Skip to content

Releases: siderolabs/omni

v0.39.1

16 Jul 23:48
v0.39.1
b6ba130
Compare
Choose a tag to compare

Omni 0.39.1 (2024-07-16)

Welcome to the v0.39.1 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Contributors

  • Artem Chernyshev

Changes

2 commits

  • b6ba130 release(v0.39.1): prepare release
  • 01efb6e fix: use proper check for the machine set teardown flow

Dependency Changes

  • google.golang.org/grpc v1.64.0 -> v1.64.1

Previous release can be found at v0.39.0

v0.39.0

05 Jul 18:34
v0.39.0
Compare
Choose a tag to compare

Omni 0.39.0 (2024-07-05)

Welcome to the v0.39.0 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Equinix Metal

Equinix metal is now available as a download/PXE option in the UI/CLI.

Exposed Services Reliability

Exposed services proxy now provides more reliable connection to the underlying services for slower networks in the cluster.
Also if some nodes are down the proxy will evict them from the routing.

Insecure Node Access

It is now possible to access nodes running in maintenance mode using talosctl.
Omni account wide talosconfig and at least Operator user role is required for that.
No --insecure flag should be set.

Maintenance Talos Updates

Machine's Talos version can now be updated without adding the machine to a cluster.
Either talosctl upgrade -n <uuid> or the UI (Machines page) can be used for that.

Contributors

  • David Anderson
  • Artem Chernyshev
  • Brad Fitzpatrick
  • Utku Ozdemir
  • Andrey Smirnov
  • Dmitriy Matrenichev
  • AdamEr8
  • Andrey Smirnov
  • Andrey Smirnov
  • Dominic Evans
  • Khionu Sybiern
  • Nathan Johnson
  • Ryan Cox
  • Vincent Batts
  • ignoramous

Changes

29 commits

  • 5c9f9be release(v0.39.0): prepare release
  • 48c102a release(v0.39.0-beta.0): prepare release
  • 26a61be fix: add resource caches for missing resource types
  • 5d953e4 fix: do not re-create peer on the remote addr change
  • 08717d9 fix: get rid of config patches for the maintenance configs
  • b910c20 chore: add resource throughput metrics
  • 9671551 fix: use proper permissions for cluster taint resource
  • 09a8b36 fix: enable etcd client keep-alives by default
  • 5e46841 chore: add go.work file
  • 3810ccb fix: properly clean up stale Talos gRPC backends
  • 80d9277 feat: bump service exposer version to 1.1.3
  • 20b08ea fix: allow changing machine set node mgmt mode if it has no nodes
  • c9b8b3f feat: add Equinix metal option in the download installation media
  • 5460134 chore: bump dependencies
  • cd8bac4 feat: read real IP from the provision API gRPC requests
  • b47acf2 feat: support insecure access to the nodes running in maintenance
  • 2f05ab0 feat: show N/∞ in the machine set if unlim allocation policy is used
  • dc7c2b3 fix: detect the old vs. new URL format correctly on workload proxying
  • e9bca13 feat: use tcp loadbalancer for exposed services
  • 17f7168 chore: bump COSI runtime version, use its task runner
  • 85424da fix: do better handling of small screens
  • 8b16da3 fix: use proper z-index for the tooltip component
  • 92afd42 chore: replace append with slices pkg functions
  • ccc9d22 chore: update runtime and go-api-signature modules
  • 551286e chore: bump go to 1.22.4, rekres
  • 271bb70 chore: migrate to oidc v3
  • 6dcfd4c feat: handle all goroutine panics gracefully
  • c565666 feat: provide cleaner UI for the machine sets/machines lists
  • e69df41 fix: redo EtcdManualBackupShouldBeCreated

Changes since v0.39.0-beta.0

1 commit

  • 5c9f9be release(v0.39.0): prepare release

Changes from siderolabs/go-api-signature

1 commit

Changes from siderolabs/go-loadbalancer

1 commit

Changes from siderolabs/siderolink

1 commit

  • e76747b chore: migrate to rtnetlink/2

Changes from siderolabs/tcpproxy

70 commits

  • 3d4e7b8 chore: rename to siderolabs/tcpproxy
  • 6f85d8e Implement correct half-close sequence for the connections.
  • 8bea9a4 Add support for TCP_USER_TIMEOUT setting
  • 91f8614 remove old ACME tls-sni-01 stuff that LetsEncrypt removed March 2019
  • 74ca1dc add Proxy.AddSNIRouteFunc to do lookups by SNI dynamically
  • 4e04b92 gofmt for Go 1.19
  • be3ee21 (doc): s/tlsproxy/tcpproxy
  • 2e577fe Modified TestProxyPROXYOut to conform with the fixed version of PROXY protocol header format
  • 0f9bced Fixed HAProxy's PROXY protocol v1 Human-readable header format in DialProxy
  • 2825d76 fix(test): update travis and e2e selfSignedCert fn
  • b6bb9b5 Update import path to inet.af/tcpproxy
  • dfa16c6 tlsrouter/README: fix the go get url
  • f5c09fb Take advantage of Go 1.11's splice support, unwrap Conns in DialProxy.HandleConn
  • 7f81f77 Work around deadlock with Go tip (at Go rev f3f7bd5)
  • 7efa37f Quiet log spam in test.
  • dbc1514 Adding the HostName field to the Conn struct (#18)
  • 2b928d9 Link to docs
  • de1c7de Add support for arbitrary matching against HTTP and SNI hostnames.
  • c6a0996 Support configurable routing of ACME tls-sni-01 challenges.
  • 815c942 Merge matcher and route into an interface that yields a Target.
  • 2065af4 Support HAProxy's PROXY protocol v1 in DialProxy.
  • [e030359](https://github.com/siderolabs/tcpproxy...
Read more

v0.39.0-beta.0

04 Jul 20:06
v0.39.0-beta.0
48c102a
Compare
Choose a tag to compare
v0.39.0-beta.0 Pre-release
Pre-release

Omni 0.39.0-beta.0 (2024-07-04)

Welcome to the v0.39.0-beta.0 release of Omni!
This is a pre-release of Omni

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Equinix Metal

Equinix metal is now available as a download/PXE option in the UI/CLI.

Exposed Services Reliability

Exposed services proxy now provides more reliable connection to the underlying services for slower networks in the cluster.
Also if some nodes are down the proxy will evict them from the routing.

Insecure Node Access

It is now possible to access nodes running in maintenance mode using talosctl.
Omni account wide talosconfig and at least Operator user role is required for that.
No --insecure flag should be set.

Maintenance Talos Updates

Machine's Talos version can now be updated without adding the machine to a cluster.
Either talosctl upgrade -n <uuid> or the UI (Machines page) can be used for that.

Contributors

  • David Anderson
  • Artem Chernyshev
  • Brad Fitzpatrick
  • Utku Ozdemir
  • Andrey Smirnov
  • Dmitriy Matrenichev
  • AdamEr8
  • Andrey Smirnov
  • Andrey Smirnov
  • Dominic Evans
  • Khionu Sybiern
  • Nathan Johnson
  • Ryan Cox
  • Vincent Batts
  • ignoramous

Changes

28 commits

  • 48c102a release(v0.39.0-beta.0): prepare release
  • 26a61be fix: add resource caches for missing resource types
  • 5d953e4 fix: do not re-create peer on the remote addr change
  • 08717d9 fix: get rid of config patches for the maintenance configs
  • b910c20 chore: add resource throughput metrics
  • 9671551 fix: use proper permissions for cluster taint resource
  • 09a8b36 fix: enable etcd client keep-alives by default
  • 5e46841 chore: add go.work file
  • 3810ccb fix: properly clean up stale Talos gRPC backends
  • 80d9277 feat: bump service exposer version to 1.1.3
  • 20b08ea fix: allow changing machine set node mgmt mode if it has no nodes
  • c9b8b3f feat: add Equinix metal option in the download installation media
  • 5460134 chore: bump dependencies
  • cd8bac4 feat: read real IP from the provision API gRPC requests
  • b47acf2 feat: support insecure access to the nodes running in maintenance
  • 2f05ab0 feat: show N/∞ in the machine set if unlim allocation policy is used
  • dc7c2b3 fix: detect the old vs. new URL format correctly on workload proxying
  • e9bca13 feat: use tcp loadbalancer for exposed services
  • 17f7168 chore: bump COSI runtime version, use its task runner
  • 85424da fix: do better handling of small screens
  • 8b16da3 fix: use proper z-index for the tooltip component
  • 92afd42 chore: replace append with slices pkg functions
  • ccc9d22 chore: update runtime and go-api-signature modules
  • 551286e chore: bump go to 1.22.4, rekres
  • 271bb70 chore: migrate to oidc v3
  • 6dcfd4c feat: handle all goroutine panics gracefully
  • c565666 feat: provide cleaner UI for the machine sets/machines lists
  • e69df41 fix: redo EtcdManualBackupShouldBeCreated

Changes from siderolabs/go-api-signature

1 commit

Changes from siderolabs/go-loadbalancer

1 commit

Changes from siderolabs/siderolink

1 commit

  • e76747b chore: migrate to rtnetlink/2

Changes from siderolabs/tcpproxy

70 commits

  • 3d4e7b8 chore: rename to siderolabs/tcpproxy
  • 6f85d8e Implement correct half-close sequence for the connections.
  • 8bea9a4 Add support for TCP_USER_TIMEOUT setting
  • 91f8614 remove old ACME tls-sni-01 stuff that LetsEncrypt removed March 2019
  • 74ca1dc add Proxy.AddSNIRouteFunc to do lookups by SNI dynamically
  • 4e04b92 gofmt for Go 1.19
  • be3ee21 (doc): s/tlsproxy/tcpproxy
  • 2e577fe Modified TestProxyPROXYOut to conform with the fixed version of PROXY protocol header format
  • 0f9bced Fixed HAProxy's PROXY protocol v1 Human-readable header format in DialProxy
  • 2825d76 fix(test): update travis and e2e selfSignedCert fn
  • b6bb9b5 Update import path to inet.af/tcpproxy
  • dfa16c6 tlsrouter/README: fix the go get url
  • f5c09fb Take advantage of Go 1.11's splice support, unwrap Conns in DialProxy.HandleConn
  • 7f81f77 Work around deadlock with Go tip (at Go rev f3f7bd5)
  • 7efa37f Quiet log spam in test.
  • dbc1514 Adding the HostName field to the Conn struct (#18)
  • 2b928d9 Link to docs
  • de1c7de Add support for arbitrary matching against HTTP and SNI hostnames.
  • c6a0996 Support configurable routing of ACME tls-sni-01 challenges.
  • 815c942 Merge matcher and route into an interface that yields a Target.
  • 2065af4 Support HAProxy's PROXY protocol v1 in DialProxy.
  • e030359 Fix golint nits by adding docstrings and simplifying execution flow.
  • 6d97c2a Correct the package building command, and only deploy for master branch commits.
  • [`a...
Read more

v0.38.3

30 Jun 11:09
v0.38.3
d538cc3
Compare
Choose a tag to compare

Omni 0.38.3 (2024-06-30)

Welcome to the v0.38.3 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Contributors

  • Andrey Smirnov
  • Artem Chernyshev

Changes

2 commits

  • d538cc3 release(v0.38.3): prepare release
  • 7fea095 fix: add resource caches for missing resource types

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.38.2

v0.38.2

25 Jun 19:46
v0.38.2
05d54d7
Compare
Choose a tag to compare

Omni 0.38.2 (2024-06-25)

Welcome to the v0.38.2 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Contributors

  • Utku Ozdemir

Changes

2 commits

  • 05d54d7 release(v0.38.2): prepare release
  • a357e04 fix: detect the old vs. new URL format correctly on workload proxying

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.38.1

v0.38.1

21 Jun 12:34
v0.38.1
2e8bf65
Compare
Choose a tag to compare

Omni 0.38.1 (2024-06-21)

Welcome to the v0.38.1 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Contributors

  • Artem Chernyshev

Changes

2 commits

  • 2e8bf65 release(v0.38.1): prepare release
  • e0a760a fix: use proper z-index for the tooltip component

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.38.0

v0.38.0

20 Jun 19:14
v0.38.0
67eb768
Compare
Choose a tag to compare

Omni 0.38.0 (2024-06-20)

Welcome to the v0.38.0 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Break-Glass Configs

Omni now allows getting raw Talos and Kubernetes configs that can allow bypassing Omni when
accessing the cluster.

It has a couple of limitations:

  • It is available only if is enabled for the account.
  • Only os:operator role Talosconfig level is available.
  • The cluster will be marked as tainted for the time being, which doesn't affect anything, but is
    the signal that Omni no longer fully controls secrets rotation.

Exposed Services DNS Name

Exposed services now use new naming schema, so it shouldn't be affected by slow DNS updates.

The domain name patter is now: <hash>-<account>.proxy-us.siderolabs.io.

Kubeconfig Authcode-Keyboard

It is now possible to generate kubeconfig with --grant-type=authcode-keyboard and Omni
supports that mode.
This mode will print a URL and ask for a one time code instead of starting a local HTTP server on port 8000.
Clicking the URL will open the same Omni page as usual, but will present you the one time code instead of doing redirect.

This mode is useful for remote machine kubectl execution and removes the need to set up ssh port-forwarding.

Machine Logs

Machine logs are now stored using new persitent circular buffer library, which has better write efficiency.

Pending Updates

Omni UI now shows pending config changes which are not applied due to locked machines in the cluster.

Contributors

  • Artem Chernyshev
  • Utku Ozdemir
  • Andrey Smirnov
  • Dmitriy Matrenichev
  • Andrey Smirnov
  • Grzegorz Rozniecki

Changes

35 commits

  • 67eb768 release(v0.38.0): prepare release
  • 11f7edb fix: do not use created time of the ClusterMachineTalosVersion in sort
  • 61b0e4c fix: use proper index for the Tooltip
  • d8df8af fix: do not use time namespace to parseDuration
  • 1d92ae5 release(v0.38.0-beta.0): prepare release
  • 4109996 fix: make MachineSetNode controller select only connected machines
  • 2457897 fix: use un-cached list in the MachineSetNodeController
  • 73529c2 fix: display descriptions when show description checkbox is clicked
  • 6a59d63 fix: generate schematics with the extensions, meta and kernel args
  • 87a7750 chore: add Akamai installation media
  • fa64b46 fix: skip invalid machines in TalosUpgradeStatusController
  • 22bb2cc fix: use proper types in the machine status and snapshot controllers
  • a2b7b53 feat: use the new domain scheme for exposed services
  • 4ecb175 fix: handle panics in Omni and Talos UI watches
  • 6286340 fix: properly delete the item from the cached items slice
  • 63ad5bd feat: provide a way to getadmin talosconfig and kubeconfig
  • fa21349 fix: properly generate maintenance config patches
  • 2e64c31 fix: ignore not found ClusterMachine in the migrations
  • a2c3802 fix: validate user email on creation
  • 73d0d3b fix: properly detect authcode-keyboard oidc mode
  • b7a0620 feat: use circular buffer's new persistence option for machine logs
  • 7eec6b9 chore: bump COSI runtime to 0.4.5
  • 4d23186 feat: show pending config updates due to locked machine
  • f98cf51 fix: ignore not found in the MachineStatus and MachineStatusSnapshot
  • ce6e15a fix: proper time adjustment to fix flaky TestEtcdManualBackup
  • 27491ea chore: upgrade github.com/containers/image to v5
  • 3f75f91 fix: change Transport.Address field to Transport.Address method
  • e12cfa8 feat: support authcode login in kubectl oidc-login
  • 2fcd0fd fix: properly update the pulled images count if some images are skipped
  • 5a4251c test: fix a data race in MachineStatusSnapshotController unit tests
  • 0965091 test: fix flaky test in ClusterMachineConfigStatus unit tests
  • b7d48aa chore: small fixes
  • a6c8b47 fix: pass through the talosctl -n args if they cannot be resolved
  • 3bab8bf chore: migrate to Vite and Bun to build the frontend
  • 37c1a97 fix: use proper routing on the config patch view and edit pages

Changes since v0.38.0-beta.0

4 commits

  • 67eb768 release(v0.38.0): prepare release
  • 11f7edb fix: do not use created time of the ClusterMachineTalosVersion in sort
  • 61b0e4c fix: use proper index for the Tooltip
  • d8df8af fix: do not use time namespace to parseDuration

Changes from siderolabs/discovery-client

13 commits

  • ca662d2 feat: export default GRPC dial options for the client
  • 7a767fa chore: bump Go, deps and rekres
  • f4095a1 chore: bump discovery API to v0.1.4
  • fbb1cea fix: keepalive interval calculation
  • ff8f4be fix: enable gRPC keepalives
  • 9ba5f03 chore: app optional ControlPlane data
  • 269a832 chore: rekres, update discovery api
  • a5c19c6 feat: provide public IP discovered from the server
  • 230f317 fix: reconnect the client on update failure
  • ac5ab32 feat: support deleting an affiliate
  • 27a5bee chore: rekres
  • a9a5e9b feat: initial client code
  • 98eb999 chore: initial commit
    <...
Read more

v0.38.0-beta.0

18 Jun 18:31
v0.38.0-beta.0
1d92ae5
Compare
Choose a tag to compare
v0.38.0-beta.0 Pre-release
Pre-release

Omni 0.38.0-beta.0 (2024-06-18)

Welcome to the v0.38.0-beta.0 release of Omni!
This is a pre-release of Omni

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Break-Glass Configs

Omni now allows getting raw Talos and Kubernetes configs that can allow bypassing Omni when
accessing the cluster.

It has a couple of limitations:

  • It is available only if is enabled for the account.
  • Only os:operator role Talosconfig level is available.
  • The cluster will be marked as tainted for the time being, which doesn't affect anything, but is
    the signal that Omni no longer fully controls secrets rotation.

Exposed Services DNS Name

Exposed services now use new naming schema, so it shouldn't be affected by slow DNS updates.

The domain name patter is now: <hash>-<account>.proxy-us.siderolabs.io.

Kubeconfig Authcode-Keyboard

It is now possible to generate kubeconfig with --grant-type=authcode-keyboard and Omni
supports that mode.
This mode will print a URL and ask for a one time code instead of starting a local HTTP server on port 8000.
Clicking the URL will open the same Omni page as usual, but will present you the one time code instead of doing redirect.

This mode is useful for remote machine kubectl execution and removes the need to set up ssh port-forwarding.

Machine Logs

Machine logs are now stored using new persitent circular buffer library, which has better write efficiency.

Pending Updates

Omni UI now shows pending config changes which are not applied due to locked machines in the cluster.

Contributors

  • Artem Chernyshev
  • Utku Ozdemir
  • Andrey Smirnov
  • Dmitriy Matrenichev
  • Andrey Smirnov
  • Grzegorz Rozniecki

Changes

31 commits

  • 1d92ae5 release(v0.38.0-beta.0): prepare release
  • 4109996 fix: make MachineSetNode controller select only connected machines
  • 2457897 fix: use un-cached list in the MachineSetNodeController
  • 73529c2 fix: display descriptions when show description checkbox is clicked
  • 6a59d63 fix: generate schematics with the extensions, meta and kernel args
  • 87a7750 chore: add Akamai installation media
  • fa64b46 fix: skip invalid machines in TalosUpgradeStatusController
  • 22bb2cc fix: use proper types in the machine status and snapshot controllers
  • a2b7b53 feat: use the new domain scheme for exposed services
  • 4ecb175 fix: handle panics in Omni and Talos UI watches
  • 6286340 fix: properly delete the item from the cached items slice
  • 63ad5bd feat: provide a way to getadmin talosconfig and kubeconfig
  • fa21349 fix: properly generate maintenance config patches
  • 2e64c31 fix: ignore not found ClusterMachine in the migrations
  • a2c3802 fix: validate user email on creation
  • 73d0d3b fix: properly detect authcode-keyboard oidc mode
  • b7a0620 feat: use circular buffer's new persistence option for machine logs
  • 7eec6b9 chore: bump COSI runtime to 0.4.5
  • 4d23186 feat: show pending config updates due to locked machine
  • f98cf51 fix: ignore not found in the MachineStatus and MachineStatusSnapshot
  • ce6e15a fix: proper time adjustment to fix flaky TestEtcdManualBackup
  • 27491ea chore: upgrade github.com/containers/image to v5
  • 3f75f91 fix: change Transport.Address field to Transport.Address method
  • e12cfa8 feat: support authcode login in kubectl oidc-login
  • 2fcd0fd fix: properly update the pulled images count if some images are skipped
  • 5a4251c test: fix a data race in MachineStatusSnapshotController unit tests
  • 0965091 test: fix flaky test in ClusterMachineConfigStatus unit tests
  • b7d48aa chore: small fixes
  • a6c8b47 fix: pass through the talosctl -n args if they cannot be resolved
  • 3bab8bf chore: migrate to Vite and Bun to build the frontend
  • 37c1a97 fix: use proper routing on the config patch view and edit pages

Changes from siderolabs/discovery-client

13 commits

  • ca662d2 feat: export default GRPC dial options for the client
  • 7a767fa chore: bump Go, deps and rekres
  • f4095a1 chore: bump discovery API to v0.1.4
  • fbb1cea fix: keepalive interval calculation
  • ff8f4be fix: enable gRPC keepalives
  • 9ba5f03 chore: app optional ControlPlane data
  • 269a832 chore: rekres, update discovery api
  • a5c19c6 feat: provide public IP discovered from the server
  • 230f317 fix: reconnect the client on update failure
  • ac5ab32 feat: support deleting an affiliate
  • 27a5bee chore: rekres
  • a9a5e9b feat: initial client code
  • 98eb999 chore: initial commit

Dependency Changes

  • github.com/containers/image/v5 v5.31.0 new
  • github.com/cosi-project/runtime 15e9d678159d -> v0.4.6
  • github.com/siderolabs/discovery-client v0.1.9 new

Previous release can be found at v0.37.0

v0.37.5

13 Jun 08:11
v0.37.5
4efdd08
Compare
Choose a tag to compare

Omni 0.37.5 (2024-06-13)

Welcome to the v0.37.5 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Contributors

  • Artem Chernyshev

Changes

2 commits

  • 4efdd08 release(v0.37.5): prepare release
  • 755289d fix: properly delete the item from the cached items slice

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.37.4

v0.37.4

12 Jun 14:41
v0.37.4
855359b
Compare
Choose a tag to compare

Omni 0.37.4 (2024-06-12)

Welcome to the v0.37.4 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Contributors

  • Artem Chernyshev

Changes

2 commits

  • 855359b release(v0.37.4): prepare release
  • a54cc0f fix: properly generate maintenance config patches

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.37.3