Skip to main content
See also upgrade notes for important changes.

​
Important Changes

Please read this section carefully before upgrading to Talos 1.9.0.

​
Direct Rendering Manager (DRM)

Starting with Talos 1.9, the i915 and amdgpu DRM drivers have been removed from the Talos base image. These drivers, along with their firmware, are now included in two new system extensions named i915 and amdgpu. The previously available extensions i915-ucode and amdgpu-firmware have been retired. Upgrades via Image Factory or Omni will automatically include the new extensions if the i915-ucode or amdgpu-firmware extensions were previously used.

​
udevd

Talos previously used eudev to provide udevd, now it uses systemd-udevd instead. The systemd-udevd might change the names of network interfaces with predictable names, potentially causing issues with existing configurations.

​
Image Cache

Talos now supports providing a local Image Cache for container images. The Image Cache feature can be used to avoid downloading the required images over the network, which can be useful in air-gapped or weak connectivity environments.

​
Networking

​
Custom DNS Search Domains

Talos now allows to supports specifying custom search domains for Talos nodes using new machine configuration field .machine.network.searchDomains. For the host the /etc/resolve.conf would look like: 
nameserver 127.0.0.53

search my-custom-search-name.com my-custom-search-name2.com
For the pods it will look something like this: 
search default.svc.cluster.local svc.cluster.local cluster.local my-custom-search-name.com my-custom-search-name2.com
nameserver 10.96.0.10
options ndots:5

​
Device Selectors

Talos now supports matching on permanent hardware (MAC) address of the network interfaces. This is specifically useful to match bond members, as they change their hardware addresses when they become part of the bond.

​
Node Address Ordering

Talos supports new experimental address sort algorithm for NodeAddress which are used to pick up default addresses for kubelet, etcd, etc. It can be enabled with the following config patch: 
machine:
  features:
    nodeAddressSortAlgorithm: v2
The new algorithm prefers more specific prefixes, which is specifically useful for IPv6 addresses.

​
Control Groups Analysis

The talosctl cgroups command has been added to the talosctl tool. This command allows you to view the cgroup resource consumption and limits for a machine, e.g. talosctl cgroups --preset memory.

​
Kubernetes

​
APIServer Authorization Config

Starting with Talos 1.9, .cluster.apiServer.authorizationConfig field supports setting Kubernetes API server authorization modes using the --authorization-config flag. The machine config field supports a list of authorizers. For instance: 
cluster:
  apiServer:
    authorizationConfig:
      - type: Node
        name: Node
      - type: RBAC
        name: rbac
For new cluster if the Kubernetes API server supports the --authorization-config flag, it’ll be used by default instead of the --authorization-mode flag. By default Talos will always add the Node and RBAC authorizers to the list. When upgrading if either a user-provided authorization-mode or authorization-webhook-* flag is set via .cluster.apiServer.extraArgs, it’ll be used instead of the new AuthorizationConfig. Current authorization config can be viewed by running: talosctl get authorizationconfigs.kubernetes.talos.dev -o yaml.

​
User Namespaces

Talos Linux now supports running Kubernetes pods with user namespaces enabled. Please refer to the documentation for more information.

​
Containers

​
OCI Base Runtime Spec

Talos now allows to modify the OCI base runtime spec for the container runtime.

​
Registry Mirrors

In versions before Talos 1.9, there was a discrepancy between the way Talos itself and CRI plugin resolves registry mirrors: Talos will never fall back to the default registry if endpoints are configured, while CRI plugin will.
Note: Talos Linux pulls images for the installer, kubelet, etcd, while all workload images are pulled by the CRI plugin.
In Talos 1.9 this was fixed, so that by default an upstream registry is used as a fallback in all cases, while new registry mirror configuration option .skipFallback can be used to disable this behavior both for Talos and CRI plugin.

​
Miscellaneous

​
auditd

Talos Linux now starts an auditd service by default. Linux kernel audit logs can be fetched with talosctl logs auditd.

​
talosctl disks

The command talosctl disks was removed, please use talosctl get disks, talosctl get systemdisk, and talosctl get blockdevices instead.

​
talosctl wipe

The new command talosctl wipe disk allows to wipe a disk or a partition which is not used as a volume.

​
New Platforms

​
Turing RK1

Talos now supports the Turning RK1 SOM.

​
nocloud

On bare-metal, Talos Linux was tested to correctly parse nocloud configuration from the following providers:

​
Deprecations

​
cgroups version 1

Support for cgroupsv1 is deprecated, and will be removed in Talos 1.10 (for non-container mode).

​
Component Updates

  • Linux: 6.12.5
  • containerd: 2.0.1
  • Flannel: 0.26.1
  • Kubernetes: 1.32.0
  • runc: 1.2.3
  • CoreDNS: 1.12.0
Talos is built with Go 1.23.4.

​
Contributors

Thanks to the following contributors who made this release possible:
  • adilTepe
  • Adolfo OchagavĂ­a
  • Alessio Moiso
  • Andrey Smirnov
  • blablu
  • Dan Rue
  • David Backeus
  • Devin Buhl
  • Dmitriy Matrenichev
  • Dmitry Sharshakov
  • Eddie Wang
  • egrosdou01
  • ekarlso
  • Florian Ströger
  • Hexoplon
  • Jakob MaleĆŸič
  • Jasmin
  • Jean-Francois Roy
  • Joakim NohlgĂ„rd
  • Justin Garrison
  • KBAegis
  • Mike Beaumont
  • Mohammad Amin Mokhtari
  • naed3r
  • Nebula
  • nevermarine
  • Nico Berlee
  • Noel Georgi
  • OliviaBarrington
  • Philip Schmid
  • Philipp Kleber
  • RĂ©mi Paulmier
  • Remko Molier
  • Robby Ciliberto
  • Roman Ivanov
  • Ryan Borstelmann
  • Sam Stelfox
  • Serge Logvinov
  • Sergey Melnik
  • Skyler MĂ€ntysaari
  • solidDoWant
  • sophia-coldren
  • Spencer Smith
  • SpiReCZ
  • Steven Cassamajor
  • Steven Kreitzer
  • Tim Jones
  • Utku Ozdemir
  • Variant9