What's New in Talos 1.0
GitHub Organization Change
Talos Linux and other repositories were migrated from the
talos-systems GitHub organization
siderolabs organization (github.com/talos-systems -> github.com/siderolabs).
Existing Talos Linux container images (
talos, etc.) are mirrored across both organizations,
but all new images will only be available from
ghcr.io/siderolabs going forward.
For example, when upgrading Talos use
ghcr.io/siderolabs instead of
talosctl upgrade --image ghcr.io/siderolabs/installer:v1.0.0
System extensions allow changes to the Talos root filesystem, and can be used to enable different features, including custom container runtimes, additional firmware, among others.
System extensions are only activated during Talos installation (or upgrade). Even with system extensions installed, the Talos root filesystem is still immutable and read-only.
Please see extensions repository and documentation for more information.
Talos now provides a way to extend the system services that Talos runs with extension services. Extension services should be included in the Talos root filesystem (i.e. via system extensions).
Static Pods in the Machine Configuration
Talos now accepts static pod definitions in the
.machine.pods key of the machine configuration.
Please note that static pod definitions are not validated by Talos, and can be updated without a node reboot.
Kubelet configuration can now be overridden with the
.machine.kubelet.extraConfig machine configuration field.
As most of the kubelet command line arguments are being deprecated, it is recommended to migrate to
in place of using
A number of conformance tweaks have been made to the
kubelet to allow it to run without
This includes both kubelet configuration options and sysctls.
Of particular note is that Talos now sets the
kernel.panic reboot interval to 10s instead of 1s.
If your kubelet fails to start after the upgrade, please check the
kubelet logs to determine the problem.
Talos now performing a graceful kubelet shutdown by default on both node shutdown and reboot.
Default shutdown timeouts are 20s for regular priority pods and 10s for critical priority pods.
Timeouts can be overridden with the
.machine.kubelet.extraConfig machine configuration keys:
Admission Plugin Configuration
Talos now supports the Kubernetes API server admission plugin configuration via the
.cluster.apiServer.admissionControl machine configuration field.
This configuration can be used to enable Pod Security Admission plugin and define cluster-wide default Pod Security Standards.
Pod Security Policy
The Pod Security Policy Kubernetes feature is deprecated and is going to be removed in Kubernetes 1.25.
Talos by default skips setting up PSP with this release (see machine configuration
Pinned Kubernetes Version
talosctl gen config now defaults to Kubernetes version pinning when generating machine configuration.
Previously the default was to omit an explicit Kubernetes version, so Talos picked up the default version it was built against.
Old behavior can be achieved by specifying empty flag value:
API Server Audit Logs
kube-apiserver is now configured to store its audit logs separately from the
kube-apiserver standard logs and log directly to file.
kube-apiserver will maintain the rotation and retirement of these logs, which are stored in
Previously, the audit logs were sent to the
stdout (along with the rest of its logs) to be collected in the usual manner by Kubernetes.
Talos now preserves machine configuration byte-for-byte as it was submitted to the node. This means that custom comments and overall machine configuration structure is now preserved. This allows automation of machine configuration updates via an external mechanism without loss of information.
talosctl commands which accept JSON patches (i.e.
patch machineconfig) now support multiple patches, loading patches
from files with
@file.json syntax, as well as support loading patches with a YAML format.
Apply Config Enhancements
talosctl apply/patch/edit cli commands got revamped.
--interactive were replaced
with a single
--mode flag that can take the following values:
autonew mode that automatically applies the configuration in no-reboot/reboot mode based on the change.
no-rebootforce apply immediately, if that is not possible then it fails.
rebootforce reboot with applied config.
stagedwrite new machine configuration to STATE, but don’t apply it (it will be applied after a reboot).
interactivestarts interactive installer, only for
Talos now supports setting a bond interface from the kernel cmdline using the
talos.platform for Equinix Metal is renamed from
equinixMetal, the older name is still supported for backwards compatibility.
Talos now supports Oracle Cloud.
Platform network configuration was rewritten to avoid modifying Talos machine configuration. Network configuration is performed independently of the machine configuration presence, so it works even if Talos is booted into maintenance mode, and without machine configuration in the platform userdata.
Talos now supports Jetson Nano SBC.
- Linux: 5.15.32
- Kubernetes: 1.23.5
- CoreDNS: 1.9.1
- etcd: 3.5.2
- containerd: 1.6.2
- runc: 1.1.0
Talos is built with Go 1.17.8
NVIDIA GPU alpha Support
Talos now has alpha support for NVIDIA GPU based workloads. Check the NVIDA GPU support guide for details.
Sysfs Kernel Parameters
Talos now supports setting
sysfs kernel parameters (
Use machine configuration field
.machine.sysfs to set
sysfs kernel parameters.
Wipe System Kernel Parameter
Talos added a new kernel parameter
talos.experimental.wipe=system which can help resetting the system disk of the machine
and start over with a fresh installation.
See Resetting a Machine on how to use it.