Skip to content

Releases: siderolabs/talos

v1.8.0-alpha.0

02 May 14:14
@talos-bot talos-bot
v1.8.0-alpha.0
This tag was signed with the committer’s verified signature.
smira Andrey Smirnov
GPG key ID: FE042E3D4085A811
Learn about vigilant mode.
8df5b85
This commit was signed with the committer’s verified signature.
smira Andrey Smirnov
GPG key ID: FE042E3D4085A811
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.8.0-alpha.0 Pre-release
Pre-release

Talos 1.8.0-alpha.0 (2024-05-02)

Welcome to the v1.8.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.6.29
containerd: 1.7.16

Talos is built with Go 1.22.2.

ZSTD Compression

Talos Linux now compresses kernel and initramfs using ZSTD.
Linux arm64 kernel is now compressed (previously it was uncompressed).

Contributors

  • Andrey Smirnov
  • Dmitriy Matrenichev
  • Utku Ozdemir
  • Dmitry Sharshakov
  • Artem Chernyshev
  • Bernard Gütermann
  • Birger J. Nordølum
  • Dennis Marttinen
  • Evan Johnson
  • Grzegorz Rożniecki
  • Igor Rzegocki
  • Noel Georgi
  • Spencer Smith
  • darox
  • looklose

Changes

52 commits

  • 8df5b85ec release(v1.8.0-alpha.0): prepare release
  • 07f78182c fix: use a fresh context for etcd unlock
  • 84cd7dbec feat: update Linux to 6.6.29
  • 70fdca6a4 chore: update minimum hardware requirement for vmware ova
  • b690ffeb8 test: improve DNS resolver test stability
  • 5aa0299b6 style: use correct capitalization for openstack
  • 4c0c626b7 feat: use zstd compression in place of xz
  • 98906ed6e fix: use reboot delay only in case of error
  • 05fd042bb test: improve the reset integration tests
  • 8cdf0f7cb docs: fix typo in Cilium instructions
  • dd1d279da fix: allow more flags in talosctl cluster create --input-dir
  • ef4394e58 chore: update kernel and other packages
  • ccdb4c8b1 chore: update google.golang.org/grpc to 1.63.2
  • c5b59df69 fix: wait for devices to be discovered before probing filesystems
  • 0821b9c50 feat: add --non-masquerade-cidrs flag to talosctl cluster create
  • 2bf613ad3 fix: add endpoints for "virtual" host-dns service
  • f4163aefe fix: bump priority of OpenStack routes if IPv6 and default gateway
  • 6fbd1263c feat: report process MAC labels
  • d46032821 fix: return proper value from Bridge.STP instead of plain nil
  • bac1d00c3 chore: prepare for Talos 1.8
  • d6c8067e1 docs: make 1.7 docs the default
  • d7c3a0735 docs: add what's new for v1.7
  • 908f67fa1 feat: add host dns support for resolving member addrs
  • 0d20b637d feat: update Kubernetes to 1.30.0
  • ec69d7a78 chore: replace math/rand with math/rand/v2
  • 89040ce43 chore: update go-blockdevice/v2 library to the latest version
  • 0a785802e fix: overlay installer operations
  • b1b63f658 fix: mark overlay installer executable
  • 3433fa13b feat: use container DNS when in container mode
  • 5d07ac5a7 fix: close apid inter-backend connections gracefully for real
  • 7ba18555b docs: fix typos in Akamai and AWS platform docs
  • 3dd1f4e88 chore: extract pkg/imager/quirks to pkg/machinery
  • 78bc3a433 docs: update Cilium docs
  • 831f3d39e feat: update Flannel to v0.25.1
  • ea5b3ff0c feat: update Kubernetes to v1.30.0-rc.2
  • 54dac5ed4 feat: update Linux 6.6.24, containerd 1.7.15
  • c51f146da docs: update Akamai platform docs
  • 9550f5ff7 docs: fix getAuthenticationMethod and completePathFromNode docs
  • bfbd02abf fix: assign different priority to IPv6 default gateway on OpenStack
  • c8f674bd3 test: add a test for 'spin' container runtime
  • 5390ccd48 chore: replace []byte with string and use go:embed for templates
  • ba7cdc8c8 chore: optimize DNSResolveCacheController
  • 145f24063 fix: don't modify a global map of profiles
  • 6fe91ad9c feat: provide Kubernets/Talos version compatibility for 1.8
  • 909a5800e fix: generate secureboot ISO .der certificate correctly
  • b0fdc3c8c fix: make static pods check output consistent
  • c6ad0fcce fix: validate that workers don't get cluster CA key
  • 3735add87 fix: reconnect to the logs stream in dashboard after reboot
  • 9aa1e1b79 fix: present all accepted CAs to the kube-apiserver
  • 336e61174 fix: close the apid connection to other machines gracefully
  • ff2c427b0 fix: pre-create nftables chain to make kubelet use nftables
  • 5622f0e45 docs: change localDNS to hostDNS in release notes yaml section

Changes from siderolabs/discovery-client

2 commits

Changes from siderolabs/extras

1 commit

Changes from siderolabs/pkgs

12 commits

Changes from siderolabs/tools

1 commit

Dependency Changes

  • cloud.google.com/go/compute/metadata v0.2.3 -> v0.3.0
  • github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 -> v1.5.2
  • github.com/aws/aws-sdk-go-v2/config v1.27.10 -> v1.27.11
  • github.com/aws/aws-sdk-go-v2/service/kms v1.30.1 -> v1.31.0
  • github.com/containerd/containerd v1.7.14 -> v1.7.16
  • github.com/containernetworking/cni v1.1.2 -> v1.2.0
  • github.com/docker/docker v26.0.0 -> v26.0.2
  • github.com/google/go-tpm ee6cbcd136f8 -> 1fb84445f623
  • github.com/hetznercloud/hcloud-go/v2 v2.7.0 -> v2.7.2
  • github.com/insomniacslk/dhcp c728f5dd21c8 -> f1cffa2c0c49
  • github.com/klauspost/compress v1.17.7 new
  • github.com/miekg/dns v1.1.58 -> v1.1.59
  • github.com/prometheus/procfs v0.13.0 -> v0.14.0
  • github.com/rivo/tview a22293bda944 -> e119d15762fe
  • github.com/scaleway/scaleway-sdk-go v1.0.0-beta.25 -> v1.0.0-beta.26
  • github.com/siderolabs/discovery-client v0.1.8 -> v0.1.9
  • github.com/siderolabs/extras v1.7.0-1-gbb76755 -> v1.8.0-alpha.0
  • github.com/siderolabs/pkgs v1.7.0-6-g29106c0 -> v1.8.0-alpha.0-10-g28c5696
  • github.com/siderolabs/talos/pkg/machinery v1.7.0 -> v1.8.0-alpha.0
  • github.com/siderolabs/tools v1.7.0-1-g10b2a69 -> v1.8.0-alpha.0
  • golang.org/x/net v0.23.0 -> v0.24.0
  • golang.org/x/oauth2 v0.18.0 -> v0.19.0
  • golang.org/x/sync v0.6.0 -> v0.7.0
  • golang.org/x/sys v0.18.0 -> v0.19.0
  • golang.org/x/term v0.18.0 -> v0.19.0
  • google.golang.org/grpc v1.62.1 -> v1.63.2

Previous release can be found at v1.7.0

Images

ghcr.io/siderolabs/flannel:v0.25.1
ghcr.io/siderolabs/install-cni:v1.8.0-alpha.0
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.13
registry.k8s.io/kube-apiserver:v1.30.0
registry.k8s.io/kube-controller-manager:v1.30.0
registry.k8s.io/kube-scheduler:v1.30.0
registry.k8s.io/kube-proxy:v1.30.0
ghcr.io/siderolabs/kubelet:v1.30.0
ghcr.io/siderolabs/installer:v1.8.0-alpha.0
registry.k8s.io/pause:3.8
Assets 57
0 Join discussion

v1.7.1

01 May 17:55
@talos-bot talos-bot
v1.7.1
This tag was signed with the committer’s verified signature.
smira Andrey Smirnov
GPG key ID: FE042E3D4085A811
Learn about vigilant mode.
e9cb904
This commit was signed with the committer’s verified signature.
smira Andrey Smirnov
GPG key ID: FE042E3D4085A811
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.1 Latest
Latest

Talos 1.7.1 (2024-05-01)

Welcome to the v1.7.1 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.6.29
containerd: 1.7.16

Talos is built with Go 1.22.2.

Contributors

  • Andrey Smirnov
  • Dmitriy Matrenichev
  • Igor Rzegocki
  • Spencer Smith

Changes

9 commits

  • e9cb904e6 release(v1.7.1): prepare release
  • 5614934c4 feat: update Linux to 6.6.29
  • 1d9705af8 chore: update minimum hardware requirement for vmware ova
  • 22e5753c3 test: improve DNS resolver test stability
  • 498b68193 test: improve the reset integration tests
  • 50023bc4e fix: wait for devices to be discovered before probing filesystems
  • 41024e17a fix: bump priority of OpenStack routes if IPv6 and default gateway
  • bd41fee8c fix: add endpoints for "virtual" host-dns service
  • 2db54c779 fix: return proper value from Bridge.STP instead of plain nil

Changes from siderolabs/pkgs

3 commits

Dependency Changes

  • github.com/containerd/containerd v1.7.14 -> v1.7.16
  • github.com/siderolabs/pkgs v1.7.0-6-g29106c0 -> v1.7.0-9-g76bd73c
  • github.com/siderolabs/talos/pkg/machinery v1.7.0 -> v1.7.1

Previous release can be found at v1.7.0

Images

ghcr.io/siderolabs/flannel:v0.25.1
ghcr.io/siderolabs/install-cni:v1.7.0-1-gbb76755
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.13
registry.k8s.io/kube-apiserver:v1.30.0
registry.k8s.io/kube-controller-manager:v1.30.0
registry.k8s.io/kube-scheduler:v1.30.0
registry.k8s.io/kube-proxy:v1.30.0
ghcr.io/siderolabs/kubelet:v1.30.0
ghcr.io/siderolabs/installer:v1.7.1
registry.k8s.io/pause:3.8
Assets 57
0 Join discussion

v1.7.0

19 Apr 14:14
@talos-bot talos-bot
v1.7.0
This tag was signed with the committer’s verified signature.
smira Andrey Smirnov
GPG key ID: FE042E3D4085A811
Learn about vigilant mode.
70fb41f
This commit was signed with the committer’s verified signature.
smira Andrey Smirnov
GPG key ID: FE042E3D4085A811
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.0

Talos 1.7.0 (2024-04-19)

Welcome to the v1.7.0 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Documentation on What's New in Talos 1.7.0

CA Rotation

Talos Linux now supports rotating the root CA certificate and key for Talos API and Kubernetes API.

Device Selectors

Talos Linux now supports physical: true qualifier for device selectors, it selects non-virtual network interfaces (i.e. en0 is selected, while bond0 is not).

DNS Caching

Talos Linux now provides a caching DNS resolver for host workloads (including host networking pods). It can be disabled with:

machine:
  features:
    hostDNS:
      enabled: false

You can also enable dns caching for k8s pods with:

machine:
  features:
    hostDNS:
      enabled: true
      forwardKubeDNSToHost: true

Please note that on running cluster you will have to kill CoreDNS pods for this change to apply.

If you want to can also enable the resolving of member addresses through their host and node names:

machine:
  features:
    hostDNS:
      enabled: true
      resolveMemberNames: true

Extension Services Config

Talos now supports supplying configuration files and environment variables for extension services.
The extension service configuration is a separate config document. An example is shown below:

---
apiVersion: v1alpha1
kind: ExtensionServiceConfig
name: nut-client
configFiles:
  - content: MONITOR ${upsmonHost} 1 remote pass password
    mountPath: /usr/local/etc/nut/upsmon.conf
environment:
  - UPS_NAME=ups

For documentation, see Extension Services Config Files.

Note: The use of environmentFile in extension service spec is now deprecated and will be removed in a future release of Talos.
Use ExtensionServiceConfig instead.

IPTables

Talos Linux now forces kubelet and kube-proxy to use iptables-nft instead of iptables-legacy (xtables) which was the default
before Talos 1.7.0.

Container images based on iptables-wrapper should work without changes, but if there was a direct call to legacy mode of iptables, make sure
to update to use iptables-nft.

Kubernetes Upgrade

The command talosctl upgrade-k8s now supports specifying custom image references for Kubernetes components via --*-image flags.
The default behavior is unchanged, and the flags are optional.

KubeSpan

Talos Linux disables by default a KubeSpan feature to harvest additional endpoints from KubeSpan members.
This feature turned out to be less helpful than expected and caused unnecessary performance issues.

Previous behavior can be restored with:

machine:
  network:
    kubespan:
        harvestExtraEndpoints: true

Logging

Talos Linux now supports setting extra tags when sending logs in JSON format:

machine:
  logging:
    destinations:
      - endpoint: "udp://127.0.0.1:12345/"
        format: "json_lines"
        extraTags:
          server: s03-rack07

Time Sync

Default NTP server was updated to be time.cloudflare.com instead of pool.ntp.org.
Default server is only used if the user does not specify any NTP servers in the configuration.

Talos Linux can now sync to PTP devices (e.g. provided by the hypervisor) skipping the network time servers.
In order to activate PTP sync, set machine.time.servers to the PTP device name (e.g. /dev/ptp0):

machine:
  time:
    servers:
      - /dev/ptp0

OpenNebula

Talos Linux now supports OpenNebula platform.

Platforms

Talos Linux now supports Akamai Connected Cloud provider (platform akamai).

Kubernetes API Server Service Account Key

Talos Linux starting from this release uses RSA key for Kubernetes API Server Service Account instead of ECDSA key to provide better compatibility with external OpenID Connect implementations.

SBC

Talos has split the SBC's (Single Board Computers) into separate repositories.
There will not be any more SBC specific release assets as part of Talos release.

The default Talos Installer image will stop working for SBC's and will fail the upgrade, if used, starting from Talos v1.7.0.

The SBC's images and installers can be generated on the fly using Image Factory or using Imager for custom images.
The list of official SBC's images supported by Image Factory can be found in the Overlays repository.

Secure Boot Image

Talos Linux now provides a way to configure systemd-boot ISO 'secure-boot-enroll' option while generating a SecureBoot ISO image:

output:
    kind: iso
    isoOptions:
        sdBootEnrollKeys: force # default is still if-safe
    outFormat: raw

Syslog

Talos Linux now starts a basic syslog receiver listening on /dev/log.
The receiver can mostly parse both RFC3164 and RFC5424 messages and writes them as JSON formatted message.
The logs can be viewed via talosctl logs syslogd.

This is mostly implemented for extension services that log to syslog.

Component Updates

Linux: 6.6.28
etcd: 3.5.11
Kubernetes: 1.30.0
containerd: 1.7.15
runc: 1.1.12
Flannel: 0.25.1

Talos is built with Go 1.22.2.

Hardware Watchdog Timers

Talos Linux now supports hardware watchdog timers configuration.
If enabled, and the machine becomes unresponsive, the hardware watchdog will reset the machine.

The watchdog can be enabled with the following configuration document:

apiVersion: v1alpha1
kind: WatchdogTimerConfig
device: /dev/watchdog0
timeout: 3m0s

Contributors

  • Andrey Smirnov
  • Noel Georgi
  • Dmitriy Matrenichev
  • Utku Ozdemir
  • Andrey Smirnov
  • Artem Chernyshev
  • Dmitry Sharshakov
  • Justin Garrison
  • Radosław Piliszek
  • Spencer Smith
  • Anthony ARNAUD
  • Steve Francis
  • Anastasios Papagiannis
  • Andrei Kvapil
  • Andrian Zubovic
  • AvnarJakob
  • Cas de Reuver
  • Christian Mohn
  • Christian WALDBILLIG
  • Dennis Marttinen
  • Dmitry Sharshakov
  • Drew Hess
  • Evan Johnson
  • ExtraClock
  • Fabiano Fidêncio
  • Henno Schooljan
  • Hervé Werner
  • JJGadgets
  • Jacob McSwain
  • Jean-Tiare Le Bigot
  • Jonomir
  • Kai Hanssen
  • Konrad Eriksson
  • Louis SCHNEIDER
  • Matthieu S
  • Michael Stephenson
  • Nico Berlee
  • Niklas Wik
  • Pip Oomen
  • Saiyam Pathak
  • Sebastiaan Gerritsen
  • Sebastian Gaiser
  • Serge Logvinov
  • Tim Jones
  • bri
  • ebcrypto
  • edwinavalos
  • fazledyn-or
  • goodmost
  • james-dreebot
  • pardomue
  • shurkys
  • stereobutter

Changes

239 commits

  • 70fb41fff release(v1.7.0): prepare release
  • 27e8455d7 chore: update extension filter for xen-guest-agent
  • 3a2612df5 feat: update Linux to 6.6.28
  • d9760fc9b docs: add what's new for v1.7
  • 83ad8d65c feat: add host dns support for resolving member addrs
  • 24141f078 feat: update Kubernetes to 1.30.0
  • 865239188 chore: update go-blockdevice/v2 library to the latest version
  • b72f0d7f9 fix: overlay installer operations
  • 81cd2b16e fix: mark overlay installer executable
  • a690e30ef feat: update Flannel to v0.25.1
  • fa5c7ee70 fix: close apid inter-backend connections gracefully for real
  • d821322c7 feat: use container DNS when in container mode
  • 77581447c release(v1.7.0-beta.1): prepare release
  • 1c0a91728 chore: disable max of one commit
  • 50d475b41 feat: update Kubernetes to v1.30.0-rc.2
  • a5b4a8a91 feat: update Linux 6.6.24, containerd 1.7.15
  • eea41cdae fix: assign different priority to IPv6 default gateway on OpenStack
  • d5932a390 chore: optimize DNSResolveCacheController
  • eca03b03c fix: don't modify a global map of profiles
  • 4da63d1dd test: add a test for 'spin' container runtime
  • fb84efce3 feat: provide Kubernets/Talos version compatibility for 1.8
  • 7d24ddd73 fix: generate secureboot ISO .der certificate correctly
  • 028a5b4b1 fix: reconnect to the logs stream in dashboard after reboot
  • 5019c9fa7 fix: present all accepted CAs to the kube-apiserver
  • 09ef5b3c9 fix: validate that workers don't get cluster CA key
  • 4f7cb9c3a fix: make static pods check output consistent
  • dd7d8d3aa fix: close the apid connection to other machines gracefully
  • 41a54e8a0 fix: pre-create nftables chain to make kubelet use nftables
  • abf302fb5 docs: change localDNS to hostDNS in release notes yaml section
  • 78f971370 release(v1.7.0-beta.0): prepare release
  • 01d8b897c fix: make safeReset truly safe to call multiple times
  • 653f838b0 feat: support multiple Docker cluster in talosctl cluster create
  • 951904554 chore: bump dependencies (go 1.22.2)
  • 862c76001 feat: add support for CoreDNS forwarding to host DNS
  • e8ae5ef63 feat: add akamai platform support
  • 5c0f74b37 fix: don't announce the VIP on acquire failure
  • 2f0fe10d5 chore: update sbc docs
  • 1b17008e9 fix:...
Read more
Assets 57
0 Join discussion

v1.7.0-beta.1

12 Apr 15:11
@talos-bot talos-bot
v1.7.0-beta.1
This tag was signed with the committer’s verified signature.
smira Andrey Smirnov
GPG key ID: FE042E3D4085A811
Learn about vigilant mode.
7758144
This commit was signed with the committer’s verified signature.
smira Andrey Smirnov
GPG key ID: FE042E3D4085A811
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.0-beta.1 Pre-release
Pre-release

Talos 1.7.0-beta.1 (2024-04-12)

Welcome to the v1.7.0-beta.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

CA Rotation

Talos Linux now supports rotating the root CA certificate and key for Talos API and Kubernetes API.

Device Selectors

Talos Linux now supports physical: true qualifier for device selectors, it selects non-virtual network interfaces (i.e. en0 is selected, while bond0 is not).

DNS Caching

Talos Linux now provides a caching DNS resolver for host workloads (including host networking pods). It can be disabled with:

machine:
  features:
    hostDNS:
      enabled: false

You can also enable dns caching for k8s pods with:

machine:
  features:
    hostDNS:
      enabled: true
      forwardKubeDNSToHost: true

Please note that on running cluster you will have to kill CoreDNS pods for this change to apply.

Extension Services Config

Talos now supports supplying configuration files and environment variables for extension services.
The extension service configuration is a separate config document. An example is shown below:

---
apiVersion: v1alpha1
kind: ExtensionServiceConfig
name: nut-client
configFiles:
  - content: MONITOR ${upsmonHost} 1 remote pass password
    mountPath: /usr/local/etc/nut/upsmon.conf
environment:
  - UPS_NAME=ups

For documentation, see Extension Services Config Files.

Note: The use of environmentFile in extension service spec is now deprecated and will be removed in a future release of Talos.
Use ExtensionServiceConfig instead.

IPTables

Talos Linux now forces kubelet and kube-proxy to use iptables-nft instead of iptables-legacy (xtables) which was the default
before Talos 1.7.0.

Container images based on iptables-wrapper should work without changes, but if there was a direct call to legacy mode of iptables, make sure
to update to use iptables-nft.

Kubernetes Upgrade

The command talosctl upgrade-k8s now supports specifying custom image references for Kubernetes components via --*-image flags.
The default behavior is unchanged, and the flags are optional.

KubeSpan

Talos Linux disables by default a KubeSpan feature to harvest additional endpoints from KubeSpan members.
This feature turned out to be less helpful than expected and caused unnecessary performance issues.

Previous behavior can be restored with:

machine:
  network:
    kubespan:
        harvestExtraEndpoints: true

Logging

Talos Linux now supports setting extra tags when sending logs in JSON format:

machine:
  logging:
    destinations:
      - endpoint: "udp://127.0.0.1:12345/"
        format: "json_lines"
        extraTags:
          server: s03-rack07

Time Sync

Default NTP server was updated to be time.cloudflare.com instead of pool.ntp.org.
Default server is only used if the user does not specify any NTP servers in the configuration.

Talos Linux can now sync to PTP devices (e.g. provided by the hypervisor) skipping the network time servers.
In order to activate PTP sync, set machine.time.servers to the PTP device name (e.g. /dev/ptp0):

machine:
  time:
    servers:
      - /dev/ptp0

OpenNebula

Talos Linux now supports OpenNebula platform.

Platforms

Talos Linux now supports Akamai Connected Cloud provider (platform akamai).

Kubernetes API Server Service Account Key

Talos Linux starting from this release uses RSA key for Kubernetes API Server Service Account instead of ECDSA key to provide better compatibility with external OpenID Connect implementations.

SBC

Talos has split the SBC's (Single Board Computers) into separate repositories.
There will not be any more SBC specific release assets as part of Talos release.

The default Talos Installer image will stop working for SBC's and will fail the upgrade, if used, starting from Talos v1.7.0.

The SBC's images and installers can be generated on the fly using Image Factory or using Imager for custom images.
The list of official SBC's images supported by Image Factory can be found in the Overlays repository.

Secure Boot Image

Talos Linux now provides a way to configure systemd-boot ISO 'secure-boot-enroll' option while generating a SecureBoot ISO image:

output:
    kind: iso
    isoOptions:
        sdBootEnrollKeys: force # default is still if-safe
    outFormat: raw

Syslog

Talos Linux now starts a basic syslog receiver listening on /dev/log.
The receiver can mostly parse both RFC3164 and RFC5424 messages and writes them as JSON formatted message.
The logs can be viewed via talosctl logs syslogd.

This is mostly implemented for extension services that log to syslog.

Component Updates

Linux: 6.6.26
etcd: 3.5.11
Kubernetes: 1.30.0-rc.2
containerd: 1.7.15
runc: 1.1.12
Flannel: 0.24.4

Talos is built with Go 1.22.2.

Hardware Watchdog Timers

Talos Linux now supports hardware watchdog timers configuration.
If enabled, and the machine becomes unresponsive, the hardware watchdog will reset the machine.

The watchdog can be enabled with the following configuration document:

apiVersion: v1alpha1
kind: WatchdogTimerConfig
device: /dev/watchdog0
timeout: 3m0s

Contributors

  • Andrey Smirnov
  • Noel Georgi
  • Dmitriy Matrenichev
  • Utku Ozdemir
  • Andrey Smirnov
  • Artem Chernyshev
  • Dmitry Sharshakov
  • Justin Garrison
  • Radosław Piliszek
  • Spencer Smith
  • Anthony ARNAUD
  • Steve Francis
  • Anastasios Papagiannis
  • Andrei Kvapil
  • Andrian Zubovic
  • AvnarJakob
  • Cas de Reuver
  • Christian Mohn
  • Christian WALDBILLIG
  • Dennis Marttinen
  • Dmitry Sharshakov
  • Drew Hess
  • Evan Johnson
  • ExtraClock
  • Fabiano Fidêncio
  • Henno Schooljan
  • Hervé Werner
  • JJGadgets
  • Jacob McSwain
  • Jean-Tiare Le Bigot
  • Jonomir
  • Kai Hanssen
  • Konrad Eriksson
  • Louis SCHNEIDER
  • Matthieu S
  • Michael Stephenson
  • Nico Berlee
  • Niklas Wik
  • Pip Oomen
  • Saiyam Pathak
  • Sebastiaan Gerritsen
  • Sebastian Gaiser
  • Serge Logvinov
  • Tim Jones
  • bri
  • ebcrypto
  • edwinavalos
  • fazledyn-or
  • goodmost
  • james-dreebot
  • pardomue
  • shurkys
  • stereobutter

Changes

227 commits

  • 77581447c release(v1.7.0-beta.1): prepare release
  • 1c0a91728 chore: disable max of one commit
  • 50d475b41 feat: update Kubernetes to v1.30.0-rc.2
  • a5b4a8a91 feat: update Linux 6.6.24, containerd 1.7.15
  • eea41cdae fix: assign different priority to IPv6 default gateway on OpenStack
  • d5932a390 chore: optimize DNSResolveCacheController
  • eca03b03c fix: don't modify a global map of profiles
  • 4da63d1dd test: add a test for 'spin' container runtime
  • fb84efce3 feat: provide Kubernets/Talos version compatibility for 1.8
  • 7d24ddd73 fix: generate secureboot ISO .der certificate correctly
  • 028a5b4b1 fix: reconnect to the logs stream in dashboard after reboot
  • 5019c9fa7 fix: present all accepted CAs to the kube-apiserver
  • 09ef5b3c9 fix: validate that workers don't get cluster CA key
  • 4f7cb9c3a fix: make static pods check output consistent
  • dd7d8d3aa fix: close the apid connection to other machines gracefully
  • 41a54e8a0 fix: pre-create nftables chain to make kubelet use nftables
  • abf302fb5 docs: change localDNS to hostDNS in release notes yaml section
  • 78f971370 release(v1.7.0-beta.0): prepare release
  • 01d8b897c fix: make safeReset truly safe to call multiple times
  • 653f838b0 feat: support multiple Docker cluster in talosctl cluster create
  • 951904554 chore: bump dependencies (go 1.22.2)
  • 862c76001 feat: add support for CoreDNS forwarding to host DNS
  • e8ae5ef63 feat: add akamai platform support
  • 5c0f74b37 fix: don't announce the VIP on acquire failure
  • 2f0fe10d5 chore: update sbc docs
  • 1b17008e9 fix: handle more OpenStack link types
  • e7d804140 fix: always update firewall rules (kubespan)
  • 78b9bd927 fix: report unsupported x86_64 microarchitecture level
  • 71d90ba5f fix: retry in the fixed amount of time if grpc relay failed
  • d320498a4 chore: bump dependencies
  • 3195e5d15 fix: force Flannel CNI to use KubePrism Kubernetes API endpoint
  • 917043fb5 chore: bump tools, pkgs and extra to stable
  • f515741b5 chore: add equinix e2e-tests
  • 117e60583 feat: add support for static extra fields for JSON logs
  • 090143b03 fix: allow platform cmdline args to be platform-specific
  • 7a68504b6 feat: support rotating Kubernetes CA
  • fac3dd043 fix: don't set default endpoints on gen config
  • 8dc4910c4 chore: enable "WG over GRPC" testing in siderolink agent tests
  • bac366e43 chore: add ExtraInfo field for extensions
  • 0fc24eeb0 feat: provide insecure flag to image...
Read more
Assets 57
0 Join discussion

v1.7.0-beta.0

05 Apr 12:45
@talos-bot talos-bot
v1.7.0-beta.0
This tag was signed with the committer’s verified signature.
smira Andrey Smirnov
GPG key ID: FE042E3D4085A811
Learn about vigilant mode.
78f9713
This commit was signed with the committer’s verified signature.
smira Andrey Smirnov
GPG key ID: FE042E3D4085A811
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.0-beta.0 Pre-release
Pre-release

Talos 1.7.0-beta.0 (2024-04-05)

Welcome to the v1.7.0-beta.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

CA Rotation

Talos Linux now supports rotating the root CA certificate and key for Talos API and Kubernetes API.

Device Selectors

Talos Linux now supports physical: true qualifier for device selectors, it selects non-virtual network interfaces (i.e. en0 is selected, while bond0 is not).

DNS Caching

Talos Linux now provides a caching DNS resolver for host workloads (including host networking pods). It can be disabled with:

machine:
   features:
       hostDNS:
         enabled: false

Extension Services Config

Talos now supports supplying configuration files and environment variables for extension services.
The extension service configuration is a separate config document. An example is shown below:

---
apiVersion: v1alpha1
kind: ExtensionServiceConfig
name: nut-client
configFiles:
  - content: MONITOR ${upsmonHost} 1 remote pass password
    mountPath: /usr/local/etc/nut/upsmon.conf
environment:
  - UPS_NAME=ups

For documentation, see Extension Services Config Files.

Note: The use of environmentFile in extension service spec is now deprecated and will be removed in a future release of Talos.
Use ExtensionServiceConfig instead.

Kubernetes Upgrade

The command talosctl upgrade-k8s now supports specifying custom image references for Kubernetes components via --*-image flags.
The default behavior is unchanged, and the flags are optional.

KubeSpan

Talos Linux disables by default a KubeSpan feature to harvest additional endpoints from KubeSpan members.
This feature turned out to be less helpful than expected and caused unnecessary performance issues.

Previous behavior can be restored with:

machine:
  network:
    kubespan:
        harvestExtraEndpoints: true

Logging

Talos Linux now supports setting extra tags when sending logs in JSON format:

machine:
  logging:
    destinations:
      - endpoint: "udp://127.0.0.1:12345/"
        format: "json_lines"
        extraTags:
          server: s03-rack07

Time Sync

Default NTP server was updated to be time.cloudflare.com instead of pool.ntp.org.
Default server is only used if the user does not specify any NTP servers in the configuration.

Talos Linux can now sync to PTP devices (e.g. provided by the hypervisor) skipping the network time servers.
In order to activate PTP sync, set machine.time.servers to the PTP device name (e.g. /dev/ptp0):

machine:
  time:
    servers:
      - /dev/ptp0

OpenNebula

Talos Linux now supports OpenNebula platform.

Platforms

Talos Linux now supports Akamai Connected Cloud provider (platform akamai).

Kubernetes API Server Service Account Key

Talos Linux starting from this release uses RSA key for Kubernetes API Server Service Account instead of ECDSA key to provide better compatibility with external OpenID Connect implementations.

SBC

Talos has split the SBC's (Single Board Computers) into separate repositories.
There will not be any more SBC specific release assets as part of Talos release.

The default Talos Installer image will stop working for SBC's and will fail the upgrade, if used, starting from Talos v1.7.0.

The SBC's images and installers can be generated on the fly using Image Factory or using Imager for custom images.
The list of official SBC's images supported by Image Factory can be found in the Overlays repository.

Secure Boot Image

Talos Linux now provides a way to configure systemd-boot ISO 'secure-boot-enroll' option while generating a SecureBoot ISO image:

output:
    kind: iso
    isoOptions:
        sdBootEnrollKeys: force # default is still if-safe
    outFormat: raw

Syslog

Talos Linux now starts a basic syslog receiver listening on /dev/log.
The receiver can mostly parse both RFC3164 and RFC5424 messages and writes them as JSON formatted message.
The logs can be viewed via talosctl logs syslogd.

This is mostly implemented for extension services that log to syslog.

Component Updates

Linux: 6.6.24
etcd: 3.5.11
Kubernetes: 1.30.0-rc.1
containerd: 1.7.14
runc: 1.1.12
Flannel: 0.24.4

Talos is built with Go 1.22.2.

Hardware Watchdog Timers

Talos Linux now supports hardware watchdog timers configuration.
If enabled, and the machine becomes unresponsive, the hardware watchdog will reset the machine.

The watchdog can be enabled with the following configuration document:

apiVersion: v1alpha1
kind: WatchdogTimerConfig
device: /dev/watchdog0
timeout: 3m0s

Contributors

  • Andrey Smirnov
  • Noel Georgi
  • Dmitriy Matrenichev
  • Utku Ozdemir
  • Andrey Smirnov
  • Artem Chernyshev
  • Dmitry Sharshakov
  • Justin Garrison
  • Radosław Piliszek
  • Spencer Smith
  • Anthony ARNAUD
  • Steve Francis
  • Anastasios Papagiannis
  • Andrei Kvapil
  • Andrian Zubovic
  • AvnarJakob
  • Cas de Reuver
  • Christian Mohn
  • Christian WALDBILLIG
  • Dmitry Sharshakov
  • Drew Hess
  • Evan Johnson
  • ExtraClock
  • Fabiano Fidêncio
  • Henno Schooljan
  • Hervé Werner
  • JJGadgets
  • Jacob McSwain
  • Jean-Tiare Le Bigot
  • Jonomir
  • Kai Hanssen
  • Konrad Eriksson
  • Louis SCHNEIDER
  • Matthieu S
  • Michael Stephenson
  • Nico Berlee
  • Niklas Wik
  • Pip Oomen
  • Saiyam Pathak
  • Sebastiaan Gerritsen
  • Sebastian Gaiser
  • Serge Logvinov
  • Tim Jones
  • bri
  • ebcrypto
  • edwinavalos
  • fazledyn-or
  • goodmost
  • james-dreebot
  • pardomue
  • shurkys
  • stereobutter

Changes

210 commits

  • 78f971370 release(v1.7.0-beta.0): prepare release
  • 01d8b897c fix: make safeReset truly safe to call multiple times
  • 653f838b0 feat: support multiple Docker cluster in talosctl cluster create
  • 951904554 chore: bump dependencies (go 1.22.2)
  • 862c76001 feat: add support for CoreDNS forwarding to host DNS
  • e8ae5ef63 feat: add akamai platform support
  • 5c0f74b37 fix: don't announce the VIP on acquire failure
  • 2f0fe10d5 chore: update sbc docs
  • 1b17008e9 fix: handle more OpenStack link types
  • e7d804140 fix: always update firewall rules (kubespan)
  • 78b9bd927 fix: report unsupported x86_64 microarchitecture level
  • 71d90ba5f fix: retry in the fixed amount of time if grpc relay failed
  • d320498a4 chore: bump dependencies
  • 3195e5d15 fix: force Flannel CNI to use KubePrism Kubernetes API endpoint
  • 917043fb5 chore: bump tools, pkgs and extra to stable
  • f515741b5 chore: add equinix e2e-tests
  • 117e60583 feat: add support for static extra fields for JSON logs
  • 090143b03 fix: allow platform cmdline args to be platform-specific
  • 7a68504b6 feat: support rotating Kubernetes CA
  • fac3dd043 fix: don't set default endpoints on gen config
  • 8dc4910c4 chore: enable "WG over GRPC" testing in siderolink agent tests
  • bac366e43 chore: add ExtraInfo field for extensions
  • 0fc24eeb0 feat: provide insecure flag to imager
  • a6b2f5456 feat: update Kubernetes to 1.30.0-rc.0, etcd to 3.5.13
  • 0361ff895 docs: quickstart video and brew install
  • b752a8618 chore: talosctl: add openSUSE OVMF paths
  • 945648914 feat: support hardware watchdog timers
  • 949ad11a2 chore: import siderolink as siderolink-launch subcommand
  • ee51f04af chore: azure e2e
  • 55dd41c0d chore: update coredns to v1.11.2 in required section
  • 8eacc4ba8 feat: support rotation of Talos API CA
  • 92808e3bc feat: report Docker node resources in cluster show
  • 84ec8c16f feat: support syncing to PTP clocks
  • 7d43c9aa6 chore: annotate installer errors
  • f737e6495 fix: populate routes to BGP neighbors (Equinix Metal)
  • 19f15a840 chore: bump golangci-lint to 1.57.0
  • 684011963 docs: add docs for overlays
  • 9b6ec5929 chore: bump kernel
  • 69f0466cd docs: remove repetitive words
  • 113fb646e chore: use go-talos-support library
  • 89fc68b45 fix: service lifecycle issues
  • ead37abf0 test: disable volume tests
  • c64523a7a feat: update Flannel to v0.24.4
  • 15beb1478 feat: implement blockdevice watch controller
  • 06e3bc0cb feat: implement Siderolink wireguard over GRPC
  • 9afa70baf fix: patch correctly config in talosctl upgrade-k8s
  • 3130caf95 chore: re-enable DRBD extension
  • 3ba180d07 release(v1.7.0-alpha.1): prepare release
  • 403ad93c3 feat: update dependencies
  • 7376f34e8 fix: remove maintenance config when maintenance service is shut down
  • 952801d8b fix: handle overlay partition options
  • 465b9a4e6 fix: update discovery client wi...
Read more
Assets 57
0 Join discussion

v1.6.7

20 Mar 14:24
@talos-bot talos-bot
v1.6.7
This tag was signed with the committer’s verified signature.
smira Andrey Smirnov
GPG key ID: FE042E3D4085A811
Learn about vigilant mode.
46c8ac1
This commit was signed with the committer’s verified signature.
smira Andrey Smirnov
GPG key ID: FE042E3D4085A811
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.6.7

Talos 1.6.7 (2024-03-20)

Welcome to the v1.6.7 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

  • Linux: 6.1.82
  • Kubernetes: 1.29.3

Talos is built with Go 1.21.8.

Contributors

  • Andrey Smirnov
  • Utku Ozdemir
  • Noel Georgi

Changes

7 commits

  • 46c8ac102 release(v1.6.7): prepare release
  • 9ef06f60f fix: service lifecycle issues
  • 2c9159977 fix: patch correctly config in talosctl upgrade-k8s
  • 16691dfd5 fix: remove maintenance config when maintenance service is shut down
  • 5cbbbfa68 fix: fix nil panic on maintenance upgrade with partial config
  • 3c942fe9d fix: etcd config validation for worker
  • a5920a157 feat: update Kubernetes to 1.29.3, Linux to 6.1.82

Changes from siderolabs/pkgs

1 commit

Dependency Changes

  • github.com/siderolabs/pkgs v1.6.0-26-g2961472 -> v1.6.0-27-gdf44f94
  • github.com/siderolabs/talos/pkg/machinery v1.6.6 -> v1.6.7
  • google.golang.org/protobuf v1.31.0 -> v1.33.0
  • k8s.io/api v0.29.2 -> v0.29.3
  • k8s.io/apimachinery v0.29.2 -> v0.29.3
  • k8s.io/apiserver v0.29.2 -> v0.29.3
  • k8s.io/client-go v0.29.2 -> v0.29.3
  • k8s.io/component-base v0.29.2 -> v0.29.3
  • k8s.io/cri-api v0.29.2 -> v0.29.3
  • k8s.io/kube-scheduler v0.29.2 -> v0.29.3
  • k8s.io/kubectl v0.29.2 -> v0.29.3
  • k8s.io/kubelet v0.29.2 -> v0.29.3
  • k8s.io/pod-security-admission v0.29.2 -> v0.29.3

Previous release can be found at v1.6.6

Images

ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0-2-g9234398
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.11
registry.k8s.io/kube-apiserver:v1.29.3
registry.k8s.io/kube-controller-manager:v1.29.3
registry.k8s.io/kube-scheduler:v1.29.3
registry.k8s.io/kube-proxy:v1.29.3
ghcr.io/siderolabs/kubelet:v1.29.3
ghcr.io/siderolabs/installer:v1.6.7
registry.k8s.io/pause:3.8
Assets 62
2 Join discussion

v1.7.0-alpha.1

14 Mar 16:32
@talos-bot talos-bot
v1.7.0-alpha.1
This tag was signed with the committer’s verified signature.
smira Andrey Smirnov
GPG key ID: FE042E3D4085A811
Learn about vigilant mode.
3ba180d
This commit was signed with the committer’s verified signature.
smira Andrey Smirnov
GPG key ID: FE042E3D4085A811
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.0-alpha.1 Pre-release
Pre-release

Talos 1.7.0-alpha.1 (2024-03-14)

Welcome to the v1.7.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Device Selectors

Talos Linux now supports physical: true qualifier for device selectors, it selects non-virtual network interfaces (i.e. en0 is selected, while bond0 is not).

DNS Caching

Talos Linux now provides a caching DNS resolver for host workloads (including host networking pods). It can be disabled with:

machine:
   features:
       localDNS: false

Extension Services Config

Talos now supports supplying configuration files and environment variables for extension services.
The extension service configuration is a separate config document. An example is shown below:

---
apiVersion: v1alpha1
kind: ExtensionServiceConfig
name: nut-client
configFiles:
  - content: MONITOR ${upsmonHost} 1 remote pass password
    mountPath: /usr/local/etc/nut/upsmon.conf
environment:
  - UPS_NAME=ups

For documentation, see Extension Services Config Files.

Note: The use of environmentFile in extension service spec is now deprecated and will be removed in a future release of Talos.
Use ExtensionServiceConfig instead.

Kubernetes Upgrade

The command talosctl upgrade-k8s now supports specifying custom image references for Kubernetes components via --*-image flags.
The default behavior is unchanged, and the flags are optional.

KubeSpan

Talos Linux disables by default a KubeSpan feature to harvest additional endpoints from KubeSpan members.
This feature turned out to be less helpful than expected and caused unnecessary performance issues.

Previous behavior can be restored with:

machine:
  network:
    kubespan:
        harvestExtraEndpoints: true

NTP

Default NTP server was updated to be time.cloudflare.com instead of pool.ntp.org.
Default server is only used if the user does not specify any NTP servers in the configuration.

OpenNebula

Talos Linux now supports OpenNebula platform.

Known Problems

DRBD extension is disabled in this release due to incompatibility with the latest Linux kernel.

Kubernetes API Server Service Account Key

Talos Linux starting from this release uses RSA key for Kubernetes API Server Service Account instead of ECDSA key to provide better compatibility with external OpenID Connect implementations.

SBC

Talos core will drop support for SBC's and will not include the SBC binaries in the release.
Overlays are being developed to support SBC's.

Secure Boot Image

Talos Linux now provides a way to configure systemd-boot ISO 'secure-boot-enroll' option while generating a SecureBoot ISO image:

output:
    kind: iso
    isoOptions:
        sdBootEnrollKeys: force # default is still if-safe
    outFormat: raw

Syslog

Talos Linux now starts a basic syslog receiver listening on /dev/log.
The receiver can mostly parse both RFC3164 and RFC5424 messages and writes them as JSON formatted message.
The logs can be viewed via talosctl logs syslogd.

This is mostly implemented for extension services that log to syslog.

Component Updates

Linux: 6.6.21
etcd: 3.5.11
Kubernetes: 1.30.0-beta.0
containerd: 1.7.14
runc: 1.1.12
Flannel: 0.24.1

Talos is built with Go 1.22.1.

Contributors

  • Andrey Smirnov
  • Noel Georgi
  • Dmitriy Matrenichev
  • Utku Ozdemir
  • Andrey Smirnov
  • Artem Chernyshev
  • Radosław Piliszek
  • Spencer Smith
  • Anthony ARNAUD
  • Justin Garrison
  • Steve Francis
  • Anastasios Papagiannis
  • Andrei Kvapil
  • Andrian Zubovic
  • AvnarJakob
  • Cas de Reuver
  • Christian Mohn
  • Christian WALDBILLIG
  • Dmitry Sharshakov
  • Dmitry Sharshakov
  • Drew Hess
  • ExtraClock
  • Fabiano Fidêncio
  • Henno Schooljan
  • Hervé Werner
  • JJGadgets
  • Jacob McSwain
  • Jonomir
  • Kai Hanssen
  • Louis SCHNEIDER
  • Matthieu S
  • Michael Stephenson
  • Nico Berlee
  • Pip Oomen
  • Saiyam Pathak
  • Sebastiaan Gerritsen
  • Sebastian Gaiser
  • Serge Logvinov
  • Tim Jones
  • bri
  • ebcrypto
  • edwinavalos
  • fazledyn-or
  • james-dreebot
  • pardomue
  • shurkys
  • stereobutter

Changes

163 commits

  • 3ba180d07 release(v1.7.0-alpha.1): prepare release
  • 403ad93c3 feat: update dependencies
  • 7376f34e8 fix: remove maintenance config when maintenance service is shut down
  • 952801d8b fix: handle overlay partition options
  • 465b9a4e6 fix: update discovery client with the fix for keepalive interval
  • 1e9f866ac feat: update Kubernetes to v1.30.0-beta.0
  • d118a852b feat: implement Install for imager overlays
  • cd5a5a447 chore: migrate to go-grpc-middleware/v2
  • e3c2a6398 feat: set default NTP server to time.cloudflare.com
  • 32e087760 chore: print all available logs containers in logs command completions
  • e89d755c5 fix: etcd config validation for worker
  • 1aa3c9182 docs: add DreeBot to ADOPTERS.md
  • 1bb6027cc fix: fix nil panic on maintenance upgrade with partial config
  • aa70bfb9d docs: add Redpill Linpro to adopters list
  • f02aeec92 fix: do not fail cluster create when input dir does not contain talosconfig
  • 1ec6683e0 chore: use go-copy
  • 3c8f51d70 chore: move cli formatters and version modules to machinery
  • 8152a6dd6 feat: update Go to 1.22.1
  • 8c7953991 docs: update replicated-local-storage-with-openebs-jiva.md
  • f23bd8144 fix: syslog parser
  • bbed07e03 feat: update Linux to 6.6.18
  • 8125e754b feat: imager overlay
  • 0b9b4da12 feat: update Kubernetes to 1.30.0-alpha.3
  • 3a764029e docs: fix typo in word governor
  • d81d49000 chore: update CoreDNS renovate source
  • b2ad5dc5f fix: workaround a race in CNI setup (talosctl cluster create)
  • 457507803 fix: provide auth when pulling images in the imager
  • e707175ab docs: update config patch in cilium docs
  • f8c556a1c chore: listen for dns requests on 127.0.0.53
  • 8872a7a21 fix: ignore 'no such device' in addition to 'no such file'
  • 1cb544353 chore: uki der certs in iso
  • 67ac6933d fix: handle errors to watch apid/trustd certs
  • c79d69c2e fix: only set gateway if set in context (opennebula)
  • 4575dd8e7 chore: allow not preallocated disks for QEMU cluster
  • 0bddfea81 chore: add oceanbox.io to adopters
  • 136427592 chore: use proper talos_version_contract for TF tests
  • 6bf50fdc1 chore: disable x/net/trace in gRPC to enable dead code elimination
  • 815a8e9cc feat: add partial config support to talosctl cluster create
  • 64e9703f8 chore: add tests for the Kata Containers extension
  • 9b6291925 feat: update pkgs
  • 66f3ffdd4 fix: ensure that Talos runs in a pod (container)
  • 9dbc33972 feat: add basic syslog implementation
  • 0b7a27e6a feat: allow access to all resources over siderolink in maintenance mode
  • 53721883d feat: support AWS KMS for the SecureBoot signing
  • 7ee999f8a fix: disable KubeSpan endpoint harvesting by default
  • 7b87c7fe9 chore: bump Go dependencies
  • 8e9596d3c docs: rpi talosctl install update
  • 493bb60f8 fix: correctly handle partial configs in DNSUpstreamController
  • 6deb10ae2 chore: deprecate environmentFile for extensions
  • f8b4ee82a chore: update extensions test
  • 1366ce14a feat: update Kubernetes to v1.30.0-alpha.2
  • 559308ef7 fix: use MachineStatus resource to check for boot done
  • 15e8bca2b feat: support environment in ExtensionServicesConfig
  • 3fe82ec46 feat: custom image settings for k8s upgrade
  • fa3b93370 chore: replace fmt.Errorf with errors.New where possible
  • d4521ee9c feat: update kernel with sfc driver and LSM updates
  • 2f0421b40 fix: run xfs_repair on invalid argument error
  • f868fb8e8 docs: update vmware tools url
  • fa2d34dd8 chore: enable v6 support on the same port
  • 83e0b0c19 chore: adjust dns sockets settings
  • a1ec1705b chore: update Go to 1.22.0
  • 76b50fcd4 chore: add Ænix to the Adopters list
  • 5324d3916 chore: bump stuff
  • 087b50f42 feat: support systemd-boot ISO enroll keys option
  • afa71d6b0 chore: use "handle-like" resource in DNSResolveCacheController
  • 013e13070 fix: error with decoding config document with wrong apiVersion
  • 1e77bb1c3 chore: allow custom pkgs to build talos
  • 3f8a85f1b fix: unlock the upgrade mutex properly
  • 61c3331b1 docs: update indentation in vip.md
  • 383e528df chore: allow uuid-based hostnames in talosctl cluster create
  • 1e6c8c4de feat: extensions services config
  • 989ca3ade feat: add OpenNebula platform support
  • siderolabs/talos@...
Read more
Assets 55
0 Join discussion

v1.6.6

06 Mar 18:31
@talos-bot talos-bot
v1.6.6
This tag was signed with the committer’s verified signature.
smira Andrey Smirnov
GPG key ID: FE042E3D4085A811
Learn about vigilant mode.
7dceba0
This commit was signed with the committer’s verified signature.
smira Andrey Smirnov
GPG key ID: FE042E3D4085A811
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.6.6

Talos 1.6.6 (2024-03-06)

Welcome to the v1.6.6 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

  • Linux: 6.1.80

Talos is built with Go 1.21.8.

Contributors

  • Andrey Smirnov

Changes

5 commits

  • 7dceba060 release(v1.6.6): prepare release
  • e4f712689 fix: workaround a race in CNI setup (talosctl cluster create)
  • 38b5aed50 fix: provide auth when pulling images in the imager
  • 4af77b5fd fix: handle errors to watch apid/trustd certs
  • 2df2586f9 feat: update Linux to 6.1.80, Go to 1.21.8

Changes from siderolabs/extras

1 commit

Changes from siderolabs/pkgs

1 commit

Changes from siderolabs/tools

1 commit

Dependency Changes

  • github.com/alexflint/go-filemutex v1.2.0 new
  • github.com/siderolabs/extras v1.6.0-1-g113887a -> v1.6.0-2-g9234398
  • github.com/siderolabs/pkgs v1.6.0-25-g6868f38 -> v1.6.0-26-g2961472
  • github.com/siderolabs/talos/pkg/machinery v1.6.5 -> v1.6.6
  • github.com/siderolabs/tools v1.6.0-2-g5e034ec -> v1.6.0-3-gae30965

Previous release can be found at v1.6.5

Images

ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0-2-g9234398
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.11
registry.k8s.io/kube-apiserver:v1.29.2
registry.k8s.io/kube-controller-manager:v1.29.2
registry.k8s.io/kube-scheduler:v1.29.2
registry.k8s.io/kube-proxy:v1.29.2
ghcr.io/siderolabs/kubelet:v1.29.2
ghcr.io/siderolabs/installer:v1.6.6
registry.k8s.io/pause:3.8
Assets 62
0 Join discussion

v1.6.5

22 Feb 11:38
@talos-bot talos-bot
v1.6.5
This tag was signed with the committer’s verified signature.
smira Andrey Smirnov
GPG key ID: FE042E3D4085A811
Learn about vigilant mode.
22803bc
This commit was signed with the committer’s verified signature.
smira Andrey Smirnov
GPG key ID: FE042E3D4085A811
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.6.5

Talos 1.6.5 (2024-02-22)

Welcome to the v1.6.5 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Kubernetes Upgrade

The command talosctl upgrade-k8s now supports specifying custom image references for Kubernetes components via --*-image flags.
The default behavior is unchanged, and the flags are optional.

Component Updates

Kubernetes: 1.29.2
Linux: 6.1.78

Talos is built with Go 1.21.6.

Contributors

  • Andrey Smirnov
  • Noel Georgi
  • Anastasios Papagiannis
  • Andrian Zubovic
  • Matthieu S
  • Utku Ozdemir
  • pardomue

Changes

14 commits

  • 22803bc5d release(v1.6.5): prepare release
  • e5c198a32 feat: update pkgs
  • 54c60ddfb feat: allow access to all resources over siderolink in maintenance mode
  • c7f5ff73e fix: use MachineStatus resource to check for boot done
  • 7d1378240 feat: support AWS KMS for the SecureBoot signing
  • c6e7a95cc feat: custom image settings for k8s upgrade
  • 0f5e946f4 fix: ensure that Talos runs in a pod (container)
  • fd93ce1b6 feat: update kernel with sfc driver and LSM updates
  • 36836878f fix: run xfs_repair on invalid argument error
  • 6ea29d927 feat: support systemd-boot ISO enroll keys option
  • e993215fe fix: unlock the upgrade mutex properly
  • 5515a6bab fix: use a separate cgroup for each extension service
  • e7935e6b9 feat: update Linux to 6.1.78
  • 959627850 feat: update Kubernetes default to 1.29.2

Changes from siderolabs/pkgs

9 commits

Dependency Changes

  • github.com/aws/aws-sdk-go-v2/service/kms v1.26.5 new
  • github.com/siderolabs/pkgs v1.6.0-16-gb77ffb7 -> v1.6.0-25-g6868f38
  • github.com/siderolabs/talos/pkg/machinery v1.6.4 -> v1.6.5
  • k8s.io/api v0.29.1 -> v0.29.2
  • k8s.io/apiserver v0.29.1 -> v0.29.2
  • k8s.io/client-go v0.29.1 -> v0.29.2
  • k8s.io/component-base v0.29.1 -> v0.29.2
  • k8s.io/kube-scheduler v0.29.1 -> v0.29.2
  • k8s.io/kubectl v0.29.1 -> v0.29.2
  • k8s.io/kubelet v0.29.1 -> v0.29.2
  • k8s.io/pod-security-admission v0.29.2 new

Previous release can be found at v1.6.4

Images

ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0-1-g113887a
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.11
registry.k8s.io/kube-apiserver:v1.29.2
registry.k8s.io/kube-controller-manager:v1.29.2
registry.k8s.io/kube-scheduler:v1.29.2
registry.k8s.io/kube-proxy:v1.29.2
ghcr.io/siderolabs/kubelet:v1.29.2
ghcr.io/siderolabs/installer:v1.6.5
registry.k8s.io/pause:3.8
Assets 62
0 Join discussion

v1.5.6

02 Feb 15:03
@talos-bot talos-bot
v1.5.6
This tag was signed with the committer’s verified signature.
smira Andrey Smirnov
GPG key ID: FE042E3D4085A811
Learn about vigilant mode.
26f0153
This commit was signed with the committer’s verified signature.
smira Andrey Smirnov
GPG key ID: FE042E3D4085A811
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.5.6

Talos 1.5.6 (2024-02-02)

Welcome to the v1.5.6 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.1.74
containerd: 1.6.28
runc: 1.1.12

See CVE-2024-21626 for the runc update.

Talos is built with Go 1.20.13.

Contributors

  • Andrey Smirnov
  • Dmitriy Matrenichev
  • Hervé Werner
  • Jonomir
  • Noel Georgi

Changes

12 commits

  • 26f0153ef release(v1.5.6): prepare release
  • e7475d8fd fix: take into account the moment seen when cleaning up CRI images
  • 9b819ee1e fix: watch bufer overrun for RouteStatus
  • 730913fdb fix: update kmsg with utf-8 fix
  • a3b48c696 fix: disk UUID & WWID always empty in talosctl disks
  • e4a23412f fix: skip writing the file if the contents haven't changed
  • 8516708a5 fix: retry blockdevice open in the installer
  • d82b14eae fix: be more tolerant to error handling in Mounts API
  • d35002777 fix: ignore kernel command line in container mode
  • 06424ad5d fix: allow extra kernel args for secureboot installer
  • 985ed8de6 fix: set max msg recv size when proxying
  • 1e5913806 feat: update runc 1.1.12, containerd 1.6.28, Linux 6.1.74

Changes from siderolabs/gen

2 commits

Changes from siderolabs/go-kmsg

2 commits

Changes from siderolabs/pkgs

2 commits

Changes from siderolabs/tools

1 commit

Dependency Changes

  • github.com/containerd/containerd v1.6.23 -> v1.6.28
  • github.com/google/go-cmp v0.5.9 -> v0.6.0
  • github.com/google/uuid v1.3.0 -> v1.3.1
  • github.com/siderolabs/gen v0.4.5 -> v0.4.7
  • github.com/siderolabs/go-kmsg v0.1.3 -> v0.1.4
  • github.com/siderolabs/pkgs v1.5.0-15-gab5b0e5 -> v1.5.0-17-ga550ab9
  • github.com/siderolabs/talos/pkg/machinery v1.5.5 -> v1.5.6
  • github.com/siderolabs/tools v1.5.0-3-gc95372c -> v1.5.0-4-g02895ed
  • golang.org/x/net v0.17.0 -> v0.18.0
  • golang.org/x/sys v0.13.0 -> v0.16.0
  • golang.org/x/term v0.13.0 -> v0.16.0
  • golang.org/x/text v0.13.0 -> v0.14.0
  • google.golang.org/grpc v1.58.3 -> v1.59.0

Previous release can be found at v1.5.5

Images

ghcr.io/siderolabs/flannel:v0.22.1
ghcr.io/siderolabs/install-cni:v1.5.0-3-gb43c4e4
registry.k8s.io/coredns/coredns:v1.10.1
gcr.io/etcd-development/etcd:v3.5.10
registry.k8s.io/kube-apiserver:v1.28.3
registry.k8s.io/kube-controller-manager:v1.28.3
registry.k8s.io/kube-scheduler:v1.28.3
registry.k8s.io/kube-proxy:v1.28.3
ghcr.io/siderolabs/kubelet:v1.28.3
ghcr.io/siderolabs/installer:v1.5.6
registry.k8s.io/pause:3.6
Assets 62
0 Join discussion