siderolabs/talos v1.7.0-alpha.0 on GitHub

Talos 1.7.0-alpha.0 (2024-02-01)

Welcome to the v1.7.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Device Selectors

Talos Linux now supports physical: true qualifier for device selectors, it selects non-virtual network interfaces (i.e. en0 is selected, while bond0 is not).

DNS Caching

Talos Linux now provides a caching DNS resolver for host workloads (including host networking pods). It can be disabled with:

machine:
   features:
       localDNS: false

Known Problems

ZFS and DRBD extensions are disabled in this release due to incompatibility with the latest Linux kernel.

Kubernetes API Server Service Account Key

Talos Linux starting from this release uses RSA key for Kubernetes API Server Service Account instead of ECDSA key to provide better compatibility with external OpenID Connect implementations.

Component Updates

Linux: 6.6.14
etcd: 3.5.11
Kubernetes: 1.29.1
containerd: 1.7.13
runc: 1.1.12
Flannel: 0.24.1

Talos is built with Go 1.21.6.

Contributors

Andrey Smirnov
Dmitriy Matrenichev
Utku Ozdemir
Noel Georgi
Andrey Smirnov
Radosław Piliszek
Artem Chernyshev
Spencer Smith
Steve Francis
Anthony ARNAUD
Cas de Reuver
Christian Mohn
Drew Hess
ExtraClock
Hervé Werner
JJGadgets
Jacob McSwain
Jonomir
Sebastian Gaiser
Serge Logvinov
Tim Jones
edwinavalos
stereobutter

Changes

82 commits

029d7f7b9 release(v1.7.0-alpha.0): prepare release
2ff81c06b feat: update runc 1.1.12, containerd 1.7.13
9d8cd4d05 chore: drop deprecated method EtcdRemoveMember
17567f19b fix: take into account the moment seen when cleaning up CRI images
aa03204b8 docs: document the process of building custom kernel packages
7af48bd55 feat: use RSA key for kube-apiserver service account key
a5e13c696 fix: retry blockdevice open in the installer
593afeea3 fix: run the interactive installer loop to report errors
87be76b87 fix: be more tolerant to error handling in Mounts API
03add7503 docs: add section on using imager with extensions from tarball
ee0fb5eff docs: consolidate certificate management articles
9c14dea20 chore: bump coredns
ebeef2852 feat: implement local caching dns server
4a3691a27 docs: fix broken links in metal-network-configuration.md
c4ed189a6 docs: provide sane defaults for each release series in vmware script
8138d54c6 docs: clarify node taints/labels for worker nodes
b44551ccd feat: update Linux to 6.6.13
385707c5f docs: update vmware.sh
d1a79b845 docs: fix small typo in etcd maintenance guide
cf0603330 docs: copy generated JSON schema to host
f11139c22 docs: document local path provisioner install
e0dfbb8fb fix: allow META encoded values to be compressed
d677901b6 feat: implement device selector for 'physical'
7d1117289 docs: add missing talosconfig flag
8a1732bcb fix: pull in mptspi driver
c1e45071f refactor: use etcd configuration from the EtcdSpec resource
4e9b688d3 fix: use correct TTL for talosconfig in talosctl config new
fb5ad0555 feat: update Kubernetes default to 1.29.1
fe24139f3 docs: fork docs for v1.7
1c2d10ccc chore: bump dependencies
a599e3867 chore: allow custom registry to build installer/imager
3911ddf7b docs: add how-to for cert management
b0ee0bfba fix: strategic patch merging for audit policy
474eccdc4 fix: watch bufer overrun for RouteStatus
cc06b5d7a fix: fix .der output in talosctl gen secureboot
1dbb4abf4 fix: update discovery service client to v0.1.6
9782319c3 fix: support KubePrism settings in Kubernetes Discovery
6c5a0c281 feat: generate a single JSON schema for multidoc config
f70b47ddd fix: force KubePrism to connect using IPv4
d5321e085 fix: update kmsg with utf-8 fix
7fa7362dd fix: fix nodes on dashboard footer when node names are used in --nodes
ba88678f1 fix: merge ports and ingress configs correctly in NetworkRuleConfig
dea9bda2d fix: disk UUID & WWID always empty in talosctl disks
8dc112f36 chore: pull in NBD modules
f6926faab fix: default priority for ipv6
e8758dcba chore: support http downloads for assets in talosctl cluster create
265f21be0 fix: replace the filemap implementation to not buffer in memory
8db3c5b3c fix: pick correctly base installer image layers
0a30ef784 fix: imager should support different Talos versions
d6342cda5 docs: update latest version to v1.6.1
e6e422b92 chore: bump dependencies
5a19d078a fix: properly overwrite files on install
9eb6cea78 docs: secureboot sd-boot menu clarification
01f0cbe61 feat: support iPXE direct booting in talosctl cluster create
3ba84701d feat: pull in kernel modules for mlx Infiniband and VFIO
ba993e0ed docs: announce that SecureBoot is available
241bc9312 fix: update the way secureboot signer fetches certificate (azure)
59b62398f chore: modernize machined/pkg/controllers/k8s
760f793d5 fix: use correct prefix when installing SBC files
0b94550c4 chore: fix the gvisor test
3a787c1d6 docs: update 1.6 docs with Noel's feedback
d803e40ef docs: provide documentation for Talos 1.6
9a185a30f feat: update Kubernetes to v1.29.0
5934815d2 chore: split more kernel modules on amd64
10c59a6b9 fix: leave discovery service later in the reset sequence
0c86ca1cc chore: enable kubespan+firewall for cilium tests
98fd722d5 feat: provide compatibility for future Talos 1.7
131a1b167 fix: add a KubeSpan option to disable extra endpoint harvesting
4547ad9af feat: send actor id to the SideroLink events sink
04e774547 docs: cap max heading level
6bb1e99aa chore: optimize pcap dump
4f9d3b975 feat: update Kubernetes to v1.29.0-rc.2
46121c9fe docs: rework machine config documentation generation
e128d3c82 fix: talosctl cluster create not to enforce kubeprism always
320064c5a feat: update Go 1.21.5, Linux 6.1.65, etcd 3.5.11
270604bea fix: support user disks via symlinks
4f195dd27 chore: fix the release.toml
474fa0480 fix: store and execute desired action on emergency action
515ae2a18 docs: extend hetzner-cloud docs for arm64
eecc4dbd5 fix: trim leading spaces\newlines in inline manifest contents
dbf274ddf fix: skip writing the file if the contents haven't changed
6329222bd fix: do not panic in merge.Merge if map value is nil

Changes from siderolabs/discovery-client

1 commit

siderolabs/discovery-client@ff8f4be fix: enable gRPC keepalives

Changes from siderolabs/extras

1 commit

siderolabs/extras@8909d6f chore: update Go to 1.21.5

Changes from siderolabs/go-api-signature

20 commits

siderolabs/go-api-signature@370cebf fix: always print the login URL on key renew flow
siderolabs/go-api-signature@d28609a feat: move in the cli grpc interceptor logic, support service account in env
siderolabs/go-api-signature@4602acc chore: add a dummy workflow
siderolabs/go-api-signature@cfd21b6 fix: support validating signatures generated with the time in the future
siderolabs/go-api-signature@74dd3dc chore: bump deps
siderolabs/go-api-signature@d78bedb chore: bump deps
siderolabs/go-api-signature@a034e9f feat: replace scopes with roles
siderolabs/go-api-signature@5b4f3bb chore: run rekres
siderolabs/go-api-signature@9dba116 chore: remove time.Sleep hack
siderolabs/go-api-signature@e84e686 chore: bump dependencies
siderolabs/go-api-signature@8baaf8a chore: bump deps
siderolabs/go-api-signature@5f27e1e chore: add renovate bot and bump deps
siderolabs/go-api-signature@69886dc feat: allow custom validations on PGP key
siderolabs/go-api-signature@63d4da3 fix: limit clock skew for short-lived keys
siderolabs/go-api-signature@cdb9722 feat: add support for +-5 min clock skew
siderolabs/go-api-signature@7b80a50 refactor: use options pattern in RegisterPGPPublicKey
siderolabs/go-api-signature@c647861 feat: add scopes to RegisterPublicKeyRequest
siderolabs/go-api-signature@5d3647e feat: provide more client PGP functions
siderolabs/go-api-signature@2b682ec feat: initial version
siderolabs/go-api-signature@a4c2943 chore: initial commit

Changes from siderolabs/go-kmsg

2 commits

siderolabs/go-kmsg@e358d13 fix: decode escape sequences while reading from kmsg
siderolabs/go-kmsg@4297bd5 feat: add BSD support

Changes from siderolabs/pkgs

21 commits

siderolabs/pkgs@96cc841 chore: bump deps
siderolabs/pkgs@064fd58 feat: update Linux to 6.6.14, enable XDP
siderolabs/pkgs@efbbd23 feat: update Linux to 6.6.13
siderolabs/pkgs@dfb5026 chore: switch to git ref for raspberrypi firmware
siderolabs/pkgs@4af2d0f feat: update Linux to 6.1.74
siderolabs/pkgs@2358efe fix: enable FUSION_SPI driver
siderolabs/pkgs@f376a53 chore: bump dependencies
siderolabs/pkgs@583e519 feat: add v4l usb video class (webcam) drivers
siderolabs/pkgs@2d3ca68 feat: enable NBD
siderolabs/pkgs@f647edd feat: update Linux to 6.1.69
siderolabs/pkgs@6af1691 feat: enable VFIO also on amd64
siderolabs/pkgs@d633cd6 feat: enable modules for mlx infiniband
siderolabs/pkgs@4c59641 fix: zfs module build
siderolabs/pkgs@e325097 feat: enable nct6683 sensors as module
siderolabs/pkgs@d6185ec feat: enable IRQ remapping on amd64
siderolabs/pkgs@814dc60 feat: update containerd to 1.7.11
siderolabs/pkgs@dd71790 chore: rekres to fix 'failed' build on main
siderolabs/pkgs@a36dec4 feat: split more device drivers into modules
siderolabs/pkgs@97270a2 feat: update Linux to 6.1.67
siderolabs/pkgs@8a73907 feat: update Go to 1.21.5
siderolabs/pkgs@8f0ffb9 feat: update zfs to v2.2.2

Changes from siderolabs/tools

6 commits

siderolabs/tools@f4b41d1 fix: rust toolchain
siderolabs/tools@8cc79e6 feat: update dependencies
siderolabs/tools@c7076eb chore: bump dependencies
siderolabs/tools@a80a2aa feat: update Go to 1.21.6
siderolabs/tools@b677a2b feat: add rust build stage
siderolabs/tools@1659d82 feat: update Go to 1.21.5

Dependency Changes

github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0 -> v1.9.1
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 -> v1.5.1
github.com/aws/aws-sdk-go-v2/config v1.25.6 -> v1.26.6
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.5 -> v1.14.11
github.com/aws/smithy-go v1.17.0 -> v1.19.0
github.com/beevik/ntp v1.3.0 -> v1.3.1
github.com/containerd/cgroups/v3 v3.0.2 -> v3.0.3
github.com/containerd/containerd v1.7.9 -> v1.7.13
github.com/containernetworking/plugins v1.3.0 -> v1.4.0
github.com/coredns/coredns v1.11.1 new
github.com/cosi-project/runtime v0.3.19 -> v0.3.20
github.com/docker/docker v24.0.7 -> v25.0.2
github.com/docker/go-connections v0.4.0 -> v0.5.0
github.com/emicklei/dot v1.6.0 -> v1.6.1
github.com/foxboron/go-uefi 18b9ba9cd4c3 -> 48be911532c2
github.com/gdamore/tcell/v2 v2.6.0 -> v2.7.0
github.com/google/go-containerregistry v0.16.1 -> v0.19.0
github.com/google/go-tpm v0.9.0 -> ee6cbcd136f8
github.com/google/uuid v1.4.0 -> v1.6.0
github.com/hetznercloud/hcloud-go/v2 v2.4.0 -> v2.6.0
github.com/insomniacslk/dhcp b0416c0f187a -> 15c9b8791914
github.com/jsimonetti/rtnetlink v1.4.0 -> v1.4.1
github.com/miekg/dns v1.1.58 new
github.com/opencontainers/image-spec v1.1.0-rc4 -> v1.1.0-rc6
github.com/opencontainers/runtime-spec v1.1.0-rc.1 -> v1.1.0
github.com/packethost/packngo v0.30.0 -> v0.31.0
github.com/pin/tftp 2f79be2dba4e new
github.com/pmorjan/kmod v1.1.0 -> v1.1.1
github.com/rivo/tview 33a1d271f2b6 -> 8526c9fe1b54
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.21 -> v1.0.0-beta.22
github.com/siderolabs/discovery-client v0.1.5 -> v0.1.6
github.com/siderolabs/extras v1.6.0-1-g113887a -> v1.7.0-alpha.0
github.com/siderolabs/go-api-signature v0.3.1 new
github.com/siderolabs/go-kmsg v0.1.3 -> v0.1.4
github.com/siderolabs/pkgs v1.6.0-5-g3ae2450 -> v1.7.0-alpha.0-19-g96cc841
github.com/siderolabs/talos/pkg/machinery v1.6.0 -> v1.7.0-alpha.0
github.com/siderolabs/tools v1.6.0-1-g336d248 -> v1.7.0-alpha.0-5-gf4b41d1
github.com/u-root/u-root v0.11.0 -> v0.12.0
go.etcd.io/etcd/api/v3 v3.5.11 -> v3.5.12
go.etcd.io/etcd/client/pkg/v3 v3.5.11 -> v3.5.12
go.etcd.io/etcd/client/v3 v3.5.11 -> v3.5.12
go.etcd.io/etcd/etcdutl/v3 v3.5.11 -> v3.5.12
go4.org/netipx 6213f710f925 -> fdeea329fbba
golang.org/x/net v0.19.0 -> v0.20.0
golang.org/x/oauth2 v0.15.0 -> v0.16.0
golang.org/x/sync v0.5.0 -> v0.6.0
golang.org/x/sys v0.15.0 -> v0.16.0
golang.org/x/term v0.15.0 -> v0.16.0
google.golang.org/grpc v1.59.0 -> v1.61.0
google.golang.org/protobuf v1.31.0 -> v1.32.0
k8s.io/api v0.29.0 -> v0.29.1
k8s.io/apimachinery v0.29.0 -> v0.29.1
k8s.io/apiserver v0.29.0 -> v0.29.1
k8s.io/client-go v0.29.0 -> v0.29.1
k8s.io/component-base v0.29.0 -> v0.29.1
k8s.io/cri-api v0.29.0 -> v0.29.1
k8s.io/klog/v2 v2.110.1 -> v2.120.1
k8s.io/kube-scheduler v0.29.0 -> v0.29.1
k8s.io/kubectl v0.29.0 -> v0.29.1
k8s.io/kubelet v0.29.0 -> v0.29.1

Previous release can be found at v1.6.0

Images

ghcr.io/siderolabs/flannel:v0.24.1
ghcr.io/siderolabs/install-cni:v1.7.0-alpha.0
registry.k8s.io/coredns/coredns:v1.11.1
gcr.io/etcd-development/etcd:v3.5.12
registry.k8s.io/kube-apiserver:v1.29.1
registry.k8s.io/kube-controller-manager:v1.29.1
registry.k8s.io/kube-scheduler:v1.29.1
registry.k8s.io/kube-proxy:v1.29.1
ghcr.io/siderolabs/kubelet:v1.29.1
ghcr.io/siderolabs/installer:v1.7.0-alpha.0
registry.k8s.io/pause:3.8