siderolabs
diff --git a/‎Dockerfile
+1-1 b/‎Dockerfile
+1-1
diff --git a/‎Makefile
+6-6 b/‎Makefile
+6-6
diff --git a/‎README.md
+8-8 b/‎README.md
+8-8
diff --git a/‎api/v1alpha2/doc.go
+6 b/‎api/v1alpha2/doc.go
+6
diff --git a/‎api/v1alpha2/types.go
-2 b/‎api/v1alpha2/types.go
-2
diff --git a/‎api/v1alpha2/zz_generated.conversion.go
+5-1 b/‎api/v1alpha2/zz_generated.conversion.go
+5-1
diff --git a/‎config/crd/bases/bootstrap.cluster.x-k8s.io_talosconfigs.yaml
+1-3 b/‎config/crd/bases/bootstrap.cluster.x-k8s.io_talosconfigs.yaml
+1-3
diff --git a/‎config/crd/bases/bootstrap.cluster.x-k8s.io_talosconfigtemplates.yaml
+1-2 b/‎config/crd/bases/bootstrap.cluster.x-k8s.io_talosconfigtemplates.yaml
+1-2
diff --git a/‎config/manager/manager.yaml
+9 b/‎config/manager/manager.yaml
+9
diff --git a/‎controllers/secrets.go
+1-1 b/‎controllers/secrets.go
+1-1
diff --git a/‎controllers/talosconfig_controller.go
+8-3 b/‎controllers/talosconfig_controller.go
+8-3
@@ -47,7 +47,7 @@ COPY --from=manifests-build /src/config /config
 
 FROM build AS generate-build
 RUN --mount=type=cache,target=/.cache controller-gen object:headerFile=./hack/boilerplate.go.txt paths="./..."
-RUN --mount=type=cache,target=/.cache conversion-gen --input-dirs=./api/v1alpha2 --output-base ./ --output-file-base=zz_generated.conversion --go-header-file=./hack/boilerplate.go.txt
+RUN --mount=type=cache,target=/.cache conversion-gen --output-file=zz_generated.conversion.go --go-header-file=./hack/boilerplate.go.txt -v 9  ./api/v1alpha2
 
 FROM scratch AS generate
 COPY --from=generate-build /src/api /api
 
@@ -9,13 +9,13 @@ NAME := cluster-api-talos-controller
 ARTIFACTS := _out
 TEST_RUN ?= ./...
 
-TOOLS ?= ghcr.io/siderolabs/tools:v1.7.0-1-g10b2a69
-PKGS ?= v1.7.0-5-gb7f1920
-TALOS_VERSION ?= v1.7.0
-K8S_VERSION ?= 1.29.3
+TOOLS ?= ghcr.io/siderolabs/tools:v1.8.0-1-ga0c06c6
+PKGS ?= v1.8.0
+TALOS_VERSION ?= v1.8.0-beta.0
+K8S_VERSION ?= 1.30.0
 
-CONTROLLER_GEN_VERSION ?= v0.14.0
-CONVERSION_GEN_VERSION ?= v0.29.3
+CONTROLLER_GEN_VERSION ?= v0.16.2
+CONVERSION_GEN_VERSION ?= v0.31.0
 
 BUILD := docker buildx build
 PLATFORM ?= linux/amd64
 
@@ -54,17 +54,17 @@ This provider's versions are compatible with the following versions of Cluster A
 
 This provider's versions are able to install and manage the following versions of Kubernetes:
 
-|                | v1.19 | v1.20 | v1.21 | v1.22 | v1.23 | v1.24 | v1.25 | v1.26 | v1.27 | v1.28 | v1.29 | v1.30 |
-| -------------- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
-| CABPT (v0.5.x) | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     |       |       |       |       |
-| CABPT (v0.6.x) |       |       |       |       |       | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     |
+|                | v1.19 | v1.20 | v1.21 | v1.22 | v1.23 | v1.24 | v1.25 | v1.26 | v1.27 | v1.28 | v1.29 | v1.30 | v1.31 |
+| -------------- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
+| CABPT (v0.5.x) | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     |       |       |       |       |       |
+| CABPT (v0.6.x) |       |       |       |       |       | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     |
 
 This provider's versions are compatible with the following versions of Talos:
 
-|                  | v1.0  | v1.1  | v1.2  | v1.3  | v1.4  | v1.5  | v1.6  | v1.7  |
-| ---------------- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
-| CABPT (v0.5.x)   | ✓     | ✓     | ✓     | ✓     |       |       |       |       |
-| CABPT (v0.6.x)   |       |       | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     |
+|                  | v1.0  | v1.1  | v1.2  | v1.3  | v1.4  | v1.5  | v1.6  | v1.7  | v1.8  |
+| ---------------- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
+| CABPT (v0.5.x)   | ✓     | ✓     | ✓     | ✓     |       |       |       |       |       |
+| CABPT (v0.6.x)   |       |       | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     |
 
 > Note: CABPT is not compatible with multi-document Talos Linux machine configuration, as it relies on JSON patch to apply configuration patches.
 
 
@@ -0,0 +1,6 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// +k8s:conversion-gen=github.com/siderolabs/cluster-api-bootstrap-provider-talos/api/v1alpha3
+package v1alpha2
@@ -4,8 +4,6 @@
 
 package v1alpha2
 
-// +k8s:conversion-gen=github.com/siderolabs/cluster-api-bootstrap-provider-talos/api/v1alpha3
-
 // TalosConfigTemplateResource defines the Template structure
 type TalosConfigTemplateResource struct {
 	Spec TalosConfigSpec `json:"spec,omitempty"`
 
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.2
   name: talosconfigs.bootstrap.cluster.x-k8s.io
 spec:
   group: bootstrap.cluster.x-k8s.io
@@ -125,7 +125,6 @@ spec:
                     description: |-
                       Source of the hostname.
 
-
                       Allowed values: "MachineName" (use linked Machine's Name).
                     type: string
                 type: object
@@ -211,7 +210,6 @@ spec:
                 description: |-
                   Talos config will be a string containing the config for download.
 
-
                   Deprecated: please use `<cluster>-talosconfig` secret.
                 type: string
             type: object
 
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.2
   name: talosconfigtemplates.bootstrap.cluster.x-k8s.io
 spec:
   group: bootstrap.cluster.x-k8s.io
@@ -120,7 +120,6 @@ spec:
                             description: |-
                               Source of the hostname.
 
-
                               Allowed values: "MachineName" (use linked Machine's Name).
                             type: string
                         type: object
 
@@ -48,4 +48,13 @@ spec:
             requests:
               cpu: 100m
               memory: 128Mi
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            privileged: false
+            runAsUser: 65532
+            runAsGroup: 65532
+          terminationMessagePolicy: FallbackToLogsOnError
       terminationGracePeriodSeconds: 10
@@ -178,7 +178,7 @@ func (r *TalosConfigReconciler) writeBootstrapData(ctx context.Context, scope *T
 		return dataSecretName, nil
 	}
 
-	if err != nil && !k8serrors.IsNotFound(err) {
+	if !k8serrors.IsNotFound(err) {
 		return dataSecretName, err
 	}
 
 
@@ -172,7 +172,7 @@ func (r *TalosConfigReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 	// Handle deleted talosconfigs
 	// We no longer set finalizers on talosconfigs, but we have to remove previously set finalizers
 	if !config.ObjectMeta.DeletionTimestamp.IsZero() {
-		return r.reconcileDelete(ctx, config)
+		return r.reconcileDelete(config)
 	}
 
 	// Look up the resource that owns this talosconfig if there is one
@@ -254,7 +254,7 @@ func (r *TalosConfigReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 	}
 
 	if err = r.reconcileGenerate(ctx, tcScope); err != nil {
-		conditions.MarkFalse(config, bootstrapv1alpha3.DataSecretAvailableCondition, bootstrapv1alpha3.DataSecretGenerationFailedReason, capiv1.ConditionSeverityError, err.Error())
+		conditions.MarkFalse(config, bootstrapv1alpha3.DataSecretAvailableCondition, bootstrapv1alpha3.DataSecretGenerationFailedReason, capiv1.ConditionSeverityError, "%s", err.Error())
 
 		return ctrl.Result{}, err
 	}
@@ -380,7 +380,7 @@ func (r *TalosConfigReconciler) reconcileGenerate(ctx context.Context, tcScope *
 	return nil
 }
 
-func (r *TalosConfigReconciler) reconcileDelete(ctx context.Context, config *bootstrapv1alpha3.TalosConfig) (ctrl.Result, error) {
+func (r *TalosConfigReconciler) reconcileDelete(config *bootstrapv1alpha3.TalosConfig) (ctrl.Result, error) {
 	controllerutil.RemoveFinalizer(config, bootstrapv1alpha3.ConfigFinalizer)
 
 	return ctrl.Result{}, nil
@@ -499,6 +499,11 @@ func (r *TalosConfigReconciler) genConfigs(ctx context.Context, scope *TalosConf
 
 	genOptions = append(genOptions, generate.WithSecretsBundle(secretBundle))
 
+	// Talos dropped support for version contracts <= 0.14, but we still need to support old secret bundles
+	if versionContract != nil && versionContract.Major < 1 && versionContract.Minor < 14 {
+		genOptions = append(genOptions, generate.WithClusterDiscovery(false))
+	}
+
 	APIEndpointPort := strconv.Itoa(int(scope.Cluster.Spec.ControlPlaneEndpoint.Port))
 
 	input, err := generate.NewInput(
Original file line number	Diff line number	Diff line change
`@@ -178,7 +178,7 @@ func (r TalosConfigReconciler) writeBootstrapData(ctx context.Context, scope T`
`178`	`178`	`return dataSecretName, nil`
`179`	`179`	`}`
`180`	`180`
`181`		`- if err != nil && !k8serrors.IsNotFound(err) {`
	`181`	`+ if !k8serrors.IsNotFound(err) {`
`182`	`182`	`return dataSecretName, err`
`183`	`183`	`}`
`184`	`184`