siderolabs/omni v0.39.0-beta.0 on GitHub

Omni 0.39.0-beta.0 (2024-07-04)

Welcome to the v0.39.0-beta.0 release of Omni!
This is a pre-release of Omni

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Equinix Metal

Equinix metal is now available as a download/PXE option in the UI/CLI.

Exposed Services Reliability

Exposed services proxy now provides more reliable connection to the underlying services for slower networks in the cluster.
Also if some nodes are down the proxy will evict them from the routing.

Insecure Node Access

It is now possible to access nodes running in maintenance mode using talosctl.
Omni account wide talosconfig and at least Operator user role is required for that.
No --insecure flag should be set.

Maintenance Talos Updates

Machine's Talos version can now be updated without adding the machine to a cluster.
Either talosctl upgrade -n <uuid> or the UI (Machines page) can be used for that.

Contributors

David Anderson
Artem Chernyshev
Brad Fitzpatrick
Utku Ozdemir
Andrey Smirnov
Dmitriy Matrenichev
AdamEr8
Andrey Smirnov
Andrey Smirnov
Dominic Evans
Khionu Sybiern
Nathan Johnson
Ryan Cox
Vincent Batts
ignoramous

Changes

28 commits

48c102a release(v0.39.0-beta.0): prepare release
26a61be fix: add resource caches for missing resource types
5d953e4 fix: do not re-create peer on the remote addr change
08717d9 fix: get rid of config patches for the maintenance configs
b910c20 chore: add resource throughput metrics
9671551 fix: use proper permissions for cluster taint resource
09a8b36 fix: enable etcd client keep-alives by default
5e46841 chore: add go.work file
3810ccb fix: properly clean up stale Talos gRPC backends
80d9277 feat: bump service exposer version to 1.1.3
20b08ea fix: allow changing machine set node mgmt mode if it has no nodes
c9b8b3f feat: add Equinix metal option in the download installation media
5460134 chore: bump dependencies
cd8bac4 feat: read real IP from the provision API gRPC requests
b47acf2 feat: support insecure access to the nodes running in maintenance
2f05ab0 feat: show N/∞ in the machine set if unlim allocation policy is used
dc7c2b3 fix: detect the old vs. new URL format correctly on workload proxying
e9bca13 feat: use tcp loadbalancer for exposed services
17f7168 chore: bump COSI runtime version, use its task runner
85424da fix: do better handling of small screens
8b16da3 fix: use proper z-index for the tooltip component
92afd42 chore: replace append with slices pkg functions
ccc9d22 chore: update runtime and go-api-signature modules
551286e chore: bump go to 1.22.4, rekres
271bb70 chore: migrate to oidc v3
6dcfd4c feat: handle all goroutine panics gracefully
c565666 feat: provide cleaner UI for the machine sets/machines lists
e69df41 fix: redo EtcdManualBackupShouldBeCreated

Changes from siderolabs/go-api-signature

1 commit

782aac0 chore: bump deps

Changes from siderolabs/go-loadbalancer

1 commit

0639758 chore: bump deps

Changes from siderolabs/siderolink

1 commit

e76747b chore: migrate to rtnetlink/2

Changes from siderolabs/tcpproxy

70 commits

3d4e7b8 chore: rename to siderolabs/tcpproxy
6f85d8e Implement correct half-close sequence for the connections.
8bea9a4 Add support for TCP_USER_TIMEOUT setting
91f8614 remove old ACME tls-sni-01 stuff that LetsEncrypt removed March 2019
74ca1dc add Proxy.AddSNIRouteFunc to do lookups by SNI dynamically
4e04b92 gofmt for Go 1.19
be3ee21 (doc): s/tlsproxy/tcpproxy
2e577fe Modified TestProxyPROXYOut to conform with the fixed version of PROXY protocol header format
0f9bced Fixed HAProxy's PROXY protocol v1 Human-readable header format in DialProxy
2825d76 fix(test): update travis and e2e selfSignedCert fn
b6bb9b5 Update import path to inet.af/tcpproxy
dfa16c6 tlsrouter/README: fix the go get url
f5c09fb Take advantage of Go 1.11's splice support, unwrap Conns in DialProxy.HandleConn
7f81f77 Work around deadlock with Go tip (at Go rev f3f7bd5)
7efa37f Quiet log spam in test.
dbc1514 Adding the HostName field to the Conn struct (#18)
2b928d9 Link to docs
de1c7de Add support for arbitrary matching against HTTP and SNI hostnames.
c6a0996 Support configurable routing of ACME tls-sni-01 challenges.
815c942 Merge matcher and route into an interface that yields a Target.
2065af4 Support HAProxy's PROXY protocol v1 in DialProxy.
e030359 Fix golint nits by adding docstrings and simplifying execution flow.
6d97c2a Correct the package building command, and only deploy for master branch commits.
aa12504 Another attempt to fix Travis.
f6af481 Make Travis test all packages, and remove the go.universe.tf import path.
d7e343e Fix the godoc link to point to google/tcpproxy.
bef9f6a Merge bradfitz's tcpproxy codebase with the software formerly known as tlsrouter.
d86e96a Move tlsrouter's readme to the command's directory.
9e73877 Switch license to Apache2, add Google copyright headers.
cbf137d Correct the travis build to kinda work.
3eb49e9 Move tlsrouter to cmd/tlsrouter, in preparation for rewrite as a pkg.
af97cdd Fix copy/paste-o in doc example.
3273f40 Add vendor warning
e387889 Add TargetListener
2eb0155 Start of tcpproxy. No Listener or reverse dialing yet.
c58b44c Make golint fail if lint errors are found, and fix said lint.
4621df9 Clean up the Travis build a bit more, moving more stuff to the deploy stage.
96cc76f Test Travis's new build stage support.
bbbede8 Make travis fetch the test-only dependency.
4b8641f Add support for HAProxy's PROXY protocol.
d23eadc Upload packages based on Go 1.8, not 1.7.
7ef32e3 Add Go 1.8 to the build matrix.
e07ecec typo
aa3f9c9 Remove debug print in acme code.
6664640 Stop testing against Go 1.6.
728b8bc Add ACME routing support.
a5c2ccd Use nogroup as the group, not nobody.
a94dbd1 Port extra error checking over from netboot.
3cd4412 Clean up travis config a bit, and add missing copyright notice.
aded796 Add a deploy step to garbage-collect old packagecloud files.
3e6354c Random change to force travis rebuild on latest code.
77fa998 Attempt to create a package with no version name.
bfef4ba Revert to just debian/jessie. It's the same package anyway.
173db90 Try the obvious way to specify a matrix of package tags.
ea58780 Limit the deploy to only the go 1.7 build.
a2d0c96 Skip cleanup so travis doesn't delete the freshly built .deb.
73ee2e7 Attempt a packagecloud push.
cbd4ea6 Attempt to build a debian package with FPM.
4f5b46f Add a systemd unit file to run tlsrouter.
8cc8cac Document -hello-timeout in README.
e0a0158 Add slowloris protection, in the form of a ClientHello timeout.
09cc4bb Remove support for SSL 3.0.
c41a68d Add tests for hostname matching, and make DNS matches match entire string.
6546db4 Fix vet errors in Go 1.6.
e34c2a6 Add more words to README.
b321571 Add godoc comments to appease golint.
55ba69d Add a Travis CI config.
b8a3ed8 Add DNS name support to config
0a0a9f6 Add licensing and contributing information for release.
b1edd90 Initial commit.

Dependency Changes

filippo.io/age 6ad4560f4afc -> v1.2.0
github.com/aws/aws-sdk-go-v2 v1.27.0 -> v1.30.0
github.com/aws/aws-sdk-go-v2/config v1.27.16 -> v1.27.21
github.com/aws/aws-sdk-go-v2/credentials v1.17.16 -> v1.17.21
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.16.21 -> v1.17.1
github.com/aws/aws-sdk-go-v2/service/s3 v1.54.3 -> v1.56.1
github.com/containers/image/v5 v5.31.0 -> v5.31.1
github.com/cosi-project/runtime v0.4.6 -> v0.5.0
github.com/go-jose/go-jose/v4 v4.0.2 new
github.com/google/go-containerregistry v0.19.1 -> v0.19.2
github.com/siderolabs/go-api-signature v0.3.2 -> v0.3.3
github.com/siderolabs/go-loadbalancer v0.3.3 -> v0.3.4
github.com/siderolabs/siderolink v0.3.8 -> v0.3.9
github.com/siderolabs/tcpproxy v0.1.0 new
github.com/spf13/cobra v1.8.0 -> v1.8.1
github.com/zitadel/oidc/v3 v3.25.1 new
golang.org/x/crypto v0.23.0 -> v0.24.0
golang.org/x/net v0.25.0 -> v0.26.0
golang.org/x/tools v0.21.0 -> v0.22.0
google.golang.org/protobuf v1.34.1 -> v1.34.2
k8s.io/api v0.30.1 -> v0.30.2
k8s.io/client-go v0.30.1 -> v0.30.2
k8s.io/klog/v2 v2.120.1 -> v2.130.1
sigs.k8s.io/controller-runtime v0.18.3 -> v0.18.4

Previous release can be found at v0.38.0