Releases: siderolabs/talos
v1.7.7
Talos 1.7.7 (2024-09-26)
Welcome to the v1.7.7 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Component Updates
Linux: 6.6.52
Kubernetes: 1.30.5
containerd: 1.7.22
runc: 1.1.14
Talos is built with Go 1.22.7.
Contributors
- Andrey Smirnov
- Dmitriy Matrenichev
- Matthieu Mottet
- Mike Beaumont
- Noel Georgi
- Utku Ozdemir
Changes
12 commits
- 687940847 release(v1.7.7): prepare release
- e53eff902 fix: ignore invalid NTP responses
- 28b81b2b0 fix: report internally service as unhealthy if not running
- da5b526e5 fix: report errors correctly when pulling, fix EEXIST
- 1e4e5acfe chore: drop calico from interactive installer
- e6fd4e078 fix: merge extension service config files by
mountPath
- c95d1fee6 fix: add missing host/nvme-rdma
- 0bd287838 fix: bump go-smbios for broken SMIOS tables
- 63b59ebe4 fix: add NVMe target kernel modules
- d7b713679 fix: retry with another upstream if the previous failed
- c7f2da147 fix: fix graph diffs in dashboard when node aliases are used
- ae230db28 feat: update Linux 6.6.52, Kubernetes 1.30.3
Changes from siderolabs/go-smbios
2 commits
- siderolabs/go-smbios@e781237 fix: stop decoding without error if EOF encountered during header read
- siderolabs/go-smbios@6a719a6 chore: rekres, bump deps
Changes from siderolabs/pkgs
4 commits
- siderolabs/pkgs@868e459 chore: rekres
- siderolabs/pkgs@ed36e2e fix: add mpt3sas UBSAN patches
- siderolabs/pkgs@3bfb1b5 feat: update packages
- siderolabs/pkgs@a3ca3b5 feat: update runc to 1.1.14
Changes from siderolabs/tools
Dependency Changes
- github.com/containerd/containerd v1.7.16 -> v1.7.22
- github.com/containerd/containerd/api v1.7.19 new
- github.com/containerd/errdefs v0.1.0 new
- github.com/containerd/platforms v0.2.1 new
- github.com/siderolabs/go-smbios v0.3.2 -> v0.3.3
- github.com/siderolabs/pkgs v1.7.0-29-gf0c088f -> v1.7.0-33-g868e459
- github.com/siderolabs/talos/pkg/machinery v1.7.6 -> v1.7.7
- github.com/siderolabs/tools v1.7.0-4-gc844dc3 -> v1.7.0-5-gc936ce1
- k8s.io/api v0.30.3 -> v0.30.5
- k8s.io/apimachinery v0.30.3 -> v0.30.5
- k8s.io/apiserver v0.30.3 -> v0.30.5
- k8s.io/client-go v0.30.3 -> v0.30.5
- k8s.io/component-base v0.30.3 -> v0.30.5
- k8s.io/kube-scheduler v0.30.3 -> v0.30.5
- k8s.io/kubectl v0.30.3 -> v0.30.5
- k8s.io/kubelet v0.30.3 -> v0.30.5
- k8s.io/pod-security-admission v0.30.3 -> v0.30.5
Previous release can be found at v1.7.6
Images
ghcr.io/siderolabs/flannel:v0.25.3
ghcr.io/siderolabs/install-cni:v1.7.0-2-g7c627a8
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.13
registry.k8s.io/kube-apiserver:v1.30.5
registry.k8s.io/kube-controller-manager:v1.30.5
registry.k8s.io/kube-scheduler:v1.30.5
registry.k8s.io/kube-proxy:v1.30.5
ghcr.io/siderolabs/kubelet:v1.30.5
ghcr.io/siderolabs/installer:v1.7.7
registry.k8s.io/pause:3.8
v1.8.0
Talos 1.8.0 (2024-09-23)
Welcome to the v1.8.0 release of Talos!
Starting with Talos v1.8.0, only standard assets would be published as github release assets. These include:
cloud-images.json
talosctl
binarieskernel
initramfs
metal
iso and disk imagestalosctl-cni-bundle
All other release assets can be downloaded from Image Factory.
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Node Annotations
Talos Linux now supports configuring Kubernetes node annotations via machine configuration (.machine.nodeAnnotations
) in a way similar to node labels.
Workload Apparmor Profile
Talos Linux can now apply the default AppArmor profiles to all workloads started via containerd, if the machine is installed with the AppArmor LSM enforced via the extraKernelArgs.
Eg:
machine:
install:
extraKernelArgs:
- security=apparmor
Bridge Interface
Talos Linux now support configuring 'vlan_filtering' for bridge interfaces.
Machine Configuration via Kernel Command Line
Talos Linux supports supplying zstd-compressed, base64-encoded machine configuration small documents via the kernel command line parameter talos.config.inline
.
CNI Plugins
Talos Linux now bundles by default the following standard CNI plugins:
bridge
firewall
flannel
host-local
loopback
portmap
The Talos bundled Flannel manifest was simplified to remove the install-cni
step.
Accessing /dev/net/tun
in Kubernetes Pods
Talos Linux ships with runc
1.2, which drops legacy rule to expose /dev/net/tun
devices by default in the container.
If you need to access /dev/net/tun
in your Kubernetes pods (e.g. running Tailscale as a Kubernetes pod), you can add use device plugins to expose /dev/net/tun
to the pod.
Diagnostics
Talos Linux now shows diagnostics information for common problems related to misconfiguration via talosctl health
and Talos dashboard.
Disk Management
Talos Linux now supports configuration for the EPHEMERAL
volume.
Extensions in Kubernetes Nodes
Talos Linux now publishes list of installed extensions as Kubernetes node labels/annotations.
The key format is extensions.talos.dev/<name>
and the value is the extension version.
If the extension name is not valid as a label key, it will be skipped.
If the extension version is a valid label value, it will be put to the label; otherwise it will be put to the annotation.
For Talos machines booted of the Image Factory artifacts, this means that the schematic ID will be published as the annotation
extensions.talos.dev/schematic
(as it is longer than 63 characters).
DNS Forwarding for CoreDNS pods
Usage of the host DNS resolver as upstream for Kubernetes CoreDNS pods is now enabled by default. You can disable it
with:
machine:
features:
hostDNS:
enabled: true
forwardKubeDNSToHost: false
Please note that on running cluster you will have to kill CoreDNS pods for this change to apply.
The IP address used to forward DNS queries has changed to the fixed 169.254.116.108
address.
For those upgrading from Talos 1.7 with forwardKubeDNSToHost
enabled, the old Kubernetes service
can be cleaned up with kubectl delete -n kube-system service host-dns
.
Installer
Talos Linux installer now never wipes the system disk on upgrades, which means that the flag
--preserve
is always set for talosctl upgrade
.
talos.halt_if_installed
kernel argument
Starting with Talos 1.8, ISO's generated from Boot Assets would have a new kernel argument talos.halt_if_installed
which would pause the boot sequence until boot timeout if Talos is already installed on the disk.
ISO generated for pre 1.8 versions would not have this kernel argument.
This can be also explicitly enabled by setting talos.halt_if_installed=1
in kernel argument.
Slim Kubelet Image
Kubelet container image includes various utilities that kubelet might use to perform various tasks.
Starting with Kubernetes 1.31.0, kubelet
image now includes less utilities, as the in-tree CSI plugins were
removed in Kubernetes 1.31.0. This reduces kubelet
image size and potential attack surface.
For Kubernetes < 1.31.0, there will be two images built:
v1.x.y
(default, fat)v1.x.y-slim
(slim)
For Kubernetes >= 1.31.0, there will be same two images built, but the
default tag would point to slim image:
v1.x.y
(default, slim)v1.x.y-fat
(fat)
KubeSpan
Extra announced endpoints can be added using the KubespanEndpointsConfig
document.
Default Node Labels
Talos Linux on config generation now adds a label node.kubernetes.io/exclude-from-external-load-balancers
by default for the control plane nodes.
PCI Devices
A list of PCI devices can now be obtained via PCIDevices
resource, e.g. talosctl get pcidevices
.
Metal images
Starting with Talos 1.8, console=ttyS0
kernel argument is removed from the metal images and installer. If running virtualized in QEMU (For eg: Proxmox), this can be added as an extra kernel argument if needed via Image Factory or using Imager.
This should fix slow boot or no console output issues on most bare metal hardware.
NVIDIA GPU Support
Starting with Talos 1.8.0, SideroLabs would ships extensions for both LTS and Production versions of NVIDIA extensions.
For more details see the CHANGELOG of extensions.
Upgrades with an exisiting schematic id from Image Factory would keep the existing LTS version of the NVIDIA extension.
Removing parts of the configuration using $patch: delete
syntax
Talos Linux now supports removing parts of the configuration using the $patch: delete
syntax similar to the kubernetes.
More information can be found here.
Platform Support
Talos Linux now supports Apache CloudStack platform.
kube-proxy
Talos Linux configures kube-proxy >= v1.31.0 to use 'nftables' backend by default.
Secure Boot
Talos Linux now can optionally include well-known UEFI (Microsoft) SecureBoot keys into the auto-enrollment UEFI database.
Custom Trusted Roots
Talos Linux now supports adding custom trusted roots (CA certificates) via TrustedRootsConfig
configuration documents.
Device Extra Settle Timeout
Talos Linux now supports a kernel command line argument talos.device.settle_time=3m
to set the device extra settle timeout to workaround issues with broken drivers.
Component Updates
Kubernetes: 1.31.1
Linux: 6.6.52
containerd: 2.0.0-rc.4
runc: 1.2.0-rc.3
etcd: 3.5.16
Flannel: 0.25.6
Flannel CNI plugin: 1.5.1
CoreDNS: 1.1.13
Talos is built with Go 1.22.7.
ZSTD Compression
Talos Linux now compresses kernel and initramfs using ZSTD.
Linux arm64 kernel is now compressed (previously it was uncompressed).
Contributors
- Andrey Smirnov
- Dmitriy Matrenichev
- Noel Georgi
- Artem Chernyshev
- Utku Ozdemir
- Dmitry Sharshakov
- Justin Garrison
- Spencer Smith
- Steve Francis
- Bernard Gütermann
- Jean-Francois Roy
- Konrad Eriksson
- Serge Logvinov
- Tim Jones
- doctor_ew
- Amadeus Mader
- Andrew Rynhard
- Anthony ARNAUD
- Attila Oláh
- Birger J. Nordølum
- Caleb Woodbine
- Claus Albøge
- Daniel Höxtermann
- David Birks
- Dean
- Dennis Marttinen
- Eddie Zaneski
- Enrique Hernández Bello
- EricMa
- Evan Johnson
- Fabian Topfstedt
- Florian Ströger
- Fredrik Lundhag
- George Gaál
- Grzegorz Rozniecki
- Grzegorz Rożniecki
- Igor Rzegocki
- Josia Scheytt
- Judah Rand
- Marcel Richter
- Marco Franssen
- Marcus Förster
- Matthias Riegler
- Matthieu Mottet
- Maxime Brunet
- Michael Trip
- Mike Beaumont
- Nick Meyer
- Nicklas Frahm
- Ole-Magnus Sæther
- Roman Ivanov
- Ron Olson
- Saravanan G
- Simon-Boyer
- Skyler Mäntysaari
- Steve Fan
- Steve Martinelli
- Steven Fackler
- Syoc
- USBAkimbo
- Will Bush
- cryptk
- darox
- dhaines-quera
- leppeK
- looklose
Changes
318 commits
- 5cc935f74 release(v1.8.0): prepare release
- ec32f44c3 test: bump resources for Rook/Ceph test
- 8fb2f24b4 fix: update blockdevice library to v2.0.2
- 4c7948bb4 chore: better lvm2 tests
- 882582a8e docs: fix kubespan name inconsistency
- f136c031c feat: update pkgs
- 67ba47825 chore: refactor tests
- 920d8c829 fix: audit and fix cgroup reservations
- c8dedbe11 fix: filter out non-printable characters in process line
- 70d3c91fb feat: support lvm auto activation
- 4d44677f4 docs: document
/dev/net/tun
compatibility - 32076935f fix: strategic merge patch delete for map keys
- 7478db75a release(v1.8.0-beta.1): prepare release
- a43e7247b feat: update Linux to 6.6.51
- bd9167512 test: add a test for inline machine config trusted roots
- siderolabs/talos@...
v1.8.0-beta.1
Talos 1.8.0-beta.1 (2024-09-16)
Welcome to the v1.8.0-beta.1 release of Talos!
This is a pre-release of Talos
Starting with Talos v1.8.0, only standard assets would be published as github release assets. These include:
cloud-images.json
talosctl
binarieskernel
initramfs
metal
iso and disk imagestalosctl-cni-bundle
All other release assets can be downloaded from Image Factory.
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Node Annotations
Talos Linux now supports configuring Kubernetes node annotations via machine configuration (.machine.nodeAnnotations
) in a way similar to node labels.
Workload Apparmor Profile
Talos Linux can now apply the default AppArmor profiles to all workloads started via containerd, if the machine is installed with the AppArmor LSM enforced via the extraKernelArgs.
Eg:
machine:
install:
extraKernelArgs:
- security=apparmor
Bridge Interface
Talos Linux now support configuring 'vlan_filtering' for bridge interfaces.
Machine Configuration via Kernel Command Line
Talos Linux supports supplying zstd-compressed, base64-encoded machine configuration small documents via the kernel command line parameter talos.config.inline
.
CNI Plugins
Talos Linux now bundles by default the following standard CNI plugins:
bridge
firewall
flannel
host-local
loopback
portmap
The Talos bundled Flannel manifest was simplified to remove the install-cni
step.
Diagnostics
Talos Linux now shows diagnostics information for common problems related to misconfiguration via talosctl health
and Talos dashboard.
Disk Management
Talos Linux now supports configuration for the EPHEMERAL
volume.
Extensions in Kubernetes Nodes
Talos Linux now publishes list of installed extensions as Kubernetes node labels/annotations.
The key format is extensions.talos.dev/<name>
and the value is the extension version.
If the extension name is not valid as a label key, it will be skipped.
If the extension version is a valid label value, it will be put to the label; otherwise it will be put to the annotation.
For Talos machines booted of the Image Factory artifacts, this means that the schematic ID will be published as the annotation
extensions.talos.dev/schematic
(as it is longer than 63 characters).
DNS Forwarding for CoreDNS pods
Usage of the host DNS resolver as upstream for Kubernetes CoreDNS pods is now enabled by default. You can disable it
with:
machine:
features:
hostDNS:
enabled: true
forwardKubeDNSToHost: false
Please note that on running cluster you will have to kill CoreDNS pods for this change to apply.
The IP address used to forward DNS queries has changed to the fixed 169.254.116.108
address.
For those upgrading from Talos 1.7 with forwardKubeDNSToHost
enabled, the old Kubernetes service
can be cleaned up with kubectl delete -n kube-system service host-dns
.
Installer
Talos Linux installer now never wipes the system disk on upgrades, which means that the flag
--preserve
is always set for talosctl upgrade
.
talos.halt_if_installed
kernel argument
Starting with Talos 1.8, ISO's generated from Boot Assets would have a new kernel argument talos.halt_if_installed
which would pause the boot sequence until boot timeout if Talos is already installed on the disk.
ISO generated for pre 1.8 versions would not have this kernel argument.
This can be also explicitly enabled by setting talos.halt_if_installed=1
in kernel argument.
Slim Kubelet Image
Kubelet container image includes various utilities that kubelet might use to perform various tasks.
Starting with Kubernetes 1.31.0, kubelet
image now includes less utilities, as the in-tree CSI plugins were
removed in Kubernetes 1.31.0. This reduces kubelet
image size and potential attack surface.
For Kubernetes < 1.31.0, there will be two images built:
v1.x.y
(default, fat)v1.x.y-slim
(slim)
For Kubernetes >= 1.31.0, there will be same two images built, but the
default tag would point to slim image:
v1.x.y
(default, slim)v1.x.y-fat
(fat)
KubeSpan
Extra announced endpoints can be added using the KubespanEndpointsConfig
document.
Default Node Labels
Talos Linux on config generation now adds a label node.kubernetes.io/exclude-from-external-load-balancers
by default for the control plane nodes.
PCI Devices
A list of PCI devices can now be obtained via PCIDevices
resource, e.g. talosctl get pcidevices
.
Metal images
Starting with Talos 1.8, console=ttyS0
kernel argument is removed from the metal images and installer. If running virtualized in QEMU (For eg: Proxmox), this can be added as an extra kernel argument if needed via Image Factory or using Imager.
This should fix slow boot or no console output issues on most bare metal hardware.
NVIDIA GPU Support
Starting with Talos 1.8.0, SideroLabs would ships extensions for both LTS and Production versions of NVIDIA extensions.
For more details see the CHANGELOG of extensions.
Upgrades with an exisiting schematic id from Image Factory would keep the existing LTS version of the NVIDIA extension.
Removing parts of the configuration using $patch: delete
syntax
Talos Linux now supports removing parts of the configuration using the $patch: delete
syntax similar to the kubernetes.
More information can be found here.
Platform Support
Talos Linux now supports Apache CloudStack platform.
kube-proxy
Talos Linux configures kube-proxy >= v1.31.0 to use 'nftables' backend by default.
Secure Boot
Talos Linux now can optionally include well-known UEFI (Microsoft) SecureBoot keys into the auto-enrollment UEFI database.
Custom Trusted Roots
Talos Linux now supports adding custom trusted roots (CA certificates) via TrustedRootsConfig
configuration documents.
Device Extra Settle Timeout
Talos Linux now supports a kernel command line argument talos.device.settle_time=3m
to set the device extra settle timeout to workaround issues with broken drivers.
Component Updates
Kubernetes: 1.31.1
Linux: 6.6.51
containerd: 2.0.0-rc.4
runc: 1.2.0-rc.3
etcd: 3.5.16
Flannel: 0.25.6
Flannel CNI plugin: 1.5.1
CoreDNS: 1.1.13
Talos is built with Go 1.22.7.
ZSTD Compression
Talos Linux now compresses kernel and initramfs using ZSTD.
Linux arm64 kernel is now compressed (previously it was uncompressed).
Contributors
- Andrey Smirnov
- Dmitriy Matrenichev
- Noel Georgi
- Artem Chernyshev
- Utku Ozdemir
- Dmitry Sharshakov
- Justin Garrison
- Spencer Smith
- Steve Francis
- Bernard Gütermann
- Jean-Francois Roy
- Konrad Eriksson
- Serge Logvinov
- doctor_ew
- Amadeus Mader
- Andrew Rynhard
- Anthony ARNAUD
- Attila Oláh
- Birger J. Nordølum
- Caleb Woodbine
- Claus Albøge
- Daniel Höxtermann
- David Birks
- Dean
- Dennis Marttinen
- Eddie Zaneski
- Enrique Hernández Bello
- EricMa
- Evan Johnson
- Fabian Topfstedt
- Fredrik Lundhag
- George Gaál
- Grzegorz Rozniecki
- Grzegorz Rożniecki
- Igor Rzegocki
- Josia Scheytt
- Judah Rand
- Marcel Richter
- Marco Franssen
- Marcus Förster
- Matthias Riegler
- Matthieu Mottet
- Maxime Brunet
- Michael Trip
- Mike Beaumont
- Nick Meyer
- Nicklas Frahm
- Ole-Magnus Sæther
- Roman Ivanov
- Ron Olson
- Saravanan G
- Simon-Boyer
- Skyler Mäntysaari
- Steve Fan
- Steve Martinelli
- Steven Fackler
- Syoc
- Tim Jones
- USBAkimbo
- Will Bush
- cryptk
- darox
- dhaines-quera
- leppeK
- looklose
Changes
306 commits
- 7478db75a release(v1.8.0-beta.1): prepare release
- a43e7247b feat: update Linux to 6.6.51
- bd9167512 test: add a test for inline machine config trusted roots
- 073ba2585 feat: update default Kubernetes version to 1.31.1
- 815e4bae8 fix: ignore invalid NTP responses
- cdabb7bcf fix: update CoreDNS health check
- a159ea9cc chore: account for resource sorting in dns upstream resource
- c030eef15 fix: parse SideroLink API endpoint correctly
- c37234643 chore: drop
activateLogicalVolumes
sequencer step - 9e60f1708 fix: remove extra logging on ethtool ioctl failures
- 5eb5ff532 feat: update etcd to 3.5.16
- 51b91d64e release(v1.8.0-beta.0): prepare release
- 899f1b900 feat: implement "$patch: delete" logic
- 545f75fd7 feat: acquire machine config inline from kernel cmdline
- 361283401 chore: version specific kube-scheduler health checks
- d64ce44e4 chore(ci): e2e gcp
- cd7c68266 chore: disallow duplicate documents on decoder level
- bcaf63628 feat: update dependencies
- dd4185b14 feat: add KubeSpan extra endpoint configuration
- 3038ccfa8 feat: add configuration for EPHEMERAL volume
- siderolabs/talos@f...
v1.8.0-beta.0
Talos 1.8.0-beta.0 (2024-09-09)
Welcome to the v1.8.0-beta.0 release of Talos!
This is a pre-release of Talos
Starting with Talos v1.8.0, only standard assets would be published as github release assets. These include:
cloud-images.json
talosctl
binarieskernel
initramfs
metal
iso and disk imagestalosctl-cni-bundle
All other release assets can be downloaded from Image Factory.
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Node Annotations
Talos Linux now supports configuring Kubernetes node annotations via machine configuration (.machine.nodeAnnotations
) in a way similar to node labels.
Workload Apparmor Profile
Talos Linux can now apply the default AppArmor profiles to all workloads started via containerd, if the machine is installed with the AppArmor LSM enforced via the extraKernelArgs.
Eg:
machine:
install:
extraKernelArgs:
- security=apparmor
Bridge Interface
Talos Linux now support configuring 'vlan_filtering' for bridge interfaces.
Machine Configuration via Kernel Command Line
Talos Linux supports supplying zstd-compressed, base64-encoded machine configuration small documents via the kernel command line parameter talos.config.inline
.
CNI Plugins
Talos Linux now bundles by default the following standard CNI plugins:
bridge
firewall
flannel
host-local
loopback
portmap
The Talos bundled Flannel manifest was simplified to remove the install-cni
step.
Diagnostics
Talos Linux now shows diagnostics information for common problems related to misconfiguration via talosctl health
and Talos dashboard.
Disk Management
Talos Linux now supports configuration for the EPHEMERAL
volume.
Extensions in Kubernetes Nodes
Talos Linux now publishes list of installed extensions as Kubernetes node labels/annotations.
The key format is extensions.talos.dev/<name>
and the value is the extension version.
If the extension name is not valid as a label key, it will be skipped.
If the extension version is a valid label value, it will be put to the label; otherwise it will be put to the annotation.
For Talos machines booted of the Image Factory artifacts, this means that the schematic ID will be published as the annotation
extensions.talos.dev/schematic
(as it is longer than 63 characters).
DNS Forwarding for CoreDNS pods
Usage of the host DNS resolver as upstream for Kubernetes CoreDNS pods is now enabled by default. You can disable it
with:
machine:
features:
hostDNS:
enabled: true
forwardKubeDNSToHost: false
Please note that on running cluster you will have to kill CoreDNS pods for this change to apply.
The IP address used to forward DNS queries has changed to the fixed 169.254.116.108
address.
For those upgrading from Talos 1.7 with forwardKubeDNSToHost
enabled, the old Kubernetes service
can be cleaned up with kubectl delete -n kube-system service host-dns
.
Installer
Talos Linux installer now never wipes the system disk on upgrades, which means that the flag
--preserve
is always set for talosctl upgrade
.
talos.halt_if_installed
kernel argument
Starting with Talos 1.8, ISO's generated from Boot Assets would have a new kernel argument talos.halt_if_installed
which would pause the boot sequence until boot timeout if Talos is already installed on the disk.
ISO generated for pre 1.8 versions would not have this kernel argument.
This can be also explicitly enabled by setting talos.halt_if_installed=1
in kernel argument.
Slim Kubelet Image
Kubelet container image includes various utilities that kubelet might use to perform various tasks.
Starting with Kubernetes 1.31.0, kubelet
image now includes less utilities, as the in-tree CSI plugins were
removed in Kubernetes 1.31.0. This reduces kubelet
image size and potential attack surface.
For Kubernetes < 1.31.0, there will be two images built:
v1.x.y
(default, fat)v1.x.y-slim
(slim)
For Kubernetes >= 1.31.0, there will be same two images built, but the
default tag would point to slim image:
v1.x.y
(default, slim)v1.x.y-fat
(fat)
KubeSpan
Extra announced endpoints can be added using the KubespanEndpointsConfig
document.
Default Node Labels
Talos Linux on config generation now adds a label node.kubernetes.io/exclude-from-external-load-balancers
by default for the control plane nodes.
PCI Devices
A list of PCI devices can now be obtained via PCIDevices
resource, e.g. talosctl get pcidevices
.
Metal images
Starting with Talos 1.8, console=ttyS0
kernel argument is removed from the metal images and installer. If running virtualized in QEMU (For eg: Proxmox), this can be added as an extra kernel argument if needed via Image Factory or using Imager.
This should fix slow boot or no console output issues on most bare metal hardware.
NVIDIA GPU Support
Starting with Talos 1.8.0, SideroLabs would ships extensions for both LTS and Production versions of NVIDIA extensions.
For more details see the CHANGELOG of extensions.
Upgrades with an exisiting schematic id from Image Factory would keep the existing LTS version of the NVIDIA extension.
Removing parts of the configuration using $patch: delete
syntax
Talos Linux now supports removing parts of the configuration using the $patch: delete
syntax similar to the kubernetes.
More information can be found here.
Platform Support
Talos Linux now supports Apache CloudStack platform.
kube-proxy
Talos Linux configures kube-proxy >= v1.31.0 to use 'nftables' backend by default.
Secure Boot
Talos Linux now can optionally include well-known UEFI (Microsoft) SecureBoot keys into the auto-enrollment UEFI database.
Custom Trusted Roots
Talos Linux now supports adding custom trusted roots (CA certificates) via TrustedRootsConfig
configuration documents.
Device Extra Settle Timeout
Talos Linux now supports a kernel command line argument talos.device.settle_time=3m
to set the device extra settle timeout to workaround issues with broken drivers.
Component Updates
Kubernetes: 1.31.0
Linux: 6.6.49
containerd: 2.0.0-rc.4
runc: 1.2.0-rc.3
etcd: 3.5.15
Flannel: 0.25.6
Flannel CNI plugin: 1.5.1
CoreDNS: 1.1.13
Talos is built with Go 1.22.7.
ZSTD Compression
Talos Linux now compresses kernel and initramfs using ZSTD.
Linux arm64 kernel is now compressed (previously it was uncompressed).
Contributors
- Andrey Smirnov
- Dmitriy Matrenichev
- Noel Georgi
- Artem Chernyshev
- Utku Ozdemir
- Dmitry Sharshakov
- Justin Garrison
- Spencer Smith
- Steve Francis
- Bernard Gütermann
- Jean-Francois Roy
- Konrad Eriksson
- Serge Logvinov
- doctor_ew
- Amadeus Mader
- Andrew Rynhard
- Anthony ARNAUD
- Attila Oláh
- Birger J. Nordølum
- Caleb Woodbine
- Claus Albøge
- Daniel Höxtermann
- David Birks
- Dean
- Dennis Marttinen
- Eddie Zaneski
- Enrique Hernández Bello
- EricMa
- Evan Johnson
- Fabian Topfstedt
- Fredrik Lundhag
- George Gaál
- Grzegorz Rozniecki
- Grzegorz Rożniecki
- Igor Rzegocki
- Josia Scheytt
- Judah Rand
- Marcel Richter
- Marco Franssen
- Marcus Förster
- Matthias Riegler
- Matthieu Mottet
- Maxime Brunet
- Michael Trip
- Mike Beaumont
- Nick Meyer
- Nicklas Frahm
- Ole-Magnus Sæther
- Roman Ivanov
- Ron Olson
- Saravanan G
- Simon-Boyer
- Skyler Mäntysaari
- Steve Fan
- Steve Martinelli
- Steven Fackler
- Syoc
- Tim Jones
- USBAkimbo
- Will Bush
- cryptk
- darox
- dhaines-quera
- leppeK
- looklose
Changes
295 commits
- 51b91d64e release(v1.8.0-beta.0): prepare release
- 899f1b900 feat: implement "$patch: delete" logic
- 545f75fd7 feat: acquire machine config inline from kernel cmdline
- 361283401 chore: version specific kube-scheduler health checks
- d64ce44e4 chore(ci): e2e gcp
- cd7c68266 chore: disallow duplicate documents on decoder level
- bcaf63628 feat: update dependencies
- dd4185b14 feat: add KubeSpan extra endpoint configuration
- 3038ccfa8 feat: add configuration for EPHEMERAL volume
- faffa4c3f fix: never unarchive initramfs when loading boot assets in talosctl
- 07b91797c fix: report internally service as unhealthy if not running
- bc8bf9e8a feat: update Linux 6.6.49
- 7edcbbb83 chore: support gcp in cloud-image-uploader
- 0a870200e chore: remove matrix links from docs
- db6ef1ee9 test: update Talos versions in Image Factory tests
- ec3844c46 release(v1.8.0-alpha.2): prepare release
- 6f7c3a8e5 fix: build of talosctl on non-Linux arches
- f0a59cec7 release(v1.8.0-alpha.2): prepare release
- c8aed3be4 fix: correctly add console args for ttyS0
- b453385bd feat: support volume configuration, provisioning, e...
v1.8.0-alpha.2
Talos 1.8.0-alpha.2 (2024-09-02)
Welcome to the v1.8.0-alpha.2 release of Talos!
This is a pre-release of Talos
Starting with Talos v1.8.0, only standard assets would be published as github release assets. These include:
cloud-images.json
talosctl
binarieskernel
initramfs
metal
iso and disk imagestalosctl-cni-bundle
All other release assets can be downloaded from Image Factory.
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Node Annotations
Talos Linux now supports configuring Kubernetes node annotations via machine configuration (.machine.nodeAnnotations
) in a way similar to node labels.
Workload Apparmor Profile
Talos Linux can now apply the default AppArmor profiles to all workloads started via containerd, if the machine is installed with the AppArmor LSM enforced via the extraKernelArgs.
Eg:
machine:
install:
extraKernelArgs:
- security=apparmor
Bridge Interface
Talos Linux now support configuring 'vlan_filtering' for bridge interfaces.
CNI Plugins
Talos Linux now bundles by default the following standard CNI plugins:
bridge
firewall
flannel
host-local
loopback
portmap
The Talos bundled Flannel manifest was simplified to remove the install-cni
step.
Diagnostics
Talos Linux now shows diagnostics information for common problems related to misconfiguration via talosctl health
and Talos dashboard.
Extensions in Kubernetes Nodes
Talos Linux now publishes list of installed extensions as Kubernetes node labels/annotations.
The key format is extensions.talos.dev/<name>
and the value is the extension version.
If the extension name is not valid as a label key, it will be skipped.
If the extension version is a valid label value, it will be put to the label; otherwise it will be put to the annotation.
For Talos machines booted of the Image Factory artifacts, this means that the schematic ID will be published as the annotation
extensions.talos.dev/schematic
(as it is longer than 63 characters).
DNS Forwarding for CoreDNS pods
Usage of the host DNS resolver as upstream for Kubernetes CoreDNS pods is now enabled by default. You can disable it
with:
machine:
features:
hostDNS:
enabled: true
forwardKubeDNSToHost: false
Please note that on running cluster you will have to kill CoreDNS pods for this change to apply.
The IP address used to forward DNS queries has changed to the fixed 169.254.116.108
address.
For those upgrading from Talos 1.7 with forwardKubeDNSToHost
enabled, the old Kubernetes service
can be cleaned up with kubectl delete -n kube-system service host-dns
.
Installer
Talos Linux installer now never wipes the system disk on upgrades, which means that the flag
--preserve
is always set for talosctl upgrade
.
talos.halt_if_installed
kernel argument
Starting with Talos 1.8, ISO's generated from Boot Assets would have a new kernel argument talos.halt_if_installed
which would pause the boot sequence until boot timeout if Talos is already installed on the disk.
ISO generated for pre 1.8 versions would not have this kernel argument.
This can be also explicitly enabled by setting talos.halt_if_installed=1
in kernel argument.
Slim Kubelet Image
Kubelet container image includes various utilities that kubelet might use to perform various tasks.
Starting with Kubernetes 1.31.0, kubelet
image now includes less utilities, as the in-tree CSI plugins were
removed in Kubernetes 1.31.0. This reduces kubelet
image size and potential attack surface.
For Kubernetes < 1.31.0, there will be two images built:
v1.x.y
(default, fat)v1.x.y-slim
(slim)
For Kubernetes >= 1.31.0, there will be same two images built, but the
default tag would point to slim image:
v1.x.y
(default, slim)v1.x.y-fat
(fat)
Default Node Labels
Talos Linux on config generation now adds a label node.kubernetes.io/exclude-from-external-load-balancers
by default for the control plane nodes.
PCI Devices
A list of PCI devices can now be obtained via PCIDevices
resource, e.g. talosctl get pcidevices
.
Metal images
Starting with Talos 1.8, console=ttyS0
kernel argument is removed from the metal images and installer. If running virtualized in QEMU (For eg: Proxmox), this can be added as an extra kernel argument if needed via Image Factory or using Imager.
This should fix slow boot or no console output issues on most bare metal hardware.
NVIDIA GPU Support
Starting with Talos 1.8.0, SideroLabs would ships extensions for both LTS and Production versions of NVIDIA extensions.
For more details see the CHANGELOG of extensions.
Upgrades with an exisiting schematic id from Image Factory would keep the existing LTS version of the NVIDIA extension.
Platform Support
Talos Linux now supports Apache CloudStack platform.
kube-proxy
Talos Linux configures kube-proxy >= v1.31.0 to use 'nftables' backend by default.
Secure Boot
Talos Linux now can optionally include well-known UEFI (Microsoft) SecureBoot keys into the auto-enrollment UEFI database.
Custom Trusted Roots
Talos Linux now supports adding custom trusted roots (CA certificates) via TrustedRootsConfig
configuration documents.
Device Extra Settle Timeout
Talos Linux now supports a kernel command line argument talos.device.settle_time=3m
to set the device extra settle timeout to workaround issues with broken drivers.
Component Updates
Kubernetes: 1.31.0
Linux: 6.6.47
containerd: 2.0.0-rc.4
runc: 1.2.0-rc.2
etcd: 3.5.15
Flannel: 0.25.6
Flannel CNI plugin: 1.5.1
CoreDNS: 1.1.13
Talos is built with Go 1.22.6.
ZSTD Compression
Talos Linux now compresses kernel and initramfs using ZSTD.
Linux arm64 kernel is now compressed (previously it was uncompressed).
Contributors
- Andrey Smirnov
- Dmitriy Matrenichev
- Noel Georgi
- Utku Ozdemir
- Artem Chernyshev
- Dmitry Sharshakov
- Justin Garrison
- Spencer Smith
- Steve Francis
- Bernard Gütermann
- Jean-Francois Roy
- Konrad Eriksson
- Serge Logvinov
- doctor_ew
- Amadeus Mader
- Andrew Rynhard
- Anthony ARNAUD
- Attila Oláh
- Birger J. Nordølum
- Caleb Woodbine
- Claus Albøge
- Daniel Höxtermann
- David Birks
- Dean
- Dennis Marttinen
- Eddie Zaneski
- Enrique Hernández Bello
- EricMa
- Evan Johnson
- Fabian Topfstedt
- Fredrik Lundhag
- George Gaál
- Grzegorz Rozniecki
- Grzegorz Rożniecki
- Igor Rzegocki
- Josia Scheytt
- Judah Rand
- Marcel Richter
- Marco Franssen
- Marcus Förster
- Matthias Riegler
- Matthieu Mottet
- Maxime Brunet
- Michael Trip
- Mike Beaumont
- Nick Meyer
- Nicklas Frahm
- Ole-Magnus Sæther
- Roman Ivanov
- Ron Olson
- Saravanan G
- Simon-Boyer
- Skyler Mäntysaari
- Steve Fan
- Steve Martinelli
- Steven Fackler
- Syoc
- Tim Jones
- USBAkimbo
- Will Bush
- cryptk
- darox
- dhaines-quera
- leppeK
- looklose
Changes
280 commits
- ec3844c46 release(v1.8.0-alpha.2): prepare release
- 6f7c3a8e5 fix: build of talosctl on non-Linux arches
- f0a59cec7 release(v1.8.0-alpha.2): prepare release
- c8aed3be4 fix: correctly add console args for ttyS0
- b453385bd feat: support volume configuration, provisioning, etc
- b6b16b35f chore: pause sequencer when talos installed and iso booted
- eade0a9f2 chore: bring in
uio
modules - 81f9fcd9c fix: report errors correctly when pulling, fix EEXIST
- b309e87b4 docs: fix invalid input in field user_data
- c7474877a docs: kubeProxyReplacement from "disabled" to "false"
- be2ebf6b4 chore: bump dependencies
- 88601bff4 chore: drop calico from interactive installer
- 106c17d0b chore: aarch64 qemu local secureboot support
- da6263506 feat: update Flannel to v0.25.6
- 19a44c2b0 chore: drop console
ttyS0
argument - 75cecb421 feat: add Apache Cloudstack support
- 951cf66fd feat: add Cisco fnic driver
- 2d3bc94bf fix(ci): fix broken tests
- a9551b7ca fix: host DNS access with firewall enabled
- 4834a61a8 feat: report SELinux labels
- 8fe39eacb chore: move csi tests as go test
- e4f8cb854 fix: merge extension service config files by
mountPath
- 5ba1df469 chore: add java package to protos
- 823480800 fix: add missing host/nvme-rdma
- 5b4b64979 fix: bump go-smbios for broken SMIOS tables
- f57d1f07e fix: add NVMe target kernel modules
- 5ff6cf82c fix: drop /opt mount for containers/tink
- 3c0db34d8 docs: update kubespan docs
- 3041d9075 fix: always handle
PermissionDenied
in dashboard resource watches - 36f83eea9 chore: make qemu check flag consistent with code
- fe52cb074 chore: update protoc-gen-doc
- ee4290f68 fix: bind HostDNS to 169.254.x link-local address
- c312a46f6 chore: restructure k8s component health checks
- e193e7db9 docs: fix incorrect path...
v1.7.6
Talos 1.7.6 (2024-08-06)
Welcome to the v1.7.6 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Component Updates
Linux: 6.6.43
Kubernetes: 1.30.3
Talos is built with Go 1.22.5.
Contributors
- Andrey Smirnov
- Jean-Francois Roy
Changes
5 commits
Changes from siderolabs/pkgs
8 commits
- siderolabs/pkgs@f0c088f feat: update Linux to 6.6.43
- siderolabs/pkgs@fb24a28 fix: enable TPROXY for nftables
- siderolabs/pkgs@4d7d88b feat: update Linux to 6.6.39
- siderolabs/pkgs@a302e94 fix: enable CONFIG_PROC_CHILDREN for amd64 kernel
- siderolabs/pkgs@034804e feat: update Linux to 6.6.36
- siderolabs/pkgs@44d273d feat: enable CONFIG_X86_AMD_PSTATE
- siderolabs/pkgs@3d1bd33 feat: update Go to 1.22.5
- siderolabs/pkgs@6637717 feat: update runc to 1.1.13
Changes from siderolabs/tools
Dependency Changes
- github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 -> v1.6.0
- github.com/siderolabs/pkgs v1.7.0-21-gc58ed7f -> v1.7.0-29-gf0c088f
- github.com/siderolabs/talos/pkg/machinery v1.7.5 -> v1.7.6
- github.com/siderolabs/tools v1.7.0-3-g6c94771 -> v1.7.0-4-gc844dc3
- golang.org/x/net v0.25.0 -> v0.26.0
- golang.org/x/sync v0.6.0 -> v0.7.0
- golang.org/x/sys v0.20.0 -> v0.21.0
- golang.org/x/term v0.20.0 -> v0.21.0
- golang.org/x/text v0.15.0 -> v0.16.0
- k8s.io/api v0.30.1 -> v0.30.3
- k8s.io/apiserver v0.30.1 -> v0.30.3
- k8s.io/client-go v0.30.1 -> v0.30.3
- k8s.io/component-base v0.30.1 -> v0.30.3
- k8s.io/kube-scheduler v0.30.1 -> v0.30.3
- k8s.io/kubectl v0.30.1 -> v0.30.3
- k8s.io/kubelet v0.30.1 -> v0.30.3
- k8s.io/pod-security-admission v0.30.1 -> v0.30.3
Previous release can be found at v1.7.5
Images
ghcr.io/siderolabs/flannel:v0.25.3
ghcr.io/siderolabs/install-cni:v1.7.0-2-g7c627a8
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.13
registry.k8s.io/kube-apiserver:v1.30.3
registry.k8s.io/kube-controller-manager:v1.30.3
registry.k8s.io/kube-scheduler:v1.30.3
registry.k8s.io/kube-proxy:v1.30.3
ghcr.io/siderolabs/kubelet:v1.30.3
ghcr.io/siderolabs/installer:v1.7.6
registry.k8s.io/pause:3.8
v1.6.8
Talos 1.6.8 (2024-07-24)
Welcome to the v1.6.8 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Component Updates
- Linux: 6.1.100
- Kubernetes: 1.29.7
- runc: 1.1.13
- containerd: 1.7.20
Talos is built with Go 1.21.12.
Contributors
- Andrey Smirnov
- Artem Chernyshev
- Dmitriy Matrenichev
- Utku Ozdemir
Changes
11 commits
- 26c13c8f4 release(v1.6.8): prepare release
- ddc690d73 feat: provide an option to enforce SecureBoot for TPM enrollment
- 390b29d1a fix: check for
nil
machine config during installation - 3ec9b8d6f fix: do not fail cli action tracker when boot id cannot be read
- f686e7102 fix: bump priority of OpenStack routes if IPv6 and default gateway
- 745257f1e fix: return proper value from Bridge.STP instead of plain nil
- 968eb5ac8 fix: assign different priority to IPv6 default gateway on OpenStack
- b222d5062 fix: make static pods check output consistent
- dd241d705 fix: don't announce the VIP on acquire failure
- 67c76e816 fix: always update firewall rules (kubespan)
- 65a927559 feat: update major components
Changes from siderolabs/pkgs
Changes from siderolabs/tools
Dependency Changes
- github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0 -> v1.11.1
- github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 -> v1.6.0
- github.com/google/nftables v0.1.0 -> v0.2.0
- github.com/google/uuid v1.4.0 -> v1.6.0
- github.com/siderolabs/pkgs v1.6.0-27-gdf44f94 -> v1.6.0-28-g2472b6d
- github.com/siderolabs/talos/pkg/machinery v1.6.7 -> v1.6.8
- github.com/siderolabs/tools v1.6.0-3-gae30965 -> v1.6.0-4-g8ebe1dc
- github.com/stretchr/testify v1.8.4 -> v1.9.0
- golang.org/x/net v0.19.0 -> v0.26.0
- golang.org/x/sync v0.5.0 -> v0.7.0
- golang.org/x/sys v0.16.0 -> v0.21.0
- golang.org/x/term v0.15.0 -> v0.21.0
- golang.org/x/text v0.14.0 -> v0.16.0
- k8s.io/api v0.29.3 -> v0.29.7
- k8s.io/apimachinery v0.29.3 -> v0.29.7
- k8s.io/apiserver v0.29.3 -> v0.29.7
- k8s.io/client-go v0.29.3 -> v0.29.7
- k8s.io/component-base v0.29.3 -> v0.29.7
- k8s.io/cri-api v0.29.3 -> v0.29.7
- k8s.io/kube-scheduler v0.29.3 -> v0.29.7
- k8s.io/kubectl v0.29.3 -> v0.29.7
- k8s.io/kubelet v0.29.3 -> v0.29.7
- k8s.io/pod-security-admission v0.29.3 -> v0.29.7
Previous release can be found at v1.6.7
Images
ghcr.io/siderolabs/flannel:v0.23.0
ghcr.io/siderolabs/install-cni:v1.6.0-2-g9234398
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.11
registry.k8s.io/kube-apiserver:v1.29.7
registry.k8s.io/kube-controller-manager:v1.29.7
registry.k8s.io/kube-scheduler:v1.29.7
registry.k8s.io/kube-proxy:v1.29.7
ghcr.io/siderolabs/kubelet:v1.29.7
ghcr.io/siderolabs/installer:v1.6.8
registry.k8s.io/pause:3.8
v1.8.0-alpha.1
Talos 1.8.0-alpha.1 (2024-07-08)
Welcome to the v1.8.0-alpha.1 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Workload Apparmor Profile
Talos Linux can now apply the default AppArmor profiles to all workloads started via containerd, if the machine is installed with the AppArmor LSM enforced via the extraKernelArgs.
Eg:
machine:
install:
extraKernelArgs:
- security=apparmor
Bridge Interface
Talos Linux now support configuring 'vlan_filtering' for bridge interfaces.
Diagnostics
Talos Linux now shows diagnostics information for common problems related to misconfiguration via talosctl health
and Talos dashboard.
DNS Forwarding for CoreDNS pods
Usage of the host DNS resolver as upstream for Kubernetes CoreDNS pods is now enabled by default. You can disable it
with:
machine:
features:
hostDNS:
enabled: true
forwardKubeDNSToHost: false
Please note that on running cluster you will have to kill CoreDNS pods for this change to apply.
PCI Devices
A list of PCI devices can now be obtained via PCIDevices
resource, e.g. talosctl get pcidevices
.
Component Updates
Kubernetes: 1.30.2
Linux: 6.6.36
containerd: 2.0.0-rc.3
runc: 1.2.0-rc.2
etcd: 3.5.14
Flannel: 0.25.3
Flannel CNI plugin: 1.5.1
Talos is built with Go 1.22.5.
ZSTD Compression
Talos Linux now compresses kernel and initramfs using ZSTD.
Linux arm64 kernel is now compressed (previously it was uncompressed).
Contributors
- Andrey Smirnov
- Dmitriy Matrenichev
- Noel Georgi
- Utku Ozdemir
- Artem Chernyshev
- Dmitry Sharshakov
- Spencer Smith
- Justin Garrison
- Steve Francis
- Bernard Gütermann
- Konrad Eriksson
- Andrew Rynhard
- Attila Oláh
- Birger J. Nordølum
- Dennis Marttinen
- Enrique Hernández Bello
- Evan Johnson
- Fabian Topfstedt
- Grzegorz Rozniecki
- Grzegorz Rożniecki
- Igor Rzegocki
- Jean-Francois Roy
- Marcel Richter
- Marco Franssen
- Michael Trip
- Ron Olson
- Serge Logvinov
- Simon-Boyer
- Steve Fan
- USBAkimbo
- Will Bush
- darox
- dhaines-quera
- leppeK
- looklose
Changes
166 commits
- 31af6b3f8 chore: fix the release step to include CNI bundle
- d7cd46643 chore: fix the push/tag steps
- c9aeeca3d chore: fix the Makefile
- 48cdbe0de release(v1.8.0-alpha.1): prepare release
- 2512ef435 test: fix the integrtion tests for apply-config
- 076f3c4f2 chore: improve link spec controller code
- 0454130ad feat: suppress controller runtime first N failures on the console
- 3d35e5468 chore: update hydrophone library
- 1f28726d4 chore: support version with and without
v
prefix - 9a56b8527 chore(ci): fix parallel runs of tf pipelines
- be35f380c chore: update pkgs/tools/extras
- 93df23444 docs: update opengraph image for main landing pages
- d9d62d4da feat: update Linux to 6.6.36
- 6b0fe5b8c docs: update deploying cilium docs for v1.7 and v1.8
- 52611a90d feat: update Kubernetes to v1.30.2
- c19cc4ccb docs: clarify direct access needed to nodes in insecure mode
- b4c871e4b chore: bump dependencies
- cc345c8c9 feat: add support for configuring vlan filtering on the bridge
- 2d054ad35 chore: handle documents diff in
apply-config
dry run - bd34f71f3 feat: add apparmor pkg
- 71857fd4d docs: fix typo:
messure
->measure
- f75f16b0a chore(ci): fix cluster name generation
- c603d2bf9 chore: output more info when
ExecuteCommandInPod
fails - 4b5a7445e docs: fix missing Akamai platform in supported matrix
- 4701498a1 chore(ci): run e2e-aws-nvidia with zfs extension enabled
- 86a3222ae chore: use new disks api for iscsi tests
- 5ffc3f14b feat: show siderolink status on dashboard
- 6f6a5d105 chore: upgrade to rtnetlink/v2 library
- 1fb8453c2 chore: update Go modules
- 8e15621e8 chore(ci): add conformance pipelines
- 7fcb521a6 feat: use hydrophone instead of sonobuoy
- d1a0c1f98 test: fix the integration test for no META name
- 535006334 chore: fix our dns server implementation
- c6f90d014 chore: replace sync.Map with concurrent.HashTrieMap
- e8ced2c2d chore: drop k8s timeout in the default kubeconfig
- 7cbdce73f fix: detect CD devices, fix user disks wipe test
- aca475c66 chore: small usability fixes
- 26cf566dc chore: bump our coredns fork
- 5e66e117e fix: initial assignment of Hetzner Cloud Alias IP
- f07b79f4a feat: provide disk detection based on new blockdevices
- 8ee087268 chore(ci): drop crashdump, save logs as artifacts
- 7c9a14383 fix: volume discovery improvements
- 80ca8ff71 fix: update the cgroups for Talos core services
- fe317f1e1 docs: fix typo in QEMU guest agent support on Proxmox
- 8dbe2128a feat: implement Talos diagnostics
- 357d7754f fix: clean up VM runners on cluster destroy
- 41f92e0ba chore: update Go to 1.22.4, other updates
- 4621e9bb7 chore: add stale and lock issue workflows
- 82d9cd322 fix: add upgrade errata for arm64/zboot kernels
- 9a23d846c fix: downgrade Azure IMDS required version
- 30860210c test: fix hardware test not to require PCI devices
- 9fcc9b841 feat: update Flannel to v0.25.3
- 9d395b9de chore: use bun instead of npm
- a1684bdf8 chore: speed up go generate for enumer
- 4dd0aa712 feat: implement PCI device bus enumeration
- b0466e0ab fix: disable kexec on GCP/Azure
- 911c25574 chore: fix go.work resolution
- 2f088ede0 docs: add another example for installing cilium
- 3967e0777 feat: update etcd to 3.5.14
- 3367ded9f fix: correct time adjustment in
time.SyncController
- 893e64fcb fix: replace
nslookup
withdig
in integration tests - 0359c8537 chore: unify toml packages being used
- 4feb94ca0 feat: add multidoc check to the Talos quirks module
- 0b4a9777f docs: update talosctl install instructions for 1.8
- da8305ffb test: add a test for watchdog timers
- da7f27640 fix: mount
tracefs
filesystem - 7b37e5b63 chore(ci): fix integration extensions
- de7553d77 fix(ci): cron jobs
- eb510d9fd chore: require enabled bootloader for docker provisioner
- a9cf9b789 fix: correctly handle dns messages in our dns implementation
- c2b19dcb9 chore: move to containerd 2.0 API
- 92a274e9a fix: workaround problems with udevd races
- 31b24ea3d chore(ci): split integration misc
- 8a1371337 fix: produce stable order of bonds with equinix
- 6406193f4 test: add Equnix Metal sample metadata with two bonds
- 01ea82053 fix: time sync over NTP from future era
- 5aea42427 fix(ci): fix crons by setting up buildx always
- 84706c3e2 docs: default to brew docs for talosctl
- fcd65ff65 feat: enable forwardKubeDNSToHost by default
- 2e64e9e4e fix: require accepted CAs on worker nodes
- 23c1c4560 fix(ci): fix crons fby rekres
- 2d50392c5 feat: update containerd to 2.0.0-rc.2, runc to 1.2.0-rc.1
- a12e4bb24 chore(ci): fix github action crons
- e7bd9cd2b fix: decrease maximum negative ttl for dns responses
- 9c3ebad9f chore(ci): kresify gh actions
- ff60f6fde refactor: make some of the extensions package public
- ce8c86d64 fix: panic in osroot controller
- e1711cd3c chore: stop using containerd package for cri namespace
- d4307043f fix: update go-tail library to fix 'short read' error
- 7cd13ef4a docs: add documentation on using Multus with Talos
- 4784da3ef feat: use new circular buffer compressed chunks feature
- 78b48eb3a feat: include EDAC drivers
- 0bf2d69fb feat: update Kubernetes to 1.30.1
- 53f548913 fix: increase host dns packet ttl for pods
- dedb6d360 fix: update github.com/siderolabs/siderolink to v0.3.7
- 43939f1a6 docs: fix typos, add docker socket info
- 6663068bb chore: update project in GCP testing
- b86edc677 chore: update office hours in talos repo
- cfa25d22d chore: remove docs prior to 1.0 from website navigation
- 120705459 chore: handle I/O error for xfs_repair
- b7afe2669 feat: update Linux 6.6.30
- 26519ceed docs: update proxmox.md
- 851b91a0e fix: don't enable hostDNS for versions of Talos which do not have it
- 42ac5cd0c fix...
v1.7.5
Talos 1.7.5 (2024-06-21)
Welcome to the v1.7.5 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Component Updates
Linux: 6.6.33
Flannel: 0.25.3
Containerd: 1.7.18
Talos is built with Go 1.22.4.
Contributors
- Andrey Smirnov
- Noel Georgi
- Dmitriy Matrenichev
- Marcel Richter
Changes
7 commits
- 47731624e release(v1.7.5): prepare release
- 6d6751f6a feat: update Linux to 6.6.33, Go to 1.22.4
- 2c4aa7342 chore: fix our dns server implementation
- 8ad20a6c1 fix: initial assignment of Hetzner Cloud Alias IP
- 90c3a0244 feat: update Flannel to v0.25.3
- b14fe3973 fix: downgrade Azure IMDS required version
- fa6c85259 fix: decrease maximum negative ttl for dns responses
Changes from siderolabs/extras
Changes from siderolabs/pkgs
4 commits
- siderolabs/pkgs@c58ed7f feat: bump Go to 1.22.4
- siderolabs/pkgs@ab5d66b feat: update Linux to 6.6.33
- siderolabs/pkgs@0e1002e feat: enable SCTP support
- siderolabs/pkgs@e04adee feat: update containerd to 1.7.18
Changes from siderolabs/tools
Dependency Changes
- github.com/docker/docker v26.0.0 -> v26.0.2
- github.com/miekg/dns v1.1.58 -> v1.1.59
- github.com/siderolabs/extras v1.7.0-1-gbb76755 -> v1.7.0-2-g7c627a8
- github.com/siderolabs/pkgs v1.7.0-17-ga201d27 -> v1.7.0-21-gc58ed7f
- github.com/siderolabs/talos/pkg/machinery v1.7.4 -> v1.7.5
- github.com/siderolabs/tools v1.7.0-2-g345db93 -> v1.7.0-3-g6c94771
- google.golang.org/grpc v1.62.1 -> v1.63.2
Previous release can be found at v1.7.4
Images
ghcr.io/siderolabs/flannel:v0.25.3
ghcr.io/siderolabs/install-cni:v1.7.0-2-g7c627a8
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.13
registry.k8s.io/kube-apiserver:v1.30.1
registry.k8s.io/kube-controller-manager:v1.30.1
registry.k8s.io/kube-scheduler:v1.30.1
registry.k8s.io/kube-proxy:v1.30.1
ghcr.io/siderolabs/kubelet:v1.30.1
ghcr.io/siderolabs/installer:v1.7.5
registry.k8s.io/pause:3.8
v1.7.4
Talos 1.7.4 (2024-05-30)
Welcome to the v1.7.4 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Component Updates
Talos is built with Go 1.22.3.
Contributors
- Andrey Smirnov
- Dmitriy Matrenichev
Changes
2 commits
Dependency Changes
- github.com/beevik/ntp v1.4.2 -> v1.4.3
- github.com/siderolabs/talos/pkg/machinery v1.7.3 -> v1.7.4
- golang.org/x/net v0.24.0 -> v0.25.0
- golang.org/x/sys v0.19.0 -> v0.20.0
- golang.org/x/term v0.19.0 -> v0.20.0
- golang.org/x/text v0.14.0 -> v0.15.0
Previous release can be found at v1.7.3
Images
ghcr.io/siderolabs/flannel:v0.25.1
ghcr.io/siderolabs/install-cni:v1.7.0-1-gbb76755
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.13
registry.k8s.io/kube-apiserver:v1.30.1
registry.k8s.io/kube-controller-manager:v1.30.1
registry.k8s.io/kube-scheduler:v1.30.1
registry.k8s.io/kube-proxy:v1.30.1
ghcr.io/siderolabs/kubelet:v1.30.1
ghcr.io/siderolabs/installer:v1.7.4
registry.k8s.io/pause:3.8