siderolabs/talos v1.3.0-alpha.2 on GitHub

Talos 1.3.0-alpha.2 (2022-11-17)

Welcome to the v1.3.0-alpha.2 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

kube-apiserver Audit Policy

Talos now supports setting custom audit policy for kube-apiserver in the machine configuration.

cgroups v1

Talos defaults to using cgroups v2 when Talos doesn't run in a container (when running in a container
Talos follows host cgroups mode).
Talos can now be forced to use cgroups v1 by setting boot kernel argument talos.unified_cgroup_hierarchy=0:

machine:
  install:
    extraKernelArgs:
      - "talos.unified_cgroup_hierarchy=0"

Current cgroups mode can be checked with talosctl ls /sys/fs/cgroup:

cgroups v1:

blkio
cpu
cpuacct
cpuset
devices
freezer
hugetlb
memory
net_cls
net_prio
perf_event
pids

cgroups v2:

cgroup.controllers
cgroup.max.depth
cgroup.max.descendants
cgroup.procs
cgroup.stat
cgroup.subtree_control
cgroup.threads
cpu.stat
cpuset.cpus.effective
cpuset.mems.effective
init
io.stat
kubepods
memory.numa_stat
memory.stat
podruntime
system

Note: cgroupsv1 is deprecated and it should be used only for compatibility with workloads which don't support cgroupsv2 yet.

Kernel Command Line ip= Argument

Talos now supports referencing interface name via enxMAC address notation:

ip=172.20.0.2::172.20.0.1:255.255.255.0::enx7085c2dfbc59

CRI Configuration Overrides

Talos no longer supports CRI config overrides placed in /var/cri/conf.d directory.

New way correctly handles merging of containerd/CRI plugin configuration.

etcd Consistency Check

Talos enables --experimental-compact-hash-check-enabled option by default to improve
etcd store consistency guarantees.

This options is only available with etcd >= v3.5.5, so Talos doesn't support version of etcd before v3.5.5.

etcd Member ID

Talos now internally handles etcd member removal by member ID instead of member name (hostname).
This resolves the case when member name is not accurate or empty (eg: when etcd hasn't fully joined yet).

Command talosctl etcd remove-member now accepts member IDs instead of member names.

New resource can be used to get member ID of the Talos node:

talosctl get etcdmember

Exocale Platform

Talos now supports new platform: Exoscale.

Exoscale provides a firewall, TCP load balancer and autoscale groups.
It works well with CCM and Kubernetes node autoscaler.

Kernel Modules

Talos now supports settings kernel module parameters.

Eg:

machine:
  kernel:
    modules:
      - name: "br_netfilter"
        parameters:
          - nf_conntrack_max=131072

KubeSpan

KubeSpan MTU link size is now configurable via network.kubespan.mtu setting in the machine configuration.

Node Labels

Talos now supports specifying node labels in the machine configuration:

machine:
  nodeLabels:
    rack: rack1a
    zone: us-east-1a

Changes to the node labels will be applied immediately without kubelet restart.

Talos keeps track of the owned node labels in the talos.dev/owned-labels annotation.

Routes

Talos now supports setting MTU for a specific route.

Nano Pi R4S

Talos now supports the Nano Pi R4S SBC.

Raspberry Generic Images

The Raspberry Pi 4 specific image has been deprecated and will be removed in the v1.4 release of Talos.
Talos now ships a generic Raspberry Pi image that should support more Raspberry Pi variants.
Refer to the docs at https://www.talos.dev/v1.3/talos-guides/install/single-board-computers/rpi_generic/ to find which ones are supported.

Encryption with secretbox

By default new clusters will use secretbox for encryption instead of AESCBC.
If both are configured secretbox will take precedence.
Old clusters may keep using AESCBC.
To enable secretbox you may add an encryption secret at cluster.secretboxEncryptionSecret.
You should keep aescbcEncryptionSecret however, even if secretbox is enabled older data will still be encrypted with AESCBC.

How to generate the secret:

dd if=/dev/random of=/dev/stdout bs=32 count=1 | base64

Static Pod Manifests

The directory "/etc/kubernetes/manifests" is now deprecated.
Static pods should always be configured in machine.pods.
To reenable support you may set machine.kubelet.disableManifestsDirectory.

Eg:

machine:
  kubelet:
    disableManifestsDirectory: no

Component Updates

Kubernetes: v1.26.0-rc.0
Flannel: v0.20.1
CoreDNS: v1.10.0
etcd: v3.5.5
Linux: 5.15.77
containerd: v1.6.9

Talos is built with Go 1.19.3.

Contributors

Andrey Smirnov
Noel Georgi
Andrey Smirnov
Michal Witkowski
Artem Chernyshev
Artem Chernyshev
Dmitriy Matrenichev
Alexey Palazhchenko
Serge Logvinov
Andrey Smirnov
Philipp Sauter
Andrew Rynhard
Steve Francis
Utku Ozdemir
Andrew Rynhard
Tim Jones
Seán C McCord
Kris Reeves
Marvin Drees
Spencer Smith
Branden Cash
Brandon Nason
Cameron Brunner
DJAlPee
Daniel Low
Gerard de Leeuw
Jack Wink
Jon Stelly
Martin Stone
Matt Zahorik
Maxim Makarov
Olli Janatuinen
Pau Campana
Rubens Farias
Sander Maijers
Spencer Smith
ankitm123
emattiza
killcity

Changes

174 commits

9e44341c4 release(v1.3.0-alpha.2): prepare release
aa56aed79 feat: publish discovered public IP as one of the KubeSpan endpoint
9382443ba feat: update Kubernetes to v1.26.0-rc.0
6ffc381c5 feat: implement CRI configuration customization
e1e340bdd feat: expose Talos node labels as a machine configuration field
c78bbbfda docs: specify that only XFS partitions are detected
b881a9a79 chore: bump dependencies
5bfd7dbfa test: fix assertion on reboot test
1cfb6188b feat: implement support for cgroupsv1
3866d0e33 feat: update Kubernetes to v1.26.0-beta.0
e1590ba7b fix: lifecycle action tracking
804762c59 feat: add timeout to cli action tracking, track by default & refactor
4e114ca12 feat: use the etcd member id for etcd operations instead of hostname
06fea2441 feat: expand platform metadata resources
03a20da9d fix: filter up duplicate IPs out of NodeAddresses
6b771bc73 chore: bump deps
96aa9638f chore: rename talos-systems/talos to siderolabs/talos
30bbf6463 refactor: use siderolabs/net version with netip.Addr
343c55762 chore: replace talos-systems Go modules with siderolabs
0301bbe93 fix: check if processes is nil to avoid panic
08e7e49a2 test: update versions for upgrade tests
0b41923c3 fix: restore the StaticPodStatus resource
1947092ae chore: introduce a healthcheck for machined service
3333cd93c fix: generate correct Flannel config for IPv6-only clusters
d7070f5e7 release(v1.3.0-alpha.1): prepare release
869f3b5a5 feat: network configuration improvements on the OpenStack platform
29f2195e1 feat: support exoscale cloud
8b4ae08d1 fix: etcd snapshot command on Windows
8bfa7ac1d feat: platform metadata resource
7e50e24c0 fix: properly cleanup legacy static pod manifests directory
6ee47bcc6 fix: support serving config for qemu launcher on IPv6
6c3d11b49 docs: admission control patch note
4ea3b99b5 fix: serve static pod files on 127.0.0.1 instead of localhost
23842114f feat: support encryption with secretbox
f6773c472 docs: talos support on equinix metal
b307160f6 chore: bump dependencies
d7edd0e2e refactor: use go-circular, go-kubeconfig, and go-tail
c6e1702ec feat: use URL-based manifests to present static pods to the kubelet
136a795e5 docs: update system requirements to mention dedicated disk usage
879e8c0bf chore: update kernel with BTF support
ceb0cd99a feat: implement Talos API auth using SideroV1 signatures
e6fba7d3b chore: update dependencies
93e55b85f chore: bump golangci-lint to v1.50.0
aa3d9b4ca fix: regenerate cert on node labeling retry
021c73c35 fix: lowercase nodename
b902036e1 docs: update office hours time link
7fcb8c681 feat: update Flannel to v0.20.0
dc70d892a fix: support setting KubeSpan link MTU
7d52bad37 feat: update Linux to 5.15.73
9c78b3aff feat: update Kubernetes to v1.26.0-alpha.2
94913a672 docs: add lofty to talos adopters
0a0bdfe16 docs: add Tremor Video to adopters
b7b1d4fd6 feat: use readonly containers
d210338e3 fix: skip protobuf full unmarshaling for some talosctl commands
b3c679d18 chore: bump dependencies
993743f63 fix: skip hostname via DHCP on OpenStack platform
db076e7b5 feat: pin interface by mac address in cmdline args
63de93722 fix: update go-smbios to v0.3.1
49e9f808e chore: bump kernel and go
c7372144d docs: add constraints to upgrade docs
c71c8ca18 docs: consolidate, simplify and correct various docs
06f76bfeb chore: bump dependencies
b1c421b9a chore: publish ami's with imds v2 enabled
195c40ab5 docs: add information about applicable use cases of disk encryption
54a687fb8 docs: consolidate and expand on discovery service
139c62d76 feat: allow upgrades in maintenance mode (only over SideroLink)
48dee4805 feat: support mtu for routes
1c43c72ae docs: fix talos required kernel params
67cc45ae3 release(v1.3.0-alpha.0): prepare release
18c377a4d feat: customize audit policy
23c9ea46b fix: raspberry pi install
f17cdee16 feat: jsonpath filter for talosctl get outputs
6bd3cca1a chore: generic raspberry pi images
d914ab8bb chore: add vulncheck tool as a linter
a0151aa13 feat: add generic rpi u-boot support
30f851d09 chore: bump dependences
8b2235c3b fix: lookup Equinix Metal bond slaves using 'permanent addr'
b3257ebb1 chore: bump kernel to 5.15.70
0b2767c16 feat: implement 'permanent addr' in link statuses
c90e20251 fix: kubeconfig permission
fc48849d0 chore: move maps/slices/ordered to gen module
8b09bd4b0 feat: update Kubernetes to v1.26.0-alpha.1
276d4175b chore: bump extension versions in testing
357b770cb fix: cryptsetup delete slot
711128839 fix: continue applying bootstrap manifests on some errors
ce12c7b38 chore: update COSI runtime to v0.2.0-alpha.1
1b435c0b3 chore: bump kernel + ice drivers
18e041f1e docs: fix typo in patching example
0ad6452ca feat: update CoreDNS to v1.10.0
479f3f52e chore: bump dependencies
e07c6ae99 feat: update Kubernetes to v1.25.1
13fdfaffc test: fix up default branch name
ef181321a docs: add component diagram; K8s & Talos Linux
aade73643 docs: fix missing variable in OpenEBS docs
472590aa8 chore: return InvalidArgument on invalid config in maintenance mode
e5cabd42c feat: enable etcd consistency hashcheck
015535d90 fix: update discovery client with the redirect fix
d0c8e7699 chore: bump kernel and go
985b0c2e7 chore: remove go.work.sum
69124f102 feat: update etcd to v3.5.5
1985a796c docs: update docs for pod security
94b088f02 fix: set etcd options consistently
92ae7ef4b fix: fix protoenc encoding for enums and types with custom encoders
93809017c docs: cpu scaling governor knowledgebase
7b270ff33 test: fix api controller test
2dadcd669 fix: stop worker nodes from acting as apid routers
9eaf33f3f fix: never sign client certificate requests in trustd
436749124 feat: environment vars for extension service
0c0cb671e chore: mark machine configuration validation failure as InvalidArgument
f424e5340 fix: stop containers more thoroughly
12827b861 chore: move "implements" checks to compile time
3a67c42cb fix: kill the task processes when cleaning up stale task
14a79e325 chore: bump dependencies
9beee92e7 docs: fix double vv in Kubernetes version
688272515 fix: use different username for Talos Kubernetes API access
161a52a9e feat: check apid client certificate extended key usage
9dadc4a59 fix: include all node addresses into etcd cert SANs
71bfd3e43 feat: update CoreDNS to 1.9.4
9df8f1ff1 fix: list COSI APIs for the apid authenticator
31462450f fix: pass a pointer to specs.Mount into protoenc.Marshal
e626540df chore: avoid double API request logging in trustd
f62d17125 chore: update crypto to use new import path siderolabs/crypto
ef27dd855 chore: bump dependencies
6472ae00b fix: automatically discard VIPs for etcd advertised addresses
5e21cca52 feat: support setting kernel parameters
bd56621cd feat: add structprotogen tool
cdb6bb2cc feat: add Nano Pi R4S support
36c1f1d6e fix: flip the client-server version check
cd6c53a97 docs: fork docs for v1.3
0847400f7 fix: prevent panic on health check if a member has no IPs
7471d7f01 feat: update Flannel to v0.19.2
148c75cfb docs: consolidate the control-plane documentation
353154281 fix: drop kube-system SA default binding
4f37b668b chore: remove capi hacks
1369afea8 docs: make 1.2.0 docs default ones
7627cb0e3 docs: add new talosctl gen secrets
8aa60a37a chore: bump kernel to 5.15.64
a798dbd5d docs: update docs for upcoming 1.2.0 release
b2fec3c97 fix: properly handle configContext being nil in Talos client
1c0977b3a fix: change the type of returned gRPC connection object from the client
41848e421 fix: expose Talos client gRPC connection via the function Conn
2e9be4af8 chore: bump dependencies
d283aba3a test: fix cli reboot test
0b339a9dc feat: track progress of action API calls
072349812 fix: update COSI to the version with gRPC Wait fix
89d57aa81 fix: always abort the maintenance service
f6fa74619 fix: limit apid backoff max delay
d7ef346db fix: get command in the case 'nodes' are not set in the context
4e9c32256 fix: correctly render hosts.toml with multiple endpoints
cdd0f08bc feat: check client <> server version in some Talos commands
446b0af58 chore: bump kernel and runc
8c203ce9b feat: remove the machine from the discovery service on reset
b59ca5810 chore: move from inet.af/netaddr to net/netip and go4.org/netipx
053af1d59 fix: update etcd certificates when node addresses changes
11edb2c6f test: re-enable upgrade tests
0310e2089 chore: bump github.com/siderolabs/protoenc to v0.1.5
29bd63240 chore: remove old build tags syntax
b500d0aa9 chore: bump k8s to v1.25.0
29e574be7 docs: update to v1.2.0-beta.1
26b549f2a chore: bump dependencies
8c3ac4c42 chore: limit GOMAXPROCS for Talos services
361e85b74 fix: properly read kexec disabled sysctl
cfe6c2bc2 docs: nvidia oss drivers
2f2d97b6b fix: don't wait for the hostname in maintenance mode
b15a63924 chore: bump kernel to 5.15.62
a0d94be30 fix: stable default hostname bias
da4cd34ef feat: update etcd advertised peer addresses on the fly
faf92ce01 chore: bump kubernetes to v1.25.0-rc.1
52de919e3 chore: bump containerd to v1.6.8
7d43fc79b fix: make 'ca', 'crt' and 'key' flags optional for 'talosctl config add'
fd467e02c fix: handle grub config being empty in the Revert function
9492aca65 fix: clean up cancelCtxMu leftovers in PriorityLock
61e3eb2ea fix: talosctl edit mc loop
32db7a7f5 fix: surround cancelCtx with the mutex

Changes since v1.3.0-alpha.1

24 commits

9e44341c4 release(v1.3.0-alpha.2): prepare release
aa56aed79 feat: publish discovered public IP as one of the KubeSpan endpoint
9382443ba feat: update Kubernetes to v1.26.0-rc.0
6ffc381c5 feat: implement CRI configuration customization
e1e340bdd feat: expose Talos node labels as a machine configuration field
c78bbbfda docs: specify that only XFS partitions are detected
b881a9a79 chore: bump dependencies
5bfd7dbfa test: fix assertion on reboot test
1cfb6188b feat: implement support for cgroupsv1
3866d0e33 feat: update Kubernetes to v1.26.0-beta.0
e1590ba7b fix: lifecycle action tracking
804762c59 feat: add timeout to cli action tracking, track by default & refactor
4e114ca12 feat: use the etcd member id for etcd operations instead of hostname
06fea2441 feat: expand platform metadata resources
03a20da9d fix: filter up duplicate IPs out of NodeAddresses
6b771bc73 chore: bump deps
96aa9638f chore: rename talos-systems/talos to siderolabs/talos
30bbf6463 refactor: use siderolabs/net version with netip.Addr
343c55762 chore: replace talos-systems Go modules with siderolabs
0301bbe93 fix: check if processes is nil to avoid panic
08e7e49a2 test: update versions for upgrade tests
0b41923c3 fix: restore the StaticPodStatus resource
1947092ae chore: introduce a healthcheck for machined service
3333cd93c fix: generate correct Flannel config for IPv6-only clusters

Changes from siderolabs/crypto

27 commits

siderolabs/crypto@c3225ee feat: allow CSR template subject field to be overridden
siderolabs/crypto@8570669 chore: rename to siderolabs/crypto
siderolabs/crypto@e9df1b8 feat: add support for generating keys from RSA-SHA256 CAs
siderolabs/crypto@510b0d2 chore: add json tags
siderolabs/crypto@6fa2d93 fix: deepcopy nil fields as nil
siderolabs/crypto@9a63cba fix: add back support for generating ECDSA keys with P-256 and SHA512
siderolabs/crypto@893bc66 fix: use SHA256 for ECDSA-P256
siderolabs/crypto@deec8d4 chore: implement DeepCopy methods for PEMEncoded* types
siderolabs/crypto@d3cb772 feat: make possible to change KeyUsage
siderolabs/crypto@6bc5bb5 chore: remove unused argument
siderolabs/crypto@cd18ef6 feat: add support for several organizations
siderolabs/crypto@97c888b chore: add options to CSR
siderolabs/crypto@7776057 chore: fix typos
siderolabs/crypto@80df078 chore: remove named result parameters
siderolabs/crypto@15bdd28 chore: minor updates
siderolabs/crypto@4f80b97 fix: verify CSR signature before issuing a certificate
siderolabs/crypto@39584f1 feat: support for key/certificate types RSA, Ed25519, ECDSA
siderolabs/crypto@cf75519 fix: function NewKeyPair should create certificate with proper subject
siderolabs/crypto@751c95a feat: add 'PEMEncodedKey' which allows to transport keys in YAML
siderolabs/crypto@562c3b6 feat: add support for public RSA key in RSAKey
siderolabs/crypto@bda0e9c feat: enable more conversions between encoded and raw versions
siderolabs/crypto@e0dd56a feat: add NotBefore option for x509 cert creation
siderolabs/crypto@12a4897 feat: add support for SPKI fingerprint generation and matching
siderolabs/crypto@d0c3eef fix: implement NewKeyPair
siderolabs/crypto@196679e feat: move pkg/grpc/tls from github.com/talos-systems/talos as ./tls
siderolabs/crypto@1ff6242 chore: initial version as imported from talos-systems/talos
siderolabs/crypto@835063e chore: initial commit

Changes from siderolabs/discovery-api

3 commits

siderolabs/discovery-api@5b0c5e7 chore: rename to siderolabs, rekres, etc
siderolabs/discovery-api@db279ef feat: initial set of APIs and generated files
siderolabs/discovery-api@ac52a37 chore: initial commit

Changes from siderolabs/discovery-client

2 commits

siderolabs/discovery-client@a5c19c6 feat: provide public IP discovered from the server
siderolabs/discovery-client@230f317 fix: reconnect the client on update failure

Changes from siderolabs/extras

3 commits

siderolabs/extras@b155fa0 chore: enable renovate
siderolabs/extras@8f00d77 feat: update tc-redirect-tap to the latest version
siderolabs/extras@7c91844 chore: bump go to 1.19.2

Changes from siderolabs/gen

6 commits

siderolabs/gen@b3b6db8 fix: fix Copy documentation and implementation
siderolabs/gen@521f737 feat: add xerrors package which contains additions to the std errors
siderolabs/gen@726e066 fix: rename tuples.go to pair.go and set proper package name
siderolabs/gen@d8d7d25 chore: minor additions
siderolabs/gen@338a650 chore: add initial implementation and documentation
siderolabs/gen@4fd8667 Initial commit

Changes from siderolabs/go-blockdevice

56 commits

siderolabs/go-blockdevice@694ac62 chore: update imports to siderolabs, rekres
siderolabs/go-blockdevice@dcf6044 chore: rekres and rename
siderolabs/go-blockdevice@9c4af49 fix: cryptsetup remove slot
siderolabs/go-blockdevice@74ea471 feat: add freebsd stubs
siderolabs/go-blockdevice@9fa801c feat: add ReadOnly attribute to Disk
siderolabs/go-blockdevice@fccee8b chore: rekres the source, fix issues
siderolabs/go-blockdevice@d9c3a27 feat: support probing FAT12/FAT16 filesystems
siderolabs/go-blockdevice@b374eb4 fix: align partition to 1M boundary by default
siderolabs/go-blockdevice@ec428fe fix: lookup filesystem labels on the actual device path
siderolabs/go-blockdevice@7b9de26 feat: read symlink fullpath in block device list function
siderolabs/go-blockdevice@6928ee4 refactor: rewrite GPT serialize/deserialize functions
siderolabs/go-blockdevice@0c7e429 refactor: simplify middle endian functions
siderolabs/go-blockdevice@15b182d fix: return partition table not exist when trying to read an empty dev
siderolabs/go-blockdevice@b9517d5 fix: resize partition
siderolabs/go-blockdevice@70d2865 fix: try to find cdrom disks
siderolabs/go-blockdevice@667bf53 fix: revert gpt partition not found
siderolabs/go-blockdevice@d7d4cdd fix: gpt partition not found
siderolabs/go-blockdevice@33afba3 fix: also open in readonly mode when running All lookup method
siderolabs/go-blockdevice@e367f9d feat: make probe always open blockdevices in readonly mode
siderolabs/go-blockdevice@d981156 fix: allow Build for Windows
siderolabs/go-blockdevice@fe24303 fix: perform correct PMBR partition calculations
siderolabs/go-blockdevice@2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
siderolabs/go-blockdevice@87816a8 feat: align partition to minimum I/O size
siderolabs/go-blockdevice@c34b59f feat: expose more encryption options in the LUKS module
siderolabs/go-blockdevice@30c2bc3 feat: mark MBR bootable
siderolabs/go-blockdevice@1292574 fix: make disk type matcher parser case insensitive
siderolabs/go-blockdevice@b77400e fix: properly detect nvme and sd card disk types
siderolabs/go-blockdevice@1d830a2 fix: revert mark the EFI partition in PMBR as bootable
siderolabs/go-blockdevice@bec914f fix: mark the EFI partition in PMBR as bootable
siderolabs/go-blockdevice@776b37d feat: add options to probe disk by various sysblock parameters
siderolabs/go-blockdevice@bb3ad73 fix: align partition start to physical sector size
siderolabs/go-blockdevice@8f976c2 feat: replace exec.Command with go-cmd module
siderolabs/go-blockdevice@1cf7f25 fix: properly handle no child processes error from cmd.Wait
siderolabs/go-blockdevice@04a9851 feat: implement luks encryption provider
siderolabs/go-blockdevice@b0375e4 feat: add an option to open block device with exclusive flock
siderolabs/go-blockdevice@5a1c7f7 refactor: add devname into gpt.Partition, refactor probe package
siderolabs/go-blockdevice@f2728a5 fix: keep contents of PMBR when writing it
siderolabs/go-blockdevice@2878460 fix: write second copy of partition entries
siderolabs/go-blockdevice@943b08b fix: blockdevice reset should read partition table from disk
siderolabs/go-blockdevice@5b4ee44 fix: ignore /dev/ram devices
siderolabs/go-blockdevice@98754ec refactor: rewrite GPT library
siderolabs/go-blockdevice@2a1baad fix: correctly build paths for mmcblk devices
siderolabs/go-blockdevice@8076344 fix: return proper disk size from GetDisks function
siderolabs/go-blockdevice@8742133 chore: add common method to list available disks using /sys/block
siderolabs/go-blockdevice@c4b5833 feat: implement "fast" wipe
siderolabs/go-blockdevice@b4e67d7 feat: return resize status from Resize() function
siderolabs/go-blockdevice@ceae64e fix: sync kernel partition table incrementally
siderolabs/go-blockdevice@2cb9516 fix: return correct error value from blkpg functions
siderolabs/go-blockdevice@cebe43d refactor: expose InsertAt method via interface
siderolabs/go-blockdevice@c40dcd8 fix: properly inform kernel about partition deletion
siderolabs/go-blockdevice@bb8ac5d feat: implement disk wiping via several methods
siderolabs/go-blockdevice@23fb7dc feat: expose partition name (label)
siderolabs/go-blockdevice@ff3a821 feat: implement 'InsertAt' method to insert partitions at any position
siderolabs/go-blockdevice@3d1ce4f fix: calculate last lba of partition correctly
siderolabs/go-blockdevice@b71540f feat: copy initial version from talos-systems/talos
siderolabs/go-blockdevice@ca3c078 Initial commit

Changes from siderolabs/go-circular

2 commits

siderolabs/go-circular@507e0ec refactor: extract circular Go module
siderolabs/go-circular@2234b3a docs: add README

Changes from siderolabs/go-cmd

5 commits

siderolabs/go-cmd@0aea518 chore: rekres and update
siderolabs/go-cmd@68eb006 feat: return typed error for exit error
siderolabs/go-cmd@333ccf1 feat: add stdin support into the Run methods
siderolabs/go-cmd@c5c8f1c feat: extract cmd module from Talos into a separate module
siderolabs/go-cmd@77685fc Initial commit

Changes from siderolabs/go-debug

6 commits

siderolabs/go-debug@c1bc4bf chore: rekres, rename, etc
siderolabs/go-debug@3d0a6e1 feat: race build tag flag detector
siderolabs/go-debug@5b292e5 feat: disable memory profiling by default
siderolabs/go-debug@c6d0ae2 fix: linters and CI
siderolabs/go-debug@d969f95 feat: initial implementation
siderolabs/go-debug@b2044b7 Initial commit

Changes from siderolabs/go-kmsg

4 commits

siderolabs/go-kmsg@e2a0000 chore: rekres, rename
siderolabs/go-kmsg@b08e4d3 feat: replace tab character with space in console output
siderolabs/go-kmsg@2edcd3a feat: add initial version
siderolabs/go-kmsg@53cdd8d chore: initial commit

Changes from siderolabs/go-kubeconfig

2 commits

siderolabs/go-kubeconfig@e7fdd94 refactor: extract kubeconfig library as a Go module
siderolabs/go-kubeconfig@50e91b8 docs: add REAMDE

Changes from siderolabs/go-loadbalancer

12 commits

siderolabs/go-loadbalancer@f54e3c9 chore: update dependencies to siderolabs, rekres
siderolabs/go-loadbalancer@438b71d chore: update package path and rekres
siderolabs/go-loadbalancer@5341eec feat: implement public method to check if the route is Healthy
siderolabs/go-loadbalancer@b578d47 feat: add a way to configure loadbalancer options
siderolabs/go-loadbalancer@c54d95d feat: implement control plane loadbalancer
siderolabs/go-loadbalancer@4a6e29e refactor: clean up names, fix the lingering goroutines
siderolabs/go-loadbalancer@af87d1c chore: apply new Kres rules
siderolabs/go-loadbalancer@a445702 feat: allow dial timeout and keep alive period to be configurable
siderolabs/go-loadbalancer@3c8f347 feat: provide a way to configure logger for the loadbalancer
siderolabs/go-loadbalancer@da8e987 feat: implement Reconcile - ability to change upstream list on the fly
siderolabs/go-loadbalancer@8b1dfa6 feat: copy initial version from talos-systems/talos
siderolabs/go-loadbalancer@c2f6a8f Initial commit

Changes from siderolabs/go-procfs

10 commits

siderolabs/go-procfs@a062a4c chore: rekres, rename
siderolabs/go-procfs@8cbc42d feat: provide an option to overwrite some args in AppendAll
siderolabs/go-procfs@24d06a9 refactor: remove talos kernel default args
siderolabs/go-procfs@a82654e feat: implement SetAll method
siderolabs/go-procfs@16ce2ef fix: update cmdline.Set() to drop the value being overwritten
siderolabs/go-procfs@5a9a4a7 feat: update kernel args for new KSPP requirements
siderolabs/go-procfs@57c7311 refactor: change directory layout
siderolabs/go-procfs@a077c96 fix: fix go module name
siderolabs/go-procfs@698666f chore: move package to new repo
siderolabs/go-procfs@dabb425 Initial commit

Changes from siderolabs/go-retry

9 commits

siderolabs/go-retry@6d45449 chore: rekres, rename
siderolabs/go-retry@c78cc95 fix: implement errors.Is for all errors in the set
siderolabs/go-retry@7885e16 feat: add ExpectedErrorf
siderolabs/go-retry@3d83f61 feat: deprecate UnexpectedError
siderolabs/go-retry@b9dc1a9 feat: add support for context.Context in Retry
siderolabs/go-retry@8c63d29 fix: correctly implement error interfaces on wrapped errors
siderolabs/go-retry@752f081 feat: add an option to log errors being retried
siderolabs/go-retry@073067b feat: copy initial version from talos-systems/talos
siderolabs/go-retry@c7968c5 Initial commit

Changes from siderolabs/go-smbios

11 commits

siderolabs/go-smbios@10c1dd8 fix: check for end of the slice properly
siderolabs/go-smbios@9ca8ce7 chore: treat invalid strings as empty
siderolabs/go-smbios@dbc5f79 chore: rekres+rename
siderolabs/go-smbios@3f1e775 feat: rework destructuring of SMBIOS information and added some tests
siderolabs/go-smbios@fd5ec8c fix: remove useless (?) goroutines leading to data race error
siderolabs/go-smbios@d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6
siderolabs/go-smbios@fb425d4 feat: add memory device
siderolabs/go-smbios@0bb4f96 feat: add physical memory array
siderolabs/go-smbios@8019619 feat: supply wake-up type in SMBIOS info
siderolabs/go-smbios@94b8c4e feat: initial implementation
siderolabs/go-smbios@864ed80 Initial commit

Changes from siderolabs/go-tail

2 commits

siderolabs/go-tail@962ae43 refactor: extract go-tail module
siderolabs/go-tail@359c3cb docs: initial commit

Changes from siderolabs/grpc-proxy

51 commits

siderolabs/grpc-proxy@4cc7bbe chore: rename to siderolabs/grpc-proxy, rekres
siderolabs/grpc-proxy@2c586db feat: pass fullMethodName to GetConnection
siderolabs/grpc-proxy@6dfa2cc fix: ignore errors on duplicate SetHeader calls
siderolabs/grpc-proxy@b076302 fix: use io.EOF error when no backend connections are available
siderolabs/grpc-proxy@82daca0 docs: update README
siderolabs/grpc-proxy@fa6843a chore: fix spelling
siderolabs/grpc-proxy@c0a87d9 chore: major cleanup of the code and build
siderolabs/grpc-proxy@ca3bc61 fix: ignore some errors so that we don't spam the logs
siderolabs/grpc-proxy@5c579a7 feat: allow different formats for messages streaming/unary
siderolabs/grpc-proxy@6c9f7b3 fix: allow mode to be set for each request being proxied
siderolabs/grpc-proxy@cc91c09 refactor: provide better public API, enforce proxying mode
siderolabs/grpc-proxy@d8d3a75 chore: update import paths after repo move
siderolabs/grpc-proxy@dbf07a4 Merge pull request #7 from smira/one2many-4
siderolabs/grpc-proxy@fc0d27d More tests, small code fixes, updated README.
siderolabs/grpc-proxy@d9ce0b1 Merge pull request #6 from smira/one2many-3
siderolabs/grpc-proxy@2d37ba4 Support for one2many streaming calls, tests.
siderolabs/grpc-proxy@817b035 Merge pull request #5 from smira/one2many-2
siderolabs/grpc-proxy@436b338 More unary one-2-many tests, error propagation.
siderolabs/grpc-proxy@1f0cb46 Merge pull request #4 from smira/one2many-1
siderolabs/grpc-proxy@992a975 Proxying one to many: first iteration
siderolabs/grpc-proxy@a0988ff Merge pull request #3 from smira/small-fixups
siderolabs/grpc-proxy@e3111ef Small fixups in preparation to add one-to-many proxying.
siderolabs/grpc-proxy@6d76ffc Merge pull request #2 from smira/backend-concept
siderolabs/grpc-proxy@2aad63a Add concept of a 'Backend', but still one to one proxying
siderolabs/grpc-proxy@7cc4610 Merge pull request #1 from smira/build
siderolabs/grpc-proxy@37f01f3 Rework build to use GitHub Actions, linting updates.
siderolabs/grpc-proxy@0f1106e Move error checking further up (#34)
siderolabs/grpc-proxy@d5b35f6 Update gRPC and fix tests (#27)
siderolabs/grpc-proxy@67591eb Break StreamDirector interface, fix metadata propagation for gRPC-Go>1.5. (#20)
siderolabs/grpc-proxy@97396d9 Merge pull request #11 from mwitkow/fix-close-bug
siderolabs/grpc-proxy@3fcbd37 fixup closing conns
siderolabs/grpc-proxy@a8f5f87 fixup tests, extend readme
siderolabs/grpc-proxy@428fa1c Fix a channel closing bug
siderolabs/grpc-proxy@af55d61 Merge pull request #10 from mwitkow/bugfix/streaming-fix
siderolabs/grpc-proxy@de4d3db remove spurious printfs
siderolabs/grpc-proxy@84242c4 fix the "i don't know who finished" case
siderolabs/grpc-proxy@9b22f41 fix full duplex streaming
siderolabs/grpc-proxy@c2f7c98 update readme
siderolabs/grpc-proxy@d654141 update README
siderolabs/grpc-proxy@f457856 move to proxy subdirectory
siderolabs/grpc-proxy@4889d78 Add fixup scripts
siderolabs/grpc-proxy@ef60a37 version 2 of the grpc-proxy, this time with fewer grpc upstream deps
siderolabs/grpc-proxy@07aeac1 Merge pull request #2 from daniellowtw/master
siderolabs/grpc-proxy@e5c3df5 Fix compatibility with latest grpc library
siderolabs/grpc-proxy@52be0a5 bugfix: fix gRPC Java deadlock, due to different dispatch logic
siderolabs/grpc-proxy@822df7d Fix reference to mwitkow.
siderolabs/grpc-proxy@28341d1 move out forward logic to method, allowing for use as grpc.Server not found handler.
siderolabs/grpc-proxy@89e28b4 add reference to upstream grpc bug
siderolabs/grpc-proxy@00dd588 merge upstream grpc.Server changes changing the dispatch logic
siderolabs/grpc-proxy@77edc97 move to upstream protobuf from gogo
siderolabs/grpc-proxy@db71c3e initial commit, tested and working.

Changes from siderolabs/net

12 commits

siderolabs/net@19eb1c4 feat: switch to use netip.Addr instead of net.IP
siderolabs/net@5b21171 chore: rename, rekres
siderolabs/net@409926a fix: parse correctly some IPv6 CIDRs
siderolabs/net@b4b7181 feat: add a way to filter list of IPs for the machine
siderolabs/net@0abe5bd feat: implement FilterIPs function
siderolabs/net@0519054 feat: add ParseCIDR
siderolabs/net@52c7509 feat: add a function to format IPs in CIDR notation
siderolabs/net@005a94f feat: add methods to manage CIDR list, check for non-local IPv6
siderolabs/net@8b56890 feat: add ValidateEndpointURI
siderolabs/net@402fa79 chore: apply kres to get the latest build scripts
siderolabs/net@c7bc477 chore: initial version of the package
siderolabs/net@393246a chore: initial commit

Changes from siderolabs/pkgs

39 commits

siderolabs/pkgs@8b975a7 chore: bump deps
siderolabs/pkgs@b153ce6 chore: bump deps
siderolabs/pkgs@535b8f9 chore: update packages version
siderolabs/pkgs@66c77e9 feat: re-enable build kernel with BTF enabled
siderolabs/pkgs@98ef073 feat: enable INET_DIAG and FANOTFY_PERMISSIONS
siderolabs/pkgs@8fe5cbc chore: update dependencies
siderolabs/pkgs@554c0fe feat: add fanotify and kprobes kernel options
siderolabs/pkgs@54d7e5c fix: drbd package name
siderolabs/pkgs@b4cb9e2 feat: add 'drbd' package
siderolabs/pkgs@91e73b3 feat: update dependencies
siderolabs/pkgs@b6d0d96 chore: bump kernel to 5.15.72
siderolabs/pkgs@b16dfe9 chore: bump go to 1.19.2
siderolabs/pkgs@861cc32 chore: bump kernel to 5.15.71
siderolabs/pkgs@0ac7773 chore: use generic raspberry pi u-boot
siderolabs/pkgs@d5633d4 chore: bump kernel to 5.15.70
siderolabs/pkgs@39c0d43 feat: add generic rpi_arm64_defconfig configuration
siderolabs/pkgs@ed269ca chore: bump kernel to 5.15.69
siderolabs/pkgs@f2f8333 fix: no slack notifications on failure
siderolabs/pkgs@6f0af33 chore: disable drone slack pipeline for renovate
siderolabs/pkgs@32aea3f chore: disable drone for renovate/dependabot
siderolabs/pkgs@44579f0 fix: rollback xfsprogs to 5.18.0
siderolabs/pkgs@792c0e3 feat: add gasket driver package
siderolabs/pkgs@07f1898 chore: update deps
siderolabs/pkgs@f78f410 chore: enable conntrack zones and timestamps
siderolabs/pkgs@049b3c6 chore: enable intel ice drivers
siderolabs/pkgs@606ff32 chore: bump deps
siderolabs/pkgs@eee5c8a chore: disable irc in conntrack
siderolabs/pkgs@70e6c46 chore: bump kernel to 5.15.64
siderolabs/pkgs@e510321 chore: update renovate config
siderolabs/pkgs@d1fa510 feat: enable renovate bot
siderolabs/pkgs@e427a77 chore: bump runc to v1.1.4
siderolabs/pkgs@40e1215 chore: enable nfsv4.2 client support
siderolabs/pkgs@15efada chore: bump kernel to 5.15.63
siderolabs/pkgs@e70e3c1 fix: nvidia oss pkg name
siderolabs/pkgs@30b8d79 chore: bump kernel to 5.15.62
siderolabs/pkgs@862c392 chore: bump gcc to 12.2.0
siderolabs/pkgs@2ecd14e fix: containerd version
siderolabs/pkgs@01df058 feat: add NanoPi R4S configuration
siderolabs/pkgs@d4cb33b chore: bump containerd to v1.6.8

Changes from siderolabs/siderolink

19 commits

siderolabs/siderolink@575c5cc refactor: drop dependency on Talos machinery package
siderolabs/siderolink@61ab1c4 fix: include MachineStatusEvent into the list of supported events
siderolabs/siderolink@16a84eb chore: rename to siderolabs/siderolink
siderolabs/siderolink@ca470c7 chore: update Talos to the latest master, migrate netaddr -> netip/x
siderolabs/siderolink@93b65f0 fix: ignore 'exist' error on interface managmeent
siderolabs/siderolink@3c4d9e0 chore: move IP to interface binding into NewDevice
siderolabs/siderolink@f0b5e39 feat: use kernel wireguard implementation when available
siderolabs/siderolink@1d2b7e1 feat: allow setting peer endpoint using peer event
siderolabs/siderolink@5d085d6 feat: expose wgDevice.Peers from the wireguard.Device wrapper
siderolabs/siderolink@3a5be65 fix: use correct method to generate Wireguard private key
siderolabs/siderolink@8318a7e feat: accept join token in Provision payload
siderolabs/siderolink@b38c192 fix: build on Windows
siderolabs/siderolink@9902ad2 feat: pass request context and node address to the events sink adapter
siderolabs/siderolink@d0612a7 refactor: pass in listener to the log receiver
siderolabs/siderolink@d86cdd5 feat: implement logreceiver for kernel logs
siderolabs/siderolink@f7cadbc fix: handle duplicate peer updates
siderolabs/siderolink@0755b24 feat: initial implementation of SideroLink
siderolabs/siderolink@ee73ea9 feat: add Talos events sink proto files and the reference implementation
siderolabs/siderolink@1e2cd9d Initial commit

Changes from siderolabs/tools

22 commits

siderolabs/tools@e8f92b3 chore: bump tools
siderolabs/tools@3b5f89a chore: update dependencies
siderolabs/tools@6402b99 feat: update OpenSSL to 1.1.1r
siderolabs/tools@00e91b1 feat: update releases
siderolabs/tools@a264809 chore: bump go to 1.19.2
siderolabs/tools@858cfe7 fix: no slack notifications on failure
siderolabs/tools@ed85950 chore: disable drone slack pipeline for renovate
siderolabs/tools@5df6589 chore: disable drone for renovate/dependabot
siderolabs/tools@1f00d2e fix: revert gawk to 5.1.1
siderolabs/tools@feeda1f chore: bump grpc-go
siderolabs/tools@8542014 chore: bump deps
siderolabs/tools@e5c4968 chore: update renovate config
siderolabs/tools@f34f94d chore: update renovate config
siderolabs/tools@cef4cc6 chore: update renovate config
siderolabs/tools@bab8e9e chore: add libbpf to tools
siderolabs/tools@0a15f7b chore: build pahole properly
siderolabs/tools@a322d06 chore: remove img
siderolabs/tools@c7ff47b feat: enable renovate dependency updates (3/3)
siderolabs/tools@6e095cf feat: enable renovate dependency updates (2/n)
siderolabs/tools@bad1ad1 feat: add renovatebot
siderolabs/tools@7d6f9c3 chore: bump gcc to 12.2.0
siderolabs/tools@2719b4b chore: bump toolchain

Dependency Changes

cloud.google.com/go/compute/metadata v0.2.1 new
github.com/BurntSushi/toml v1.2.0 -> v1.2.1
github.com/aws/aws-sdk-go v1.44.76 -> v1.44.136
github.com/containerd/containerd v1.6.8 -> v1.6.9
github.com/cosi-project/runtime v0.1.1 -> v0.2.0-alpha.3
github.com/docker/docker v20.10.17 -> v20.10.21
github.com/emicklei/dot v1.0.0 -> v1.1.0
github.com/fsnotify/fsnotify v1.5.4 -> v1.6.0
github.com/gdamore/tcell/v2 v2.5.2 -> v2.5.3
github.com/google/go-cmp v0.5.8 -> v0.5.9
github.com/google/nftables 2eca00135732 -> 130caa4c31c9
github.com/hetznercloud/hcloud-go v1.35.2 -> v1.37.0
github.com/insomniacslk/dhcp 509691fd59ec -> 5308ebe5334c
github.com/jsimonetti/rtnetlink v1.2.2 -> v1.2.3
github.com/mdlayher/ethtool 856bd6cb8a38 -> 0e16326d06d1
github.com/mdlayher/genetlink v1.2.0 -> v1.3.0
github.com/mdlayher/netlink v1.6.0 -> v1.7.0
github.com/opencontainers/image-spec c5a74bcca799 -> v1.1.0-rc2
github.com/packethost/packngo v0.25.0 -> v0.29.0
github.com/pmorjan/kmod v1.0.0 -> v1.1.0
github.com/rivo/tview 0e6b21a48e96 -> 04a46906d2e9
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.9 -> v1.0.0-beta.10
github.com/siderolabs/crypto v0.4.0 new
github.com/siderolabs/discovery-api v0.1.1 new
github.com/siderolabs/discovery-client v0.1.1 -> v0.1.3
github.com/siderolabs/extras v1.2.0 -> v1.3.0-alpha.0-2-gb155fa0
github.com/siderolabs/gen v0.4.0 new
github.com/siderolabs/go-blockdevice v0.4.1 new
github.com/siderolabs/go-circular v0.1.0 new
github.com/siderolabs/go-cmd v0.1.1 new
github.com/siderolabs/go-debug v0.2.2 new
github.com/siderolabs/go-kmsg v0.1.2 new
github.com/siderolabs/go-kubeconfig v0.1.0 new
github.com/siderolabs/go-loadbalancer v0.2.1 new
github.com/siderolabs/go-procfs v0.1.1 new
github.com/siderolabs/go-retry v0.3.2 new
github.com/siderolabs/go-smbios v0.3.1 new
github.com/siderolabs/go-tail v0.1.0 new
github.com/siderolabs/grpc-proxy v0.4.0 new
github.com/siderolabs/net v0.4.0 new
github.com/siderolabs/pkgs v1.2.0-8-g970860d -> v1.3.0-alpha.0-38-g8b975a7
github.com/siderolabs/siderolink v0.3.0 new
github.com/siderolabs/talos/pkg/machinery v1.3.0-alpha.2 new
github.com/siderolabs/tools v1.2.0 -> v1.3.0-alpha.0-21-ge8f92b3
github.com/spf13/cobra v1.5.0 -> v1.6.1
github.com/stretchr/testify v1.8.0 -> v1.8.1
github.com/u-root/u-root v0.9.0 -> v0.10.0
github.com/vmware-tanzu/sonobuoy v0.56.9 -> v0.56.11
go.etcd.io/etcd/api/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/client/pkg/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/client/v3 v3.5.4 -> v3.5.5
go.etcd.io/etcd/etcdutl/v3 v3.5.4 -> v3.5.5
go.uber.org/atomic v1.9.0 -> v1.10.0
go.uber.org/zap v1.22.0 -> v1.23.0
go4.org/netipx 797b0c90d8ab new
golang.org/x/net 3211cb980234 -> v0.2.0
golang.org/x/sync 886fb9371eb4 -> v0.1.0
golang.org/x/sys fbc7d0a398ab -> v0.2.0
golang.org/x/term a9ba230a4035 -> v0.2.0
golang.org/x/time e5dcc9cfc0b9 -> v0.2.0
golang.zx2c4.com/wireguard/wgctrl 3d4a969bb56b -> 97bc4ad4a1cb
google.golang.org/grpc v1.48.0 -> v1.50.1
k8s.io/api v0.25.0 -> v0.26.0-beta.0
k8s.io/apimachinery v0.25.0 -> v0.26.0-beta.0
k8s.io/apiserver v0.25.0 -> v0.26.0-beta.0
k8s.io/client-go v0.25.0 -> v0.26.0-beta.0
k8s.io/component-base v0.25.0 -> v0.26.0-beta.0
k8s.io/cri-api v0.25.0 -> v0.26.0-beta.0
k8s.io/klog/v2 v2.70.1 -> v2.80.1
k8s.io/kubectl v0.25.0 -> v0.26.0-beta.0
k8s.io/kubelet v0.25.0 -> v0.26.0-beta.0
kernel.org/pub/linux/libs/security/libcap/cap v1.2.65 -> v1.2.66

Previous release can be found at v1.2.0

Images

ghcr.io/siderolabs/flannel:v0.20.1
ghcr.io/siderolabs/install-cni:v1.3.0-alpha.0-2-gb155fa0
docker.io/coredns/coredns:1.10.0
gcr.io/etcd-development/etcd:v3.5.5
k8s.gcr.io/kube-apiserver:v1.26.0-rc.0
k8s.gcr.io/kube-controller-manager:v1.26.0-rc.0
k8s.gcr.io/kube-scheduler:v1.26.0-rc.0
k8s.gcr.io/kube-proxy:v1.26.0-rc.0
ghcr.io/siderolabs/kubelet:v1.26.0-rc.0
ghcr.io/siderolabs/installer:v1.3.0-alpha.2
registry.k8s.io/pause:3.6