You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please try out the release binaries and report any issues at
8
+
https://github.com/siderolabs/omni/issues.
9
+
10
+
### Contributors
11
+
12
+
* Edward Sammut Alessi
13
+
* Oguz Kilcan
14
+
* Utku Ozdemir
15
+
* Artem Chernyshev
16
+
* Nguyen Duc Quynh
17
+
18
+
### Changes
19
+
<details><summary>15 commits</summary>
20
+
<p>
21
+
22
+
* [`6d8a8256f`](https://github.com/siderolabs/omni/commit/6d8a8256f36798b27ab47fc2834c3f57a30e12be) fix(frontend): prevent copying double newlines in machine logs
23
+
* [`d9b182274`](https://github.com/siderolabs/omni/commit/d9b1822745ad8a0e170f17817458df4474ce5fea) refactor(frontend): replace ua-parser-js with bowser
24
+
* [`adec58a7a`](https://github.com/siderolabs/omni/commit/adec58a7a68bc571c1039471341ca1e7389af278) chore(frontend): drop yaml dependency and move openpgp to dependencies
25
+
* [`434c8facd`](https://github.com/siderolabs/omni/commit/434c8facd3ed9a5163a1e98cd323f2b27841754b) chore: rekres for js sbom
26
+
* [`ea05006d8`](https://github.com/siderolabs/omni/commit/ea05006d8f3763db16474afe99635df01f69048b) fix: update COSI runtime to fix hanging TeardownAndDestroy calls
27
+
* [`c9afbb1a6`](https://github.com/siderolabs/omni/commit/c9afbb1a6505d0434c747cad8d932953cb30edb6) fix: align config outdated status in ui and cli
28
+
* [`d8aec1c81`](https://github.com/siderolabs/omni/commit/d8aec1c8131231db2a68d6e30a1a864eeb7181a1) fix(frontend): only show process args in command column
29
+
* [`f7731e0ef`](https://github.com/siderolabs/omni/commit/f7731e0ef9256030fc8588627a7d813b15749249) fix(frontend): allow in-minor patch upgrades in update kubernetes on Omni
30
+
* [`cea826355`](https://github.com/siderolabs/omni/commit/cea826355b2c13a5d50a2b55c20d19edd1bf4b9c) fix: advertise reachable machine API address in cluster-import test
31
+
* [`07cfb3009`](https://github.com/siderolabs/omni/commit/07cfb3009f446c9bb795fb3f3d5b62608929e0f1) test: stabilize image-factory schematic across CI runs
32
+
* [`039946447`](https://github.com/siderolabs/omni/commit/0399464476e366702b80e79ccacb182f74dc4247) test: drop non-existent preset delete error expectation
33
+
* [`41d962e0f`](https://github.com/siderolabs/omni/commit/41d962e0f3ffb358ca8e94cc8f58d75bf7c3c437) fix: tolerate NotFound on installation media preset delete
34
+
* [`9e4509c25`](https://github.com/siderolabs/omni/commit/9e4509c252e53aa343930fc1d4f9698e500b3ba8) fix: recover a machine from a reverted reboot-requiring config patch
35
+
* [`88b8e873d`](https://github.com/siderolabs/omni/commit/88b8e873d633a12fc2b2bf711567a7378dfcb9b3) fix: move timeout for factory requests to controllers
36
+
* [`69d1a0e0e`](https://github.com/siderolabs/omni/commit/69d1a0e0ede4f61340b1951a7ba49884d98f90d0) fix(frontend): allow force-destroy when MachineSetNode is already gone
title = "Machine Config Patches in Maintenance Mode"
13
-
description = """\
14
-
Omni can now apply machine-level config patches while a machine is still in maintenance mode, not just after it joins a cluster. The patches go on top \
15
-
of the configuration the machine already runs, next to the SideroLink documents Omni manages, and Omni will not apply a document that installs Talos \
16
-
and pulls the machine out of maintenance. Omni also keeps whatever configuration a machine connects with as a low-priority, user-owned patch. So a \
17
-
machine that arrives with its own config (say a TrustedRootsConfig document) keeps it, and your own patches still win.
18
-
"""
19
-
20
-
[notes.maintenance-install-upgrade]
21
-
title = "Install and Upgrade Talos in Maintenance Mode"
22
-
description = """\
23
-
A new streaming management API installs or upgrades Talos on machines booted in maintenance mode. It comes with `omnictl` install and upgrade \
24
-
subcommands and frontend modals that stream installer progress live. This feature uses Talos's LifecycleService API, which became available in v1.13.0. \
25
-
So it works with any Talos version starting from v1.13.0.
26
-
"""
27
-
28
-
[notes.talos-upgrade-cap]
29
-
title = "Talos Upgrade Targets Capped at the Latest Supported Release"
30
-
description = """\
31
-
Each Omni release now declares the latest Talos minor version it can support end to end. Cluster create and update, the maintenance upgrade API, the \
32
-
upgrade status computation, and every version picker in the UI all read this same cap, so you can no longer pick a Talos version newer than the \
33
-
running Omni supports.
34
-
"""
35
-
36
-
[notes.embedded-machine-config]
37
-
title = "Embedded Machine Config for Installation Media"
38
-
description = """\
39
-
Installation media can now carry an embedded machine configuration, so a machine applies it on first boot before it ever reaches Omni. You can set \
40
-
it from the frontend or with `omnictl` when creating installation media, and Omni stores it on the schematic request alongside the rest of the media \
41
-
config. The option is exposed only where the underlying stack reports support for it, through a new `supports_embedded_config` quirk.
42
-
"""
43
-
44
-
[notes.extension-catalog-validation]
45
-
title = "Talos Extension Names Validated Against the Catalog"
46
-
description = """\
47
-
Extension names on installation media configs, machine request sets, and extensions configurations are now validated against the Talos extensions \
48
-
catalog for the relevant Talos version. Unknown names, duplicates, and oversized lists are rejected, and when no Talos version is set the default \
49
-
version's catalog is used so the names still get checked. Names without a namespace are looked up under `siderolabs/`, so older clients that send the \
50
-
documented short form keep working. The `omnictl installation media create` command now resolves short or partial extension names to canonical form \
51
-
before sending, replacing the client-side catalog check it used to do.
52
-
"""
53
-
54
-
[notes.cluster-healthcheck-jobs]
55
-
title = "Cluster Health Check Jobs"
56
-
description = """\
57
-
Cluster templates now support health check jobs that gate Talos upgrades. Omni creates the jobs when a Talos upgrade is running and re-runs them on \
58
-
an interval until they succeed, re-creating a job whenever it fails. The checks run before each node upgrade in the upgrade status controller, and if \
59
-
any defined health check fails Omni drops the available upgrade quota to zero, blocking further upgrades until the checks pass. You can read more \
60
-
about this feature on the [docs](https://docs.siderolabs.com/omni/cluster-management/gate-talos-upgrades-with-healthchecks).
61
-
"""
62
-
63
-
[notes.schematic-preservation]
64
-
title = "Schematic Contents Preserved on Update"
65
-
description = """\
66
-
When Omni changes a machine's schematic, it now touches only the fields it manages (extensions and kernel args) and leaves the rest alone, instead of \
67
-
rebuilding the schematic from scratch. It reads the full schematic from the machine or the Image Factory and stores it as is.
68
-
"""
69
-
70
-
[notes.platform-tags-labels]
71
-
title = "Platform Tags Exposed as Machine Labels"
72
-
description = """\
73
-
Talos PlatformMetadata tags (for example EC2 instance tags) now appear as editable, removable machine labels in Omni. Omni fills them in once, when \
74
-
the machine first joins, and your own custom labels win on any key conflict.
75
-
"""
76
-
77
-
[notes.node-audit-skip]
78
-
title = "Opt-In Skip of Kubernetes Node Audit"
79
-
description = """\
80
-
The Kubernetes node audit deletes nodes that no ClusterMachine backs. You can now skip it for individual nodes, which helps with virtual nodes such as \
81
-
VirtualKubelet. A node is skipped only when it has the `omni.sidero.dev/node-audit-skip` annotation and the cluster owner has turned on the matching \
82
-
cluster feature, so a workload cannot annotate its own way out of the audit.
83
-
"""
84
-
85
-
[notes.image-factory-enterprise]
86
-
title = "Support for Image Factory Enterprise"
87
-
description = """\
88
-
Two new config options, `registries.imageFactoryUsername` and `registries.imageFactoryPassword`, let Omni authenticate to the Image Factory Enterprise with \
89
-
HTTP basic auth.
90
-
"""
91
-
92
-
[notes.etcd-write-rate-limit]
93
-
title = "Per-Class etcd Write Rate Limiting"
94
-
description = """\
95
-
You can now throttle etcd writes by payload size, with separate budgets for end users, infra providers, and internal callers. It is off by default and \
96
-
turns on via `storage.rateLimits.etcd.*`. Four new Prometheus series report throttle wait time, admitted writes, rejected writes, and rejected bytes, \
97
-
labeled by class. The failure counters also carry a reason of timeout or oversize.
98
-
"""
99
-
100
-
[notes.log-ingestion-rate-limit]
101
-
title = "Per-Machine Log Ingestion Rate Limit"
102
-
description = """\
103
-
Log ingestion now uses a per-machine token bucket, so one noisy machine can no longer overwhelm the log store. It is off by default to keep backwards compatibility.
104
-
"""
105
-
106
-
[notes.helm-wireguard-lb-ip]
107
-
title = "Static loadBalancerIP for the WireGuard Service in Helm"
108
-
description = """\
109
-
The Helm chart has a new `service.wireguard.loadBalancerIP` value for setting a static load balancer IP on the WireGuard Kubernetes Service. It is \
110
-
rendered only when the WireGuard service type is `LoadBalancer`.
111
-
"""
112
-
113
-
[notes.kubernetes-manifests-ui]
114
-
title = "Kubernetes Manifests Status in the UI"
115
-
description = """\
116
-
The frontend now shows the status of a cluster's synced Kubernetes manifests.
117
-
"""
118
-
119
-
[notes.omnictl-cluster-status]
120
-
title = "Node Names and Locked Status in `omnictl cluster status`"
121
-
description = """\
122
-
The `omnictl cluster status` tree now prints each machine's Kubernetes node name in parentheses after its UUID, so you can match a machine to the \
123
-
upgrade status lines that reference node names. A "Locked" indicator shows up whenever a machine is locked.
124
-
"""
125
-
126
-
[notes.media-wizard-vuln-items]
127
-
title = "SBOM, VEX, and Vulnerability Scan on the Installation Media Wizard"
128
-
description = """\
129
-
The installation media wizard's confirmation page now shows SBOM and VEX links plus the vulnerability scan and modal, the same as the Image Factory. \
130
-
This shows up only when you use the Image Factory Enterprise.
131
-
"""
132
-
133
-
[notes.frontend-kubespan-status]
134
-
title = "KubeSpan Status View"
135
-
description = """\
136
-
A new graphical view shows KubeSpan peer status for a cluster machine.
137
-
"""
138
-
139
-
[notes.supply-chain]
140
-
title = "Signed Images and SBOM Release Artifacts"
141
-
description = """\
142
-
Omni releases now ship an SBOM built from the Go modules as a release artifact, and Sidero Labs signs the published container images during release.
143
-
"""
144
-
145
-
[notes.frontend-qol]
146
-
title = "Frontend Quality-of-Life Improvements"
147
-
description = """\
148
-
A round of UI improvements across Omni. The home screen has a reworked "Welcome to Omni" card. An unhealthy infrastructure provider shows its error on \
149
-
hover, the machine details panel shows the SMBIOS serial number, and kernel args editing moved into a modal. Config diffs have a sort-order toggle, \
150
-
version pickers sort newest first and scroll to the current selection, and Talos and Kubernetes update calls now report their errors. The disks view \
151
-
got several cleanups, pods sort by status, power-state icons have tooltips, Omni shows a loading indicator when it is slow to start, and the rewritten \
152
-
log viewer scrolls to the bottom reliably. Machine patches no longer offer the cluster-machine patch option and surface an error when a machine is not part of a cluster.
0 commit comments