Releases: siderolabs/talos
v1.8.3
Talos 1.8.3 (2024-11-13)
Welcome to the v1.8.3 release of Talos!
Starting with Talos v1.8.0, only standard assets would be published as github release assets. These include:
cloud-images.json
talosctl
binarieskernel
initramfs
metal
iso and disk imagestalosctl-cni-bundle
All other release assets can be downloaded from Image Factory.
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Component Updates
Linux: 6.6.60
containerd: 2.0.0
runc: 1.2.1
Talos is built with Go 1.22.9.
Contributors
- Andrey Smirnov
- blablu
- Dmitry Sharshakov
- Joakim Nohlgård
- Noel Georgi
- Remko Molier
- Sam Stelfox
Changes
15 commits
- 6494aced3 release(v1.8.3): prepare release
- 01c9f4584 fix: arch linux search paths and names for QEMU provisioner
- 8b5c5f108 chore: fix nil pointer dereference in AWS uploader
- fbf85dd0d fix: install disk matcher error
- ff3fccea9 feat: add dm-cache dm-cache-smq kernel modules
- 6d872e41c feat: allow extra mounts for docker-based
talosctl cluster create
- 8c193c8b1 fix: update permissions for logging directories in /var
- 5044a410c fix: mount /sys/kernel/security conditionally
- 83abb6644 fix: make route normalization keep family
- 228a94387 fix: do not trim 0 from process SELinux label
- d4a3a2b62 fix: prevent panic in nocloud platform code
- 5c7b02d7e fix: update the CRI sandbox image reference
- f8155c40d feat: add parsing of vlanNNNN:ethX style VLAN cmdline args
- ea19f157f fix: generation of SecureBoot iso
- fddaa60e2 feat: update Linux, runc, containerd, go
Changes from siderolabs/pkgs
7 commits
- siderolabs/pkgs@9c80a4a feat: update Linux to 6.6.60
- siderolabs/pkgs@747c6c7 feat: update containerd to v2.0.0
- siderolabs/pkgs@87c6526 feat: enable CONFIG_DM_CACHE
- siderolabs/pkgs@b4fa648 fix: enable nvme and 2.5gbit ethernet on nanopi-r5s
- siderolabs/pkgs@079ea13 feat: update Linux to 6.6.59
- siderolabs/pkgs@e4bc753 feat: update runc to v1.2.1
- siderolabs/pkgs@de3dbf5 feat: update Go to 1.22.9
Changes from siderolabs/tools
Dependency Changes
- github.com/docker/cli v27.1.1 new
- github.com/docker/docker v27.2.0 -> v27.1.1
- github.com/siderolabs/pkgs v1.8.0-24-ge72b2f4 -> v1.8.0-31-g9c80a4a
- github.com/siderolabs/talos/pkg/machinery v1.8.2 -> v1.8.3
- github.com/siderolabs/tools v1.8.0-2-g7719230 -> v1.8.0-3-g653182a
Previous release can be found at v1.8.2
Images
ghcr.io/siderolabs/flannel:v0.25.7
registry.k8s.io/coredns/coredns:v1.11.3
gcr.io/etcd-development/etcd:v3.5.16
registry.k8s.io/kube-apiserver:v1.31.2
registry.k8s.io/kube-controller-manager:v1.31.2
registry.k8s.io/kube-scheduler:v1.31.2
registry.k8s.io/kube-proxy:v1.31.2
ghcr.io/siderolabs/kubelet:v1.31.2
ghcr.io/siderolabs/installer:v1.8.3
registry.k8s.io/pause:3.10
v1.9.0-alpha.2
Talos 1.9.0-alpha.2 (2024-11-08)
Welcome to the v1.9.0-alpha.2 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
AppArmor
Talos Linux starting with v1.9 will ship with SELinux LSM enabled by default.
If you need to use AppArmor LSM add the following to the machine configuration:
machine:
install:
extraKernelArgs:
- -selinux
- lsm=lockdown,capability,yama,apparmor,bpf
- apparmor=1
Auditd
Talos Linux now starts a auditd service by default.
Logs can be read with talosctl logs auditd
.
talosctl cgroups
The talosctl cgroups
command has been added to the talosctl
tool.
This command allows you to view the cgroup resource consumption and limits for a machine, e.g.
talosctl cgroups --preset memory
.
udevd
Talos previously used udevd
to provide udevd
, now it uses systemd-udevd
instead.
Component Updates
Linux: 6.6.59
containerd: 2.0.0
Flannel: 0.26.0
Kubernetes: 1.32.0-beta.0
runc: 1.2.1
Talos is built with Go 1.23.2.
User Namespaces
Talos Linux now supports running Kubernetes pods with user namespaces enabled.
Refer to the documentation for more information.
Contributors
- Andrey Smirnov
- Noel Georgi
- Dmitriy Matrenichev
- Dmitry Sharshakov
- Joakim Nohlgård
- Jean-Francois Roy
- Utku Ozdemir
- blablu
- Adolfo Ochagavía
- Dan Rue
- David Backeus
- Eddie Wang
- Florian Ströger
- Hexoplon
- Jakob Maležič
- KBAegis
- Mike Beaumont
- Nebula
- Nico Berlee
- Philip Schmid
- Philipp Kleber
- Remko Molier
- Robby Ciliberto
- Ryan Borstelmann
- Serge Logvinov
- Spencer Smith
- Steven Cassamajor
- Tim Jones
- adilTepe
- ekarlso
- naed3r
- nevermarine
- solidDoWant
Changes
145 commits
- 0290a3881 release(v1.9.0-alpha.2): prepare release
- a309f6aa5 chore: fix nil pointer dereference in AWS uploader
- 333737f17 test: fix unpriviliged process runner test
- 200116705 chore(ci): save support zip always after tests
- 6a42c3b8e release(v1.9.0-alpha.1): prepare release
- fb72e4b7b fix(ci): skip test if
UserNamespacesSupport
feature gate is not set - 11380f933 feat: display current CPU frequency on dashboard
- fbce267ae feat: check bridged interfaces should not have addresses
- 942962bf0 docs: add docs on usernamespace support in k8s
- 0406a05a9 chore: update pkgs to ones built with gcc 14.2
- 2e127627d docs: add apparmor enablement release notes
- aa9311f3d fix: install disk matcher error
- 1800f8104 fix: selinux handling and apparmor tests
- 313bffadf feat: update Kubernetes to v1.32.0-beta.0
- bbfa14451 feat: update containerd to v2.0.0
- 8e02b9fcb docs: update manual k8s upgrade docs
- 474949dc7 feat: add dm-cache dm-cache-smq kernel modules
- 5112547d6 chore: generate support zip for crashdump
- a867f85e4 feat: label system socket and runtime files
- 398f714cf feat: update Linux 6.6.59, runc 1.2.1
- 05c620957 feat: allow extra mounts for docker-based
talosctl cluster create
- cedabeddf chore: cleanup code
- 61d363e1d chore: update go-auditlib
- 960a04049 feat: start enabling SELinux
- 7f3aaa21c fix: update permissions for logging directories in /var
- 0e6c983b8 fix: mount /sys/kernel/security conditionally
- 74b0e8c37 fix: make route normalization keep family
- 0a3761c22 fix: talosctl windows arm64
- 4b10c5328 chore: add Windows ARM64 build for talosctl
- 9abf16108 feat: add auditd service
- d464ca869 chore: drop runc memfd bind added in #9069
- b54d26c2c fix: mount pseudo sub-mountpoints in init
- 7aeb15f73 chore: disable coredns cache for cluster domain
- d8b652150 docs: add warning about NVMe bus path bug
- 3e16ab135 feat: update Kubernetes to v1.32.0-alpha.3
- 0b8b35677 feat: add BridgePort property to network machine configuration
- b37950625 fix: use more correct condition to skip generating hosts files
- 62ec7ec33 refactor: replace the old v1 mount package with new one
- 0ece13c62 docs: update network-config.md (cont)
- 93827f048 docs: update network-config.md
- 423b1e5fb fix: do not trim 0 from process SELinux label
- 2136358d6 feat: introduce metal agent mode
- 0e15955fc chore: small refactoring
- 66012a7f2 feat: remove wrapperd and launch processes directly
- 3a0a17ae6 fix: prevent panic in nocloud platform code
- dc0c6acbd refactor: remove unmaintained github.com/vishvananda/netlink
- 78353f791 feat: add parsing of vlanNNNN:ethX style VLAN cmdline args
- 9db7a36bf fix: generation of SecureBoot iso
- c755b6d7e fix: update the CRI sandbox image reference
- cec290b35 feat: allow extensions to log to console
- b7801df82 fix: wait for udevd to be running before activating LVM
- d4cb478a5 docs: improve field description for BridgeSTP, BridgeVLAN
- 7329824b2 docs: add Mynewsdesk to ADOPTERS.md
- a13cf76a3 chore: simplify
DNSUpstreamController
andDNSUpstream
resource - 62d185473 fix: talosctl process null character
- 77d7368ea feat: update containerd to v2.0.0-rc.6
- d39393879 fix: rework the 'metal-iso' config acquisition
- 1993afca9 chore: create /usr/etc in a different step
- 8680351c1 chore: move system extensions' udev rules
- 3067f64c8 feat: update Flannel to v0.26.0
- 8658d6865 docs: typo in deploying cilium
- 49bbadc4b docs: add documentation on performance tuning
- 534b0ce18 feat: update runc to 1.2.0 final
- 217253523 docs: fix image factory links
- 375e3da73 feat: update Kubernetes to 1.32.0-alpha.2
- 9e6f64df0 fix: improve error messages for invalid bridge/bond configuration
- 7c8c72c2b fix: correct error message for invalid ip=
- ead46997c chore: rename tpm2.PCRExtent -> tpm2.PCRExtend
- 867c4b812 docs: fix typo in prodnotes.md
- 1b22df48a chore: support debug shell for advanced development
- c14b44622 feat: update Kubernetes to v1.32.0-alpha.1
- 29780d35a test: add an integration test for verifying process parameters
- 3d342af44 fix: update incorrect alias for PCIDevice resource
- f7d35a5e0 release(v1.9.0-alpha.0): prepare release
- e0434d77d feat: update dependencies
- 5c5a24886 feat: add Talos 1.9 compatibility guarantees
- bc4c21f41 test: add json logs test environment
- 71faa3294 docs: nvidia proprietary/oss hardware requirement
- 59a78da42 chore: add proto-codec/codec
- 7ff1cedfe chore: update siderolabs/crypto module and return proper ALPN
- ccbd5aed3 feat: optionally decode hcloud userdata as base64
- 34f652ce8 feat: add well-known app.kubernetes.io labels to control-plane pods
- fc89dc216 fix: support
extra-disks
when using iso - f2bff814d chore: add arm64 target for integration-test
- 5853bb0ea fix: json logging panic
- a859cff36 chore: use virtio driver for disks in arm64
- db248de88 chore(ci): add config for lldpd extension
- 9f0de9f43 test: update provision upgrade tests for Talos 1.9
- 39fe285e6 fix: skip ram disks
- a9bff3a1d test: skip no error test in Cilium
- 4d902021b fix: do not use pflag csv comma reader for config-patch
- 5371788ce fix: typo in documentation
- 8a228ba6b docs: add egress documentation
- 182325cb0 test: skip lvm test if not enough user disks available
- 519a48302 fix: wipe system partitions correctly via kernel args
- 0a2b4556c fix: volume encryption with failing keyslots
- 6affbd318 fix: update grpc-go the latest patch release
- 77a4a4adc fix: scaleway metadata
- 7acadc0c8 fix: do not stop udevd before unmounting volumes
- 6a081055b feat: update Flannel to v0.25.7
- 2362f6d3e fix: improve container detection
- b67bc73fd fix: fix mdadm system extension
- f08669c7a feat: bring in lpfc kernel module driver
- 6a014374b feat: enable QEDF driver
- f711907e0 fix: make /var/run empty on reboots
- 7d02eb60f docs: fix typo in CloudStack docs
- 74861573a fix: multiple fixes for LVM activation
- 74c12c20e feat: replace eudev with systemd-udevd
- 0a4df4ef8 docs: fi...
v1.8.2
Talos 1.8.2 (2024-10-28)
Welcome to the v1.8.2 release of Talos!
Starting with Talos v1.8.0, only standard assets would be published as github release assets. These include:
cloud-images.json
talosctl
binarieskernel
initramfs
metal
iso and disk imagestalosctl-cni-bundle
All other release assets can be downloaded from Image Factory.
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Component Updates
Linux: 6.6.58
containerd: 2.0.0-rc.6
runc: 1.2.0
Kubernetes: 1.31.2
Talos is built with Go 1.22.8.
Contributors
- Andrey Smirnov
- Dmitriy Matrenichev
- Joakim Nohlgård
- Noel Georgi
- Philip Schmid
- Philipp Kleber
- Serge Logvinov
Changes
18 commits
- 88f861a08 release(v1.8.2): prepare release
- cfc10106a fix: include iptables/netfilter ipv6 fix
- d8e2daf77 fix: wait for udevd to be running before activating LVM
- e105a3d74 fix: talosctl process null character
- 0e96e99b2 fix: rework the 'metal-iso' config acquisition
- 7ef579650 fix: improve error messages for invalid bridge/bond configuration
- a3fcbe0ba chore: rename tpm2.PCRExtent -> tpm2.PCRExtend
- a9e6e60ca fix: correct error message for invalid ip=
- 49de0abaa fix: update incorrect alias for PCIDevice resource
- 9b561ac3d feat: add Talos 1.9 compatibility guarantees
- 2ea3f85bc chore: update siderolabs/crypto module and return proper ALPN
- ce4791251 feat: optionally decode hcloud userdata as base64
- f20a6900d fix: json logging panic
- d855bb8be fix: skip ram disks
- b429e7f28 fix: do not use pflag csv comma reader for config-patch
- ee44f2c51 test: skip no error test in Cilium
- 7d055af29 fix: scaleway metadata
- 9f62fe96c feat: update pkgs and Kubernetes
Changes from siderolabs/crypto
Changes from siderolabs/go-circular
Changes from siderolabs/pkgs
8 commits
- siderolabs/pkgs@e72b2f4 fix: apply netfilter ipv6 fix
- siderolabs/pkgs@9aac1a8 feat: update containerd to v2.0.0-rc.6
- siderolabs/pkgs@9668729 feat: update Linux to 6.6.58
- siderolabs/pkgs@9bc27b3 feat: update runc to 1.2.0
- siderolabs/pkgs@f7cc89e fix: default IOMMU mode to 'lazy'
- siderolabs/pkgs@7ca4e2c feat: update Linux to 6.6.57, update Linux firmware
- siderolabs/pkgs@e2c4848 feat: update Linux 6.6.56 and protect /proc/mem
- siderolabs/pkgs@c7729c3 feat: enable CONFIG_XFRM_STATISTICS
Changes from siderolabs/siderolink
Dependency Changes
- github.com/klauspost/compress v1.17.10 -> v1.17.11
- github.com/siderolabs/crypto v0.4.4 -> v0.5.0
- github.com/siderolabs/go-circular v0.2.0 -> v0.2.1
- github.com/siderolabs/pkgs v1.8.0-16-g71d23b4 -> v1.8.0-24-ge72b2f4
- github.com/siderolabs/siderolink v0.3.10 -> v0.3.11
- github.com/siderolabs/talos/pkg/machinery v1.8.1 -> v1.8.2
- golang.org/x/time v0.6.0 -> v0.7.0
- k8s.io/api v0.31.1 -> v0.31.2
- k8s.io/apiserver v0.31.1 -> v0.31.2
- k8s.io/client-go v0.31.1 -> v0.31.2
- k8s.io/component-base v0.31.1 -> v0.31.2
- k8s.io/kube-scheduler v0.31.1 -> v0.31.2
- k8s.io/kubectl v0.31.1 -> v0.31.2
- k8s.io/kubelet v0.31.1 -> v0.31.2
- k8s.io/pod-security-admission v0.31.1 -> v0.31.2
Previous release can be found at v1.8.1
Images
ghcr.io/siderolabs/flannel:v0.25.7
registry.k8s.io/coredns/coredns:v1.11.3
gcr.io/etcd-development/etcd:v3.5.16
registry.k8s.io/kube-apiserver:v1.31.2
registry.k8s.io/kube-controller-manager:v1.31.2
registry.k8s.io/kube-scheduler:v1.31.2
registry.k8s.io/kube-proxy:v1.31.2
ghcr.io/siderolabs/kubelet:v1.31.2
ghcr.io/siderolabs/installer:v1.8.2
registry.k8s.io/pause:3.9
v1.9.0-alpha.0
Talos 1.9.0-alpha.0 (2024-10-18)
Welcome to the v1.9.0-alpha.0 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
talosctl cgroups
The talosctl cgroups
command has been added to the talosctl
tool.
This command allows you to view the cgroup resource consumption and limits for a machine, e.g.
talosctl cgroups --preset memory
.
udevd
Talos previously used udevd
to provide udevd
, now it uses systemd-udevd
instead.
Component Updates
Linux: 6.6.57
containerd: 2.0.0-rc.5
Flannel: 0.25.7
Talos is built with Go 1.23.2.
Contributors
- Andrey Smirnov
- Dmitriy Matrenichev
- Noel Georgi
- Dmitry Sharshakov
- Jean-Francois Roy
- Adolfo Ochagavía
- Dan Rue
- Eddie Wang
- Florian Ströger
- Hexoplon
- Mike Beaumont
- Philip Schmid
- Philipp Kleber
- Robby Ciliberto
- Ryan Borstelmann
- Serge Logvinov
- Spencer Smith
- Steven Cassamajor
- Tim Jones
- adilTepe
- ekarlso
- naed3r
Changes
72 commits
- f7d35a5e0 release(v1.9.0-alpha.0): prepare release
- e0434d77d feat: update dependencies
- 5c5a24886 feat: add Talos 1.9 compatibility guarantees
- bc4c21f41 test: add json logs test environment
- 71faa3294 docs: nvidia proprietary/oss hardware requirement
- 59a78da42 chore: add proto-codec/codec
- 7ff1cedfe chore: update siderolabs/crypto module and return proper ALPN
- ccbd5aed3 feat: optionally decode hcloud userdata as base64
- 34f652ce8 feat: add well-known app.kubernetes.io labels to control-plane pods
- fc89dc216 fix: support
extra-disks
when using iso - f2bff814d chore: add arm64 target for integration-test
- 5853bb0ea fix: json logging panic
- a859cff36 chore: use virtio driver for disks in arm64
- db248de88 chore(ci): add config for lldpd extension
- 9f0de9f43 test: update provision upgrade tests for Talos 1.9
- 39fe285e6 fix: skip ram disks
- a9bff3a1d test: skip no error test in Cilium
- 4d902021b fix: do not use pflag csv comma reader for config-patch
- 5371788ce fix: typo in documentation
- 8a228ba6b docs: add egress documentation
- 182325cb0 test: skip lvm test if not enough user disks available
- 519a48302 fix: wipe system partitions correctly via kernel args
- 0a2b4556c fix: volume encryption with failing keyslots
- 6affbd318 fix: update grpc-go the latest patch release
- 77a4a4adc fix: scaleway metadata
- 7acadc0c8 fix: do not stop udevd before unmounting volumes
- 6a081055b feat: update Flannel to v0.25.7
- 2362f6d3e fix: improve container detection
- b67bc73fd fix: fix mdadm system extension
- f08669c7a feat: bring in lpfc kernel module driver
- 6a014374b feat: enable QEDF driver
- f711907e0 fix: make /var/run empty on reboots
- 7d02eb60f docs: fix typo in CloudStack docs
- 74861573a fix: multiple fixes for LVM activation
- 74c12c20e feat: replace eudev with systemd-udevd
- 0a4df4ef8 docs: fix nvidia CRI config example
- afc1e1a46 docs: fix typo in extraMounts directory
- a341bdb06 fix: prevent file descriptors leaks to child processes
- dec653bfe chore: better lvm2 tests
- 908fd8789 feat: support cgroup deep analysis in
talosctl
- aa846cc18 feat: add support for CI Network config in nocloud
- 10f2539f2 chore: disable cloud-images cron workflow
- b07a8b36b chore: ignore more plugins for system containerd
- 392c4798f feat: prepare for Talos 1.9
- ea7bf9fb4 docs: update storage.md
- 4ab8dee69 fix: build talosctl without
tcell_minimal
- 2fa019bd9 docs: enable 'edit on GitHub' link
- d2ccbc2b1 docs: update hetzner documentation for CCM
- d498f647c docs: fix Kernel Self Protection Project (KSPP) references
- 0ec75463e docs: make Talos 1.8 current release
- 9b77698cf fix: update blockdevice library to v2.0.2
- e46227ab9 docs: fix kubespan name inconsistency
- 6b15ca19c fix: audit and fix cgroup reservations
- 32b5d01ed chore: bump lvm2
- 6484581eb feat: allow /sbin/ldconfig in extensions
- 9fa08e843 chore: refactor tests
- d8ab4981b feat: support lvm auto activation
- 8166a58b3 fix: filter out non-printable characters in process line
- 806b6aaf5 docs: add SECURITY.md
- 7bd26df30 docs: document
/dev/net/tun
compatibility - 18daedb51 fix: strategic merge patch delete for map keys
- f3370529a docs: correct typo
- 8d6884a8e test: add a test for inline machine config trusted roots
- d4a6d017d fix: ignore invalid NTP responses
- 869f8379f feat: update default Kubernetes version to 1.31.1
- 780a1f198 fix: update CoreDNS health check
- 79cd03158 chore: account for resource sorting in dns upstream resource
- e17fafaca chore: drop
activateLogicalVolumes
sequencer step - a294b366f fix: parse SideroLink API endpoint correctly
- a9269ac7b fix: remove extra logging on ethtool ioctl failures
- 5c6277d17 feat: update etcd to 3.5.16
- c1ed2984b docs: add what's new for Talos 1.8
Changes from siderolabs/crypto
Changes from siderolabs/discovery-client
Changes from siderolabs/extras
2 commits
- siderolabs/extras@eab6e58 feat: update dependencies
- siderolabs/extras@1459d78 feat: update pkgs for 1.9
Changes from siderolabs/go-blockdevice
Changes from siderolabs/go-circular
Changes from siderolabs/go-kubernetes
Changes from siderolabs/grpc-proxy
2 commits
- siderolabs/grpc-proxy@de1c628 fix: copy data from big frame msg
- siderolabs/grpc-proxy@ef47ec7 chore: upgrade Codec implementations and usages to Codec2
Changes from siderolabs/pkgs
25 commits
- siderolabs/pkgs@be92da0 feat: update Linux to 6.6.57, update Linux firmware
- siderolabs/pkgs@0b67a13 feat: bump dependencies
- siderolabs/pkgs@dd5f928 feat: update Linux 6.6.56 and protect /proc/mem
- siderolabs/pkgs@b1bf972 feat: enable CONFIG_XFRM_STATISTICS
- siderolabs/pkgs@c63beae feat: update Linux to 6.6.54
- siderolabs/pkgs@f474a55 fix: libselinux: support running without /etc/selinux
- siderolabs/pkgs@ba0341e fix: systemd-udevd: search for config in /usr/etc
- siderolabs/pkgs@2b193f1 feat: add lpfc kernel module
- siderolabs/pkgs@1adb946 feat: enable QEDF driver
- siderolabs/pkgs@dbbe3d0 feat: update containerd to v2.0.0-rc.5
- siderolabs/pkgs@f19590e feat: update Go to 1.23.2
- siderolabs/pkgs@e2a561f fix: drop the LVM2 udev lvm rule
- siderolabs/pkgs@ae205aa fix: force LVM to use
/run
as state directory - siderolabs/pkgs@232a153 feat: replace eudev with systemd-udevd
- siderolabs/pkgs@40fb82a feat: add libselinux, libsepol, pcre2 and libcap
- siderolabs/pkgs@6f40fbb feat: update xfsprogs 6.10.1
- siderolabs/pkgs@a1709c7 feat: enable module unloading and memory hotplug (for NVIDIA UVM)
- siderolabs/pkgs@2c5785b feat: enable transparent huge pages in madvise mode
- siderolabs/pkgs@ca2e8c8 fix: lvm2 modprobe path
- siderolabs/pkgs@6b334a6 feat: update Linux to 6.6.52
- siderolabs/pkgs@e90ae7e feat: update Linux firmware to 20240909
- siderolabs/pkgs@79a4f92 feat: enable INET_DIAG
- siderolabs/pkgs@c9f7eb9 feat: update Linux to 6.6.51
- siderolabs/pkgs@126b6a4 fix: add mpt3sas UBSAN patches
- siderolabs/pkgs@a09bf93 chore: drop UBSAN patch
Changes from siderolabs/proto-codec
3 commits
- siderolabs/proto-codec@0d84c65 chore: add support for gogo protobuf generator
- siderolabs/proto-codec@19f8d2e chore: add kres
- siderolabs/proto-codec@e038bb4 Initial commit
Changes from siderolabs/siderolink
Changes from siderolabs/tools
5 commits
- siderolabs/tools@2058296 feat: bump dependencies
- siderolabs/tools@1151610 feat: update ...
v1.8.1
Talos 1.8.1 (2024-10-08)
Welcome to the v1.8.1 release of Talos!
Starting with Talos v1.8.0, only standard assets would be published as github release assets. These include:
cloud-images.json
talosctl
binarieskernel
initramfs
metal
iso and disk imagestalosctl-cni-bundle
All other release assets can be downloaded from Image Factory.
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Component Updates
Linux: 6.6.54
containerd: 2.0.0-rc.5
Flannel: 0.25.7
Talos is built with Go 1.22.8.
Contributors
- Andrey Smirnov
- Hexoplon
- ekarlso
Changes
16 commits
- 477752fe6 release(v1.8.1): prepare release
- 362c9f812 test: skip lvm test if not enough user disks available
- 79305007f chore: checkout extensions from release-1.8, not main
- f6d630624 fix: wipe system partitions correctly via kernel args
- 4d279c65f fix: volume encryption with failing keyslots
- 070defad1 fix: update grpc-go the latest patch release
- a2d12fd7b feat: update Flannel to v0.25.7
- e2f560b96 feat: bring in lpfc kernel module driver
- 788336afb feat: enable QEDF driver
- e4341fa66 fix: make /var/run empty on reboots
- 66228ef10 fix: multiple fixes for LVM activation
- 5f4515f30 fix: prevent file descriptors leaks to child processes
- a55103ee6 chore: ignore more plugins for system containerd
- ffcdc0bb7 fix: build talosctl without
tcell_minimal
- d29f66079 feat: add support for CI Network config in nocloud
- 01e580bdd feat: update Go 1.22.8, Linux, pkgs
Changes from siderolabs/pkgs
8 commits
- siderolabs/pkgs@71d23b4 feat: update Linux to 6.6.54
- siderolabs/pkgs@8906a9b feat: add lpfc kernel module
- siderolabs/pkgs@3c57dff feat: enable QEDF driver
- siderolabs/pkgs@1ecbd58 feat: update containerd to v2.0.0-rc.5
- siderolabs/pkgs@47dff98 fix: drop the LVM2 udev lvm rule
- siderolabs/pkgs@480d765 fix: force LVM to use
/run
as state directory - siderolabs/pkgs@c663212 feat: enable transparent huge pages in madvise mode
- siderolabs/pkgs@832f11b feat: update Go to 1.22.8
Changes from siderolabs/tools
Dependency Changes
- github.com/klauspost/compress v1.17.9 -> v1.17.10
- github.com/siderolabs/go-blockdevice/v2 v2.0.2 -> v2.0.3
- github.com/siderolabs/pkgs v1.8.0-8-gdf1a1a5 -> v1.8.0-16-g71d23b4
- github.com/siderolabs/talos/pkg/machinery v1.8.0 -> v1.8.1
- github.com/siderolabs/tools v1.8.0-1-ga0c06c6 -> v1.8.0-2-g7719230
- google.golang.org/grpc v1.66.0 -> v1.66.3
Previous release can be found at v1.8.0
Images
ghcr.io/siderolabs/flannel:v0.25.7
registry.k8s.io/coredns/coredns:v1.11.3
gcr.io/etcd-development/etcd:v3.5.16
registry.k8s.io/kube-apiserver:v1.31.1
registry.k8s.io/kube-controller-manager:v1.31.1
registry.k8s.io/kube-scheduler:v1.31.1
registry.k8s.io/kube-proxy:v1.31.1
ghcr.io/siderolabs/kubelet:v1.31.1
ghcr.io/siderolabs/installer:v1.8.1
registry.k8s.io/pause:3.9
v1.7.7
Talos 1.7.7 (2024-09-26)
Welcome to the v1.7.7 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Component Updates
Linux: 6.6.52
Kubernetes: 1.30.5
containerd: 1.7.22
runc: 1.1.14
Talos is built with Go 1.22.7.
Contributors
- Andrey Smirnov
- Dmitriy Matrenichev
- Matthieu Mottet
- Mike Beaumont
- Noel Georgi
- Utku Ozdemir
Changes
12 commits
- 687940847 release(v1.7.7): prepare release
- e53eff902 fix: ignore invalid NTP responses
- 28b81b2b0 fix: report internally service as unhealthy if not running
- da5b526e5 fix: report errors correctly when pulling, fix EEXIST
- 1e4e5acfe chore: drop calico from interactive installer
- e6fd4e078 fix: merge extension service config files by
mountPath
- c95d1fee6 fix: add missing host/nvme-rdma
- 0bd287838 fix: bump go-smbios for broken SMIOS tables
- 63b59ebe4 fix: add NVMe target kernel modules
- d7b713679 fix: retry with another upstream if the previous failed
- c7f2da147 fix: fix graph diffs in dashboard when node aliases are used
- ae230db28 feat: update Linux 6.6.52, Kubernetes 1.30.3
Changes from siderolabs/go-smbios
2 commits
- siderolabs/go-smbios@e781237 fix: stop decoding without error if EOF encountered during header read
- siderolabs/go-smbios@6a719a6 chore: rekres, bump deps
Changes from siderolabs/pkgs
4 commits
- siderolabs/pkgs@868e459 chore: rekres
- siderolabs/pkgs@ed36e2e fix: add mpt3sas UBSAN patches
- siderolabs/pkgs@3bfb1b5 feat: update packages
- siderolabs/pkgs@a3ca3b5 feat: update runc to 1.1.14
Changes from siderolabs/tools
Dependency Changes
- github.com/containerd/containerd v1.7.16 -> v1.7.22
- github.com/containerd/containerd/api v1.7.19 new
- github.com/containerd/errdefs v0.1.0 new
- github.com/containerd/platforms v0.2.1 new
- github.com/siderolabs/go-smbios v0.3.2 -> v0.3.3
- github.com/siderolabs/pkgs v1.7.0-29-gf0c088f -> v1.7.0-33-g868e459
- github.com/siderolabs/talos/pkg/machinery v1.7.6 -> v1.7.7
- github.com/siderolabs/tools v1.7.0-4-gc844dc3 -> v1.7.0-5-gc936ce1
- k8s.io/api v0.30.3 -> v0.30.5
- k8s.io/apimachinery v0.30.3 -> v0.30.5
- k8s.io/apiserver v0.30.3 -> v0.30.5
- k8s.io/client-go v0.30.3 -> v0.30.5
- k8s.io/component-base v0.30.3 -> v0.30.5
- k8s.io/kube-scheduler v0.30.3 -> v0.30.5
- k8s.io/kubectl v0.30.3 -> v0.30.5
- k8s.io/kubelet v0.30.3 -> v0.30.5
- k8s.io/pod-security-admission v0.30.3 -> v0.30.5
Previous release can be found at v1.7.6
Images
ghcr.io/siderolabs/flannel:v0.25.3
ghcr.io/siderolabs/install-cni:v1.7.0-2-g7c627a8
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.13
registry.k8s.io/kube-apiserver:v1.30.5
registry.k8s.io/kube-controller-manager:v1.30.5
registry.k8s.io/kube-scheduler:v1.30.5
registry.k8s.io/kube-proxy:v1.30.5
ghcr.io/siderolabs/kubelet:v1.30.5
ghcr.io/siderolabs/installer:v1.7.7
registry.k8s.io/pause:3.8
v1.8.0
Talos 1.8.0 (2024-09-23)
Welcome to the v1.8.0 release of Talos!
Starting with Talos v1.8.0, only standard assets would be published as github release assets. These include:
cloud-images.json
talosctl
binarieskernel
initramfs
metal
iso and disk imagestalosctl-cni-bundle
All other release assets can be downloaded from Image Factory.
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Node Annotations
Talos Linux now supports configuring Kubernetes node annotations via machine configuration (.machine.nodeAnnotations
) in a way similar to node labels.
Workload Apparmor Profile
Talos Linux can now apply the default AppArmor profiles to all workloads started via containerd, if the machine is installed with the AppArmor LSM enforced via the extraKernelArgs.
Eg:
machine:
install:
extraKernelArgs:
- security=apparmor
Bridge Interface
Talos Linux now support configuring 'vlan_filtering' for bridge interfaces.
Machine Configuration via Kernel Command Line
Talos Linux supports supplying zstd-compressed, base64-encoded machine configuration small documents via the kernel command line parameter talos.config.inline
.
CNI Plugins
Talos Linux now bundles by default the following standard CNI plugins:
bridge
firewall
flannel
host-local
loopback
portmap
The Talos bundled Flannel manifest was simplified to remove the install-cni
step.
Accessing /dev/net/tun
in Kubernetes Pods
Talos Linux ships with runc
1.2, which drops legacy rule to expose /dev/net/tun
devices by default in the container.
If you need to access /dev/net/tun
in your Kubernetes pods (e.g. running Tailscale as a Kubernetes pod), you can add use device plugins to expose /dev/net/tun
to the pod.
Diagnostics
Talos Linux now shows diagnostics information for common problems related to misconfiguration via talosctl health
and Talos dashboard.
Disk Management
Talos Linux now supports configuration for the EPHEMERAL
volume.
Extensions in Kubernetes Nodes
Talos Linux now publishes list of installed extensions as Kubernetes node labels/annotations.
The key format is extensions.talos.dev/<name>
and the value is the extension version.
If the extension name is not valid as a label key, it will be skipped.
If the extension version is a valid label value, it will be put to the label; otherwise it will be put to the annotation.
For Talos machines booted of the Image Factory artifacts, this means that the schematic ID will be published as the annotation
extensions.talos.dev/schematic
(as it is longer than 63 characters).
DNS Forwarding for CoreDNS pods
Usage of the host DNS resolver as upstream for Kubernetes CoreDNS pods is now enabled by default. You can disable it
with:
machine:
features:
hostDNS:
enabled: true
forwardKubeDNSToHost: false
Please note that on running cluster you will have to kill CoreDNS pods for this change to apply.
The IP address used to forward DNS queries has changed to the fixed 169.254.116.108
address.
For those upgrading from Talos 1.7 with forwardKubeDNSToHost
enabled, the old Kubernetes service
can be cleaned up with kubectl delete -n kube-system service host-dns
.
Installer
Talos Linux installer now never wipes the system disk on upgrades, which means that the flag
--preserve
is always set for talosctl upgrade
.
talos.halt_if_installed
kernel argument
Starting with Talos 1.8, ISO's generated from Boot Assets would have a new kernel argument talos.halt_if_installed
which would pause the boot sequence until boot timeout if Talos is already installed on the disk.
ISO generated for pre 1.8 versions would not have this kernel argument.
This can be also explicitly enabled by setting talos.halt_if_installed=1
in kernel argument.
Slim Kubelet Image
Kubelet container image includes various utilities that kubelet might use to perform various tasks.
Starting with Kubernetes 1.31.0, kubelet
image now includes less utilities, as the in-tree CSI plugins were
removed in Kubernetes 1.31.0. This reduces kubelet
image size and potential attack surface.
For Kubernetes < 1.31.0, there will be two images built:
v1.x.y
(default, fat)v1.x.y-slim
(slim)
For Kubernetes >= 1.31.0, there will be same two images built, but the
default tag would point to slim image:
v1.x.y
(default, slim)v1.x.y-fat
(fat)
KubeSpan
Extra announced endpoints can be added using the KubespanEndpointsConfig
document.
Default Node Labels
Talos Linux on config generation now adds a label node.kubernetes.io/exclude-from-external-load-balancers
by default for the control plane nodes.
PCI Devices
A list of PCI devices can now be obtained via PCIDevices
resource, e.g. talosctl get pcidevices
.
Metal images
Starting with Talos 1.8, console=ttyS0
kernel argument is removed from the metal images and installer. If running virtualized in QEMU (For eg: Proxmox), this can be added as an extra kernel argument if needed via Image Factory or using Imager.
This should fix slow boot or no console output issues on most bare metal hardware.
NVIDIA GPU Support
Starting with Talos 1.8.0, SideroLabs would ships extensions for both LTS and Production versions of NVIDIA extensions.
For more details see the CHANGELOG of extensions.
Upgrades with an exisiting schematic id from Image Factory would keep the existing LTS version of the NVIDIA extension.
Removing parts of the configuration using $patch: delete
syntax
Talos Linux now supports removing parts of the configuration using the $patch: delete
syntax similar to the kubernetes.
More information can be found here.
Platform Support
Talos Linux now supports Apache CloudStack platform.
kube-proxy
Talos Linux configures kube-proxy >= v1.31.0 to use 'nftables' backend by default.
Secure Boot
Talos Linux now can optionally include well-known UEFI (Microsoft) SecureBoot keys into the auto-enrollment UEFI database.
Custom Trusted Roots
Talos Linux now supports adding custom trusted roots (CA certificates) via TrustedRootsConfig
configuration documents.
Device Extra Settle Timeout
Talos Linux now supports a kernel command line argument talos.device.settle_time=3m
to set the device extra settle timeout to workaround issues with broken drivers.
Component Updates
Kubernetes: 1.31.1
Linux: 6.6.52
containerd: 2.0.0-rc.4
runc: 1.2.0-rc.3
etcd: 3.5.16
Flannel: 0.25.6
Flannel CNI plugin: 1.5.1
CoreDNS: 1.1.13
Talos is built with Go 1.22.7.
ZSTD Compression
Talos Linux now compresses kernel and initramfs using ZSTD.
Linux arm64 kernel is now compressed (previously it was uncompressed).
Contributors
- Andrey Smirnov
- Dmitriy Matrenichev
- Noel Georgi
- Artem Chernyshev
- Utku Ozdemir
- Dmitry Sharshakov
- Justin Garrison
- Spencer Smith
- Steve Francis
- Bernard Gütermann
- Jean-Francois Roy
- Konrad Eriksson
- Serge Logvinov
- Tim Jones
- doctor_ew
- Amadeus Mader
- Andrew Rynhard
- Anthony ARNAUD
- Attila Oláh
- Birger J. Nordølum
- Caleb Woodbine
- Claus Albøge
- Daniel Höxtermann
- David Birks
- Dean
- Dennis Marttinen
- Eddie Zaneski
- Enrique Hernández Bello
- EricMa
- Evan Johnson
- Fabian Topfstedt
- Florian Ströger
- Fredrik Lundhag
- George Gaál
- Grzegorz Rozniecki
- Grzegorz Rożniecki
- Igor Rzegocki
- Josia Scheytt
- Judah Rand
- Marcel Richter
- Marco Franssen
- Marcus Förster
- Matthias Riegler
- Matthieu Mottet
- Maxime Brunet
- Michael Trip
- Mike Beaumont
- Nick Meyer
- Nicklas Frahm
- Ole-Magnus Sæther
- Roman Ivanov
- Ron Olson
- Saravanan G
- Simon-Boyer
- Skyler Mäntysaari
- Steve Fan
- Steve Martinelli
- Steven Fackler
- Syoc
- USBAkimbo
- Will Bush
- cryptk
- darox
- dhaines-quera
- leppeK
- looklose
Changes
318 commits
- 5cc935f74 release(v1.8.0): prepare release
- ec32f44c3 test: bump resources for Rook/Ceph test
- 8fb2f24b4 fix: update blockdevice library to v2.0.2
- 4c7948bb4 chore: better lvm2 tests
- 882582a8e docs: fix kubespan name inconsistency
- f136c031c feat: update pkgs
- 67ba47825 chore: refactor tests
- 920d8c829 fix: audit and fix cgroup reservations
- c8dedbe11 fix: filter out non-printable characters in process line
- 70d3c91fb feat: support lvm auto activation
- 4d44677f4 docs: document
/dev/net/tun
compatibility - 32076935f fix: strategic merge patch delete for map keys
- 7478db75a release(v1.8.0-beta.1): prepare release
- a43e7247b feat: update Linux to 6.6.51
- bd9167512 test: add a test for inline machine config trusted roots
- siderolabs/talos@...
v1.8.0-beta.1
Talos 1.8.0-beta.1 (2024-09-16)
Welcome to the v1.8.0-beta.1 release of Talos!
This is a pre-release of Talos
Starting with Talos v1.8.0, only standard assets would be published as github release assets. These include:
cloud-images.json
talosctl
binarieskernel
initramfs
metal
iso and disk imagestalosctl-cni-bundle
All other release assets can be downloaded from Image Factory.
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Node Annotations
Talos Linux now supports configuring Kubernetes node annotations via machine configuration (.machine.nodeAnnotations
) in a way similar to node labels.
Workload Apparmor Profile
Talos Linux can now apply the default AppArmor profiles to all workloads started via containerd, if the machine is installed with the AppArmor LSM enforced via the extraKernelArgs.
Eg:
machine:
install:
extraKernelArgs:
- security=apparmor
Bridge Interface
Talos Linux now support configuring 'vlan_filtering' for bridge interfaces.
Machine Configuration via Kernel Command Line
Talos Linux supports supplying zstd-compressed, base64-encoded machine configuration small documents via the kernel command line parameter talos.config.inline
.
CNI Plugins
Talos Linux now bundles by default the following standard CNI plugins:
bridge
firewall
flannel
host-local
loopback
portmap
The Talos bundled Flannel manifest was simplified to remove the install-cni
step.
Diagnostics
Talos Linux now shows diagnostics information for common problems related to misconfiguration via talosctl health
and Talos dashboard.
Disk Management
Talos Linux now supports configuration for the EPHEMERAL
volume.
Extensions in Kubernetes Nodes
Talos Linux now publishes list of installed extensions as Kubernetes node labels/annotations.
The key format is extensions.talos.dev/<name>
and the value is the extension version.
If the extension name is not valid as a label key, it will be skipped.
If the extension version is a valid label value, it will be put to the label; otherwise it will be put to the annotation.
For Talos machines booted of the Image Factory artifacts, this means that the schematic ID will be published as the annotation
extensions.talos.dev/schematic
(as it is longer than 63 characters).
DNS Forwarding for CoreDNS pods
Usage of the host DNS resolver as upstream for Kubernetes CoreDNS pods is now enabled by default. You can disable it
with:
machine:
features:
hostDNS:
enabled: true
forwardKubeDNSToHost: false
Please note that on running cluster you will have to kill CoreDNS pods for this change to apply.
The IP address used to forward DNS queries has changed to the fixed 169.254.116.108
address.
For those upgrading from Talos 1.7 with forwardKubeDNSToHost
enabled, the old Kubernetes service
can be cleaned up with kubectl delete -n kube-system service host-dns
.
Installer
Talos Linux installer now never wipes the system disk on upgrades, which means that the flag
--preserve
is always set for talosctl upgrade
.
talos.halt_if_installed
kernel argument
Starting with Talos 1.8, ISO's generated from Boot Assets would have a new kernel argument talos.halt_if_installed
which would pause the boot sequence until boot timeout if Talos is already installed on the disk.
ISO generated for pre 1.8 versions would not have this kernel argument.
This can be also explicitly enabled by setting talos.halt_if_installed=1
in kernel argument.
Slim Kubelet Image
Kubelet container image includes various utilities that kubelet might use to perform various tasks.
Starting with Kubernetes 1.31.0, kubelet
image now includes less utilities, as the in-tree CSI plugins were
removed in Kubernetes 1.31.0. This reduces kubelet
image size and potential attack surface.
For Kubernetes < 1.31.0, there will be two images built:
v1.x.y
(default, fat)v1.x.y-slim
(slim)
For Kubernetes >= 1.31.0, there will be same two images built, but the
default tag would point to slim image:
v1.x.y
(default, slim)v1.x.y-fat
(fat)
KubeSpan
Extra announced endpoints can be added using the KubespanEndpointsConfig
document.
Default Node Labels
Talos Linux on config generation now adds a label node.kubernetes.io/exclude-from-external-load-balancers
by default for the control plane nodes.
PCI Devices
A list of PCI devices can now be obtained via PCIDevices
resource, e.g. talosctl get pcidevices
.
Metal images
Starting with Talos 1.8, console=ttyS0
kernel argument is removed from the metal images and installer. If running virtualized in QEMU (For eg: Proxmox), this can be added as an extra kernel argument if needed via Image Factory or using Imager.
This should fix slow boot or no console output issues on most bare metal hardware.
NVIDIA GPU Support
Starting with Talos 1.8.0, SideroLabs would ships extensions for both LTS and Production versions of NVIDIA extensions.
For more details see the CHANGELOG of extensions.
Upgrades with an exisiting schematic id from Image Factory would keep the existing LTS version of the NVIDIA extension.
Removing parts of the configuration using $patch: delete
syntax
Talos Linux now supports removing parts of the configuration using the $patch: delete
syntax similar to the kubernetes.
More information can be found here.
Platform Support
Talos Linux now supports Apache CloudStack platform.
kube-proxy
Talos Linux configures kube-proxy >= v1.31.0 to use 'nftables' backend by default.
Secure Boot
Talos Linux now can optionally include well-known UEFI (Microsoft) SecureBoot keys into the auto-enrollment UEFI database.
Custom Trusted Roots
Talos Linux now supports adding custom trusted roots (CA certificates) via TrustedRootsConfig
configuration documents.
Device Extra Settle Timeout
Talos Linux now supports a kernel command line argument talos.device.settle_time=3m
to set the device extra settle timeout to workaround issues with broken drivers.
Component Updates
Kubernetes: 1.31.1
Linux: 6.6.51
containerd: 2.0.0-rc.4
runc: 1.2.0-rc.3
etcd: 3.5.16
Flannel: 0.25.6
Flannel CNI plugin: 1.5.1
CoreDNS: 1.1.13
Talos is built with Go 1.22.7.
ZSTD Compression
Talos Linux now compresses kernel and initramfs using ZSTD.
Linux arm64 kernel is now compressed (previously it was uncompressed).
Contributors
- Andrey Smirnov
- Dmitriy Matrenichev
- Noel Georgi
- Artem Chernyshev
- Utku Ozdemir
- Dmitry Sharshakov
- Justin Garrison
- Spencer Smith
- Steve Francis
- Bernard Gütermann
- Jean-Francois Roy
- Konrad Eriksson
- Serge Logvinov
- doctor_ew
- Amadeus Mader
- Andrew Rynhard
- Anthony ARNAUD
- Attila Oláh
- Birger J. Nordølum
- Caleb Woodbine
- Claus Albøge
- Daniel Höxtermann
- David Birks
- Dean
- Dennis Marttinen
- Eddie Zaneski
- Enrique Hernández Bello
- EricMa
- Evan Johnson
- Fabian Topfstedt
- Fredrik Lundhag
- George Gaál
- Grzegorz Rozniecki
- Grzegorz Rożniecki
- Igor Rzegocki
- Josia Scheytt
- Judah Rand
- Marcel Richter
- Marco Franssen
- Marcus Förster
- Matthias Riegler
- Matthieu Mottet
- Maxime Brunet
- Michael Trip
- Mike Beaumont
- Nick Meyer
- Nicklas Frahm
- Ole-Magnus Sæther
- Roman Ivanov
- Ron Olson
- Saravanan G
- Simon-Boyer
- Skyler Mäntysaari
- Steve Fan
- Steve Martinelli
- Steven Fackler
- Syoc
- Tim Jones
- USBAkimbo
- Will Bush
- cryptk
- darox
- dhaines-quera
- leppeK
- looklose
Changes
306 commits
- 7478db75a release(v1.8.0-beta.1): prepare release
- a43e7247b feat: update Linux to 6.6.51
- bd9167512 test: add a test for inline machine config trusted roots
- 073ba2585 feat: update default Kubernetes version to 1.31.1
- 815e4bae8 fix: ignore invalid NTP responses
- cdabb7bcf fix: update CoreDNS health check
- a159ea9cc chore: account for resource sorting in dns upstream resource
- c030eef15 fix: parse SideroLink API endpoint correctly
- c37234643 chore: drop
activateLogicalVolumes
sequencer step - 9e60f1708 fix: remove extra logging on ethtool ioctl failures
- 5eb5ff532 feat: update etcd to 3.5.16
- 51b91d64e release(v1.8.0-beta.0): prepare release
- 899f1b900 feat: implement "$patch: delete" logic
- 545f75fd7 feat: acquire machine config inline from kernel cmdline
- 361283401 chore: version specific kube-scheduler health checks
- d64ce44e4 chore(ci): e2e gcp
- cd7c68266 chore: disallow duplicate documents on decoder level
- bcaf63628 feat: update dependencies
- dd4185b14 feat: add KubeSpan extra endpoint configuration
- 3038ccfa8 feat: add configuration for EPHEMERAL volume
- siderolabs/talos@f...
v1.8.0-beta.0
Talos 1.8.0-beta.0 (2024-09-09)
Welcome to the v1.8.0-beta.0 release of Talos!
This is a pre-release of Talos
Starting with Talos v1.8.0, only standard assets would be published as github release assets. These include:
cloud-images.json
talosctl
binarieskernel
initramfs
metal
iso and disk imagestalosctl-cni-bundle
All other release assets can be downloaded from Image Factory.
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Node Annotations
Talos Linux now supports configuring Kubernetes node annotations via machine configuration (.machine.nodeAnnotations
) in a way similar to node labels.
Workload Apparmor Profile
Talos Linux can now apply the default AppArmor profiles to all workloads started via containerd, if the machine is installed with the AppArmor LSM enforced via the extraKernelArgs.
Eg:
machine:
install:
extraKernelArgs:
- security=apparmor
Bridge Interface
Talos Linux now support configuring 'vlan_filtering' for bridge interfaces.
Machine Configuration via Kernel Command Line
Talos Linux supports supplying zstd-compressed, base64-encoded machine configuration small documents via the kernel command line parameter talos.config.inline
.
CNI Plugins
Talos Linux now bundles by default the following standard CNI plugins:
bridge
firewall
flannel
host-local
loopback
portmap
The Talos bundled Flannel manifest was simplified to remove the install-cni
step.
Diagnostics
Talos Linux now shows diagnostics information for common problems related to misconfiguration via talosctl health
and Talos dashboard.
Disk Management
Talos Linux now supports configuration for the EPHEMERAL
volume.
Extensions in Kubernetes Nodes
Talos Linux now publishes list of installed extensions as Kubernetes node labels/annotations.
The key format is extensions.talos.dev/<name>
and the value is the extension version.
If the extension name is not valid as a label key, it will be skipped.
If the extension version is a valid label value, it will be put to the label; otherwise it will be put to the annotation.
For Talos machines booted of the Image Factory artifacts, this means that the schematic ID will be published as the annotation
extensions.talos.dev/schematic
(as it is longer than 63 characters).
DNS Forwarding for CoreDNS pods
Usage of the host DNS resolver as upstream for Kubernetes CoreDNS pods is now enabled by default. You can disable it
with:
machine:
features:
hostDNS:
enabled: true
forwardKubeDNSToHost: false
Please note that on running cluster you will have to kill CoreDNS pods for this change to apply.
The IP address used to forward DNS queries has changed to the fixed 169.254.116.108
address.
For those upgrading from Talos 1.7 with forwardKubeDNSToHost
enabled, the old Kubernetes service
can be cleaned up with kubectl delete -n kube-system service host-dns
.
Installer
Talos Linux installer now never wipes the system disk on upgrades, which means that the flag
--preserve
is always set for talosctl upgrade
.
talos.halt_if_installed
kernel argument
Starting with Talos 1.8, ISO's generated from Boot Assets would have a new kernel argument talos.halt_if_installed
which would pause the boot sequence until boot timeout if Talos is already installed on the disk.
ISO generated for pre 1.8 versions would not have this kernel argument.
This can be also explicitly enabled by setting talos.halt_if_installed=1
in kernel argument.
Slim Kubelet Image
Kubelet container image includes various utilities that kubelet might use to perform various tasks.
Starting with Kubernetes 1.31.0, kubelet
image now includes less utilities, as the in-tree CSI plugins were
removed in Kubernetes 1.31.0. This reduces kubelet
image size and potential attack surface.
For Kubernetes < 1.31.0, there will be two images built:
v1.x.y
(default, fat)v1.x.y-slim
(slim)
For Kubernetes >= 1.31.0, there will be same two images built, but the
default tag would point to slim image:
v1.x.y
(default, slim)v1.x.y-fat
(fat)
KubeSpan
Extra announced endpoints can be added using the KubespanEndpointsConfig
document.
Default Node Labels
Talos Linux on config generation now adds a label node.kubernetes.io/exclude-from-external-load-balancers
by default for the control plane nodes.
PCI Devices
A list of PCI devices can now be obtained via PCIDevices
resource, e.g. talosctl get pcidevices
.
Metal images
Starting with Talos 1.8, console=ttyS0
kernel argument is removed from the metal images and installer. If running virtualized in QEMU (For eg: Proxmox), this can be added as an extra kernel argument if needed via Image Factory or using Imager.
This should fix slow boot or no console output issues on most bare metal hardware.
NVIDIA GPU Support
Starting with Talos 1.8.0, SideroLabs would ships extensions for both LTS and Production versions of NVIDIA extensions.
For more details see the CHANGELOG of extensions.
Upgrades with an exisiting schematic id from Image Factory would keep the existing LTS version of the NVIDIA extension.
Removing parts of the configuration using $patch: delete
syntax
Talos Linux now supports removing parts of the configuration using the $patch: delete
syntax similar to the kubernetes.
More information can be found here.
Platform Support
Talos Linux now supports Apache CloudStack platform.
kube-proxy
Talos Linux configures kube-proxy >= v1.31.0 to use 'nftables' backend by default.
Secure Boot
Talos Linux now can optionally include well-known UEFI (Microsoft) SecureBoot keys into the auto-enrollment UEFI database.
Custom Trusted Roots
Talos Linux now supports adding custom trusted roots (CA certificates) via TrustedRootsConfig
configuration documents.
Device Extra Settle Timeout
Talos Linux now supports a kernel command line argument talos.device.settle_time=3m
to set the device extra settle timeout to workaround issues with broken drivers.
Component Updates
Kubernetes: 1.31.0
Linux: 6.6.49
containerd: 2.0.0-rc.4
runc: 1.2.0-rc.3
etcd: 3.5.15
Flannel: 0.25.6
Flannel CNI plugin: 1.5.1
CoreDNS: 1.1.13
Talos is built with Go 1.22.7.
ZSTD Compression
Talos Linux now compresses kernel and initramfs using ZSTD.
Linux arm64 kernel is now compressed (previously it was uncompressed).
Contributors
- Andrey Smirnov
- Dmitriy Matrenichev
- Noel Georgi
- Artem Chernyshev
- Utku Ozdemir
- Dmitry Sharshakov
- Justin Garrison
- Spencer Smith
- Steve Francis
- Bernard Gütermann
- Jean-Francois Roy
- Konrad Eriksson
- Serge Logvinov
- doctor_ew
- Amadeus Mader
- Andrew Rynhard
- Anthony ARNAUD
- Attila Oláh
- Birger J. Nordølum
- Caleb Woodbine
- Claus Albøge
- Daniel Höxtermann
- David Birks
- Dean
- Dennis Marttinen
- Eddie Zaneski
- Enrique Hernández Bello
- EricMa
- Evan Johnson
- Fabian Topfstedt
- Fredrik Lundhag
- George Gaál
- Grzegorz Rozniecki
- Grzegorz Rożniecki
- Igor Rzegocki
- Josia Scheytt
- Judah Rand
- Marcel Richter
- Marco Franssen
- Marcus Förster
- Matthias Riegler
- Matthieu Mottet
- Maxime Brunet
- Michael Trip
- Mike Beaumont
- Nick Meyer
- Nicklas Frahm
- Ole-Magnus Sæther
- Roman Ivanov
- Ron Olson
- Saravanan G
- Simon-Boyer
- Skyler Mäntysaari
- Steve Fan
- Steve Martinelli
- Steven Fackler
- Syoc
- Tim Jones
- USBAkimbo
- Will Bush
- cryptk
- darox
- dhaines-quera
- leppeK
- looklose
Changes
295 commits
- 51b91d64e release(v1.8.0-beta.0): prepare release
- 899f1b900 feat: implement "$patch: delete" logic
- 545f75fd7 feat: acquire machine config inline from kernel cmdline
- 361283401 chore: version specific kube-scheduler health checks
- d64ce44e4 chore(ci): e2e gcp
- cd7c68266 chore: disallow duplicate documents on decoder level
- bcaf63628 feat: update dependencies
- dd4185b14 feat: add KubeSpan extra endpoint configuration
- 3038ccfa8 feat: add configuration for EPHEMERAL volume
- faffa4c3f fix: never unarchive initramfs when loading boot assets in talosctl
- 07b91797c fix: report internally service as unhealthy if not running
- bc8bf9e8a feat: update Linux 6.6.49
- 7edcbbb83 chore: support gcp in cloud-image-uploader
- 0a870200e chore: remove matrix links from docs
- db6ef1ee9 test: update Talos versions in Image Factory tests
- ec3844c46 release(v1.8.0-alpha.2): prepare release
- 6f7c3a8e5 fix: build of talosctl on non-Linux arches
- f0a59cec7 release(v1.8.0-alpha.2): prepare release
- c8aed3be4 fix: correctly add console args for ttyS0
- b453385bd feat: support volume configuration, provisioning, e...
v1.8.0-alpha.2
Talos 1.8.0-alpha.2 (2024-09-02)
Welcome to the v1.8.0-alpha.2 release of Talos!
This is a pre-release of Talos
Starting with Talos v1.8.0, only standard assets would be published as github release assets. These include:
cloud-images.json
talosctl
binarieskernel
initramfs
metal
iso and disk imagestalosctl-cni-bundle
All other release assets can be downloaded from Image Factory.
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Node Annotations
Talos Linux now supports configuring Kubernetes node annotations via machine configuration (.machine.nodeAnnotations
) in a way similar to node labels.
Workload Apparmor Profile
Talos Linux can now apply the default AppArmor profiles to all workloads started via containerd, if the machine is installed with the AppArmor LSM enforced via the extraKernelArgs.
Eg:
machine:
install:
extraKernelArgs:
- security=apparmor
Bridge Interface
Talos Linux now support configuring 'vlan_filtering' for bridge interfaces.
CNI Plugins
Talos Linux now bundles by default the following standard CNI plugins:
bridge
firewall
flannel
host-local
loopback
portmap
The Talos bundled Flannel manifest was simplified to remove the install-cni
step.
Diagnostics
Talos Linux now shows diagnostics information for common problems related to misconfiguration via talosctl health
and Talos dashboard.
Extensions in Kubernetes Nodes
Talos Linux now publishes list of installed extensions as Kubernetes node labels/annotations.
The key format is extensions.talos.dev/<name>
and the value is the extension version.
If the extension name is not valid as a label key, it will be skipped.
If the extension version is a valid label value, it will be put to the label; otherwise it will be put to the annotation.
For Talos machines booted of the Image Factory artifacts, this means that the schematic ID will be published as the annotation
extensions.talos.dev/schematic
(as it is longer than 63 characters).
DNS Forwarding for CoreDNS pods
Usage of the host DNS resolver as upstream for Kubernetes CoreDNS pods is now enabled by default. You can disable it
with:
machine:
features:
hostDNS:
enabled: true
forwardKubeDNSToHost: false
Please note that on running cluster you will have to kill CoreDNS pods for this change to apply.
The IP address used to forward DNS queries has changed to the fixed 169.254.116.108
address.
For those upgrading from Talos 1.7 with forwardKubeDNSToHost
enabled, the old Kubernetes service
can be cleaned up with kubectl delete -n kube-system service host-dns
.
Installer
Talos Linux installer now never wipes the system disk on upgrades, which means that the flag
--preserve
is always set for talosctl upgrade
.
talos.halt_if_installed
kernel argument
Starting with Talos 1.8, ISO's generated from Boot Assets would have a new kernel argument talos.halt_if_installed
which would pause the boot sequence until boot timeout if Talos is already installed on the disk.
ISO generated for pre 1.8 versions would not have this kernel argument.
This can be also explicitly enabled by setting talos.halt_if_installed=1
in kernel argument.
Slim Kubelet Image
Kubelet container image includes various utilities that kubelet might use to perform various tasks.
Starting with Kubernetes 1.31.0, kubelet
image now includes less utilities, as the in-tree CSI plugins were
removed in Kubernetes 1.31.0. This reduces kubelet
image size and potential attack surface.
For Kubernetes < 1.31.0, there will be two images built:
v1.x.y
(default, fat)v1.x.y-slim
(slim)
For Kubernetes >= 1.31.0, there will be same two images built, but the
default tag would point to slim image:
v1.x.y
(default, slim)v1.x.y-fat
(fat)
Default Node Labels
Talos Linux on config generation now adds a label node.kubernetes.io/exclude-from-external-load-balancers
by default for the control plane nodes.
PCI Devices
A list of PCI devices can now be obtained via PCIDevices
resource, e.g. talosctl get pcidevices
.
Metal images
Starting with Talos 1.8, console=ttyS0
kernel argument is removed from the metal images and installer. If running virtualized in QEMU (For eg: Proxmox), this can be added as an extra kernel argument if needed via Image Factory or using Imager.
This should fix slow boot or no console output issues on most bare metal hardware.
NVIDIA GPU Support
Starting with Talos 1.8.0, SideroLabs would ships extensions for both LTS and Production versions of NVIDIA extensions.
For more details see the CHANGELOG of extensions.
Upgrades with an exisiting schematic id from Image Factory would keep the existing LTS version of the NVIDIA extension.
Platform Support
Talos Linux now supports Apache CloudStack platform.
kube-proxy
Talos Linux configures kube-proxy >= v1.31.0 to use 'nftables' backend by default.
Secure Boot
Talos Linux now can optionally include well-known UEFI (Microsoft) SecureBoot keys into the auto-enrollment UEFI database.
Custom Trusted Roots
Talos Linux now supports adding custom trusted roots (CA certificates) via TrustedRootsConfig
configuration documents.
Device Extra Settle Timeout
Talos Linux now supports a kernel command line argument talos.device.settle_time=3m
to set the device extra settle timeout to workaround issues with broken drivers.
Component Updates
Kubernetes: 1.31.0
Linux: 6.6.47
containerd: 2.0.0-rc.4
runc: 1.2.0-rc.2
etcd: 3.5.15
Flannel: 0.25.6
Flannel CNI plugin: 1.5.1
CoreDNS: 1.1.13
Talos is built with Go 1.22.6.
ZSTD Compression
Talos Linux now compresses kernel and initramfs using ZSTD.
Linux arm64 kernel is now compressed (previously it was uncompressed).
Contributors
- Andrey Smirnov
- Dmitriy Matrenichev
- Noel Georgi
- Utku Ozdemir
- Artem Chernyshev
- Dmitry Sharshakov
- Justin Garrison
- Spencer Smith
- Steve Francis
- Bernard Gütermann
- Jean-Francois Roy
- Konrad Eriksson
- Serge Logvinov
- doctor_ew
- Amadeus Mader
- Andrew Rynhard
- Anthony ARNAUD
- Attila Oláh
- Birger J. Nordølum
- Caleb Woodbine
- Claus Albøge
- Daniel Höxtermann
- David Birks
- Dean
- Dennis Marttinen
- Eddie Zaneski
- Enrique Hernández Bello
- EricMa
- Evan Johnson
- Fabian Topfstedt
- Fredrik Lundhag
- George Gaál
- Grzegorz Rozniecki
- Grzegorz Rożniecki
- Igor Rzegocki
- Josia Scheytt
- Judah Rand
- Marcel Richter
- Marco Franssen
- Marcus Förster
- Matthias Riegler
- Matthieu Mottet
- Maxime Brunet
- Michael Trip
- Mike Beaumont
- Nick Meyer
- Nicklas Frahm
- Ole-Magnus Sæther
- Roman Ivanov
- Ron Olson
- Saravanan G
- Simon-Boyer
- Skyler Mäntysaari
- Steve Fan
- Steve Martinelli
- Steven Fackler
- Syoc
- Tim Jones
- USBAkimbo
- Will Bush
- cryptk
- darox
- dhaines-quera
- leppeK
- looklose
Changes
280 commits
- ec3844c46 release(v1.8.0-alpha.2): prepare release
- 6f7c3a8e5 fix: build of talosctl on non-Linux arches
- f0a59cec7 release(v1.8.0-alpha.2): prepare release
- c8aed3be4 fix: correctly add console args for ttyS0
- b453385bd feat: support volume configuration, provisioning, etc
- b6b16b35f chore: pause sequencer when talos installed and iso booted
- eade0a9f2 chore: bring in
uio
modules - 81f9fcd9c fix: report errors correctly when pulling, fix EEXIST
- b309e87b4 docs: fix invalid input in field user_data
- c7474877a docs: kubeProxyReplacement from "disabled" to "false"
- be2ebf6b4 chore: bump dependencies
- 88601bff4 chore: drop calico from interactive installer
- 106c17d0b chore: aarch64 qemu local secureboot support
- da6263506 feat: update Flannel to v0.25.6
- 19a44c2b0 chore: drop console
ttyS0
argument - 75cecb421 feat: add Apache Cloudstack support
- 951cf66fd feat: add Cisco fnic driver
- 2d3bc94bf fix(ci): fix broken tests
- a9551b7ca fix: host DNS access with firewall enabled
- 4834a61a8 feat: report SELinux labels
- 8fe39eacb chore: move csi tests as go test
- e4f8cb854 fix: merge extension service config files by
mountPath
- 5ba1df469 chore: add java package to protos
- 823480800 fix: add missing host/nvme-rdma
- 5b4b64979 fix: bump go-smbios for broken SMIOS tables
- f57d1f07e fix: add NVMe target kernel modules
- 5ff6cf82c fix: drop /opt mount for containers/tink
- 3c0db34d8 docs: update kubespan docs
- 3041d9075 fix: always handle
PermissionDenied
in dashboard resource watches - 36f83eea9 chore: make qemu check flag consistent with code
- fe52cb074 chore: update protoc-gen-doc
- ee4290f68 fix: bind HostDNS to 169.254.x link-local address
- c312a46f6 chore: restructure k8s component health checks
- e193e7db9 docs: fix incorrect path...