·
4 commits
to main
since this release
Omni 0.39.0 (2024-07-05)
Welcome to the v0.39.0 release of Omni!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.
Equinix Metal
Equinix metal is now available as a download/PXE option in the UI/CLI.
Exposed Services Reliability
Exposed services proxy now provides more reliable connection to the underlying services for slower networks in the cluster.
Also if some nodes are down the proxy will evict them from the routing.
Insecure Node Access
It is now possible to access nodes running in maintenance mode using talosctl.
Omni account wide talosconfig and at least Operator user role is required for that.
No --insecure flag should be set.
Maintenance Talos Updates
Machine's Talos version can now be updated without adding the machine to a cluster.
Either talosctl upgrade -n <uuid> or the UI (Machines page) can be used for that.
Contributors
- David Anderson
- Artem Chernyshev
- Brad Fitzpatrick
- Utku Ozdemir
- Andrey Smirnov
- Dmitriy Matrenichev
- AdamEr8
- Andrey Smirnov
- Andrey Smirnov
- Dominic Evans
- Khionu Sybiern
- Nathan Johnson
- Ryan Cox
- Vincent Batts
- ignoramous
Changes
29 commits
5c9f9berelease(v0.39.0): prepare release48c102arelease(v0.39.0-beta.0): prepare release26a61befix: add resource caches for missing resource types5d953e4fix: do not re-create peer on the remote addr change08717d9fix: get rid of config patches for the maintenance configsb910c20chore: add resource throughput metrics9671551fix: use proper permissions for cluster taint resource09a8b36fix: enable etcd client keep-alives by default5e46841chore: addgo.workfile3810ccbfix: properly clean up stale Talos gRPC backends80d9277feat: bump service exposer version to 1.1.320b08eafix: allow changing machine set node mgmt mode if it has no nodesc9b8b3ffeat: addEquinix metaloption in the download installation media5460134chore: bump dependenciescd8bac4feat: read real IP from the provision API gRPC requestsb47acf2feat: support insecure access to the nodes running in maintenance2f05ab0feat: showN/∞in the machine set if unlim allocation policy is useddc7c2b3fix: detect the old vs. new URL format correctly on workload proxyinge9bca13feat: use tcp loadbalancer for exposed services17f7168chore: bump COSI runtime version, use its task runner85424dafix: do better handling of small screens8b16da3fix: use properz-indexfor the tooltip component92afd42chore: replace append with slices pkg functionsccc9d22chore: update runtime and go-api-signature modules551286echore: bump go to 1.22.4, rekres271bb70chore: migrate to oidc v36dcfd4cfeat: handle all goroutine panics gracefullyc565666feat: provide cleaner UI for the machine sets/machines listse69df41fix: redo EtcdManualBackupShouldBeCreated
Changes since v0.39.0-beta.0
Changes from siderolabs/go-api-signature
Changes from siderolabs/go-loadbalancer
Changes from siderolabs/siderolink
Changes from siderolabs/tcpproxy
70 commits
3d4e7b8chore: rename to siderolabs/tcpproxy6f85d8eImplement correct half-close sequence for the connections.8bea9a4Add support for TCP_USER_TIMEOUT setting91f8614remove old ACME tls-sni-01 stuff that LetsEncrypt removed March 201974ca1dcadd Proxy.AddSNIRouteFunc to do lookups by SNI dynamically4e04b92gofmt for Go 1.19be3ee21(doc): s/tlsproxy/tcpproxy2e577feModified TestProxyPROXYOut to conform with the fixed version of PROXY protocol header format0f9bcedFixed HAProxy's PROXY protocol v1 Human-readable header format in DialProxy2825d76fix(test): update travis and e2e selfSignedCert fnb6bb9b5Update import path to inet.af/tcpproxydfa16c6tlsrouter/README: fix the go get urlf5c09fbTake advantage of Go 1.11's splice support, unwrap Conns in DialProxy.HandleConn7f81f77Work around deadlock with Go tip (at Go rev f3f7bd5)7efa37fQuiet log spam in test.dbc1514Adding the HostName field to the Conn struct (#18)2b928d9Link to docsde1c7deAdd support for arbitrary matching against HTTP and SNI hostnames.c6a0996Support configurable routing of ACME tls-sni-01 challenges.815c942Merge matcher and route into an interface that yields a Target.2065af4Support HAProxy's PROXY protocol v1 in DialProxy.e030359Fix golint nits by adding docstrings and simplifying execution flow.6d97c2aCorrect the package building command, and only deploy for master branch commits.aa12504Another attempt to fix Travis.f6af481Make Travis test all packages, and remove the go.universe.tf import path.d7e343eFix the godoc link to point to google/tcpproxy.bef9f6aMerge bradfitz's tcpproxy codebase with the software formerly known as tlsrouter.d86e96aMove tlsrouter's readme to the command's directory.9e73877Switch license to Apache2, add Google copyright headers.cbf137dCorrect the travis build to kinda work.3eb49e9Move tlsrouter to cmd/tlsrouter, in preparation for rewrite as a pkg.af97cddFix copy/paste-o in doc example.3273f40Add vendor warninge387889Add TargetListener2eb0155Start of tcpproxy. No Listener or reverse dialing yet.c58b44cMake golint fail if lint errors are found, and fix said lint.4621df9Clean up the Travis build a bit more, moving more stuff to the deploy stage.96cc76fTest Travis's new build stage support.bbbede8Make travis fetch the test-only dependency.4b8641fAdd support for HAProxy's PROXY protocol.d23eadcUpload packages based on Go 1.8, not 1.7.7ef32e3Add Go 1.8 to the build matrix.e07ecectypoaa3f9c9Remove debug print in acme code.6664640Stop testing against Go 1.6.728b8bcAdd ACME routing support.a5c2ccdUse nogroup as the group, not nobody.a94dbd1Port extra error checking over from netboot.3cd4412Clean up travis config a bit, and add missing copyright notice.aded796Add a deploy step to garbage-collect old packagecloud files.3e6354cRandom change to force travis rebuild on latest code.77fa998Attempt to create a package with no version name.bfef4baRevert to just debian/jessie. It's the same package anyway.173db90Try the obvious way to specify a matrix of package tags.ea58780Limit the deploy to only the go 1.7 build.a2d0c96Skip cleanup so travis doesn't delete the freshly built .deb.73ee2e7Attempt a packagecloud push.cbd4ea6Attempt to build a debian package with FPM.4f5b46fAdd a systemd unit file to run tlsrouter.8cc8cacDocument -hello-timeout in README.e0a0158Add slowloris protection, in the form of a ClientHello timeout.09cc4bbRemove support for SSL 3.0.c41a68dAdd tests for hostname matching, and make DNS matches match entire string.6546db4Fix vet errors in Go 1.6.e34c2a6Add more words to README.b321571Add godoc comments to appease golint.55ba69dAdd a Travis CI config.b8a3ed8Add DNS name support to config0a0a9f6Add licensing and contributing information for release.b1edd90Initial commit.
Dependency Changes
- filippo.io/age 6ad4560f4afc -> v1.2.0
- github.com/aws/aws-sdk-go-v2 v1.27.0 -> v1.30.0
- github.com/aws/aws-sdk-go-v2/config v1.27.16 -> v1.27.21
- github.com/aws/aws-sdk-go-v2/credentials v1.17.16 -> v1.17.21
- github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.16.21 -> v1.17.1
- github.com/aws/aws-sdk-go-v2/service/s3 v1.54.3 -> v1.56.1
- github.com/containers/image/v5 v5.31.0 -> v5.31.1
- github.com/cosi-project/runtime v0.4.6 -> v0.5.0
- github.com/go-jose/go-jose/v4 v4.0.2 new
- github.com/google/go-containerregistry v0.19.1 -> v0.19.2
- github.com/siderolabs/go-api-signature v0.3.2 -> v0.3.3
- github.com/siderolabs/go-loadbalancer v0.3.3 -> v0.3.4
- github.com/siderolabs/siderolink v0.3.8 -> v0.3.9
- github.com/siderolabs/tcpproxy v0.1.0 new
- github.com/spf13/cobra v1.8.0 -> v1.8.1
- github.com/zitadel/oidc/v3 v3.25.1 new
- golang.org/x/crypto v0.23.0 -> v0.24.0
- golang.org/x/net v0.25.0 -> v0.26.0
- golang.org/x/tools v0.21.0 -> v0.22.0
- google.golang.org/protobuf v1.34.1 -> v1.34.2
- k8s.io/api v0.30.1 -> v0.30.2
- k8s.io/client-go v0.30.1 -> v0.30.2
- k8s.io/klog/v2 v2.120.1 -> v2.130.1
- sigs.k8s.io/controller-runtime v0.18.3 -> v0.18.4
Previous release can be found at v0.38.0