabs/talos@c5bd0ac5c refactor: reimplement the depmod extension rebuilder
• siderolabs/talos@0b883f52a docs: add notes about stable addressing
• siderolabs/talos@3ef670a9e chore: pull in dm modules
• siderolabs/talos@8f4a36b0d docs: update aws to add command to allow KubeSpan wireguard port
• siderolabs/talos@a7edd0523 fix: set default route priority for hcloud platform
• siderolabs/talos@87c1b3ddd fix: calculate UKI ISO size dynamically
• siderolabs/talos@9698e4547 fix: handle correctly change of listen address for maintenance service
• siderolabs/talos@a096f05a5 chore: update gRPC library and enable shared write buffers
• siderolabs/talos@9e78fecca chore: improve image signing process
• siderolabs/talos@f00567e20 chore: add PKG_KERNEL arg to customize used kernel
• siderolabs/talos@2960f93ba feat: add readonly information to the disks API response
• siderolabs/talos@735bf9ed0 feat: bring in Google vNIC driver
• siderolabs/talos@3f5232075 feat: upgrade-k8s without comments
• siderolabs/talos@e44875106 docs: update deploying-cilium.md
• siderolabs/talos@7046cae43 chore: update gopacket to reduce init memory allocs
• siderolabs/talos@da73b563d chore: update Go to 1.21.1
• siderolabs/talos@5e11f08a6 fix: trim file path in the container image
• siderolabs/talos@3d2dad4e6 chore: show securtiystate on dashboard
• siderolabs/talos@b48510874 chore: e2e-aws cleanup
• siderolabs/talos@1eebbce35 chore: add output flag for talosctl config info
• siderolabs/talos@3fbed806c chore: add tests for util-linux extensions
• siderolabs/talos@7c514a1a6 docs: update header links
• siderolabs/talos@6058c3602 fix: shorten VLAN link names to fit into the limit of 15 characters
• siderolabs/talos@9c2f765c8 fix: allow network device selector to match multiple links
• siderolabs/talos@a04b98637 fix: update kubernetes library for 1.28 upgrade pre-checks
• siderolabs/talos@f7473e477 feat: update default Kubernetes to 1.28.1
• siderolabs/talos@d693604a1 chore: fix default image list in the release notes
• siderolabs/talos@d91b5b3a3 feat: set environment variables early in the boot
• siderolabs/talos@c918c0855 fix: set correct (1 year) talosconfig expiration
• siderolabs/talos@79bbdf454 fix: set proper timeouts for KubePrism loadbalancer
• siderolabs/talos@b8fb55d5c fix: use a mount prefix when installing a bootloader
• siderolabs/talos@44f59a804 feat: improve imager APIs
• siderolabs/talos@2d3ac925e refactor: update NTP spike detector
• siderolabs/talos@af0cc70e3 test: update e2e-aws to use worker groups
• siderolabs/talos@d03dc7a8a chore: validate new system extensions
• siderolabs/talos@bbeb489aa chore: drop firmware from initramfs
• siderolabs/talos@3c9f7a7de chore: re-enable nolintlint and typecheck linters
• siderolabs/talos@c51e2c9b4 feat: update CoreDNS to 1.11.1
• siderolabs/talos@8670450d2 release(v1.6.0-alpha.0): prepare release
• siderolabs/talos@6778ded29 feat: add e2e-aws for nvidia extensions
• siderolabs/talos@74c07ed71 chore: update Go to 1.21
• siderolabs/talos@a28d72e9c fix: ova contents to be named disk.*
• siderolabs/talos@c0ea4d7ba fix: properly calculate overal of node address with subnet filters
• siderolabs/talos@d6b2719e2 chore: drone: move extensions step to a function
• siderolabs/talos@9608ef56d chore: allow bridge traffic with DHCP broadcast traffic
• siderolabs/talos@c99316457 docs: fix the installing system extensions doc
• siderolabs/talos@833895940 chore: add tests for zfs extension
• siderolabs/talos@cb468c41c fix: copy proper modules to arm64 squashfs
• siderolabs/talos@ea0d6e8c6 fix: prevent dashboard crashes when process info is not available
• siderolabs/talos@e9077a6fb feat: filter the hostname to produce nodename
• siderolabs/talos@dc8361c1d fix: properly GC images supplied with both tag and digest
• siderolabs/talos@ccfa8de11 fix: automatically change rpi_4 board on upgrade
• siderolabs/talos@b56e8b7d9 fix: support 'List' type manifests
• siderolabs/talos@574d48e54 fix: use image digest when starting a container
• siderolabs/talos@175747cea fix: ntp query error with bare IPv6 address
• siderolabs/talos@c8b507fb2 docs: fix kubeprism typo
• siderolabs/talos@0cdcb2e0e docs: restructure docs for nvidia drivers for v1.4
• siderolabs/talos@676db9768 docs: fork docs for Talos 1.6
• siderolabs/talos@92ad18c18 fix: write correct capacity to the ovf
• siderolabs/talos@6b0373ebe chore: move bash tests to integration
• siderolabs/talos@52b3d8d37 docs: make Talos 1.5 documentation the default one
• siderolabs/talos@dc873df9b chore: fix the filenames of openstack images
• siderolabs/talos@b5c0e7b24 docs: update nvidia docs
• siderolabs/talos@9606e871e docs: update Jiva Pod Security Policy
• siderolabs/talos@a86ed4362 chore: update Kubernetes Go modules to 0.28.0
• siderolabs/talos@97b4e3e91 feat: update Kubernetes to 1.28.0
• siderolabs/talos@79ca1a3df feat: e2e-aws using tf code
• siderolabs/talos@bf3a5e011 chore: add version compatibility for Talos 1.6
• siderolabs/talos@969e8097c feat: update Kubernetes to 1.28.0-rc.1
• siderolabs/talos@ca41b611e chore: drone jsonnet cleanup
• siderolabs/talos@bc198e98e docs: retain cilium autoMount pending upstream hostPath fix
• siderolabs/talos@86c94eff8 refactor: docgen and config examples
• siderolabs/talos@ee6d639f6 fix: match routes on the priority properly
• siderolabs/talos@bff0d8f32 chore: fix dependencies in the release pipeline
• siderolabs/talos@e1b288679 refactor: compile regex in validation method on the first use
• siderolabs/talos@daa4c185a docs: add what's new and documentation for Talos 1.5
• siderolabs/talos@c4a1ca8d6 chore: remove <-errCh where possible in grpc methods
• siderolabs/talos@e0f383598 chore: clean up the output of the imager
• siderolabs/talos@fb536af4d chore: optimize memory usage of tcell library on init
• siderolabs/talos@7c86a365e chore: publish systemd-boot and systemd-stub assets
• siderolabs/talos@7d688ccfe fix: make encryption config provider default to luks2 if not set
• siderolabs/talos@80238a05a chore: unify semver under github.com/blang/semver/v4
• siderolabs/talos@0f1920bdd chore: provide a resource to peek into Linux clock adjustments
• siderolabs/talos@4eab3017b fix: calculate log2i properly
• siderolabs/talos@bcf284530 fix: update providerid prefix for aws
• siderolabs/talos@ac2aff5cc fix: fix azure portion of cloud uploader
• siderolabs/talos@793dcedc9 fix: fast-wipe the system disk on talosctl reset
• siderolabs/talos@76fa45afb docs: update cilium instructions

Changes since v1.6.0-beta.0

• siderolabs/talos@7b7fb367e release(v1.6.0-beta.1): prepare release
• siderolabs/talos@fe6661128 fix: talosctl cluster create not to enforce kubeprism always
• siderolabs/talos@41fc05438 fix: support user disks via symlinks
• siderolabs/talos@1fe7f2840 docs: rework machine config documentation generation
• siderolabs/talos@e45794064 chore: fix the release.toml
• siderolabs/talos@591cfb456 fix: store and execute desired action on emergency action
• siderolabs/talos@fee63ac26 fix: trim leading spaces\newlines in inline manifest contents
• siderolabs/talos@cc16b9689 fix: skip writing the file if the contents haven't changed
• siderolabs/talos@ecee92c90 fix: do not panic in merge.Merge if map value is nil
• siderolabs/talos@c2259bff3 feat: update Go 1.21.5, Linux 6.1.65, etcd 3.5.11

Changes from siderolabs/extras

• siderolabs/extras@113887a chore: update Go to 1.21.5
• siderolabs/extras@8bffd15 feat: bump dependencies
• siderolabs/extras@e8e801b feat: update Go to 1.21.4
• siderolabs/extras@d816a02 chore: move project to using kres
• siderolabs/extras@3893789 chore: move to github workflows
• siderolabs/extras@6d48418 feat: update Go to 1.21.3
• siderolabs/extras@09d7c3e chore: update releases
• siderolabs/extras@a011245 feat: update Go to 1.21.1
• siderolabs/extras@d3f54c7 feat: update Go to 1.20.8

Changes from siderolabs/gen

• siderolabs/gen@efca710 chore: add FilterInPlace method to maps and update module
• siderolabs/gen@36a3ae3 feat: update module

Changes from siderolabs/go-blockdevice

• siderolabs/go-blockdevice@d9313ea fix: define softraid partition
• siderolabs/go-blockdevice@a75c4cc chore: rekres
• siderolabs/go-blockdevice@8a2102a feat: luks resize

Changes from siderolabs/go-kubernetes

• siderolabs/go-kubernetes@fa05430 chore: support kube-scheduler config version
• siderolabs/go-kubernetes@68bf392 feat: add dropped API resource for 1.29
• siderolabs/go-kubernetes@09fa006 fix: retry Windows connection errors
• siderolabs/go-kubernetes@3aa47a4 feat: support Kubernetes 1.29 upgrades
• siderolabs/go-kubernetes@ae33a4a feat: introduce support for Kubernetes version compatibility checks
• siderolabs/go-kubernetes@cf2754e chore: update to use GHA
• siderolabs/go-kubernetes@44e26b3 feat: update removed feature gates for 1.28

Changes from siderolabs/go-procfs

• siderolabs/go-procfs@9f72b22 feat: support removing kernel args
• siderolabs/go-procfs@4b4a6ff chore: rekres

Changes from siderolabs/go-retry

• siderolabs/go-retry@23b6fc2 fix: provider modern error unwrapping

Changes from siderolabs/pkgs

• siderolabs/pkgs@617d342 fix: revert: update grub to fix loading large initramfs
• siderolabs/pkgs@364d295 feat: update Go to 1.21.5
• siderolabs/pkgs@841c63d feat: update zfs to 2.1.14
• siderolabs/pkgs@a084b9f feat: bump depenendencies
• siderolabs/pkgs@e61c784 feat: bump dependencies
• siderolabs/pkgs@70919d8 fix: update grub to fix loading large initramfs
• siderolabs/pkgs@3aea711 feat: bump dependencies
• siderolabs/pkgs@d59cb3e feat(lvm2): configure thin support
• siderolabs/pkgs@252a59f feat: bump dependencies
• siderolabs/pkgs@0bb2a79 feat: update Go to 1.21.4
• siderolabs/pkgs@f57b0a9 chore: fix kernel target to honor PLATFORM
• siderolabs/pkgs@5f84302 chore: move to using kres
• siderolabs/pkgs@d7509f1 chore: bump deps
• siderolabs/pkgs@3a66437 chore: add gh workflows
• siderolabs/pkgs@2e892fd feat: update versions
• siderolabs/pkgs@37348d6 feat: update Go to 1.21.3
• siderolabs/pkgs@34f3c41 feat: add Solarflare SFC9000 support
• siderolabs/pkgs@0c84090 feat: update releases
• siderolabs/pkgs@19cdf71 feat: enable common sensors
• siderolabs/pkgs@acee18e chore: bump kernel to 6.1.54
• siderolabs/pkgs@1d16fd2 feat: add Chelsio support
• siderolabs/pkgs@4504f83 chore: rename kconfig-hardened-check
• siderolabs/pkgs@847a9c3 chore: enable dm thin provisioning
• siderolabs/pkgs@1401505 chore: drop -pkgs for upstream kernel modules
• siderolabs/pkgs@a62471d feat: add binfmt_misc support
• siderolabs/pkgs@518c441 feat: add gVNIC support
• siderolabs/pkgs@7d9e60e feat: update Go to 1.21.1
• siderolabs/pkgs@d3d7d29 chore: bump deps
• siderolabs/pkgs@3b70656 chore: fix cacert perms
• siderolabs/pkgs@cca80b7 feat: update Linux to 6.1.46
• siderolabs/pkgs@2e1c0b9 fix: nonfree kmod pkg name
• siderolabs/pkgs@cff5beb feat: add btrfs support
• siderolabs/pkgs@7717b7e chore: bump deps
• siderolabs/pkgs@2f19f18 feat: update containerd to 1.6.23
• siderolabs/pkgs@30d4b74 feat: update Go to 1.21
• siderolabs/pkgs@eda123d feat: update runc to 1.1.9
• siderolabs/pkgs@30cd584 chore: enable pushing of non-free packages
• siderolabs/pkgs@fb247b5 chore: update kernel and microcode

Changes from siderolabs/siderolink

• siderolabs/siderolink@9304096 chore: allow to specify several endpoints
• siderolabs/siderolink@5ab8f9d feat: allow persistent keepalive to be set for the peer
• siderolabs/siderolink@71dd308 chore: provide unique_token and Talos version in ProvisionRequest
• siderolabs/siderolink@0ee5425 chore: revert sys moduel to 0.13.0
• siderolabs/siderolink@6be9ba7 chore: bump deps
• siderolabs/siderolink@448cbe1 chore: bump golang.org/x/net to 0.8.0

Changes from siderolabs/tools

• siderolabs/tools@336d248 feat: update Go to 1.21.5
• siderolabs/tools@b707a3a feat: bump dependencies
• siderolabs/tools@ff7fe96 feat: update Go to 1.21.4
• siderolabs/tools@6216d64 fix: org name
• siderolabs/tools@4334b92 chore: move to using kres
• siderolabs/tools@024ef25 chore: bump deps
• siderolabs/tools@5a22409 chore: refactor github actions
• siderolabs/tools@9a05d12 feat: move to gh workflow
• siderolabs/tools@a4a52e2 chore: add dummy gh workflow
• siderolabs/tools@9c09b00 feat: update dependencies
• siderolabs/tools@35948af feat: update Go to 1.21.3
• siderolabs/tools@09023c1 feat: update OpenSSL to 3.1.3
• siderolabs/tools@7fa8bb5 feat: update releases
• siderolabs/tools@fa388de feat: update Go to 1.21.1
• siderolabs/tools@33fb4b3 feat: update Go to 1.21

Dependency Changes

• github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0 new
• github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 new
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.0.0 new
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 new
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.0.1 new
• github.com/aws/aws-sdk-go-v2/config v1.18.32 -> v1.25.6
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.7 -> v1.14.5
• github.com/aws/smithy-go v1.14.0 -> v1.17.0
• github.com/beevik/ntp v1.2.0 -> v1.3.0
• github.com/blang/semver/v4 v4.0.0 new
• github.com/containerd/cgroups/v3 v3.0.2 new
• github.com/containerd/containerd v1.6.23 -> v1.7.9
• github.com/cosi-project/runtime v0.3.1 -> v0.3.19
• github.com/distribution/reference v0.5.0 new
• github.com/docker/docker v24.0.5 -> v24.0.7
• github.com/fatih/color v1.15.0 -> v1.16.0
• github.com/foxboron/go-uefi 32187aa193d0 -> 18b9ba9cd4c3
• github.com/fsnotify/fsnotify v1.6.0 -> v1.7.0
• github.com/google/go-cmp v0.5.9 -> v0.6.0
• github.com/google/go-containerregistry v0.15.2 -> v0.16.1
• github.com/google/uuid v1.3.0 -> v1.4.0
• github.com/gopacket/gopacket v1.1.1 -> v1.2.0
• github.com/hetznercloud/hcloud-go/v2 v2.0.0 -> v2.4.0
• github.com/insomniacslk/dhcp 0f9eb93a696c -> b0416c0f187a
• github.com/jsimonetti/rtnetlink v1.3.4 -> v1.4.0
• github.com/mattn/go-isatty v0.0.19 -> v0.0.20
• github.com/mdp/qrterminal/v3 v3.2.0 new
• github.com/opencontainers/runtime-spec 1c3f411f0417 -> v1.1.0-rc.1
• github.com/pin/tftp/v3 v3.1.0 new
• github.com/prometheus/procfs v0.11.1 -> v0.12.0
• github.com/rivo/tview 6cc0565babaf -> 33a1d271f2b6
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.20 -> v1.0.0-beta.21
• github.com/siderolabs/extras v1.5.0 -> v1.6.0-1-g113887a
• github.com/siderolabs/gen v0.4.5 -> v0.4.7
• github.com/siderolabs/go-blockdevice v0.4.6 -> v0.4.7
• github.com/siderolabs/go-kubernetes v0.2.2 -> v0.2.8
• github.com/siderolabs/go-procfs v0.1.1 -> v0.1.2
• github.com/siderolabs/go-retry v0.3.2 -> v0.3.3
• github.com/siderolabs/pkgs v1.5.0-6-g2f2c9cd -> v1.6.0-3-g617d342
• github.com/siderolabs/siderolink v0.3.1 -> v0.3.3
• github.com/siderolabs/talos/pkg/machinery v1.5.0 -> v1.6.0-beta.1
• github.com/siderolabs/tools v1.5.0 -> v1.6.0-1-g336d248
• github.com/spf13/cobra v1.7.0 -> v1.8.0
• github.com/vmware-tanzu/sonobuoy v0.56.17 -> v0.57.1
• go.etcd.io/etcd/api/v3 v3.5.9 -> v3.5.11
• go.etcd.io/etcd/client/pkg/v3 v3.5.9 -> v3.5.11
• go.etcd.io/etcd/client/v3 v3.5.9 -> v3.5.11
• go.etcd.io/etcd/etcdutl/v3 v3.5.9 -> v3.5.11
• go.uber.org/zap v1.25.0 -> v1.26.0
• go4.org/netipx ec4c8b891b28 -> 6213f710f925
• golang.org/x/net v0.13.0 -> v0.19.0
• golang.org/x/oauth2 v0.15.0 new
• golang.org/x/sync v0.3.0 -> v0.5.0
• golang.org/x/sys v0.10.0 -> v0.15.0
• golang.org/x/term v0.10.0 -> v0.15.0
• golang.org/x/text v0.11.0 -> v0.14.0
• golang.org/x/time v0.3.0 -> v0.5.0
• google.golang.org/grpc v1.57.0 -> v1.59.0
• k8s.io/api v0.28.0 -> v0.29.0-rc.0
• k8s.io/apimachinery v0.28.0 -> v0.29.0-rc.0
• k8s.io/apiserver v0.28.0 -> v0.29.0-rc.0
• k8s.io/client-go v0.28.0 -> v0.29.0-rc.0
• k8s.io/component-base v0.28.0 -> v0.29.0-rc.0
• k8s.io/cri-api v0.28.0 -> v0.29.0-rc.0
• k8s.io/klog/v2 v2.100.1 -> v2.110.1
• k8s.io/kube-scheduler v0.29.0-rc.0 new
• k8s.io/kubectl v0.28.0 -> v0.29.0-rc.0
• k8s.io/kubelet v0.28.0 -> v0.29.0-rc.0
• sigs.k8s.io/yaml v1.3.0 -> v1.4.0

Previous release can be found at v1.5.0

Images

ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0-1-g113887a
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.11
registry.k8s.io/kube-apiserver:v1.29.0-rc.1
registry.k8s.io/kube-controller-manager:v1.29.0-rc.1
registry.k8s.io/kube-scheduler:v1.29.0-rc.1
registry.k8s.io/kube-proxy:v1.29.0-rc.1
ghcr.io/siderolabs/kubelet:v1.29.0-rc.1
ghcr.io/siderolabs/installer:v1.6.0-beta.1
registry.k8s.io/pause:3.8

Talos 1.6.0-beta.0 (2023-12-01)

Welcome to the v1.6.0-beta.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Kubelet Credential Provider Configuration

Talos now supports specifying the kubelet credential provider configuration in the Talos configuration file.
It can be set under machine.kubelet.credentialProviderConfig and kubelet will be automatically configured to with the correct flags.
The credential binaries are expected to be present under /usr/local/lib/kubelet/credentialproviders.
Talos System Extensions can be used to install the credential binaries.

Network Device Selectors

Previously, network device selectors only matched the first link, now the configuration is applied to all matching links.

Extension Services

Talos now starts Extension Services early in the boot process, this allows guest agents to be started in maintenance mode.

Linux Firmware

Starting with Talos 1.6, there is no Linux firmware included in the initramfs.
Customers who need Linux firmware can pull them as extension during install time using the image factory service.
If the initial boot requires firmware, a custom iso can be built with the firmware included using the image factory service.
This also ensures that the linux-firmware is not tied to a specific Talos version.

Kernel Arguments

Talos and Imager now supports dropping kernel arguments specified in .machine.install.extraKernelArgs or as --extra-kernel-arg to imager.
Any kernel argument that starts with a - is dropped. Kernel arguments to be dropped can be specified either as -<key> which would remove all arguments that start with <key> or as -<key>=<value> which would remove the exact argument.

Kube-Scheduler Configuration

Talos now supports specifying the kube-scheduler configuration in the Talos configuration file.
It can be set under cluster.scheduler.config and kube-scheduler will be automatically configured to with the correct flags.

KubePrism

KubePrism is enabled by default on port 7445.

Sysctl

Talos now handles sysctl/sysfs key names in line with sysctl.conf(5):

• if the first separator is '/', no conversion is done
• if the first separator is '.', dots and slashes are remapped

Example (both sysctls are equivalent):

machine:
  sysctls:
    net/ipv6/conf/eth0.100/disable_ipv6: "1"
    net.ipv6.conf.eth0/100.disable_ipv6: "1"

talosctl CLI

The command images deprecated in Talos 1.5 was removed, please use talosctl images default instead.

Component Updates

Linux: 6.1.64
containerd: 1.7.10
CoreDNS: 1.11.1
Kubernetes: 1.29.0-rc.1
Flannel: 0.23.0
etcd: 3.5.10
runc: 1.1.10

Talos is built with Go 1.21.4.

Contributors

• Andrey Smirnov
• Noel Georgi
• Dmitriy Matrenichev
• Oscar Utbult
• Serge Logvinov
• Andrey Smirnov
• Utku Ozdemir
• Artem Chernyshev
• Nico Berlee
• Radosław Piliszek
• Steve Francis
• Thomas Way
• ndbrew
• Andrei Kvapil
• Christian Rolland
• Drew Hess
• Enno Boland
• Florian Berchtold
• Henry Sachs
• Jacob McSwain
• Jacob McSwain
• Jared Davenport
• Mans Matulewicz
• Nebula
• Sascha Desch
• Spencer Smith
• Thomas Lemarchand
• Tim Jones
• Zachary Milonas
• budimanjojo
• guoguangwu
• mikucat0309

Changes

• siderolabs/talos@c4dff49b3 release(v1.6.0-beta.0): prepare release
• siderolabs/talos@d8a435f0e fix: initialize boot assets with defaults early
• siderolabs/talos@c6835de17 fix: pick etcd adverised addresses from 'current' addresses
• siderolabs/talos@6b5bc8b85 feat: update Linux to 6.1.64
• siderolabs/talos@e71e3e416 feat: support extra arguments for flanneld
• siderolabs/talos@36c8ddb5e feat: implement ingress firewall rules
• siderolabs/talos@0b111ecb8 fix: support slices of enums and fix NfTablesConntrackStateMatch
• siderolabs/talos@9a8521741 feat: improve nftables backend
• siderolabs/talos@db4e2539d feat: update Kubernetes 1.29.0-rc.1 and other bumps
• siderolabs/talos@7a4a92854 feat: support sanitized kernel args
• siderolabs/talos@f041b2629 chore: add tests for mdadm extension
• siderolabs/talos@e46e6a312 feat: implement nftables backend
• siderolabs/talos@ba827bf8b chore: support getting multiple endpoints from the Provision rpc call
• siderolabs/talos@dd45dd06c chore: add custom node taints
• siderolabs/talos@8e2307466 docs: fix talosctl pcap argument
• siderolabs/talos@e4a050cb1 docs: fix talosctl inspect dependencies example indentation
• siderolabs/talos@fbcf4264f docs: fix talosctl dashboard cli docs
• siderolabs/talos@70d53ee13 chore: deprecate .persist and .extensions
• siderolabs/talos@95e33f6fc release(v1.6.0-alpha.2): prepare release
• siderolabs/talos@514e514ba feat: update Linux 6.1.63, containerd 1.7.9
• siderolabs/talos@aca8b5e17 fix: ignore kernel command line in container mode
• siderolabs/talos@020a0eb63 docs: fix table formatting for bootstraprequest
• siderolabs/talos@0eb245e04 docs: fix talosctl pcap example indentation
• siderolabs/talos@de6caf534 docs: fix table formatting for machineservice api
• siderolabs/talos@27d208c26 feat: implement OAuth2 device flow for machine config
• siderolabs/talos@5c8fa2a80 chore: start containerd early in boot
• siderolabs/talos@95a252cfc docs: fix link in what is new page
• siderolabs/talos@0d3c3ed71 feat: support kube scheduler config
• siderolabs/talos@06941b7e5 fix: allow rootfs propagation configuration for extension services
• siderolabs/talos@57dc796f3 docs: update lastRelease to v1.5.5 in _index.md
• siderolabs/talos@21d944a64 docs: add timezone information
• siderolabs/talos@4f1ad16c7 feat: support kubelet credentialprovider config
• siderolabs/talos@71a3bf0e3 fix: allow extra kernel args for secureboot installer
• siderolabs/talos@f38eaaab8 feat: rework secureboot and PCR signing key
• siderolabs/talos@6eade3d5e chore: add ability to rewrite uuids and set unique tokens for Talos
• siderolabs/talos@e9c7ac17a fix: set max msg recv size when proxying
• siderolabs/talos@e22ab440d feat: update Linux 6.1.61, containerd 1.7.8, runc 1.1.10
• siderolabs/talos@8245361f9 feat: show first 32 bytes of response body on download error
• siderolabs/talos@75d3987c0 chore: drop sha1 from genereated pcr json
• siderolabs/talos@6f32d2990 feat: add .der output talosctl gen secureboot pcr
• siderolabs/talos@87c40da6c fix: proper logging in machined on startup
• siderolabs/talos@a54da5f64 fix: image build for nanopi_4s
• siderolabs/talos@6f3cd0593 refactor: update packet capture to use 'afpacket' interface
• siderolabs/talos@813442dd7 fix: don't validate machine.install if installed
• siderolabs/talos@dff60069c feat: update Kubernetes to 1.29.0-alpha.3
• siderolabs/talos@c97db5dfe chore: bump Go dependencies
• siderolabs/talos@807a9950a fix: use custom Talos/kernel version when generating UKI
• siderolabs/talos@eb94468a6 docs: add documentation for Image Factory
• siderolabs/talos@2e78513e1 refactor: drop the dependency link platform -> network ctrl
• siderolabs/talos@6dc776b8a fix: when writing to META in the installer/imager, use fixed name
• siderolabs/talos@3703041e9 chore: remove uneeded code
• siderolabs/talos@cbe6e7622 fix: generate images for SBCs using imager
• siderolabs/talos@5dff164f1 fix: fix error output of cli action tracker
• siderolabs/talos@ef5056122 feat: update etcd to 3.5.10
• siderolabs/talos@45ae80873 chore: bump go-api-signature dependency to v0.3.1
• siderolabs/talos@ffa5e05cb fix: make Talos work on Rockpi 4c boards again
• siderolabs/talos@8eba4c599 feat: generate secrets bundle from the machine config
• siderolabs/talos@c7de745f6 chore: drop deprecated code
• siderolabs/talos@cc0c3ab69 docs: update rpi_generic.md
• siderolabs/talos@a009f5c60 fix: accept sysctl paths with dots
• siderolabs/talos@4919f6ee2 feat: add GOMEMLIMIT to shipped manifests with memory limits
• siderolabs/talos@73ee576ea chore: update sonobuouy library, drop the fork
• siderolabs/talos@c23bc2f4a chore: support OCI layout as a source for profile input
• siderolabs/talos@154bbd70f docs: fix talos version in guide for docker
• siderolabs/talos@11d1f6163 release(v1.6.0-alpha.1): prepare release
• siderolabs/talos@9dfae8467 chore: update dependencies
• siderolabs/talos@38ce3c827 feat: nocloud prefer mac address
• siderolabs/talos@401e89411 feat: customize image size
• siderolabs/talos@865f08f86 docs: kubeadm migration guide improvements
• siderolabs/talos@c3e418200 refactor: use COSI runtime with new controller runtime DB
• siderolabs/talos@c1ee24465 feat: update Kubernetes to v1.29.0-alpha.2
• siderolabs/talos@0ff7350ab fix: oracle integration fixes
• siderolabs/talos@675bada45 test: add config generation stability tests
• siderolabs/talos@f9639fb53 test: fix 'talosctl gen' tests
• siderolabs/talos@6142d87a0 feat: hostname configuration improvements on the NoCloud platform
• siderolabs/talos@7bb205ebe fix: don't use runtime-specs Mount struct in machine config
• siderolabs/talos@d1b27926c feat: update Go to 1.21.3
• siderolabs/talos@b87092ab6 fix: handle secure boot state policy pcr digest error
• siderolabs/talos@498aeb8c3 docs: fix incorrect image suffix
• siderolabs/talos@c14a5d4f7 feat: support service account auth in cli
• siderolabs/talos@336aee0fd fix: use tpm2 hash algorithm constants and allow non-SHA-256 PCRs
• siderolabs/talos@69d8054c9 chore: drop UpdateEndpointSuite
• siderolabs/talos@ef7be16c8 fix: clear the encryption config in META when STATE is reset
• siderolabs/talos@5fc60d2ca feat: add Solarflare SFC9000 support
• siderolabs/talos@9b5cfdd0b chore: add tests for iscsi
• siderolabs/talos@b897764f8 docs: update proxmox.md
• siderolabs/talos@159f45bde docs: fix typos in CLI calls to endpoints
• siderolabs/talos@0bd1bdd74 chore: allow insecure access to installer base image (imager)
• siderolabs/talos@10ed13067 fix: the node IP for kubelet shouldn't change if nothing matches
• siderolabs/talos@e7575ecaa feat: support n-5 latest Kubernetes versions
• siderolabs/talos@e71508ec1 chore: update dependencies
• siderolabs/talos@6d7fa4668 docs: add metal network configuration guide
• siderolabs/talos@2b548ad0d feat: update containerd to 1.7.x
• siderolabs/talos@62dcfe81e fix: update kubernetes library to support 1.29 upgrades
• siderolabs/talos@52caf0763 feat: update Kubernetes to 1.29.0-alpha.1
• siderolabs/talos@390137447 feat: enable KubePrism by default
• siderolabs/talos@1beb5e86e docs: add KubePrism video
• siderolabs/talos@a52d3cda3 chore: update gen and COSI runtime
• siderolabs/talos@29b201d61 feat: enable common h/w sensors
• siderolabs/talos@9c2ba7c6f chore: add tests for chelsio drivers
• siderolabs/talos@5ca4d58dc fix: generate of modules.dep when on the machine
• siderolabs/talos@5efcccb6b chore: bump kernel to 6.1.54
• siderolabs/talos@29c767a02 docs: add control plane nodes as users of apid also for control plane nodes
• siderolabs/talos@4874cfb95 chore: fix typo
• siderolabs/talos@96f2a62ea test: update upgrade tests versions
• siderolabs/talos@f3a370acb feat: update Flannel to 0.22.3
• siderolabs/talos@efdee6965 feat: update Kubernetes to 1.28.2
• siderolabs/talos@e3b494058 fix: build CPU ucode correctly for early loader
• siderolabs/talos@c5bd0ac5c refactor: reimplement the depmod extension rebuilder
• siderolabs/talos@0b883f52a docs: add notes about stable addressing
• siderolabs/talos@3ef670a9e chore: pull in dm modules
• siderolabs/talos@8f4a36b0d docs: update aws to add command to allow KubeSpan wireguard port
• siderolabs/talos@a7edd0523 fix: set default route priority for hcloud platform
• siderolabs/talos@87c1b3ddd fix: calculate UKI ISO size dynamically
• siderolabs/talos@9698e4547 fix: handle correctly change of listen address for maintenance service
• siderolabs/talos@a096f05a5 chore: update gRPC library and enable shared write buffers
• siderolabs/talos@9e78fecca chore: improve image signing process
• siderolabs/talos@f00567e20 chore: add PKG_KERNEL arg to customize used kernel
• siderolabs/talos@2960f93ba feat: add readonly information to the disks API response
• siderolabs/talos@735bf9ed0 feat: bring in Google vNIC driver
• siderolabs/talos@3f5232075 feat: upgrade-k8s without comments
• siderolabs/talos@e44875106 docs: update deploying-cilium.md
• siderolabs/talos@7046cae43 chore: update gopacket to reduce init memory allocs
• siderolabs/talos@da73b563d chore: update Go to 1.21.1
• siderolabs/talos@5e11f08a6 fix: trim file path in the container image
• siderolabs/talos@3d2dad4e6 chore: show securtiystate on dashboard
• siderolabs/talos@b48510874 chore: e2e-aws cleanup
• siderolabs/talos@1eebbce35 chore: add output flag for talosctl config info
• siderolabs/talos@3fbed806c chore: add tests for util-linux extensions
• siderolabs/talos@7c514a1a6 docs: update header links
• siderolabs/talos@6058c3602 fix: shorten VLAN link names to fit into the limit of 15 characters
• siderolabs/talos@9c2f765c8 fix: allow network device selector to match multiple links
• siderolabs/talos@a04b98637 fix: update kubernetes library for 1.28 upgrade pre-checks
• siderolabs/talos@f7473e477 feat: update default Kubernetes to 1.28.1
• siderolabs/talos@d693604a1 chore: fix default image list in the release notes
• siderolabs/talos@d91b5b3a3 feat: set environment variables early in the boot
• siderolabs/talos@c918c0855 fix: set correct (1 year) talosconfig expiration
• siderolabs/talos@79bbdf454 fix: set proper timeouts for KubePrism loadbalancer
• siderolabs/talos@b8fb55d5c fix: use a mount prefix when installing a bootloader
• siderolabs/talos@44f59a804 feat: improve imager APIs
• siderolabs/talos@2d3ac925e refactor: update NTP spike detector
• siderolabs/talos@af0cc70e3 test: update e2e-aws to use worker groups
• siderolabs/talos@d03dc7a8a chore: validate new system extensions
• siderolabs/talos@bbeb489aa chore: drop firmware from initramfs
• siderolabs/talos@3c9f7a7de chore: re-enable nolintlint and typecheck linters
• siderolabs/talos@c51e2c9b4 feat: update CoreDNS to 1.11.1
• siderolabs/talos@8670450d2 release(v1.6.0-alpha.0): prepare release
• siderolabs/talos@6778ded29 feat: add e2e-aws for nvidia extensions
• siderolabs/talos@74c07ed71 chore: update Go to 1.21
• siderolabs/talos@a28d72e9c fix: ova contents to be named disk.*
• siderolabs/talos@c0ea4d7ba fix: properly calculate overal of node address with subnet filters
• siderolabs/talos@d6b2719e2 chore: drone: move extensions step to a function
• siderolabs/talos@9608ef56d chore: allow bridge traffic with DHCP broadcast traffic
• siderolabs/talos@c99316457 docs: fix the installing system extensions doc
• siderolabs/talos@833895940 chore: add tests for zfs extension
• siderolabs/talos@cb468c41c fix: copy proper modules to arm64 squashfs
• siderolabs/talos@ea0d6e8c6 fix: prevent dashboard crashes when process info is not available
• siderolabs/talos@e9077a6fb feat: filter the hostname to produce nodename
• siderolabs/talos@dc8361c1d fix: properly GC images supplied with both tag and digest
• siderolabs/talos@ccfa8de11 fix: automatically change rpi_4 board on upgrade
• siderolabs/talos@b56e8b7d9 fix: support 'List' type manifests
• siderolabs/talos@574d48e54 fix: use image digest when starting a container
• siderolabs/talos@175747cea fix: ntp query error with bare IPv6 address
• siderolabs/talos@c8b507fb2 docs: fix kubeprism typo
• siderolabs/talos@0cdcb2e0e docs: restructure docs for nvidia drivers for v1.4
• siderolabs/talos@676db9768 docs: fork docs for Talos 1.6
• siderolabs/talos@92ad18c18 fix: write correct capacity to the ovf
• siderolabs/talos@6b0373ebe chore: move bash tests to integration
• siderolabs/talos@52b3d8d37 docs: make Talos 1.5 documentation the default one
• siderolabs/talos@dc873df9b chore: fix the filenames of openstack images
• siderolabs/talos@b5c0e7b24 docs: update nvidia docs
• siderolabs/talos@9606e871e docs: update Jiva Pod Security Policy
• siderolabs/talos@a86ed4362 chore: update Kubernetes Go modules to 0.28.0
• siderolabs/talos@97b4e3e91 feat: update Kubernetes to 1.28.0
• siderolabs/talos@79ca1a3df feat: e2e-aws using tf code
• siderolabs/talos@bf3a5e011 chore: add version compatibility for Talos 1.6
• siderolabs/talos@969e8097c feat: update Kubernetes to 1.28.0-rc.1
• siderolabs/talos@ca41b611e chore: drone jsonnet cleanup
• siderolabs/talos@bc198e98e docs: retain cilium autoMount pending upstream hostPath fix
• siderolabs/talos@86c94eff8 refactor: docgen and config examples
• siderolabs/talos@ee6d639f6 fix: match routes on the priority properly
• siderolabs/talos@bff0d8f32 chore: fix dependencies in the release pipeline
• siderolabs/talos@e1b288679 refactor: compile regex in validation method on the first use
• siderolabs/talos@daa4c185a docs: add what's new and documentation for Talos 1.5
• siderolabs/talos@c4a1ca8d6 chore: remove <-errCh where possible in grpc methods
• siderolabs/talos@e0f383598 chore: clean up the output of the imager
• siderolabs/talos@fb536af4d chore: optimize memory usage of tcell library on init
• siderolabs/talos@7c86a365e chore: publish systemd-boot and systemd-stub assets
• siderolabs/talos@7d688ccfe fix: make encryption config provider default to luks2 if not set
• siderolabs/talos@80238a05a chore: unify semver under github.com/blang/semver/v4
• siderolabs/talos@0f1920bdd chore: provide a resource to peek into Linux clock adjustments
• siderolabs/talos@4eab3017b fix: calculate log2i properly
• siderolabs/talos@bcf284530 fix: update providerid prefix for aws
• siderolabs/talos@ac2aff5cc fix: fix azure portion of cloud uploader
• siderolabs/talos@793dcedc9 fix: fast-wipe the system disk on talosctl reset
• siderolabs/talos@76fa45afb docs: update cilium instructions

Changes since v1.6.0-alpha.2

• siderolabs/talos@c4dff49b3 release(v1.6.0-beta.0): prepare release
• siderolabs/talos@d8a435f0e fix: initialize boot assets with defaults early
• siderolabs/talos@c6835de17 fix: pick etcd adverised addresses from 'current' addresses
• siderolabs/talos@6b5bc8b85 feat: update Linux to 6.1.64
• siderolabs/talos@e71e3e416 feat: support extra arguments for flanneld
• siderolabs/talos@36c8ddb5e feat: implement ingress firewall rules
• siderolabs/talos@0b111ecb8 fix: support slices of enums and fix NfTablesConntrackStateMatch
• siderolabs/talos@9a8521741 feat: improve nftables backend
• siderolabs/talos@db4e2539d feat: update Kubernetes 1.29.0-rc.1 and other bumps
• siderolabs/talos@7a4a92854 feat: support sanitized kernel args
• siderolabs/talos@f041b2629 chore: add tests for mdadm extension
• siderolabs/talos@e46e6a312 feat: implement nftables backend
• siderolabs/talos@ba827bf8b chore: support getting multiple endpoints from the Provision rpc call
• siderolabs/talos@dd45dd06c chore: add custom node taints
• siderolabs/talos@8e2307466 docs: fix talosctl pcap argument
• siderolabs/talos@e4a050cb1 docs: fix talosctl inspect dependencies example indentation
• siderolabs/talos@fbcf4264f docs: fix talosctl dashboard cli docs
• siderolabs/talos@70d53ee13 chore: deprecate .persist and .extensions

Changes from siderolabs/extras

• siderolabs/extras@8bffd15 feat: bump dependencies
• siderolabs/extras@e8e801b feat: update Go to 1.21.4
• siderolabs/extras@d816a02 chore: move project to using kres
• siderolabs/extras@3893789 chore: move to github workflows
• siderolabs/extras@6d48418 feat: update Go to 1.21.3
• siderolabs/extras@09d7c3e chore: update releases
• siderolabs/extras@a011245 feat: update Go to 1.21.1
• siderolabs/extras@d3f54c7 feat: update Go to 1.20.8

Changes from siderolabs/gen

• siderolabs/gen@efca710 chore: add FilterInPlace method to maps and update module
• siderolabs/gen@36a3ae3 feat: update module

Changes from siderolabs/go-blockdevice

• siderolabs/go-blockdevice@d9313ea fix: define softraid partition
• siderolabs/go-blockdevice@a75c4cc chore: rekres
• siderolabs/go-blockdevice@8a2102a feat: luks resize

Changes from siderolabs/go-kubernetes

• siderolabs/go-kubernetes@fa05430 chore: support kube-scheduler config version
• siderolabs/go-kubernetes@68bf392 feat: add dropped API resource for 1.29
• siderolabs/go-kubernetes@09fa006 fix: retry Windows connection errors
• siderolabs/go-kubernetes@3aa47a4 feat: support Kubernetes 1.29 upgrades
• siderolabs/go-kubernetes@ae33a4a feat: introduce support for Kubernetes version compatibility checks
• siderolabs/go-kubernetes@cf2754e chore: update to use GHA
• siderolabs/go-kubernetes@44e26b3 feat: update removed feature gates for 1.28

Changes from siderolabs/go-procfs

• siderolabs/go-procfs@9f72b22 feat: support removing kernel args
• siderolabs/go-procfs@4b4a6ff chore: rekres

Changes from siderolabs/go-retry

• siderolabs/go-retry@23b6fc2 fix: provider modern error unwrapping

Changes from siderolabs/pkgs

• siderolabs/pkgs@a084b9f feat: bump depenendencies
• siderolabs/pkgs@e61c784 feat: bump dependencies
• siderolabs/pkgs@70919d8 fix: update grub to fix loading large initramfs
• siderolabs/pkgs@3aea711 feat: bump dependencies
• siderolabs/pkgs@d59cb3e feat(lvm2): configure thin support
• siderolabs/pkgs@252a59f feat: bump dependencies
• siderolabs/pkgs@0bb2a79 feat: update Go to 1.21.4
• siderolabs/pkgs@f57b0a9 chore: fix kernel target to honor PLATFORM
• siderolabs/pkgs@5f84302 chore: move to using kres
• siderolabs/pkgs@d7509f1 chore: bump deps
• siderolabs/pkgs@3a66437 chore: add gh workflows
• siderolabs/pkgs@2e892fd feat: update versions
• siderolabs/pkgs@37348d6 feat: update Go to 1.21.3
• siderolabs/pkgs@34f3c41 feat: add Solarflare SFC9000 support
• siderolabs/pkgs@0c84090 feat: update releases
• siderolabs/pkgs@19cdf71 feat: enable common sensors
• siderolabs/pkgs@acee18e chore: bump kernel to 6.1.54
• siderolabs/pkgs@1d16fd2 feat: add Chelsio support
• siderolabs/pkgs@4504f83 chore: rename kconfig-hardened-check
• siderolabs/pkgs@847a9c3 chore: enable dm thin provisioning
• siderolabs/pkgs@1401505 chore: drop -pkgs for upstream kernel modules
• siderolabs/pkgs@a62471d feat: add binfmt_misc support
• siderolabs/pkgs@518c441 feat: add gVNIC support
• siderolabs/pkgs@7d9e60e feat: update Go to 1.21.1
• siderolabs/pkgs@d3d7d29 chore: bump deps
• siderolabs/pkgs@3b70656 chore: fix cacert perms
• siderolabs/pkgs@cca80b7 feat: update Linux to 6.1.46
• siderolabs/pkgs@2e1c0b9 fix: nonfree kmod pkg name
• siderolabs/pkgs@cff5beb feat: add btrfs support
• siderolabs/pkgs@7717b7e chore: bump deps
• siderolabs/pkgs@2f19f18 feat: update containerd to 1.6.23
• siderolabs/pkgs@30d4b74 feat: update Go to 1.21
• siderolabs/pkgs@eda123d feat: update runc to 1.1.9
• siderolabs/pkgs@30cd584 chore: enable pushing of non-free packages
• siderolabs/pkgs@fb247b5 chore: update kernel and microcode

Changes from siderolabs/siderolink

• siderolabs/siderolink@9304096 chore: allow to specify several endpoints
• siderolabs/siderolink@5ab8f9d feat: allow persistent keepalive to be set for the peer
• siderolabs/siderolink@71dd308 chore: provide unique_token and Talos version in ProvisionRequest
• siderolabs/siderolink@0ee5425 chore: revert sys moduel to 0.13.0
• siderolabs/siderolink@6be9ba7 chore: bump deps
• siderolabs/siderolink@448cbe1 chore: bump golang.org/x/net to 0.8.0

Changes from siderolabs/tools

• siderolabs/tools@b707a3a feat: bump dependencies
• siderolabs/tools@ff7fe96 feat: update Go to 1.21.4
• siderolabs/tools@6216d64 fix: org name
• siderolabs/tools@4334b92 chore: move to using kres
• siderolabs/tools@024ef25 chore: bump deps
• siderolabs/tools@5a22409 chore: refactor github actions
• siderolabs/tools@9a05d12 feat: move to gh workflow
• siderolabs/tools@a4a52e2 chore: add dummy gh workflow
• siderolabs/tools@9c09b00 feat: update dependencies
• siderolabs/tools@35948af feat: update Go to 1.21.3
• siderolabs/tools@09023c1 feat: update OpenSSL to 3.1.3
• siderolabs/tools@7fa8bb5 feat: update releases
• siderolabs/tools@fa388de feat: update Go to 1.21.1
• siderolabs/tools@33fb4b3 feat: update Go to 1.21

Dependency Changes

• github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0 new
• github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 new
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.0.0 new
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 new
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.0.1 new
• github.com/aws/aws-sdk-go-v2/config v1.18.32 -> v1.25.6
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.7 -> v1.14.5
• github.com/aws/smithy-go v1.14.0 -> v1.17.0
• github.com/beevik/ntp v1.2.0 -> v1.3.0
• github.com/blang/semver/v4 v4.0.0 new
• github.com/containerd/cgroups/v3 v3.0.2 new
• github.com/containerd/containerd v1.6.23 -> v1.7.9
• github.com/cosi-project/runtime v0.3.1 -> v0.3.19
• github.com/distribution/reference v0.5.0 new
• github.com/docker/docker v24.0.5 -> v24.0.7
• github.com/fatih/color v1.15.0 -> v1.16.0
• github.com/foxboron/go-uefi 32187aa193d0 -> 18b9ba9cd4c3
• github.com/fsnotify/fsnotify v1.6.0 -> v1.7.0
• github.com/google/go-cmp v0.5.9 -> v0.6.0
• github.com/google/go-containerregistry v0.15.2 -> v0.16.1
• github.com/google/uuid v1.3.0 -> v1.4.0
• github.com/gopacket/gopacket v1.1.1 -> v1.2.0
• github.com/hetznercloud/hcloud-go/v2 v2.0.0 -> v2.4.0
• github.com/insomniacslk/dhcp 0f9eb93a696c -> b0416c0f187a
• github.com/jsimonetti/rtnetlink v1.3.4 -> v1.4.0
• github.com/mattn/go-isatty v0.0.19 -> v0.0.20
• github.com/mdp/qrterminal/v3 v3.2.0 new
• github.com/opencontainers/runtime-spec 1c3f411f0417 -> v1.1.0-rc.1
• github.com/pin/tftp/v3 v3.1.0 new
• github.com/prometheus/procfs v0.11.1 -> v0.12.0
• github.com/rivo/tview 6cc0565babaf -> 33a1d271f2b6
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.20 -> v1.0.0-beta.21
• github.com/siderolabs/extras v1.5.0 -> v1.6.0
• github.com/siderolabs/gen v0.4.5 -> v0.4.7
• github.com/siderolabs/go-blockdevice v0.4.6 -> v0.4.7
• github.com/siderolabs/go-kubernetes v0.2.2 -> v0.2.8
• github.com/siderolabs/go-procfs v0.1.1 -> v0.1.2
• github.com/siderolabs/go-retry v0.3.2 -> v0.3.3
• github.com/siderolabs/pkgs v1.5.0-6-g2f2c9cd -> v1.6.0
• github.com/siderolabs/siderolink v0.3.1 -> v0.3.3
• github.com/siderolabs/talos/pkg/machinery v1.5.0 -> v1.6.0-beta.0
• github.com/siderolabs/tools v1.5.0 -> v1.6.0
• github.com/spf13/cobra v1.7.0 -> v1.8.0
• github.com/vmware-tanzu/sonobuoy v0.56.17 -> v0.57.1
• go.etcd.io/etcd/api/v3 v3.5.9 -> v3.5.10
• go.etcd.io/etcd/client/pkg/v3 v3.5.9 -> v3.5.10
• go.etcd.io/etcd/client/v3 v3.5.9 -> v3.5.10
• go.etcd.io/etcd/etcdutl/v3 v3.5.9 -> v3.5.10
• go.uber.org/zap v1.25.0 -> v1.26.0
• go4.org/netipx ec4c8b891b28 -> 6213f710f925
• golang.org/x/net v0.13.0 -> v0.19.0
• golang.org/x/oauth2 v0.15.0 new
• golang.org/x/sync v0.3.0 -> v0.5.0
• golang.org/x/sys v0.10.0 -> v0.15.0
• golang.org/x/term v0.10.0 -> v0.15.0
• golang.org/x/text v0.11.0 -> v0.14.0
• golang.org/x/time v0.3.0 -> v0.5.0
• google.golang.org/grpc v1.57.0 -> v1.59.0
• k8s.io/api v0.28.0 -> v0.29.0-rc.0
• k8s.io/apimachinery v0.28.0 -> v0.29.0-rc.0
• k8s.io/apiserver v0.28.0 -> v0.29.0-rc.0
• k8s.io/client-go v0.28.0 -> v0.29.0-rc.0
• k8s.io/component-base v0.28.0 -> v0.29.0-rc.0
• k8s.io/cri-api v0.28.0 -> v0.29.0-rc.0
• k8s.io/klog/v2 v2.100.1 -> v2.110.1
• k8s.io/kube-scheduler v0.29.0-rc.0 new
• k8s.io/kubectl v0.28.0 -> v0.29.0-rc.0
• k8s.io/kubelet v0.28.0 -> v0.29.0-rc.0
• sigs.k8s.io/yaml v1.3.0 -> v1.4.0

Previous release can be found at v1.5.0

Images

ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.10
registry.k8s.io/kube-apiserver:v1.29.0-rc.1
registry.k8s.io/kube-controller-manager:v1.29.0-rc.1
registry.k8s.io/kube-scheduler:v1.29.0-rc.1
registry.k8s.io/kube-proxy:v1.29.0-rc.1
ghcr.io/siderolabs/kubelet:v1.29.0-rc.1
ghcr.io/siderolabs/installer:v1.6.0-beta.0
registry.k8s.io/pause:3.8

Talos 1.6.0-alpha.2 (2023-11-21)

Welcome to the v1.6.0-alpha.2 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Kubelet Credential Provider Configuration

Talos now supports specifying the kubelet credential provider configuration in the Talos configuration file.
It can be set under machine.kubelet.credentialProviderConfig and kubelet will be automatically configured to with the correct flags.
The credential binaries are expected to be present under /usr/local/lib/kubelet/credentialproviders.
Talos System Extensions can be used to install the credential binaries.

Network Device Selectors

Previously, network device selectors only matched the first link, now the configuration is applied to all matching links.

Linux Firmware

Starting with Talos 1.6, there is no Linux firmware included in the initramfs.
Customers who need Linux firmware can pull them as extension during install time using the image factory service.
If the initial boot requires firmware, a custom iso can be built with the firmware included using the image factory service.
This also ensures that the linux-firmware is not tied to a specific Talos version.

Kube-Scheduler Configuration

Talos now supports specifying the kube-scheduler configuration in the Talos configuration file.
It can be set under cluster.scheduler.config and kube-scheduler will be automatically configured to with the correct flags.

KubePrism

KubePrism is enabled by default on port 7445.

Sysctl

Talos now handles sysctl/sysfs key names in line with sysctl.conf(5):

• if the first separator is '/', no conversion is done
• if the first separator is '.', dots and slashes are remapped

Example (both sysctls are equivalent):

machine:
  sysctls:
    net/ipv6/conf/eth0.100/disable_ipv6: "1"
    net.ipv6.conf.eth0/100.disable_ipv6: "1"

talosctl CLI

The command images deprecated in Talos 1.5 was removed, please use talosctl images default instead.

Component Updates

Linux: 6.1.63
containerd: 1.7.9
CoreDNS: 1.11.1
Kubernetes: 1.29.0-alpha.3
Flannel: 0.22.3
etcd: 3.5.10
runc: 1.1.10

Talos is built with Go 1.21.4.

Contributors

• Andrey Smirnov
• Noel Georgi
• Dmitriy Matrenichev
• Andrey Smirnov
• Oscar Utbult
• Serge Logvinov
• Utku Ozdemir
• Artem Chernyshev
• Nico Berlee
• Radosław Piliszek
• Steve Francis
• Thomas Way
• ndbrew
• Andrei Kvapil
• Christian Rolland
• Drew Hess
• Enno Boland
• Florian Berchtold
• Henry Sachs
• Jacob McSwain
• Jacob McSwain
• Jared Davenport
• Mans Matulewicz
• Nebula
• Sascha Desch
• Spencer Smith
• Thomas Lemarchand
• Tim Jones
• Zachary Milonas
• budimanjojo
• guoguangwu
• mikucat0309

Changes

• siderolabs/talos@95e33f6fc release(v1.6.0-alpha.2): prepare release
• siderolabs/talos@514e514ba feat: update Linux 6.1.63, containerd 1.7.9
• siderolabs/talos@aca8b5e17 fix: ignore kernel command line in container mode
• siderolabs/talos@020a0eb63 docs: fix table formatting for bootstraprequest
• siderolabs/talos@0eb245e04 docs: fix talosctl pcap example indentation
• siderolabs/talos@de6caf534 docs: fix table formatting for machineservice api
• siderolabs/talos@27d208c26 feat: implement OAuth2 device flow for machine config
• siderolabs/talos@5c8fa2a80 chore: start containerd early in boot
• siderolabs/talos@95a252cfc docs: fix link in what is new page
• siderolabs/talos@0d3c3ed71 feat: support kube scheduler config
• siderolabs/talos@06941b7e5 fix: allow rootfs propagation configuration for extension services
• siderolabs/talos@57dc796f3 docs: update lastRelease to v1.5.5 in _index.md
• siderolabs/talos@21d944a64 docs: add timezone information
• siderolabs/talos@4f1ad16c7 feat: support kubelet credentialprovider config
• siderolabs/talos@71a3bf0e3 fix: allow extra kernel args for secureboot installer
• siderolabs/talos@f38eaaab8 feat: rework secureboot and PCR signing key
• siderolabs/talos@6eade3d5e chore: add ability to rewrite uuids and set unique tokens for Talos
• siderolabs/talos@e9c7ac17a fix: set max msg recv size when proxying
• siderolabs/talos@e22ab440d feat: update Linux 6.1.61, containerd 1.7.8, runc 1.1.10
• siderolabs/talos@8245361f9 feat: show first 32 bytes of response body on download error
• siderolabs/talos@75d3987c0 chore: drop sha1 from genereated pcr json
• siderolabs/talos@6f32d2990 feat: add .der output talosctl gen secureboot pcr
• siderolabs/talos@87c40da6c fix: proper logging in machined on startup
• siderolabs/talos@a54da5f64 fix: image build for nanopi_4s
• siderolabs/talos@6f3cd0593 refactor: update packet capture to use 'afpacket' interface
• siderolabs/talos@813442dd7 fix: don't validate machine.install if installed
• siderolabs/talos@dff60069c feat: update Kubernetes to 1.29.0-alpha.3
• siderolabs/talos@c97db5dfe chore: bump Go dependencies
• siderolabs/talos@807a9950a fix: use custom Talos/kernel version when generating UKI
• siderolabs/talos@eb94468a6 docs: add documentation for Image Factory
• siderolabs/talos@2e78513e1 refactor: drop the dependency link platform -> network ctrl
• siderolabs/talos@6dc776b8a fix: when writing to META in the installer/imager, use fixed name
• siderolabs/talos@3703041e9 chore: remove uneeded code
• siderolabs/talos@cbe6e7622 fix: generate images for SBCs using imager
• siderolabs/talos@5dff164f1 fix: fix error output of cli action tracker
• siderolabs/talos@ef5056122 feat: update etcd to 3.5.10
• siderolabs/talos@45ae80873 chore: bump go-api-signature dependency to v0.3.1
• siderolabs/talos@ffa5e05cb fix: make Talos work on Rockpi 4c boards again
• siderolabs/talos@8eba4c599 feat: generate secrets bundle from the machine config
• siderolabs/talos@c7de745f6 chore: drop deprecated code
• siderolabs/talos@cc0c3ab69 docs: update rpi_generic.md
• siderolabs/talos@a009f5c60 fix: accept sysctl paths with dots
• siderolabs/talos@4919f6ee2 feat: add GOMEMLIMIT to shipped manifests with memory limits
• siderolabs/talos@73ee576ea chore: update sonobuouy library, drop the fork
• siderolabs/talos@c23bc2f4a chore: support OCI layout as a source for profile input
• siderolabs/talos@154bbd70f docs: fix talos version in guide for docker
• siderolabs/talos@11d1f6163 release(v1.6.0-alpha.1): prepare release
• siderolabs/talos@9dfae8467 chore: update dependencies
• siderolabs/talos@38ce3c827 feat: nocloud prefer mac address
• siderolabs/talos@401e89411 feat: customize image size
• siderolabs/talos@865f08f86 docs: kubeadm migration guide improvements
• siderolabs/talos@c3e418200 refactor: use COSI runtime with new controller runtime DB
• siderolabs/talos@c1ee24465 feat: update Kubernetes to v1.29.0-alpha.2
• siderolabs/talos@0ff7350ab fix: oracle integration fixes
• siderolabs/talos@675bada45 test: add config generation stability tests
• siderolabs/talos@f9639fb53 test: fix 'talosctl gen' tests
• siderolabs/talos@6142d87a0 feat: hostname configuration improvements on the NoCloud platform
• siderolabs/talos@7bb205ebe fix: don't use runtime-specs Mount struct in machine config
• siderolabs/talos@d1b27926c feat: update Go to 1.21.3
• siderolabs/talos@b87092ab6 fix: handle secure boot state policy pcr digest error
• siderolabs/talos@498aeb8c3 docs: fix incorrect image suffix
• siderolabs/talos@c14a5d4f7 feat: support service account auth in cli
• siderolabs/talos@336aee0fd fix: use tpm2 hash algorithm constants and allow non-SHA-256 PCRs
• siderolabs/talos@69d8054c9 chore: drop UpdateEndpointSuite
• siderolabs/talos@ef7be16c8 fix: clear the encryption config in META when STATE is reset
• siderolabs/talos@5fc60d2ca feat: add Solarflare SFC9000 support
• siderolabs/talos@9b5cfdd0b chore: add tests for iscsi
• siderolabs/talos@b897764f8 docs: update proxmox.md
• siderolabs/talos@159f45bde docs: fix typos in CLI calls to endpoints
• siderolabs/talos@0bd1bdd74 chore: allow insecure access to installer base image (imager)
• siderolabs/talos@10ed13067 fix: the node IP for kubelet shouldn't change if nothing matches
• siderolabs/talos@e7575ecaa feat: support n-5 latest Kubernetes versions
• siderolabs/talos@e71508ec1 chore: update dependencies
• siderolabs/talos@6d7fa4668 docs: add metal network configuration guide
• siderolabs/talos@2b548ad0d feat: update containerd to 1.7.x
• siderolabs/talos@62dcfe81e fix: update kubernetes library to support 1.29 upgrades
• siderolabs/talos@52caf0763 feat: update Kubernetes to 1.29.0-alpha.1
• siderolabs/talos@390137447 feat: enable KubePrism by default
• siderolabs/talos@1beb5e86e docs: add KubePrism video
• siderolabs/talos@a52d3cda3 chore: update gen and COSI runtime
• siderolabs/talos@29b201d61 feat: enable common h/w sensors
• siderolabs/talos@9c2ba7c6f chore: add tests for chelsio drivers
• siderolabs/talos@5ca4d58dc fix: generate of modules.dep when on the machine
• siderolabs/talos@5efcccb6b chore: bump kernel to 6.1.54
• siderolabs/talos@29c767a02 docs: add control plane nodes as users of apid also for control plane nodes
• siderolabs/talos@4874cfb95 chore: fix typo
• siderolabs/talos@96f2a62ea test: update upgrade tests versions
• siderolabs/talos@f3a370acb feat: update Flannel to 0.22.3
• siderolabs/talos@efdee6965 feat: update Kubernetes to 1.28.2
• siderolabs/talos@e3b494058 fix: build CPU ucode correctly for early loader
• siderolabs/talos@c5bd0ac5c refactor: reimplement the depmod extension rebuilder
• siderolabs/talos@0b883f52a docs: add notes about stable addressing
• siderolabs/talos@3ef670a9e chore: pull in dm modules
• siderolabs/talos@8f4a36b0d docs: update aws to add command to allow KubeSpan wireguard port
• siderolabs/talos@a7edd0523 fix: set default route priority for hcloud platform
• siderolabs/talos@87c1b3ddd fix: calculate UKI ISO size dynamically
• siderolabs/talos@9698e4547 fix: handle correctly change of listen address for maintenance service
• siderolabs/talos@a096f05a5 chore: update gRPC library and enable shared write buffers
• siderolabs/talos@9e78fecca chore: improve image signing process
• siderolabs/talos@f00567e20 chore: add PKG_KERNEL arg to customize used kernel
• siderolabs/talos@2960f93ba feat: add readonly information to the disks API response
• siderolabs/talos@735bf9ed0 feat: bring in Google vNIC driver
• siderolabs/talos@3f5232075 feat: upgrade-k8s without comments
• siderolabs/talos@e44875106 docs: update deploying-cilium.md
• siderolabs/talos@7046cae43 chore: update gopacket to reduce init memory allocs
• siderolabs/talos@da73b563d chore: update Go to 1.21.1
• siderolabs/talos@5e11f08a6 fix: trim file path in the container image
• siderolabs/talos@3d2dad4e6 chore: show securtiystate on dashboard
• siderolabs/talos@b48510874 chore: e2e-aws cleanup
• siderolabs/talos@1eebbce35 chore: add output flag for talosctl config info
• siderolabs/talos@3fbed806c chore: add tests for util-linux extensions
• siderolabs/talos@7c514a1a6 docs: update header links
• siderolabs/talos@6058c3602 fix: shorten VLAN link names to fit into the limit of 15 characters
• siderolabs/talos@9c2f765c8 fix: allow network device selector to match multiple links
• siderolabs/talos@a04b98637 fix: update kubernetes library for 1.28 upgrade pre-checks
• siderolabs/talos@f7473e477 feat: update default Kubernetes to 1.28.1
• siderolabs/talos@d693604a1 chore: fix default image list in the release notes
• siderolabs/talos@d91b5b3a3 feat: set environment variables early in the boot
• siderolabs/talos@c918c0855 fix: set correct (1 year) talosconfig expiration
• siderolabs/talos@79bbdf454 fix: set proper timeouts for KubePrism loadbalancer
• siderolabs/talos@b8fb55d5c fix: use a mount prefix when installing a bootloader
• siderolabs/talos@44f59a804 feat: improve imager APIs
• siderolabs/talos@2d3ac925e refactor: update NTP spike detector
• siderolabs/talos@af0cc70e3 test: update e2e-aws to use worker groups
• siderolabs/talos@d03dc7a8a chore: validate new system extensions
• siderolabs/talos@bbeb489aa chore: drop firmware from initramfs
• siderolabs/talos@3c9f7a7de chore: re-enable nolintlint and typecheck linters
• siderolabs/talos@c51e2c9b4 feat: update CoreDNS to 1.11.1
• siderolabs/talos@8670450d2 release(v1.6.0-alpha.0): prepare release
• siderolabs/talos@6778ded29 feat: add e2e-aws for nvidia extensions
• siderolabs/talos@74c07ed71 chore: update Go to 1.21
• siderolabs/talos@a28d72e9c fix: ova contents to be named disk.*
• siderolabs/talos@c0ea4d7ba fix: properly calculate overal of node address with subnet filters
• siderolabs/talos@d6b2719e2 chore: drone: move extensions step to a function
• siderolabs/talos@9608ef56d chore: allow bridge traffic with DHCP broadcast traffic
• siderolabs/talos@c99316457 docs: fix the installing system extensions doc
• siderolabs/talos@833895940 chore: add tests for zfs extension
• siderolabs/talos@cb468c41c fix: copy proper modules to arm64 squashfs
• siderolabs/talos@ea0d6e8c6 fix: prevent dashboard crashes when process info is not available
• siderolabs/talos@e9077a6fb feat: filter the hostname to produce nodename
• siderolabs/talos@dc8361c1d fix: properly GC images supplied with both tag and digest
• siderolabs/talos@ccfa8de11 fix: automatically change rpi_4 board on upgrade
• siderolabs/talos@b56e8b7d9 fix: support 'List' type manifests
• siderolabs/talos@574d48e54 fix: use image digest when starting a container
• siderolabs/talos@175747cea fix: ntp query error with bare IPv6 address
• siderolabs/talos@c8b507fb2 docs: fix kubeprism typo
• siderolabs/talos@0cdcb2e0e docs: restructure docs for nvidia drivers for v1.4
• siderolabs/talos@676db9768 docs: fork docs for Talos 1.6
• siderolabs/talos@92ad18c18 fix: write correct capacity to the ovf
• siderolabs/talos@6b0373ebe chore: move bash tests to integration
• siderolabs/talos@52b3d8d37 docs: make Talos 1.5 documentation the default one
• siderolabs/talos@dc873df9b chore: fix the filenames of openstack images
• siderolabs/talos@b5c0e7b24 docs: update nvidia docs
• siderolabs/talos@9606e871e docs: update Jiva Pod Security Policy
• siderolabs/talos@a86ed4362 chore: update Kubernetes Go modules to 0.28.0
• siderolabs/talos@97b4e3e91 feat: update Kubernetes to 1.28.0
• siderolabs/talos@79ca1a3df feat: e2e-aws using tf code
• siderolabs/talos@bf3a5e011 chore: add version compatibility for Talos 1.6
• siderolabs/talos@969e8097c feat: update Kubernetes to 1.28.0-rc.1
• siderolabs/talos@ca41b611e chore: drone jsonnet cleanup
• siderolabs/talos@bc198e98e docs: retain cilium autoMount pending upstream hostPath fix
• siderolabs/talos@86c94eff8 refactor: docgen and config examples
• siderolabs/talos@ee6d639f6 fix: match routes on the priority properly
• siderolabs/talos@bff0d8f32 chore: fix dependencies in the release pipeline
• siderolabs/talos@e1b288679 refactor: compile regex in validation method on the first use
• siderolabs/talos@daa4c185a docs: add what's new and documentation for Talos 1.5
• siderolabs/talos@c4a1ca8d6 chore: remove <-errCh where possible in grpc methods
• siderolabs/talos@e0f383598 chore: clean up the output of the imager
• siderolabs/talos@fb536af4d chore: optimize memory usage of tcell library on init
• siderolabs/talos@7c86a365e chore: publish systemd-boot and systemd-stub assets
• siderolabs/talos@7d688ccfe fix: make encryption config provider default to luks2 if not set
• siderolabs/talos@80238a05a chore: unify semver under github.com/blang/semver/v4
• siderolabs/talos@0f1920bdd chore: provide a resource to peek into Linux clock adjustments
• siderolabs/talos@4eab3017b fix: calculate log2i properly
• siderolabs/talos@bcf284530 fix: update providerid prefix for aws
• siderolabs/talos@ac2aff5cc fix: fix azure portion of cloud uploader
• siderolabs/talos@793dcedc9 fix: fast-wipe the system disk on talosctl reset
• siderolabs/talos@76fa45afb docs: update cilium instructions

Changes since v1.6.0-alpha.1

• siderolabs/talos@95e33f6fc release(v1.6.0-alpha.2): prepare release
• siderolabs/talos@514e514ba feat: update Linux 6.1.63, containerd 1.7.9
• siderolabs/talos@aca8b5e17 fix: ignore kernel command line in container mode
• siderolabs/talos@020a0eb63 docs: fix table formatting for bootstraprequest
• siderolabs/talos@0eb245e04 docs: fix talosctl pcap example indentation
• siderolabs/talos@de6caf534 docs: fix table formatting for machineservice api
• siderolabs/talos@27d208c26 feat: implement OAuth2 device flow for machine config
• siderolabs/talos@5c8fa2a80 chore: start containerd early in boot
• siderolabs/talos@95a252cfc docs: fix link in what is new page
• siderolabs/talos@0d3c3ed71 feat: support kube scheduler config
• siderolabs/talos@06941b7e5 fix: allow rootfs propagation configuration for extension services
• siderolabs/talos@57dc796f3 docs: update lastRelease to v1.5.5 in _index.md
• siderolabs/talos@21d944a64 docs: add timezone information
• siderolabs/talos@4f1ad16c7 feat: support kubelet credentialprovider config
• siderolabs/talos@71a3bf0e3 fix: allow extra kernel args for secureboot installer
• siderolabs/talos@f38eaaab8 feat: rework secureboot and PCR signing key
• siderolabs/talos@6eade3d5e chore: add ability to rewrite uuids and set unique tokens for Talos
• siderolabs/talos@e9c7ac17a fix: set max msg recv size when proxying
• siderolabs/talos@e22ab440d feat: update Linux 6.1.61, containerd 1.7.8, runc 1.1.10
• siderolabs/talos@8245361f9 feat: show first 32 bytes of response body on download error
• siderolabs/talos@75d3987c0 chore: drop sha1 from genereated pcr json
• siderolabs/talos@6f32d2990 feat: add .der output talosctl gen secureboot pcr
• siderolabs/talos@87c40da6c fix: proper logging in machined on startup
• siderolabs/talos@a54da5f64 fix: image build for nanopi_4s
• siderolabs/talos@6f3cd0593 refactor: update packet capture to use 'afpacket' interface
• siderolabs/talos@813442dd7 fix: don't validate machine.install if installed
• siderolabs/talos@dff60069c feat: update Kubernetes to 1.29.0-alpha.3
• siderolabs/talos@c97db5dfe chore: bump Go dependencies
• siderolabs/talos@807a9950a fix: use custom Talos/kernel version when generating UKI
• siderolabs/talos@eb94468a6 docs: add documentation for Image Factory
• siderolabs/talos@2e78513e1 refactor: drop the dependency link platform -> network ctrl
• siderolabs/talos@6dc776b8a fix: when writing to META in the installer/imager, use fixed name
• siderolabs/talos@3703041e9 chore: remove uneeded code
• siderolabs/talos@cbe6e7622 fix: generate images for SBCs using imager
• siderolabs/talos@5dff164f1 fix: fix error output of cli action tracker
• siderolabs/talos@ef5056122 feat: update etcd to 3.5.10
• siderolabs/talos@45ae80873 chore: bump go-api-signature dependency to v0.3.1
• siderolabs/talos@ffa5e05cb fix: make Talos work on Rockpi 4c boards again
• siderolabs/talos@8eba4c599 feat: generate secrets bundle from the machine config
• siderolabs/talos@c7de745f6 chore: drop deprecated code
• siderolabs/talos@cc0c3ab69 docs: update rpi_generic.md
• siderolabs/talos@a009f5c60 fix: accept sysctl paths with dots
• siderolabs/talos@4919f6ee2 feat: add GOMEMLIMIT to shipped manifests with memory limits
• siderolabs/talos@73ee576ea chore: update sonobuouy library, drop the fork
• siderolabs/talos@c23bc2f4a chore: support OCI layout as a source for profile input
• siderolabs/talos@154bbd70f docs: fix talos version in guide for docker

Changes from siderolabs/extras

• siderolabs/extras@e8e801b feat: update Go to 1.21.4
• siderolabs/extras@d816a02 chore: move project to using kres
• siderolabs/extras@3893789 chore: move to github workflows
• siderolabs/extras@6d48418 feat: update Go to 1.21.3
• siderolabs/extras@09d7c3e chore: update releases
• siderolabs/extras@a011245 feat: update Go to 1.21.1
• siderolabs/extras@d3f54c7 feat: update Go to 1.20.8

Changes from siderolabs/gen

• siderolabs/gen@efca710 chore: add FilterInPlace method to maps and update module
• siderolabs/gen@36a3ae3 feat: update module

Changes from siderolabs/go-kubernetes

• siderolabs/go-kubernetes@fa05430 chore: support kube-scheduler config version
• siderolabs/go-kubernetes@68bf392 feat: add dropped API resource for 1.29
• siderolabs/go-kubernetes@09fa006 fix: retry Windows connection errors
• siderolabs/go-kubernetes@3aa47a4 feat: support Kubernetes 1.29 upgrades
• siderolabs/go-kubernetes@ae33a4a feat: introduce support for Kubernetes version compatibility checks
• siderolabs/go-kubernetes@cf2754e chore: update to use GHA
• siderolabs/go-kubernetes@44e26b3 feat: update removed feature gates for 1.28

Changes from siderolabs/go-retry

• siderolabs/go-retry@23b6fc2 fix: provider modern error unwrapping

Changes from siderolabs/pkgs

• siderolabs/pkgs@3aea711 feat: bump dependencies
• siderolabs/pkgs@d59cb3e feat(lvm2): configure thin support
• siderolabs/pkgs@252a59f feat: bump dependencies
• siderolabs/pkgs@0bb2a79 feat: update Go to 1.21.4
• siderolabs/pkgs@f57b0a9 chore: fix kernel target to honor PLATFORM
• siderolabs/pkgs@5f84302 chore: move to using kres
• siderolabs/pkgs@d7509f1 chore: bump deps
• siderolabs/pkgs@3a66437 chore: add gh workflows
• siderolabs/pkgs@2e892fd feat: update versions
• siderolabs/pkgs@37348d6 feat: update Go to 1.21.3
• siderolabs/pkgs@34f3c41 feat: add Solarflare SFC9000 support
• siderolabs/pkgs@0c84090 feat: update releases
• siderolabs/pkgs@19cdf71 feat: enable common sensors
• siderolabs/pkgs@acee18e chore: bump kernel to 6.1.54
• siderolabs/pkgs@1d16fd2 feat: add Chelsio support
• siderolabs/pkgs@4504f83 chore: rename kconfig-hardened-check
• siderolabs/pkgs@847a9c3 chore: enable dm thin provisioning
• siderolabs/pkgs@1401505 chore: drop -pkgs for upstream kernel modules
• siderolabs/pkgs@a62471d feat: add binfmt_misc support
• siderolabs/pkgs@518c441 feat: add gVNIC support
• siderolabs/pkgs@7d9e60e feat: update Go to 1.21.1
• siderolabs/pkgs@d3d7d29 chore: bump deps
• siderolabs/pkgs@3b70656 chore: fix cacert perms
• siderolabs/pkgs@cca80b7 feat: update Linux to 6.1.46
• siderolabs/pkgs@2e1c0b9 fix: nonfree kmod pkg name
• siderolabs/pkgs@cff5beb feat: add btrfs support
• siderolabs/pkgs@7717b7e chore: bump deps
• siderolabs/pkgs@2f19f18 feat: update containerd to 1.6.23
• siderolabs/pkgs@30d4b74 feat: update Go to 1.21
• siderolabs/pkgs@eda123d feat: update runc to 1.1.9
• siderolabs/pkgs@30cd584 chore: enable pushing of non-free packages
• siderolabs/pkgs@fb247b5 chore: update kernel and microcode

Changes from siderolabs/siderolink

• siderolabs/siderolink@5ab8f9d feat: allow persistent keepalive to be set for the peer
• siderolabs/siderolink@71dd308 chore: provide unique_token and Talos version in ProvisionRequest
• siderolabs/siderolink@0ee5425 chore: revert sys moduel to 0.13.0
• siderolabs/siderolink@6be9ba7 chore: bump deps
• siderolabs/siderolink@448cbe1 chore: bump golang.org/x/net to 0.8.0

Changes from siderolabs/tools

• siderolabs/tools@ff7fe96 feat: update Go to 1.21.4
• siderolabs/tools@6216d64 fix: org name
• siderolabs/tools@4334b92 chore: move to using kres
• siderolabs/tools@024ef25 chore: bump deps
• siderolabs/tools@5a22409 chore: refactor github actions
• siderolabs/tools@9a05d12 feat: move to gh workflow
• siderolabs/tools@a4a52e2 chore: add dummy gh workflow
• siderolabs/tools@9c09b00 feat: update dependencies
• siderolabs/tools@35948af feat: update Go to 1.21.3
• siderolabs/tools@09023c1 feat: update OpenSSL to 3.1.3
• siderolabs/tools@7fa8bb5 feat: update releases
• siderolabs/tools@fa388de feat: update Go to 1.21.1
• siderolabs/tools@33fb4b3 feat: update Go to 1.21

Dependency Changes

• github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0 new
• github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 new
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.0.0 new
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 new
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.0.1 new
• github.com/aws/aws-sdk-go-v2/config v1.18.32 -> v1.25.4
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.7 -> v1.14.5
• github.com/aws/smithy-go v1.14.0 -> v1.17.0
• github.com/beevik/ntp v1.2.0 -> v1.3.0
• github.com/blang/semver/v4 v4.0.0 new
• github.com/containerd/cgroups/v3 v3.0.2 new
• github.com/containerd/containerd v1.6.23 -> v1.7.9
• github.com/cosi-project/runtime v0.3.1 -> v0.3.17
• github.com/distribution/reference v0.5.0 new
• github.com/docker/docker v24.0.5 -> v24.0.7
• github.com/fatih/color v1.15.0 -> v1.16.0
• github.com/foxboron/go-uefi 32187aa193d0 -> 18b9ba9cd4c3
• github.com/fsnotify/fsnotify v1.6.0 -> v1.7.0
• github.com/google/go-cmp v0.5.9 -> v0.6.0
• github.com/google/go-containerregistry v0.15.2 -> v0.16.1
• github.com/google/uuid v1.3.0 -> v1.4.0
• github.com/gopacket/gopacket v1.1.1 -> e79bddbcb4a7
• github.com/hetznercloud/hcloud-go/v2 v2.0.0 -> v2.4.0
• github.com/insomniacslk/dhcp 0f9eb93a696c -> 6a2c8fbdcc1c
• github.com/jsimonetti/rtnetlink v1.3.4 -> v1.3.5
• github.com/mattn/go-isatty v0.0.19 -> v0.0.20
• github.com/mdp/qrterminal/v3 v3.2.0 new
• github.com/opencontainers/runtime-spec 1c3f411f0417 -> v1.1.0-rc.1
• github.com/prometheus/procfs v0.11.1 -> v0.12.0
• github.com/rivo/tview 6cc0565babaf -> 7c9e464bac02
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.20 -> v1.0.0-beta.21
• github.com/siderolabs/extras v1.5.0 -> v1.6.0-alpha.0-5-ge8e801b
• github.com/siderolabs/gen v0.4.5 -> v0.4.7
• github.com/siderolabs/go-kubernetes v0.2.2 -> v0.2.8
• github.com/siderolabs/go-retry v0.3.2 -> v0.3.3
• github.com/siderolabs/pkgs v1.5.0-6-g2f2c9cd -> v1.6.0-alpha.0-31-g3aea711
• github.com/siderolabs/siderolink v0.3.1 -> v0.3.2
• github.com/siderolabs/talos/pkg/machinery v1.5.0 -> v1.6.0-alpha.2
• github.com/siderolabs/tools v1.5.0 -> v1.6.0-alpha.0-12-gff7fe96
• github.com/spf13/cobra v1.7.0 -> v1.8.0
• github.com/vmware-tanzu/sonobuoy v0.56.17 -> v0.57.1
• go.etcd.io/etcd/api/v3 v3.5.9 -> v3.5.10
• go.etcd.io/etcd/client/pkg/v3 v3.5.9 -> v3.5.10
• go.etcd.io/etcd/client/v3 v3.5.9 -> v3.5.10
• go.etcd.io/etcd/etcdutl/v3 v3.5.9 -> v3.5.10
• go.uber.org/zap v1.25.0 -> v1.26.0
• go4.org/netipx ec4c8b891b28 -> 6213f710f925
• golang.org/x/net v0.13.0 -> v0.18.0
• golang.org/x/oauth2 v0.14.0 new
• golang.org/x/sync v0.3.0 -> v0.5.0
• golang.org/x/sys v0.10.0 -> v0.14.0
• golang.org/x/term v0.10.0 -> v0.14.0
• golang.org/x/text v0.11.0 -> v0.14.0
• golang.org/x/time v0.3.0 -> v0.4.0
• google.golang.org/grpc v1.57.0 -> v1.59.0
• k8s.io/api v0.28.0 -> v0.29.0-alpha.3
• k8s.io/apimachinery v0.28.0 -> v0.29.0-alpha.3
• k8s.io/apiserver v0.28.0 -> v0.29.0-alpha.3
• k8s.io/client-go v0.28.0 -> v0.29.0-alpha.3
• k8s.io/component-base v0.28.0 -> v0.29.0-alpha.3
• k8s.io/cri-api v0.28.0 -> v0.29.0-alpha.3
• k8s.io/klog/v2 v2.100.1 -> v2.110.1
• k8s.io/kube-scheduler v0.29.0-alpha.3 new
• k8s.io/kubectl v0.28.0 -> v0.29.0-alpha.3
• k8s.io/kubelet v0.28.0 -> v0.29.0-alpha.3
• sigs.k8s.io/yaml v1.3.0 -> v1.4.0

Previous release can be found at v1.5.0

Images

ghcr.io/siderolabs/flannel:v0.22.3
ghcr.io/siderolabs/install-cni:v1.6.0-alpha.0-5-ge8e801b
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.10
registry.k8s.io/kube-apiserver:v1.29.0-alpha.3
registry.k8s.io/kube-controller-manager:v1.29.0-alpha.3
registry.k8s.io/kube-scheduler:v1.29.0-alpha.3
registry.k8s.io/kube-proxy:v1.29.0-alpha.3
ghcr.io/siderolabs/kubelet:v1.29.0-alpha.3
ghcr.io/siderolabs/installer:v1.6.0-alpha.2
registry.k8s.io/pause:3.8