github siderolabs/talos v1.8.0-alpha.2
on GitHub

latest releases: v1.8.0-beta.0, pkg/machinery/v1.8.0-beta.0
pre-release13 days ago

Talos 1.8.0-alpha.2 (2024-09-02)

Welcome to the v1.8.0-alpha.2 release of Talos!
This is a pre-release of Talos

Starting with Talos v1.8.0, only standard assets would be published as github release assets. These include:

  • cloud-images.json
  • talosctl binaries
  • kernel
  • initramfs
  • metal iso and disk images
  • talosctl-cni-bundle

All other release assets can be downloaded from Image Factory.

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Node Annotations

Talos Linux now supports configuring Kubernetes node annotations via machine configuration (.machine.nodeAnnotations) in a way similar to node labels.

Workload Apparmor Profile

Talos Linux can now apply the default AppArmor profiles to all workloads started via containerd, if the machine is installed with the AppArmor LSM enforced via the extraKernelArgs.

Eg: 

machine:
    install:
        extraKernelArgs:
            - security=apparmor

Bridge Interface

Talos Linux now support configuring 'vlan_filtering' for bridge interfaces.

CNI Plugins

Talos Linux now bundles by default the following standard CNI plugins:

  • bridge
  • firewall
  • flannel
  • host-local
  • loopback
  • portmap

The Talos bundled Flannel manifest was simplified to remove the install-cni step.

Diagnostics

Talos Linux now shows diagnostics information for common problems related to misconfiguration via talosctl health and Talos dashboard.

Extensions in Kubernetes Nodes

Talos Linux now publishes list of installed extensions as Kubernetes node labels/annotations.

The key format is extensions.talos.dev/<name> and the value is the extension version.
If the extension name is not valid as a label key, it will be skipped.
If the extension version is a valid label value, it will be put to the label; otherwise it will be put to the annotation.

For Talos machines booted of the Image Factory artifacts, this means that the schematic ID will be published as the annotation
extensions.talos.dev/schematic (as it is longer than 63 characters).

DNS Forwarding for CoreDNS pods

Usage of the host DNS resolver as upstream for Kubernetes CoreDNS pods is now enabled by default. You can disable it
with: 

machine:
  features:
    hostDNS:
      enabled: true
      forwardKubeDNSToHost: false

Please note that on running cluster you will have to kill CoreDNS pods for this change to apply.

The IP address used to forward DNS queries has changed to the fixed 169.254.116.108 address.
For those upgrading from Talos 1.7 with forwardKubeDNSToHost enabled, the old Kubernetes service
can be cleaned up with kubectl delete -n kube-system service host-dns.

Installer

Talos Linux installer now never wipes the system disk on upgrades, which means that the flag
--preserve is always set for talosctl upgrade.

talos.halt_if_installed kernel argument

Starting with Talos 1.8, ISO's generated from Boot Assets would have a new kernel argument talos.halt_if_installed which would pause the boot sequence until boot timeout if Talos is already installed on the disk.
ISO generated for pre 1.8 versions would not have this kernel argument.

This can be also explicitly enabled by setting talos.halt_if_installed=1 in kernel argument.

Slim Kubelet Image

Kubelet container image includes various utilities that kubelet might use to perform various tasks.

Starting with Kubernetes 1.31.0, kubelet image now includes less utilities, as the in-tree CSI plugins were
removed in Kubernetes 1.31.0. This reduces kubelet image size and potential attack surface.

For Kubernetes < 1.31.0, there will be two images built:

  • v1.x.y (default, fat)
  • v1.x.y-slim (slim)

For Kubernetes >= 1.31.0, there will be same two images built, but the
default tag would point to slim image:

  • v1.x.y (default, slim)
  • v1.x.y-fat (fat)

Default Node Labels

Talos Linux on config generation now adds a label node.kubernetes.io/exclude-from-external-load-balancers by default for the control plane nodes.

PCI Devices

A list of PCI devices can now be obtained via PCIDevices resource, e.g. talosctl get pcidevices.

Metal images

Starting with Talos 1.8, console=ttyS0 kernel argument is removed from the metal images and installer. If running virtualized in QEMU (For eg: Proxmox), this can be added as an extra kernel argument if needed via Image Factory or using Imager.

This should fix slow boot or no console output issues on most bare metal hardware.

NVIDIA GPU Support

Starting with Talos 1.8.0, SideroLabs would ships extensions for both LTS and Production versions of NVIDIA extensions.
For more details see the CHANGELOG of extensions.

Upgrades with an exisiting schematic id from Image Factory would keep the existing LTS version of the NVIDIA extension.

Platform Support

Talos Linux now supports Apache CloudStack platform.

kube-proxy

Talos Linux configures kube-proxy >= v1.31.0 to use 'nftables' backend by default.

Secure Boot

Talos Linux now can optionally include well-known UEFI (Microsoft) SecureBoot keys into the auto-enrollment UEFI database.

Custom Trusted Roots

Talos Linux now supports adding custom trusted roots (CA certificates) via TrustedRootsConfig configuration documents.

Device Extra Settle Timeout

Talos Linux now supports a kernel command line argument talos.device.settle_time=3m to set the device extra settle timeout to workaround issues with broken drivers.

Component Updates

Kubernetes: 1.31.0
Linux: 6.6.47
containerd: 2.0.0-rc.4
runc: 1.2.0-rc.2
etcd: 3.5.15
Flannel: 0.25.6
Flannel CNI plugin: 1.5.1
CoreDNS: 1.1.13

Talos is built with Go 1.22.6.

ZSTD Compression

Talos Linux now compresses kernel and initramfs using ZSTD.
Linux arm64 kernel is now compressed (previously it was uncompressed).

Contributors

  • Andrey Smirnov
  • Dmitriy Matrenichev
  • Noel Georgi
  • Utku Ozdemir
  • Artem Chernyshev
  • Dmitry Sharshakov
  • Justin Garrison
  • Spencer Smith
  • Steve Francis
  • Bernard Gütermann
  • Jean-Francois Roy
  • Konrad Eriksson
  • Serge Logvinov
  • doctor_ew
  • Amadeus Mader
  • Andrew Rynhard
  • Anthony ARNAUD
  • Attila Oláh
  • Birger J. Nordølum
  • Caleb Woodbine
  • Claus Albøge
  • Daniel Höxtermann
  • David Birks
  • Dean
  • Dennis Marttinen
  • Eddie Zaneski
  • Enrique Hernández Bello
  • EricMa
  • Evan Johnson
  • Fabian Topfstedt
  • Fredrik Lundhag
  • George Gaál
  • Grzegorz Rozniecki
  • Grzegorz Rożniecki
  • Igor Rzegocki
  • Josia Scheytt
  • Judah Rand
  • Marcel Richter
  • Marco Franssen
  • Marcus Förster
  • Matthias Riegler
  • Matthieu Mottet
  • Maxime Brunet
  • Michael Trip
  • Mike Beaumont
  • Nick Meyer
  • Nicklas Frahm
  • Ole-Magnus Sæther
  • Roman Ivanov
  • Ron Olson
  • Saravanan G
  • Simon-Boyer
  • Skyler Mäntysaari
  • Steve Fan
  • Steve Martinelli
  • Steven Fackler
  • Syoc
  • Tim Jones
  • USBAkimbo
  • Will Bush
  • cryptk
  • darox
  • dhaines-quera
  • leppeK
  • looklose

Changes

280 commits

  • ec3844c46 release(v1.8.0-alpha.2): prepare release
  • 6f7c3a8e5 fix: build of talosctl on non-Linux arches
  • f0a59cec7 release(v1.8.0-alpha.2): prepare release
  • c8aed3be4 fix: correctly add console args for ttyS0
  • b453385bd feat: support volume configuration, provisioning, etc
  • b6b16b35f chore: pause sequencer when talos installed and iso booted
  • eade0a9f2 chore: bring in uio modules
  • 81f9fcd9c fix: report errors correctly when pulling, fix EEXIST
  • b309e87b4 docs: fix invalid input in field user_data
  • c7474877a docs: kubeProxyReplacement from "disabled" to "false"
  • be2ebf6b4 chore: bump dependencies
  • 88601bff4 chore: drop calico from interactive installer
  • 106c17d0b chore: aarch64 qemu local secureboot support
  • da6263506 feat: update Flannel to v0.25.6
  • 19a44c2b0 chore: drop console ttyS0 argument
  • 75cecb421 feat: add Apache Cloudstack support
  • 951cf66fd feat: add Cisco fnic driver
  • 2d3bc94bf fix(ci): fix broken tests
  • a9551b7ca fix: host DNS access with firewall enabled
  • 4834a61a8 feat: report SELinux labels
  • 8fe39eacb chore: move csi tests as go test
  • e4f8cb854 fix: merge extension service config files by mountPath
  • 5ba1df469 chore: add java package to protos
  • 823480800 fix: add missing host/nvme-rdma
  • 5b4b64979 fix: bump go-smbios for broken SMIOS tables
  • f57d1f07e fix: add NVMe target kernel modules
  • 5ff6cf82c fix: drop /opt mount for containers/tink
  • 3c0db34d8 docs: update kubespan docs
  • 3041d9075 fix: always handle PermissionDenied in dashboard resource watches
  • 36f83eea9 chore: make qemu check flag consistent with code
  • fe52cb074 chore: update protoc-gen-doc
  • ee4290f68 fix: bind HostDNS to 169.254.x link-local address
  • c312a46f6 chore: restructure k8s component health checks
  • e193e7db9 docs: fix incorrect path for openebs in documentation
  • beadbac21 docs: update Oracle Cloud Talos custom image docs
  • 6f969e364 chore: improve cluster create UX on aarch64
  • 45cc8688a chore: replace if blocks with min/max functions
  • a5bd770bf fix: retry with another upstream if the previous failed
  • 82e19f38a docs: add high-level overlay development guide
  • 872599c9a chore: drop image assets from release
  • 3c36c41a9 feat: provide device extra settle timeout
  • 9e348ef35 feat: update Kubernetes to 1.31.0
  • 61a1c946b feat: bundle (some) CNI plugins with Talos core
  • 091da163b chore: support arm64 kexec from zboot kernel images
  • 73511c1ef chore: fix release notes
  • 2bf924c7b feat: update ISO VolumeID with Talos version
  • 9a33dce10 docs: fix the VMWare docs
  • 12562c2d5 docs: fix talos version in vmware.sh
  • ee67da14c feat: scaleway routed ip
  • eba5dafb9 fix: add dns-resolve-cache to the support bundle
  • d4f8100bd docs: fix default openebs folder
  • 60e163d54 docs: fix typo in doc
  • 98d9abdd0 chore(ci): fix cilium ci tests
  • beb9602e3 chore: bump github.com/docker/docker to v27.1.1+incompatible
  • 0698a4921 docs: aws getting started re-write
  • 4d7d7a589 chore(ci): update nvidia integration tests
  • 60e901c1d chore: document slim kubelet image
  • 622d66a98 chore: bump deps
  • f9f5e0ef5 chore: fix k8s tests
  • 2ac8d2274 chore: support unsupported flag for mkfs
  • 9b9159d1e docs: update support matrix for nvidia drivers
  • 9d3415850 fix: fix graph diffs in dashboard when node aliases are used
  • 9a126d70e chore: generate deepcopy for SecureBootAssets type
  • dff56d824 chore: remove arch-specific etcd image tag
  • c9f1dece5 feat: update Kubernetes to 1.31.0-rc.1
  • 49831c56f docs: replace removed Cilium/kubeProxyReplacement value
  • 33a316369 docs: update aws.md for loop
  • e02bd2093 feat: update Kubernetes to 1.31.0-rc.0
  • 64914b086 chore: add test for crun extension
  • 7a1c62b8b feat: publish installed extensions as node labels/annotations
  • 3f2058aba fix: update containerd configuration and settings
  • 81bd20f5a docs: remove deprecated jiva from openebs instructions
  • 480ffb88a docs: fix the amd64 PXE boot script URL
  • 20fe34dbd docs: fix docker getting started typo
  • 0fd7dfd2a docs: update Equinix Guide
  • 3d1474ac0 feat: update CoreDNS to 1.1.3
  • 50e5f37ef chore: add test for apparmor
  • 96492c097 docs: extend multus configuration for Cilium
  • 19aa44c54 fix: generate kubeconfig using proper types
  • 240104e45 feat: update Linux to 6.6.43
  • 32db8db60 chore: lock microsoft secureboot certs
  • 3ce5492f8 feat: runc memfd-bind service
  • 341b55cd3 docs: update vmware.sh
  • 117628aa6 chore: add test for gvisor extension with platform kvm
  • fd01571c4 feat: update Linux, enable Broadcom MPI3 driver
  • b333ec07d feat: update etcd to 3.5.15, Flannel to 0.25.5
  • 087290178 feat: use ethtool ioctl to get link status when netlink api not available
  • 395c64290 docs: update openebs-jiva helm repo
  • f132d3f40 chore(ci): remove artifacts directory prefix for checksums
  • fd54dc191 feat(talosctl): append microsoft secure boot certs
  • fd6ddd11e feat: provide POD_IP env var to scheduler and controller-manager
  • 407347a7a feat: update Kubernetes to 1.31.0-beta.0
  • 1b8c9ccbb fix: enforce secureboot enroll option only for supported releases
  • d52b89cb9 chore: ensure tls required on s3 buckets
  • c288ace7b fix: be more smart when merging DNS resolver config
  • d983e4430 fix: panic on shutdown
  • 01404edff chore: reduce memory requirement for contrplane nodes
  • 980f9ebc0 fix: fix log format in cluster provisioning
  • ea626a963 feat: add label 'exclude-from-external-load-balancers' for cp nodes
  • 1cf76cfbc docs: fix talosctl spelling
  • b07338f54 feat: provide machine config document to update trusted CA roots
  • f14c4795e fix: sort ports and merge adjacent ones in the nft rule
  • cf5effabb feat: provide an option to enforce SecureBoot for TPM enrollment
  • 736c1485e fix: change the UEFI firmware search path order
  • a727a1d97 chore: make using action tracker easier
  • 0aebeff35 docs: add missing backslashes
  • 398151e64 fix: remove host bind mount for /tmp for trustd
  • ce4c404e1 chore: redo FilterMessages as generic function
  • fbde9c556 chore: bump deps
  • 3bab15214 feat: update Kubernetes to 1.31.0-alpha.3
  • c2a5213ee docs: add note about mayastor nvme_tcp init container check
  • dad9c40c7 chore: simplify code
  • 963612bcc chore: redo EncodeString and EncodeBytes using buffer interface
  • d9db360ab fix: properly output multi-doc machine config in get mc
  • 31af6b3f8 chore: fix the release step to include CNI bundle
  • d7cd46643 chore: fix the push/tag steps
  • c9aeeca3d chore: fix the Makefile
  • 48cdbe0de release(v1.8.0-alpha.1): prepare release
  • 2512ef435 test: fix the integrtion tests for apply-config
  • 076f3c4f2 chore: improve link spec controller code
  • 0454130ad feat: suppress controller runtime first N failures on the console
  • 3d35e5468 chore: update hydrophone library
  • 1f28726d4 chore: support version with and without v prefix
  • 9a56b8527 chore(ci): fix parallel runs of tf pipelines
  • be35f380c chore: update pkgs/tools/extras
  • 93df23444 docs: update opengraph image for main landing pages
  • d9d62d4da feat: update Linux to 6.6.36
  • 6b0fe5b8c docs: update deploying cilium docs for v1.7 and v1.8
  • 52611a90d feat: update Kubernetes to v1.30.2
  • c19cc4ccb docs: clarify direct access needed to nodes in insecure mode
  • b4c871e4b chore: bump dependencies
  • cc345c8c9 feat: add support for configuring vlan filtering on the bridge
  • 2d054ad35 chore: handle documents diff in apply-config dry run
  • bd34f71f3 feat: add apparmor pkg
  • 71857fd4d docs: fix typo: messure -> measure
  • f75f16b0a chore(ci): fix cluster name generation
  • c603d2bf9 chore: output more info when ExecuteCommandInPod fails
  • 4b5a7445e docs: fix missing Akamai platform in supported matrix
  • 4701498a1 chore(ci): run e2e-aws-nvidia with zfs extension enabled
  • 86a3222ae chore: use new disks api for iscsi tests
  • 5ffc3f14b feat: show siderolink status on dashboard
  • 6f6a5d105 chore: upgrade to rtnetlink/v2 library
  • 1fb8453c2 chore: update Go modules
  • 8e15621e8 chore(ci): add conformance pipelines
  • 7fcb521a6 feat: use hydrophone instead of sonobuoy
  • d1a0c1f98 test: fix the integration test for no META name
  • 535006334 chore: fix our dns server implementation
  • c6f90d014 chore: replace sync.Map with concurrent.HashTrieMap
  • e8ced2c2d chore: drop k8s timeout in the default kubeconfig
  • 7cbdce73f fix: detect CD devices, fix user disks wipe test
  • aca475c66 chore: small usability fixes
  • 26cf566dc chore: bump our coredns fork
  • 5e66e117e fix: initial assignment of Hetzner Cloud Alias IP
  • f07b79f4a feat: provide disk detection based on new blockdevices
  • 8ee087268 chore(ci): drop crashdump, save logs as artifacts
  • 7c9a14383 fix: volume discovery improvements
  • 80ca8ff71 fix: update the cgroups for Talos core services
  • fe317f1e1 docs: fix typo in QEMU guest agent support on Proxmox
  • 8dbe2128a feat: implement Talos diagnostics
  • 357d7754f fix: clean up VM runners on cluster destroy
  • 41f92e0ba chore: update Go to 1.22.4, other updates
  • 4621e9bb7 chore: add stale and lock issue workflows
  • 82d9cd322 fix: add upgrade errata for arm64/zboot kernels
  • 9a23d846c fix: downgrade Azure IMDS required version
  • 30860210c test: fix hardware test not to require PCI devices
  • 9fcc9b841 feat: update Flannel to v0.25.3
  • 9d395b9de chore: use bun instead of npm
  • a1684bdf8 chore: speed up go generate for enumer
  • 4dd0aa712 feat: implement PCI device bus enumeration
  • b0466e0ab fix: disable kexec on GCP/Azure
  • 911c25574 chore: fix go.work resolution
  • 2f088ede0 docs: add another example for installing cilium
  • 3967e0777 feat: update etcd to 3.5.14
  • 3367ded9f fix: correct time adjustment in time.SyncController
  • 893e64fcb fix: replace nslookup with dig in integration tests
  • 0359c8537 chore: unify toml packages being used
  • 4feb94ca0 feat: add multidoc check to the Talos quirks module
  • 0b4a9777f docs: update talosctl install instructions for 1.8
  • da8305ffb test: add a test for watchdog timers
  • da7f27640 fix: mount tracefs filesystem
  • 7b37e5b63 chore(ci): fix integration extensions
  • de7553d77 fix(ci): cron jobs
  • eb510d9fd chore: require enabled bootloader for docker provisioner
  • a9cf9b789 fix: correctly handle dns messages in our dns implementation
  • c2b19dcb9 chore: move to containerd 2.0 API
  • 92a274e9a fix: workaround problems with udevd races
  • 31b24ea3d chore(ci): split integration misc
  • 8a1371337 fix: produce stable order of bonds with equinix
  • 6406193f4 test: add Equnix Metal sample metadata with two bonds
  • 01ea82053 fix: time sync over NTP from future era
  • 5aea42427 fix(ci): fix crons by setting up buildx always
  • 84706c3e2 docs: default to brew docs for talosctl
  • fcd65ff65 feat: enable forwardKubeDNSToHost by default
  • 2e64e9e4e fix: require accepted CAs on worker nodes
  • 23c1c4560 fix(ci): fix crons fby rekres
  • 2d50392c5 feat: update containerd to 2.0.0-rc.2, runc to 1.2.0-rc.1
  • a12e4bb24 chore(ci): fix github action crons
  • e7bd9cd2b fix: decrease maximum negative ttl for dns responses
  • 9c3ebad9f chore(ci): kresify gh actions
  • ff60f6fde refactor: make some of the extensions package public
  • ce8c86d64 fix: panic in osroot controller
  • e1711cd3c chore: stop using containerd package for cri namespace
  • d4307043f fix: update go-tail library to fix 'short read' error
  • 7cd13ef4a docs: add documentation on using Multus with Talos
  • 4784da3ef feat: use new circular buffer compressed chunks feature
  • 78b48eb3a feat: include EDAC drivers
  • 0bf2d69fb feat: update Kubernetes to 1.30.1
  • 53f548913 fix: increase host dns packet ttl for pods
  • dedb6d360 fix: update github.com/siderolabs/siderolink to v0.3.7
  • 43939f1a6 docs: fix typos, add docker socket info
  • 6663068bb chore: update project in GCP testing
  • b86edc677 chore: update office hours in talos repo
  • cfa25d22d chore: remove docs prior to 1.0 from website navigation
  • 120705459 chore: handle I/O error for xfs_repair
  • b7afe2669 feat: update Linux 6.6.30
  • 26519ceed docs: update proxmox.md
  • 851b91a0e fix: don't enable hostDNS for versions of Talos which do not have it
  • 42ac5cd0c fix: check for nil machine config during installation
  • 1d29111d4 chore: update Go to 1.22.3
  • f4d7b9d9a feat: gather plaform dns names
  • 0b0f9995a docs: add resource information, some grammar fixes
  • 763dae250 fix: add cluster name to the worker machine config
  • 4aac5b4ec feat: mount /sys/kernel/security into kubelet
  • 817f18153 docs: remove mention of enabling KubePrism after v1.6
  • c08d79732 docs: fix the variable name typo
  • 478b862b4 fix: do not fail cli action tracker when boot id cannot be read
  • be510f9eb docs: fix grpc_tunnel value to true
  • b7b8a8d8f docs: add logs example for the certificate errors troubleshooting
  • 8df5b85ec release(v1.8.0-alpha.0): prepare release
  • 07f78182c fix: use a fresh context for etcd unlock
  • 84cd7dbec feat: update Linux to 6.6.29
  • 70fdca6a4 chore: update minimum hardware requirement for vmware ova
  • b690ffeb8 test: improve DNS resolver test stability
  • 5aa0299b6 style: use correct capitalization for openstack
  • 4c0c626b7 feat: use zstd compression in place of xz
  • 98906ed6e fix: use reboot delay only in case of error
  • 05fd042bb test: improve the reset integration tests
  • 8cdf0f7cb docs: fix typo in Cilium instructions
  • dd1d279da fix: allow more flags in talosctl cluster create --input-dir
  • ef4394e58 chore: update kernel and other packages
  • ccdb4c8b1 chore: update google.golang.org/grpc to 1.63.2
  • c5b59df69 fix: wait for devices to be discovered before probing filesystems
  • 0821b9c50 feat: add --non-masquerade-cidrs flag to talosctl cluster create
  • 2bf613ad3 fix: add endpoints for "virtual" host-dns service
  • f4163aefe fix: bump priority of OpenStack routes if IPv6 and default gateway
  • 6fbd1263c feat: report process MAC labels
  • d46032821 fix: return proper value from Bridge.STP instead of plain nil
  • bac1d00c3 chore: prepare for Talos 1.8
  • d6c8067e1 docs: make 1.7 docs the default
  • d7c3a0735 docs: add what's new for v1.7
  • 908f67fa1 feat: add host dns support for resolving member addrs
  • 0d20b637d feat: update Kubernetes to 1.30.0
  • ec69d7a78 chore: replace math/rand with math/rand/v2
  • 89040ce43 chore: update go-blockdevice/v2 library to the latest version
  • 0a785802e fix: overlay installer operations
  • b1b63f658 fix: mark overlay installer executable
  • 3433fa13b feat: use container DNS when in container mode
  • 5d07ac5a7 fix: close apid inter-backend connections gracefully for real
  • 7ba18555b docs: fix typos in Akamai and AWS platform docs
  • 3dd1f4e88 chore: extract pkg/imager/quirks to pkg/machinery
  • 78bc3a433 docs: update Cilium docs
  • 831f3d39e feat: update Flannel to v0.25.1
  • ea5b3ff0c feat: update Kubernetes to v1.30.0-rc.2
  • 54dac5ed4 feat: update Linux 6.6.24, containerd 1.7.15
  • c51f146da docs: update Akamai platform docs
  • 9550f5ff7 docs: fix getAuthenticationMethod and completePathFromNode docs
  • bfbd02abf fix: assign different priority to IPv6 default gateway on OpenStack
  • c8f674bd3 test: add a test for 'spin' container runtime
  • 5390ccd48 chore: replace []byte with string and use go:embed for templates
  • ba7cdc8c8 chore: optimize DNSResolveCacheController
  • 145f24063 fix: don't modify a global map of profiles
  • 6fe91ad9c feat: provide Kubernets/Talos version compatibility for 1.8
  • 909a5800e fix: generate secureboot ISO .der certificate correctly
  • b0fdc3c8c fix: make static pods check output consistent
  • c6ad0fcce fix: validate that workers don't get cluster CA key
  • 3735add87 fix: reconnect to the logs stream in dashboard after reboot
  • 9aa1e1b79 fix: present all accepted CAs to the kube-apiserver
  • 336e61174 fix: close the apid connection to other machines gracefully
  • ff2c427b0 fix: pre-create nftables chain to make kubelet use nftables
  • 5622f0e45 docs: change localDNS to hostDNS in release notes yaml section

Changes since v1.8.0-alpha.1

114 commits

  • ec3844c46 release(v1.8.0-alpha.2): prepare release
  • 6f7c3a8e5 fix: build of talosctl on non-Linux arches
  • f0a59cec7 release(v1.8.0-alpha.2): prepare release
  • c8aed3be4 fix: correctly add console args for ttyS0
  • b453385bd feat: support volume configuration, provisioning, etc
  • b6b16b35f chore: pause sequencer when talos installed and iso booted
  • eade0a9f2 chore: bring in uio modules
  • 81f9fcd9c fix: report errors correctly when pulling, fix EEXIST
  • b309e87b4 docs: fix invalid input in field user_data
  • c7474877a docs: kubeProxyReplacement from "disabled" to "false"
  • be2ebf6b4 chore: bump dependencies
  • 88601bff4 chore: drop calico from interactive installer
  • 106c17d0b chore: aarch64 qemu local secureboot support
  • da6263506 feat: update Flannel to v0.25.6
  • 19a44c2b0 chore: drop console ttyS0 argument
  • 75cecb421 feat: add Apache Cloudstack support
  • 951cf66fd feat: add Cisco fnic driver
  • 2d3bc94bf fix(ci): fix broken tests
  • a9551b7ca fix: host DNS access with firewall enabled
  • 4834a61a8 feat: report SELinux labels
  • 8fe39eacb chore: move csi tests as go test
  • e4f8cb854 fix: merge extension service config files by mountPath
  • 5ba1df469 chore: add java package to protos
  • 823480800 fix: add missing host/nvme-rdma
  • 5b4b64979 fix: bump go-smbios for broken SMIOS tables
  • f57d1f07e fix: add NVMe target kernel modules
  • 5ff6cf82c fix: drop /opt mount for containers/tink
  • 3c0db34d8 docs: update kubespan docs
  • 3041d9075 fix: always handle PermissionDenied in dashboard resource watches
  • 36f83eea9 chore: make qemu check flag consistent with code
  • fe52cb074 chore: update protoc-gen-doc
  • ee4290f68 fix: bind HostDNS to 169.254.x link-local address
  • c312a46f6 chore: restructure k8s component health checks
  • e193e7db9 docs: fix incorrect path for openebs in documentation
  • beadbac21 docs: update Oracle Cloud Talos custom image docs
  • 6f969e364 chore: improve cluster create UX on aarch64
  • 45cc8688a chore: replace if blocks with min/max functions
  • a5bd770bf fix: retry with another upstream if the previous failed
  • 82e19f38a docs: add high-level overlay development guide
  • 872599c9a chore: drop image assets from release
  • 3c36c41a9 feat: provide device extra settle timeout
  • 9e348ef35 feat: update Kubernetes to 1.31.0
  • 61a1c946b feat: bundle (some) CNI plugins with Talos core
  • 091da163b chore: support arm64 kexec from zboot kernel images
  • 73511c1ef chore: fix release notes
  • 2bf924c7b feat: update ISO VolumeID with Talos version
  • 9a33dce10 docs: fix the VMWare docs
  • 12562c2d5 docs: fix talos version in vmware.sh
  • ee67da14c feat: scaleway routed ip
  • eba5dafb9 fix: add dns-resolve-cache to the support bundle
  • d4f8100bd docs: fix default openebs folder
  • 60e163d54 docs: fix typo in doc
  • 98d9abdd0 chore(ci): fix cilium ci tests
  • beb9602e3 chore: bump github.com/docker/docker to v27.1.1+incompatible
  • 0698a4921 docs: aws getting started re-write
  • 4d7d7a589 chore(ci): update nvidia integration tests
  • 60e901c1d chore: document slim kubelet image
  • 622d66a98 chore: bump deps
  • f9f5e0ef5 chore: fix k8s tests
  • 2ac8d2274 chore: support unsupported flag for mkfs
  • 9b9159d1e docs: update support matrix for nvidia drivers
  • 9d3415850 fix: fix graph diffs in dashboard when node aliases are used
  • 9a126d70e chore: generate deepcopy for SecureBootAssets type
  • dff56d824 chore: remove arch-specific etcd image tag
  • c9f1dece5 feat: update Kubernetes to 1.31.0-rc.1
  • 49831c56f docs: replace removed Cilium/kubeProxyReplacement value
  • 33a316369 docs: update aws.md for loop
  • e02bd2093 feat: update Kubernetes to 1.31.0-rc.0
  • 64914b086 chore: add test for crun extension
  • 7a1c62b8b feat: publish installed extensions as node labels/annotations
  • 3f2058aba fix: update containerd configuration and settings
  • 81bd20f5a docs: remove deprecated jiva from openebs instructions
  • 480ffb88a docs: fix the amd64 PXE boot script URL
  • 20fe34dbd docs: fix docker getting started typo
  • 0fd7dfd2a docs: update Equinix Guide
  • 3d1474ac0 feat: update CoreDNS to 1.1.3
  • 50e5f37ef chore: add test for apparmor
  • 96492c097 docs: extend multus configuration for Cilium
  • 19aa44c54 fix: generate kubeconfig using proper types
  • 240104e45 feat: update Linux to 6.6.43
  • 32db8db60 chore: lock microsoft secureboot certs
  • 3ce5492f8 feat: runc memfd-bind service
  • 341b55cd3 docs: update vmware.sh
  • 117628aa6 chore: add test for gvisor extension with platform kvm
  • fd01571c4 feat: update Linux, enable Broadcom MPI3 driver
  • b333ec07d feat: update etcd to 3.5.15, Flannel to 0.25.5
  • 087290178 feat: use ethtool ioctl to get link status when netlink api not available
  • 395c64290 docs: update openebs-jiva helm repo
  • f132d3f40 chore(ci): remove artifacts directory prefix for checksums
  • fd54dc191 feat(talosctl): append microsoft secure boot certs
  • fd6ddd11e feat: provide POD_IP env var to scheduler and controller-manager
  • 407347a7a feat: update Kubernetes to 1.31.0-beta.0
  • 1b8c9ccbb fix: enforce secureboot enroll option only for supported releases
  • d52b89cb9 chore: ensure tls required on s3 buckets
  • c288ace7b fix: be more smart when merging DNS resolver config
  • d983e4430 fix: panic on shutdown
  • 01404edff chore: reduce memory requirement for contrplane nodes
  • 980f9ebc0 fix: fix log format in cluster provisioning
  • ea626a963 feat: add label 'exclude-from-external-load-balancers' for cp nodes
  • 1cf76cfbc docs: fix talosctl spelling
  • b07338f54 feat: provide machine config document to update trusted CA roots
  • f14c4795e fix: sort ports and merge adjacent ones in the nft rule
  • cf5effabb feat: provide an option to enforce SecureBoot for TPM enrollment
  • 736c1485e fix: change the UEFI firmware search path order
  • a727a1d97 chore: make using action tracker easier
  • 0aebeff35 docs: add missing backslashes
  • 398151e64 fix: remove host bind mount for /tmp for trustd
  • ce4c404e1 chore: redo FilterMessages as generic function
  • fbde9c556 chore: bump deps
  • 3bab15214 feat: update Kubernetes to 1.31.0-alpha.3
  • c2a5213ee docs: add note about mayastor nvme_tcp init container check
  • dad9c40c7 chore: simplify code
  • 963612bcc chore: redo EncodeString and EncodeBytes using buffer interface
  • d9db360ab fix: properly output multi-doc machine config in get mc

Changes from siderolabs/discovery-client

2 commits

Changes from siderolabs/extras

7 commits

Changes from siderolabs/gen

2 commits

Changes from siderolabs/go-api-signature

3 commits

Changes from siderolabs/go-circular

3 commits

Changes from siderolabs/go-debug

1 commit

Changes from siderolabs/go-kubernetes

2 commits

Changes from siderolabs/go-loadbalancer

1 commit

Changes from siderolabs/go-pcidb

1 commit

Changes from siderolabs/go-smbios

2 commits

Changes from siderolabs/go-tail

1 commit

Changes from siderolabs/go-talos-support

3 commits

Changes from siderolabs/grpc-proxy

5 commits

Changes from siderolabs/pkgs

56 commits

Changes from siderolabs/protoenc

19 commits

Changes from siderolabs/siderolink

4 commits

Changes from siderolabs/tools

14 commits

Dependency Changes

  • cloud.google.com/go/compute/metadata v0.2.3 -> v0.5.0
  • github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 -> v1.13.0
  • github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 -> v1.7.0
  • github.com/aws/aws-sdk-go-v2/config v1.27.10 -> v1.27.31
  • github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 -> v1.16.12
  • github.com/aws/aws-sdk-go-v2/service/kms v1.30.1 -> v1.35.5
  • github.com/aws/smithy-go v1.20.2 -> v1.20.4
  • github.com/beevik/ntp v1.3.1 -> v1.4.3
  • github.com/containerd/containerd/api v1.8.0-rc.3 new
  • github.com/containerd/containerd/v2 v2.0.0-rc.4 new
  • github.com/containerd/errdefs v0.1.0 new
  • github.com/containerd/platforms v0.2.1 new
  • github.com/containerd/typeurl/v2 v2.1.1 -> v2.2.0
  • github.com/containernetworking/cni v1.1.2 -> v1.2.3
  • github.com/containernetworking/plugins v1.4.1 -> v1.5.1
  • github.com/coreos/go-iptables v0.7.0 -> v0.8.0
  • github.com/cosi-project/runtime v0.4.1 -> v0.5.5
  • github.com/docker/docker v26.0.0 -> v27.2.0
  • github.com/fatih/color v1.16.0 -> v1.17.0
  • github.com/foxboron/go-uefi 48be911532c2 -> e2076f0e58ca
  • github.com/google/go-containerregistry v0.19.1 -> v0.20.2
  • github.com/google/go-tpm ee6cbcd136f8 -> v0.9.1
  • github.com/hashicorp/go-getter/v2 v2.2.1 -> v2.2.3
  • github.com/hetznercloud/hcloud-go/v2 v2.7.0 -> v2.13.1
  • github.com/insomniacslk/dhcp c728f5dd21c8 -> a3a4c1f04475
  • github.com/jsimonetti/rtnetlink/v2 v2.0.2 new
  • github.com/klauspost/compress v1.17.9 new
  • github.com/klauspost/cpuid/v2 v2.2.7 -> v2.2.8
  • github.com/miekg/dns v1.1.58 -> v1.1.62
  • github.com/opencontainers/runc v1.2.0-rc.2 new
  • github.com/pelletier/go-toml/v2 v2.2.3 new
  • github.com/pkg/xattr v0.4.10 new
  • github.com/prometheus/procfs v0.13.0 -> v0.15.1
  • github.com/rivo/tview a22293bda944 -> fd649dbf1223
  • github.com/rs/xid v1.5.0 -> v1.6.0
  • github.com/safchain/ethtool v0.3.0 -> v0.4.1
  • github.com/scaleway/scaleway-sdk-go v1.0.0-beta.25 -> v1.0.0-beta.29
  • github.com/siderolabs/discovery-client v0.1.8 -> v0.1.9
  • github.com/siderolabs/extras v1.7.0-1-gbb76755 -> v1.8.0-alpha.0-6-g43a2821
  • github.com/siderolabs/gen v0.4.8 -> v0.5.0
  • github.com/siderolabs/go-api-signature v0.3.2 -> v0.3.5
  • github.com/siderolabs/go-blockdevice/v2 3265299b0192 -> v2.0.1
  • github.com/siderolabs/go-circular v0.1.0 -> v0.2.0
  • github.com/siderolabs/go-debug v0.3.0 -> v0.4.0
  • github.com/siderolabs/go-kubernetes v0.2.9 -> v0.2.11
  • github.com/siderolabs/go-loadbalancer v0.3.3 -> v0.3.4
  • github.com/siderolabs/go-pcidb v0.2.0 -> v0.3.0
  • github.com/siderolabs/go-smbios v0.3.2 -> v0.3.3
  • github.com/siderolabs/go-tail v0.1.0 -> v0.1.1
  • github.com/siderolabs/go-talos-support v0.1.0 -> v0.1.1
  • github.com/siderolabs/grpc-proxy v0.4.0 -> v0.4.1
  • github.com/siderolabs/pkgs v1.7.0-6-g29106c0 -> v1.8.0-alpha.0-54-g4ce5bc6
  • github.com/siderolabs/protoenc v0.2.1 new
  • github.com/siderolabs/siderolink v0.3.5 -> v0.3.9
  • github.com/siderolabs/talos/pkg/machinery v1.7.0 -> v1.8.0-alpha.2
  • github.com/siderolabs/tools v1.7.0-1-g10b2a69 -> v1.8.0
  • github.com/spf13/cobra v1.8.0 -> v1.8.1
  • github.com/vishvananda/netlink v1.2.1-beta.2 -> v1.3.0
  • go.etcd.io/etcd/api/v3 v3.5.13 -> v3.5.15
  • go.etcd.io/etcd/client/pkg/v3 v3.5.13 -> v3.5.15
  • go.etcd.io/etcd/client/v3 v3.5.13 -> v3.5.15
  • go.etcd.io/etcd/etcdutl/v3 v3.5.13 -> v3.5.15
  • golang.org/x/net v0.23.0 -> v0.28.0
  • golang.org/x/oauth2 v0.18.0 -> v0.22.0
  • golang.org/x/sync v0.6.0 -> v0.8.0
  • golang.org/x/sys v0.18.0 -> v0.24.0
  • golang.org/x/term v0.18.0 -> v0.23.0
  • golang.org/x/text v0.14.0 -> v0.17.0
  • golang.org/x/time v0.5.0 -> v0.6.0
  • google.golang.org/grpc v1.62.1 -> v1.66.0
  • google.golang.org/protobuf v1.33.0 -> v1.34.2
  • k8s.io/api v0.30.0 -> v0.31.0
  • k8s.io/apimachinery v0.30.0 -> v0.31.0
  • k8s.io/apiserver v0.30.0 -> v0.31.0
  • k8s.io/client-go v0.30.0 -> v0.31.0
  • k8s.io/component-base v0.30.0 -> v0.31.0
  • k8s.io/cri-api v0.30.0 -> v0.32.0-alpha.0
  • k8s.io/klog/v2 v2.120.1 -> v2.130.1
  • k8s.io/kube-scheduler v0.30.0 -> v0.31.0
  • k8s.io/kubectl v0.30.0 -> v0.31.0
  • k8s.io/kubelet v0.30.0 -> v0.31.0
  • k8s.io/pod-security-admission v0.30.0 -> v0.31.0
  • kernel.org/pub/linux/libs/security/libcap/cap v1.2.69 -> v1.2.70
  • sigs.k8s.io/hydrophone b92baf7e0b04 new

Previous release can be found at v1.7.0

Images

ghcr.io/siderolabs/flannel:v0.25.6
registry.k8s.io/coredns/coredns:v1.11.3
gcr.io/etcd-development/etcd:v3.5.15
registry.k8s.io/kube-apiserver:v1.31.0
registry.k8s.io/kube-controller-manager:v1.31.0
registry.k8s.io/kube-scheduler:v1.31.0
registry.k8s.io/kube-proxy:v1.31.0
ghcr.io/siderolabs/kubelet:v1.31.0
ghcr.io/siderolabs/installer:v1.8.0-alpha.2
registry.k8s.io/pause:3.9
Check out latest releases or
releases around siderolabs/talos v1.8.0-alpha.2

Don't miss a new talos release

NewReleases is sending notifications on new releases.

Get notifications