Skip to content

v0.10.1

Choose a tag to compare

@github-actions github-actions released this 27 May 12:11
v0.10.1
150bf44

omni-infra-provider-bare-metal 0.10.1 (2026-05-27)

Welcome to the v0.10.1 release of omni-infra-provider-bare-metal!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni-infra-provider-bare-metal/issues.

Machine Power-Off Support

The provider now honors power-off requests from Omni. When Omni requests a machine to be powered off, the provider acknowledges the request and avoids automatically powering the machine back on due to cluster allocation. The request is honored until the machine goes through a deallocation cycle, at which point it is considered stale and the provider resumes normal power management. The provider also reports the currently honored request back to Omni, allowing Omni to distinguish intentional power-off from unexpected disconnects.

Talos v1.13.0

This release updates the dependency on Talos to v1.13.0.

Contributors

  • Andrey Smirnov
  • Mateusz Urbanek
  • Noel Georgi
  • Mickaël Canévet
  • Utku Ozdemir
  • Edward Sammut Alessi
  • Orzelius
  • Zadkiel AHARONIAN
  • Benoît Knecht
  • David Orman
  • Dharsan Baskar
  • Dominik Pitz
  • Erwan Leboucher
  • Fritz Schaal
  • Kevin Tijssen
  • Laura Brehm
  • Maja Bojarska
  • Nico Berlee
  • Quentin Joly
  • Spencer Smith
  • pythoner6

Changes

9 commits

  • 150bf44 release(v0.10.1): prepare release
  • c93c09b fix: write boot filename to BOOTP header for U-Boot ProxyDHCP
  • e6da964 chore: bump Go and deps, rekres, fix linters
  • 5b57fe3 release(v0.10.0): prepare release
  • a3694fb chore: bump image-factory and talos-metal-agent
  • 4d13952 chore: rekres
  • e27fd88 chore: bump deps, rekres, Talos v1.13.0
  • fed52d9 feat: honor power-off requests from omni
  • 2730cf3 chore: accept eula in integration tests

Changes since v0.10.0

3 commits

  • 150bf44 release(v0.10.1): prepare release
  • c93c09b fix: write boot filename to BOOTP header for U-Boot ProxyDHCP
  • e6da964 chore: bump Go and deps, rekres, fix linters

Changes from siderolabs/crypto

1 commit

  • 6d82f0c fix: bump minimum TLS version to v1.3

Changes from siderolabs/image-factory

22 commits

  • ccffefc release(v1.2.0): prepare release
  • 4abeff4 feat: add /talosctl/:version endpoint to list downloadable talosctls
  • 405b488 feat(i18n): add french locale
  • c6ad082 feat(registry): resolve latest tag to stable version
  • 471706d chore: drop update to talos main tests
  • 403cd5a fix: centralize schematic ownership enforcement
  • f1cceee feat: implement authentication support
  • 81f9312 release(v1.1.0): prepare release
  • 1b834b7 feat: add SHA-256 and SHA-512 checksum frontend
  • e775c36 feat: upgrade tailwind to v4
  • bb27d39 feat: update Talos to v1.13.0-rc.0
  • 2a59890 fix: gsa signer pull during verify
  • fbc302f fix: support insecure registries for signature bundles
  • 8e7d10e feat: add support for google service account signing
  • 74afd80 fix: set correct Content-Type when downloading images
  • 8372fe8 feat: add SPDX frontend
  • b379bf2 feat: switch schematic cache to LRU and negative TTL
  • 0450038 chore: remove deuplicate k8s-down ci step
  • 470cb2f chore: switch to large runners
  • 713fc6e fix: memory usage when building images
  • 0a25274 fix: excessive memory usage
  • 0f9eb22 feat: update machinery doc links

Changes from siderolabs/talos

192 commits

  • befeda7cb release(v1.13.3): prepare release
  • f4d451054 feat(ci): rotate credentials
  • 01b434870 fix: guard apply config API call
  • a42c37f24 feat(machined): support instance tags on Akamai
  • d62d54ca7 fix: memorymodules resource reporting
  • b673b4be7 fix: bump Go golang.org/x modules
  • 19755ad14 feat: add bnxt_re module to the rootfs
  • 532bc6baa fix: relax hostname config validation
  • 3bbd3ed35 fix: bump Kubernetes to 1.36.1 in one more place
  • 472b9d991 feat: update default Kubernetes version to 1.36.1
  • 6d53ce0d5 chore(ci): fix cloud image upload job name
  • 5633c7791 fix: rework how scheduler config is marshaled
  • 52f056084 fix: restore some shared (and some lower tier slave) mount propagation
  • 9de3c12d9 fix: image verification issue with registry.k8s.io
  • 7dc716d85 feat: redact more machine config secrets and audit redactors
  • d5448c60d chore(ci): try fixing homebrew action
  • ef9f0bf02 docs: drop controlplane endpoint examples
  • 7ee3e787b feat: update Linux to 6.18.33
  • e99744bad fix: update containerd to 2.2.4
  • c5d7c6536 release(v1.13.2): prepare release
  • 7df617aa7 release(v1.13.1): prepare release
  • 09ead22a3 test: relax kernel-default routing rule assertion
  • 817609677 feat: update Go to 1.26.3
  • a5f32abda fix: normalize source name for syft consistency
  • f8298948a feat: bump in-toto indirect dependency
  • ded9a2d78 feat: update kernel to 6.18.29
  • 755628239 fix: handle empty GCP operation errors
  • e7645ba1c fix: clarify documentation for image verification pattern
  • e85d01a07 fix: skip reserved routing rule priorities
  • c5a81f2cc feat: update etcd to 3.6.11
  • 38ca2bca6 fix: add missing kernel modules in rootfs
  • dc30ad327 fix: preserve DHCP DNS servers
  • d8e32fa73 fix: stale discovered volume children
  • 80c110c87 fix: re-enable kexec on arm64
  • bd9ac044e fix: provide proper AWS platform metadata
  • 549f3c0b4 fix: panic in Kubernetes manifest sync
  • 29eb6651d fix(ci): zfs test
  • 4b36fc9c2 fix: deadlock in the makefs ext4 with populated source
  • fdf4f9f6c fix: do not pick up a system disk from a loop device
  • 4ff29cc9f fix(talosctl): protect k8sNames map writes with mutex
  • ff53434c9 fix: mount throws EPERM on virtiofs with SELinux
  • 16cc0a99c fix: drop explicit platform matcher
  • ddb631aba fix: bump go-kmsg to fix the timestamp drift
  • 595470849 fix: make lacp active nilable
  • 879e31a65 test: fix flaky tests
  • ef1d9ffc3 fix: reset the ticker when the KubeSpan is disabled/enabled
  • ce89d6727 fix: replace Canal manifest with a more recent one
  • b9e9c6579 release(v1.13.0): prepare release
  • 5e2fc260a fix: revert add extraArgs from service-account-issuer
  • 17448fcd2 fix: revert use append instead of prepend in service-account-issuer
  • 4b9fe000f feat: add quirk for talosctl factory downloads
  • f62c33113 refactor: make all controller unit-test follow modern patterns
  • cd317d533 feat: support auth for Image Factory in cluster create
  • 92ca9e16f feat: update Kubernetes to v1.36.0
  • e9afea74d test: fix OOM test flake
  • d34a61c8d fix(talosctl): ensure uncordon runs after reboot/upgrade errors
  • f9531d352 test: fix a flake in the manifest sync test
  • 9f04f2c4e fix: watch kubelet's kubeconfig and time out for cache sync
  • f3bab2baf chore(ci): nvidia update helm values
  • d4d018b54 fix: propagate route table down to the resource
  • ffa0bcf61 chore(ci): bump gpu operator version
  • 8035e6e49 fix: do not flip machine stage to rebooting during shutdown
  • 10606bdfe fix: boot entry detection
  • 23393a5ea fix: zfs extensions test
  • a922d1540 fix: return failed precondition on upgrade when not installed
  • 252799a00 fix: reduce memory dashboard usage
  • 8180cb11c fix: wrong slot of encryption key was logged
  • b6bcd47e6 feat: update Flannel to 0.28.4
  • 370c035ab fix: audit trustd code for security
  • 3e1c6fd84 chore: bump container registry library
  • dacd73313 chore: update sign images to support image name suffix
  • 1a519a410 test: allow more tests to run in FIPS strict mode
  • cb969aa9f feat: update Linux to 6.18.24
  • 1f949d9a5 release(v1.13.0-rc.0): prepare release
  • 929ab7165 fix(machined): clear stale bond ARP/NS targets on decode
  • 730937eee chore: bump tools
  • 0f9d4b5b9 feat: update Kubernetes 1.36.0-rc.1
  • 41e6866fd fix: encode extra args fields in resources with new id
  • 5feeab90d chore(ci): nvidia try UKI boot
  • cd88cbd0c chore: bump tools
  • 53609713f fix: upgrade API in maintenance mode (legacy)
  • 2de7fb60d refactor: allow overriding out image name suffix
  • 384b189a5 feat: update Kubernetes to 1.36.0-rc.0
  • 9b8c1891b fix: panic in reading PCR values
  • 67a34a6eb feat(ci): add nvidia arm64 matrix
  • cd73b4a82 feat: bump go to 1.26.2
  • 77406ec31 fix: validate hostDNS forwarding requires hostDNS to be enabled
  • 7d7776dca fix: handle boot failure
  • 6dc97e8aa fix(talosctl): always use default GRPC dial options
  • db2c007ee fix: create correct blackhole routes for IPv4
  • 6f8462849 refactor: propagate NAME properly, allow to set on build
  • 6a0ec46b5 feat: add dis-vulncheck tool
  • 4c79bd815 chore: bump some tool dependencies
  • cd8d70fb9 fix: set the minimum TLS version to 1.3
  • fe5b849ec refactor: remove manual shell completion and replace with cobra completion
  • fef5ef49e feat: allow more nvidia and nvme files from extensions
  • 33b89cff7 feat: allow glibc ld files in etc
  • 9be7bc025 fix: don't set xattrs while decompressing extensions
  • 9cc735588 feat: add client-side Kubernetes node drain to reboot and upgrade commands
  • 128c2c287 feat: update Flannel to v0.28.2
  • 02d84f582 fix: handle ISOs with zeroes in volume labels
  • 70c356bfd feat: add flag to force fallback to legacy upgrade
  • 8499579f4 fix: add os:meta:writer role to the dashboard
  • dc59a7e94 fix: drop talosctl install
  • f7be2c598 feat: add resource view to talosctl dashboard
  • a47b76618 fix: unseal with "slow" TPM
  • 3c79b432a fix: drop unused type from ExternalVolume schema
  • 38d391e9d fix: always grow disks
  • f0c5cb517 fix: add metal-agent mode to runtime capabilities
  • 213ecf2a5 release(v1.13.0-beta.1): prepare release
  • abc0ddf11 feat: bump musl to 1.2.6
  • fcdfeab2b fix: incorrect route source for on-link routes
  • a8f2a0af7 feat: update NVIDIA production drivers to 595.58.03
  • ccf1e0c27 test: fix the PKI mismatch test flake
  • 7a9467306 test: fix cron failures for provision-1 & provision-2
  • 797815209 fix: allow blockdevice wipe in maintenance mode
  • efc76f0bf test: fix the flakes in tests with trusted roots
  • 7fa16b497 test: bump memory for Flannel netpolicy tests
  • 576c26948 feat: add --platform=all support to image cache-create
  • ceec42f2a feat: update Linux to 6.18.19, CNI to 1.9.1
  • 902c78a17 test: improve maintenance API provision tests
  • a4b0cbc49 feat: validate luks headers for tampering
  • 281584b88 chore: update go-kubernetes library
  • b86360790 fix: add symlinks nvidia-ctk and nvidia-cdi-hook in /usr/bin
  • d82fada75 fix: unset rlimits for extension services
  • 76931f409 feat: enforce PID check on connections to services over file sockets
  • df4e0e7f5 feat: update etcd to 3.6.9
  • 08ba425e6 feat: update Kubernetes to 1.36.0-beta.0
  • 1cb2a8b30 fix: update diff library to v1.0.1
  • 5e171a3de test: fix the apid test against AWS/GCP
  • f98e76f8d fix: panics in diff algorithms
  • a544aea84 release(v1.13.0-beta.0): prepare release
  • f36f6ef54 chore: update pkgs and tools
  • b7d70cf62 feat: unify maintenance and regular APIs
  • 13d6b4a03 fix: trim down cosign dependencies
  • 5c39a8581 fix: drop aws & azure KMS APIs from the machined build
  • 3d059754c fix: accept image cache volume encryption config
  • d2661d253 fix: apparmor parser config files
  • 13ef0cfc9 fix: unmount pseudo-late recursively
  • e9d45671a fix: panic in hardware.SystemInfoController
  • a728bbd89 fix: validate missing apiVersion in config document decoder
  • c8a674afa fix: pull in a fix for dmesg timestamps
  • e7e21fe8e feat: bump dependencies
  • 6bb5cf57a feat: implement routing rules support
  • a0b9d6e77 feat: bump kernel with uhci_hcd driver
  • 1f0d2da39 feat: update containerd to 2.2.2
  • cff0f5782 fix(machined): support USERDATA legacy fallback in OpenNebula driver
  • 5d3a326c8 feat(machined): add ONEGATE proxy route and deterministic interface iteration for OpenNebula
  • 3bec5cc7b feat(machined): inherit IP6_METHOD from METHOD in OpenNebula driver
  • 4f4ec9806 fix(machined): align OpenNebula hostname precedence with reference
  • 4d0244ddf feat(machined): add IPv6 alias address support for OpenNebula (ETH*_ALIAS*_IP6)
  • 5bb896230 feat(machined): support ETH*_IP6_METHOD (static/dhcp/auto/disable) for OpenNebula
  • 469db18d3 refactor(machined): extract per-interface IPv4 helper in OpenNebula driver
  • ae61f5a5e fix(machined): use ParseFQDN for hostname parsing in OpenNebula
  • 7adbbd2f8 feat(machined): support per-interface route metric for OpenNebula (ETH*_METRIC)
  • 196658c41 feat(machined): add network alias support for OpenNebula (ETH*_ALIAS*)
  • e96766e81 feat(machined): merge global and per-interface DNS for OpenNebula
  • 23c99a3cb feat(machined): add static routes support via ETH*_ROUTES for OpenNebula
  • ad3c59aad fix: prevent stale discovered volumes reads
  • fc9749b9e feat: pull in kernel with preemptible kernel
  • c14179e78 chore(ci): update nvidia test to use gpu-operator
  • da70cedfd refactor: drop apid file socket
  • ee53a18c8 fix: stop pulling wrong platform for images
  • 17335107b fix: use non-sensitive resource for health check precondition
  • 2fb6f6a16 feat: add symlinks needed by gpu-operator
  • f2bae55b8 feat: enable container device interface
  • 451b13c1b feat: update Linux to 6.18.16
  • a02d578fa feat: add support for mirroring image signatures
  • 57599fb87 fix: skip some readiness checks when the CNI is disabled
  • e6d8669fb feat: update Go to 1.26.1
  • 7f2eb4856 feat: add image verification endpoint
  • 1e4cd20d2 feat: add talosctl install command and upgrade via LifecycleService
  • 275fa351c test: add integration tests for LifecycleService upgrade path
  • 15a5ec998 feat: implement new install/upgrade API
  • 720a2148a fix: correctly calculate end ranges for nftables sets
  • 95287d2db fix: environment suite failures
  • 10f49ca91 feat: add trusted roots generation to stdpatches
  • 55b872185 fix: use correct dhcp option for unicast dhcp renewal
  • 58e006461 feat: update Kubernetes to 1.36.0-alpha.2
  • ebcfafd4e feat: update Linux to 6.18.15
  • 0ab84c2a1 fix: ignore image digest when doing upgrade-k8s
  • d417d68e0 feat: bring in new ssa logic
  • 0bb6413ff fix: do not fail on RO virtiofs
  • bf2cd0a85 feat: update Linux to 6.18.14
  • ad29417ae fix(machined): opennebula: process ETH*_ vars regardless of NETWORK context flag
  • b551cb9b8 feat: allow dashboard mouse support
  • bfb98a9ca feat: bump kube-network-policy to v1.0.0
  • 000c18d53 feat: implement blackhole route config
  • cc636f1dd fix: image cache test fails with 'no space left on device'
  • f0c51b280 feat: implement correct config patching for extraArgs fields
  • 1da2b63ab feat: multi-doc support for configuring vrfs
  • c1d0a3360 fix: patch with delete for LinkConfigs

Changes from siderolabs/talos-metal-agent

3 commits

  • 982d28c chore: rekres & bump talos to 1.13.0
  • 436aebd chore: bump dependencies
  • c2379a7 chore: bump deps and rekres

Dependency Changes

  • github.com/bougou/go-ipmi v0.8.1 -> v0.8.3
  • github.com/cosi-project/runtime v1.14.0 -> v1.16.1
  • github.com/insomniacslk/dhcp 5adc3eb26f91 -> 11b94ed970f2
  • github.com/klauspost/compress v1.18.4 -> v1.18.6
  • github.com/siderolabs/crypto v0.6.4 -> v0.6.5
  • github.com/siderolabs/image-factory v1.0.3 -> v1.2.0
  • github.com/siderolabs/omni/client v1.5.8 -> v1.8.0
  • github.com/siderolabs/talos v1.13.0-alpha.2 -> v1.13.3
  • github.com/siderolabs/talos-metal-agent v0.1.4 -> v0.1.5
  • github.com/siderolabs/talos/pkg/machinery 58e006461d30 -> v1.13.3
  • github.com/stmcginnis/gofish v0.21.4 -> v0.21.6
  • go.uber.org/zap v1.27.1 -> v1.28.0
  • google.golang.org/grpc v1.80.0 -> v1.81.1

Previous release can be found at v0.9.0