siderolabs/talos v1.9.2 on GitHub

Talos 1.9.2 (2025-01-16)

Welcome to the v1.9.2 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

auditd

Kernel parameter talos.auditd.disabled=1 can be used to disable Talos built-in auditd service.

kube-apiserver Authorization Config

When using .cluster.apiServer.authorizationConfig the user provided order for the authorizers is honoured and Node and RBAC authorizers are always added to the end if not explicitly specified.

Eg: If user provides only Webhook authorizer, the final order will be Webhook, Node, RBAC.

To provide a specific order for Node or RBAC explicitly, user can provide the authorizer in the order they want.

Eg:

cluster:
  apiServer:
    authorizationConfig:
      - type: Node
        name: Node
      - type: Webhook
        name: Webhook
        webhook:
          connectionInfo:
            type: InClusterConfig
        ...
      - type: RBAC
        name: rbac

Usage of authorization-mode CLI argument will not support this form of customization.

Component Updates

Linux: 6.12.9
runc: 1.2.4
containerd: 2.0.2

Talos is built with Go 1.23.4.

Contributors

Andrey Smirnov
Dmitry Sharshakov
L.J. Hanson
Noel Georgi
Skyler Mäntysaari
TomyLobo

Changes

18 commits

09758b3f6 release(v1.9.2): prepare release
207f86320 feat: update containerd to 2.0.2
582064d9c fix: add informer resync period for node status watcher
244fd6e43 feat: add a kernel parameter to disable built-in auditd
28327e001 fix: kube-apiserver authorizers order
ff9aa806a fix: a couple of imager panics/crashes
44e2cc91a feat: update Linux to 6.12.9
9fd295b5f fix: detect GPT before ZFS
7b59573de fix: extfs repair and resize
5f6bfe02a fix: merge of VolumeConfig documents with sizes
0c05e1cd3 feat: update Linux to 6.12.8
b61ab0a3d fix: partition alignment on disks with 4k sectors
c4a69d386 fix: yet another dashboard panic
dec3c6e5b fix: disable NRI plugin in a different way
dfb54c872 fix: request previous IP address in discovery
6b1fe3df3 fix: mount selinuxfs only when SELinux is enabled
5e893e1f5 fix: update field name for bus path disk selector
9219fc017 fix: exclude disks with empty transport for disk selector

Changes from siderolabs/pkgs

6 commits

siderolabs/pkgs@c1f06e5 feat: update containerd to v2.0.2
siderolabs/pkgs@ef38c38 feat: update Linux to 6.12.9
siderolabs/pkgs@a7487d6 fix: adjust kernel options around ACPI/PCI/EFI
siderolabs/pkgs@376259a feat: update Linux to 6.12.8
siderolabs/pkgs@8e435cd fix: update config-arm64 to add Rasperry Pi watchdog support
siderolabs/pkgs@daabb47 fix: dvb was missing I2C_MUX support and si2168 driver

Dependency Changes

github.com/siderolabs/go-blockdevice/v2 v2.0.9 -> v2.0.11
github.com/siderolabs/pkgs v1.9.0-15-g45c4ba4 -> v1.9.0-21-gc1f06e5
github.com/siderolabs/talos/pkg/machinery v1.9.1 -> v1.9.2

Previous release can be found at v1.9.1

Images

ghcr.io/siderolabs/flannel:v0.26.1
registry.k8s.io/coredns/coredns:v1.12.0
gcr.io/etcd-development/etcd:v3.5.17
registry.k8s.io/kube-apiserver:v1.32.0
registry.k8s.io/kube-controller-manager:v1.32.0
registry.k8s.io/kube-scheduler:v1.32.0
registry.k8s.io/kube-proxy:v1.32.0
ghcr.io/siderolabs/kubelet:v1.32.0
ghcr.io/siderolabs/installer:v1.9.2
registry.k8s.io/pause:3.10