Skip to content

Releases: siderolabs/talos

v1.8.3

13 Nov 16:03
v1.8.3
6494ace
Compare
Choose a tag to compare

Talos 1.8.3 (2024-11-13)

Welcome to the v1.8.3 release of Talos!

Starting with Talos v1.8.0, only standard assets would be published as github release assets. These include:

  • cloud-images.json
  • talosctl binaries
  • kernel
  • initramfs
  • metal iso and disk images
  • talosctl-cni-bundle

All other release assets can be downloaded from Image Factory.

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.6.60
containerd: 2.0.0
runc: 1.2.1

Talos is built with Go 1.22.9.

Contributors

  • Andrey Smirnov
  • blablu
  • Dmitry Sharshakov
  • Joakim Nohlgård
  • Noel Georgi
  • Remko Molier
  • Sam Stelfox

Changes

15 commits

  • 6494aced3 release(v1.8.3): prepare release
  • 01c9f4584 fix: arch linux search paths and names for QEMU provisioner
  • 8b5c5f108 chore: fix nil pointer dereference in AWS uploader
  • fbf85dd0d fix: install disk matcher error
  • ff3fccea9 feat: add dm-cache dm-cache-smq kernel modules
  • 6d872e41c feat: allow extra mounts for docker-based talosctl cluster create
  • 8c193c8b1 fix: update permissions for logging directories in /var
  • 5044a410c fix: mount /sys/kernel/security conditionally
  • 83abb6644 fix: make route normalization keep family
  • 228a94387 fix: do not trim 0 from process SELinux label
  • d4a3a2b62 fix: prevent panic in nocloud platform code
  • 5c7b02d7e fix: update the CRI sandbox image reference
  • f8155c40d feat: add parsing of vlanNNNN:ethX style VLAN cmdline args
  • ea19f157f fix: generation of SecureBoot iso
  • fddaa60e2 feat: update Linux, runc, containerd, go

Changes from siderolabs/pkgs

7 commits

Changes from siderolabs/tools

1 commit

Dependency Changes

  • github.com/docker/cli v27.1.1 new
  • github.com/docker/docker v27.2.0 -> v27.1.1
  • github.com/siderolabs/pkgs v1.8.0-24-ge72b2f4 -> v1.8.0-31-g9c80a4a
  • github.com/siderolabs/talos/pkg/machinery v1.8.2 -> v1.8.3
  • github.com/siderolabs/tools v1.8.0-2-g7719230 -> v1.8.0-3-g653182a

Previous release can be found at v1.8.2

Images

ghcr.io/siderolabs/flannel:v0.25.7
registry.k8s.io/coredns/coredns:v1.11.3
gcr.io/etcd-development/etcd:v3.5.16
registry.k8s.io/kube-apiserver:v1.31.2
registry.k8s.io/kube-controller-manager:v1.31.2
registry.k8s.io/kube-scheduler:v1.31.2
registry.k8s.io/kube-proxy:v1.31.2
ghcr.io/siderolabs/kubelet:v1.31.2
ghcr.io/siderolabs/installer:v1.8.3
registry.k8s.io/pause:3.10

v1.9.0-alpha.2

08 Nov 18:01
v1.9.0-alpha.2
0290a38
Compare
Choose a tag to compare
v1.9.0-alpha.2 Pre-release
Pre-release

Talos 1.9.0-alpha.2 (2024-11-08)

Welcome to the v1.9.0-alpha.2 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

AppArmor

Talos Linux starting with v1.9 will ship with SELinux LSM enabled by default.
If you need to use AppArmor LSM add the following to the machine configuration:

machine:
  install:
     extraKernelArgs:
      - -selinux
      - lsm=lockdown,capability,yama,apparmor,bpf
      - apparmor=1

Auditd

Talos Linux now starts a auditd service by default.
Logs can be read with talosctl logs auditd.

talosctl cgroups

The talosctl cgroups command has been added to the talosctl tool.
This command allows you to view the cgroup resource consumption and limits for a machine, e.g.
talosctl cgroups --preset memory.

udevd

Talos previously used udevd to provide udevd, now it uses systemd-udevd instead.

Component Updates

Linux: 6.6.59
containerd: 2.0.0
Flannel: 0.26.0
Kubernetes: 1.32.0-beta.0
runc: 1.2.1

Talos is built with Go 1.23.2.

User Namespaces

Talos Linux now supports running Kubernetes pods with user namespaces enabled.
Refer to the documentation for more information.

Contributors

  • Andrey Smirnov
  • Noel Georgi
  • Dmitriy Matrenichev
  • Dmitry Sharshakov
  • Joakim Nohlgård
  • Jean-Francois Roy
  • Utku Ozdemir
  • blablu
  • Adolfo Ochagavía
  • Dan Rue
  • David Backeus
  • Eddie Wang
  • Florian Ströger
  • Hexoplon
  • Jakob Maležič
  • KBAegis
  • Mike Beaumont
  • Nebula
  • Nico Berlee
  • Philip Schmid
  • Philipp Kleber
  • Remko Molier
  • Robby Ciliberto
  • Ryan Borstelmann
  • Serge Logvinov
  • Spencer Smith
  • Steven Cassamajor
  • Tim Jones
  • adilTepe
  • ekarlso
  • naed3r
  • nevermarine
  • solidDoWant

Changes

145 commits

  • 0290a3881 release(v1.9.0-alpha.2): prepare release
  • a309f6aa5 chore: fix nil pointer dereference in AWS uploader
  • 333737f17 test: fix unpriviliged process runner test
  • 200116705 chore(ci): save support zip always after tests
  • 6a42c3b8e release(v1.9.0-alpha.1): prepare release
  • fb72e4b7b fix(ci): skip test if UserNamespacesSupport feature gate is not set
  • 11380f933 feat: display current CPU frequency on dashboard
  • fbce267ae feat: check bridged interfaces should not have addresses
  • 942962bf0 docs: add docs on usernamespace support in k8s
  • 0406a05a9 chore: update pkgs to ones built with gcc 14.2
  • 2e127627d docs: add apparmor enablement release notes
  • aa9311f3d fix: install disk matcher error
  • 1800f8104 fix: selinux handling and apparmor tests
  • 313bffadf feat: update Kubernetes to v1.32.0-beta.0
  • bbfa14451 feat: update containerd to v2.0.0
  • 8e02b9fcb docs: update manual k8s upgrade docs
  • 474949dc7 feat: add dm-cache dm-cache-smq kernel modules
  • 5112547d6 chore: generate support zip for crashdump
  • a867f85e4 feat: label system socket and runtime files
  • 398f714cf feat: update Linux 6.6.59, runc 1.2.1
  • 05c620957 feat: allow extra mounts for docker-based talosctl cluster create
  • cedabeddf chore: cleanup code
  • 61d363e1d chore: update go-auditlib
  • 960a04049 feat: start enabling SELinux
  • 7f3aaa21c fix: update permissions for logging directories in /var
  • 0e6c983b8 fix: mount /sys/kernel/security conditionally
  • 74b0e8c37 fix: make route normalization keep family
  • 0a3761c22 fix: talosctl windows arm64
  • 4b10c5328 chore: add Windows ARM64 build for talosctl
  • 9abf16108 feat: add auditd service
  • d464ca869 chore: drop runc memfd bind added in #9069
  • b54d26c2c fix: mount pseudo sub-mountpoints in init
  • 7aeb15f73 chore: disable coredns cache for cluster domain
  • d8b652150 docs: add warning about NVMe bus path bug
  • 3e16ab135 feat: update Kubernetes to v1.32.0-alpha.3
  • 0b8b35677 feat: add BridgePort property to network machine configuration
  • b37950625 fix: use more correct condition to skip generating hosts files
  • 62ec7ec33 refactor: replace the old v1 mount package with new one
  • 0ece13c62 docs: update network-config.md (cont)
  • 93827f048 docs: update network-config.md
  • 423b1e5fb fix: do not trim 0 from process SELinux label
  • 2136358d6 feat: introduce metal agent mode
  • 0e15955fc chore: small refactoring
  • 66012a7f2 feat: remove wrapperd and launch processes directly
  • 3a0a17ae6 fix: prevent panic in nocloud platform code
  • dc0c6acbd refactor: remove unmaintained github.com/vishvananda/netlink
  • 78353f791 feat: add parsing of vlanNNNN:ethX style VLAN cmdline args
  • 9db7a36bf fix: generation of SecureBoot iso
  • c755b6d7e fix: update the CRI sandbox image reference
  • cec290b35 feat: allow extensions to log to console
  • b7801df82 fix: wait for udevd to be running before activating LVM
  • d4cb478a5 docs: improve field description for BridgeSTP, BridgeVLAN
  • 7329824b2 docs: add Mynewsdesk to ADOPTERS.md
  • a13cf76a3 chore: simplify DNSUpstreamController and DNSUpstream resource
  • 62d185473 fix: talosctl process null character
  • 77d7368ea feat: update containerd to v2.0.0-rc.6
  • d39393879 fix: rework the 'metal-iso' config acquisition
  • 1993afca9 chore: create /usr/etc in a different step
  • 8680351c1 chore: move system extensions' udev rules
  • 3067f64c8 feat: update Flannel to v0.26.0
  • 8658d6865 docs: typo in deploying cilium
  • 49bbadc4b docs: add documentation on performance tuning
  • 534b0ce18 feat: update runc to 1.2.0 final
  • 217253523 docs: fix image factory links
  • 375e3da73 feat: update Kubernetes to 1.32.0-alpha.2
  • 9e6f64df0 fix: improve error messages for invalid bridge/bond configuration
  • 7c8c72c2b fix: correct error message for invalid ip=
  • ead46997c chore: rename tpm2.PCRExtent -> tpm2.PCRExtend
  • 867c4b812 docs: fix typo in prodnotes.md
  • 1b22df48a chore: support debug shell for advanced development
  • c14b44622 feat: update Kubernetes to v1.32.0-alpha.1
  • 29780d35a test: add an integration test for verifying process parameters
  • 3d342af44 fix: update incorrect alias for PCIDevice resource
  • f7d35a5e0 release(v1.9.0-alpha.0): prepare release
  • e0434d77d feat: update dependencies
  • 5c5a24886 feat: add Talos 1.9 compatibility guarantees
  • bc4c21f41 test: add json logs test environment
  • 71faa3294 docs: nvidia proprietary/oss hardware requirement
  • 59a78da42 chore: add proto-codec/codec
  • 7ff1cedfe chore: update siderolabs/crypto module and return proper ALPN
  • ccbd5aed3 feat: optionally decode hcloud userdata as base64
  • 34f652ce8 feat: add well-known app.kubernetes.io labels to control-plane pods
  • fc89dc216 fix: support extra-disks when using iso
  • f2bff814d chore: add arm64 target for integration-test
  • 5853bb0ea fix: json logging panic
  • a859cff36 chore: use virtio driver for disks in arm64
  • db248de88 chore(ci): add config for lldpd extension
  • 9f0de9f43 test: update provision upgrade tests for Talos 1.9
  • 39fe285e6 fix: skip ram disks
  • a9bff3a1d test: skip no error test in Cilium
  • 4d902021b fix: do not use pflag csv comma reader for config-patch
  • 5371788ce fix: typo in documentation
  • 8a228ba6b docs: add egress documentation
  • 182325cb0 test: skip lvm test if not enough user disks available
  • 519a48302 fix: wipe system partitions correctly via kernel args
  • 0a2b4556c fix: volume encryption with failing keyslots
  • 6affbd318 fix: update grpc-go the latest patch release
  • 77a4a4adc fix: scaleway metadata
  • 7acadc0c8 fix: do not stop udevd before unmounting volumes
  • 6a081055b feat: update Flannel to v0.25.7
  • 2362f6d3e fix: improve container detection
  • b67bc73fd fix: fix mdadm system extension
  • f08669c7a feat: bring in lpfc kernel module driver
  • 6a014374b feat: enable QEDF driver
  • f711907e0 fix: make /var/run empty on reboots
  • 7d02eb60f docs: fix typo in CloudStack docs
  • 74861573a fix: multiple fixes for LVM activation
  • 74c12c20e feat: replace eudev with systemd-udevd
  • 0a4df4ef8 docs: fi...
Read more

v1.8.2

28 Oct 13:26
v1.8.2
88f861a
Compare
Choose a tag to compare

Talos 1.8.2 (2024-10-28)

Welcome to the v1.8.2 release of Talos!

Starting with Talos v1.8.0, only standard assets would be published as github release assets. These include:

  • cloud-images.json
  • talosctl binaries
  • kernel
  • initramfs
  • metal iso and disk images
  • talosctl-cni-bundle

All other release assets can be downloaded from Image Factory.

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.6.58
containerd: 2.0.0-rc.6
runc: 1.2.0
Kubernetes: 1.31.2

Talos is built with Go 1.22.8.

Contributors

  • Andrey Smirnov
  • Dmitriy Matrenichev
  • Joakim Nohlgård
  • Noel Georgi
  • Philip Schmid
  • Philipp Kleber
  • Serge Logvinov

Changes

18 commits

  • 88f861a08 release(v1.8.2): prepare release
  • cfc10106a fix: include iptables/netfilter ipv6 fix
  • d8e2daf77 fix: wait for udevd to be running before activating LVM
  • e105a3d74 fix: talosctl process null character
  • 0e96e99b2 fix: rework the 'metal-iso' config acquisition
  • 7ef579650 fix: improve error messages for invalid bridge/bond configuration
  • a3fcbe0ba chore: rename tpm2.PCRExtent -> tpm2.PCRExtend
  • a9e6e60ca fix: correct error message for invalid ip=
  • 49de0abaa fix: update incorrect alias for PCIDevice resource
  • 9b561ac3d feat: add Talos 1.9 compatibility guarantees
  • 2ea3f85bc chore: update siderolabs/crypto module and return proper ALPN
  • ce4791251 feat: optionally decode hcloud userdata as base64
  • f20a6900d fix: json logging panic
  • d855bb8be fix: skip ram disks
  • b429e7f28 fix: do not use pflag csv comma reader for config-patch
  • ee44f2c51 test: skip no error test in Cilium
  • 7d055af29 fix: scaleway metadata
  • 9f62fe96c feat: update pkgs and Kubernetes

Changes from siderolabs/crypto

1 commit

Changes from siderolabs/go-circular

1 commit

Changes from siderolabs/pkgs

8 commits

Changes from siderolabs/siderolink

1 commit

Dependency Changes

  • github.com/klauspost/compress v1.17.10 -> v1.17.11
  • github.com/siderolabs/crypto v0.4.4 -> v0.5.0
  • github.com/siderolabs/go-circular v0.2.0 -> v0.2.1
  • github.com/siderolabs/pkgs v1.8.0-16-g71d23b4 -> v1.8.0-24-ge72b2f4
  • github.com/siderolabs/siderolink v0.3.10 -> v0.3.11
  • github.com/siderolabs/talos/pkg/machinery v1.8.1 -> v1.8.2
  • golang.org/x/time v0.6.0 -> v0.7.0
  • k8s.io/api v0.31.1 -> v0.31.2
  • k8s.io/apiserver v0.31.1 -> v0.31.2
  • k8s.io/client-go v0.31.1 -> v0.31.2
  • k8s.io/component-base v0.31.1 -> v0.31.2
  • k8s.io/kube-scheduler v0.31.1 -> v0.31.2
  • k8s.io/kubectl v0.31.1 -> v0.31.2
  • k8s.io/kubelet v0.31.1 -> v0.31.2
  • k8s.io/pod-security-admission v0.31.1 -> v0.31.2

Previous release can be found at v1.8.1

Images

ghcr.io/siderolabs/flannel:v0.25.7
registry.k8s.io/coredns/coredns:v1.11.3
gcr.io/etcd-development/etcd:v3.5.16
registry.k8s.io/kube-apiserver:v1.31.2
registry.k8s.io/kube-controller-manager:v1.31.2
registry.k8s.io/kube-scheduler:v1.31.2
registry.k8s.io/kube-proxy:v1.31.2
ghcr.io/siderolabs/kubelet:v1.31.2
ghcr.io/siderolabs/installer:v1.8.2
registry.k8s.io/pause:3.9

v1.9.0-alpha.0

18 Oct 15:01
v1.9.0-alpha.0
f7d35a5
Compare
Choose a tag to compare
v1.9.0-alpha.0 Pre-release
Pre-release

Talos 1.9.0-alpha.0 (2024-10-18)

Welcome to the v1.9.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

talosctl cgroups

The talosctl cgroups command has been added to the talosctl tool.
This command allows you to view the cgroup resource consumption and limits for a machine, e.g.
talosctl cgroups --preset memory.

udevd

Talos previously used udevd to provide udevd, now it uses systemd-udevd instead.

Component Updates

Linux: 6.6.57
containerd: 2.0.0-rc.5
Flannel: 0.25.7

Talos is built with Go 1.23.2.

Contributors

  • Andrey Smirnov
  • Dmitriy Matrenichev
  • Noel Georgi
  • Dmitry Sharshakov
  • Jean-Francois Roy
  • Adolfo Ochagavía
  • Dan Rue
  • Eddie Wang
  • Florian Ströger
  • Hexoplon
  • Mike Beaumont
  • Philip Schmid
  • Philipp Kleber
  • Robby Ciliberto
  • Ryan Borstelmann
  • Serge Logvinov
  • Spencer Smith
  • Steven Cassamajor
  • Tim Jones
  • adilTepe
  • ekarlso
  • naed3r

Changes

72 commits

  • f7d35a5e0 release(v1.9.0-alpha.0): prepare release
  • e0434d77d feat: update dependencies
  • 5c5a24886 feat: add Talos 1.9 compatibility guarantees
  • bc4c21f41 test: add json logs test environment
  • 71faa3294 docs: nvidia proprietary/oss hardware requirement
  • 59a78da42 chore: add proto-codec/codec
  • 7ff1cedfe chore: update siderolabs/crypto module and return proper ALPN
  • ccbd5aed3 feat: optionally decode hcloud userdata as base64
  • 34f652ce8 feat: add well-known app.kubernetes.io labels to control-plane pods
  • fc89dc216 fix: support extra-disks when using iso
  • f2bff814d chore: add arm64 target for integration-test
  • 5853bb0ea fix: json logging panic
  • a859cff36 chore: use virtio driver for disks in arm64
  • db248de88 chore(ci): add config for lldpd extension
  • 9f0de9f43 test: update provision upgrade tests for Talos 1.9
  • 39fe285e6 fix: skip ram disks
  • a9bff3a1d test: skip no error test in Cilium
  • 4d902021b fix: do not use pflag csv comma reader for config-patch
  • 5371788ce fix: typo in documentation
  • 8a228ba6b docs: add egress documentation
  • 182325cb0 test: skip lvm test if not enough user disks available
  • 519a48302 fix: wipe system partitions correctly via kernel args
  • 0a2b4556c fix: volume encryption with failing keyslots
  • 6affbd318 fix: update grpc-go the latest patch release
  • 77a4a4adc fix: scaleway metadata
  • 7acadc0c8 fix: do not stop udevd before unmounting volumes
  • 6a081055b feat: update Flannel to v0.25.7
  • 2362f6d3e fix: improve container detection
  • b67bc73fd fix: fix mdadm system extension
  • f08669c7a feat: bring in lpfc kernel module driver
  • 6a014374b feat: enable QEDF driver
  • f711907e0 fix: make /var/run empty on reboots
  • 7d02eb60f docs: fix typo in CloudStack docs
  • 74861573a fix: multiple fixes for LVM activation
  • 74c12c20e feat: replace eudev with systemd-udevd
  • 0a4df4ef8 docs: fix nvidia CRI config example
  • afc1e1a46 docs: fix typo in extraMounts directory
  • a341bdb06 fix: prevent file descriptors leaks to child processes
  • dec653bfe chore: better lvm2 tests
  • 908fd8789 feat: support cgroup deep analysis in talosctl
  • aa846cc18 feat: add support for CI Network config in nocloud
  • 10f2539f2 chore: disable cloud-images cron workflow
  • b07a8b36b chore: ignore more plugins for system containerd
  • 392c4798f feat: prepare for Talos 1.9
  • ea7bf9fb4 docs: update storage.md
  • 4ab8dee69 fix: build talosctl without tcell_minimal
  • 2fa019bd9 docs: enable 'edit on GitHub' link
  • d2ccbc2b1 docs: update hetzner documentation for CCM
  • d498f647c docs: fix Kernel Self Protection Project (KSPP) references
  • 0ec75463e docs: make Talos 1.8 current release
  • 9b77698cf fix: update blockdevice library to v2.0.2
  • e46227ab9 docs: fix kubespan name inconsistency
  • 6b15ca19c fix: audit and fix cgroup reservations
  • 32b5d01ed chore: bump lvm2
  • 6484581eb feat: allow /sbin/ldconfig in extensions
  • 9fa08e843 chore: refactor tests
  • d8ab4981b feat: support lvm auto activation
  • 8166a58b3 fix: filter out non-printable characters in process line
  • 806b6aaf5 docs: add SECURITY.md
  • 7bd26df30 docs: document /dev/net/tun compatibility
  • 18daedb51 fix: strategic merge patch delete for map keys
  • f3370529a docs: correct typo
  • 8d6884a8e test: add a test for inline machine config trusted roots
  • d4a6d017d fix: ignore invalid NTP responses
  • 869f8379f feat: update default Kubernetes version to 1.31.1
  • 780a1f198 fix: update CoreDNS health check
  • 79cd03158 chore: account for resource sorting in dns upstream resource
  • e17fafaca chore: drop activateLogicalVolumes sequencer step
  • a294b366f fix: parse SideroLink API endpoint correctly
  • a9269ac7b fix: remove extra logging on ethtool ioctl failures
  • 5c6277d17 feat: update etcd to 3.5.16
  • c1ed2984b docs: add what's new for Talos 1.8

Changes from siderolabs/crypto

1 commit

Changes from siderolabs/discovery-client

1 commit

Changes from siderolabs/extras

2 commits

Changes from siderolabs/go-blockdevice

1 commit

Changes from siderolabs/go-circular

1 commit

Changes from siderolabs/go-kubernetes

1 commit

Changes from siderolabs/grpc-proxy

2 commits

Changes from siderolabs/pkgs

25 commits

Changes from siderolabs/proto-codec

3 commits

Changes from siderolabs/siderolink

1 commit

Changes from siderolabs/tools

5 commits

Read more

v1.8.1

08 Oct 19:05
v1.8.1
477752f
Compare
Choose a tag to compare

Talos 1.8.1 (2024-10-08)

Welcome to the v1.8.1 release of Talos!

Starting with Talos v1.8.0, only standard assets would be published as github release assets. These include:

  • cloud-images.json
  • talosctl binaries
  • kernel
  • initramfs
  • metal iso and disk images
  • talosctl-cni-bundle

All other release assets can be downloaded from Image Factory.

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.6.54
containerd: 2.0.0-rc.5
Flannel: 0.25.7

Talos is built with Go 1.22.8.

Contributors

  • Andrey Smirnov
  • Hexoplon
  • ekarlso

Changes

16 commits

  • 477752fe6 release(v1.8.1): prepare release
  • 362c9f812 test: skip lvm test if not enough user disks available
  • 79305007f chore: checkout extensions from release-1.8, not main
  • f6d630624 fix: wipe system partitions correctly via kernel args
  • 4d279c65f fix: volume encryption with failing keyslots
  • 070defad1 fix: update grpc-go the latest patch release
  • a2d12fd7b feat: update Flannel to v0.25.7
  • e2f560b96 feat: bring in lpfc kernel module driver
  • 788336afb feat: enable QEDF driver
  • e4341fa66 fix: make /var/run empty on reboots
  • 66228ef10 fix: multiple fixes for LVM activation
  • 5f4515f30 fix: prevent file descriptors leaks to child processes
  • a55103ee6 chore: ignore more plugins for system containerd
  • ffcdc0bb7 fix: build talosctl without tcell_minimal
  • d29f66079 feat: add support for CI Network config in nocloud
  • 01e580bdd feat: update Go 1.22.8, Linux, pkgs

Changes from siderolabs/pkgs

8 commits

Changes from siderolabs/tools

1 commit

Dependency Changes

  • github.com/klauspost/compress v1.17.9 -> v1.17.10
  • github.com/siderolabs/go-blockdevice/v2 v2.0.2 -> v2.0.3
  • github.com/siderolabs/pkgs v1.8.0-8-gdf1a1a5 -> v1.8.0-16-g71d23b4
  • github.com/siderolabs/talos/pkg/machinery v1.8.0 -> v1.8.1
  • github.com/siderolabs/tools v1.8.0-1-ga0c06c6 -> v1.8.0-2-g7719230
  • google.golang.org/grpc v1.66.0 -> v1.66.3

Previous release can be found at v1.8.0

Images

ghcr.io/siderolabs/flannel:v0.25.7
registry.k8s.io/coredns/coredns:v1.11.3
gcr.io/etcd-development/etcd:v3.5.16
registry.k8s.io/kube-apiserver:v1.31.1
registry.k8s.io/kube-controller-manager:v1.31.1
registry.k8s.io/kube-scheduler:v1.31.1
registry.k8s.io/kube-proxy:v1.31.1
ghcr.io/siderolabs/kubelet:v1.31.1
ghcr.io/siderolabs/installer:v1.8.1
registry.k8s.io/pause:3.9

v1.7.7

26 Sep 17:20
v1.7.7
6879408
Compare
Choose a tag to compare

Talos 1.7.7 (2024-09-26)

Welcome to the v1.7.7 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.6.52
Kubernetes: 1.30.5
containerd: 1.7.22
runc: 1.1.14

Talos is built with Go 1.22.7.

Contributors

  • Andrey Smirnov
  • Dmitriy Matrenichev
  • Matthieu Mottet
  • Mike Beaumont
  • Noel Georgi
  • Utku Ozdemir

Changes

12 commits

  • 687940847 release(v1.7.7): prepare release
  • e53eff902 fix: ignore invalid NTP responses
  • 28b81b2b0 fix: report internally service as unhealthy if not running
  • da5b526e5 fix: report errors correctly when pulling, fix EEXIST
  • 1e4e5acfe chore: drop calico from interactive installer
  • e6fd4e078 fix: merge extension service config files by mountPath
  • c95d1fee6 fix: add missing host/nvme-rdma
  • 0bd287838 fix: bump go-smbios for broken SMIOS tables
  • 63b59ebe4 fix: add NVMe target kernel modules
  • d7b713679 fix: retry with another upstream if the previous failed
  • c7f2da147 fix: fix graph diffs in dashboard when node aliases are used
  • ae230db28 feat: update Linux 6.6.52, Kubernetes 1.30.3

Changes from siderolabs/go-smbios

2 commits

Changes from siderolabs/pkgs

4 commits

Changes from siderolabs/tools

1 commit

Dependency Changes

  • github.com/containerd/containerd v1.7.16 -> v1.7.22
  • github.com/containerd/containerd/api v1.7.19 new
  • github.com/containerd/errdefs v0.1.0 new
  • github.com/containerd/platforms v0.2.1 new
  • github.com/siderolabs/go-smbios v0.3.2 -> v0.3.3
  • github.com/siderolabs/pkgs v1.7.0-29-gf0c088f -> v1.7.0-33-g868e459
  • github.com/siderolabs/talos/pkg/machinery v1.7.6 -> v1.7.7
  • github.com/siderolabs/tools v1.7.0-4-gc844dc3 -> v1.7.0-5-gc936ce1
  • k8s.io/api v0.30.3 -> v0.30.5
  • k8s.io/apimachinery v0.30.3 -> v0.30.5
  • k8s.io/apiserver v0.30.3 -> v0.30.5
  • k8s.io/client-go v0.30.3 -> v0.30.5
  • k8s.io/component-base v0.30.3 -> v0.30.5
  • k8s.io/kube-scheduler v0.30.3 -> v0.30.5
  • k8s.io/kubectl v0.30.3 -> v0.30.5
  • k8s.io/kubelet v0.30.3 -> v0.30.5
  • k8s.io/pod-security-admission v0.30.3 -> v0.30.5

Previous release can be found at v1.7.6

Images

ghcr.io/siderolabs/flannel:v0.25.3
ghcr.io/siderolabs/install-cni:v1.7.0-2-g7c627a8
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.13
registry.k8s.io/kube-apiserver:v1.30.5
registry.k8s.io/kube-controller-manager:v1.30.5
registry.k8s.io/kube-scheduler:v1.30.5
registry.k8s.io/kube-proxy:v1.30.5
ghcr.io/siderolabs/kubelet:v1.30.5
ghcr.io/siderolabs/installer:v1.7.7
registry.k8s.io/pause:3.8

v1.8.0

23 Sep 14:43
v1.8.0
5cc935f
Compare
Choose a tag to compare

Talos 1.8.0 (2024-09-23)

Welcome to the v1.8.0 release of Talos!

Starting with Talos v1.8.0, only standard assets would be published as github release assets. These include:

  • cloud-images.json
  • talosctl binaries
  • kernel
  • initramfs
  • metal iso and disk images
  • talosctl-cni-bundle

All other release assets can be downloaded from Image Factory.

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Node Annotations

Talos Linux now supports configuring Kubernetes node annotations via machine configuration (.machine.nodeAnnotations) in a way similar to node labels.

Workload Apparmor Profile

Talos Linux can now apply the default AppArmor profiles to all workloads started via containerd, if the machine is installed with the AppArmor LSM enforced via the extraKernelArgs.

Eg:

machine:
    install:
        extraKernelArgs:
            - security=apparmor

Bridge Interface

Talos Linux now support configuring 'vlan_filtering' for bridge interfaces.

Machine Configuration via Kernel Command Line

Talos Linux supports supplying zstd-compressed, base64-encoded machine configuration small documents via the kernel command line parameter talos.config.inline.

CNI Plugins

Talos Linux now bundles by default the following standard CNI plugins:

  • bridge
  • firewall
  • flannel
  • host-local
  • loopback
  • portmap

The Talos bundled Flannel manifest was simplified to remove the install-cni step.

Accessing /dev/net/tun in Kubernetes Pods

Talos Linux ships with runc 1.2, which drops legacy rule to expose /dev/net/tun devices by default in the container.

If you need to access /dev/net/tun in your Kubernetes pods (e.g. running Tailscale as a Kubernetes pod), you can add use device plugins to expose /dev/net/tun to the pod.

Diagnostics

Talos Linux now shows diagnostics information for common problems related to misconfiguration via talosctl health and Talos dashboard.

Disk Management

Talos Linux now supports configuration for the EPHEMERAL volume.

Extensions in Kubernetes Nodes

Talos Linux now publishes list of installed extensions as Kubernetes node labels/annotations.

The key format is extensions.talos.dev/<name> and the value is the extension version.
If the extension name is not valid as a label key, it will be skipped.
If the extension version is a valid label value, it will be put to the label; otherwise it will be put to the annotation.

For Talos machines booted of the Image Factory artifacts, this means that the schematic ID will be published as the annotation
extensions.talos.dev/schematic (as it is longer than 63 characters).

DNS Forwarding for CoreDNS pods

Usage of the host DNS resolver as upstream for Kubernetes CoreDNS pods is now enabled by default. You can disable it
with:

machine:
  features:
    hostDNS:
      enabled: true
      forwardKubeDNSToHost: false

Please note that on running cluster you will have to kill CoreDNS pods for this change to apply.

The IP address used to forward DNS queries has changed to the fixed 169.254.116.108 address.
For those upgrading from Talos 1.7 with forwardKubeDNSToHost enabled, the old Kubernetes service
can be cleaned up with kubectl delete -n kube-system service host-dns.

Installer

Talos Linux installer now never wipes the system disk on upgrades, which means that the flag
--preserve is always set for talosctl upgrade.

talos.halt_if_installed kernel argument

Starting with Talos 1.8, ISO's generated from Boot Assets would have a new kernel argument talos.halt_if_installed which would pause the boot sequence until boot timeout if Talos is already installed on the disk.
ISO generated for pre 1.8 versions would not have this kernel argument.

This can be also explicitly enabled by setting talos.halt_if_installed=1 in kernel argument.

Slim Kubelet Image

Kubelet container image includes various utilities that kubelet might use to perform various tasks.

Starting with Kubernetes 1.31.0, kubelet image now includes less utilities, as the in-tree CSI plugins were
removed in Kubernetes 1.31.0. This reduces kubelet image size and potential attack surface.

For Kubernetes < 1.31.0, there will be two images built:

  • v1.x.y (default, fat)
  • v1.x.y-slim (slim)

For Kubernetes >= 1.31.0, there will be same two images built, but the
default tag would point to slim image:

  • v1.x.y (default, slim)
  • v1.x.y-fat (fat)

KubeSpan

Extra announced endpoints can be added using the KubespanEndpointsConfig document.

Default Node Labels

Talos Linux on config generation now adds a label node.kubernetes.io/exclude-from-external-load-balancers by default for the control plane nodes.

PCI Devices

A list of PCI devices can now be obtained via PCIDevices resource, e.g. talosctl get pcidevices.

Metal images

Starting with Talos 1.8, console=ttyS0 kernel argument is removed from the metal images and installer. If running virtualized in QEMU (For eg: Proxmox), this can be added as an extra kernel argument if needed via Image Factory or using Imager.

This should fix slow boot or no console output issues on most bare metal hardware.

NVIDIA GPU Support

Starting with Talos 1.8.0, SideroLabs would ships extensions for both LTS and Production versions of NVIDIA extensions.
For more details see the CHANGELOG of extensions.

Upgrades with an exisiting schematic id from Image Factory would keep the existing LTS version of the NVIDIA extension.

Removing parts of the configuration using $patch: delete syntax

Talos Linux now supports removing parts of the configuration using the $patch: delete syntax similar to the kubernetes.
More information can be found here.

Platform Support

Talos Linux now supports Apache CloudStack platform.

kube-proxy

Talos Linux configures kube-proxy >= v1.31.0 to use 'nftables' backend by default.

Secure Boot

Talos Linux now can optionally include well-known UEFI (Microsoft) SecureBoot keys into the auto-enrollment UEFI database.

Custom Trusted Roots

Talos Linux now supports adding custom trusted roots (CA certificates) via TrustedRootsConfig configuration documents.

Device Extra Settle Timeout

Talos Linux now supports a kernel command line argument talos.device.settle_time=3m to set the device extra settle timeout to workaround issues with broken drivers.

Component Updates

Kubernetes: 1.31.1
Linux: 6.6.52
containerd: 2.0.0-rc.4
runc: 1.2.0-rc.3
etcd: 3.5.16
Flannel: 0.25.6
Flannel CNI plugin: 1.5.1
CoreDNS: 1.1.13

Talos is built with Go 1.22.7.

ZSTD Compression

Talos Linux now compresses kernel and initramfs using ZSTD.
Linux arm64 kernel is now compressed (previously it was uncompressed).

Contributors

  • Andrey Smirnov
  • Dmitriy Matrenichev
  • Noel Georgi
  • Artem Chernyshev
  • Utku Ozdemir
  • Dmitry Sharshakov
  • Justin Garrison
  • Spencer Smith
  • Steve Francis
  • Bernard Gütermann
  • Jean-Francois Roy
  • Konrad Eriksson
  • Serge Logvinov
  • Tim Jones
  • doctor_ew
  • Amadeus Mader
  • Andrew Rynhard
  • Anthony ARNAUD
  • Attila Oláh
  • Birger J. Nordølum
  • Caleb Woodbine
  • Claus Albøge
  • Daniel Höxtermann
  • David Birks
  • Dean
  • Dennis Marttinen
  • Eddie Zaneski
  • Enrique Hernández Bello
  • EricMa
  • Evan Johnson
  • Fabian Topfstedt
  • Florian Ströger
  • Fredrik Lundhag
  • George Gaál
  • Grzegorz Rozniecki
  • Grzegorz Rożniecki
  • Igor Rzegocki
  • Josia Scheytt
  • Judah Rand
  • Marcel Richter
  • Marco Franssen
  • Marcus Förster
  • Matthias Riegler
  • Matthieu Mottet
  • Maxime Brunet
  • Michael Trip
  • Mike Beaumont
  • Nick Meyer
  • Nicklas Frahm
  • Ole-Magnus Sæther
  • Roman Ivanov
  • Ron Olson
  • Saravanan G
  • Simon-Boyer
  • Skyler Mäntysaari
  • Steve Fan
  • Steve Martinelli
  • Steven Fackler
  • Syoc
  • USBAkimbo
  • Will Bush
  • cryptk
  • darox
  • dhaines-quera
  • leppeK
  • looklose

Changes

318 commits

  • 5cc935f74 release(v1.8.0): prepare release
  • ec32f44c3 test: bump resources for Rook/Ceph test
  • 8fb2f24b4 fix: update blockdevice library to v2.0.2
  • 4c7948bb4 chore: better lvm2 tests
  • 882582a8e docs: fix kubespan name inconsistency
  • f136c031c feat: update pkgs
  • 67ba47825 chore: refactor tests
  • 920d8c829 fix: audit and fix cgroup reservations
  • c8dedbe11 fix: filter out non-printable characters in process line
  • 70d3c91fb feat: support lvm auto activation
  • 4d44677f4 docs: document /dev/net/tun compatibility
  • 32076935f fix: strategic merge patch delete for map keys
  • 7478db75a release(v1.8.0-beta.1): prepare release
  • a43e7247b feat: update Linux to 6.6.51
  • bd9167512 test: add a test for inline machine config trusted roots
  • siderolabs/talos@...
Read more

v1.8.0-beta.1

16 Sep 14:37
v1.8.0-beta.1
7478db7
Compare
Choose a tag to compare
v1.8.0-beta.1 Pre-release
Pre-release

Talos 1.8.0-beta.1 (2024-09-16)

Welcome to the v1.8.0-beta.1 release of Talos!
This is a pre-release of Talos

Starting with Talos v1.8.0, only standard assets would be published as github release assets. These include:

  • cloud-images.json
  • talosctl binaries
  • kernel
  • initramfs
  • metal iso and disk images
  • talosctl-cni-bundle

All other release assets can be downloaded from Image Factory.

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Node Annotations

Talos Linux now supports configuring Kubernetes node annotations via machine configuration (.machine.nodeAnnotations) in a way similar to node labels.

Workload Apparmor Profile

Talos Linux can now apply the default AppArmor profiles to all workloads started via containerd, if the machine is installed with the AppArmor LSM enforced via the extraKernelArgs.

Eg:

machine:
    install:
        extraKernelArgs:
            - security=apparmor

Bridge Interface

Talos Linux now support configuring 'vlan_filtering' for bridge interfaces.

Machine Configuration via Kernel Command Line

Talos Linux supports supplying zstd-compressed, base64-encoded machine configuration small documents via the kernel command line parameter talos.config.inline.

CNI Plugins

Talos Linux now bundles by default the following standard CNI plugins:

  • bridge
  • firewall
  • flannel
  • host-local
  • loopback
  • portmap

The Talos bundled Flannel manifest was simplified to remove the install-cni step.

Diagnostics

Talos Linux now shows diagnostics information for common problems related to misconfiguration via talosctl health and Talos dashboard.

Disk Management

Talos Linux now supports configuration for the EPHEMERAL volume.

Extensions in Kubernetes Nodes

Talos Linux now publishes list of installed extensions as Kubernetes node labels/annotations.

The key format is extensions.talos.dev/<name> and the value is the extension version.
If the extension name is not valid as a label key, it will be skipped.
If the extension version is a valid label value, it will be put to the label; otherwise it will be put to the annotation.

For Talos machines booted of the Image Factory artifacts, this means that the schematic ID will be published as the annotation
extensions.talos.dev/schematic (as it is longer than 63 characters).

DNS Forwarding for CoreDNS pods

Usage of the host DNS resolver as upstream for Kubernetes CoreDNS pods is now enabled by default. You can disable it
with:

machine:
  features:
    hostDNS:
      enabled: true
      forwardKubeDNSToHost: false

Please note that on running cluster you will have to kill CoreDNS pods for this change to apply.

The IP address used to forward DNS queries has changed to the fixed 169.254.116.108 address.
For those upgrading from Talos 1.7 with forwardKubeDNSToHost enabled, the old Kubernetes service
can be cleaned up with kubectl delete -n kube-system service host-dns.

Installer

Talos Linux installer now never wipes the system disk on upgrades, which means that the flag
--preserve is always set for talosctl upgrade.

talos.halt_if_installed kernel argument

Starting with Talos 1.8, ISO's generated from Boot Assets would have a new kernel argument talos.halt_if_installed which would pause the boot sequence until boot timeout if Talos is already installed on the disk.
ISO generated for pre 1.8 versions would not have this kernel argument.

This can be also explicitly enabled by setting talos.halt_if_installed=1 in kernel argument.

Slim Kubelet Image

Kubelet container image includes various utilities that kubelet might use to perform various tasks.

Starting with Kubernetes 1.31.0, kubelet image now includes less utilities, as the in-tree CSI plugins were
removed in Kubernetes 1.31.0. This reduces kubelet image size and potential attack surface.

For Kubernetes < 1.31.0, there will be two images built:

  • v1.x.y (default, fat)
  • v1.x.y-slim (slim)

For Kubernetes >= 1.31.0, there will be same two images built, but the
default tag would point to slim image:

  • v1.x.y (default, slim)
  • v1.x.y-fat (fat)

KubeSpan

Extra announced endpoints can be added using the KubespanEndpointsConfig document.

Default Node Labels

Talos Linux on config generation now adds a label node.kubernetes.io/exclude-from-external-load-balancers by default for the control plane nodes.

PCI Devices

A list of PCI devices can now be obtained via PCIDevices resource, e.g. talosctl get pcidevices.

Metal images

Starting with Talos 1.8, console=ttyS0 kernel argument is removed from the metal images and installer. If running virtualized in QEMU (For eg: Proxmox), this can be added as an extra kernel argument if needed via Image Factory or using Imager.

This should fix slow boot or no console output issues on most bare metal hardware.

NVIDIA GPU Support

Starting with Talos 1.8.0, SideroLabs would ships extensions for both LTS and Production versions of NVIDIA extensions.
For more details see the CHANGELOG of extensions.

Upgrades with an exisiting schematic id from Image Factory would keep the existing LTS version of the NVIDIA extension.

Removing parts of the configuration using $patch: delete syntax

Talos Linux now supports removing parts of the configuration using the $patch: delete syntax similar to the kubernetes.
More information can be found here.

Platform Support

Talos Linux now supports Apache CloudStack platform.

kube-proxy

Talos Linux configures kube-proxy >= v1.31.0 to use 'nftables' backend by default.

Secure Boot

Talos Linux now can optionally include well-known UEFI (Microsoft) SecureBoot keys into the auto-enrollment UEFI database.

Custom Trusted Roots

Talos Linux now supports adding custom trusted roots (CA certificates) via TrustedRootsConfig configuration documents.

Device Extra Settle Timeout

Talos Linux now supports a kernel command line argument talos.device.settle_time=3m to set the device extra settle timeout to workaround issues with broken drivers.

Component Updates

Kubernetes: 1.31.1
Linux: 6.6.51
containerd: 2.0.0-rc.4
runc: 1.2.0-rc.3
etcd: 3.5.16
Flannel: 0.25.6
Flannel CNI plugin: 1.5.1
CoreDNS: 1.1.13

Talos is built with Go 1.22.7.

ZSTD Compression

Talos Linux now compresses kernel and initramfs using ZSTD.
Linux arm64 kernel is now compressed (previously it was uncompressed).

Contributors

  • Andrey Smirnov
  • Dmitriy Matrenichev
  • Noel Georgi
  • Artem Chernyshev
  • Utku Ozdemir
  • Dmitry Sharshakov
  • Justin Garrison
  • Spencer Smith
  • Steve Francis
  • Bernard Gütermann
  • Jean-Francois Roy
  • Konrad Eriksson
  • Serge Logvinov
  • doctor_ew
  • Amadeus Mader
  • Andrew Rynhard
  • Anthony ARNAUD
  • Attila Oláh
  • Birger J. Nordølum
  • Caleb Woodbine
  • Claus Albøge
  • Daniel Höxtermann
  • David Birks
  • Dean
  • Dennis Marttinen
  • Eddie Zaneski
  • Enrique Hernández Bello
  • EricMa
  • Evan Johnson
  • Fabian Topfstedt
  • Fredrik Lundhag
  • George Gaál
  • Grzegorz Rozniecki
  • Grzegorz Rożniecki
  • Igor Rzegocki
  • Josia Scheytt
  • Judah Rand
  • Marcel Richter
  • Marco Franssen
  • Marcus Förster
  • Matthias Riegler
  • Matthieu Mottet
  • Maxime Brunet
  • Michael Trip
  • Mike Beaumont
  • Nick Meyer
  • Nicklas Frahm
  • Ole-Magnus Sæther
  • Roman Ivanov
  • Ron Olson
  • Saravanan G
  • Simon-Boyer
  • Skyler Mäntysaari
  • Steve Fan
  • Steve Martinelli
  • Steven Fackler
  • Syoc
  • Tim Jones
  • USBAkimbo
  • Will Bush
  • cryptk
  • darox
  • dhaines-quera
  • leppeK
  • looklose

Changes

306 commits

  • 7478db75a release(v1.8.0-beta.1): prepare release
  • a43e7247b feat: update Linux to 6.6.51
  • bd9167512 test: add a test for inline machine config trusted roots
  • 073ba2585 feat: update default Kubernetes version to 1.31.1
  • 815e4bae8 fix: ignore invalid NTP responses
  • cdabb7bcf fix: update CoreDNS health check
  • a159ea9cc chore: account for resource sorting in dns upstream resource
  • c030eef15 fix: parse SideroLink API endpoint correctly
  • c37234643 chore: drop activateLogicalVolumes sequencer step
  • 9e60f1708 fix: remove extra logging on ethtool ioctl failures
  • 5eb5ff532 feat: update etcd to 3.5.16
  • 51b91d64e release(v1.8.0-beta.0): prepare release
  • 899f1b900 feat: implement "$patch: delete" logic
  • 545f75fd7 feat: acquire machine config inline from kernel cmdline
  • 361283401 chore: version specific kube-scheduler health checks
  • d64ce44e4 chore(ci): e2e gcp
  • cd7c68266 chore: disallow duplicate documents on decoder level
  • bcaf63628 feat: update dependencies
  • dd4185b14 feat: add KubeSpan extra endpoint configuration
  • 3038ccfa8 feat: add configuration for EPHEMERAL volume
  • siderolabs/talos@f...
Read more

v1.8.0-beta.0

09 Sep 16:47
v1.8.0-beta.0
51b91d6
Compare
Choose a tag to compare
v1.8.0-beta.0 Pre-release
Pre-release

Talos 1.8.0-beta.0 (2024-09-09)

Welcome to the v1.8.0-beta.0 release of Talos!
This is a pre-release of Talos

Starting with Talos v1.8.0, only standard assets would be published as github release assets. These include:

  • cloud-images.json
  • talosctl binaries
  • kernel
  • initramfs
  • metal iso and disk images
  • talosctl-cni-bundle

All other release assets can be downloaded from Image Factory.

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Node Annotations

Talos Linux now supports configuring Kubernetes node annotations via machine configuration (.machine.nodeAnnotations) in a way similar to node labels.

Workload Apparmor Profile

Talos Linux can now apply the default AppArmor profiles to all workloads started via containerd, if the machine is installed with the AppArmor LSM enforced via the extraKernelArgs.

Eg:

machine:
    install:
        extraKernelArgs:
            - security=apparmor

Bridge Interface

Talos Linux now support configuring 'vlan_filtering' for bridge interfaces.

Machine Configuration via Kernel Command Line

Talos Linux supports supplying zstd-compressed, base64-encoded machine configuration small documents via the kernel command line parameter talos.config.inline.

CNI Plugins

Talos Linux now bundles by default the following standard CNI plugins:

  • bridge
  • firewall
  • flannel
  • host-local
  • loopback
  • portmap

The Talos bundled Flannel manifest was simplified to remove the install-cni step.

Diagnostics

Talos Linux now shows diagnostics information for common problems related to misconfiguration via talosctl health and Talos dashboard.

Disk Management

Talos Linux now supports configuration for the EPHEMERAL volume.

Extensions in Kubernetes Nodes

Talos Linux now publishes list of installed extensions as Kubernetes node labels/annotations.

The key format is extensions.talos.dev/<name> and the value is the extension version.
If the extension name is not valid as a label key, it will be skipped.
If the extension version is a valid label value, it will be put to the label; otherwise it will be put to the annotation.

For Talos machines booted of the Image Factory artifacts, this means that the schematic ID will be published as the annotation
extensions.talos.dev/schematic (as it is longer than 63 characters).

DNS Forwarding for CoreDNS pods

Usage of the host DNS resolver as upstream for Kubernetes CoreDNS pods is now enabled by default. You can disable it
with:

machine:
  features:
    hostDNS:
      enabled: true
      forwardKubeDNSToHost: false

Please note that on running cluster you will have to kill CoreDNS pods for this change to apply.

The IP address used to forward DNS queries has changed to the fixed 169.254.116.108 address.
For those upgrading from Talos 1.7 with forwardKubeDNSToHost enabled, the old Kubernetes service
can be cleaned up with kubectl delete -n kube-system service host-dns.

Installer

Talos Linux installer now never wipes the system disk on upgrades, which means that the flag
--preserve is always set for talosctl upgrade.

talos.halt_if_installed kernel argument

Starting with Talos 1.8, ISO's generated from Boot Assets would have a new kernel argument talos.halt_if_installed which would pause the boot sequence until boot timeout if Talos is already installed on the disk.
ISO generated for pre 1.8 versions would not have this kernel argument.

This can be also explicitly enabled by setting talos.halt_if_installed=1 in kernel argument.

Slim Kubelet Image

Kubelet container image includes various utilities that kubelet might use to perform various tasks.

Starting with Kubernetes 1.31.0, kubelet image now includes less utilities, as the in-tree CSI plugins were
removed in Kubernetes 1.31.0. This reduces kubelet image size and potential attack surface.

For Kubernetes < 1.31.0, there will be two images built:

  • v1.x.y (default, fat)
  • v1.x.y-slim (slim)

For Kubernetes >= 1.31.0, there will be same two images built, but the
default tag would point to slim image:

  • v1.x.y (default, slim)
  • v1.x.y-fat (fat)

KubeSpan

Extra announced endpoints can be added using the KubespanEndpointsConfig document.

Default Node Labels

Talos Linux on config generation now adds a label node.kubernetes.io/exclude-from-external-load-balancers by default for the control plane nodes.

PCI Devices

A list of PCI devices can now be obtained via PCIDevices resource, e.g. talosctl get pcidevices.

Metal images

Starting with Talos 1.8, console=ttyS0 kernel argument is removed from the metal images and installer. If running virtualized in QEMU (For eg: Proxmox), this can be added as an extra kernel argument if needed via Image Factory or using Imager.

This should fix slow boot or no console output issues on most bare metal hardware.

NVIDIA GPU Support

Starting with Talos 1.8.0, SideroLabs would ships extensions for both LTS and Production versions of NVIDIA extensions.
For more details see the CHANGELOG of extensions.

Upgrades with an exisiting schematic id from Image Factory would keep the existing LTS version of the NVIDIA extension.

Removing parts of the configuration using $patch: delete syntax

Talos Linux now supports removing parts of the configuration using the $patch: delete syntax similar to the kubernetes.
More information can be found here.

Platform Support

Talos Linux now supports Apache CloudStack platform.

kube-proxy

Talos Linux configures kube-proxy >= v1.31.0 to use 'nftables' backend by default.

Secure Boot

Talos Linux now can optionally include well-known UEFI (Microsoft) SecureBoot keys into the auto-enrollment UEFI database.

Custom Trusted Roots

Talos Linux now supports adding custom trusted roots (CA certificates) via TrustedRootsConfig configuration documents.

Device Extra Settle Timeout

Talos Linux now supports a kernel command line argument talos.device.settle_time=3m to set the device extra settle timeout to workaround issues with broken drivers.

Component Updates

Kubernetes: 1.31.0
Linux: 6.6.49
containerd: 2.0.0-rc.4
runc: 1.2.0-rc.3
etcd: 3.5.15
Flannel: 0.25.6
Flannel CNI plugin: 1.5.1
CoreDNS: 1.1.13

Talos is built with Go 1.22.7.

ZSTD Compression

Talos Linux now compresses kernel and initramfs using ZSTD.
Linux arm64 kernel is now compressed (previously it was uncompressed).

Contributors

  • Andrey Smirnov
  • Dmitriy Matrenichev
  • Noel Georgi
  • Artem Chernyshev
  • Utku Ozdemir
  • Dmitry Sharshakov
  • Justin Garrison
  • Spencer Smith
  • Steve Francis
  • Bernard Gütermann
  • Jean-Francois Roy
  • Konrad Eriksson
  • Serge Logvinov
  • doctor_ew
  • Amadeus Mader
  • Andrew Rynhard
  • Anthony ARNAUD
  • Attila Oláh
  • Birger J. Nordølum
  • Caleb Woodbine
  • Claus Albøge
  • Daniel Höxtermann
  • David Birks
  • Dean
  • Dennis Marttinen
  • Eddie Zaneski
  • Enrique Hernández Bello
  • EricMa
  • Evan Johnson
  • Fabian Topfstedt
  • Fredrik Lundhag
  • George Gaál
  • Grzegorz Rozniecki
  • Grzegorz Rożniecki
  • Igor Rzegocki
  • Josia Scheytt
  • Judah Rand
  • Marcel Richter
  • Marco Franssen
  • Marcus Förster
  • Matthias Riegler
  • Matthieu Mottet
  • Maxime Brunet
  • Michael Trip
  • Mike Beaumont
  • Nick Meyer
  • Nicklas Frahm
  • Ole-Magnus Sæther
  • Roman Ivanov
  • Ron Olson
  • Saravanan G
  • Simon-Boyer
  • Skyler Mäntysaari
  • Steve Fan
  • Steve Martinelli
  • Steven Fackler
  • Syoc
  • Tim Jones
  • USBAkimbo
  • Will Bush
  • cryptk
  • darox
  • dhaines-quera
  • leppeK
  • looklose

Changes

295 commits

  • 51b91d64e release(v1.8.0-beta.0): prepare release
  • 899f1b900 feat: implement "$patch: delete" logic
  • 545f75fd7 feat: acquire machine config inline from kernel cmdline
  • 361283401 chore: version specific kube-scheduler health checks
  • d64ce44e4 chore(ci): e2e gcp
  • cd7c68266 chore: disallow duplicate documents on decoder level
  • bcaf63628 feat: update dependencies
  • dd4185b14 feat: add KubeSpan extra endpoint configuration
  • 3038ccfa8 feat: add configuration for EPHEMERAL volume
  • faffa4c3f fix: never unarchive initramfs when loading boot assets in talosctl
  • 07b91797c fix: report internally service as unhealthy if not running
  • bc8bf9e8a feat: update Linux 6.6.49
  • 7edcbbb83 chore: support gcp in cloud-image-uploader
  • 0a870200e chore: remove matrix links from docs
  • db6ef1ee9 test: update Talos versions in Image Factory tests
  • ec3844c46 release(v1.8.0-alpha.2): prepare release
  • 6f7c3a8e5 fix: build of talosctl on non-Linux arches
  • f0a59cec7 release(v1.8.0-alpha.2): prepare release
  • c8aed3be4 fix: correctly add console args for ttyS0
  • b453385bd feat: support volume configuration, provisioning, e...
Read more

v1.8.0-alpha.2

02 Sep 11:38
v1.8.0-alpha.2
ec3844c
Compare
Choose a tag to compare
v1.8.0-alpha.2 Pre-release
Pre-release

Talos 1.8.0-alpha.2 (2024-09-02)

Welcome to the v1.8.0-alpha.2 release of Talos!
This is a pre-release of Talos

Starting with Talos v1.8.0, only standard assets would be published as github release assets. These include:

  • cloud-images.json
  • talosctl binaries
  • kernel
  • initramfs
  • metal iso and disk images
  • talosctl-cni-bundle

All other release assets can be downloaded from Image Factory.

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Node Annotations

Talos Linux now supports configuring Kubernetes node annotations via machine configuration (.machine.nodeAnnotations) in a way similar to node labels.

Workload Apparmor Profile

Talos Linux can now apply the default AppArmor profiles to all workloads started via containerd, if the machine is installed with the AppArmor LSM enforced via the extraKernelArgs.

Eg:

machine:
    install:
        extraKernelArgs:
            - security=apparmor

Bridge Interface

Talos Linux now support configuring 'vlan_filtering' for bridge interfaces.

CNI Plugins

Talos Linux now bundles by default the following standard CNI plugins:

  • bridge
  • firewall
  • flannel
  • host-local
  • loopback
  • portmap

The Talos bundled Flannel manifest was simplified to remove the install-cni step.

Diagnostics

Talos Linux now shows diagnostics information for common problems related to misconfiguration via talosctl health and Talos dashboard.

Extensions in Kubernetes Nodes

Talos Linux now publishes list of installed extensions as Kubernetes node labels/annotations.

The key format is extensions.talos.dev/<name> and the value is the extension version.
If the extension name is not valid as a label key, it will be skipped.
If the extension version is a valid label value, it will be put to the label; otherwise it will be put to the annotation.

For Talos machines booted of the Image Factory artifacts, this means that the schematic ID will be published as the annotation
extensions.talos.dev/schematic (as it is longer than 63 characters).

DNS Forwarding for CoreDNS pods

Usage of the host DNS resolver as upstream for Kubernetes CoreDNS pods is now enabled by default. You can disable it
with:

machine:
  features:
    hostDNS:
      enabled: true
      forwardKubeDNSToHost: false

Please note that on running cluster you will have to kill CoreDNS pods for this change to apply.

The IP address used to forward DNS queries has changed to the fixed 169.254.116.108 address.
For those upgrading from Talos 1.7 with forwardKubeDNSToHost enabled, the old Kubernetes service
can be cleaned up with kubectl delete -n kube-system service host-dns.

Installer

Talos Linux installer now never wipes the system disk on upgrades, which means that the flag
--preserve is always set for talosctl upgrade.

talos.halt_if_installed kernel argument

Starting with Talos 1.8, ISO's generated from Boot Assets would have a new kernel argument talos.halt_if_installed which would pause the boot sequence until boot timeout if Talos is already installed on the disk.
ISO generated for pre 1.8 versions would not have this kernel argument.

This can be also explicitly enabled by setting talos.halt_if_installed=1 in kernel argument.

Slim Kubelet Image

Kubelet container image includes various utilities that kubelet might use to perform various tasks.

Starting with Kubernetes 1.31.0, kubelet image now includes less utilities, as the in-tree CSI plugins were
removed in Kubernetes 1.31.0. This reduces kubelet image size and potential attack surface.

For Kubernetes < 1.31.0, there will be two images built:

  • v1.x.y (default, fat)
  • v1.x.y-slim (slim)

For Kubernetes >= 1.31.0, there will be same two images built, but the
default tag would point to slim image:

  • v1.x.y (default, slim)
  • v1.x.y-fat (fat)

Default Node Labels

Talos Linux on config generation now adds a label node.kubernetes.io/exclude-from-external-load-balancers by default for the control plane nodes.

PCI Devices

A list of PCI devices can now be obtained via PCIDevices resource, e.g. talosctl get pcidevices.

Metal images

Starting with Talos 1.8, console=ttyS0 kernel argument is removed from the metal images and installer. If running virtualized in QEMU (For eg: Proxmox), this can be added as an extra kernel argument if needed via Image Factory or using Imager.

This should fix slow boot or no console output issues on most bare metal hardware.

NVIDIA GPU Support

Starting with Talos 1.8.0, SideroLabs would ships extensions for both LTS and Production versions of NVIDIA extensions.
For more details see the CHANGELOG of extensions.

Upgrades with an exisiting schematic id from Image Factory would keep the existing LTS version of the NVIDIA extension.

Platform Support

Talos Linux now supports Apache CloudStack platform.

kube-proxy

Talos Linux configures kube-proxy >= v1.31.0 to use 'nftables' backend by default.

Secure Boot

Talos Linux now can optionally include well-known UEFI (Microsoft) SecureBoot keys into the auto-enrollment UEFI database.

Custom Trusted Roots

Talos Linux now supports adding custom trusted roots (CA certificates) via TrustedRootsConfig configuration documents.

Device Extra Settle Timeout

Talos Linux now supports a kernel command line argument talos.device.settle_time=3m to set the device extra settle timeout to workaround issues with broken drivers.

Component Updates

Kubernetes: 1.31.0
Linux: 6.6.47
containerd: 2.0.0-rc.4
runc: 1.2.0-rc.2
etcd: 3.5.15
Flannel: 0.25.6
Flannel CNI plugin: 1.5.1
CoreDNS: 1.1.13

Talos is built with Go 1.22.6.

ZSTD Compression

Talos Linux now compresses kernel and initramfs using ZSTD.
Linux arm64 kernel is now compressed (previously it was uncompressed).

Contributors

  • Andrey Smirnov
  • Dmitriy Matrenichev
  • Noel Georgi
  • Utku Ozdemir
  • Artem Chernyshev
  • Dmitry Sharshakov
  • Justin Garrison
  • Spencer Smith
  • Steve Francis
  • Bernard Gütermann
  • Jean-Francois Roy
  • Konrad Eriksson
  • Serge Logvinov
  • doctor_ew
  • Amadeus Mader
  • Andrew Rynhard
  • Anthony ARNAUD
  • Attila Oláh
  • Birger J. Nordølum
  • Caleb Woodbine
  • Claus Albøge
  • Daniel Höxtermann
  • David Birks
  • Dean
  • Dennis Marttinen
  • Eddie Zaneski
  • Enrique Hernández Bello
  • EricMa
  • Evan Johnson
  • Fabian Topfstedt
  • Fredrik Lundhag
  • George Gaál
  • Grzegorz Rozniecki
  • Grzegorz Rożniecki
  • Igor Rzegocki
  • Josia Scheytt
  • Judah Rand
  • Marcel Richter
  • Marco Franssen
  • Marcus Förster
  • Matthias Riegler
  • Matthieu Mottet
  • Maxime Brunet
  • Michael Trip
  • Mike Beaumont
  • Nick Meyer
  • Nicklas Frahm
  • Ole-Magnus Sæther
  • Roman Ivanov
  • Ron Olson
  • Saravanan G
  • Simon-Boyer
  • Skyler Mäntysaari
  • Steve Fan
  • Steve Martinelli
  • Steven Fackler
  • Syoc
  • Tim Jones
  • USBAkimbo
  • Will Bush
  • cryptk
  • darox
  • dhaines-quera
  • leppeK
  • looklose

Changes

280 commits

  • ec3844c46 release(v1.8.0-alpha.2): prepare release
  • 6f7c3a8e5 fix: build of talosctl on non-Linux arches
  • f0a59cec7 release(v1.8.0-alpha.2): prepare release
  • c8aed3be4 fix: correctly add console args for ttyS0
  • b453385bd feat: support volume configuration, provisioning, etc
  • b6b16b35f chore: pause sequencer when talos installed and iso booted
  • eade0a9f2 chore: bring in uio modules
  • 81f9fcd9c fix: report errors correctly when pulling, fix EEXIST
  • b309e87b4 docs: fix invalid input in field user_data
  • c7474877a docs: kubeProxyReplacement from "disabled" to "false"
  • be2ebf6b4 chore: bump dependencies
  • 88601bff4 chore: drop calico from interactive installer
  • 106c17d0b chore: aarch64 qemu local secureboot support
  • da6263506 feat: update Flannel to v0.25.6
  • 19a44c2b0 chore: drop console ttyS0 argument
  • 75cecb421 feat: add Apache Cloudstack support
  • 951cf66fd feat: add Cisco fnic driver
  • 2d3bc94bf fix(ci): fix broken tests
  • a9551b7ca fix: host DNS access with firewall enabled
  • 4834a61a8 feat: report SELinux labels
  • 8fe39eacb chore: move csi tests as go test
  • e4f8cb854 fix: merge extension service config files by mountPath
  • 5ba1df469 chore: add java package to protos
  • 823480800 fix: add missing host/nvme-rdma
  • 5b4b64979 fix: bump go-smbios for broken SMIOS tables
  • f57d1f07e fix: add NVMe target kernel modules
  • 5ff6cf82c fix: drop /opt mount for containers/tink
  • 3c0db34d8 docs: update kubespan docs
  • 3041d9075 fix: always handle PermissionDenied in dashboard resource watches
  • 36f83eea9 chore: make qemu check flag consistent with code
  • fe52cb074 chore: update protoc-gen-doc
  • ee4290f68 fix: bind HostDNS to 169.254.x link-local address
  • c312a46f6 chore: restructure k8s component health checks
  • e193e7db9 docs: fix incorrect path...
Read more