alt-orchestra/talos
1
0
Fork 0
Code Issues Pull Requests Actions 29 Packages Projects Releases Wiki Activity

release(v1.7.0-alpha.0): prepare release

Browse Source 
This is the official v1.7.0-alpha.0 release.

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This commit is contained in:
Andrey Smirnov 2024-02-01 21:32:53 +04:00
parent 2ff81c06bc
commit 029d7f7b9b
No known key found for this signature in database
GPG Key ID: FE042E3D4085A811
13 changed files with 658 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.conform.yaml
View File

@ -34,7 +34,7 @@ policies:
- talosctl
- kernel
- security
- ^v1.6
- ^v1.7
- type: license
spec:
skipPaths:

320
CHANGELOG.md
View File

@ -1,3 +1,323 @@
## [Talos 1.7.0-alpha.0](https://github.com/siderolabs/talos/releases/tag/v1.7.0-alpha.0) (2024-02-01)
Welcome to the v1.7.0-alpha.0 release of Talos!
*This is a pre-release of Talos*
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
### Device Selectors
Talos Linux now supports `physical: true` qualifier for device selectors, it selects non-virtual network interfaces (i.e. `en0` is selected, while `bond0` is not).
### DNS Caching
Talos Linux now provides a caching DNS resolver for host workloads (including host networking pods). It can be disabled with:
```yaml
machine:
features:
localDNS: false
```
### Known Problems
ZFS and DRBD extensions are disabled in this release due to incompatibility with the latest Linux kernel.
### Kubernetes API Server Service Account Key
Talos Linux starting from this release uses RSA key for Kubernetes API Server Service Account instead of ECDSA key to provide better compatibility with external OpenID Connect implementations.
### Component Updates
Linux: 6.6.14
etcd: 3.5.11
Kubernetes: 1.29.1
containerd: 1.7.13
runc: 1.1.12
Flannel: 0.24.1
Talos is built with Go 1.21.6.
### Contributors
* Andrey Smirnov
* Dmitriy Matrenichev
* Utku Ozdemir
* Noel Georgi
* Andrey Smirnov
* Radosław Piliszek
* Artem Chernyshev
* Spencer Smith
* Steve Francis
* Anthony ARNAUD
* Cas de Reuver
* Christian Mohn
* Drew Hess
* ExtraClock
* Hervé Werner
* JJGadgets
* Jacob McSwain
* Jonomir
* Sebastian Gaiser
* Serge Logvinov
* Tim Jones
* edwinavalos
* stereobutter
### Changes
<details><summary>81 commits</summary>
<p>
* [`2ff81c06b`](https://github.com/siderolabs/talos/commit/2ff81c06bc1123af2fa7286fff15d9de0b8a868a) feat: update runc 1.1.12, containerd 1.7.13
* [`9d8cd4d05`](https://github.com/siderolabs/talos/commit/9d8cd4d058e73d30e4864e67377cf55390467725) chore: drop deprecated method EtcdRemoveMember
* [`17567f19b`](https://github.com/siderolabs/talos/commit/17567f19be39eeaf0d9a9aa3cd773b73d537814a) fix: take into account the moment seen when cleaning up CRI images
* [`aa03204b8`](https://github.com/siderolabs/talos/commit/aa03204b864d8d8ac5a7ee4986a06230863043fb) docs: document the process of building custom kernel packages
* [`7af48bd55`](https://github.com/siderolabs/talos/commit/7af48bd5598e61357cdb9b31dd57de6479b1ce7c) feat: use RSA key for kube-apiserver service account key
* [`a5e13c696`](https://github.com/siderolabs/talos/commit/a5e13c696d1e1cb8e894a4133791c74470687553) fix: retry blockdevice open in the installer
* [`593afeea3`](https://github.com/siderolabs/talos/commit/593afeea38a75de01041e3126cb0ad3443f6e1a1) fix: run the interactive installer loop to report errors
* [`87be76b87`](https://github.com/siderolabs/talos/commit/87be76b8788d179058be14c53e1092054b08c5dd) fix: be more tolerant to error handling in Mounts API
* [`03add7503`](https://github.com/siderolabs/talos/commit/03add750309dcdeb7c2b87cd72da29a3e228e56e) docs: add section on using imager with extensions from tarball
* [`ee0fb5eff`](https://github.com/siderolabs/talos/commit/ee0fb5effce82fec99860b5910e0fb6e5147b49b) docs: consolidate certificate management articles
* [`9c14dea20`](https://github.com/siderolabs/talos/commit/9c14dea209bba69b471fd43eb2e8ba05de3ff549) chore: bump coredns
* [`ebeef2852`](https://github.com/siderolabs/talos/commit/ebeef28525f71189727200115d62fe8d713d1d07) feat: implement local caching dns server
* [`4a3691a27`](https://github.com/siderolabs/talos/commit/4a3691a2739871be5eff4b313c30d454a143fbc4) docs: fix broken links in metal-network-configuration.md
* [`c4ed189a6`](https://github.com/siderolabs/talos/commit/c4ed189a6912238350efd5f0181a6ef45728fc63) docs: provide sane defaults for each release series in vmware script
* [`8138d54c6`](https://github.com/siderolabs/talos/commit/8138d54c6c9bae4255216007595fa302bc418c1a) docs: clarify node taints/labels for worker nodes
* [`b44551ccd`](https://github.com/siderolabs/talos/commit/b44551ccdb0dd0ceaffd2e484c86ce91b25fe841) feat: update Linux to 6.6.13
* [`385707c5f`](https://github.com/siderolabs/talos/commit/385707c5f39e733c8f27532435cd14f5f2ff067d) docs: update vmware.sh
* [`d1a79b845`](https://github.com/siderolabs/talos/commit/d1a79b845f025defafb468fb6b5e86957cfad4fc) docs: fix small typo in etcd maintenance guide
* [`cf0603330`](https://github.com/siderolabs/talos/commit/cf0603330a5c852163642a6b3844d1dcc3892cf6) docs: copy generated JSON schema to host
* [`f11139c22`](https://github.com/siderolabs/talos/commit/f11139c229765cf82cadc84e6fa81d860005100b) docs: document local path provisioner install
* [`e0dfbb8fb`](https://github.com/siderolabs/talos/commit/e0dfbb8fba3c50652d0ecbae1db0b0660d0766a6) fix: allow META encoded values to be compressed
* [`d677901b6`](https://github.com/siderolabs/talos/commit/d677901b672eec46b8b5edf57c680813b8fcf697) feat: implement device selector for 'physical'
* [`7d1117289`](https://github.com/siderolabs/talos/commit/7d1117289658ac04707b09f64a1dc70514a9fba9) docs: add missing talosconfig flag
* [`8a1732bcb`](https://github.com/siderolabs/talos/commit/8a1732bcb12deb4444ae87d22cc15d8b968b867d) fix: pull in `mptspi` driver
* [`c1e45071f`](https://github.com/siderolabs/talos/commit/c1e45071f0cb0e48ee35d2f87b483fffb05c6123) refactor: use etcd configuration from the EtcdSpec resource
* [`4e9b688d3`](https://github.com/siderolabs/talos/commit/4e9b688d3f8bc809e0b2f012d5e58c27de85d1e0) fix: use correct TTL for talosconfig in `talosctl config new`
* [`fb5ad0555`](https://github.com/siderolabs/talos/commit/fb5ad05551e08404cb8acde01202c4ae88ddd25a) feat: update Kubernetes default to 1.29.1
* [`fe24139f3`](https://github.com/siderolabs/talos/commit/fe24139f3c0b3f37c8266e5d6c5091950e3a647c) docs: fork docs for v1.7
* [`1c2d10ccc`](https://github.com/siderolabs/talos/commit/1c2d10ccccb84a6d1e008af23866fa13cc14d094) chore: bump dependencies
* [`a599e3867`](https://github.com/siderolabs/talos/commit/a599e38674af448fe5cac210f5d80826d3b08a12) chore: allow custom registry to build installer/imager
* [`3911ddf7b`](https://github.com/siderolabs/talos/commit/3911ddf7bd630286358f1696adf9bdac207e1b9d) docs: add how-to for cert management
* [`b0ee0bfba`](https://github.com/siderolabs/talos/commit/b0ee0bfba3f4c9172c76422a8f8f10a4046c352b) fix: strategic patch merging for audit policy
* [`474eccdc4`](https://github.com/siderolabs/talos/commit/474eccdc4cb1d0fab3ba0b370cc388bc8c9d363a) fix: watch bufer overrun for RouteStatus
* [`cc06b5d7a`](https://github.com/siderolabs/talos/commit/cc06b5d7a659a7f5a35e86a82ee242344c303302) fix: fix .der output in `talosctl gen secureboot`
* [`1dbb4abf4`](https://github.com/siderolabs/talos/commit/1dbb4abf43695d1dd18d51b0386cf644aba67d73) fix: update discovery service client to v0.1.6
* [`9782319c3`](https://github.com/siderolabs/talos/commit/9782319c31e496d998bdf9d505f32a4d8e6e937e) fix: support KubePrism settings in Kubernetes Discovery
* [`6c5a0c281`](https://github.com/siderolabs/talos/commit/6c5a0c2811e3c0f3e1ca2a8fb871065df5bf9b46) feat: generate a single JSON schema for multidoc config
* [`f70b47ddd`](https://github.com/siderolabs/talos/commit/f70b47dddc2599a618c68d8b403d9b37c61f2b71) fix: force KubePrism to connect using IPv4
* [`d5321e085`](https://github.com/siderolabs/talos/commit/d5321e085eb6c877b1b5b38d69eabb839b505297) fix: update kmsg with utf-8 fix
* [`7fa7362dd`](https://github.com/siderolabs/talos/commit/7fa7362ddc0e8a0b85cffcaebc38abd772b355e2) fix: fix nodes on dashboard footer when node names are used in `--nodes`
* [`ba88678f1`](https://github.com/siderolabs/talos/commit/ba88678f1a42b4e9f6c9de25bdc827330cfb254c) fix: merge ports and ingress configs correctly in NetworkRuleConfig
* [`dea9bda2d`](https://github.com/siderolabs/talos/commit/dea9bda2d00feeb29bf4b2c91c2ca24b6cd362f2) fix: disk UUID & WWID always empty in `talosctl disks`
* [`8dc112f36`](https://github.com/siderolabs/talos/commit/8dc112f36bd77ec72e5c501755aa4f056803efd0) chore: pull in NBD modules
* [`f6926faab`](https://github.com/siderolabs/talos/commit/f6926faab5a8b878c600d60ef9d693026277f3ee) fix: default priority for ipv6
* [`e8758dcba`](https://github.com/siderolabs/talos/commit/e8758dcbad6d3188dfccd235dbab04c19dd1a6ed) chore: support http downloads for assets in talosctl cluster create
* [`265f21be0`](https://github.com/siderolabs/talos/commit/265f21be09d68cc23764d690e9f9479b9d92d749) fix: replace the filemap implementation to not buffer in memory
* [`8db3c5b3c`](https://github.com/siderolabs/talos/commit/8db3c5b3c63ad67043b876265ac4687cdcb0f0ff) fix: pick correctly base installer image layers
* [`0a30ef784`](https://github.com/siderolabs/talos/commit/0a30ef78456e854419d0c593f9c97f40166102f3) fix: imager should support different Talos versions
* [`d6342cda5`](https://github.com/siderolabs/talos/commit/d6342cda53027eb5d46dcb6f57fbb1cc31f920dd) docs: update latest version to v1.6.1
* [`e6e422b92`](https://github.com/siderolabs/talos/commit/e6e422b92ade5f24c898e09affdb6de8ee671cb0) chore: bump dependencies
* [`5a19d078a`](https://github.com/siderolabs/talos/commit/5a19d078ad3205d201b11e0d60d5e07b379aba91) fix: properly overwrite files on install
* [`9eb6cea78`](https://github.com/siderolabs/talos/commit/9eb6cea7890854173917a096bcffd6202487d38c) docs: secureboot sd-boot menu clarification
* [`01f0cbe61`](https://github.com/siderolabs/talos/commit/01f0cbe61c32b3ff6e9d05f2c14c83223ce043fa) feat: support iPXE direct booting in `talosctl cluster create`
* [`3ba84701d`](https://github.com/siderolabs/talos/commit/3ba84701d9f87f533b3039395d350b311f4a484f) feat: pull in kernel modules for mlx Infiniband and VFIO
* [`ba993e0ed`](https://github.com/siderolabs/talos/commit/ba993e0edd20f927ff8d59f418e47c6cbf8a95b3) docs: announce that SecureBoot is available
* [`241bc9312`](https://github.com/siderolabs/talos/commit/241bc9312edcadce83a64e92db807dbca74c80cc) fix: update the way secureboot signer fetches certificate (azure)
* [`59b62398f`](https://github.com/siderolabs/talos/commit/59b62398f6265f310108954e9a775e4b8c080679) chore: modernize machined/pkg/controllers/k8s
* [`760f793d5`](https://github.com/siderolabs/talos/commit/760f793d55f3965792f58fa3194977aea4f90e03) fix: use correct prefix when installing SBC files
* [`0b94550c4`](https://github.com/siderolabs/talos/commit/0b94550c42730121c3d270758286dbefa95ea61c) chore: fix the gvisor test
* [`3a787c1d6`](https://github.com/siderolabs/talos/commit/3a787c1d67ddca5102c7d9cbdab4ef1c17a605f4) docs: update 1.6 docs with Noel's feedback
* [`d803e40ef`](https://github.com/siderolabs/talos/commit/d803e40ef2cf1030aab522006ba7287bac8b64c4) docs: provide documentation for Talos 1.6
* [`9a185a30f`](https://github.com/siderolabs/talos/commit/9a185a30f79a8d3481606235609c0e5a11c880cc) feat: update Kubernetes to v1.29.0
* [`5934815d2`](https://github.com/siderolabs/talos/commit/5934815d2fe975c4d8ddb2a26ef733d29565cdb2) chore: split more kernel modules on amd64
* [`10c59a6b9`](https://github.com/siderolabs/talos/commit/10c59a6b90310b8c58babf5beb108b59f4d74e4d) fix: leave discovery service later in the reset sequence
* [`0c86ca1cc`](https://github.com/siderolabs/talos/commit/0c86ca1cc68e2646d63d19d96b01d3d5486dfc42) chore: enable kubespan+firewall for cilium tests
* [`98fd722d5`](https://github.com/siderolabs/talos/commit/98fd722d5110b1422a15ede23873bcd15ab9562e) feat: provide compatibility for future Talos 1.7
* [`131a1b167`](https://github.com/siderolabs/talos/commit/131a1b1671899666d8676b5082cef39efb8f0fa1) fix: add a KubeSpan option to disable extra endpoint harvesting
* [`4547ad9af`](https://github.com/siderolabs/talos/commit/4547ad9afa206405032618f9d94470d00ace8684) feat: send `actor id` to the SideroLink events sink
* [`04e774547`](https://github.com/siderolabs/talos/commit/04e774547146f0733633b296c4432f4eef847265) docs: cap max heading level
* [`6bb1e99aa`](https://github.com/siderolabs/talos/commit/6bb1e99aa3a8132508479b4ca8606522545d8d9a) chore: optimize pcap dump
* [`4f9d3b975`](https://github.com/siderolabs/talos/commit/4f9d3b975fa689dc9eea4e44ff453d8b68ae54ef) feat: update Kubernetes to v1.29.0-rc.2
* [`46121c9fe`](https://github.com/siderolabs/talos/commit/46121c9fecb3603c2d2ae2de6152861ee7f19eaf) docs: rework machine config documentation generation
* [`e128d3c82`](https://github.com/siderolabs/talos/commit/e128d3c827a406f96457322da87cbde2af233fa0) fix: talosctl cluster create not to enforce kubeprism always
* [`320064c5a`](https://github.com/siderolabs/talos/commit/320064c5a869de6d52ba9a23394acaa5549e7aa1) feat: update Go 1.21.5, Linux 6.1.65, etcd 3.5.11
* [`270604bea`](https://github.com/siderolabs/talos/commit/270604bead50423697d6fabffa6bbd7c7b2fbe9e) fix: support user disks via symlinks
* [`4f195dd27`](https://github.com/siderolabs/talos/commit/4f195dd271eb38446561f8708a9623324072a0e9) chore: fix the release.toml
* [`474fa0480`](https://github.com/siderolabs/talos/commit/474fa0480dd68d112a608548e4d0a0c4efa39e20) fix: store and execute desired action on emergency action
* [`515ae2a18`](https://github.com/siderolabs/talos/commit/515ae2a184374e0ac72e3321104265918e45e391) docs: extend hetzner-cloud docs for arm64
* [`eecc4dbd5`](https://github.com/siderolabs/talos/commit/eecc4dbd5198cca5b66e5c3018c407cd38b13c80) fix: trim leading spaces\newlines in inline manifest contents
* [`dbf274ddf`](https://github.com/siderolabs/talos/commit/dbf274ddf7b819941c88932e28d2fe362876ec68) fix: skip writing the file if the contents haven't changed
* [`6329222bd`](https://github.com/siderolabs/talos/commit/6329222bdcfd5ab29bc46ca03bb0b1d22ada9424) fix: do not panic in `merge.Merge` if map value is nil
</p>
</details>
### Changes from siderolabs/discovery-client
<details><summary>1 commit</summary>
<p>
* [`ff8f4be`](https://github.com/siderolabs/discovery-client/commit/ff8f4be618f077f91ce1f9b8240c050719623582) fix: enable gRPC keepalives
</p>
</details>
### Changes from siderolabs/extras
<details><summary>1 commit</summary>
<p>
* [`8909d6f`](https://github.com/siderolabs/extras/commit/8909d6f7773542450c756ce4950c9725a05a8f65) chore: update Go to 1.21.5
</p>
</details>
### Changes from siderolabs/go-api-signature
<details><summary>20 commits</summary>
<p>
* [`370cebf`](https://github.com/siderolabs/go-api-signature/commit/370cebf63d5b26a3b711ec05b0dedc283d94b136) fix: always print the login URL on key renew flow
* [`d28609a`](https://github.com/siderolabs/go-api-signature/commit/d28609aa214f364166cf60533d03a811f9ce2af6) feat: move in the cli grpc interceptor logic, support service account in env
* [`4602acc`](https://github.com/siderolabs/go-api-signature/commit/4602acc2f06134aed4940c6c45f3a5fbd9332a72) chore: add a dummy workflow
* [`cfd21b6`](https://github.com/siderolabs/go-api-signature/commit/cfd21b6a51d21a344e98b7f434bf3e9198e12b42) fix: support validating signatures generated with the time in the future
* [`74dd3dc`](https://github.com/siderolabs/go-api-signature/commit/74dd3dcc1d980837eced68e47d897b03945dd4ee) chore: bump deps
* [`d78bedb`](https://github.com/siderolabs/go-api-signature/commit/d78bedb1a7d348832ba9db0438b1fc099aa2dd99) chore: bump deps
* [`a034e9f`](https://github.com/siderolabs/go-api-signature/commit/a034e9ff315ba4a56115acc7ad0fb99d0dc77800) feat: replace scopes with roles
* [`5b4f3bb`](https://github.com/siderolabs/go-api-signature/commit/5b4f3bb291b7bbec70b690f2969954255ccb8a22) chore: run rekres
* [`9dba116`](https://github.com/siderolabs/go-api-signature/commit/9dba116c0838ecc0342a9af1e81e68e04b133623) chore: remove time.Sleep hack
* [`e84e686`](https://github.com/siderolabs/go-api-signature/commit/e84e68658095aecead59982255b242ba8bef0fc5) chore: bump dependencies
* [`8baaf8a`](https://github.com/siderolabs/go-api-signature/commit/8baaf8a99a28adda6dbdc0d7c38e78b290c84d96) chore: bump deps
* [`5f27e1e`](https://github.com/siderolabs/go-api-signature/commit/5f27e1ebc06e26dea6a8102630a5b3529283eb9e) chore: add renovate bot and bump deps
* [`69886dc`](https://github.com/siderolabs/go-api-signature/commit/69886dcc1343561add3b4b86ef160e0a1876d97f) feat: allow custom validations on PGP key
* [`63d4da3`](https://github.com/siderolabs/go-api-signature/commit/63d4da31ae67052129c5ec795b61fb9c05a52441) fix: limit clock skew for short-lived keys
* [`cdb9722`](https://github.com/siderolabs/go-api-signature/commit/cdb9722becf1aaeeaa1e9529dac19f3d5281f0a1) feat: add support for +-5 min clock skew
* [`7b80a50`](https://github.com/siderolabs/go-api-signature/commit/7b80a50eea28d9273a49445cc3d39492db2e085b) refactor: use options pattern in RegisterPGPPublicKey
* [`c647861`](https://github.com/siderolabs/go-api-signature/commit/c6478610d97a99967e903bdba1a4b7fab20e64b9) feat: add scopes to RegisterPublicKeyRequest
* [`5d3647e`](https://github.com/siderolabs/go-api-signature/commit/5d3647e1d988e3162d0e851757fec951f6bb00c9) feat: provide more client PGP functions
* [`2b682ec`](https://github.com/siderolabs/go-api-signature/commit/2b682ec61e83260b11cdf65d2f3723a89e4afa88) feat: initial version
* [`a4c2943`](https://github.com/siderolabs/go-api-signature/commit/a4c294367c35d1234470d09c6151eed616a0c031) chore: initial commit
</p>
</details>
### Changes from siderolabs/go-kmsg
<details><summary>2 commits</summary>
<p>
* [`e358d13`](https://github.com/siderolabs/go-kmsg/commit/e358d13e5bdab79568d6ffea4b071c1530aa8e3d) fix: decode escape sequences while reading from kmsg
* [`4297bd5`](https://github.com/siderolabs/go-kmsg/commit/4297bd599c918a5a874fb3b9f3119b394bd70899) feat: add BSD support
</p>
</details>
### Changes from siderolabs/pkgs
<details><summary>21 commits</summary>
<p>
* [`96cc841`](https://github.com/siderolabs/pkgs/commit/96cc841fda61f4b91b3a6d57a3baa6650c223957) chore: bump deps
* [`064fd58`](https://github.com/siderolabs/pkgs/commit/064fd581bb529db7cef32b7b4adb9b1a2f8fbd98) feat: update Linux to 6.6.14, enable XDP
* [`efbbd23`](https://github.com/siderolabs/pkgs/commit/efbbd2382e1e5cfeef8717d2212b43a9b760feaf) feat: update Linux to 6.6.13
* [`dfb5026`](https://github.com/siderolabs/pkgs/commit/dfb5026b73f641ee3000e2460e250ec33a7e9a56) chore: switch to git ref for raspberrypi firmware
* [`4af2d0f`](https://github.com/siderolabs/pkgs/commit/4af2d0fdfaf31c31d7f5d24fdc01d5d9d0b27e37) feat: update Linux to 6.1.74
* [`2358efe`](https://github.com/siderolabs/pkgs/commit/2358efe6701139f074213a32d39a314729821cf1) fix: enable FUSION_SPI driver
* [`f376a53`](https://github.com/siderolabs/pkgs/commit/f376a539352926b402e7685700defedafa4c58b0) chore: bump dependencies
* [`583e519`](https://github.com/siderolabs/pkgs/commit/583e519f2dad762bc63bc5b2bff963c61a7e1c16) feat: add v4l usb video class (webcam) drivers
* [`2d3ca68`](https://github.com/siderolabs/pkgs/commit/2d3ca68152d39560b8f34087cdd2e6d386f020d2) feat: enable NBD
* [`f647edd`](https://github.com/siderolabs/pkgs/commit/f647edd497852feb4d537d191ef895d33420b5c4) feat: update Linux to 6.1.69
* [`6af1691`](https://github.com/siderolabs/pkgs/commit/6af169101a8a5459706f45a9fe861f90ed766284) feat: enable VFIO also on amd64
* [`d633cd6`](https://github.com/siderolabs/pkgs/commit/d633cd657081623a3681a905c4b875ed84fb4e6f) feat: enable modules for mlx infiniband
* [`4c59641`](https://github.com/siderolabs/pkgs/commit/4c596414acd8722c97f45e0839c6d772f3e045a8) fix: zfs module build
* [`e325097`](https://github.com/siderolabs/pkgs/commit/e32509763b2953b920c73791ca157c2c1180f0be) feat: enable nct6683 sensors as module
* [`d6185ec`](https://github.com/siderolabs/pkgs/commit/d6185ec3ad68e10a9545ca0528f7e517c803f1a8) feat: enable IRQ remapping on amd64
* [`814dc60`](https://github.com/siderolabs/pkgs/commit/814dc601fb79e2b973d41e82cd16872dee513161) feat: update containerd to 1.7.11
* [`dd71790`](https://github.com/siderolabs/pkgs/commit/dd717902792d68576f7ab799a1342138fae475b2) chore: rekres to fix 'failed' build on main
* [`a36dec4`](https://github.com/siderolabs/pkgs/commit/a36dec48a1c0de4ca178222ee88251701a881bdb) feat: split more device drivers into modules
* [`97270a2`](https://github.com/siderolabs/pkgs/commit/97270a2c26a9c61c2fff5fb104ff0a2bc9fbdd5d) feat: update Linux to 6.1.67
* [`8a73907`](https://github.com/siderolabs/pkgs/commit/8a73907886c003c33cbc03a2a81f0a473fa93c00) feat: update Go to 1.21.5
* [`8f0ffb9`](https://github.com/siderolabs/pkgs/commit/8f0ffb92f88b1a795cfc627abd3ca74cb910cb78) feat: update zfs to v2.2.2
</p>
</details>
### Changes from siderolabs/tools
<details><summary>6 commits</summary>
<p>
* [`f4b41d1`](https://github.com/siderolabs/tools/commit/f4b41d189844957a71814ee3e98983553f7ba0ad) fix: rust toolchain
* [`8cc79e6`](https://github.com/siderolabs/tools/commit/8cc79e68499624d4dde77d5c7d12aab957aaa22a) feat: update dependencies
* [`c7076eb`](https://github.com/siderolabs/tools/commit/c7076eb9f2246f1d6cca431968d2fcce6bd1f951) chore: bump dependencies
* [`a80a2aa`](https://github.com/siderolabs/tools/commit/a80a2aa0307d90f07c8a239459191a3f68cdd5d3) feat: update Go to 1.21.6
* [`b677a2b`](https://github.com/siderolabs/tools/commit/b677a2b99fd658710c34f7472df350787346ea35) feat: add rust build stage
* [`1659d82`](https://github.com/siderolabs/tools/commit/1659d82e78511522e2820efccb892235d6d7b279) feat: update Go to 1.21.5
</p>
</details>
### Dependency Changes
* **github.com/Azure/azure-sdk-for-go/sdk/azcore** v1.9.0 -> v1.9.1
* **github.com/Azure/azure-sdk-for-go/sdk/azidentity** v1.4.0 -> v1.5.1
* **github.com/aws/aws-sdk-go-v2/config** v1.25.6 -> v1.26.6
* **github.com/aws/aws-sdk-go-v2/feature/ec2/imds** v1.14.5 -> v1.14.11
* **github.com/aws/smithy-go** v1.17.0 -> v1.19.0
* **github.com/beevik/ntp** v1.3.0 -> v1.3.1
* **github.com/containerd/cgroups/v3** v3.0.2 -> v3.0.3
* **github.com/containerd/containerd** v1.7.9 -> v1.7.13
* **github.com/containernetworking/plugins** v1.3.0 -> v1.4.0
* **github.com/coredns/coredns** v1.11.1 **_new_**
* **github.com/cosi-project/runtime** v0.3.19 -> v0.3.20
* **github.com/docker/docker** v24.0.7 -> v25.0.2
* **github.com/docker/go-connections** v0.4.0 -> v0.5.0
* **github.com/emicklei/dot** v1.6.0 -> v1.6.1
* **github.com/foxboron/go-uefi** 18b9ba9cd4c3 -> 48be911532c2
* **github.com/gdamore/tcell/v2** v2.6.0 -> v2.7.0
* **github.com/google/go-containerregistry** v0.16.1 -> v0.19.0
* **github.com/google/go-tpm** v0.9.0 -> ee6cbcd136f8
* **github.com/google/uuid** v1.4.0 -> v1.6.0
* **github.com/hetznercloud/hcloud-go/v2** v2.4.0 -> v2.6.0
* **github.com/insomniacslk/dhcp** b0416c0f187a -> 15c9b8791914
* **github.com/jsimonetti/rtnetlink** v1.4.0 -> v1.4.1
* **github.com/miekg/dns** v1.1.58 **_new_**
* **github.com/opencontainers/image-spec** v1.1.0-rc4 -> v1.1.0-rc6
* **github.com/opencontainers/runtime-spec** v1.1.0-rc.1 -> v1.1.0
* **github.com/packethost/packngo** v0.30.0 -> v0.31.0
* **github.com/pin/tftp** 2f79be2dba4e **_new_**
* **github.com/pmorjan/kmod** v1.1.0 -> v1.1.1
* **github.com/rivo/tview** 33a1d271f2b6 -> 8526c9fe1b54
* **github.com/scaleway/scaleway-sdk-go** v1.0.0-beta.21 -> v1.0.0-beta.22
* **github.com/siderolabs/discovery-client** v0.1.5 -> v0.1.6
* **github.com/siderolabs/extras** v1.6.0-1-g113887a -> v1.7.0-alpha.0
* **github.com/siderolabs/go-api-signature** v0.3.1 **_new_**
* **github.com/siderolabs/go-kmsg** v0.1.3 -> v0.1.4
* **github.com/siderolabs/pkgs** v1.6.0-5-g3ae2450 -> v1.7.0-alpha.0-19-g96cc841
* **github.com/siderolabs/talos/pkg/machinery** v1.6.0 -> v1.6.0-alpha.2
* **github.com/siderolabs/tools** v1.6.0-1-g336d248 -> v1.7.0-alpha.0-5-gf4b41d1
* **github.com/u-root/u-root** v0.11.0 -> v0.12.0
* **go.etcd.io/etcd/api/v3** v3.5.11 -> v3.5.12
* **go.etcd.io/etcd/client/pkg/v3** v3.5.11 -> v3.5.12
* **go.etcd.io/etcd/client/v3** v3.5.11 -> v3.5.12
* **go.etcd.io/etcd/etcdutl/v3** v3.5.11 -> v3.5.12
* **go4.org/netipx** 6213f710f925 -> fdeea329fbba
* **golang.org/x/net** v0.19.0 -> v0.20.0
* **golang.org/x/oauth2** v0.15.0 -> v0.16.0
* **golang.org/x/sync** v0.5.0 -> v0.6.0
* **golang.org/x/sys** v0.15.0 -> v0.16.0
* **golang.org/x/term** v0.15.0 -> v0.16.0
* **google.golang.org/grpc** v1.59.0 -> v1.61.0
* **google.golang.org/protobuf** v1.31.0 -> v1.32.0
* **k8s.io/api** v0.29.0 -> v0.29.1
* **k8s.io/apimachinery** v0.29.0 -> v0.29.1
* **k8s.io/apiserver** v0.29.0 -> v0.29.1
* **k8s.io/client-go** v0.29.0 -> v0.29.1
* **k8s.io/component-base** v0.29.0 -> v0.29.1
* **k8s.io/cri-api** v0.29.0 -> v0.29.1
* **k8s.io/klog/v2** v2.110.1 -> v2.120.1
* **k8s.io/kube-scheduler** v0.29.0 -> v0.29.1
* **k8s.io/kubectl** v0.29.0 -> v0.29.1
* **k8s.io/kubelet** v0.29.0 -> v0.29.1
Previous release can be found at [v1.6.0](https://github.com/siderolabs/talos/releases/tag/v1.6.0)
## [Talos 1.6.0-alpha.2](https://github.com/siderolabs/talos/releases/tag/v1.6.0-alpha.2) (2023-11-21)
Welcome to the v1.6.0-alpha.2 release of Talos!

2
go.mod
View File

@ -127,7 +127,7 @@ require (
github.com/siderolabs/kms-client v0.1.0
github.com/siderolabs/net v0.4.0
github.com/siderolabs/siderolink v0.3.4
github.com/siderolabs/talos/pkg/machinery v1.6.0-alpha.2
github.com/siderolabs/talos/pkg/machinery v1.7.0-alpha.0
github.com/spf13/cobra v1.8.0
github.com/spf13/pflag v1.0.5
github.com/stretchr/testify v1.8.4

4
pkg/machinery/config/generate/worker.go
View File

@ -96,6 +96,10 @@ func (in *Input) worker() ([]config.Document, error) {
machine.MachineKubelet.KubeletDisableManifestsDirectory = pointer.To(true)
}
if in.Options.VersionContract.LocalDNSEnabled() {
machine.MachineFeatures.LocalDNS = pointer.To(true)
}
controlPlaneURL, err := url.Parse(in.ControlPlaneEndpoint)
if err != nil {
return nil, err

2
pkg/machinery/config/schemas/config.schema.json
View File

@ -1,6 +1,6 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://talos.dev/v1.6/schemas/config.schema.json",
"$id": "https://talos.dev/v1.7/schemas/config.schema.json",
"$defs": {
"network.DefaultActionConfigV1Alpha1": {
"properties": {

91
pkg/machinery/config/types/v1alpha1/testdata/stability/v1.7/base-controlplane.yaml vendored Normal file
View File

@ -0,0 +1,91 @@
version: v1alpha1
debug: false
persist: true
machine:
type: controlplane
token: d8cwfa.eyvpi0xwxyarbfid
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQakNCOGFBREFnRUNBaEI5cStGVXpodzkycHVPemtpNzB1eGRNQVVHQXl0bGNEQVFNUTR3REFZRFZRUUsKRXdWMFlXeHZjekFlRncweU16RXdNVEl4TURRMk1EbGFGdzB6TXpFd01Ea3hNRFEyTURsYU1CQXhEakFNQmdOVgpCQW9UQlhSaGJHOXpNQ293QlFZREsyVndBeUVBaHVLczZxeCtKWi8wWG8ybXdpQUNjK1EwSVYySGhMd3ozVTZICmUxemZjS2lqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVSlgzWlVNRktWWFZ5NWhKWQozZG9NWENpVEJZRXdCUVlESzJWd0EwRUFCbUxrbDhITmQ3cUpEN3VqQkk2UG9abVRQQWlEcU9GQ0NTVDZJYlZDClF3UzQ1bk1tMldtalRIc3ZrYU5FQ0dneTBhQXJaaFdsbnVYWUswY0t3Z2VJQ0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0KTUM0Q0FRQXdCUVlESzJWd0JDSUVJTURXbklEdVpSdlhQcW1tbSt6bk15SWMrdk53ZjdnYksvSmR3WC9iN2d1RQotLS0tLUVORCBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0K
certSANs: []
kubelet:
image: ghcr.io/siderolabs/kubelet:v1.28.0
defaultRuntimeSeccompProfileEnabled: true
disableManifestsDirectory: true
network: {}
install:
wipe: false
features:
rbac: true
stableHostname: true
apidCheckExtKeyUsage: true
diskQuotaSupport: true
kubePrism:
enabled: true
port: 7445
localDNS: true
cluster:
id: 0raF93qnkMvF-FZNuvyGozXNdLiT2FOWSlyBaW4PR-w=
secret: pofHbABZq7VXuObsdLdy/bHmz6hlMHZ3p8+6WKrv1ic=
controlPlane:
endpoint: https://base:6443
clusterName: base
network:
dnsDomain: cluster.local
podSubnets:
- 10.244.0.0/16
serviceSubnets:
- 10.96.0.0/12
token: inn7ol.u4ehnti8qyls9ymo
secretboxEncryptionSecret: 45yd2Ke+sytiICojDf8aibTfgt99nzJmO53cjDqrCto=
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpVENDQVMrZ0F3SUJBZ0lRYm1hNDNPalRwR0I5TjVxOVFEc3RFekFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSXpNVEF4TWpFd05EWXdPVm9YRFRNek1UQXdPVEV3TkRZdwpPVm93RlRFVE1CRUdBMVVFQ2hNS2EzVmlaWEp1WlhSbGN6QlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VICkEwSUFCTXNhRWZ5R3lFb0xyK0p1Wk91dkVVaXVNMStIQjZvZGtSdVV3ZEJ0ODdacDd1SkVoaEFsZitxNFFjT3gKcFRpZnBIRHJBOEFURjNCWUlFRmFXZ0xPTld1allUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWRCZ05WSFNVRQpGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFCkZnUVU0ZEVkM1RoVzRKWlVWcXR1OEFZNWx1NUhQeGN3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUpJbkFMb0EKY1VhRUp4VlJ5dkhQenFQcTBvaGJOY2oyT3N2d3VKUFMzSktVQWlCSmhwNGFWMG9zUURRSGJnbjdXUWFYaHZFTwo5bWxTbVRURTAyOXBWb0YyWkE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUVZbFloNzVTUTZ6VUJFTUZ6em5pUzZuVVg3Q2VxQ013S3k0RTZHVEVFMGNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFeXhvUi9JYklTZ3V2NG01azY2OFJTSzR6WDRjSHFoMlJHNVRCMEczenRtbnU0a1NHRUNWLwo2cmhCdzdHbE9KK2tjT3NEd0JNWGNGZ2dRVnBhQXM0MWF3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
aggregatorCA:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJYakNDQVFXZ0F3SUJBZ0lRWnNnVDRZZzVxRkNIbS9QTnV5QUVSekFLQmdncWhrak9QUVFEQWpBQU1CNFgKRFRJek1UQXhNakV3TkRZd09Wb1hEVE16TVRBd09URXdORFl3T1Zvd0FEQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxRwpTTTQ5QXdFSEEwSUFCRmQ1eEhFWHhZRndQeTdaWjhmd3FHRGU2YVQ5ZmxNRVlWZENRNDlEaWZobWVteTVDaHZRCnlVRkpZcFM4b21HODVTS1dnOEpFTkoyNnhEdm9WMFBCS2srallUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWQKQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZApCZ05WSFE0RUZnUVV4K0xab1FrYjlmOTN0Y0g4NnZjOUc2ZE13T2t3Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnClhudDVXdmEzOGtWVTB3NjExMEp4bU43Qm5zcWl2NnNMaXlJNXRUR1BDQk1DSUZDQlJ3RXZSYTNnU3pkdXB6ajcKQVJLV3NlK3V5YW9rMnlNYXZnaUVITWpUCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUlMblhpQ3hOWU1CWHpncjVuYmc3bnVtUWM2UGlHaXdmWUN2eFF3Tlhxc3dvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFVjNuRWNSZkZnWEEvTHRsbngvQ29ZTjdwcFAxK1V3UmhWMEpEajBPSitHWjZiTGtLRzlESgpRVWxpbEx5aVliemxJcGFEd2tRMG5ickVPK2hYUThFcVR3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
serviceAccount:
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUlHVElBQjZZUzV0cFcrUnYxeDBPY09Jb1h0SXgzdGZteVFZNGxOWWRCbmpvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFQ3drbVVTUmtrbnlOc0NjTFJNUTlmZWx6cFY0dDdIdlNRcnp6ZGRvK2pWYmlqd2kwVVE1YQp0VW8vZkxQbDlBckVNOHNRWTVOSlgraVdxYjFkQWFXa2VnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
apiServer:
image: registry.k8s.io/kube-apiserver:v1.28.0
certSANs:
- base
disablePodSecurityPolicy: true
admissionControl:
- name: PodSecurity
configuration:
apiVersion: pod-security.admission.config.k8s.io/v1alpha1
defaults:
audit: restricted
audit-version: latest
enforce: baseline
enforce-version: latest
warn: restricted
warn-version: latest
exemptions:
namespaces:
- kube-system
runtimeClasses: []
usernames: []
kind: PodSecurityConfiguration
auditPolicy:
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: Metadata
controllerManager:
image: registry.k8s.io/kube-controller-manager:v1.28.0
proxy:
image: registry.k8s.io/kube-proxy:v1.28.0
scheduler:
image: registry.k8s.io/kube-scheduler:v1.28.0
discovery:
enabled: true
registries:
kubernetes:
disabled: true
service: {}
etcd:
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmVENDQVNPZ0F3SUJBZ0lRVkNTWmFQU3Z0TlZTcjYrVkRyUks0akFLQmdncWhrak9QUVFEQWpBUE1RMHcKQ3dZRFZRUUtFd1JsZEdOa01CNFhEVEl6TVRBeE1qRXdORFl3T1ZvWERUTXpNVEF3T1RFd05EWXdPVm93RHpFTgpNQXNHQTFVRUNoTUVaWFJqWkRCWk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQk9wVXN0MHN3MEJZCkFDN0hpTGNrRElvdVdTRVhWTlJVWE42UmNLTWVRQU9VOEhJQkZBaTJlS2Rka2VJOEhZOTJNWTU1U21xQlhNK3cKRTh0RFgyT3kxSk9qWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjRApBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVejVmai9oZTZoUjhMCkFRTU5qTjgxNS8zV3B6d3dDZ1lJS29aSXpqMEVBd0lEU0FBd1JRSWdFWWcyTlp3NkExek02eURNWTRHN1JPVkwKc0JOU0VhSDd4VmVSalBSblAvZ0NJUURiYzFMNmI0SkU0MCtuUCtYNG5pZlB0QWp5REhhUzVMS0YzQWZkUkRWdApMUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU03Q2VnMk1GQW5TM3ROMzV6QTc0aFZ3VElkTkthK0ZwUHlYVERCdU4wVFlvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFNmxTeTNTekRRRmdBTHNlSXR5UU1paTVaSVJkVTFGUmMzcEZ3b3g1QUE1VHdjZ0VVQ0xaNApwMTJSNGp3ZGozWXhqbmxLYW9GY3o3QVR5ME5mWTdMVWt3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=

47
pkg/machinery/config/types/v1alpha1/testdata/stability/v1.7/base-worker.yaml vendored Normal file
View File

@ -0,0 +1,47 @@
version: v1alpha1
debug: false
persist: true
machine:
type: worker
token: d8cwfa.eyvpi0xwxyarbfid
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQakNCOGFBREFnRUNBaEI5cStGVXpodzkycHVPemtpNzB1eGRNQVVHQXl0bGNEQVFNUTR3REFZRFZRUUsKRXdWMFlXeHZjekFlRncweU16RXdNVEl4TURRMk1EbGFGdzB6TXpFd01Ea3hNRFEyTURsYU1CQXhEakFNQmdOVgpCQW9UQlhSaGJHOXpNQ293QlFZREsyVndBeUVBaHVLczZxeCtKWi8wWG8ybXdpQUNjK1EwSVYySGhMd3ozVTZICmUxemZjS2lqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVSlgzWlVNRktWWFZ5NWhKWQozZG9NWENpVEJZRXdCUVlESzJWd0EwRUFCbUxrbDhITmQ3cUpEN3VqQkk2UG9abVRQQWlEcU9GQ0NTVDZJYlZDClF3UzQ1bk1tMldtalRIc3ZrYU5FQ0dneTBhQXJaaFdsbnVYWUswY0t3Z2VJQ0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: ""
certSANs: []
kubelet:
image: ghcr.io/siderolabs/kubelet:v1.28.0
defaultRuntimeSeccompProfileEnabled: true
disableManifestsDirectory: true
network: {}
install:
wipe: false
features:
rbac: true
stableHostname: true
apidCheckExtKeyUsage: true
diskQuotaSupport: true
kubePrism:
enabled: true
port: 7445
localDNS: true
cluster:
id: 0raF93qnkMvF-FZNuvyGozXNdLiT2FOWSlyBaW4PR-w=
secret: pofHbABZq7VXuObsdLdy/bHmz6hlMHZ3p8+6WKrv1ic=
controlPlane:
endpoint: https://base:6443
network:
dnsDomain: cluster.local
podSubnets:
- 10.244.0.0/16
serviceSubnets:
- 10.96.0.0/12
token: inn7ol.u4ehnti8qyls9ymo
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpVENDQVMrZ0F3SUJBZ0lRYm1hNDNPalRwR0I5TjVxOVFEc3RFekFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSXpNVEF4TWpFd05EWXdPVm9YRFRNek1UQXdPVEV3TkRZdwpPVm93RlRFVE1CRUdBMVVFQ2hNS2EzVmlaWEp1WlhSbGN6QlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VICkEwSUFCTXNhRWZ5R3lFb0xyK0p1Wk91dkVVaXVNMStIQjZvZGtSdVV3ZEJ0ODdacDd1SkVoaEFsZitxNFFjT3gKcFRpZnBIRHJBOEFURjNCWUlFRmFXZ0xPTld1allUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWRCZ05WSFNVRQpGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFCkZnUVU0ZEVkM1RoVzRKWlVWcXR1OEFZNWx1NUhQeGN3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUpJbkFMb0EKY1VhRUp4VlJ5dkhQenFQcTBvaGJOY2oyT3N2d3VKUFMzSktVQWlCSmhwNGFWMG9zUURRSGJnbjdXUWFYaHZFTwo5bWxTbVRURTAyOXBWb0YyWkE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: ""
discovery:
enabled: true
registries:
kubernetes:
disabled: true
service: {}

118
pkg/machinery/config/types/v1alpha1/testdata/stability/v1.7/overrides-controlplane.yaml vendored Normal file
View File

@ -0,0 +1,118 @@
version: v1alpha1
debug: false
persist: true
machine:
type: controlplane
token: d8cwfa.eyvpi0xwxyarbfid
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQakNCOGFBREFnRUNBaEI5cStGVXpodzkycHVPemtpNzB1eGRNQVVHQXl0bGNEQVFNUTR3REFZRFZRUUsKRXdWMFlXeHZjekFlRncweU16RXdNVEl4TURRMk1EbGFGdzB6TXpFd01Ea3hNRFEyTURsYU1CQXhEakFNQmdOVgpCQW9UQlhSaGJHOXpNQ293QlFZREsyVndBeUVBaHVLczZxeCtKWi8wWG8ybXdpQUNjK1EwSVYySGhMd3ozVTZICmUxemZjS2lqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVSlgzWlVNRktWWFZ5NWhKWQozZG9NWENpVEJZRXdCUVlESzJWd0EwRUFCbUxrbDhITmQ3cUpEN3VqQkk2UG9abVRQQWlEcU9GQ0NTVDZJYlZDClF3UzQ1bk1tMldtalRIc3ZrYU5FQ0dneTBhQXJaaFdsbnVYWUswY0t3Z2VJQ0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0KTUM0Q0FRQXdCUVlESzJWd0JDSUVJTURXbklEdVpSdlhQcW1tbSt6bk15SWMrdk53ZjdnYksvSmR3WC9iN2d1RQotLS0tLUVORCBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0K
certSANs:
- foo
- bar
kubelet:
image: ghcr.io/siderolabs/kubelet:v1.28.0
extraMounts:
- destination: /var/opt
type: bind
source: /var/opt
options:
- rshared
defaultRuntimeSeccompProfileEnabled: true
disableManifestsDirectory: true
network: {}
install:
disk: /dev/vda
extraKernelArgs:
- foo=bar
- bar=baz
wipe: false
sysctls:
foo: bar
registries:
mirrors:
ghcr.io:
endpoints:
- https://ghcr.io.my-mirror.com
features:
rbac: true
stableHostname: true
apidCheckExtKeyUsage: true
diskQuotaSupport: true
kubePrism:
enabled: true
port: 7445
localDNS: true
cluster:
id: 0raF93qnkMvF-FZNuvyGozXNdLiT2FOWSlyBaW4PR-w=
secret: pofHbABZq7VXuObsdLdy/bHmz6hlMHZ3p8+6WKrv1ic=
controlPlane:
endpoint: https://base:6443
localAPIServerPort: 5443
clusterName: base
network:
cni:
name: custom
urls:
- https://example.com/cni.yaml
dnsDomain: example.com
podSubnets:
- 10.244.0.0/16
serviceSubnets:
- 10.96.0.0/12
token: inn7ol.u4ehnti8qyls9ymo
secretboxEncryptionSecret: 45yd2Ke+sytiICojDf8aibTfgt99nzJmO53cjDqrCto=
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpVENDQVMrZ0F3SUJBZ0lRYm1hNDNPalRwR0I5TjVxOVFEc3RFekFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSXpNVEF4TWpFd05EWXdPVm9YRFRNek1UQXdPVEV3TkRZdwpPVm93RlRFVE1CRUdBMVVFQ2hNS2EzVmlaWEp1WlhSbGN6QlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VICkEwSUFCTXNhRWZ5R3lFb0xyK0p1Wk91dkVVaXVNMStIQjZvZGtSdVV3ZEJ0ODdacDd1SkVoaEFsZitxNFFjT3gKcFRpZnBIRHJBOEFURjNCWUlFRmFXZ0xPTld1allUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWRCZ05WSFNVRQpGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFCkZnUVU0ZEVkM1RoVzRKWlVWcXR1OEFZNWx1NUhQeGN3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUpJbkFMb0EKY1VhRUp4VlJ5dkhQenFQcTBvaGJOY2oyT3N2d3VKUFMzSktVQWlCSmhwNGFWMG9zUURRSGJnbjdXUWFYaHZFTwo5bWxTbVRURTAyOXBWb0YyWkE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUVZbFloNzVTUTZ6VUJFTUZ6em5pUzZuVVg3Q2VxQ013S3k0RTZHVEVFMGNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFeXhvUi9JYklTZ3V2NG01azY2OFJTSzR6WDRjSHFoMlJHNVRCMEczenRtbnU0a1NHRUNWLwo2cmhCdzdHbE9KK2tjT3NEd0JNWGNGZ2dRVnBhQXM0MWF3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
aggregatorCA:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJYakNDQVFXZ0F3SUJBZ0lRWnNnVDRZZzVxRkNIbS9QTnV5QUVSekFLQmdncWhrak9QUVFEQWpBQU1CNFgKRFRJek1UQXhNakV3TkRZd09Wb1hEVE16TVRBd09URXdORFl3T1Zvd0FEQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxRwpTTTQ5QXdFSEEwSUFCRmQ1eEhFWHhZRndQeTdaWjhmd3FHRGU2YVQ5ZmxNRVlWZENRNDlEaWZobWVteTVDaHZRCnlVRkpZcFM4b21HODVTS1dnOEpFTkoyNnhEdm9WMFBCS2srallUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWQKQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZApCZ05WSFE0RUZnUVV4K0xab1FrYjlmOTN0Y0g4NnZjOUc2ZE13T2t3Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnClhudDVXdmEzOGtWVTB3NjExMEp4bU43Qm5zcWl2NnNMaXlJNXRUR1BDQk1DSUZDQlJ3RXZSYTNnU3pkdXB6ajcKQVJLV3NlK3V5YW9rMnlNYXZnaUVITWpUCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUlMblhpQ3hOWU1CWHpncjVuYmc3bnVtUWM2UGlHaXdmWUN2eFF3Tlhxc3dvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFVjNuRWNSZkZnWEEvTHRsbngvQ29ZTjdwcFAxK1V3UmhWMEpEajBPSitHWjZiTGtLRzlESgpRVWxpbEx5aVliemxJcGFEd2tRMG5ickVPK2hYUThFcVR3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
serviceAccount:
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUlHVElBQjZZUzV0cFcrUnYxeDBPY09Jb1h0SXgzdGZteVFZNGxOWWRCbmpvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFQ3drbVVTUmtrbnlOc0NjTFJNUTlmZWx6cFY0dDdIdlNRcnp6ZGRvK2pWYmlqd2kwVVE1YQp0VW8vZkxQbDlBckVNOHNRWTVOSlgraVdxYjFkQWFXa2VnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
apiServer:
image: registry.k8s.io/kube-apiserver:v1.28.0
certSANs:
- base
- foo
- bar
disablePodSecurityPolicy: true
admissionControl:
- name: PodSecurity
configuration:
apiVersion: pod-security.admission.config.k8s.io/v1alpha1
defaults:
audit: restricted
audit-version: latest
enforce: baseline
enforce-version: latest
warn: restricted
warn-version: latest
exemptions:
namespaces:
- kube-system
runtimeClasses: []
usernames: []
kind: PodSecurityConfiguration
auditPolicy:
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: Metadata
controllerManager:
image: registry.k8s.io/kube-controller-manager:v1.28.0
proxy:
image: registry.k8s.io/kube-proxy:v1.28.0
scheduler:
image: registry.k8s.io/kube-scheduler:v1.28.0
discovery:
enabled: true
registries:
kubernetes:
disabled: true
service: {}
etcd:
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmVENDQVNPZ0F3SUJBZ0lRVkNTWmFQU3Z0TlZTcjYrVkRyUks0akFLQmdncWhrak9QUVFEQWpBUE1RMHcKQ3dZRFZRUUtFd1JsZEdOa01CNFhEVEl6TVRBeE1qRXdORFl3T1ZvWERUTXpNVEF3T1RFd05EWXdPVm93RHpFTgpNQXNHQTFVRUNoTUVaWFJqWkRCWk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQk9wVXN0MHN3MEJZCkFDN0hpTGNrRElvdVdTRVhWTlJVWE42UmNLTWVRQU9VOEhJQkZBaTJlS2Rka2VJOEhZOTJNWTU1U21xQlhNK3cKRTh0RFgyT3kxSk9qWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjRApBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVejVmai9oZTZoUjhMCkFRTU5qTjgxNS8zV3B6d3dDZ1lJS29aSXpqMEVBd0lEU0FBd1JRSWdFWWcyTlp3NkExek02eURNWTRHN1JPVkwKc0JOU0VhSDd4VmVSalBSblAvZ0NJUURiYzFMNmI0SkU0MCtuUCtYNG5pZlB0QWp5REhhUzVMS0YzQWZkUkRWdApMUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU03Q2VnMk1GQW5TM3ROMzV6QTc0aFZ3VElkTkthK0ZwUHlYVERCdU4wVFlvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFNmxTeTNTekRRRmdBTHNlSXR5UU1paTVaSVJkVTFGUmMzcEZ3b3g1QUE1VHdjZ0VVQ0xaNApwMTJSNGp3ZGozWXhqbmxLYW9GY3o3QVR5ME5mWTdMVWt3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
allowSchedulingOnControlPlanes: true

70
pkg/machinery/config/types/v1alpha1/testdata/stability/v1.7/overrides-worker.yaml vendored Normal file
View File

@ -0,0 +1,70 @@
version: v1alpha1
debug: false
persist: true
machine:
type: worker
token: d8cwfa.eyvpi0xwxyarbfid
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQakNCOGFBREFnRUNBaEI5cStGVXpodzkycHVPemtpNzB1eGRNQVVHQXl0bGNEQVFNUTR3REFZRFZRUUsKRXdWMFlXeHZjekFlRncweU16RXdNVEl4TURRMk1EbGFGdzB6TXpFd01Ea3hNRFEyTURsYU1CQXhEakFNQmdOVgpCQW9UQlhSaGJHOXpNQ293QlFZREsyVndBeUVBaHVLczZxeCtKWi8wWG8ybXdpQUNjK1EwSVYySGhMd3ozVTZICmUxemZjS2lqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVSlgzWlVNRktWWFZ5NWhKWQozZG9NWENpVEJZRXdCUVlESzJWd0EwRUFCbUxrbDhITmQ3cUpEN3VqQkk2UG9abVRQQWlEcU9GQ0NTVDZJYlZDClF3UzQ1bk1tMldtalRIc3ZrYU5FQ0dneTBhQXJaaFdsbnVYWUswY0t3Z2VJQ0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: ""
certSANs:
- foo
- bar
kubelet:
image: ghcr.io/siderolabs/kubelet:v1.28.0
extraMounts:
- destination: /var/opt
type: bind
source: /var/opt
options:
- rshared
defaultRuntimeSeccompProfileEnabled: true
disableManifestsDirectory: true
network: {}
install:
disk: /dev/vda
extraKernelArgs:
- foo=bar
- bar=baz
wipe: false
sysctls:
foo: bar
registries:
mirrors:
ghcr.io:
endpoints:
- https://ghcr.io.my-mirror.com
features:
rbac: true
stableHostname: true
apidCheckExtKeyUsage: true
diskQuotaSupport: true
kubePrism:
enabled: true
port: 7445
localDNS: true
cluster:
id: 0raF93qnkMvF-FZNuvyGozXNdLiT2FOWSlyBaW4PR-w=
secret: pofHbABZq7VXuObsdLdy/bHmz6hlMHZ3p8+6WKrv1ic=
controlPlane:
endpoint: https://base:6443
network:
cni:
name: custom
urls:
- https://example.com/cni.yaml
dnsDomain: example.com
podSubnets:
- 10.244.0.0/16
serviceSubnets:
- 10.96.0.0/12
token: inn7ol.u4ehnti8qyls9ymo
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpVENDQVMrZ0F3SUJBZ0lRYm1hNDNPalRwR0I5TjVxOVFEc3RFekFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSXpNVEF4TWpFd05EWXdPVm9YRFRNek1UQXdPVEV3TkRZdwpPVm93RlRFVE1CRUdBMVVFQ2hNS2EzVmlaWEp1WlhSbGN6QlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VICkEwSUFCTXNhRWZ5R3lFb0xyK0p1Wk91dkVVaXVNMStIQjZvZGtSdVV3ZEJ0ODdacDd1SkVoaEFsZitxNFFjT3gKcFRpZnBIRHJBOEFURjNCWUlFRmFXZ0xPTld1allUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWRCZ05WSFNVRQpGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFCkZnUVU0ZEVkM1RoVzRKWlVWcXR1OEFZNWx1NUhQeGN3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUpJbkFMb0EKY1VhRUp4VlJ5dkhQenFQcTBvaGJOY2oyT3N2d3VKUFMzSktVQWlCSmhwNGFWMG9zUURRSGJnbjdXUWFYaHZFTwo5bWxTbVRURTAyOXBWb0YyWkE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: ""
discovery:
enabled: true
registries:
kubernetes:
disabled: true
service: {}

1
pkg/machinery/config/types/v1alpha1/v1alpha1_stability_test.go
View File

@ -39,6 +39,7 @@ func TestConfigEncodingStability(t *testing.T) {
config.TalosVersion1_4,
config.TalosVersion1_5,
config.TalosVersion1_6,
config.TalosVersion1_7,
}
currentVersion := ensure.Value(semver.ParseTolerant(gendata.VersionTag))

2
pkg/machinery/gendata/data/tag
View File

@ -1 +1 @@
v1.6.0-alpha.2
v1.7.0-alpha.0

4
website/content/v1.7/reference/cli.md
View File

@ -96,7 +96,7 @@ talosctl cluster create [flags]
--bad-rtc launch VM with bad RTC state (QEMU only)
--cidr string CIDR of the cluster network (IPv4, ULA network for IPv6 is derived in automated way) (default "10.5.0.0/24")
--cni-bin-path strings search path for CNI binaries (VM only) (default [/home/user/.talos/cni/bin])
--cni-bundle-url string URL to download CNI bundle from (VM only) (default "https://github.com/siderolabs/talos/releases/download/v1.6.0-alpha.2/talosctl-cni-bundle-${ARCH}.tar.gz")
--cni-bundle-url string URL to download CNI bundle from (VM only) (default "https://github.com/siderolabs/talos/releases/download/v1.7.0-alpha.0/talosctl-cni-bundle-${ARCH}.tar.gz")
--cni-cache-dir string CNI cache directory path (VM only) (default "/home/user/.talos/cni/cache")
--cni-conf-dir string CNI config directory path (VM only) (default "/home/user/.talos/cni/conf.d")
--config-patch stringArray patch generated machineconfigs (applied to all node types), use @file to read a patch from file
@ -2848,7 +2848,7 @@ talosctl upgrade [flags]
--debug debug operation from kernel logs. --wait is set to true when this flag is set
-f, --force force the upgrade (skip checks on etcd health and members, might lead to data loss)
-h, --help help for upgrade
-i, --image string the container image to use for performing the install (default "ghcr.io/siderolabs/installer:v1.6.0-alpha.2")
-i, --image string the container image to use for performing the install (default "ghcr.io/siderolabs/installer:v1.7.0-alpha.0")
--insecure upgrade using the insecure (encrypted with no auth) maintenance service
-p, --preserve preserve data
-m, --reboot-mode string select the reboot mode during upgrade. Mode "powercycle" bypasses kexec. Valid values are: ["default" "powercycle"]. (default "default")

2
website/content/v1.7/schemas/config.schema.json
View File

@ -1,6 +1,6 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://talos.dev/v1.6/schemas/config.schema.json",
"$id": "https://talos.dev/v1.7/schemas/config.schema.json",
"$defs": {
"network.DefaultActionConfigV1Alpha1": {
"properties": {