v1.6.0-beta.0

Omni 1.6.0-beta.0 (2026-03-04)

Welcome to the v1.6.0-beta.0 release of Omni!
This is a pre-release of Omni

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Urgent Upgrade Notes (No, really, you MUST read this before you upgrade)

The deprecated flags and config fields that were kept for the SQLite migration period (introduced in v1.4.0) have been removed.

If you still have any of the following flags or config keys set, you must remove them before upgrading, as they will cause startup errors:

• --audit-log-dir (.logs.audit.path)
• --secondary-storage-path (.storage.secondary.path)
• --machine-log-storage-path (.logs.machine.storage.path)
• --machine-log-storage-enabled (.logs.machine.storage.enabled)
• --log-storage-path (.logs.machine.storage.path)
• --embedded-discovery-service-snapshot-path (.services.embeddedDiscoveryService.snapshotsPath)
• --machine-log-buffer-capacity (.logs.machine.bufferInitialCapacity)
• --machine-log-buffer-max-capacity (.logs.machine.bufferMaxCapacity)
• --machine-log-buffer-safe-gap (.logs.machine.bufferSafetyGap)
• --machine-log-num-compressed-chunks (.logs.machine.storage.numCompressedChunks)

The automatic migration code for BoltDB secondary storage, file-based audit logs, file-based discovery service snapshots, and circular buffer machine logs has also been removed. If you are upgrading from a version older than v1.4.0, you must first upgrade to v1.4.x to complete the migrations, then upgrade to this version.

Talos and Kubernetes CA Rotation

Omni now supports rotating the Talos and Kubernetes Certificate Authorities for managed clusters.

Talos and Kubernetes Versions in ClusterStatus

The ClusterStatus resource now includes talos_version and kubernetes_version fields, making cluster version information available programmatically. They are now also shown in the cluster list in the UI.

Pending and Historical Config Diffs in UI

The UI now shows pending and historical configuration diffs, making it easy to review what changed and when.

Force Machine Destroy

A --force flag has been added to the machine destroy command (and a corresponding UI option) to forcibly remove machines that are stuck or unresponsive.

Helm Chart v2

A new Helm chart v2 has been implemented with improved structure and more configurable options.
More configuration values are now exposed in the Helm chart, giving operators greater flexibility when deploying Omni.

Installation Media Wizard

The installation media flow now uses a wizard-based UI by default, replacing the previous modal dialog. Presets may now also be saved, allowing for future reuse.

Machine Log Storage Cleanup

Global size-based cleanup has been added for machine log storage, preventing unbounded disk usage.
Configurable options for audit log cleanup have also been added.

Minimum Talos Version Bump

The minimum supported Talos version for new clusters has been bumped to 1.8.

Minor UI Improvements

Other minor UI improvements part of this release:

• Talos and Kubernetes versions are now shown in the cluster list.
• Node name and UUID are shown in the support bundle modal.
• Machine set pools now have a collapse/expand toggle.
• Cluster scaling has been moved to a modal dialog.
• Getting started guidance and empty-state pages have been added for clusters, machines, and machine classes.
• Instructions for adding machines and exporting cluster templates are now shown in the UI.
• Clarification text has been added to backup settings.
• YouTube video embedding is now supported in documentation/onboarding flows.
• The frontend authentication flow no longer requires an explicit login click.
• Resource labels use new colors for improved visual clarity.

Detailed Node Disk Information

The node details page now shows detailed disk information, including disk model, size, and type.

PCI Devices on Node Details

The node details page now includes a dedicated section listing all PCI devices present on the node.

Reset Node Unique Tokens

It is now possible to reset the unique token for a node, which can be useful for re-enrolling machines.

OIDC Token Cache Isolation for Kubeconfigs

Generated kubeconfigs now use isolated OIDC token caches, preventing token collisions between different kubeconfig users.

Pending Machines

Machines that were previously rejected can now be unrejected from the UI, allowing them to be accepted into Omni.

Rejected machines can also now be deleted directly from the UI.

SAML Logout Flow

Omni now implements the SAML logout flow, properly terminating sessions with the SAML identity provider on sign-out.

SQLite Metrics and Cleanup Counters

Metrics for the SQLite state backend have been exposed, along with cleanup counters for better observability.

Upgrade Parallelism

The upgrade parallelism for machine sets can now be configured via cluster templates and the UI, allowing operators to control how many machines are upgraded concurrently.

User and Service Account Activity Tracking

Omni now tracks the last activity time for users and service accounts, providing better visibility into account usage.

User Management gRPC Endpoints

New ManagementService gRPC endpoints have been added for user operations, enabling programmatic user management.

Configurable User and Service Account Limits

Operators can now enforce configurable limits on the number of users and service accounts that can be created in Omni.

Custom Vault Kubernetes Auth Mount Path

The Vault Kubernetes authentication mount path is now configurable, supporting non-default Vault configurations.

Contributors

• Edward Sammut Alessi
• Andrey Smirnov
• Oguz Kilcan
• Utku Ozdemir
• Artem Chernyshev
• Kevin Tijssen
• Noel Georgi
• Mateusz Urbanek
• Orzelius
• Tim Jones
• Daddie0
• Daniil Kivenko
• Dmitrii Sharshakov
• Justin Garrison
• Pranav Patil
• Steve Francis
• greenpsi

Changes

123 commits

• beb7dba8 release(v1.6.0-beta.0): prepare release
• a7b8b145 feat(frontend): update selected state of machineset labels
• 943a9ad4 fix(frontend): reset pagination when selectors change
• 05738937 feat: support setting upgrade parallelism in templates and UI
• a9f2937c feat: add OIDC token cache isolation for generated kubeconfigs
• 8a814d17 feat(frontend): use new resource label colors
• 0cb34323 refactor(frontend): use tailwind classes instead of color variables
• 8a72a8ae refactor(frontend): don't interpolate resource label classes
• f8a42eeb chore: move graceful upgrades to the lowest level
• 6f0ca32f fix(frontend): truncate machine classes in cluster list
• 5bb4ad9d fix(frontend): fix pending manifests warning sidebar color
• 6d03fc7c feat: track user and service account last activity
• a6811877 refactor(frontend): create pagecontainer component to manage padding
• e7f7a8ee fix(frontend): re-add padding in cluster scoped for error case
• ed1ebe35 fix: enhance SAML handler startup error
• a907c311 fix: properly select extensions when they're defined for cluster/ms lvl
• 66dbbdc6 feat(frontend): add instructions for adding machines
• 51747657 chore: update LICENSE
• 2372684a feat(frontend): show pci devices on node details
• 823af623 fix(frontend): fix unintented icon button s...

v1.5.8

Omni 1.5.8 (2026-02-27)

Welcome to the v1.5.8 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Contributors

• Andrey Smirnov
• Kevin Tijssen
• Noel Georgi
• Artem Chernyshev
• Mateusz Urbanek
• Orzelius
• Oguz Kilcan
• Tim Jones
• Daddie0
• Dmitrii Sharshakov
• greenpsi

Changes

2 commits

• 311657f3 release(v1.5.8): prepare release
• 865e60da chore: bump deps, rekres and fix linters

Changes from siderolabs/discovery-api

2 commits

• 9c06846 feat: change the way excluded addresses are specified
• f71a14a feat: add advertised filters to discovery data

Changes from siderolabs/discovery-client

2 commits

• 854400f feat: bump discovery API to v0.1.8
• 0a4c6fd chore: update dependencies and rekres

Changes from siderolabs/discovery-service

2 commits

• 8863fd8 release(v1.0.14): prepare release
• e0c8062 chore: rekres and update dependencies

Changes from siderolabs/go-debug

1 commit

• 47fce68 feat: support Go 1.26, rekres

Changes from siderolabs/go-kubernetes

9 commits

• a95f3bf chore: add helper functions for CLI applications
• f2c063b test: add integration tests for ssa logic
• 9de92cf refactor: drop k8s.io/utils
• 8e6f068 fix: bring back legacy sync
• de675a0 fix: stop using custom dialer for Kubernetes client
• e7a89c3 refactor: use fluxcd/ssa instead of kubernetes cli-utils for ssa
• 0a235c0 feat: add early support for Kubernetes 1.36
• 3bea212 fix: use new Myers diff algorithm
• 604c56b chore: extract common code to the go-kubernetes package

Changes from siderolabs/image-factory

37 commits

• f0c7a7b release(v1.0.3): prepare release
• dd92631 docs: correct path to hack/copy-artifacts.sh
• ddc1a83 fix: update Talos to fix rpi_5 build
• b3d07e5 docs: remove redundant Kubernetes version prerequisite
• 9666795 fix: values.schema.json
• 8a8da46 feat: adjust security context for user namespace mode
• bc631dc fix: values.schema.json
• 8ea6fe9 feat: add user namespace support with Kubernetes version validation
• 324c464 fix: skip initializing TUF if keyless signing is disabled
• a42b9d9 release(v1.0.2): prepare release
• 80d1ba3 fix: pass nameoptions to verify bundle too
• eec01d1 release(v1.0.1): prepare release
• ec1c0a7 fix: pass insecure to the cosign new bundle verifier
• 14d0f2a release(v1.0.0): prepare release
• a90529c feat: add more security contexts
• ec69fe2 fix: extra kernel args for overlays
• aa325ee feat: add Helm docs and schema
• 3c18e05 feat: add Sidero google service account email also to verfiers
• 151feb5 fix: docs url
• 42a1c45 feat: add helm to kres
• ac4718a feat: update Talos and pkgs
• 1d6468e feat: add helm e2e to CI
• 2f0499c feat: added e2e tests
• 2eccf98 fix: made changes on the recommendation of copilot
• e27ea36 feat: Added E2E with KUTTL
• 9f6b9e7 feat: Added additional tests
• 4939747 feat: Added helm unittests
• dcaa1db feat: added helmchart
• 1f85622 feat: add cloudflare credentials helper
• 852856d fix: installer internal config
• c8c6576 release(v1.0.0-beta.0): prepare release
• 56bd21b fix: allow Cache-Control header in CORS
• 83f4d91 fix: clarify bootloader selection
• c8c5faa feat: allow using image GET/HEAD API by the JS code on any domains
• e732d90 feat: support acm for secureboot
• 5f103c1 feat: support copying to clipboard
• c3532c4 feat: update Talos with GRUB and other fixes

Changes from siderolabs/kms-client

3 commits

• 296bf9a feat: add logging to the KMS server
• 2d6b082 feat: add TLS support for KMS server
• 4233ecd chore: bump deps, rekres

Dependency Changes

• github.com/aws/aws-sdk-go-v2 v1.41.1 -> v1.41.2
• github.com/aws/aws-sdk-go-v2/config v1.32.7 -> v1.32.10
• github.com/aws/aws-sdk-go-v2/credentials v...

v1.5.7

Omni 1.5.7 (2026-02-25)

Welcome to the v1.5.7 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Contributors

• Artem Chernyshev

Changes

2 commits

• e83051fa release(v1.5.7): prepare release
• 1959a4e8 feat: allow resetting node unique tokens

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.5.6

v1.5.6

Omni 1.5.6 (2026-02-24)

Welcome to the v1.5.6 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Contributors

• Artem Chernyshev
• Edward Sammut Alessi

Changes

2 commits

• 92ecc79f release(v1.5.6): prepare release
• 9ab50e4b feat(frontend): allow embedding youtube videos

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.5.5

v1.5.5

Omni 1.5.5 (2026-02-20)

Welcome to the v1.5.5 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Contributors

• Artem Chernyshev

Changes

2 commits

• 4defffc8 release(v1.5.5): prepare release
• f005f848 chore: bump Talos machinery to the latest main and use 1.12.4 schema

Dependency Changes

• github.com/emicklei/dot v1.10.0 -> v1.11.0
• github.com/siderolabs/talos/pkg/machinery b9e27ebe72c4 -> e00aed0f6694
• go.yaml.in/yaml/v4 v4.0.0-rc.3 -> v4.0.0-rc.4
• golang.org/x/crypto v0.47.0 -> v0.48.0
• golang.org/x/net v0.49.0 -> v0.50.0
• golang.org/x/text v0.33.0 -> v0.34.0

Previous release can be found at v1.5.4

v1.4.11

Omni 1.4.11 (2026-02-20)

Welcome to the v1.4.11 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Urgent Upgrade Notes (No, really, you MUST read this before you upgrade)

This release consolidates Discovery service state, Audit logs, Machine logs, and Secondary resources into a single SQLite storage backend.

1. New Required Flag
You must set the new --sqlite-storage-path (or .storage.sqlite.path) flag. There is no default value, and Omni will not start without it.
It must be a path to the SQLite file (will be created by Omni), not a directory, e.g., --sqlite-storage-path=/path/to/omni-sqlite.db.

2. Audit Logging Changes
A new flag --audit-log-enabled (or .logs.audit.enabled) has been introduced to explicitly enable or disable audit logging.

• Default: true.
• Change: Previously, audit logging was implicitly enabled only when the path was set. Now, it is enabled by default.

3. Automatic Migration
Omni will automatically migrate your existing data (BoltDB, file-based logs) to the new SQLite database on the first startup. To ensure this happens correctly, simply add the new SQLite flag and leave your existing storage flags in place for the first run.

Once the migration is complete, you are free to remove the deprecated flags listed below. If they remain, they will be ignored and eventually dropped in future versions.

4. Deprecated Flags (Kept for Migration)
The following flags (and config keys) are deprecated and kept solely to facilitate the automatic migration:

• --audit-log-dir (.logs.audit.path)
• --secondary-storage-path (.storage.secondary.path)
• --machine-log-storage-path (.logs.machine.storage.path)
• --machine-log-storage-enabled (.logs.machine.storage.enabled)
• --embedded-discovery-service-snapshot-path (.services.embeddedDiscoveryService.snapshotsPath)
• --machine-log-buffer-capacity (.logs.machine.bufferInitialCapacity)
• --machine-log-buffer-max-capacity (.logs.machine.bufferMaxCapacity)
• --machine-log-buffer-safe-gap (.logs.machine.bufferSafetyGap)
• --machine-log-num-compressed-chunks (.logs.machine.storage.numCompressedChunks)

5. Removed Flags
The following flags have been removed and are no longer supported:

• --machine-log-storage-flush-period (.logs.machine.storage.flushPeriod)
• --machine-log-storage-flush-jitter (.logs.machine.storage.flushJitter)

Contributors

• Artem Chernyshev

Changes

2 commits

• f667a9f2 release(v1.4.11): prepare release
• 4a67d96e chore: bump Talos machinery to the latest main and use 1.12.4 schema

Dependency Changes

• github.com/siderolabs/talos/pkg/machinery v1.12.0-beta.1 -> v1.12.4

Previous release can be found at v1.4.10

v1.5.4

Omni 1.5.4 (2026-02-18)

Welcome to the v1.5.4 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Contributors

• Utku Ozdemir

Changes

2 commits

• 8fa3caf4 release(v1.5.4): prepare release
• b38d89b3 fix: compare current and new kernel args more defensively

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.5.3

v1.4.10

Omni 1.4.10 (2026-02-18)

Welcome to the v1.4.10 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Urgent Upgrade Notes (No, really, you MUST read this before you upgrade)

This release consolidates Discovery service state, Audit logs, Machine logs, and Secondary resources into a single SQLite storage backend.

1. New Required Flag
You must set the new --sqlite-storage-path (or .storage.sqlite.path) flag. There is no default value, and Omni will not start without it.
It must be a path to the SQLite file (will be created by Omni), not a directory, e.g., --sqlite-storage-path=/path/to/omni-sqlite.db.

2. Audit Logging Changes
A new flag --audit-log-enabled (or .logs.audit.enabled) has been introduced to explicitly enable or disable audit logging.

• Default: true.
• Change: Previously, audit logging was implicitly enabled only when the path was set. Now, it is enabled by default.

3. Automatic Migration
Omni will automatically migrate your existing data (BoltDB, file-based logs) to the new SQLite database on the first startup. To ensure this happens correctly, simply add the new SQLite flag and leave your existing storage flags in place for the first run.

Once the migration is complete, you are free to remove the deprecated flags listed below. If they remain, they will be ignored and eventually dropped in future versions.

4. Deprecated Flags (Kept for Migration)
The following flags (and config keys) are deprecated and kept solely to facilitate the automatic migration:

• --audit-log-dir (.logs.audit.path)
• --secondary-storage-path (.storage.secondary.path)
• --machine-log-storage-path (.logs.machine.storage.path)
• --machine-log-storage-enabled (.logs.machine.storage.enabled)
• --embedded-discovery-service-snapshot-path (.services.embeddedDiscoveryService.snapshotsPath)
• --machine-log-buffer-capacity (.logs.machine.bufferInitialCapacity)
• --machine-log-buffer-max-capacity (.logs.machine.bufferMaxCapacity)
• --machine-log-buffer-safe-gap (.logs.machine.bufferSafetyGap)
• --machine-log-num-compressed-chunks (.logs.machine.storage.numCompressedChunks)

5. Removed Flags
The following flags have been removed and are no longer supported:

• --machine-log-storage-flush-period (.logs.machine.storage.flushPeriod)
• --machine-log-storage-flush-jitter (.logs.machine.storage.flushJitter)

Contributors

• Utku Ozdemir

Changes

2 commits

• 47d18493 release(v1.4.10): prepare release
• c9d0860a fix: compare current and new kernel args more defensively

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.4.9

v1.5.3

Omni 1.5.3 (2026-02-17)

Welcome to the v1.5.3 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Contributors

• Utku Ozdemir
• Artem Chernyshev

Changes

3 commits

• 9b46d417 release(v1.5.3): prepare release
• ee1fc5f3 fix: break the dep loop in the cluster machine config status controller
• 329926cd fix: fix schematic generation for machines in agent mode

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.5.2

v1.5.2

Omni 1.5.2 (2026-02-12)

Welcome to the v1.5.2 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Contributors

• Artem Chernyshev
• Utku Ozdemir

Changes

2 commits

• 348ea65f release(v1.5.2): prepare release
• 309b3501 fix: replace gotextdiff with linear-space Myers diff to prevent OOM

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.5.1