v1.3.0-alpha.1

[smira]

Talos 1.3.0-alpha.1 (2022-10-31)

Welcome to the v1.3.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

kube-apiserver Audit Policy

Talos now supports setting custom audit policy for kube-apiserver in the machine configuration.

Kernel Command Line ip= Argument

Talos now supports referencing interface name via enxMAC address notation:

ip=172.20.0.2::172.20.0.1:255.255.255.0::enx7085c2dfbc59

etcd Consistency Check

Talos enables --experimental-compact-hash-check-enabled option by default to improve
etcd store consistency guarantees.

This options is only available with etcd >= v3.5.5, so Talos doesn't support version of etcd before v3.5.5.

Exocale Platform

Talos now supports new platform: Exoscale.

Exoscale provides a firewall, TCP load balancer and autoscale groups.
It works well with CCM and Kubernetes node autoscaler.

Kernel Modules

Talos now supports settings kernel module parameters.

Eg:

machine:
  kernel:
    modules:
      - name: "br_netfilter"
        parameters:
          - nf_conntrack_max=131072

KubeSpan

KubeSpan MTU link size is now configurable via network.kubespan.mtu setting in the machine configuration.

Routes

Talos now supports setting MTU for a specific route.

Nano Pi R4S

Talos now supports the Nano Pi R4S SBC.

Raspberry Generic Images

The Raspberry Pi 4 specific image has been deprecated and will be removed in the v1.4 release of Talos.
Talos now ships a generic Raspberry Pi image that should support more Raspberry Pi variants.
Refer to the docs at https://www.talos.dev/v1.3/talos-guides/install/single-board-computers/rpi_generic/ to find which ones are supported.

Encryption with secretbox

By default new clusters will use secretbox for encryption instead of AESCBC.
If both are configured secretbox will take precedence.
Old clusters may keep using AESCBC.
To enable secretbox you may add an encryption secret at cluster.secretboxEncryptionSecret.
You should keep aescbcEncryptionSecret however, even if secretbox is enabled older data will still be encrypted with AESCBC.

How to generate the secret:

dd if=/dev/random of=/dev/stdout bs=32 count=1 | base64

Static Pod Manifests

The directory "/etc/kubernetes/manifests" is now deprecated.
Static pods should always be configured in machine.pods.
To reenable support you may set machine.kubelet.disableManifestsDirectory.

Eg:

machine:
  kubelet:
    disableManifestsDirectory: no

Component Updates

• Kubernetes: v1.26.0-alpha.2
• Flannel: v0.20.0
• CoreDNS: v1.10.0
• etcd: v3.5.5
• Linux: 5.15.74

Talos is built with Go 1.19.2.

Contributors

• Andrey Smirnov
• Noel Georgi
• Andrey Smirnov
• Michal Witkowski
• Artem Chernyshev
• Dmitriy Matrenichev
• Artem Chernyshev
• Serge Logvinov
• Andrey Smirnov
• Philipp Sauter
• Steve Francis
• Alexey Palazhchenko
• Andrew Rynhard
• Tim Jones
• Utku Ozdemir
• Andrew Rynhard
• Kris Reeves
• Marvin Drees
• Spencer Smith
• Branden Cash
• Brandon Nason
• Cameron Brunner
• DJAlPee
• Daniel Low
• Gerard de Leeuw
• Jack Wink
• Jon Stelly
• Matt Zahorik
• Maxim Makarov
• Olli Janatuinen
• Pau Campana
• Rubens Farias
• Sander Maijers
• Seán C McCord
• Spencer Smith
• emattiza
• killcity

Changes

150 commits

• d7070f5e7 release(v1.3.0-alpha.1): prepare release
• 869f3b5a5 feat: network configuration improvements on the OpenStack platform
• 29f2195e1 feat: support exoscale cloud
• 8b4ae08d1 fix: etcd snapshot command on Windows
• 8bfa7ac1d feat: platform metadata resource
• 7e50e24c0 fix: properly cleanup legacy static pod manifests directory
• 6ee47bcc6 fix: support serving config for qemu launcher on IPv6
• 6c3d11b49 docs: admission control patch note
• 4ea3b99b5 fix: serve static pod files on 127.0.0.1 instead of localhost
• 23842114f feat: support encryption with secretbox
• f6773c472 docs: talos support on equinix metal
• b307160f6 chore: bump dependencies
• d7edd0e2e refactor: use go-circular, go-kubeconfig, and go-tail
• c6e1702ec feat: use URL-based manifests to present static pods to the kubelet
• 136a795e5 docs: update system requirements to mention dedicated disk usage
• 879e8c0bf chore: update kernel with BTF support
• ceb0cd99a feat: implement Talos API auth using SideroV1 signatures
• e6fba7d3b chore: update dependencies
• 93e55b85f chore: bump golangci-lint to v1.50.0
• aa3d9b4ca fix: regenerate cert on node labeling retry
• 021c73c35 fix: lowercase nodename
• b902036e1 docs: update office hours time link
• 7fcb8c681 feat: update Flannel to v0.20.0
• dc70d892a fix: support setting KubeSpan link MTU
• 7d52bad37 feat: update Linux to 5.15.73
• 9c78b3aff feat: update Kubernetes to v1.26.0-alpha.2
• 94913a672 docs: add lofty to talos adopters
• 0a0bdfe16 docs: add Tremor Video to adopters
• b7b1d4fd6 feat: use readonly containers
• d210338e3 fix: skip protobuf full unmarshaling for some talosctl commands
• b3c679d18 chore: bump dependencies
• 993743f63 fix: skip hostname via DHCP on OpenStack platform
• db076e7b5 feat: pin interface by mac address in cmdline args
• 63de93722 fix: update go-smbios to v0.3.1
• 49e9f808e chore: bump kernel and go
• c7372144d docs: add constraints to upgrade docs
• c71c8ca18 docs: consolidate, simplify and correct various docs
• 06f76bfeb chore: bump dependencies
• b1c421b9a chore: publish ami's with imds v2 enabled
• 195c40ab5 docs: add information about applicable use cases of disk encryption
• 54a687fb8 docs: consolidate and expand on discovery service
• 139c62d76 feat: allow upgrades in maintenance mode (only over SideroLink)
• 48dee4805 feat: support mtu for routes
• 1c43c72ae docs: fix talos required kernel params
• 67cc45ae3 release(v1.3.0-alpha.0): prepare release
• 18c377a4d feat: customize audit policy
• 23c9ea46b fix: raspberry pi install
• f17cdee16 feat: jsonpath filter for talosctl get outputs
• 6bd3cca1a chore: generic raspberry pi images
• d914ab8bb chore: add vulncheck tool as a linter
• a0151aa13 feat: add generic rpi u-boot support
• 30f851d09 chore: bump dependences
• 8b2235c3b fix: lookup Equinix Metal bond slaves using 'permanent addr'
• b3257ebb1 chore: bump kernel to 5.15.70
• 0b2767c16 feat: implement 'permanent addr' in link statuses
• c90e20251 fix: kubeconfig permission
• fc48849d0 chore: move maps/slices/ordered to gen module
• 8b09bd4b0 feat: update Kubernetes to v1.26.0-alpha.1
• 276d4175b chore: bump extension versions in testing
• 357b770cb fix: cryptsetup delete slot
• 711128839 fix: continue applying bootstrap manifests on some errors
• ce12c7b38 chore: update COSI runtime to v0.2.0-alpha.1
• 1b435c0b3 chore: bump kernel + ice drivers
• 18e041f1e docs: fix typo in patching example
• 0ad6452ca feat: update CoreDNS to v1.10.0
• 479f3f52e chore: bump dependencies
• e07c6ae99 feat: update Kubernetes to v1.25.1
• 13fdfaffc test: fix up default branch name
• ef181321a docs: add component diagram; K8s & Talos Linux
• aade73643 docs: fix missing variable in OpenEBS docs
• 472590aa8 chore: return InvalidArgument on invalid config in maintenance mode
• e5cabd42c feat: enable etcd consistency hashcheck
• 015535d90 fix: update discovery client with the redirect fix
• d0c8e7699 chore: bump kernel and go
• 985b0c2e7 chore: remove go.work.sum
• 69124f102 feat: update etcd to v3.5.5
• 1985a796c docs: update docs for pod security
• 94b088f02 fix: set etcd options consistently
• 92ae7ef4b fix: fix protoenc encoding for enums and types with custom encoders
• 93809017c docs: cpu scaling governor knowledgebase
• 7b270ff33 test: fix api controller test
• 2dadcd669 fix: stop worker nodes from acting as apid routers
• 9eaf33f3f fix: never sign client certificate requests in trustd
• 436749124 feat: environment vars for extension service
• 0c0cb671e chore: mark machine configuration validation failure as InvalidArgument
• f424e5340 fix: stop containers more thoroughly
• 12827b861 chore: move "implements" checks to compile time
• 3a67c42cb fix: kill the task processes when cleaning up stale task
• 14a79e325 chore: bump dependencies
• 9beee92e7 docs: fix double vv in Kubernetes version
• 688272515 fix: use different username for Talos Kubernetes API access
• 161a52a9e feat: check apid client certificate extended key usage
• 9dadc4a59 fix: include all node addresses into etcd cert SANs
• 71bfd3e43 feat: update CoreDNS to 1.9.4
• 9df8f1ff1 fix: list COSI APIs for the apid authenticator
• 31462450f fix: pass a pointer to specs.Mount into protoenc.Marshal
• e626540df chore: avoid double API request logging in trustd
• f62d17125 chore: update crypto to use new import path siderolabs/crypto
• ef27dd855 chore: bump dependencies
• 6472ae00b fix: automatically discard VIPs for etcd advertised addresses
• 5e21cca52 feat: support setting kernel parameters
• bd56621cd feat: add structprotogen tool
• cdb6bb2cc feat: add Nano Pi R4S support
• 36c1f1d6e fix: flip the client-server version check
• cd6c53a97 docs: fork docs for v1.3
• 0847400f7 fix: prevent panic on health check if a member has no IPs
• 7471d7f01 feat: update Flannel to v0.19.2
• 148c75cfb docs: consolidate the control-plane documentation
• 353154281 fix: drop kube-system SA default binding
• 4f37b668b chore: remove capi hacks
• 1369afea8 docs: make 1.2.0 docs default ones
• 7627cb0e3 docs: add new talosctl gen secrets
• 8aa60a37a chore: bump kernel to 5.15.64
• a798dbd5d docs: update docs for upcoming 1.2.0 release
• b2fec3c97 fix: properly handle configContext being nil in Talos client
• 1c0977b3a fix: change the type of returned gRPC connection object from the client
• 41848e421 fix: expose Talos client gRPC connection via the function Conn
• 2e9be4af8 chore: bump dependencies
• d283aba3a test: fix cli reboot test
• 0b339a9dc feat: track progress of action API calls
• 072349812 fix: update COSI to the version with gRPC Wait fix
• 89d57aa81 fix: always abort the maintenance service
• f6fa74619 fix: limit apid backoff max delay
• d7ef346db fix: get command in the case 'nodes' are not set in the context
• 4e9c32256 fix: correctly render hosts.toml with multiple endpoints
• cdd0f08bc feat: check client <> server version in some Talos commands
• 446b0af58 chore: bump kernel and runc
• 8c203ce9b feat: remove the machine from the discovery service on reset
• b59ca5810 chore: move from inet.af/netaddr to net/netip and go4.org/netipx
• 053af1d59 fix: update etcd certificates when node addresses changes
• 11edb2c6f test: re-enable upgrade tests
• 0310e2089 chore: bump github.com/siderolabs/protoenc to v0.1.5
• 29bd63240 chore: remove old build tags syntax
• b500d0aa9 chore: bump k8s to v1.25.0
• 29e574be7 docs: update to v1.2.0-beta.1
• 26b549f2a chore: bump dependencies
• 8c3ac4c42 chore: limit GOMAXPROCS for Talos services
• 361e85b74 fix: properly read kexec disabled sysctl
• cfe6c2bc2 docs: nvidia oss drivers
• 2f2d97b6b fix: don't wait for the hostname in maintenance mode
• b15a63924 chore: bump kernel to 5.15.62
• a0d94be30 fix: stable default hostname bias
• da4cd34ef feat: update etcd advertised peer addresses on the fly
• faf92ce01 chore: bump kubernetes to v1.25.0-rc.1
• 52de919e3 chore: bump containerd to v1.6.8
• 7d43fc79b fix: make 'ca', 'crt' and 'key' flags optional for 'talosctl config add'
• fd467e02c fix: handle grub config being empty in the Revert function
• 9492aca65 fix: clean up cancelCtxMu leftovers in PriorityLock
• 61e3eb2ea fix: talosctl edit mc loop
• 32db7a7f5 fix: surround cancelCtx with the mutex

Changes since v1.3.0-alpha.0

44 commits

• d7070f5e7 release(v1.3.0-alpha.1): prepare release
• 869f3b5a5 feat: network configuration improvements on the OpenStack platform
• 29f2195e1 feat: support exoscale cloud
• 8b4ae08d1 fix: etcd snapshot command on Windows
• 8bfa7ac1d feat: platform metadata resource
• 7e50e24c0 fix: properly cleanup legacy static pod manifests directory
• 6ee47bcc6 fix: support serving config for qemu launcher on IPv6
• 6c3d11b49 docs: admission control patch note
• 4ea3b99b5 fix: serve static pod files on 127.0.0.1 instead of localhost
• 23842114f feat: support encryption with secretbox
• f6773c472 docs: talos support on equinix metal
• b307160f6 chore: bump dependencies
• d7edd0e2e refactor: use go-circular, go-kubeconfig, and go-tail
• c6e1702ec feat: use URL-based manifests to present static pods to the kubelet
• 136a795e5 docs: update system requirements to mention dedicated disk usage
• 879e8c0bf chore: update kernel with BTF support
• ceb0cd99a feat: implement Talos API auth using SideroV1 signatures
• e6fba7d3b chore: update dependencies
• 93e55b85f chore: bump golangci-lint to v1.50.0
• aa3d9b4ca fix: regenerate cert on node labeling retry
• 021c73c35 fix: lowercase nodename
• b902036e1 docs: update office hours time link
• 7fcb8c681 feat: update Flannel to v0.20.0
• dc70d892a fix: support setting KubeSpan link MTU
• 7d52bad37 feat: update Linux to 5.15.73
• 9c78b3aff feat: update Kubernetes to v1.26.0-alpha.2
• 94913a672 docs: add lofty to talos adopters
• 0a0bdfe16 docs: add Tremor Video to adopters
• b7b1d4fd6 feat: use readonly containers
• d210338e3 fix: skip protobuf full unmarshaling for some talosctl commands
• b3c679d18 chore: bump dependencies
• 993743f63 fix: skip hostname via DHCP on OpenStack platform
• db076e7b5 feat: pin interface by mac address in cmdline args
• 63de93722 fix: update go-smbios to v0.3.1
• 49e9f808e chore: bump kernel and go
• c7372144d docs: add constraints to upgrade docs
• c71c8ca18 docs: consolidate, simplify and correct various docs
• 06f76bfeb chore: bump dependencies
• b1c421b9a chore: publish ami's with imds v2 enabled
• 195c40ab5 docs: add information about applicable use cases of disk encryption
• 54a687fb8 docs: consolidate and expand on discovery service
• 139c62d76 feat: allow upgrades in maintenance mode (only over SideroLink)
• 48dee4805 feat: support mtu for routes
• 1c43c72ae docs: fix talos required kernel params

Changes from siderolabs/crypto

27 commits

• siderolabs/crypto@c3225ee feat: allow CSR template subject field to be overridden
• siderolabs/crypto@8570669 chore: rename to siderolabs/crypto
• siderolabs/crypto@e9df1b8 feat: add support for generating keys from RSA-SHA256 CAs
• siderolabs/crypto@510b0d2 chore: add json tags
• siderolabs/crypto@6fa2d93 fix: deepcopy nil fields as nil
• siderolabs/crypto@9a63cba fix: add back support for generating ECDSA keys with P-256 and SHA512
• siderolabs/crypto@893bc66 fix: use SHA256 for ECDSA-P256
• siderolabs/crypto@deec8d4 chore: implement DeepCopy methods for PEMEncoded* types
• siderolabs/crypto@d3cb772 feat: make possible to change KeyUsage
• siderolabs/crypto@6bc5bb5 chore: remove unused argument
• siderolabs/crypto@cd18ef6 feat: add support for several organizations
• siderolabs/crypto@97c888b chore: add options to CSR
• siderolabs/crypto@7776057 chore: fix typos
• siderolabs/crypto@80df078 chore: remove named result parameters
• siderolabs/crypto@15bdd28 chore: minor updates
• siderolabs/crypto@4f80b97 fix: verify CSR signature before issuing a certificate
• siderolabs/crypto@39584f1 feat: support for key/certificate types RSA, Ed25519, ECDSA
• siderolabs/crypto@cf75519 fix: function NewKeyPair should create certificate with proper subject
• siderolabs/crypto@751c95a feat: add 'PEMEncodedKey' which allows to transport keys in YAML
• siderolabs/crypto@562c3b6 feat: add support for public RSA key in RSAKey
• siderolabs/crypto@bda0e9c feat: enable more conversions between encoded and raw versions
• siderolabs/crypto@e0dd56a feat: add NotBefore option for x509 cert creation
• siderolabs/crypto@12a4897 feat: add support for SPKI fingerprint generation and matching
• siderolabs/crypto@d0c3eef fix: implement NewKeyPair
• siderolabs/crypto@196679e feat: move pkg/grpc/tls from github.com/talos-systems/talos as ./tls
• siderolabs/crypto@1ff6242 chore: initial version as imported from talos-systems/talos
• siderolabs/crypto@835063e chore: initial commit

Changes from siderolabs/discovery-api

3 commits

• siderolabs/discovery-api@5b0c5e7 chore: rename to siderolabs, rekres, etc
• siderolabs/discovery-api@db279ef feat: initial set of APIs and generated files
• siderolabs/discovery-api@ac52a37 chore: initial commit

Changes from siderolabs/discovery-client

1 commit

• siderolabs/discovery-client@230f317 fix: reconnect the client on update failure

Changes from siderolabs/extras

2 commits

• siderolabs/extras@8f00d77 feat: update tc-redirect-tap to the latest version
• siderolabs/extras@7c91844 chore: bump go to 1.19.2

Changes from siderolabs/gen

6 commits

• siderolabs/gen@b3b6db8 fix: fix Copy documentation and implementation
• siderolabs/gen@521f737 feat: add xerrors package which contains additions to the std errors
• siderolabs/gen@726e066 fix: rename tuples.go to pair.go and set proper package name
• siderolabs/gen@d8d7d25 chore: minor additions
• siderolabs/gen@338a650 chore: add initial implementation and documentation
• siderolabs/gen@4fd8667 Initial commit

Changes from siderolabs/go-blockdevice

55 commits

• siderolabs/go-blockdevice@dcf6044 chore: rekres and rename
• siderolabs/go-blockdevice@9c4af49 fix: cryptsetup remove slot
• siderolabs/go-blockdevice@74ea471 feat: add freebsd stubs
• siderolabs/go-blockdevice@9fa801c feat: add ReadOnly attribute to Disk
• siderolabs/go-blockdevice@fccee8b chore: rekres the source, fix issues
• siderolabs/go-blockdevice@d9c3a27 feat: support probing FAT12/FAT16 filesystems
• siderolabs/go-blockdevice@b374eb4 fix: align partition to 1M boundary by default
• siderolabs/go-blockdevice@ec428fe fix: lookup filesystem labels on the actual device path
• siderolabs/go-blockdevice@7b9de26 feat: read symlink fullpath in block device list function
• siderolabs/go-blockdevice@6928ee4 refactor: rewrite GPT serialize/deserialize functions
• siderolabs/go-blockdevice@0c7e429 refactor: simplify middle endian functions
• siderolabs/go-blockdevice@15b182d fix: return partition table not exist when trying to read an empty dev
• siderolabs/go-blockdevice@b9517d5 fix: resize partition
• siderolabs/go-blockdevice@70d2865 fix: try to find cdrom disks
• siderolabs/go-blockdevice@667bf53 fix: revert gpt partition not found
• siderolabs/go-blockdevice@d7d4cdd fix: gpt partition not found
• siderolabs/go-blockdevice@33afba3 fix: also open in readonly mode when running All lookup method
• siderolabs/go-blockdevice@e367f9d feat: make probe always open blockdevices in readonly mode
• siderolabs/go-blockdevice@d981156 fix: allow Build for Windows
• siderolabs/go-blockdevice@fe24303 fix: perform correct PMBR partition calculations
• siderolabs/go-blockdevice@2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
• siderolabs/go-blockdevice@87816a8 feat: align partition to minimum I/O size
• siderolabs/go-blockdevice@c34b59f feat: expose more encryption options in the LUKS module
• siderolabs/go-blockdevice@30c2bc3 feat: mark MBR bootable
• siderolabs/go-blockdevice@1292574 fix: make disk type matcher parser case insensitive
• siderolabs/go-blockdevice@b77400e fix: properly detect nvme and sd card disk types
• siderolabs/go-blockdevice@1d830a2 fix: revert mark the EFI partition in PMBR as bootable
• siderolabs/go-blockdevice@bec914f fix: mark the EFI partition in PMBR as bootable
• siderolabs/go-blockdevice@776b37d feat: add options to probe disk by various sysblock parameters
• siderolabs/go-blockdevice@bb3ad73 fix: align partition start to physical sector size
• siderolabs/go-blockdevice@8f976c2 feat: replace exec.Command with go-cmd module
• siderolabs/go-blockdevice@1cf7f25 fix: properly handle no child processes error from cmd.Wait
• siderolabs/go-blockdevice@04a9851 feat: implement luks encryption provider
• siderolabs/go-blockdevice@b0375e4 feat: add an option to open block device with exclusive flock
• siderolabs/go-blockdevice@5a1c7f7 refactor: add devname into gpt.Partition, refactor probe package
• siderolabs/go-blockdevice@f2728a5 fix: keep contents of PMBR when writing it
• siderolabs/go-blockdevice@2878460 fix: write second copy of partition entries
• siderolabs/go-blockdevice@943b08b fix: blockdevice reset should read partition table from disk
• siderolabs/go-blockdevice@5b4ee44 fix: ignore /dev/ram devices
• siderolabs/go-blockdevice@98754ec refactor: rewrite GPT library
• siderolabs/go-blockdevice@2a1baad fix: correctly build paths for mmcblk devices
• siderolabs/go-blockdevice@8076344 fix: return proper disk size from GetDisks function
• siderolabs/go-blockdevice@8742133 chore: add common method to list available disks using /sys/block
• siderolabs/go-blockdevice@c4b5833 feat: implement "fast" wipe
• siderolabs/go-blockdevice@b4e67d7 feat: return resize status from Resize() function
• siderolabs/go-blockdevice@ceae64e fix: sync kernel partition table incrementally
• siderolabs/go-blockdevice@2cb9516 fix: return correct error value from blkpg functions
• siderolabs/go-blockdevice@cebe43d refactor: expose InsertAt method via interface
• siderolabs/go-blockdevice@c40dcd8 fix: properly inform kernel about partition deletion
• siderolabs/go-blockdevice@bb8ac5d feat: implement disk wiping via several methods
• siderolabs/go-blockdevice@23fb7dc feat: expose partition name (label)
• siderolabs/go-blockdevice@ff3a821 feat: implement 'InsertAt' method to insert partitions at any position
• siderolabs/go-blockdevice@3d1ce4f fix: calculate last lba of partition correctly
• siderolabs/go-blockdevice@b71540f feat: copy initial version from talos-systems/talos
• siderolabs/go-blockdevice@ca3c078 Initial commit

Changes from siderolabs/go-circular

2 commits

• siderolabs/go-circular@507e0ec refactor: extract circular Go module
• siderolabs/go-circular@2234b3a docs: add README

Changes from siderolabs/go-kubeconfig

2 commits

• siderolabs/go-kubeconfig@e7fdd94 refactor: extract kubeconfig library as a Go module
• siderolabs/go-kubeconfig@50e91b8 docs: add REAMDE

Changes from siderolabs/go-loadbalancer

11 commits

• siderolabs/go-loadbalancer@438b71d chore: update package path and rekres
• siderolabs/go-loadbalancer@5341eec feat: implement public method to check if the route is Healthy
• siderolabs/go-loadbalancer@b578d47 feat: add a way to configure loadbalancer options
• siderolabs/go-loadbalancer@c54d95d feat: implement control plane loadbalancer
• siderolabs/go-loadbalancer@4a6e29e refactor: clean up names, fix the lingering goroutines
• siderolabs/go-loadbalancer@af87d1c chore: apply new Kres rules
• siderolabs/go-loadbalancer@a445702 feat: allow dial timeout and keep alive period to be configurable
• siderolabs/go-loadbalancer@3c8f347 feat: provide a way to configure logger for the loadbalancer
• siderolabs/go-loadbalancer@da8e987 feat: implement Reconcile - ability to change upstream list on the fly
• siderolabs/go-loadbalancer@8b1dfa6 feat: copy initial version from talos-systems/talos
• siderolabs/go-loadbalancer@c2f6a8f Initial commit

Changes from siderolabs/go-smbios

11 commits

• siderolabs/go-smbios@10c1dd8 fix: check for end of the slice properly
• siderolabs/go-smbios@9ca8ce7 chore: treat invalid strings as empty
• siderolabs/go-smbios@dbc5f79 chore: rekres+rename
• siderolabs/go-smbios@3f1e775 feat: rework destructuring of SMBIOS information and added some tests
• siderolabs/go-smbios@fd5ec8c fix: remove useless (?) goroutines leading to data race error
• siderolabs/go-smbios@d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6
• siderolabs/go-smbios@fb425d4 feat: add memory device
• siderolabs/go-smbios@0bb4f96 feat: add physical memory array
• siderolabs/go-smbios@8019619 feat: supply wake-up type in SMBIOS info
• siderolabs/go-smbios@94b8c4e feat: initial implementation
• siderolabs/go-smbios@864ed80 Initial commit

Changes from siderolabs/go-tail

2 commits

• siderolabs/go-tail@962ae43 refactor: extract go-tail module
• siderolabs/go-tail@359c3cb docs: initial commit

Changes from siderolabs/grpc-proxy

51 commits

• siderolabs/grpc-proxy@4cc7bbe chore: rename to siderolabs/grpc-proxy, rekres
• siderolabs/grpc-proxy@2c586db feat: pass fullMethodName to GetConnection
• siderolabs/grpc-proxy@6dfa2cc fix: ignore errors on duplicate SetHeader calls
• siderolabs/grpc-proxy@b076302 fix: use io.EOF error when no backend connections are available
• siderolabs/grpc-proxy@82daca0 docs: update README
• siderolabs/grpc-proxy@fa6843a chore: fix spelling
• siderolabs/grpc-proxy@c0a87d9 chore: major cleanup of the code and build
• siderolabs/grpc-proxy@ca3bc61 fix: ignore some errors so that we don't spam the logs
• siderolabs/grpc-proxy@5c579a7 feat: allow different formats for messages streaming/unary
• siderolabs/grpc-proxy@6c9f7b3 fix: allow mode to be set for each request being proxied
• siderolabs/grpc-proxy@cc91c09 refactor: provide better public API, enforce proxying mode
• siderolabs/grpc-proxy@d8d3a75 chore: update import paths after repo move
• siderolabs/grpc-proxy@dbf07a4 Merge pull request #7 from smira/one2many-4
• siderolabs/grpc-proxy@fc0d27d More tests, small code fixes, updated README.
• siderolabs/grpc-proxy@d9ce0b1 Merge pull request #6 from smira/one2many-3
• siderolabs/grpc-proxy@2d37ba4 Support for one2many streaming calls, tests.
• siderolabs/grpc-proxy@817b035 Merge pull request #5 from smira/one2many-2
• siderolabs/grpc-proxy@436b338 More unary one-2-many tests, error propagation.
• siderolabs/grpc-proxy@1f0cb46 Merge pull request #4 from smira/one2many-1
• siderolabs/grpc-proxy@992a975 Proxying one to many: first iteration
• siderolabs/grpc-proxy@a0988ff Merge pull request #3 from smira/small-fixups
• siderolabs/grpc-proxy@e3111ef Small fixups in preparation to add one-to-many proxying.
• siderolabs/grpc-proxy@6d76ffc Merge pull request #2 from smira/backend-concept
• siderolabs/grpc-proxy@2aad63a Add concept of a 'Backend', but still one to one proxying
• siderolabs/grpc-proxy@7cc4610 Merge pull request #1 from smira/build
• siderolabs/grpc-proxy@37f01f3 Rework build to use GitHub Actions, linting updates.
• siderolabs/grpc-proxy@0f1106e Move error checking further up (fix: setting up CRI-O network breaks Flannel #34)
• siderolabs/grpc-proxy@d5b35f6 Update gRPC and fix tests (fix(rootfs): install conntrack #27)
• siderolabs/grpc-proxy@67591eb Break StreamDirector interface, fix metadata propagation for gRPC-Go>1.5. (#20)
• siderolabs/grpc-proxy@97396d9 Merge pull request #11 from mwitkow/fix-close-bug
• siderolabs/grpc-proxy@3fcbd37 fixup closing conns
• siderolabs/grpc-proxy@a8f5f87 fixup tests, extend readme
• siderolabs/grpc-proxy@428fa1c Fix a channel closing bug
• siderolabs/grpc-proxy@af55d61 Merge pull request #10 from mwitkow/bugfix/streaming-fix
• siderolabs/grpc-proxy@de4d3db remove spurious printfs
• siderolabs/grpc-proxy@84242c4 fix the "i don't know who finished" case
• siderolabs/grpc-proxy@9b22f41 fix full duplex streaming
• siderolabs/grpc-proxy@c2f7c98 update readme
• siderolabs/grpc-proxy@d654141 update README
• siderolabs/grpc-proxy@f457856 move to proxy subdirectory
• siderolabs/grpc-proxy@4889d78 Add fixup scripts
• siderolabs/grpc-proxy@ef60a37 version 2 of the grpc-proxy, this time with fewer grpc upstream deps
• siderolabs/grpc-proxy@07aeac1 Merge pull request #2 from daniellowtw/master
• siderolabs/grpc-proxy@e5c3df5 Fix compatibility with latest grpc library
• siderolabs/grpc-proxy@52be0a5 bugfix: fix gRPC Java deadlock, due to different dispatch logic
• siderolabs/grpc-proxy@822df7d Fix reference to mwitkow.
• siderolabs/grpc-proxy@28341d1 move out forward logic to method, allowing for use as grpc.Server not found handler.
• siderolabs/grpc-proxy@89e28b4 add reference to upstream grpc bug
• siderolabs/grpc-proxy@00dd588 merge upstream grpc.Server changes changing the dispatch logic
• siderolabs/grpc-proxy@77edc97 move to upstream protobuf from gogo
• siderolabs/grpc-proxy@db71c3e initial commit, tested and working.

Changes from siderolabs/pkgs

36 commits

• siderolabs/pkgs@66c77e9 feat: re-enable build kernel with BTF enabled
• siderolabs/pkgs@98ef073 feat: enable INET_DIAG and FANOTFY_PERMISSIONS
• siderolabs/pkgs@8fe5cbc chore: update dependencies
• siderolabs/pkgs@554c0fe feat: add fanotify and kprobes kernel options
• siderolabs/pkgs@54d7e5c fix: drbd package name
• siderolabs/pkgs@b4cb9e2 feat: add 'drbd' package
• siderolabs/pkgs@91e73b3 feat: update dependencies
• siderolabs/pkgs@b6d0d96 chore: bump kernel to 5.15.72
• siderolabs/pkgs@b16dfe9 chore: bump go to 1.19.2
• siderolabs/pkgs@861cc32 chore: bump kernel to 5.15.71
• siderolabs/pkgs@0ac7773 chore: use generic raspberry pi u-boot
• siderolabs/pkgs@d5633d4 chore: bump kernel to 5.15.70
• siderolabs/pkgs@39c0d43 feat: add generic rpi_arm64_defconfig configuration
• siderolabs/pkgs@ed269ca chore: bump kernel to 5.15.69
• siderolabs/pkgs@f2f8333 fix: no slack notifications on failure
• siderolabs/pkgs@6f0af33 chore: disable drone slack pipeline for renovate
• siderolabs/pkgs@32aea3f chore: disable drone for renovate/dependabot
• siderolabs/pkgs@44579f0 fix: rollback xfsprogs to 5.18.0
• siderolabs/pkgs@792c0e3 feat: add gasket driver package
• siderolabs/pkgs@07f1898 chore: update deps
• siderolabs/pkgs@f78f410 chore: enable conntrack zones and timestamps
• siderolabs/pkgs@049b3c6 chore: enable intel ice drivers
• siderolabs/pkgs@606ff32 chore: bump deps
• siderolabs/pkgs@eee5c8a chore: disable irc in conntrack
• siderolabs/pkgs@70e6c46 chore: bump kernel to 5.15.64
• siderolabs/pkgs@e510321 chore: update renovate config
• siderolabs/pkgs@d1fa510 feat: enable renovate bot
• siderolabs/pkgs@e427a77 chore: bump runc to v1.1.4
• siderolabs/pkgs@40e1215 chore: enable nfsv4.2 client support
• siderolabs/pkgs@15efada chore: bump kernel to 5.15.63
• siderolabs/pkgs@e70e3c1 fix: nvidia oss pkg name
• siderolabs/pkgs@30b8d79 chore: bump kernel to 5.15.62
• siderolabs/pkgs@862c392 chore: bump gcc to 12.2.0
• siderolabs/pkgs@2ecd14e fix: containerd version
• siderolabs/pkgs@01df058 feat: add NanoPi R4S configuration
• siderolabs/pkgs@d4cb33b chore: bump containerd to v1.6.8

Changes from siderolabs/siderolink

18 commits

• siderolabs/siderolink@61ab1c4 fix: include MachineStatusEvent into the list of supported events
• siderolabs/siderolink@16a84eb chore: rename to siderolabs/siderolink
• siderolabs/siderolink@ca470c7 chore: update Talos to the latest master, migrate netaddr -> netip/x
• siderolabs/siderolink@93b65f0 fix: ignore 'exist' error on interface managmeent
• siderolabs/siderolink@3c4d9e0 chore: move IP to interface binding into NewDevice
• siderolabs/siderolink@f0b5e39 feat: use kernel wireguard implementation when available
• siderolabs/siderolink@1d2b7e1 feat: allow setting peer endpoint using peer event
• siderolabs/siderolink@5d085d6 feat: expose wgDevice.Peers from the wireguard.Device wrapper
• siderolabs/siderolink@3a5be65 fix: use correct method to generate Wireguard private key
• siderolabs/siderolink@8318a7e feat: accept join token in Provision payload
• siderolabs/siderolink@b38c192 fix: build on Windows
• siderolabs/siderolink@9902ad2 feat: pass request context and node address to the events sink adapter
• siderolabs/siderolink@d0612a7 refactor: pass in listener to the log receiver
• siderolabs/siderolink@d86cdd5 feat: implement logreceiver for kernel logs
• siderolabs/siderolink@f7cadbc fix: handle duplicate peer updates
• siderolabs/siderolink@0755b24 feat: initial implementation of SideroLink
• siderolabs/siderolink@ee73ea9 feat: add Talos events sink proto files and the reference implementation
• siderolabs/siderolink@1e2cd9d Initial commit

Changes from siderolabs/tools

21 commits

• siderolabs/tools@3b5f89a chore: update dependencies
• siderolabs/tools@6402b99 feat: update OpenSSL to 1.1.1r
• siderolabs/tools@00e91b1 feat: update releases
• siderolabs/tools@a264809 chore: bump go to 1.19.2
• siderolabs/tools@858cfe7 fix: no slack notifications on failure
• siderolabs/tools@ed85950 chore: disable drone slack pipeline for renovate
• siderolabs/tools@5df6589 chore: disable drone for renovate/dependabot
• siderolabs/tools@1f00d2e fix: revert gawk to 5.1.1
• siderolabs/tools@feeda1f chore: bump grpc-go
• siderolabs/tools@8542014 chore: bump deps
• siderolabs/tools@e5c4968 chore: update renovate config
• siderolabs/tools@f34f94d chore: update renovate config
• siderolabs/tools@cef4cc6 chore: update renovate config
• siderolabs/tools@bab8e9e chore: add libbpf to tools
• siderolabs/tools@0a15f7b chore: build pahole properly
• siderolabs/tools@a322d06 chore: remove img
• siderolabs/tools@c7ff47b feat: enable renovate dependency updates (3/3)
• siderolabs/tools@6e095cf feat: enable renovate dependency updates (2/n)
• siderolabs/tools@bad1ad1 feat: add renovatebot
• siderolabs/tools@7d6f9c3 chore: bump gcc to 12.2.0
• siderolabs/tools@2719b4b chore: bump toolchain

Dependency Changes

• cloud.google.com/go/compute v1.8.0 -> v1.10.0
• github.com/BurntSushi/toml v1.2.0 -> v1.2.1
• github.com/aws/aws-sdk-go v1.44.76 -> v1.44.122
• github.com/containerd/containerd v1.6.8 -> v1.6.9
• github.com/cosi-project/runtime v0.1.1 -> e8a8fdcc7548
• github.com/docker/docker v20.10.17 -> v20.10.20
• github.com/fsnotify/fsnotify v1.5.4 -> v1.6.0
• github.com/google/go-cmp v0.5.8 -> v0.5.9
• github.com/google/nftables 2eca00135732 -> 4f5cd5826fbd
• github.com/hetznercloud/hcloud-go v1.35.2 -> v1.35.3
• github.com/insomniacslk/dhcp 509691fd59ec -> 5308ebe5334c
• github.com/jsimonetti/rtnetlink v1.2.2 -> v1.2.3
• github.com/mdlayher/ethtool 856bd6cb8a38 -> 0e16326d06d1
• github.com/mdlayher/netlink v1.6.0 -> v1.6.2
• github.com/opencontainers/image-spec c5a74bcca799 -> v1.1.0-rc2
• github.com/packethost/packngo v0.25.0 -> v0.28.1
• github.com/rivo/tview 0e6b21a48e96 -> 2e69b7385a37
• github.com/siderolabs/crypto v0.4.0 new
• github.com/siderolabs/discovery-api v0.1.1 new
• github.com/siderolabs/discovery-client v0.1.1 -> v0.1.2
• github.com/siderolabs/extras v1.2.0 -> v1.3.0-alpha.0-1-g8f00d77
• github.com/siderolabs/gen v0.4.0 new
• github.com/siderolabs/go-blockdevice v0.4.0 new
• github.com/siderolabs/go-circular v0.1.0 new
• github.com/siderolabs/go-kubeconfig v0.1.0 new
• github.com/siderolabs/go-loadbalancer v0.2.0 new
• github.com/siderolabs/go-smbios v0.3.1 new
• github.com/siderolabs/go-tail v0.1.0 new
• github.com/siderolabs/grpc-proxy v0.4.0 new
• github.com/siderolabs/pkgs v1.2.0-8-g970860d -> v1.3.0-alpha.0-35-g66c77e9
• github.com/siderolabs/siderolink v0.2.0 new
• github.com/siderolabs/tools v1.2.0 -> v1.3.0-alpha.0-20-g3b5f89a
• github.com/spf13/cobra v1.5.0 -> v1.6.1
• github.com/stretchr/testify v1.8.0 -> v1.8.1
• github.com/u-root/u-root v0.9.0 -> v0.10.0
• github.com/vmware-tanzu/sonobuoy v0.56.9 -> v0.56.10
• go.etcd.io/etcd/api/v3 v3.5.4 -> v3.5.5
• go.etcd.io/etcd/client/pkg/v3 v3.5.4 -> v3.5.5
• go.etcd.io/etcd/client/v3 v3.5.4 -> v3.5.5
• go.etcd.io/etcd/etcdutl/v3 v3.5.4 -> v3.5.5
• go.uber.org/atomic v1.9.0 -> v1.10.0
• go.uber.org/zap v1.22.0 -> v1.23.0
• go4.org/netipx 797b0c90d8ab new
• golang.org/x/net 3211cb980234 -> v0.1.0
• golang.org/x/sync 886fb9371eb4 -> v0.1.0
• golang.org/x/sys fbc7d0a398ab -> v0.1.0
• golang.org/x/term a9ba230a4035 -> v0.1.0
• golang.org/x/time e5dcc9cfc0b9 -> v0.1.0
• golang.zx2c4.com/wireguard/wgctrl 3d4a969bb56b -> 473347a5e6e3
• google.golang.org/grpc v1.48.0 -> v1.50.1
• k8s.io/api v0.25.0 -> v0.26.0-alpha.2
• k8s.io/apimachinery v0.25.0 -> v0.26.0-alpha.2
• k8s.io/apiserver v0.25.0 -> v0.26.0-alpha.2
• k8s.io/client-go v0.25.0 -> v0.26.0-alpha.2
• k8s.io/component-base v0.25.0 -> v0.26.0-alpha.2
• k8s.io/cri-api v0.25.0 -> v0.26.0-alpha.2
• k8s.io/kubectl v0.25.0 -> v0.26.0-alpha.2
• k8s.io/kubelet v0.25.0 -> v0.26.0-alpha.2
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.65 -> v1.2.66

Previous release can be found at v1.2.0

Images

ghcr.io/siderolabs/flannel:v0.20.0
ghcr.io/siderolabs/install-cni:v1.3.0-alpha.0-1-g8f00d77
docker.io/coredns/coredns:1.10.0
gcr.io/etcd-development/etcd:v3.5.5
k8s.gcr.io/kube-apiserver:v1.26.0-alpha.2
k8s.gcr.io/kube-controller-manager:v1.26.0-alpha.2
k8s.gcr.io/kube-scheduler:v1.26.0-alpha.2
k8s.gcr.io/kube-proxy:v1.26.0-alpha.2
ghcr.io/siderolabs/kubelet:v1.26.0-alpha.2
ghcr.io/siderolabs/installer:v1.3.0-alpha.1
registry.k8s.io/pause:3.6

---

This discussion was created from the release v1.3.0-alpha.1.