Skip to content

Releases: siderolabs/omni

v1.9.0

26 Jun 06:33
@github-actions github-actions
Immutable release. Only release title and notes can be modified.
v1.9.0
This tag was signed with the committer’s verified signature.
Slessi 👑 Edward Sammut Alessi
GPG key ID: 65558E016966977A
Verified
Learn about vigilant mode.
64c2b30
This commit was signed with the committer’s verified signature.
Slessi 👑 Edward Sammut Alessi
GPG key ID: 65558E016966977A
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.9.0 Latest
Latest

Omni 1.9.0 (2026-06-26)

Welcome to the v1.9.0 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Cluster Health Check Jobs

Cluster templates now support health check jobs that gate Talos upgrades. Omni creates the jobs when a Talos upgrade is running and re-runs them on an interval until they succeed, re-creating a job whenever it fails. The checks run before each node upgrade in the upgrade status controller, and if any defined health check fails Omni drops the available upgrade quota to zero, blocking further upgrades until the checks pass. You can read more about this feature on the docs.

Embedded Machine Config for Installation Media

Installation media can now carry an embedded machine configuration, so a machine applies it on first boot before it ever reaches Omni. You can set it from the frontend or with omnictl when creating installation media, and Omni stores it on the schematic request alongside the rest of the media config. The option is exposed only where the underlying stack reports support for it, through a new supports_embedded_config quirk.

Per-Class etcd Write Rate Limiting

You can now throttle etcd writes by payload size, with separate budgets for end users, infra providers, and internal callers. It is off by default and turns on via storage.rateLimits.etcd.*. Four new Prometheus series report throttle wait time, admitted writes, rejected writes, and rejected bytes, labeled by class. The failure counters also carry a reason of timeout or oversize.

Talos Extension Names Validated Against the Catalog

Extension names on installation media configs, machine request sets, and extensions configurations are now validated against the Talos extensions catalog for the relevant Talos version. Unknown names, duplicates, and oversized lists are rejected, and when no Talos version is set the default version's catalog is used so the names still get checked. Names without a namespace are looked up under siderolabs/, so older clients that send the documented short form keep working. The omnictl installation media create command now resolves short or partial extension names to canonical form before sending, replacing the client-side catalog check it used to do.

KubeSpan Status View

A new graphical view shows KubeSpan peer status for a cluster machine.

Frontend Quality-of-Life Improvements

A round of UI improvements across Omni. The home screen has a reworked "Welcome to Omni" card. An unhealthy infrastructure provider shows its error on hover, the machine details panel shows the SMBIOS serial number, and kernel args editing moved into a modal. Config diffs have a sort-order toggle, version pickers sort newest first and scroll to the current selection, and Talos and Kubernetes update calls now report their errors. The disks view got several cleanups, pods sort by status, power-state icons have tooltips, Omni shows a loading indicator when it is slow to start, and the rewritten log viewer scrolls to the bottom reliably. Machine patches no longer offer the cluster-machine patch option and surface an error when a machine is not part of a cluster.

Static loadBalancerIP for the WireGuard Service in Helm

The Helm chart has a new service.wireguard.loadBalancerIP value for setting a static load balancer IP on the WireGuard Kubernetes Service. It is rendered only when the WireGuard service type is LoadBalancer.

Support for Image Factory Enterprise

Two new config options, registries.imageFactoryUsername and registries.imageFactoryPassword, let Omni authenticate to the Image Factory Enterprise with HTTP basic auth.

Kubernetes Manifests Status in the UI

The frontend now shows the status of a cluster's synced Kubernetes manifests.

Per-Machine Log Ingestion Rate Limit

Log ingestion now uses a per-machine token bucket, so one noisy machine can no longer overwhelm the log store. It is off by default to keep backwards compatibility.

Machine Config Patches in Maintenance Mode

Omni can now apply machine-level config patches while a machine is still in maintenance mode, not just after it joins a cluster. The patches go on top of the configuration the machine already runs, next to the SideroLink documents Omni manages, and Omni will not apply a document that installs Talos and pulls the machine out of maintenance. Omni also keeps whatever configuration a machine connects with as a low-priority, user-owned patch. So a machine that arrives with its own config (say a TrustedRootsConfig document) keeps it, and your own patches still win.

Install and Upgrade Talos in Maintenance Mode

A new streaming management API installs or upgrades Talos on machines booted in maintenance mode. It comes with omnictl install and upgrade subcommands and frontend modals that stream installer progress live. This feature uses Talos's LifecycleService API, which became available in v1.13.0. So it works with any Talos version starting from v1.13.0.

SBOM, VEX, and Vulnerability Scan on the Installation Media Wizard

The installation media wizard's confirmation page now shows SBOM and VEX links plus the vulnerability scan and modal, the same as the Image Factory. This shows up only when you use the Image Factory Enterprise.

Opt-In Skip of Kubernetes Node Audit

The Kubernetes node audit deletes nodes that no ClusterMachine backs. You can now skip it for individual nodes, which helps with virtual nodes such as VirtualKubelet. A node is skipped only when it has the omni.sidero.dev/node-audit-skip annotation and the cluster owner has turned on the matching cluster feature, so a workload cannot annotate its own way out of the audit.

Node Names and Locked Status in omnictl cluster status

The omnictl cluster status tree now prints each machine's Kubernetes node name in parentheses after its UUID, so you can match a machine to the upgrade status lines that reference node names. A "Locked" indicator shows up whenever a machine is locked.

Platform Tags Exposed as Machine Labels

Talos PlatformMetadata tags (for example EC2 instance tags) now appear as editable, removable machine labels in Omni. Omni fills them in once, when the machine first joins, and your own custom labels win on any key conflict.

Schematic Contents Preserved on Update

When Omni changes a machine's schematic, it now touches only the fields it manages (extensions and kernel args) and leaves the rest alone, instead of rebuilding the schematic from scratch. It reads the full schematic from the machine or the Image Factory and stores it as is.

Signed Images and SBOM Release Artifacts

Omni releases now ship an SBOM built from the Go modules as a release artifact, and Sidero Labs signs the published container images during release.

Talos Upgrade Targets Capped at the Latest Supported Release

Each Omni release now declares the latest Talos minor version it can support end to end. Cluster create and update, the maintenance upgrade API, the upgrade status computation, and every version picker in the UI all read this same cap, so you can no longer pick a Talos version newer than the running Omni supports.

Contributors

  • Edward Sammut Alessi
  • Utku Ozdemir
  • Mateusz Urbanek
  • Oguz Kilcan
  • Artem Chernyshev
  • Maja Bojarska
  • Noel Georgi
  • Andrey Smirnov
  • Orzelius
  • 0hlov3
  • Bo Bobson
  • Matthew Sanabria
  • Sterling Koch
  • Steve Francis
  • fsgh42

Changes

119 commits

  • 64c2b3043 release(v1.9.0): prepare release
  • 3455e7430 release(v1.9.0-beta.1): prepare release
  • 8bea9d98d feat(frontend): add expandable code editor for extra overlay options
  • 4121e730f feat(frontend): add expandable code editor for embedded machine config
  • 22318022d feat(frontend): add more default editor options and remove default class
  • 00e99c4d5 refactor(frontend): refactor code editor to use v-model
  • 454daba78 chore: bump default talos version to 1.13.5
  • cb74aa700 feat: support embedded machine config in installation media CLI
  • 86af10d45 fix: get rid of the race in the UUID conflict resolution flow
  • 55bda4979 refactor: only log schematic id when ensuring
  • c2b067a1f feat(frontend): allow specifying embedded machine config for installation media
  • 574daf6d5 feat: add embedded_machine_config to create schematic request
  • 1a8c85b88 feat: add embedded_machine_config to installation media config spec
  • [687e56ae1](687e56...
Read more
Assets 16
0 Join discussion

v1.9.0-beta.1

24 Jun 07:15
@github-actions github-actions
Immutable release. Only release title and notes can be modified.
v1.9.0-beta.1
This tag was signed with the committer’s verified signature.
Slessi 👑 Edward Sammut Alessi
GPG key ID: 65558E016966977A
Verified
Learn about vigilant mode.
3455e74
This commit was signed with the committer’s verified signature.
Slessi 👑 Edward Sammut Alessi
GPG key ID: 65558E016966977A
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.9.0-beta.1 Pre-release
Pre-release

Omni 1.9.0-beta.1 (2026-06-24)

Welcome to the v1.9.0-beta.1 release of Omni!
This is a pre-release of Omni

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Cluster Health Check Jobs

Cluster templates now support health check jobs that gate Talos upgrades. Omni creates the jobs when a Talos upgrade is running and re-runs them on an interval until they succeed, re-creating a job whenever it fails. The checks run before each node upgrade in the upgrade status controller, and if any defined health check fails Omni drops the available upgrade quota to zero, blocking further upgrades until the checks pass. You can read more about this feature on the docs.

Embedded Machine Config for Installation Media

Installation media can now carry an embedded machine configuration, so a machine applies it on first boot before it ever reaches Omni. You can set it from the frontend or with omnictl when creating installation media, and Omni stores it on the schematic request alongside the rest of the media config. The option is exposed only where the underlying stack reports support for it, through a new supports_embedded_config quirk.

Per-Class etcd Write Rate Limiting

You can now throttle etcd writes by payload size, with separate budgets for end users, infra providers, and internal callers. It is off by default and turns on via storage.rateLimits.etcd.*. Four new Prometheus series report throttle wait time, admitted writes, rejected writes, and rejected bytes, labeled by class. The failure counters also carry a reason of timeout or oversize.

Talos Extension Names Validated Against the Catalog

Extension names on installation media configs, machine request sets, and extensions configurations are now validated against the Talos extensions catalog for the relevant Talos version. Unknown names, duplicates, and oversized lists are rejected, and when no Talos version is set the default version's catalog is used so the names still get checked. Names without a namespace are looked up under siderolabs/, so older clients that send the documented short form keep working. The omnictl installation media create command now resolves short or partial extension names to canonical form before sending, replacing the client-side catalog check it used to do.

KubeSpan Status View

A new graphical view shows KubeSpan peer status for a cluster machine.

Frontend Quality-of-Life Improvements

A round of UI improvements across Omni. The home screen has a reworked "Welcome to Omni" card. An unhealthy infrastructure provider shows its error on hover, the machine details panel shows the SMBIOS serial number, and kernel args editing moved into a modal. Config diffs have a sort-order toggle, version pickers sort newest first and scroll to the current selection, and Talos and Kubernetes update calls now report their errors. The disks view got several cleanups, pods sort by status, power-state icons have tooltips, Omni shows a loading indicator when it is slow to start, and the rewritten log viewer scrolls to the bottom reliably. Machine patches no longer offer the cluster-machine patch option and surface an error when a machine is not part of a cluster.

Static loadBalancerIP for the WireGuard Service in Helm

The Helm chart has a new service.wireguard.loadBalancerIP value for setting a static load balancer IP on the WireGuard Kubernetes Service. It is rendered only when the WireGuard service type is LoadBalancer.

Support for Image Factory Enterprise

Two new config options, registries.imageFactoryUsername and registries.imageFactoryPassword, let Omni authenticate to the Image Factory Enterprise with HTTP basic auth.

Kubernetes Manifests Status in the UI

The frontend now shows the status of a cluster's synced Kubernetes manifests.

Per-Machine Log Ingestion Rate Limit

Log ingestion now uses a per-machine token bucket, so one noisy machine can no longer overwhelm the log store. It is off by default to keep backwards compatibility.

Machine Config Patches in Maintenance Mode

Omni can now apply machine-level config patches while a machine is still in maintenance mode, not just after it joins a cluster. The patches go on top of the configuration the machine already runs, next to the SideroLink documents Omni manages, and Omni will not apply a document that installs Talos and pulls the machine out of maintenance. Omni also keeps whatever configuration a machine connects with as a low-priority, user-owned patch. So a machine that arrives with its own config (say a TrustedRootsConfig document) keeps it, and your own patches still win.

Install and Upgrade Talos in Maintenance Mode

A new streaming management API installs or upgrades Talos on machines booted in maintenance mode. It comes with omnictl install and upgrade subcommands and frontend modals that stream installer progress live. This feature uses Talos's LifecycleService API, which became available in v1.13.0. So it works with any Talos version starting from v1.13.0.

SBOM, VEX, and Vulnerability Scan on the Installation Media Wizard

The installation media wizard's confirmation page now shows SBOM and VEX links plus the vulnerability scan and modal, the same as the Image Factory. This shows up only when you use the Image Factory Enterprise.

Opt-In Skip of Kubernetes Node Audit

The Kubernetes node audit deletes nodes that no ClusterMachine backs. You can now skip it for individual nodes, which helps with virtual nodes such as VirtualKubelet. A node is skipped only when it has the omni.sidero.dev/node-audit-skip annotation and the cluster owner has turned on the matching cluster feature, so a workload cannot annotate its own way out of the audit.

Node Names and Locked Status in omnictl cluster status

The omnictl cluster status tree now prints each machine's Kubernetes node name in parentheses after its UUID, so you can match a machine to the upgrade status lines that reference node names. A "Locked" indicator shows up whenever a machine is locked.

Platform Tags Exposed as Machine Labels

Talos PlatformMetadata tags (for example EC2 instance tags) now appear as editable, removable machine labels in Omni. Omni fills them in once, when the machine first joins, and your own custom labels win on any key conflict.

Schematic Contents Preserved on Update

When Omni changes a machine's schematic, it now touches only the fields it manages (extensions and kernel args) and leaves the rest alone, instead of rebuilding the schematic from scratch. It reads the full schematic from the machine or the Image Factory and stores it as is.

Signed Images and SBOM Release Artifacts

Omni releases now ship an SBOM built from the Go modules as a release artifact, and Sidero Labs signs the published container images during release.

Talos Upgrade Targets Capped at the Latest Supported Release

Each Omni release now declares the latest Talos minor version it can support end to end. Cluster create and update, the maintenance upgrade API, the upgrade status computation, and every version picker in the UI all read this same cap, so you can no longer pick a Talos version newer than the running Omni supports.

Contributors

  • Edward Sammut Alessi
  • Utku Ozdemir
  • Mateusz Urbanek
  • Oguz Kilcan
  • Artem Chernyshev
  • Maja Bojarska
  • Noel Georgi
  • Andrey Smirnov
  • Orzelius
  • 0hlov3
  • Bo Bobson
  • Matthew Sanabria
  • Sterling Koch
  • Steve Francis
  • fsgh42

Changes

118 commits

  • 3455e7430 release(v1.9.0-beta.1): prepare release
  • 8bea9d98d feat(frontend): add expandable code editor for extra overlay options
  • 4121e730f feat(frontend): add expandable code editor for embedded machine config
  • 22318022d feat(frontend): add more default editor options and remove default class
  • 00e99c4d5 refactor(frontend): refactor code editor to use v-model
  • 454daba78 chore: bump default talos version to 1.13.5
  • cb74aa700 feat: support embedded machine config in installation media CLI
  • 86af10d45 fix: get rid of the race in the UUID conflict resolution flow
  • 55bda4979 refactor: only log schematic id when ensuring
  • c2b067a1f feat(frontend): allow specifying embedded machine config for installation media
  • 574daf6d5 feat: add embedded_machine_config to create schematic request
  • 1a8c85b88 feat: add embedded_machine_config to installation media config spec
  • 687e56ae1 feat: add supports_embedded_config quirk t...
Read more
Loading
0 Join discussion

v1.9.0-beta.0

19 Jun 16:00
@github-actions github-actions
Immutable release. Only release title and notes can be modified.
v1.9.0-beta.0
This tag was signed with the committer’s verified signature.
oguzkilcan Oguz Kilcan
GPG key ID: 372F271E3AD80BFC
Verified
Learn about vigilant mode.
0f853e1
This commit was signed with the committer’s verified signature.
oguzkilcan Oguz Kilcan
GPG key ID: 372F271E3AD80BFC
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.9.0-beta.0 Pre-release
Pre-release

Omni 1.9.0-beta.0 (2026-06-19)

Welcome to the v1.9.0-beta.0 release of Omni!
This is a pre-release of Omni

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Per-Class etcd Write Rate Limiting

You can now throttle etcd writes by payload size, with separate budgets for end users, infra providers, and internal callers. It is off by default and turns on via storage.rateLimits.etcd.*. Four new Prometheus series report throttle wait time, admitted writes, rejected writes, and rejected bytes, labeled by class. The failure counters also carry a reason of timeout or oversize.

KubeSpan Status View

A new graphical view shows KubeSpan peer status for a cluster machine.

Frontend Quality-of-Life Improvements

A round of UI improvements across Omni. The home screen has a reworked "Welcome to Omni" card. An unhealthy infrastructure provider shows its error on hover, the machine details panel shows the SMBIOS serial number, and kernel args editing moved into a modal. Config diffs have a sort-order toggle, version pickers sort newest first and scroll to the current selection, and Talos and Kubernetes update calls now report their errors. The disks view got several cleanups, pods sort by status, power-state icons have tooltips, Omni shows a loading indicator when it is slow to start, and the rewritten log viewer scrolls to the bottom reliably.

Static loadBalancerIP for the WireGuard Service in Helm

The Helm chart has a new service.wireguard.loadBalancerIP value for setting a static load balancer IP on the WireGuard Kubernetes Service. It is rendered only when the WireGuard service type is LoadBalancer.

Support for Image Factory Enterprise

Two new config options, registries.imageFactoryUsername and registries.imageFactoryPassword, let Omni authenticate to the Image Factory Enterprise with HTTP basic auth.

Kubernetes Manifests Status in the UI

The frontend now shows the status of a cluster's synced Kubernetes manifests.

Per-Machine Log Ingestion Rate Limit

Log ingestion now uses a per-machine token bucket, so one noisy machine can no longer overwhelm the log store. It is off by default to keep backwards compatibility.

Machine Config Patches in Maintenance Mode

Omni can now apply machine-level config patches while a machine is still in maintenance mode, not just after it joins a cluster. The patches go on top of the configuration the machine already runs, next to the SideroLink documents Omni manages, and Omni will not apply a document that installs Talos and pulls the machine out of maintenance. Omni also keeps whatever configuration a machine connects with as a low-priority, user-owned patch. So a machine that arrives with its own config (say a TrustedRootsConfig document) keeps it, and your own patches still win.

Install and Upgrade Talos in Maintenance Mode

A new streaming management API installs or upgrades Talos on machines booted in maintenance mode. It comes with omnictl install and upgrade subcommands and frontend modals that stream installer progress live. This feature uses Talos's LifecycleService API, which became available in v1.13.0. So it works with any Talos version starting from v1.13.0.

SBOM, VEX, and Vulnerability Scan on the Installation Media Wizard

The installation media wizard's confirmation page now shows SBOM and VEX links plus the vulnerability scan and modal, the same as the Image Factory. This shows up only when you use the Image Factory Enterprise.

Opt-In Skip of Kubernetes Node Audit

The Kubernetes node audit deletes nodes that no ClusterMachine backs. You can now skip it for individual nodes, which helps with virtual nodes such as VirtualKubelet. A node is skipped only when it has the omni.sidero.dev/node-audit-skip annotation and the cluster owner has turned on the matching cluster feature, so a workload cannot annotate its own way out of the audit.

Node Names and Locked Status in omnictl cluster status

The omnictl cluster status tree now prints each machine's Kubernetes node name in parentheses after its UUID, so you can match a machine to the upgrade status lines that reference node names. A "Locked" indicator shows up whenever a machine is locked.

Platform Tags Exposed as Machine Labels

Talos PlatformMetadata tags (for example EC2 instance tags) now appear as editable, removable machine labels in Omni. Omni fills them in once, when the machine first joins, and your own custom labels win on any key conflict.

Schematic Contents Preserved on Update

When Omni changes a machine's schematic, it now touches only the fields it manages (extensions and kernel args) and leaves the rest alone, instead of rebuilding the schematic from scratch. It reads the full schematic from the machine or the Image Factory and stores it as is.

Signed Images and SBOM Release Artifacts

Omni releases now ship an SBOM built from the Go modules as a release artifact, and Sidero Labs signs the published container images during release.

Talos Upgrade Targets Capped at the Latest Supported Release

Each Omni release now declares the latest Talos minor version it can support end to end. Cluster create and update, the maintenance upgrade API, the upgrade status computation, and every version picker in the UI all read this same cap, so you can no longer pick a Talos version newer than the running Omni supports.

Contributors

  • Edward Sammut Alessi
  • Utku Ozdemir
  • Mateusz Urbanek
  • Oguz Kilcan
  • Artem Chernyshev
  • Maja Bojarska
  • Noel Georgi
  • Andrey Smirnov
  • Orzelius
  • 0hlov3
  • Bo Bobson
  • Matthew Sanabria
  • Sterling Koch
  • Steve Francis
  • fsgh42

Changes

97 commits

  • 0f853e1b release(v1.9.0-beta.0): prepare release
  • 060a4c75 chore: bump deps and default versions
  • 43bf5856 test: run integration-qemu against the image factory enterprise
  • 4b49029c feat: support machine config patches in maintenance mode
  • b9e40717 fix: stabilize flaky talemu e2e EULA setup and preset downloads
  • 448ed9a6 docs: update LICENSE
  • b44f92ef fix: ignore the embedded-config meta extension
  • e32307d8 fix: allow empty list of extensions in cluster templates
  • b08c34ac feat: implement advanced healthchecks for the cluster
  • 1c125d3f chore: add Oguz to sops-encrypted secrets recipients
  • 9a736342 fix: properly handle invalid UTF-8 strings in the machine statuses
  • d77ee049 fix: properly handle empty provider data in the common module
  • c55173ef feat: validate Talos version on installation media config
  • 243f046e fix(frontend): display correct units for byte values
  • d9eebd7c fix(frontend): reset monitor chart on watch change
  • 7f02f41f chore(frontend): bump frontend dependencies
  • 27ef3dd0 feat: install/upgrade Talos in maintenance mode
  • 18131edf feat(frontend): change machine tutorial into a welcome card
  • 4fdc0719 feat(frontend): adjust action buttons on getting started card
  • 987b3ec1 feat: reject control characters in join token names
  • 8bfc6c17 fix(frontend): fix incorrect pxe boot url
  • ead9840b feat: validate user-supplied request IDs and kernel args
  • 1ebde6a4 feat: validate bootstrap snapshot path on machine sets
  • 1ff04579 feat: allow opt-in skip of Kubernetes node audit
  • 50dcd264 feat: validate resource metadata at the state layer
  • 086a1964 feat: preserve schematic contents
  • [1ab0c4e3](1ab0c4e...
Read more
Loading
0 Join discussion

v1.8.2

05 Jun 14:14
@github-actions github-actions
Immutable release. Only release title and notes can be modified.
v1.8.2
This tag was signed with the committer’s verified signature. The key has expired.
utkuozdemir Utku Özdemir
GPG key ID: DBD13117B0A14E93
Expired
Verified
Learn about vigilant mode.
1379255
This commit was signed with the committer’s verified signature. The key has expired.
utkuozdemir Utku Özdemir
GPG key ID: DBD13117B0A14E93
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.8.2

Omni 1.8.2 (2026-06-05)

Welcome to the v1.8.2 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Urgent Upgrade Notes (No, really, you MUST read this before you upgrade)

As Omni is now using --join-tokens-mode=legacyAllowed by default it won't start if there are any nodes running Talos below 1.6 connected to the instance.
If you want to keep using Omni with the outdated Talos you will need to set the flag to legacy. But of course we strongly recommend you to update Talos ASAP.

omnictl cluster template has breaking changes: it now restricts including files outside of the current directory.
If using files in the parent dirs, old behavior can be enabled by using --allowed-dir.

Contributors

  • Orzelius
  • Utku Ozdemir
  • Edward Sammut Alessi
  • Oguz Kilcan

Changes

5 commits

  • 13792557 release(v1.8.2): prepare release
  • 8609a36f test: mock clock in saml test
  • ab83b633 fix: prevent deadlock between machine upgrade and config update
  • bcaa305a chore: bump go-kubernetes library
  • a46d0065 fix: lower minimum discovered Kubernetes version

Changes from siderolabs/go-kubernetes

1 commit

  • 131a2bd fix: handle cluster-scoped resources with a ns correctly

Dependency Changes

  • github.com/siderolabs/go-kubernetes v0.2.37 -> v0.2.38

Previous release can be found at v1.8.1

Loading
0 Join discussion

v1.8.1

30 May 09:04
@github-actions github-actions
Immutable release. Only release title and notes can be modified.
v1.8.1
This tag was signed with the committer’s verified signature. The key has expired.
utkuozdemir Utku Özdemir
GPG key ID: DBD13117B0A14E93
Expired
Verified
Learn about vigilant mode.
76af8b2
This commit was signed with the committer’s verified signature. The key has expired.
utkuozdemir Utku Özdemir
GPG key ID: DBD13117B0A14E93
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.8.1

Omni 1.8.1 (2026-05-29)

Welcome to the v1.8.1 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Urgent Upgrade Notes (No, really, you MUST read this before you upgrade)

As Omni is now using --join-tokens-mode=legacyAllowed by default it won't start if there are any nodes running Talos below 1.6 connected to the instance.
If you want to keep using Omni with the outdated Talos you will need to set the flag to legacy. But of course we strongly recommend you to update Talos ASAP.

omnictl cluster template has breaking changes: it now restricts including files outside of the current directory.
If using files in the parent dirs, old behavior can be enabled by using --allowed-dir.

Contributors

  • Edward Sammut Alessi
  • Utku Ozdemir
  • Maja Bojarska
  • Noel Georgi

Changes

10 commits

  • 76af8b22 release(v1.8.1): prepare release
  • 2d6a357d fix(frontend): bump @tanstack/vue-virtual for log viewer
  • 4a19fddc fix: do not downgrade nodes header to single node
  • 4f26d7bf fix(frontend): remove lingering test code
  • 8ca3b41d feat(frontend): add tooltips to power state
  • 18cdf4ad feat: refactor logviewer to tanstack virtual
  • 3cf06b5a fix: fetch versions from registry with auth
  • 620ff48c chore: bump deps to patch GO-2026-5027
  • b1e970c5 feat(frontend): add some feedback when omni is loading
  • 1bf2890d fix: dont clean clients with active watches

Dependency Changes

  • golang.org/x/net v0.54.0 -> v0.55.0

Previous release can be found at v1.8.0

Loading
0 Join discussion

v1.8.0

21 May 14:14
@github-actions github-actions
v1.8.0
This tag was signed with the committer’s verified signature.
oguzkilcan Oguz Kilcan
GPG key ID: 372F271E3AD80BFC
Verified
Learn about vigilant mode.
c2ba458
This commit was signed with the committer’s verified signature.
oguzkilcan Oguz Kilcan
GPG key ID: 372F271E3AD80BFC
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.8.0

Omni 1.8.0 (2026-05-21)

Welcome to the v1.8.0 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Urgent Upgrade Notes (No, really, you MUST read this before you upgrade)

As Omni is now using --join-tokens-mode=legacyAllowed by default it won't start if there are any nodes running Talos below 1.6 connected to the instance.
If you want to keep using Omni with the outdated Talos you will need to set the flag to legacy. But of course we strongly recommend you to update Talos ASAP.

omnictl cluster template has breaking changes: it now restricts including files outside of the current directory.
If using files in the parent dirs, old behavior can be enabled by using --allowed-dir.

Additional Audit Log Filters

Audit logs gain a generic search box and sortable columns in the UI, plus CLI filters for event_type, resource_type, resource_id, cluster_id, and actor.

Per-Actor etcd Write Metrics

New omni_etcd_operations_total and omni_etcd_resource_bytes_total Prometheus counters track etcd writes, split by operation (create/update/teardown/destroy), actor (internal/user/service account/infra provider), actor ID, and resource type. Byte sizes are captured from the actual on-disk payload via a new WithObserver hook in state-etcd.

Disks and Devices on Machine Pages

The frontend now shows disks and devices on the machines and individual machine pages.

Talos Version Text on Installation Media Wizard

The installation media wizard's Talos version text has been updated for clarity.

Switching Logs Inside the Logs Tab

The logs tab now allows switching between log sources directly inside the tab.

Quick Switching Between Cluster Machines

The frontend allows quickly switching between machines within a cluster from the machine detail view.

In-UI Notifications

Omni notifications are now shown in the UI as dismissible banners.

Frontend Quality-of-Life Improvements for Machines

The cluster machine page gains a copy-UUID button, the machines list page can toggle between hostnames and UUIDs (with the preference saved), and machine and cluster machine pages gain kernel args tabs for editing kernel arguments inline instead of through a modal.

Re-Saving the Omni Support Bundle

The frontend now allows re-saving a previously generated Omni support bundle without regenerating it.

Support Modal

A new support modal in the frontend exposes links to GitHub issues, support channels, documentation, community resources, and office hours.

Helm Chart Values Generated From Config Schema

A new helmvaluesgen tool, run on make generate, updates the config: section of the Helm chart's values.yaml from Omni's config schema, applying chart-specific overrides for defaults, omissions, and descriptions.

Legacy Installation Media Proxying Removed

Omni no longer proxies legacy installation media download requests to the Talos Image Factory. Such requests are now rejected with a message asking users to upgrade omnictl, which downloads installation media directly from the factory.

Image Factory Proxy for Infra Providers

Infra provider Image Factory requests can now be proxied through Omni via a new schematic creation API that accepts raw YAML. This is useful when Omni holds authentication for the Image Factory or when multiple Image Factory endpoints need to be supported.

Imported Cluster Secrets Cleanup

A new controller tears down ImportedClusterSecrets once their content has been copied into ClusterSecrets and marked Imported=true, so imported bootstrap material does not linger in the state after a successful import.

Infra Provider Factory Endpoint

Infra providers now use the Image Factory endpoint configured in Omni's features state (sourced from args/config) instead of a hardcoded default. The configured factory URL is exposed on the provider.

Installation Media Placeholders

InstallationMediaConfig now accepts empty strings for talosVersion and joinToken, which resolve to the current stable version and default token at download time. The create wizard exposes "Automatic" options for these fields, and the download modal shows version/token/arch pickers for all presets.

Reader Access to Join Tokens

Users with the reader role can now read join tokens.
Reader had access to it before through Talos logs, so making the access more consistent.
More fine grained access will come with RBAC v2 later on.

Multi-Port Workload Proxy

The omni-kube-service-exposer.sidero.dev/port annotation now accepts a comma-separated list of host-port or host-port:service-port entries, each producing its own ExposedService URL. Label, icon, and prefix annotations gain per-host-port suffixed variants (e.g. label-30080). Existing single-port exposed services keep their URLs across the upgrade.

Configurable Log Level and Format

Omni's log level and log format are now configurable via flags and config.

Provision Step Errors on Machine Requests

A new Error field on ClusterMachineRequestStatus surfaces provision step failures so users can see why a request is stuck without scraping logs. Errors are now persisted on both failure and requeue paths.

omnictl media Command Group

A new omnictl media preset {create,list,delete} command group manages InstallationMediaConfig presets from the CLI, and omnictl media download <preset> downloads from them. Preset validation runs against the server's CloudPlatformConfig, SBCConfig, and TalosExtensions resources at create time. The legacy omnictl download is preserved but deprecated.

Plain Download Links for Images

The frontend now uses plain browser download links for factory image downloads instead of intercepting them.

Powered Off Machine State

Machines that are shut down now appear as "Powered Off" in the UI instead of being stuck in "Shutting Down" with a greyed-out unreachable state. Static infra providers honor the shutdown until the machine goes through a deallocation cycle, instead of automatically powering it back on. The CLI gains omnictl machine shutdown and omnictl machine power-on commands.

Per-Key Creation and Last-Active Tracking for Service Accounts

Service account key listings now include per-key creation timestamps and last-active times. omnictl serviceaccount list shows KEY CREATED and KEY LAST ACTIVE columns alongside the existing SA-level LAST ACTIVE. A new PublicKeyLastActive resource backs this tracking, and the activity interceptor records last-used timestamps per signing key fingerprint.

Commented omnictl serviceaccount create Output

The output of omnictl serviceaccount create is now commented out by default, making it friendlier for piping into .env files and shell automation.

Talos Version End-of-Support Notifications

Omni now tracks machines running Talos versions approaching or past end of support relative to MinTalosVersion, emits two new notifications (approaching end of support, end of support reached), and exposes Prometheus metrics for both.

Download talosctl From Factory

talosctl binaries are now downloaded directly from the Talos Image Factory instead of GitHub.

Cluster Template Include Directory Restrictions

By default, cluster templates can only include files from the same directory as the template file. This prevents malicious templates from including arbitrary files like /etc/passwd. The previous behavior can be restored with --allowed-dir.

Raw Bytes Support in Template Inline Fields

Inline fields for manifests and config patches now accept three forms: a single inline map (for backward compatibility), a list of inline maps, or raw bytes (which may contain multiple YAML documents). omnictl cluster template export now exports patches and manifests as raw bytes so multi-document values round-trip correctly.

Template Includes Resolved Relative to Template File

omnictl cluster template commands now resolve patch and Kubernetes manifest includes relative to the template YAML file, rather than the current working directory of omnictl.

Contributors

  • Edward Sammut Alessi
  • Oguz Kilcan
  • Utku Ozdemir
  • Artem Chernyshev
  • Andrey Smirnov
  • Noel Georgi
  • Mateusz Urbanek
  • Justin Garrison
  • Maja Bojarska
  • Orzelius
  • Quentin Joly
  • Spencer Smith

Changes

83 commits

Read more
Loading
0 Join discussion

v1.8.0-beta.1

18 May 16:13
@github-actions github-actions
v1.8.0-beta.1
This tag was signed with the committer’s verified signature.
oguzkilcan Oguz Kilcan
GPG key ID: 372F271E3AD80BFC
Verified
Learn about vigilant mode.
df05dba
This commit was signed with the committer’s verified signature.
oguzkilcan Oguz Kilcan
GPG key ID: 372F271E3AD80BFC
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.8.0-beta.1 Pre-release
Pre-release

Omni 1.8.0-beta.1 (2026-05-18)

Welcome to the v1.8.0-beta.1 release of Omni!
This is a pre-release of Omni

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Urgent Upgrade Notes (No, really, you MUST read this before you upgrade)

As Omni is now using --join-tokens-mode=legacyAllowed by default it won't start if there are any nodes running Talos below 1.6 connected to the instance.
If you want to keep using Omni with the outdated Talos you will need to set the flag to legacy. But of course we strongly recommend you to update Talos ASAP.

omnictl cluster template has breaking changes: it now restricts including files outside of the current directory.
If using files in the parent dirs, old behavior can be enabled by using --allowed-dir.

Additional Audit Log Filters

Audit logs gain a generic search box and sortable columns in the UI, plus CLI filters for event_type, resource_type, resource_id, cluster_id, and actor.

Per-Actor etcd Write Metrics

New omni_etcd_operations_total and omni_etcd_resource_bytes_total Prometheus counters track etcd writes, split by operation (create/update/teardown/destroy), actor (internal/user/service account/infra provider), actor ID, and resource type. Byte sizes are captured from the actual on-disk payload via a new WithObserver hook in state-etcd.

Disks and Devices on Machine Pages

The frontend now shows disks and devices on the machines and individual machine pages.

Talos Version Text on Installation Media Wizard

The installation media wizard's Talos version text has been updated for clarity.

Switching Logs Inside the Logs Tab

The logs tab now allows switching between log sources directly inside the tab.

Quick Switching Between Cluster Machines

The frontend allows quickly switching between machines within a cluster from the machine detail view.

In-UI Notifications

Omni notifications are now shown in the UI as dismissible banners.

Frontend Quality-of-Life Improvements for Machines

The cluster machine page gains a copy-UUID button, the machines list page can toggle between hostnames and UUIDs (with the preference saved), and machine and cluster machine pages gain kernel args tabs for editing kernel arguments inline instead of through a modal.

Re-Saving the Omni Support Bundle

The frontend now allows re-saving a previously generated Omni support bundle without regenerating it.

Support Modal

A new support modal in the frontend exposes links to GitHub issues, support channels, documentation, community resources, and office hours.

Helm Chart Values Generated From Config Schema

A new helmvaluesgen tool, run on make generate, updates the config: section of the Helm chart's values.yaml from Omni's config schema, applying chart-specific overrides for defaults, omissions, and descriptions.

Legacy Installation Media Proxying Removed

Omni no longer proxies legacy installation media download requests to the Talos Image Factory. Such requests are now rejected with a message asking users to upgrade omnictl, which downloads installation media directly from the factory.

Image Factory Proxy for Infra Providers

Infra provider Image Factory requests can now be proxied through Omni via a new schematic creation API that accepts raw YAML. This is useful when Omni holds authentication for the Image Factory or when multiple Image Factory endpoints need to be supported.

Imported Cluster Secrets Cleanup

A new controller tears down ImportedClusterSecrets once their content has been copied into ClusterSecrets and marked Imported=true, so imported bootstrap material does not linger in the state after a successful import.

Infra Provider Factory Endpoint

Infra providers now use the Image Factory endpoint configured in Omni's features state (sourced from args/config) instead of a hardcoded default. The configured factory URL is exposed on the provider.

Installation Media Placeholders

InstallationMediaConfig now accepts empty strings for talosVersion and joinToken, which resolve to the current stable version and default token at download time. The create wizard exposes "Automatic" options for these fields, and the download modal shows version/token/arch pickers for all presets.

Reader Access to Join Tokens

Users with the reader role can now read join tokens.
Reader had access to it before through Talos logs, so making the access more consistent.
More fine grained access will come with RBAC v2 later on.

Multi-Port Workload Proxy

The omni-kube-service-exposer.sidero.dev/port annotation now accepts a comma-separated list of host-port or host-port:service-port entries, each producing its own ExposedService URL. Label, icon, and prefix annotations gain per-host-port suffixed variants (e.g. label-30080). Existing single-port exposed services keep their URLs across the upgrade.

Configurable Log Level and Format

Omni's log level and log format are now configurable via flags and config.

Provision Step Errors on Machine Requests

A new Error field on ClusterMachineRequestStatus surfaces provision step failures so users can see why a request is stuck without scraping logs. Errors are now persisted on both failure and requeue paths.

omnictl media Command Group

A new omnictl media preset {create,list,delete} command group manages InstallationMediaConfig presets from the CLI, and omnictl media download <preset> downloads from them. Preset validation runs against the server's CloudPlatformConfig, SBCConfig, and TalosExtensions resources at create time. The legacy omnictl download is preserved but deprecated.

Plain Download Links for Images

The frontend now uses plain browser download links for factory image downloads instead of intercepting them.

Powered Off Machine State

Machines that are shut down now appear as "Powered Off" in the UI instead of being stuck in "Shutting Down" with a greyed-out unreachable state. Static infra providers honor the shutdown until the machine goes through a deallocation cycle, instead of automatically powering it back on. The CLI gains omnictl machine shutdown and omnictl machine power-on commands.

Per-Key Creation and Last-Active Tracking for Service Accounts

Service account key listings now include per-key creation timestamps and last-active times. omnictl serviceaccount list shows KEY CREATED and KEY LAST ACTIVE columns alongside the existing SA-level LAST ACTIVE. A new PublicKeyLastActive resource backs this tracking, and the activity interceptor records last-used timestamps per signing key fingerprint.

Commented omnictl serviceaccount create Output

The output of omnictl serviceaccount create is now commented out by default, making it friendlier for piping into .env files and shell automation.

Talos Version End-of-Support Notifications

Omni now tracks machines running Talos versions approaching or past end of support relative to MinTalosVersion, emits two new notifications (approaching end of support, end of support reached), and exposes Prometheus metrics for both.

Download talosctl From Factory

talosctl binaries are now downloaded directly from the Talos Image Factory instead of GitHub.

Cluster Template Include Directory Restrictions

By default, cluster templates can only include files from the same directory as the template file. This prevents malicious templates from including arbitrary files like /etc/passwd. The previous behavior can be restored with --allowed-dir.

Raw Bytes Support in Template Inline Fields

Inline fields for manifests and config patches now accept three forms: a single inline map (for backward compatibility), a list of inline maps, or raw bytes (which may contain multiple YAML documents). omnictl cluster template export now exports patches and manifests as raw bytes so multi-document values round-trip correctly.

Template Includes Resolved Relative to Template File

omnictl cluster template commands now resolve patch and Kubernetes manifest includes relative to the template YAML file, rather than the current working directory of omnictl.

Contributors

  • Edward Sammut Alessi
  • Oguz Kilcan
  • Utku Ozdemir
  • Artem Chernyshev
  • Andrey Smirnov
  • Noel Georgi
  • Mateusz Urbanek
  • Justin Garrison
  • Maja Bojarska
  • Orzelius
  • Quentin Joly
  • Spencer Smith

Changes

82 commits

  • df05dbae release(v1.8.0-beta.1): prepare release
  • b5e5e86e refactor: update minio env names
  • 5a894a21 chore: update helm README with new install instructions
  • 4fe2a67f chore: rekres, bump deps and default versions
  • 6fab9972 release(v1.8.0-beta.0): prepare release
  • ac81e59f feat: collect ClusterKubernetesManifestStatus in the support bundles
  • 64a1d536 fix: wrong role promotion for some etcd APIs
  • 7cc7e181 test: fix workload proxy integ...
Read more
Loading
0 Join discussion

v1.8.0-beta.0

15 May 17:12
@github-actions github-actions
v1.8.0-beta.0
This tag was signed with the committer’s verified signature.
Unix4ever Artem Chernyshev
GPG key ID: 9BAC0E08F5067BB8
Verified
Learn about vigilant mode.
6fab997
This commit was signed with the committer’s verified signature.
Unix4ever Artem Chernyshev
GPG key ID: 9BAC0E08F5067BB8
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.8.0-beta.0 Pre-release
Pre-release

Omni 1.8.0-beta.0 (2026-05-15)

Welcome to the v1.8.0-beta.0 release of Omni!
This is a pre-release of Omni

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Urgent Upgrade Notes (No, really, you MUST read this before you upgrade)

As Omni is now using --join-tokens-mode=legacyAllowed by default it won't start if there are any nodes running Talos below 1.6 connected to the instance.
If you want to keep using Omni with the outdated Talos you will need to set the flag to legacy. But of course we strongly recommend you to update Talos ASAP.

omnictl cluster template has breaking changes: it now restricts including files outside of the current directory.
If using files in the parent dirs, old behavior can be enabled by using --allowed-dir.

Additional Audit Log Filters

Audit logs gain a generic search box and sortable columns in the UI, plus CLI filters for event_type, resource_type, resource_id, cluster_id, and actor.

Per-Actor etcd Write Metrics

New omni_etcd_operations_total and omni_etcd_resource_bytes_total Prometheus counters track etcd writes, split by operation (create/update/teardown/destroy), actor (internal/user/service account/infra provider), actor ID, and resource type. Byte sizes are captured from the actual on-disk payload via a new WithObserver hook in state-etcd.

Disks and Devices on Machine Pages

The frontend now shows disks and devices on the machines and individual machine pages.

Talos Version Text on Installation Media Wizard

The installation media wizard's Talos version text has been updated for clarity.

Switching Logs Inside the Logs Tab

The logs tab now allows switching between log sources directly inside the tab.

Quick Switching Between Cluster Machines

The frontend allows quickly switching between machines within a cluster from the machine detail view.

In-UI Notifications

Omni notifications are now shown in the UI as dismissible banners.

Frontend Quality-of-Life Improvements for Machines

The cluster machine page gains a copy-UUID button, the machines list page can toggle between hostnames and UUIDs (with the preference saved), and machine and cluster machine pages gain kernel args tabs for editing kernel arguments inline instead of through a modal.

Re-Saving the Omni Support Bundle

The frontend now allows re-saving a previously generated Omni support bundle without regenerating it.

Support Modal

A new support modal in the frontend exposes links to GitHub issues, support channels, documentation, community resources, and office hours.

Helm Chart Values Generated From Config Schema

A new helmvaluesgen tool, run on make generate, updates the config: section of the Helm chart's values.yaml from Omni's config schema, applying chart-specific overrides for defaults, omissions, and descriptions.

Legacy Installation Media Proxying Removed

Omni no longer proxies legacy installation media download requests to the Talos Image Factory. Such requests are now rejected with a message asking users to upgrade omnictl, which downloads installation media directly from the factory.

Image Factory Proxy for Infra Providers

Infra provider Image Factory requests can now be proxied through Omni via a new schematic creation API that accepts raw YAML. This is useful when Omni holds authentication for the Image Factory or when multiple Image Factory endpoints need to be supported.

Imported Cluster Secrets Cleanup

A new controller tears down ImportedClusterSecrets once their content has been copied into ClusterSecrets and marked Imported=true, so imported bootstrap material does not linger in the state after a successful import.

Infra Provider Factory Endpoint

Infra providers now use the Image Factory endpoint configured in Omni's features state (sourced from args/config) instead of a hardcoded default. The configured factory URL is exposed on the provider.

Installation Media Placeholders

InstallationMediaConfig now accepts empty strings for talosVersion and joinToken, which resolve to the current stable version and default token at download time. The create wizard exposes "Automatic" options for these fields, and the download modal shows version/token/arch pickers for all presets.

Reader Access to Join Tokens

Users with the reader role can now read join tokens.
Reader had access to it before through Talos logs, so making the access more consistent.
More fine grained access will come with RBAC v2 later on.

Multi-Port Workload Proxy

The omni-kube-service-exposer.sidero.dev/port annotation now accepts a comma-separated list of host-port or host-port:service-port entries, each producing its own ExposedService URL. Label, icon, and prefix annotations gain per-host-port suffixed variants (e.g. label-30080). Existing single-port exposed services keep their URLs across the upgrade.

Configurable Log Level and Format

Omni's log level and log format are now configurable via flags and config.

Provision Step Errors on Machine Requests

A new Error field on ClusterMachineRequestStatus surfaces provision step failures so users can see why a request is stuck without scraping logs. Errors are now persisted on both failure and requeue paths.

omnictl media Command Group

A new omnictl media preset {create,list,delete} command group manages InstallationMediaConfig presets from the CLI, and omnictl media download <preset> downloads from them. Preset validation runs against the server's CloudPlatformConfig, SBCConfig, and TalosExtensions resources at create time. The legacy omnictl download is preserved but deprecated.

Plain Download Links for Images

The frontend now uses plain browser download links for factory image downloads instead of intercepting them.

Powered Off Machine State

Machines that are shut down now appear as "Powered Off" in the UI instead of being stuck in "Shutting Down" with a greyed-out unreachable state. Static infra providers honor the shutdown until the machine goes through a deallocation cycle, instead of automatically powering it back on. The CLI gains omnictl machine shutdown and omnictl machine power-on commands.

Per-Key Creation and Last-Active Tracking for Service Accounts

Service account key listings now include per-key creation timestamps and last-active times. omnictl serviceaccount list shows KEY CREATED and KEY LAST ACTIVE columns alongside the existing SA-level LAST ACTIVE. A new PublicKeyLastActive resource backs this tracking, and the activity interceptor records last-used timestamps per signing key fingerprint.

Commented omnictl serviceaccount create Output

The output of omnictl serviceaccount create is now commented out by default, making it friendlier for piping into .env files and shell automation.

Talos Version End-of-Support Notifications

Omni now tracks machines running Talos versions approaching or past end of support relative to MinTalosVersion, emits two new notifications (approaching end of support, end of support reached), and exposes Prometheus metrics for both.

Download talosctl From Factory

talosctl binaries are now downloaded directly from the Talos Image Factory instead of GitHub.

Cluster Template Include Directory Restrictions

By default, cluster templates can only include files from the same directory as the template file. This prevents malicious templates from including arbitrary files like /etc/passwd. The previous behavior can be restored with --allowed-dir.

Raw Bytes Support in Template Inline Fields

Inline fields for manifests and config patches now accept three forms: a single inline map (for backward compatibility), a list of inline maps, or raw bytes (which may contain multiple YAML documents). omnictl cluster template export now exports patches and manifests as raw bytes so multi-document values round-trip correctly.

Template Includes Resolved Relative to Template File

omnictl cluster template commands now resolve patch and Kubernetes manifest includes relative to the template YAML file, rather than the current working directory of omnictl.

Contributors

  • Edward Sammut Alessi
  • Utku Ozdemir
  • Artem Chernyshev
  • Oguz Kilcan
  • Andrey Smirnov
  • Noel Georgi
  • Mateusz Urbanek
  • Justin Garrison
  • Orzelius
  • Quentin Joly

Changes

78 commits

  • 6fab9972 release(v1.8.0-beta.0): prepare release
  • ac81e59f feat: collect ClusterKubernetesManifestStatus in the support bundles
  • 64a1d536 fix: wrong role promotion for some etcd APIs
  • 7cc7e181 test: fix workload proxy integration test for upgrade scenario
  • 2c8b1789 feat: add per-actor etcd write metrics
  • 49322f05 feat: use plain download links for image downloads
  • 01742e71 feat: add log level and format configuration
  • 7fb5b164 chore: bump deps
  • [cab06214](https://...
Read more
Loading
0 Join discussion

v1.6.6

13 May 10:26
@github-actions github-actions
v1.6.6
This tag was signed with the committer’s verified signature.
Slessi 👑 Edward Sammut Alessi
GPG key ID: 65558E016966977A
Verified
Learn about vigilant mode.
9769f94
This commit was signed with the committer’s verified signature.
Slessi 👑 Edward Sammut Alessi
GPG key ID: 65558E016966977A
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.6.6

Omni 1.6.6 (2026-05-13)

Welcome to the v1.6.6 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Urgent Upgrade Notes (No, really, you MUST read this before you upgrade)

The deprecated flags and config fields that were kept for the SQLite migration period (introduced in v1.4.0) have been removed.

If you still have any of the following flags or config keys set, you must remove them before upgrading, as they will cause startup errors:

  • --audit-log-dir (.logs.audit.path)
  • --secondary-storage-path (.storage.secondary.path)
  • --machine-log-storage-path (.logs.machine.storage.path)
  • --machine-log-storage-enabled (.logs.machine.storage.enabled)
  • --log-storage-path (.logs.machine.storage.path)
  • --embedded-discovery-service-snapshot-path (.services.embeddedDiscoveryService.snapshotsPath)
  • --machine-log-buffer-capacity (.logs.machine.bufferInitialCapacity)
  • --machine-log-buffer-max-capacity (.logs.machine.bufferMaxCapacity)
  • --machine-log-buffer-safe-gap (.logs.machine.bufferSafetyGap)
  • --machine-log-num-compressed-chunks (.logs.machine.storage.numCompressedChunks)

The automatic migration code for BoltDB secondary storage, file-based audit logs, file-based discovery service snapshots, and circular buffer machine logs has also been removed. If you are upgrading from a version older than v1.4.0, you must first upgrade to v1.4.x to complete the migrations, then upgrade to this version.

Contributors

  • Edward Sammut Alessi
  • Oguz Kilcan
  • Utku Ozdemir

Changes

6 commits

  • 9769f944 release(v1.6.6): prepare release
  • 1eff7171 chore: bump golang.org/x/net to 0.53.0
  • 4c4c1e2d fix: consume SAML sessions once
  • 84605100 feat: destroy imported cluster secrets after bundle is consumed
  • b8ca100c fix: change ImportedClusterSecrets access level to operator
  • 3e69e808 fix: add more input validations to management API

Dependency Changes

  • golang.org/x/crypto v0.49.0 -> v0.50.0
  • golang.org/x/net v0.52.0 -> v0.53.0
  • golang.org/x/text v0.35.0 -> v0.36.0

Previous release can be found at v1.6.5

Loading
0 Join discussion

v1.7.3

12 May 18:20
@github-actions github-actions
v1.7.3
This tag was signed with the committer’s verified signature.
Slessi 👑 Edward Sammut Alessi
GPG key ID: 65558E016966977A
Verified
Learn about vigilant mode.
e70a16e
This commit was signed with the committer’s verified signature.
Slessi 👑 Edward Sammut Alessi
GPG key ID: 65558E016966977A
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.7.3

Omni 1.7.3 (2026-05-12)

Welcome to the v1.7.3 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Urgent Upgrade Notes (No, really, you MUST read this before you upgrade)

A EULA agreement has been added to Omni which must be accepted in order to continue using it.

This agreement can be accepted through UI or programmatically either by adding the below flags:

--eula-accept-name=Your Name
--eula-accept-email=your@email.com

Or if using --config-path with the below configuration:

eulaAccept:
  name: Your Name
  email: your@email.com

Contributors

  • Edward Sammut Alessi
  • Oguz Kilcan
  • Utku Ozdemir
  • Andrey Smirnov
  • Artem Chernyshev

Changes

12 commits

  • e70a16e4 release(v1.7.3): prepare release
  • 284a5516 chore: bump deps
  • c0ad1c46 chore: bump deps
  • 9426c2ca fix: add more input validations to management API
  • 272d3f4d fix: consume SAML sessions once
  • a199343b fix: do not panic is ssa apply with multi-version CRDs
  • bb01bd81 feat: destroy imported cluster secrets after bundle is consumed
  • f8596b67 fix(frontend): keep machine details open when switching
  • a224cb02 fix: change ImportedClusterSecrets access level to operator
  • 2f780520 fix(frontend): add apexcharts formatter workaround
  • 72907427 fix(frontend): fix apexcharts broken tooltips and initial state
  • 88fd0562 fix(frontend): fix revoking/deleting join tokens

Changes from siderolabs/go-kubernetes

2 commits

  • 38c182f fix: normalize the changeset to be keyed without apiVersion
  • ca35008 feat: update k8s api to 0.36.0

Dependency Changes

  • github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.22.12 -> v1.22.13
  • github.com/aws/aws-sdk-go-v2/service/s3 v1.98.0 -> v1.99.0
  • github.com/coreos/go-oidc/v3 v3.17.0 -> v3.18.0
  • github.com/cosi-project/runtime v1.14.1 -> v1.15.1
  • github.com/fluxcd/cli-utils v0.37.2-flux.1 -> v1.2.0
  • github.com/fluxcd/pkg/ssa v0.70.0 -> v0.73.0
  • github.com/google/go-containerregistry v0.21.4 -> v0.21.5
  • github.com/siderolabs/go-kubernetes v0.2.36 -> v0.2.37
  • github.com/siderolabs/omni/client v1.6.1 -> v1.6.5
  • github.com/zitadel/oidc/v3 v3.46.0 -> v3.47.2
  • golang.org/x/crypto v0.49.0 -> v0.50.0
  • golang.org/x/net v0.52.0 -> v0.53.0
  • golang.org/x/text v0.35.0 -> v0.36.0
  • golang.org/x/tools v0.43.0 -> v0.44.0
  • k8s.io/api v0.35.3 -> v0.36.0
  • k8s.io/apimachinery v0.35.3 -> v0.36.0
  • k8s.io/client-go v0.35.3 -> v0.36.0
  • sigs.k8s.io/controller-runtime v0.23.3 -> v0.24.0

Previous release can be found at v1.7.2

Loading
0 Join discussion