feat(container): update ghcr.io/siderolabs/omni ( v0.41.0 → v0.42.0 )

[renovate]

This PR contains the following updates:

Package	Update	Change
ghcr.io/siderolabs/omni	minor	v0.41.0 -> v0.42.0

---

Release Notes

siderolabs/omni (ghcr.io/siderolabs/omni)

v0.42.0

Compare Source

Omni 0.42.0 (2024-09-10)

Welcome to the v0.42.0 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Allow multiple IP's in siderolink-wireguard-advertised-addr flag

The siderolink-wireguard-advertised-addr flag now accepts multiple IP addresses separated by commas. This is useful
when you have multiple IPs (IPv4 and IPv6) on the host machine and want to allow Talos nodes to connect to the Omni
using any of them.

Audit log

It is now possible to get the audit log from the Omni. By default it's disabled. To enable, pass
--audit-log-dir <dir> to the Omni. The audit log will be written to the specified directory, separated by day.

Retention is set to 30 days (including the current day). The audit log is written in JSON format, where each entry is
a JSON object.

There are two ways to get audit log, and for both you need Admin role:

1. By using the UI: Simply click "Download audit log" in the main menu.
2. Using omnictl audit-log command. This command will stream the audit log from the Omni to the local machine stdout.

Cluster Sort

Cluster list on Clusters page can now be sorted by name or creation date.
Before it was always sorted by creation date (newest first).

TLS Cert Reload

Omni service can now reload the TLS certs without restart.

Contributors

• Artem Chernyshev
• Dmitriy Matrenichev
• Andrey Smirnov
• Utku Ozdemir
• Noel Georgi
• Justin Garrison

Changes

31 commits

• 06a1553 release(v0.42.0): prepare release
• 4ed9049 fix: hide download audit log button if audit logs feature is disabled
• b6b252e fix: use YAML representation in omnictl get
• 44e1c5d release(v0.42.0-beta.0): prepare release
• c076c3c fix: filter readonly, CD and loop devices for 1.8
• 0360422 feat: support passing extra data through the siderolink join token
• 381021e fix: calculate requested and connected machines in the ClusterStatus
• 7abb0f5 chore: bump deps
• 464f699 chore: rename CloudProvider to InfraProvider
• bfe036e chore: allow to specify start and end time for audit-log
• e2f5795 chore: allow multiple IP's for siderolink-wireguard-advertised-addr flag
• 3c1defe fix: fix spelling for hover text
• 76ba670 chore: allow users with admin role to download audit log from UI
• e8d578a fix: add siderolink connection params to the infra provider interface
• 4a82cd0 chore: rewrite renamed extension names on Talos version updates
• 56c0394 fix: always remove finalizers from the ClusterMachineStatus
• ce45042 feat: implement MachineRequestSets and support links cleanup flow
• 85aaf1c feat: support sorting cluster by name, creation time
• 95c8210 feat: implement base infra provider library
• a32a6fa feat: reload TLS certs without restart
• 00ae084 fix: delete upgrade meta key from nodes after upgrades
• 3f5c0f8 chore: enable 'github.com/planetscale/vtprotobuf' encoding
• 34a8c36 chore: rekres to get BUSL license change date updated on releases
• bf188e4 chore: implement audit log reader
• 5d48547 chore: use range-over-func iterators for resource iteration
• dc349c1 chore: do a full generate with latest deps
• 67f2e8d chore: print error on closing secondary storage backing store
• 89e8a62 fix: pass the logger to machine logs circular buffer
• d2387d9 fix: use a separate phase for the extensions installation
• cbfe7c9 chore: add periodic cleanup of old log files
• aea900f fix: display machines in tearing down state

Changes since v0.42.0-beta.0

3 commits

• 06a1553 release(v0.42.0): prepare release
• 4ed9049 fix: hide download audit log button if audit logs feature is disabled
• b6b252e fix: use YAML representation in omnictl get

Changes from siderolabs/discovery-service

1 commit

• 270f257 chore: bump deps

Changes from siderolabs/go-api-signature

2 commits

• 8807c5e fix: account for time truncation to a second resolution
• 1b35ea8 chore: bump deps and fix data race

Changes from siderolabs/go-debug

1 commit

• c8f9b12 chore: add support for Go 1.23

Changes from siderolabs/go-talos-support

3 commits

• 58f4f0f chore: bump Go dependencies
• f9d46fd fix: add dns-resolve-cache to the list of logs gathered
• 69891cf chore: remove containerd dependency

Changes from siderolabs/image-factory

9 commits

• fe9134a release(v0.5.0): prepare release
• 7f09750 feat: update to Talos 1.8
• b985abc fix: cache generated system extension image correctly
• 9687413 fix: set SOURCE_DATA_EPOCH
• fef0833 chore: add in new helios64 overlay
• 03bd46f feat: support inclusion on well-known UEFI SecureBoot certs
• 608a6f0 chore: alias nvidia extensions to lts versions
• 8b4e0d9 chore: make metatadata pkg public
• 7a4de58 chore: build multi-arch image

Dependency Changes

• github.com/auth0/go-jwt-middleware/v2 v2.2.1 -> v2.2.2
• github.com/aws/aws-sdk-go-v2 v1.30.3 -> v1.30.4
• github.com/aws/aws-sdk-go-v2/config v1.27.27 -> v1.27.31
• github.com/aws/aws-sdk-go-v2/credentials v1.17.27 -> v1.17.30
• github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.10 -> v1.17.16
• github.com/aws/aws-sdk-go-v2/service/s3 v1.58.3 -> v1.61.0
• github.com/aws/smithy-go v1.20.3 -> v1.20.4
• github.com/containers/image/v5 v5.32.1 -> v5.32.2
• github.com/cosi-project/runtime v0.5.5 -> v0.6.1
• github.com/cosi-project/state-etcd v0.3.0 -> v0.3.1
• github.com/fsnotify/fsnotify v1.7.0 new
• github.com/grpc-ecosystem/grpc-gateway/v2 v2.21.0 -> v2.22.0
• github.com/prometheus/client_golang v1.19.1 -> v1.20.2
• github.com/prometheus/common v0.55.0 -> v0.57.0
• github.com/siderolabs/discovery-service 74bca2d -> v1.0.3
• github.com/siderolabs/go-api-signature v0.3.4 -> v0.3.6
• github.com/siderolabs/go-debug v0.3.0 -> v0.4.0
• github.com/siderolabs/go-talos-support v0.1.0 -> v0.1.1
• github.com/siderolabs/image-factory v0.4.2 -> v0.5.0
• github.com/siderolabs/talos/pkg/machinery v1.8.0-alpha.1 -> 6f7c3a8
• github.com/zitadel/oidc/v3 v3.27.0 -> v3.28.2
• go.etcd.io/bbolt v1.3.10 -> v1.3.11
• google.golang.org/grpc v1.65.0 -> v1.66.0
• sigs.k8s.io/controller-runtime v0.18.5 -> v0.19.0

Previous release can be found at v0.41.0

---

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

--- kubernetes/apps/observability/grafana/app Kustomization: flux-system/grafana HelmRelease: observability/grafana

+++ kubernetes/apps/observability/grafana/app Kustomization: flux-system/grafana HelmRelease: observability/grafana

@@ -124,13 +124,13 @@

           url: https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/master/examples/grafana-dashboard.json
         nut-exporter:
           datasource:
           - name: DS_PROMETHEUS
             value: Prometheus
           gnetId: 19308
-          revision: 3
+          revision: 2
         smart:
           datasource:
           - name: DS_PROMETHEUS
             value: Prometheus
           gnetId: 20204
           revision: 1

[github-actions]

--- HelmRelease: observability/grafana ConfigMap: observability/grafana

+++ HelmRelease: observability/grafana ConfigMap: observability/grafana

@@ -165,13 +165,13 @@

     ,/g' \\\n> \"/var/lib/grafana/dashboards/default/node-exporter-full.json\"\n \
     \ \ncurl -skf \\\n--connect-timeout 60 \\\n--max-time 60 \\\n-H \"Accept: application/json\"\
     \ \\\n-H \"Content-Type: application/json;charset=UTF-8\" \\\n  \"https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/master/examples/grafana-dashboard.json\"\
     \ \\\n  | sed '/-- .* --/! s/\"datasource\":.*,/\"datasource\": \"Prometheus\"\
     ,/g' \\\n> \"/var/lib/grafana/dashboards/default/node-feature-discovery.json\"\
     \n  \ncurl -skf \\\n--connect-timeout 60 \\\n--max-time 60 \\\n-H \"Accept: application/json\"\
-    \ \\\n-H \"Content-Type: application/json;charset=UTF-8\" \\\n  \"https://grafana.com/api/dashboards/19308/revisions/3/download\"\
+    \ \\\n-H \"Content-Type: application/json;charset=UTF-8\" \\\n  \"https://grafana.com/api/dashboards/19308/revisions/2/download\"\
     \ \\\n      | sed '/-- .* --/! s/${DS_PROMETHEUS}/Prometheus/g' \\\n> \"/var/lib/grafana/dashboards/default/nut-exporter.json\"\
     \n  \ncurl -skf \\\n--connect-timeout 60 \\\n--max-time 60 \\\n-H \"Accept: application/json\"\
     \ \\\n-H \"Content-Type: application/json;charset=UTF-8\" \\\n  \"https://grafana.com/api/dashboards/20204/revisions/1/download\"\
     \ \\\n      | sed '/-- .* --/! s/${DS_PROMETHEUS}/Prometheus/g' \\\n> \"/var/lib/grafana/dashboards/default/smart.json\"\
     \n  \ncurl -skf \\\n--connect-timeout 60 \\\n--max-time 60 \\\n-H \"Accept: application/json\"\
     \ \\\n-H \"Content-Type: application/json;charset=UTF-8\" \\\n  \"https://grafana.com/api/dashboards/21356/revisions/1/download\"\
--- HelmRelease: observability/grafana Deployment: observability/grafana

+++ HelmRelease: observability/grafana Deployment: observability/grafana

@@ -22,13 +22,13 @@

       labels:
         app.kubernetes.io/name: grafana
         app.kubernetes.io/instance: grafana
       annotations:
         checksum/dashboards-json-config: 156266699efb745c97e07a74f80da7eca55b0d7f3bdadbf2d0b41a902bcda26a
         checksum/sc-dashboard-provider-config: c942752180ddff51a3ab63b7d256cf3d856d90757b6f804cbc420562989d5a84
-        checksum/secret: 362a7abb84d24d6672d0504197a6de97d3735728f92de105006ac46f08de48ed
+        checksum/secret: 5d0d11a2aa51da4000a21ee4ad4713538ee8c7e21aefb4c76fb1658472790e7b
         kubectl.kubernetes.io/default-container: grafana
     spec:
       serviceAccountName: grafana
       automountServiceAccountToken: true
       securityContext:
         fsGroup: 472