25d19131d3
This is the official v1.1.0-alpha.0 release. Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
492 KiB
492 KiB
Talos 1.1.0-alpha.0 (2022-04-01)
Welcome to the v1.1.0-alpha.0 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.
Component Updates
- Kubernetes: 1.24.0-beta.0
- Flannel: 0.17.0
- runc: 1.1.1
Contributors
- Andrey Smirnov
- Noel Georgi
- Spencer Smith
- Tim Jones
- Andrew Rynhard
- Dmitriy Matrenichev
- Steve Francis
- Artem Chernyshev
- Caleb Woodbine
- Daniel Höxtermann
- Jori Huisman
- Nico Berlee
- Serge Logvinov
- Seán C McCord
- Suraj Shirvankar
- Tomasz Zurkowski
Changes
90 commits
e860312dfrelease(v1.1.0-alpha.0): prepare release2ca5279e5fix: retry manifest updates in upgrade-k8seeb756168feat: use kexec when resetting a node1ed1f73e5test: bump CAPI to 1.1.32ee1d2c72feat: update Kuberentes to 1.24.0-beta.0c26fa4ccctest: push GITHUB_TOKEN to the e2e-aws/gcp steps95d900de7feat: use kubeconfig env var0b407dd17feat: add dhcp-v6 NTP/DHCP-DUIDa140a6baddocs: update releases shortcode in upgrade guide12931dcedfix: align partitions on 1M boundary37f868e37fix: validate empty TLS config for registriesca8b9c0a3feat: update Kubernetes to 1.24.0-alpha.4d9ec6b215chore: drop dirty from abbreviated tag08624fd0bdocs: add banner to main pagefc23c7a59test: bump versions for upgrade tests4bfe68610feat: update runc to 1.1.1b315ed953chore: use go:embed instead of ldflagsa5d64fc81feat: update Flannel to 0.17.06d6eb3f6adocs: fork docs for 1.11d55f05d1docs: update index pagead6b7ec1afix: enable etcd consistency on check startup65a31f753docs: re-add GA token741c04832docs: mark 1.0 docs as lateste97433c8adocs: update jetson nano6665e0f00docs: code block copyingc41f2b216docs: update whats-new-v1.00a36fbbf3docs: add release notes for 1.0bd0035f6adocs: add NVIDIA docsefa3f2898fix: correctly find partitions with config data (metal-iso)9ebeec0d0docs: fix incorrect path for talosconfig9fef4540edocs: fix non-latest download linksf8ef6a081docs: add rook ceph configuration guidee2666f58fchore: bump kernel to 5.15.32957b2f233chore: bump dependencies0fd2aa08bfix: correctly escape '.' in volume names108fd03a7fix: give up virtual IPs before the kubelet workloads are shut down856e1333dfix: use 'localhost' endpoint in docker provisioner on Windowsc5da38609docs: use variables and templates in the docs4c83847b9docs: target search results67fb72d96docs: add algolia versions to all content5344d6e7cdocs: fix extension servicepathdependency9b9191c5efix: increase intiial window and connection window sizes7a88a0224docs: show archived/pre-release banner based on versione403470bfdocs: filter algolia results by latest0497d5f9fdocs: tag latest docs for searcha25425483feat: update containerd to 1.6.2, Linux to 5.15.319b6422fccfeat: update CoreDNS to 1.9.1020856f80docs: remove second search bar5f27f4c63docs: update asset links9ff42b432docs: fix redirects for /docs URLs7283efd56chore: update the talosctl CNI download urle0eee7fcctest: use clusterctl.yaml overrides after org rename73966f51edocs: fix extensionsf9766edb5docs: remove empty doc filee06e1473bfeat: update golangci-lint to 1.45.0 and gofumpt to 0.3.0a92c614b2docs: add enterprise link to docs header0ae7174badocs: update search settings and redirects883d401f9chore: rename github organization to siderolabsd1294d014chore: add day-two tests for e2e-qemua6240e4b6feat: update Linux to 5.15.30e3fda049fdocs: overhaul all the docsf47750726fix: the etcd recovery client and tests69e07cddcfix: trigger properlyudevdon types and actions47d0e629dfix: clean up custom udev rules if the config is clearedb6691b350chore: bump dependencies27af5d41cfeat: pause the boot process on some failures instead of rebooting58cb9db1efeat: allow hardlinks in the system extension images1e982808ffix: ignore pod CIDRs for kubelet node IPs5e0c80f61fix: ignore connection reset errors on k8s upgradec156580a3fix: split regular network operation configuration and virtual IPcd4d4c605feat: relax extensions file structure validation50594ab1afix: ignore terminated pods in pod health checks9d69fb6b4feat: update Kubernetes to 1.23.5327ce5abafix: invert the condition to skip kubelet kernel checkscf85b3f07docs: update cilium inline install84ee1795ddocs: update logocc7719c9ddocs: improve comments in security protocaf800fe8feat: implement D-Bus systemd-compatible shutdown for kubelet6bec08429feat: add talosctl completions to copy, usage, logs, restart and service355b1a4befix: refresh etcd certs on startup/joind256b5c5edocs: fix spelling mistakes5fdedae20chore: bump kernel to 5.15.2818a21b5f2chore: add dependency images-essential -> images714e5eca6chore: bump dependencies58be4067edocs: update README.mdc5fb20930docs: add loki notef448cb4f3feat: bump boot partition size to 1000 MiBa095acb09chore: fix equinixMetal platform name2a7f9a445fix: check for IPv6 before applying accept_ra59681b8c9fix: backport fixes from release-1.0 branch
Changes from siderolabs/extras
Changes from siderolabs/pkgs
18 commits
4b3e70echore: upstream u-boot for jetson nanocc1c8c7feat: update runc to 1.1.13baf4e4chore: enable random trust CPUdf31920chore: disable soundc27751bchore: bump nvidia drivers to 510.60.02ba98e20chore: bump kernel to 5.15.32a76edfdfeat: update containerd to 1.6.20c38670chore: bump kernel to 5.15.31bc4fb0cchore: org update41f291dfeat: update Flannel CNI to 1.0.158603bachore: bump kernel to 5.15.30d3bb262chore: bump kernel to 5.15.2976a24b5chore: update openssl to 1.1.1n490c7b7chore: enable aarch64 NVIDIA driversb794b7achore: bump linux-firmware to 20220310acda207chore: bump kernel to 5.15.28e0fec11chore: bump nvidia driver to 510.540407f05chore: bump kernel to 5.15.27
Changes from siderolabs/tools
Changes from talos-systems/go-blockdevice
Dependency Changes
- github.com/aws/aws-sdk-go v1.43.8 -> v1.43.26
- github.com/containernetworking/plugins v1.1.0 -> v1.1.1
- github.com/docker/distribution v2.8.0 -> v2.8.1
- github.com/docker/docker v20.10.12 -> v20.10.14
- github.com/jsimonetti/rtnetlink v1.1.0 -> v1.1.1
- github.com/rivo/tview 96063d6082f3 -> 9994674d60a8
- github.com/rs/xid v1.3.0 -> v1.4.0
- github.com/siderolabs/extras v1.0.0 -> v1.1.0-alpha.0
- github.com/siderolabs/pkgs v1.0.0-6-g7c293d5 -> v1.1.0-alpha.0-15-g4b3e70e
- github.com/siderolabs/tools v1.0.0-1-g4c77d96 -> v1.1.0-alpha.0-1-g99be089
- github.com/spf13/cobra v1.3.0 -> v1.4.0
- github.com/stretchr/testify v1.7.0 -> v1.7.1
- github.com/talos-systems/go-blockdevice v0.3.1 -> b374eb48148d
- github.com/vmware-tanzu/sonobuoy v0.56.2 -> v0.56.3
- github.com/vmware/vmw-guestinfo cc1fd90d572c -> 510905f0efa3
- golang.org/x/net 27dd8689420f -> de3da57026de
- golang.org/x/sys 4e6760a101f9 -> 530d0810a4d0
- golang.zx2c4.com/wireguard/wgctrl fde48d68ee68 -> 056925b7df31
- google.golang.org/grpc v1.44.0 -> v1.45.0
- google.golang.org/protobuf v1.27.1 -> v1.28.0
- k8s.io/api v0.23.5 -> v0.24.0-beta.0
- k8s.io/apimachinery v0.23.5 -> v0.24.0-beta.0
- k8s.io/apiserver v0.23.5 -> v0.24.0-beta.0
- k8s.io/client-go v0.23.5 -> v0.24.0-beta.0
- k8s.io/component-base v0.23.5 -> v0.24.0-beta.0
- k8s.io/cri-api v0.23.5 -> v0.24.0-beta.0
- k8s.io/kubectl v0.23.5 -> v0.24.0-beta.0
- k8s.io/kubelet v0.23.5 -> v0.24.0-beta.0
Previous release can be found at v1.0.0
Talos 0.15.0-alpha.2 (2022-02-11)
Welcome to the v0.15.0-alpha.2 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.
Apply Config Enhancements
talosctl apply/patch/edit cli commands got revamped.
Separate flags --on-reboot, --immediate, --interactive were replaced
with a single --mode flag that can take the following values:
autonew mode that automatically applies the configuration in immediate/reboot mode.no-rebootforce apply immediately, if not possible, then fail.rebootforce reboot with apply config.stagedwrite new machine configuration to STATE, but don't apply it (it will be applied after a reboot).interactivestarts interactive installer, only forapply.
Pinned Kubernets Version
Command talosctl gen config now defaults to Kubernetes version pinning in the generate machine configuration.
Previously default was to omit explicit Kubernetes version, so Talos picked up the default version it was built against.
Old behavior can be achieved by specifying empty flag value: --kubernetes-version=.
Machine Configuration
Talos now preserves machine configuration as it was submitted to the node.
Machine Configuration Patching
talosctl commands which accept JSON patches (gen config, cluster create, patch machineconfig) now support multiple patches, loading patches
from files with @file.json syntax, and support loading from YAML format.
Platform Support
Talos now supports Oracle Cloud.
Platform network configuration was rewritten to avoid modifying Talos machine configuration. Network configuration is performed independent of the machine configuration presence, so it works even if Talos is booted in maintenance mode (without machine configuration is platform userdata).
SBC Support
Talos now supports Jetson Nano SBC.
Static Pods in the Machine Configuration
Talos now accepts static pod definitions in the .machine.pods key of the machine configuration.
Please note that static pod definitions are not validated by Talos.
Static pod definitions can be updated without a node reboot.
System Extensions
System extensions allow extending Talos root filesystem, which enables a set of different features, including custom container runtimes, additional firmware, etc.
System extensions are only activated during Talos installation (or upgrade), and with system extensions installed, Talos root filesystem is still immutable and read-only.
Please see extensions repository and documentation for more information.
Component Updates
- Linux: 5.15.23
- Kubernetes: 1.23.3
- CoreDNS: 1.8.7
- etcd: 3.5.2
- containerd: 1.6.0-rc.0
- runc: 1.1.0
Talos is built with Go 1.17.7
Wipe System Kernel Parameter
Added new kernel parameter talos.experimental.wipe=system which can help resetting system disk for the machine
and start over with a fresh installation.
See Resetting a Machine on how to use it.
Contributors
- Andrey Smirnov
- Noel Georgi
- Artem Chernyshev
- Spencer Smith
- Serge Logvinov
- Seán C McCord
- Florian Klink
- Steve Francis
- Andrew Rynhard
- Anthony Rabbito
- Bernard Sébastien
- Charlie Haley
- Eric Wohltman
- Niklas Metje
- Philipp Sauter
- Shahar Naveh
- Tim Jones
- nebulait
Changes
137 commits
1e9f0ad4cfeat: update Go to 1.17.7, Linux to 5.15.23fef99892dchore: pin kubernetes version totalosctl gen configbcf928134feat: udev extensions support47619f832docs: update system extensions guide with grammar fixes2bcceb6e4chore: disable TIPC and B.A.T.M.A.Nc6bca1b33docs: add guide on system extensions492b156dafeat: implement static pods via machine configuration6fadfa8dbfix: parse properly IPv6 address in the cmdlineip=argd991f3982chore: update the kernel with IGC driver enabledcbc9610befeat: sysctl system optimization8b6d6220dfix: parse interface ip correctly (nocloud)54632b1bedocs: fix developing Talos docs0da370dfetest: unlock CABPT/CACPPT provider versionsdf0e388a4feat: extract firmware part of system extensions into initramfs8899dd349chore: add json-tags for SecretsBundle4f391cd5cchore: bump kernel to 5.15.226bd07406efeat: disable reboots via kexec1e3f2f952fix: validate kubelet node IP subnets correctlyd211bff47feat: enable accept_ra when IPv6 forwarding930205831chore: update kernel to 5.15.21c7186ed08chore: bump dependencies9ee470f95feat: set /etc/localtime to UTCc34768367fix: disable auto-tls for etcd9bffc7e8dfix: pass proper sequence to shutdown sequence on ACPI shutdowne47387e41chore: bump CAPI to 1.0.45462f5ed1feat: update etcd to 3.5.2f6fa12e53docs: update upgrading Talos, Kubernetes, and Docker guides5484579c1feat: allow link scope routes in the machine config56b83b087feat: enable persistence for docker provider949464e4bfix: use leaf certificate in the apid RBAC check446972f21chore: bump kernel to 5.15.19fe40e7b1bfeat: drain node on shutdown7f0b3aae0feat: add multiple config patches, patches from files, YAML support202290be7docs: update Kubernetes upgrade video036644f7achore: bump kernel to 5.15.18dcde2c4f6chore: update k8s upgrade message1c949335cdocs: add documentation for Hyper-V7f9790912fix: clean up containerd state on installer run/validate8b98d8eb3docs: clarify Filebeat example74c03120cdocs: replace Talos upgrades video65e64d425chore: update kernel to stable 5.15.174245f72d3feat: add --extra-uefi-search-paths option7ffeb6c2edocs: update oracle cloud example151c9df09chore: add CSI tests for e2e-qemucdb621c82feat: provide a way to list installed system extensionsabfb25812feat: share/lib/firmwareacross initramfs and rootfsebec5d4a0feat: support full disk path in the diskSelector831f65a07fix: close client provider instead of Talos client in the upgrade module0bf161dfftest: add integration test for system extensions7b3962745fix: handle 404 errors from AWS IMDS correctly85782faa2feat: update Kubernetes to 1.23.3c5e5922e5chore: bump dependenciesb3c3ef29bfeat: install system extensionsa0889600fchore: fix golangci-lint installa50c42980fix: use #!/usr/bin/env bash as shebang instead of #!/bin/bash4464b725cfix: qemu: always use runtime.GOARCH for CNI bundlee7379c81brelease(v0.15.0-alpha.1): prepare release58eb3600ffix: enforce reasonable TLS min tls-min-versionb8d4c5dfafix: use correct error inkernel_param_specModify call handling4961d6867docs: drop talos.interface kernel argb1e61fa5bchore: update Linux to 5.15.16d4b844593feat: support CRI configuration merging and reimplement registry configf94c8c6e1feat: update Kubernetes to 1.23.221f497b3efeat: install readonly overlay mounts during talos chroot sequence9ad5a67d2feat: inject platform network configuration as network resources907f8cbfbdocs: fix patch flagcaa434426docs: add documentation on developing Talos16eeb6776docs: readme updates3c0737027chore: update release notes6d8bea5d5feat: jetson nano SoC1d8955ebefeat: update CoreDNS to 1.8.76af83afd5fix: handle multiple-IP cluster nodes43b2d8137chore: bump dependencies529e80f4fdocs: update home page and footer37630e70cUpdate twitter linkaf440919bfix: avoid panic in config loading/validation4b8e9de59docs: add guide on adding proprietary kernel modules833dc4169docs: rework vmware assets2869b5eeafeat: add oraclecloud.com platform supportf3ec24bebfix: vmware documentation typo2f2bdb26afeat: replace flags with --mode inapply,editandpatchcommandsb09be2a69docs: update index.md and sync across versionsca65b918adocs: add nocloud documentation59437d6d8fix: filter down nameservers for docker-based cluster create194eaa6f2chore: clean up /usr/bin from unneeded files74e727240docs: update office office539af338cdocs: update vmware docs279a3fda7feat: update Go to 1.17.6, containerd to 1.5.93d3088941chore: bump Go dependenciesd02d944ecchore: provide umarshal from YAML methods for network resource specs2e735714dfix: derive machine-id from node identityd8a2721e1test: update CAPI components to latest7dff8a53efix: ignore missing init.yaml for cluster createf4516c7d8chore: bump dependencies944f13221chore: fix release pipelinecb548a368release(v0.15.0-alpha.0): prepare releaseda0b36e61feat: introducetalos.exp.wipekernel param to wipe system diskc079eb32brefactor: use AWS SDK to access AWS metadata service2f4b9d8d6feat: make machine configuration read-only in Talos (almost)524f83d3dfeat: use official Go SDK to fetch GCP instance metadatad2a7e082ctest: retry in discovery testsf4219e530chore: remove unused methods in AWS platform35bc2940efix: kexec on RPI4f235cfbaefix: multiple usability fixesb3fbb2f31test: don't build all images in the default CI pipelinedac550a50docs: fix troubleshooting guide83e8bec6bfeat: update Linux to 5.15.11d5a82b37efeat: removeApplyDynamicConfig3623da136feat: provide a way to load Linux kernel modules4d1514adddocs: update Mayastor deployment processcff1ff6d5feat: shell completion forlist,read19728437efeat: output IPs when etcd needs to be bootstrappedc297d66a1test: attempt number on two on proper retries in CLI time testsdc299da9edocs: add arm64 option to talosctl downloadf49f40a33fix: pass path to conformance retrieve results942c8074fdocs: fork docs for 0.15880a7782cdocs: update documentation for 0.14.0 releasedc9a0cfe9chore: bump Go dependencies773496935fix: config apply immediate17c147488test: retrytalosctl timecall in the testsacf1ac0f1feat: show human-readable aliases intalosctl get rd5532867b0refactor: rewrite the implementation of Processes API80350861afeat: update Kubernetes to 1.23.14c96e936edocs: add cilium guidee3f2acb5erefactor: rewrite the check for unknown keys in the machine configuration4175396a8refactor: use update go-blockdevice library with allocation fixesb58f567a1refactor: optimize Runtime config interface to avoid config marshalingbb355c9abchore: remove govalidator library3af56bd2etest: update capi templates to v1beta1936b4c4cefix: update DHCP library with the panic fixab42886bffix: allow kubelet to be started via the APIec641f729fix: use default time servers in time API if none are configured79f213eecfix: cleanup affiliates2dd0b5b68chore: update Go to 1.17.597ffa7a64feat: upgrade kubelet version intalosctl upgrade-k8s5bc5123ebdocs: documentip=kernel argument8e1d0bfb5feat: update Kubernetes to 1.23.0
Changes since v0.15.0-alpha.1
56 commits
1e9f0ad4cfeat: update Go to 1.17.7, Linux to 5.15.23fef99892dchore: pin kubernetes version totalosctl gen configbcf928134feat: udev extensions support47619f832docs: update system extensions guide with grammar fixes2bcceb6e4chore: disable TIPC and B.A.T.M.A.Nc6bca1b33docs: add guide on system extensions492b156dafeat: implement static pods via machine configuration6fadfa8dbfix: parse properly IPv6 address in the cmdlineip=argd991f3982chore: update the kernel with IGC driver enabledcbc9610befeat: sysctl system optimization8b6d6220dfix: parse interface ip correctly (nocloud)54632b1bedocs: fix developing Talos docs0da370dfetest: unlock CABPT/CACPPT provider versionsdf0e388a4feat: extract firmware part of system extensions into initramfs8899dd349chore: add json-tags for SecretsBundle4f391cd5cchore: bump kernel to 5.15.226bd07406efeat: disable reboots via kexec1e3f2f952fix: validate kubelet node IP subnets correctlyd211bff47feat: enable accept_ra when IPv6 forwarding930205831chore: update kernel to 5.15.21c7186ed08chore: bump dependencies9ee470f95feat: set /etc/localtime to UTCc34768367fix: disable auto-tls for etcd9bffc7e8dfix: pass proper sequence to shutdown sequence on ACPI shutdowne47387e41chore: bump CAPI to 1.0.45462f5ed1feat: update etcd to 3.5.2f6fa12e53docs: update upgrading Talos, Kubernetes, and Docker guides5484579c1feat: allow link scope routes in the machine config56b83b087feat: enable persistence for docker provider949464e4bfix: use leaf certificate in the apid RBAC check446972f21chore: bump kernel to 5.15.19fe40e7b1bfeat: drain node on shutdown7f0b3aae0feat: add multiple config patches, patches from files, YAML support202290be7docs: update Kubernetes upgrade video036644f7achore: bump kernel to 5.15.18dcde2c4f6chore: update k8s upgrade message1c949335cdocs: add documentation for Hyper-V7f9790912fix: clean up containerd state on installer run/validate8b98d8eb3docs: clarify Filebeat example74c03120cdocs: replace Talos upgrades video65e64d425chore: update kernel to stable 5.15.174245f72d3feat: add --extra-uefi-search-paths option7ffeb6c2edocs: update oracle cloud example151c9df09chore: add CSI tests for e2e-qemucdb621c82feat: provide a way to list installed system extensionsabfb25812feat: share/lib/firmwareacross initramfs and rootfsebec5d4a0feat: support full disk path in the diskSelector831f65a07fix: close client provider instead of Talos client in the upgrade module0bf161dfftest: add integration test for system extensions7b3962745fix: handle 404 errors from AWS IMDS correctly85782faa2feat: update Kubernetes to 1.23.3c5e5922e5chore: bump dependenciesb3c3ef29bfeat: install system extensionsa0889600fchore: fix golangci-lint installa50c42980fix: use #!/usr/bin/env bash as shebang instead of #!/bin/bash4464b725cfix: qemu: always use runtime.GOARCH for CNI bundle
Changes from talos-systems/crypto
Changes from talos-systems/extras
3 commits
Changes from talos-systems/go-blockdevice
3 commits
Changes from talos-systems/net
Changes from talos-systems/pkgs
25 commits
6019223chore: bump kernel to 5.15.23ff4b2d8chore: bump tools for Go 1.17.7e34f883chore: disable TIPC and B.A.T.M.A.N2b8cd88feat: add Intel Ethernet Controller I225-V driver407459dfeat: enable zstd squashfs compression and firmware (xz) compression81a4b1cchore: bump kernel to 5.15.22c9a6415chore: bump kernel to 5.15.2190dcd00chore: bump kernel to 5.15.19d457b87chore: bump kernel to 5.15.18dd69678chore: disable ATA-over-Ethernet driver for arm64388ce13chore: bump kernel to 5.15.17c14eb99feat: update Linux to 5.15.165d4d8d6feat: bump containerd to 1.6.0-rc.0, runc to 1.1.05dd08a7feat: jetson nano SoC402b960chore: bump u-boot to 2022.016ce1a40feat: update Go to 1.17.608f2519feat: update containerd to 1.5.9fbb5c5cfeat: add qlcnic drivers to kernel0505e01chore: fix=mkernel build options54aa902feat: enable amdgpu in kernel2779c3ffix: kexec on rpi4950361ffeat: update Linux to 5.15.11ad611bcfeat: provide build instructions for NVIDIA kernel moduleb22723dfeat: update iPXE to the latest available versiona675c67feat: update Go to 1.17.5
Changes from talos-systems/tools
4 commits
Dependency Changes
- cloud.google.com/go/compute v1.2.0 new
- github.com/BurntSushi/toml v0.4.1 -> v1.0.0
- github.com/aws/aws-sdk-go v1.42.47 new
- github.com/containerd/cgroups v1.0.2 -> v1.0.3
- github.com/containerd/containerd v1.5.8 -> v1.6.0-rc.2
- github.com/docker/docker v20.10.11 -> v20.10.12
- github.com/google/go-cmp v0.5.6 -> v0.5.7
- github.com/google/nftables 16a134723a96 -> 91d3b4571db1
- github.com/hashicorp/go-getter v1.5.9 -> v1.5.11
- github.com/hashicorp/go-version v1.4.0 new
- github.com/insomniacslk/dhcp 5297eed8f489 -> 3c283ff8b7dd
- github.com/jsimonetti/rtnetlink fd9a11f42291 -> v1.1.0
- github.com/jxskiss/base62 v1.0.0 -> v1.1.0
- github.com/mdlayher/ethtool 288d040e9d60 -> 81c2608dd90e
- github.com/mdlayher/genetlink v1.0.0 -> v1.2.0
- github.com/mdlayher/netlink v1.4.2 -> v1.6.0
- github.com/opencontainers/image-spec v1.0.2 new
- github.com/packethost/packngo v0.20.0 -> v0.21.0
- github.com/pelletier/go-toml v1.9.4 new
- github.com/pmorjan/kmod v1.0.0 new
- github.com/rivo/tview 2a6de950f73b -> 1f7581b67bd1
- github.com/spf13/cobra v1.2.1 -> v1.3.0
- github.com/talos-systems/crypto v0.3.4 -> 510b0d2753a8
- github.com/talos-systems/extras v0.7.0-1-gd6b73a7 -> v0.8.0-alpha.0-2-g8f607fc
- github.com/talos-systems/go-blockdevice v0.2.5 -> 7b9de26bc6bc
- github.com/talos-systems/net v0.3.1 -> 409926aec1c3
- github.com/talos-systems/pkgs v0.9.0-1-g7a3419a -> v0.10.0-alpha.0-24-g6019223
- github.com/talos-systems/tools v0.9.0-1-gb1146f9 -> v0.10.0-alpha.0-3-g4c9e7a4
- github.com/u-root/u-root v7.0.0 -> v0.8.0
- github.com/vishvananda/netlink f5de75959ad5 -> 650dca95af54
- github.com/vmware-tanzu/sonobuoy v0.55.1 -> v0.56.0
- github.com/vmware/govmomi v0.27.2 -> v0.27.3
- go.etcd.io/etcd/api/v3 v3.5.1 -> v3.5.2
- go.etcd.io/etcd/client/pkg/v3 v3.5.1 -> v3.5.2
- go.etcd.io/etcd/client/v3 v3.5.1 -> v3.5.2
- go.etcd.io/etcd/etcdutl/v3 v3.5.1 -> v3.5.2
- go.uber.org/zap v1.19.1 -> v1.20.0
- golang.org/x/net 491a49abca63 -> cd36cc0744dd
- golang.org/x/sys 97ca703d548d -> 1c1b9b1eba6a
- golang.zx2c4.com/wireguard/wgctrl dd7407c86d22 -> daad0b7ba671
- google.golang.org/grpc v1.42.0 -> v1.44.0
- k8s.io/api v0.23.1 -> v0.23.3
- k8s.io/apimachinery v0.23.1 -> v0.23.3
- k8s.io/client-go v0.23.1 -> v0.23.3
- k8s.io/component-base v0.23.1 -> v0.23.3
- k8s.io/kubectl v0.23.1 -> v0.23.3
- k8s.io/kubelet v0.23.1 -> v0.23.3
- kernel.org/pub/linux/libs/security/libcap/cap v1.2.61 -> v1.2.63
Previous release can be found at v0.14.0
Talos 0.15.0-alpha.1 (2022-01-24)
Welcome to the v0.15.0-alpha.1 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.
Apply Config Enhancements
talosctl apply/patch/edit cli commands got revamped.
Separate flags --on-reboot, --immediate, --interactive were replaced
with a single --mode flag that can take the following values:
autonew mode that automatically applies the configuration in immediate/reboot mode.no-rebootforce apply immediately, if not possible, then fail.rebootforce reboot with apply config.stagedwrite new machine configuration to STATE, but don't apply it (it will be applied after a reboot).interactivestarts interactive installer, only forapply.
Machine Configuration
Talos now preserves machine configuration as it was submitted to the node.
Platform Support
Talos now supports Oracle Cloud.
Platform network configuration was rewritten to avoid modifying Talos machine configuration. Network configuration is performed independent of the machine configuration presence, so it works even if Talos is booted in maintenance mode (without machine configuration is platform userdata).
SBC Support
Talos now supports Jetson Nano SBC.
Component Updates
- Linux: 5.15.16
- containerd: 1.5.9
- CoreDNS: 1.8.7
- containerd: 1.6.0-rc.0
- runc: 1.1.0
Talos is built with Go 1.17.6
Wipe System Kernel Parameter
Added new kernel parameter talos.experimental.wipe=system which can help resetting system disk for the machine
and start over with a fresh installation.
See Resetting a Machine on how to use it.
Contributors
- Andrey Smirnov
- Noel Georgi
- Spencer Smith
- Artem Chernyshev
- Seán C McCord
- Steve Francis
- Serge Logvinov
- Andrew Rynhard
- Anthony Rabbito
- Eric Wohltman
- Niklas Metje
- Shahar Naveh
Changes
80 commits
58eb3600ffix: enforce reasonable TLS min tls-min-versionb8d4c5dfafix: use correct error inkernel_param_specModify call handling4961d6867docs: drop talos.interface kernel argb1e61fa5bchore: update Linux to 5.15.16d4b844593feat: support CRI configuration merging and reimplement registry configf94c8c6e1feat: update Kubernetes to 1.23.221f497b3efeat: install readonly overlay mounts during talos chroot sequence9ad5a67d2feat: inject platform network configuration as network resources907f8cbfbdocs: fix patch flagcaa434426docs: add documentation on developing Talos16eeb6776docs: readme updates3c0737027chore: update release notes6d8bea5d5feat: jetson nano SoC1d8955ebefeat: update CoreDNS to 1.8.76af83afd5fix: handle multiple-IP cluster nodes43b2d8137chore: bump dependencies529e80f4fdocs: update home page and footer37630e70cUpdate twitter linkaf440919bfix: avoid panic in config loading/validation4b8e9de59docs: add guide on adding proprietary kernel modules833dc4169docs: rework vmware assets2869b5eeafeat: add oraclecloud.com platform supportf3ec24bebfix: vmware documentation typo2f2bdb26afeat: replace flags with --mode inapply,editandpatchcommandsb09be2a69docs: update index.md and sync across versionsca65b918adocs: add nocloud documentation59437d6d8fix: filter down nameservers for docker-based cluster create194eaa6f2chore: clean up /usr/bin from unneeded files74e727240docs: update office office539af338cdocs: update vmware docs279a3fda7feat: update Go to 1.17.6, containerd to 1.5.93d3088941chore: bump Go dependenciesd02d944ecchore: provide umarshal from YAML methods for network resource specs2e735714dfix: derive machine-id from node identityd8a2721e1test: update CAPI components to latest7dff8a53efix: ignore missing init.yaml for cluster createf4516c7d8chore: bump dependencies944f13221chore: fix release pipelinecb548a368release(v0.15.0-alpha.0): prepare releaseda0b36e61feat: introducetalos.exp.wipekernel param to wipe system diskc079eb32brefactor: use AWS SDK to access AWS metadata service2f4b9d8d6feat: make machine configuration read-only in Talos (almost)524f83d3dfeat: use official Go SDK to fetch GCP instance metadatad2a7e082ctest: retry in discovery testsf4219e530chore: remove unused methods in AWS platform35bc2940efix: kexec on RPI4f235cfbaefix: multiple usability fixesb3fbb2f31test: don't build all images in the default CI pipelinedac550a50docs: fix troubleshooting guide83e8bec6bfeat: update Linux to 5.15.11d5a82b37efeat: removeApplyDynamicConfig3623da136feat: provide a way to load Linux kernel modules4d1514adddocs: update Mayastor deployment processcff1ff6d5feat: shell completion forlist,read19728437efeat: output IPs when etcd needs to be bootstrappedc297d66a1test: attempt number on two on proper retries in CLI time testsdc299da9edocs: add arm64 option to talosctl downloadf49f40a33fix: pass path to conformance retrieve results942c8074fdocs: fork docs for 0.15880a7782cdocs: update documentation for 0.14.0 releasedc9a0cfe9chore: bump Go dependencies773496935fix: config apply immediate17c147488test: retrytalosctl timecall in the testsacf1ac0f1feat: show human-readable aliases intalosctl get rd5532867b0refactor: rewrite the implementation of Processes API80350861afeat: update Kubernetes to 1.23.14c96e936edocs: add cilium guidee3f2acb5erefactor: rewrite the check for unknown keys in the machine configuration4175396a8refactor: use update go-blockdevice library with allocation fixesb58f567a1refactor: optimize Runtime config interface to avoid config marshalingbb355c9abchore: remove govalidator library3af56bd2etest: update capi templates to v1beta1936b4c4cefix: update DHCP library with the panic fixab42886bffix: allow kubelet to be started via the APIec641f729fix: use default time servers in time API if none are configured79f213eecfix: cleanup affiliates2dd0b5b68chore: update Go to 1.17.597ffa7a64feat: upgrade kubelet version intalosctl upgrade-k8s5bc5123ebdocs: documentip=kernel argument8e1d0bfb5feat: update Kubernetes to 1.23.0
Changes since v0.15.0-alpha.0
37 commits
58eb3600ffix: enforce reasonable TLS min tls-min-versionb8d4c5dfafix: use correct error inkernel_param_specModify call handling4961d6867docs: drop talos.interface kernel argb1e61fa5bchore: update Linux to 5.15.16d4b844593feat: support CRI configuration merging and reimplement registry configf94c8c6e1feat: update Kubernetes to 1.23.221f497b3efeat: install readonly overlay mounts during talos chroot sequence9ad5a67d2feat: inject platform network configuration as network resources907f8cbfbdocs: fix patch flagcaa434426docs: add documentation on developing Talos16eeb6776docs: readme updates3c0737027chore: update release notes6d8bea5d5feat: jetson nano SoC1d8955ebefeat: update CoreDNS to 1.8.76af83afd5fix: handle multiple-IP cluster nodes43b2d8137chore: bump dependencies529e80f4fdocs: update home page and footer37630e70cUpdate twitter linkaf440919bfix: avoid panic in config loading/validation4b8e9de59docs: add guide on adding proprietary kernel modules833dc4169docs: rework vmware assets2869b5eeafeat: add oraclecloud.com platform supportf3ec24bebfix: vmware documentation typo2f2bdb26afeat: replace flags with --mode inapply,editandpatchcommandsb09be2a69docs: update index.md and sync across versionsca65b918adocs: add nocloud documentation59437d6d8fix: filter down nameservers for docker-based cluster create194eaa6f2chore: clean up /usr/bin from unneeded files74e727240docs: update office office539af338cdocs: update vmware docs279a3fda7feat: update Go to 1.17.6, containerd to 1.5.93d3088941chore: bump Go dependenciesd02d944ecchore: provide umarshal from YAML methods for network resource specs2e735714dfix: derive machine-id from node identityd8a2721e1test: update CAPI components to latest7dff8a53efix: ignore missing init.yaml for cluster createf4516c7d8chore: bump dependencies
Changes from talos-systems/crypto
Changes from talos-systems/extras
Changes from talos-systems/go-blockdevice
2 commits
Changes from talos-systems/pkgs
14 commits
c14eb99feat: update Linux to 5.15.165d4d8d6feat: bump containerd to 1.6.0-rc.0, runc to 1.1.05dd08a7feat: jetson nano SoC402b960chore: bump u-boot to 2022.016ce1a40feat: update Go to 1.17.608f2519feat: update containerd to 1.5.9fbb5c5cfeat: add qlcnic drivers to kernel0505e01chore: fix=mkernel build options54aa902feat: enable amdgpu in kernel2779c3ffix: kexec on rpi4950361ffeat: update Linux to 5.15.11ad611bcfeat: provide build instructions for NVIDIA kernel moduleb22723dfeat: update iPXE to the latest available versiona675c67feat: update Go to 1.17.5
Changes from talos-systems/tools
Dependency Changes
- cloud.google.com/go/compute v1.0.0 new
- github.com/BurntSushi/toml v0.4.1 -> v1.0.0
- github.com/aws/aws-sdk-go v1.42.35 new
- github.com/containerd/containerd v1.5.8 -> v1.6.0-rc.0
- github.com/containerd/containerd/api v1.6.0-beta.3 new
- github.com/docker/docker v20.10.11 -> v20.10.12
- github.com/google/nftables 16a134723a96 -> 6f19c4381e13
- github.com/hashicorp/go-getter v1.5.9 -> v1.5.11
- github.com/jsimonetti/rtnetlink fd9a11f42291 -> 9dff439f7e79
- github.com/jxskiss/base62 v1.0.0 -> v1.1.0
- github.com/mdlayher/ethtool 288d040e9d60 -> bc8fdcf6e99c
- github.com/mdlayher/genetlink v1.0.0 -> v1.1.0
- github.com/mdlayher/netlink v1.4.2 -> v1.5.0
- github.com/packethost/packngo v0.20.0 -> v0.21.0
- github.com/pelletier/go-toml v1.9.4 new
- github.com/pmorjan/kmod v1.0.0 new
- github.com/rivo/tview 2a6de950f73b -> 90d72bc664f5
- github.com/spf13/cobra v1.2.1 -> v1.3.0
- github.com/talos-systems/crypto v0.3.4 -> 6fa2d93d0382
- github.com/talos-systems/extras v0.7.0-1-gd6b73a7 -> v0.8.0-alpha.0-1-g7c1f3cc
- github.com/talos-systems/go-blockdevice v0.2.5 -> 6928ee43c303
- github.com/talos-systems/pkgs v0.9.0-1-g7a3419a -> v0.10.0-alpha.0-13-gc14eb99
- github.com/talos-systems/tools v0.9.0-1-gb1146f9 -> v0.10.0-alpha.0-1-g67314b1
- github.com/u-root/u-root v7.0.0 -> v0.8.0
- github.com/vishvananda/netlink f5de75959ad5 -> 650dca95af54
- go.uber.org/zap v1.19.1 -> v1.20.0
- golang.org/x/net 491a49abca63 -> 0dd24b26b47d
- golang.org/x/sys 97ca703d548d -> da31bd327af9
- golang.zx2c4.com/wireguard/wgctrl dd7407c86d22 -> daad0b7ba671
- google.golang.org/grpc v1.42.0 -> v1.43.0
- k8s.io/api v0.23.1 -> v0.23.2
- k8s.io/apimachinery v0.23.1 -> v0.23.2
- k8s.io/client-go v0.23.1 -> v0.23.2
- k8s.io/component-base v0.23.1 -> v0.23.2
- k8s.io/kubectl v0.23.1 -> v0.23.2
- k8s.io/kubelet v0.23.1 -> v0.23.2
- kernel.org/pub/linux/libs/security/libcap/cap v1.2.61 -> v1.2.62
Previous release can be found at v0.14.0
Talos 0.15.0-alpha.0 (2021-12-30)
Welcome to the v0.15.0-alpha.0 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.
Machine Configuration
Talos now preserves machine configuration as it was submitted to the node. There is some work still going on various cloud platforms to stop modifying machine configuration on the fly.
Component Updates
- Linux: 5.15.11
Wipe System Kernel Parameter
Added new kernel parameter talos.experimental.wipe=system which can help resetting system disk for the machine
and start over with a fresh installation.
See Resetting a Machine on how to use it.
Contributors
- Andrey Smirnov
- Noel Georgi
- Spencer Smith
- Artem Chernyshev
- Niklas Metje
Changes
41 commits
da0b36e61feat: introducetalos.exp.wipekernel param to wipe system diskc079eb32brefactor: use AWS SDK to access AWS metadata service2f4b9d8d6feat: make machine configuration read-only in Talos (almost)524f83d3dfeat: use official Go SDK to fetch GCP instance metadatad2a7e082ctest: retry in discovery testsf4219e530chore: remove unused methods in AWS platform35bc2940efix: kexec on RPI4f235cfbaefix: multiple usability fixesb3fbb2f31test: don't build all images in the default CI pipelinedac550a50docs: fix troubleshooting guide83e8bec6bfeat: update Linux to 5.15.11d5a82b37efeat: removeApplyDynamicConfig3623da136feat: provide a way to load Linux kernel modules4d1514adddocs: update Mayastor deployment processcff1ff6d5feat: shell completion forlist,read19728437efeat: output IPs when etcd needs to be bootstrappedc297d66a1test: attempt number on two on proper retries in CLI time testsdc299da9edocs: add arm64 option to talosctl downloadf49f40a33fix: pass path to conformance retrieve results942c8074fdocs: fork docs for 0.15880a7782cdocs: update documentation for 0.14.0 releasedc9a0cfe9chore: bump Go dependencies773496935fix: config apply immediate17c147488test: retrytalosctl timecall in the testsacf1ac0f1feat: show human-readable aliases intalosctl get rd5532867b0refactor: rewrite the implementation of Processes API80350861afeat: update Kubernetes to 1.23.14c96e936edocs: add cilium guidee3f2acb5erefactor: rewrite the check for unknown keys in the machine configuration4175396a8refactor: use update go-blockdevice library with allocation fixesb58f567a1refactor: optimize Runtime config interface to avoid config marshalingbb355c9abchore: remove govalidator library3af56bd2etest: update capi templates to v1beta1936b4c4cefix: update DHCP library with the panic fixab42886bffix: allow kubelet to be started via the APIec641f729fix: use default time servers in time API if none are configured79f213eecfix: cleanup affiliates2dd0b5b68chore: update Go to 1.17.597ffa7a64feat: upgrade kubelet version intalosctl upgrade-k8s5bc5123ebdocs: documentip=kernel argument8e1d0bfb5feat: update Kubernetes to 1.23.0
Changes from talos-systems/crypto
Changes from talos-systems/extras
Changes from talos-systems/go-blockdevice
2 commits
Changes from talos-systems/pkgs
5 commits
Changes from talos-systems/tools
Dependency Changes
- cloud.google.com/go v0.99.0 new
- github.com/aws/aws-sdk-go v1.42.25 new
- github.com/docker/docker v20.10.11 -> v20.10.12
- github.com/google/nftables 16a134723a96 -> 6f19c4381e13
- github.com/jsimonetti/rtnetlink fd9a11f42291 -> 9dff439f7e79
- github.com/mdlayher/ethtool 288d040e9d60 -> bc8fdcf6e99c
- github.com/mdlayher/genetlink v1.0.0 -> v1.1.0
- github.com/mdlayher/netlink v1.4.2 -> v1.5.0
- github.com/pmorjan/kmod v1.0.0 new
- github.com/spf13/cobra v1.2.1 -> v1.3.0
- github.com/talos-systems/crypto v0.3.4 -> 6fa2d93d0382
- github.com/talos-systems/extras v0.7.0-1-gd6b73a7 -> v0.8.0-alpha.0
- github.com/talos-systems/go-blockdevice v0.2.5 -> 6928ee43c303
- github.com/talos-systems/pkgs v0.9.0-1-g7a3419a -> v0.10.0-alpha.0-4-g2779c3f
- github.com/talos-systems/tools v0.9.0-1-gb1146f9 -> v0.10.0-alpha.0
- golang.org/x/net 491a49abca63 -> fe4d6282115f
- golang.org/x/sys 97ca703d548d -> 1d35b9e2eb4e
- golang.zx2c4.com/wireguard/wgctrl dd7407c86d22 -> 7a385b3431de
- google.golang.org/grpc v1.42.0 -> v1.43.0
- kernel.org/pub/linux/libs/security/libcap/cap v1.2.61 -> v1.2.62
Previous release can be found at v0.14.0
Talos 0.14.0-alpha.2 (2021-11-30)
Welcome to the v0.14.0-alpha.2 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.
Kexec and capabilities
When kexec support is disabled
Talos no longer drops Linux capabilities (CAP_SYS_BOOT and CAP_SYS_MODULES) for child processes.
That is helpful for advanced use-cases like Docker-in-Docker.
If you want to permanently disable kexec and capabilities dropping, pass kexec_load_disabled=1 argument to the kernel.
For example:
install:
extraKernelArgs:
- sysctl.kernel.kexec_load_disabled=1
Please note that capabilities are dropped before machine configuration is loaded,
so disabling kexec via machine.sysctls will not be enough.
Cluster Discovery
Cluster Discovery is enabled by default for Talos 0.14.
Cluster Discovery can be disabled with talosctl gen config --with-cluster-discovery=false.
Kubelet
Kubelet service can now be restarted with talosctl service kubelet restart.
Kubelet node IP configuration (.machine.kubelet.nodeIP.validSubnets) can now include negative subnet matches (prefixed with !).
Log Shipping
Talos can now ship system logs
to the configured destination using either JSON-over-UDP or JSON-over-TCP:
see .machine.logging machine configuration option.
NTP Sync
Talos NTP sync process was improved to align better with kernel time adjustment periods and to filter out spikes.
SideroLink
A set of Talos ehancements is going to unlock a number of exciting features in the upcoming release of Sidero:
SideroLink: a point-to-point Wireguard tunnel connecting Talos node back to the provisioning platform (Sidero).- event sink (kernel arg
talos.event.sink=http://10.0.0.1:4000) delivers Talos internal events to the specified destination. - kmsg log delivery (kernel arg
talos.logging.kernel=tcp://10.0.0.1:4001) sends kernel logs as JSON lines over TCP or UDP.
talosctl support
talosctl CLI tool now has a new subcommand called support, that can gather all
cluster information that could help with future debugging in a single run.
Output of the command is a zip archive with all talos service logs, kubernetes pod logs and manifests,
talos resources manifests and so on.
Generated archive does not contain any secret information so it is safe to send it for analysis to a third party.
Component Updates
- Linux: 5.15.5
- etcd: 3.5.1
- containerd: 1.5.8
- Kubernetes: 1.23.0-rc.0
- CoreDNS: 1.8.6
Talos is built with Go 1.17.3
Kubernetes Upgrade Enhancements
talosctl upgrade-k8s now syncs all Talos manifest resources generated from templates.
So there is no need to update CoreDNS, Flannel container manually after running upgrade-k8s anymore.
Contributors
- Andrey Smirnov
- Alexey Palazhchenko
- Artem Chernyshev
- Serge Logvinov
- Noel Georgi
- Nico Berlee
- Spencer Smith
- Alex Zero
- Andrew Rynhard
- Branden Cash
- David Haines
- Gerard de Leeuw
- Michael Fornaro
- Rui Lopes
Changes
136 commits
e9f4b7b2feat: update Linux to 5.15.54d0a75a3docs: add documentation about logging8d1cbeefchore: add API breaking changes detectored7fb9dbfeat: move kubelet proccesses to /podruntime cgroup2cd3f9befeat: filter out SideroLink addresses by default0f169bf9chore: add API deprecations mechanismeaf6d472refactor: use random port listener in kernel log delivery testsbf4c81e7feat: kernel log (kmsg) delivery controllerf3149780feat: update Kubernetes to 1.23.0-rc.0b824909dfix: disable kexec on RPi43257751bfix: initialize Drainer properlye4bc68bffix: leave only a single IPv4/IPv6 address as kubelet's node IPe6d00741feat: update pkgs - Linux 5.15.4, LibreSSL 3.2.7d5cbc364feat: add GCP ccm7433150ffeat: implement events sink controllerb4a406aetest: pin cluster API templates version to tag v1alpha49427e78dfix: catch panics in network operator runsd1f55f90fix: update blockdevice library to properly handle absent GPT5ac64b2dchore: set version in unit-tests20d39c0bchore: format .proto files852bf4a7feat: talosctl fish completion support6bb75150fix: allow add_key and request_key in kubelet seccomp profile6487b21ffeat: update pkgs for u-boot, containerd, etcf7d1e777feat: provide SideroLink client implementation58892cd6fix: unblock events watch on context cancelcaa76be2fix: containerd failed to load plugin1ffa8e04feat: add ULA prefix for SideroLinkc6a67b86fix: ignore not existing nodes on cordoningf7302525feat: add new event types7c9b082ffeat: update Kubernetes to 1.23.0-beta.0750e31c4fix: ignore EBUSY fromkexec_file_load2d11b595fix: ignore virtual IP as kubelet node IPs030fd349fix: don't run kexec prepare on shutdown and reset6dcce20etest: set proper pod CIDR for Cilium tests695300darelease(v0.14.0-alpha.1): prepare release753a8218refactor: move pkg/resources to machinery0102a64arefactor: remove pkg/resources dependencies on wgtypes, netx7462733bchore: update golangci-lint032c99a0refactor: remove pkg/resources dependencies on k8s and base624a5cff45perf: raspberry PIs clockspeed as fast as firmware allowsa76f6d69feat: allow kubelet to be restarted and provide negative nodeIP subnets189221d5chore: update dependencies41f0aeccdocs: update partition info95105071chore: fix simple issues found by golangci-lintd4b0ca21test: retry upgrade mutex lock failures4357e9a8docs: add Talos partions info8e8687d7fix: use temporary sonobuoy versione4e8e873test: disable e2e-misc test with Canal CNI897da2f6docs: common typosa50483ddfeat: update Linux to 5.15.1a2233bfefix: improve NTP sync process7efc1238fix: parse partition size correctlyd6147eb1chore: update sonobuoyefbae785fix: use etc folder for du cli tests198eea51fix: wait for follow reader to start before writing to the filee7f715ebchore: log KubeSpan IPs overlaps82a1ad16chore: bump dependenciese8fccbf5fix: clear time adjustment error when setting time to specific valuee6f90bb4chore: remove unused parameters785161d1feat: update k8s to 1.23.0-alpha.4fe228d7cfix: do not use yaml.v2 in the support cmd9b48ca21fix: endpoints and nodes in generated talosconfig6e16fd2fchore: update tools, pkgs, and extras261c497cfeat: implementtalosctl supportcommandfc7dc454chore: check our API idiosyncrasiesb1584429feat: use GCP deployment manager3e7d4df9chore: bump dependencies88f24229refactor: get rid of prometheus/procfs dependency in pkg/resourcesdd196d30refactor: prepare for move of pkg/resources to machineryf6110f80fix: remove listening socket to fix Talos in a container restart53bbb13edocs: update docs with emmc boot guide8329d211chore: split polymorphic RootSecret resource into specific typesc97becddchore: remove interfaces and routes APIsd798635dfeat: automatically limit kubelet node IP family based on service CIDRs205a8d6dchore: make nethelpers build on all OSes5b5dd49ffeat: extract JSON fields from more log messageseb4f1182docs: create cluster in hetzner cloud728164e2docs: fix kexec_load_disabled param name in release notesf6328f09fix: fix filename typo01b0f0abrelease(v0.14.0-alpha.0): prepare release8b620653fix: skip generating empty.machine.logging60ad0063fix: don't drop ability to use ambient capabilitiesb6b78e7ftest: add cluster discovery integration tests97d64d16fix: hcloud network config changes4c76865dfeat: multiple logging improvements1d1e1df6fix: handle skipped mounts correctly0a964d92test: fix openstack unit-test stability72f62ac2chore: bump Go and Docker dependencies9c48ebe8fix: gcp fetching externalIP6c297268test: fix e2e k8s versionae5af9d3feat: update Kubernetes to 1.23.0-alpha.328d3a69efeat: openstack config-drive support2258bc49test: update GCP e2e script to work with new templates36b6ace2feat: update Linux to 5.10.7538516a54test: update Talos versions in upgrade testscff20ec7fix: change services OOM score666a2b62feat: azure platform ipv6 supportd32814e3feat: extract JSON fields from log linese77d81fffix: treat literal 'unknown' as a valid machine typec8e404e3test: update vars for AWS clusterad23891bfeat: update CoreDNS version 1.8.641299caefeat: udev rules support5237fdc9feat: send JSON logs over UDP6d44587afeat: coredns service dualstack12f7888bfeat: feed control plane endpoints on workers from cluster discovery431e4fb4chore: bump Go and Docker dependencies89f3b9f8feat: update etcd to 3.5.1e60469a3feat: initial support for JSON logging68c420e3feat: enable cluster discovery by default3e100aa9test: workaround EventsWatch test flakiness9bd4838achore: stop using sonobuoy CLI6ad45951docs: fix field names for bonding configurationd7a3b7b5chore: use discovery-client and discovery-api modulesd6309eeddocs: create docs for Talos 0.14c0fda643fix: attempt to clean up tasks in containerd runner8cf442dachore: bump tools, pkgs, extras0dad5f4dchore: small cleanupe3e2113afeat: upgrade CoreDNS duringupgrade-k8scalld92c98e1docs: fix discovery service documentation linke44b11c5feat: update containerd to 1.5.7, bump Go dependencies24129307docs: make Talos 0.13 docs latest, update documentation31b6e39efix: delete expired affiliates from the discovery service877a2b6ftest: bump CAPI components to v1alpha42ba0e0acdocs: add KubeSpan documentation997873b6fix: use ECDSA-SHA512 when generating certs for Talos < 0.137137166dfix: allow overridingaudit-policy-fileinkube-apiserverstatic pod8fcd4219chore: fix integration-qemu-race91a858b5fix: sort output of the argument builder657f7a56fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs983d2459feat: suppress logging NTP sync to the console022c7335fix: add interface route if DHCP4 router is not directly routeable66a1579efix: don't enable 'no new privs' on the system level423861cffeat: don't drop capabilities if kexec is disabledfacc8c38docs: fix documentation for cluster discoveryce65ca4echore: build using only amd64 builderse9b0f010chore: update docker image in the pipeline
Changes since v0.14.0-alpha.1
34 commits
e9f4b7b2feat: update Linux to 5.15.54d0a75a3docs: add documentation about logging8d1cbeefchore: add API breaking changes detectored7fb9dbfeat: move kubelet proccesses to /podruntime cgroup2cd3f9befeat: filter out SideroLink addresses by default0f169bf9chore: add API deprecations mechanismeaf6d472refactor: use random port listener in kernel log delivery testsbf4c81e7feat: kernel log (kmsg) delivery controllerf3149780feat: update Kubernetes to 1.23.0-rc.0b824909dfix: disable kexec on RPi43257751bfix: initialize Drainer properlye4bc68bffix: leave only a single IPv4/IPv6 address as kubelet's node IPe6d00741feat: update pkgs - Linux 5.15.4, LibreSSL 3.2.7d5cbc364feat: add GCP ccm7433150ffeat: implement events sink controllerb4a406aetest: pin cluster API templates version to tag v1alpha49427e78dfix: catch panics in network operator runsd1f55f90fix: update blockdevice library to properly handle absent GPT5ac64b2dchore: set version in unit-tests20d39c0bchore: format .proto files852bf4a7feat: talosctl fish completion support6bb75150fix: allow add_key and request_key in kubelet seccomp profile6487b21ffeat: update pkgs for u-boot, containerd, etcf7d1e777feat: provide SideroLink client implementation58892cd6fix: unblock events watch on context cancelcaa76be2fix: containerd failed to load plugin1ffa8e04feat: add ULA prefix for SideroLinkc6a67b86fix: ignore not existing nodes on cordoningf7302525feat: add new event types7c9b082ffeat: update Kubernetes to 1.23.0-beta.0750e31c4fix: ignore EBUSY fromkexec_file_load2d11b595fix: ignore virtual IP as kubelet node IPs030fd349fix: don't run kexec prepare on shutdown and reset6dcce20etest: set proper pod CIDR for Cilium tests
Changes from talos-systems/discovery-api
Changes from talos-systems/discovery-client
Changes from talos-systems/extras
Changes from talos-systems/go-blockdevice
2 commits
Changes from talos-systems/go-smbios
Changes from talos-systems/net
2 commits
Changes from talos-systems/pkgs
22 commits
422276dfeat: update Linux to 5.15.5d385e24chore: update LibreSSL to 3.2.739a3b76feat: update Linux to 5.15.4ca30b50feat: update u-boot to 2021.10cea93f1chore: add conformance79d16b8feat: update containerd to 1.5.81c76107feat: add mdraid 1/0/10740da24feat: bump raspberrypi-firmware to 1.20211029832dae4fix: enable CONFIG_DM_SNAPSHOTf307e64feat: update Linux to 5.15.14f0f238chore: update tools932c3cffeat: update libseccomp to 2.5.37f3311efeat: update cpu governor to schedutilb4cdb99fix: update containerd shas80a63d4feat: update Linux to 5.10.755c98efdfeat: add QLogic QED 25/40/100Gb Ethernet NIC driverbfb2365feat: enable driver for SuperMicro raid controller657e16bfeat: enable Intel VMD driverf7d9d72feat: enable smarpqi driver and related optionsbca3be0feat: enable aqtion device driverb88127achore: update tools971735ffeat: update containerd to 1.5.7
Changes from talos-systems/siderolink
6 commits
d0612a7refactor: pass in listener to the log receiverd86cdd5feat: implement logreceiver for kernel logsf7cadbcfix: handle duplicate peer updates0755b24feat: initial implementation of SideroLinkee73ea9feat: add Talos events sink proto files and the reference implementation1e2cd9dInitial commit
Changes from talos-systems/tools
6 commits
Dependency Changes
- github.com/AlekSi/pointer v1.1.0 -> v1.2.0
- github.com/cenkalti/backoff/v4 v4.1.2 new
- github.com/containerd/cgroups v1.0.1 -> v1.0.2
- github.com/containerd/containerd v1.5.5 -> v1.5.8
- github.com/docker/docker v20.10.8 -> v20.10.11
- github.com/evanphx/json-patch v4.11.0 -> v5.6.0
- github.com/gosuri/uiprogress v0.0.1 new
- github.com/hashicorp/go-getter v1.5.8 -> v1.5.9
- github.com/hetznercloud/hcloud-go v1.32.0 -> v1.33.1
- github.com/insomniacslk/dhcp b95caade3eac -> ad197bcd36fd
- github.com/jsimonetti/rtnetlink 435639c8e6a8 -> 93da33804786
- github.com/jxskiss/base62 4f11678b909b -> v1.0.0
- github.com/mdlayher/ethtool 2b88debcdd43 -> 288d040e9d60
- github.com/rivo/tview ee97a7ab3975 -> badfa0f0b301
- github.com/talos-systems/discovery-api v0.1.0 new
- github.com/talos-systems/discovery-client v0.1.0 new
- github.com/talos-systems/extras v0.6.0 -> v0.7.0-alpha.0-1-g2bb2efc
- github.com/talos-systems/go-blockdevice v0.2.4 -> 15b182db0cd2
- github.com/talos-systems/go-smbios v0.1.0 -> fd5ec8ce4873
- github.com/talos-systems/net v0.3.0 -> b4b718179a1a
- github.com/talos-systems/pkgs v0.8.0 -> v0.9.0-alpha.0-21-g422276d
- github.com/talos-systems/siderolink v0.1.0 new
- github.com/talos-systems/talos/pkg/machinery v0.13.0 ->
1ffa8e0480 - github.com/talos-systems/tools v0.8.0 -> v0.9.0-alpha.0-5-g96e0231
- github.com/vmware-tanzu/sonobuoy v0.53.2 -> v0.55.1
- github.com/vmware/govmomi v0.26.1 -> v0.27.2
- github.com/vmware/vmw-guestinfo 687661b8bd8e -> cc1fd90d572c
- go.etcd.io/etcd/api/v3 v3.5.0 -> v3.5.1
- go.etcd.io/etcd/client/pkg/v3 v3.5.0 -> v3.5.1
- go.etcd.io/etcd/client/v3 v3.5.0 -> v3.5.1
- go.etcd.io/etcd/etcdutl/v3 v3.5.0 -> v3.5.1
- go.uber.org/atomic v1.7.0 new
- golang.org/x/net 3ad01bbaa167 -> d83791d6bcd9
- golang.org/x/sys 39ccf1dd6fa6 -> fe61309f8881
- golang.org/x/term 140adaaadfaf -> 03fcf44c2211
- golang.org/x/time 1f47c861a9ac -> f0f3c7e86c11
- golang.zx2c4.com/wireguard/wgctrl 0a2f4901cba6 -> dd7407c86d22
- google.golang.org/grpc v1.41.0 -> v1.42.0
- inet.af/netaddr 85fa6c94624e -> c74959edd3b6
- k8s.io/api v0.22.2 -> v0.23.0-alpha.4
- k8s.io/apimachinery v0.22.2 -> v0.23.0-alpha.4
- k8s.io/client-go v0.22.2 -> v0.23.0-alpha.4
- k8s.io/cri-api v0.22.2 -> v0.23.0-alpha.4
- k8s.io/kubectl v0.22.2 -> v0.23.0-alpha.4
- k8s.io/kubelet v0.22.2 -> v0.23.0-alpha.4
- kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 -> v1.2.61
- sigs.k8s.io/yaml v1.3.0 new
Previous release can be found at v0.13.0
Talos 0.14.0-alpha.1 (2021-11-15)
Welcome to the v0.14.0-alpha.1 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.
Kexec and capabilities
When kexec support is disabled
Talos no longer drops Linux capabilities (CAP_SYS_BOOT and CAP_SYS_MODULES) for child processes.
That is helpful for advanced use-cases like Docker-in-Docker.
If you want to permanently disable kexec and capabilities dropping, pass kexec_load_disabled=1 argument to the kernel.
For example:
install:
extraKernelArgs:
- sysctl.kernel.kexec_load_disabled=1
Please note that capabilities are dropped before machine configuration is loaded,
so disabling kexec via machine.sysctls will not be enough.
Cluster Discovery
Cluster Discovery is enabled by default for Talos 0.14.
Cluster Discovery can be disabled with talosctl gen config --with-cluster-discovery=false.
Kubelet
Kubelet service can now be restarted with talosctl service kubelet restart.
Kubelet node IP configuration (.machine.kubelet.nodeIP.validSubnets) can now include negative subnet matches (prefixed with !).
Log Shipping
Talos can now ship system logs to the configured destination using either JSON-over-UDP or JSON-over-TCP:
see .machine.logging machine configuration option.
talosctl support
talosctl CLI tool now has a new subcommand called support, that can gather all
cluster information that could help with future debugging in a single run.
Output of the command is a zip archive with all talos service logs, kubernetes pod logs and manifests,
talos resources manifests and so on.
Generated archive does not contain any secret information so it is safe to send it for analysis to a third party.
Component Updates
- Linux: 5.15.1
- etcd: 3.5.1
- containerd: 1.5.7
- Kubernetes: 1.23.0-alpha.4
- CoreDNS: 1.8.6
Talos is built with Go 1.17.2
Kubernetes Upgrade Enhancements
talosctl upgrade-k8s now syncs all Talos manifest resources generated from templates.
So there is no need to update CoreDNS, Flannel container manually after running upgrade-k8s anymore.
Contributors
- Andrey Smirnov
- Alexey Palazhchenko
- Artem Chernyshev
- Serge Logvinov
- Noel Georgi
- Spencer Smith
- Nico Berlee
- Alex Zero
- Andrew Rynhard
- Branden Cash
- David Haines
- Gerard de Leeuw
- Michael Fornaro
- Rui Lopes
Changes
101 commits
753a8218refactor: move pkg/resources to machinery0102a64arefactor: remove pkg/resources dependencies on wgtypes, netx7462733bchore: update golangci-lint032c99a0refactor: remove pkg/resources dependencies on k8s and base624a5cff45perf: raspberry PIs clockspeed as fast as firmware allowsa76f6d69feat: allow kubelet to be restarted and provide negative nodeIP subnets189221d5chore: update dependencies41f0aeccdocs: update partition info95105071chore: fix simple issues found by golangci-lintd4b0ca21test: retry upgrade mutex lock failures4357e9a8docs: add Talos partions info8e8687d7fix: use temporary sonobuoy versione4e8e873test: disable e2e-misc test with Canal CNI897da2f6docs: common typosa50483ddfeat: update Linux to 5.15.1a2233bfefix: improve NTP sync process7efc1238fix: parse partition size correctlyd6147eb1chore: update sonobuoyefbae785fix: use etc folder for du cli tests198eea51fix: wait for follow reader to start before writing to the filee7f715ebchore: log KubeSpan IPs overlaps82a1ad16chore: bump dependenciese8fccbf5fix: clear time adjustment error when setting time to specific valuee6f90bb4chore: remove unused parameters785161d1feat: update k8s to 1.23.0-alpha.4fe228d7cfix: do not use yaml.v2 in the support cmd9b48ca21fix: endpoints and nodes in generated talosconfig6e16fd2fchore: update tools, pkgs, and extras261c497cfeat: implementtalosctl supportcommandfc7dc454chore: check our API idiosyncrasiesb1584429feat: use GCP deployment manager3e7d4df9chore: bump dependencies88f24229refactor: get rid of prometheus/procfs dependency in pkg/resourcesdd196d30refactor: prepare for move of pkg/resources to machineryf6110f80fix: remove listening socket to fix Talos in a container restart53bbb13edocs: update docs with emmc boot guide8329d211chore: split polymorphic RootSecret resource into specific typesc97becddchore: remove interfaces and routes APIsd798635dfeat: automatically limit kubelet node IP family based on service CIDRs205a8d6dchore: make nethelpers build on all OSes5b5dd49ffeat: extract JSON fields from more log messageseb4f1182docs: create cluster in hetzner cloud728164e2docs: fix kexec_load_disabled param name in release notesf6328f09fix: fix filename typo01b0f0abrelease(v0.14.0-alpha.0): prepare release8b620653fix: skip generating empty.machine.logging60ad0063fix: don't drop ability to use ambient capabilitiesb6b78e7ftest: add cluster discovery integration tests97d64d16fix: hcloud network config changes4c76865dfeat: multiple logging improvements1d1e1df6fix: handle skipped mounts correctly0a964d92test: fix openstack unit-test stability72f62ac2chore: bump Go and Docker dependencies9c48ebe8fix: gcp fetching externalIP6c297268test: fix e2e k8s versionae5af9d3feat: update Kubernetes to 1.23.0-alpha.328d3a69efeat: openstack config-drive support2258bc49test: update GCP e2e script to work with new templates36b6ace2feat: update Linux to 5.10.7538516a54test: update Talos versions in upgrade testscff20ec7fix: change services OOM score666a2b62feat: azure platform ipv6 supportd32814e3feat: extract JSON fields from log linese77d81fffix: treat literal 'unknown' as a valid machine typec8e404e3test: update vars for AWS clusterad23891bfeat: update CoreDNS version 1.8.641299caefeat: udev rules support5237fdc9feat: send JSON logs over UDP6d44587afeat: coredns service dualstack12f7888bfeat: feed control plane endpoints on workers from cluster discovery431e4fb4chore: bump Go and Docker dependencies89f3b9f8feat: update etcd to 3.5.1e60469a3feat: initial support for JSON logging68c420e3feat: enable cluster discovery by default3e100aa9test: workaround EventsWatch test flakiness9bd4838achore: stop using sonobuoy CLI6ad45951docs: fix field names for bonding configurationd7a3b7b5chore: use discovery-client and discovery-api modulesd6309eeddocs: create docs for Talos 0.14c0fda643fix: attempt to clean up tasks in containerd runner8cf442dachore: bump tools, pkgs, extras0dad5f4dchore: small cleanupe3e2113afeat: upgrade CoreDNS duringupgrade-k8scalld92c98e1docs: fix discovery service documentation linke44b11c5feat: update containerd to 1.5.7, bump Go dependencies24129307docs: make Talos 0.13 docs latest, update documentation31b6e39efix: delete expired affiliates from the discovery service877a2b6ftest: bump CAPI components to v1alpha42ba0e0acdocs: add KubeSpan documentation997873b6fix: use ECDSA-SHA512 when generating certs for Talos < 0.137137166dfix: allow overridingaudit-policy-fileinkube-apiserverstatic pod8fcd4219chore: fix integration-qemu-race91a858b5fix: sort output of the argument builder657f7a56fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs983d2459feat: suppress logging NTP sync to the console022c7335fix: add interface route if DHCP4 router is not directly routeable66a1579efix: don't enable 'no new privs' on the system level423861cffeat: don't drop capabilities if kexec is disabledfacc8c38docs: fix documentation for cluster discoveryce65ca4echore: build using only amd64 builderse9b0f010chore: update docker image in the pipeline
Changes since v0.14.0-alpha.0
44 commits
753a8218refactor: move pkg/resources to machinery0102a64arefactor: remove pkg/resources dependencies on wgtypes, netx7462733bchore: update golangci-lint032c99a0refactor: remove pkg/resources dependencies on k8s and base624a5cff45perf: raspberry PIs clockspeed as fast as firmware allowsa76f6d69feat: allow kubelet to be restarted and provide negative nodeIP subnets189221d5chore: update dependencies41f0aeccdocs: update partition info95105071chore: fix simple issues found by golangci-lintd4b0ca21test: retry upgrade mutex lock failures4357e9a8docs: add Talos partions info8e8687d7fix: use temporary sonobuoy versione4e8e873test: disable e2e-misc test with Canal CNI897da2f6docs: common typosa50483ddfeat: update Linux to 5.15.1a2233bfefix: improve NTP sync process7efc1238fix: parse partition size correctlyd6147eb1chore: update sonobuoyefbae785fix: use etc folder for du cli tests198eea51fix: wait for follow reader to start before writing to the filee7f715ebchore: log KubeSpan IPs overlaps82a1ad16chore: bump dependenciese8fccbf5fix: clear time adjustment error when setting time to specific valuee6f90bb4chore: remove unused parameters785161d1feat: update k8s to 1.23.0-alpha.4fe228d7cfix: do not use yaml.v2 in the support cmd9b48ca21fix: endpoints and nodes in generated talosconfig6e16fd2fchore: update tools, pkgs, and extras261c497cfeat: implementtalosctl supportcommandfc7dc454chore: check our API idiosyncrasiesb1584429feat: use GCP deployment manager3e7d4df9chore: bump dependencies88f24229refactor: get rid of prometheus/procfs dependency in pkg/resourcesdd196d30refactor: prepare for move of pkg/resources to machineryf6110f80fix: remove listening socket to fix Talos in a container restart53bbb13edocs: update docs with emmc boot guide8329d211chore: split polymorphic RootSecret resource into specific typesc97becddchore: remove interfaces and routes APIsd798635dfeat: automatically limit kubelet node IP family based on service CIDRs205a8d6dchore: make nethelpers build on all OSes5b5dd49ffeat: extract JSON fields from more log messageseb4f1182docs: create cluster in hetzner cloud728164e2docs: fix kexec_load_disabled param name in release notesf6328f09fix: fix filename typo
Changes from talos-systems/discovery-api
Changes from talos-systems/discovery-client
Changes from talos-systems/extras
Changes from talos-systems/net
Changes from talos-systems/pkgs
15 commits
740da24feat: bump raspberrypi-firmware to 1.20211029832dae4fix: enable CONFIG_DM_SNAPSHOTf307e64feat: update Linux to 5.15.14f0f238chore: update tools932c3cffeat: update libseccomp to 2.5.37f3311efeat: update cpu governor to schedutilb4cdb99fix: update containerd shas80a63d4feat: update Linux to 5.10.755c98efdfeat: add QLogic QED 25/40/100Gb Ethernet NIC driverbfb2365feat: enable driver for SuperMicro raid controller657e16bfeat: enable Intel VMD driverf7d9d72feat: enable smarpqi driver and related optionsbca3be0feat: enable aqtion device driverb88127achore: update tools971735ffeat: update containerd to 1.5.7
Changes from talos-systems/tools
6 commits
Dependency Changes
- github.com/AlekSi/pointer v1.1.0 -> v1.2.0
- github.com/containerd/cgroups v1.0.1 -> v1.0.2
- github.com/containerd/containerd v1.5.5 -> v1.5.7
- github.com/docker/docker v20.10.8 -> v20.10.10
- github.com/evanphx/json-patch v4.11.0 -> v4.12.0
- github.com/gosuri/uiprogress v0.0.1 new
- github.com/hashicorp/go-getter v1.5.8 -> v1.5.9
- github.com/hetznercloud/hcloud-go v1.32.0 -> v1.33.1
- github.com/insomniacslk/dhcp b95caade3eac -> ad197bcd36fd
- github.com/jsimonetti/rtnetlink 435639c8e6a8 -> 93da33804786
- github.com/jxskiss/base62 4f11678b909b -> v1.0.0
- github.com/mdlayher/ethtool 2b88debcdd43 -> 288d040e9d60
- github.com/rivo/tview ee97a7ab3975 -> badfa0f0b301
- github.com/talos-systems/discovery-api v0.1.0 new
- github.com/talos-systems/discovery-client v0.1.0 new
- github.com/talos-systems/extras v0.6.0 -> v0.7.0-alpha.0-1-g2bb2efc
- github.com/talos-systems/net v0.3.0 -> 0abe5bdae8f8
- github.com/talos-systems/pkgs v0.8.0 -> v0.9.0-alpha.0-14-g740da24
- github.com/talos-systems/talos/pkg/machinery v0.13.0 -> 000000000000
- github.com/talos-systems/tools v0.8.0 -> v0.9.0-alpha.0-5-g96e0231
- github.com/vmware-tanzu/sonobuoy v0.53.2 -> v0.55.0
- github.com/vmware/govmomi v0.26.1 -> v0.27.1
- github.com/vmware/vmw-guestinfo 687661b8bd8e -> cc1fd90d572c
- go.etcd.io/etcd/api/v3 v3.5.0 -> v3.5.1
- go.etcd.io/etcd/client/pkg/v3 v3.5.0 -> v3.5.1
- go.etcd.io/etcd/client/v3 v3.5.0 -> v3.5.1
- go.etcd.io/etcd/etcdutl/v3 v3.5.0 -> v3.5.1
- golang.org/x/net 3ad01bbaa167 -> 69e39bad7dc2
- golang.org/x/sys 39ccf1dd6fa6 -> 0c823b97ae02
- golang.org/x/term 140adaaadfaf -> 03fcf44c2211
- golang.zx2c4.com/wireguard/wgctrl 0a2f4901cba6 -> 0073765f69ba
- google.golang.org/grpc v1.41.0 -> v1.42.0
- inet.af/netaddr 85fa6c94624e -> c74959edd3b6
- k8s.io/api v0.22.2 -> v0.23.0-alpha.4
- k8s.io/apimachinery v0.22.2 -> v0.23.0-alpha.4
- k8s.io/client-go v0.22.2 -> v0.23.0-alpha.4
- k8s.io/cri-api v0.22.2 -> v0.23.0-alpha.4
- k8s.io/kubectl v0.22.2 -> v0.23.0-alpha.4
- k8s.io/kubelet v0.22.2 -> v0.23.0-alpha.4
- kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 -> v1.2.60
- sigs.k8s.io/yaml v1.3.0 new
Previous release can be found at v0.13.0
Talos 0.14.0-alpha.0 (2021-10-25)
Welcome to the v0.14.0-alpha.0 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.
Kexec and capabilities
When kexec support is disabled
Talos no longer drops Linux capabilities (CAP_SYS_BOOT and CAP_SYS_MODULES) for child processes.
That is helpful for advanced use-cases like Docker-in-Docker.
If you want to permanently disable kexec and capabilities dropping, pass kexec_load_disabled=1 argument to the kernel.
For example:
install:
extraKernelArgs:
- kexec_load_disabled=1
Please note that capabilities are dropped before machine configuration is loaded,
so disabling kexec via machine.sysctls will not be enough.
Cluster Discovery
Cluster Discovery is enabled by default for Talos 0.14.
Cluster Discovery can be disabled with talosctl gen config --with-cluster-discovery=false.
Log Shipping
Talos can now ship system logs to the configured destination using either JSON-over-UDP or JSON-over-TCP:
see .machine.logging machine configuration option.
Component Updates
- Linux: 5.10.75
- etcd: 3.5.1
- containerd: 1.5.7
- Kubernetes: 1.23.0-alpha.0
- CoreDNS: 1.8.6
Talos is built with Go 1.17.2
Kubernetes Upgrade Enhancements
talosctl upgrade-k8s now syncs all Talos manifest resources generated from templates.
So there is no need to update CoreDNS, Flannel container manually after running upgrade-k8s anymore.
Contributors
- Andrey Smirnov
- Alexey Palazhchenko
- Serge Logvinov
- Artem Chernyshev
- Spencer Smith
- Andrew Rynhard
- Branden Cash
- Gerard de Leeuw
Changes
56 commits
8b620653fix: skip generating empty.machine.logging60ad0063fix: don't drop ability to use ambient capabilitiesb6b78e7ftest: add cluster discovery integration tests97d64d16fix: hcloud network config changes4c76865dfeat: multiple logging improvements1d1e1df6fix: handle skipped mounts correctly0a964d92test: fix openstack unit-test stability72f62ac2chore: bump Go and Docker dependencies9c48ebe8fix: gcp fetching externalIP6c297268test: fix e2e k8s versionae5af9d3feat: update Kubernetes to 1.23.0-alpha.328d3a69efeat: openstack config-drive support2258bc49test: update GCP e2e script to work with new templates36b6ace2feat: update Linux to 5.10.7538516a54test: update Talos versions in upgrade testscff20ec7fix: change services OOM score666a2b62feat: azure platform ipv6 supportd32814e3feat: extract JSON fields from log linese77d81fffix: treat literal 'unknown' as a valid machine typec8e404e3test: update vars for AWS clusterad23891bfeat: update CoreDNS version 1.8.641299caefeat: udev rules support5237fdc9feat: send JSON logs over UDP6d44587afeat: coredns service dualstack12f7888bfeat: feed control plane endpoints on workers from cluster discovery431e4fb4chore: bump Go and Docker dependencies89f3b9f8feat: update etcd to 3.5.1e60469a3feat: initial support for JSON logging68c420e3feat: enable cluster discovery by default3e100aa9test: workaround EventsWatch test flakiness9bd4838achore: stop using sonobuoy CLI6ad45951docs: fix field names for bonding configurationd7a3b7b5chore: use discovery-client and discovery-api modulesd6309eeddocs: create docs for Talos 0.14c0fda643fix: attempt to clean up tasks in containerd runner8cf442dachore: bump tools, pkgs, extras0dad5f4dchore: small cleanupe3e2113afeat: upgrade CoreDNS duringupgrade-k8scalld92c98e1docs: fix discovery service documentation linke44b11c5feat: update containerd to 1.5.7, bump Go dependencies24129307docs: make Talos 0.13 docs latest, update documentation31b6e39efix: delete expired affiliates from the discovery service877a2b6ftest: bump CAPI components to v1alpha42ba0e0acdocs: add KubeSpan documentation997873b6fix: use ECDSA-SHA512 when generating certs for Talos < 0.137137166dfix: allow overridingaudit-policy-fileinkube-apiserverstatic pod8fcd4219chore: fix integration-qemu-race91a858b5fix: sort output of the argument builder657f7a56fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs983d2459feat: suppress logging NTP sync to the console022c7335fix: add interface route if DHCP4 router is not directly routeable66a1579efix: don't enable 'no new privs' on the system level423861cffeat: don't drop capabilities if kexec is disabledfacc8c38docs: fix documentation for cluster discoveryce65ca4echore: build using only amd64 builderse9b0f010chore: update docker image in the pipeline
Changes from talos-systems/discovery-api
Changes from talos-systems/discovery-client
Changes from talos-systems/extras
Changes from talos-systems/pkgs
8 commits
80a63d4feat: update Linux to 5.10.755c98efdfeat: add QLogic QED 25/40/100Gb Ethernet NIC driverbfb2365feat: enable driver for SuperMicro raid controller657e16bfeat: enable Intel VMD driverf7d9d72feat: enable smarpqi driver and related optionsbca3be0feat: enable aqtion device driverb88127achore: update tools971735ffeat: update containerd to 1.5.7
Changes from talos-systems/tools
Dependency Changes
- github.com/AlekSi/pointer v1.1.0 -> v1.2.0
- github.com/containerd/cgroups v1.0.1 -> v1.0.2
- github.com/containerd/containerd v1.5.5 -> v1.5.7
- github.com/docker/docker v20.10.8 -> v20.10.9
- github.com/hashicorp/go-getter v1.5.8 -> v1.5.9
- github.com/insomniacslk/dhcp b95caade3eac -> 509557e9f781
- github.com/jsimonetti/rtnetlink 435639c8e6a8 -> e34540a94caa
- github.com/jxskiss/base62 4f11678b909b -> v1.0.0
- github.com/rivo/tview ee97a7ab3975 -> 5508f4b00266
- github.com/talos-systems/discovery-api v0.1.0 new
- github.com/talos-systems/discovery-client v0.1.0 new
- github.com/talos-systems/extras v0.6.0 -> v0.7.0-alpha.0
- github.com/talos-systems/pkgs v0.8.0 -> v0.9.0-alpha.0-7-g80a63d4
- github.com/talos-systems/talos/pkg/machinery v0.13.0 -> 000000000000
- github.com/talos-systems/tools v0.8.0 -> v0.9.0-alpha.0
- github.com/vmware-tanzu/sonobuoy v0.53.2 -> v0.54.0
- github.com/vmware/govmomi v0.26.1 -> v0.27.1
- github.com/vmware/vmw-guestinfo 687661b8bd8e -> cc1fd90d572c
- go.etcd.io/etcd/api/v3 v3.5.0 -> v3.5.1
- go.etcd.io/etcd/client/pkg/v3 v3.5.0 -> v3.5.1
- go.etcd.io/etcd/client/v3 v3.5.0 -> v3.5.1
- go.etcd.io/etcd/etcdutl/v3 v3.5.0 -> v3.5.1
- golang.org/x/net 3ad01bbaa167 -> d418f374d309
- golang.org/x/sys 39ccf1dd6fa6 -> d6a326fbbf70
- golang.org/x/term 140adaaadfaf -> 03fcf44c2211
- golang.zx2c4.com/wireguard/wgctrl 0a2f4901cba6 -> 5be1d6054c42
- k8s.io/api v0.22.2 -> v0.23.0-alpha.3
- k8s.io/apimachinery v0.22.2 -> v0.23.0-alpha.3
- k8s.io/client-go v0.22.2 -> v0.23.0-alpha.3
- k8s.io/cri-api v0.22.2 -> v0.23.0-alpha.3
- k8s.io/kubectl v0.22.2 -> v0.23.0-alpha.3
- k8s.io/kubelet v0.22.2 -> v0.23.0-alpha.3
- kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 -> v1.2.60
- sigs.k8s.io/yaml v1.3.0 new
Previous release can be found at v0.13.0
Talos 0.13.0-alpha.3 (2021-09-29)
Welcome to the v0.13.0-alpha.3 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.
Hetzner, Scaleway, Upcloud and Vultr
Talos now natively supports three new cloud platforms:
Also generic cloud-init nocloud platform is supported in both networking and storage-based modes.
etcd Advertised Address
The address advertised by etcd can now be controlled with new machine configuration option machine.etcd.subnet.
Reboots via kexec
Talos now reboots by default via kexec syscall which means BIOS POST process is skipped. On bare-metal hardware BIOS POST process might take 10-15 minutes, so Talos reboots 10-15 minutes faster on bare-metal.
Kexec support can be disabled with the following change to the machine configuration:
machine:
sysctls:
kernel.kexec_load_disabled: "1"
Cluster Discovery and KubeSpan
This release of Talos provides initial support for cluster membership discovery and KubeSpan.
These new features are not enabled by default, to enable them please make following changes to the machine configuration:
machine:
network:
kubespan:
enabled: true
cluster:
discovery:
enabled: true
Windows Support
CLI tool talosctl is now built for Windows and published as part of the release.
Contributors
- Andrey Smirnov
- Artem Chernyshev
- Seán C McCord
- Serge Logvinov
- Alexey Palazhchenko
- Andrew Rynhard
- Olli Janatuinen
- Andrey Smirnov
- Lennard Klein
- Rui Lopes
- Spencer Smith
Changes
100 commits
4044372efeat: harvest discovered endpoints and push them via discovery svc9a51aa83feat: add an option to skip downed peers in KubeSpancbbd7c68feat: publish node's ExternalIPs as node addresses0f60ef6dfix: reset inputs back to initial state in secrets.APIController64cb873efeat: override static pods default args by extra Argsecdd7757test: workaround race in the tests with zaptest package9c67fde7release(v0.13.0-alpha.2): prepare release30ae7142feat: implement integration with Discovery Service353d632afeat: add nocloud platform support628fbf9bchore: update Linux to 5.10.6962acd625fix: check trustd API CA on worker nodesba27bc36feat: implement Hetzner Cloud support for virtual (shared) IP95f440eatest: add fuzz test for configloaderd2cf021dchore: remove deprecated "join" term0e18e280chore: bump dependenciesb450b7cechore: deprecate Interfaces and Routes APIscddcb962fix: find devices without partition tableb1b6d613fix: check for existence of dhcp6 FQDN first519999b8fix: use readonly mode when probing devices withAlllookup2b520420feat: enable resource API in the maintenance mode452893c2fix: make probe open blockdevice in readonly mode96bccdd3test: update CABPT provider to 0.3 released9eb18bffix: containerd log symlinkefa7f48edocs: quicklinks on landing page1cb9f282fix: don't marshal clock with SecretsBundleb27c75b3release(v0.13.0-alpha.1): prepare release9d803d75chore: bump dependencies and drop firecracker support50a24104feat: add operating system version field to discovery085c61b2chore: add a special condition to check for kubeconfig readiness21cdd854fix: add node address to the list of allowed IPs (kubespan)fdd80a12feat: add an option to continue booting on NTP timeoutef368498feat: add routes, routing rules and nftables rules for KubeSpaned12379ffix: patch multi nodes supportd943bb0efeat: update Kubernetes to 1.22.2d0585fb6feat: reboot via kexec3de505c8fix: skip bad cloud-config in OpenStack platforma394d1e2fix: tear down control plane static pods when etcd is stopped1c05089bfeat: implement KubeSpan manager for Wireguard peer stateec7f44effix: completely prevent editing resources other than mc19a8ae97feat: add vultr.com cloud support0ff4c7cdfix: write KubernetesCACert chmodded 0400 instead of 0500a1c9d649fix: update the way results are retrieved for certified conformancea0594540chore: build using Go 1.177c5045bdrelease(v0.13.0-alpha.0): prepare releaseee2dce6cchore: bump dependenciesef022959fix: print etcd member ID in hex5ca1fb82fix: multiple fixes for KubeSpan and Wireguard implementationb1bd6425fix: build platform images3b5f4038feat: add scaleway.com cloud supportf156ab18feat: add upcloud.com cloud supportc3b2429cfix: suppress spurious Kubernetes API server cert updatesff90b575feat: implement KubeSpan peer generation controller14c69df5fix: correctly parse multiple pod/service CIDRs69897dbbfeat: drop some capabilities to be never available51e9836bdocs: promote 0.12 docs to be the latest812d59c7feat: add hetzner.com cloud supportd53e9e89chore: use named constants2dfe7f1fchore: bump tools to the latest version82b130e7docs: document required options for extraMountsaf662210feat: implement Kubernetes cluster discovery registry2c66e1b3feat: provide building of localAffiliatestructure (for the node)d69bd2afchore: enable GPG identity check for Talos8dbd851fchore: update tools/pkgs/extras to the new version0b347570feat: use dynamic NodeAddresses/HostnameStatus in Kubernetes certsbd5b9c96fix: correctly define example forextraMounts01cca099docs: update docs for Talos 0.12 release668627d5feat: add subnet filter for etcd address3c3c281bchore: bump dependencies via dependabotf8bebba2fix: ignore error on duplicate forMountStatus6956edd0feat: add node address filters, filter out k8s addresses for Talos APIcaee24bffeat: implement KubeSpan identity controllerda0f6e7efix: allow updating diskSelector option761ccaf3feat: provide machine configuration for KubeSpan and cluster discoverya81e30cbdocs: add bootstrap command to VMware docs97da354cfix: do not panic on invalid machine configsc4048e26fix: don't extract nil IPs in the GCP platformba169c6ffeat: provide talosctl.exe for Windows6312f473fix: properly handle omitempty fields in the validator7f22879afeat: provide random node identity032e7c6bchore: import yaml.v3 consistently80b5f0e7fix: validate IP address returned as HTTP response in platform codec9af8f7fdocs: fork docs for 0.1385cda1b9feat: provide MountStatus resource for system partition mounts950f122cchore: update versions in upgrade tests83fdb772feat: provide first NIC hardware addr as a resource5f5ac12ffix: properly case the VMware name0a6048f4fix: don't allow bootstrap if etcd data directory is not emptye24b93b4fix: cgroup delegate751f64f9docs: add release notes for 0.12, support matrix57a77696feat: update Kubernetes to 1.22.1244b08ccchore: bump dependencies576ba195fix: do not set KSPP kernel params in container modeb8c92edefix: don't support cgroups nesting in process runner9bb0b797test: adapt tests to the cgroupsv21abc12befix: extramount should haveyaml:",inline"tag2b614e43feat: check if cluster has deprecated resources versions0b86edabfix: don't panic if the machine config doesn't have network (EM)8bef41e4fix: make sure file mode is same (reproducibility issue)fcfca55achore: do not check that go mod tidy gives empty output5ce92ca5docs: ensure azure VMs are 0 indexed
Changes since v0.13.0-alpha.2
6 commits
4044372efeat: harvest discovered endpoints and push them via discovery svc9a51aa83feat: add an option to skip downed peers in KubeSpancbbd7c68feat: publish node's ExternalIPs as node addresses0f60ef6dfix: reset inputs back to initial state in secrets.APIController64cb873efeat: override static pods default args by extra Argsecdd7757test: workaround race in the tests with zaptest package
Changes from talos-systems/discovery-service
17 commits
b2e2079fix: properly encrypt IPv6 endpointse9d5dfafix: enable connections to endpoints with public certs509e9b2feat: implement client wrapper around discovery service API6195466feat: enable vtprotobuf, watch batching, more limits7174ec1feat: implement new discovery service1a43970feat: add node and cluster validation6454cfcrefactor: kresify, fix linter and rename to Kubespan managerd782452add redis database backend924fed4refactor to flexible addressescd02b5arevert to string IDs576288fadd self-reported IPs6ad15castrong typing and known endpoint API3437ff2fixes from testingd3fd1f3add Name to Nodeeb0e8baadd simple client pkg5e0c1dfadd cluster hash groupingf982696initial commit
Changes from talos-systems/extras
Changes from talos-systems/go-blockdevice
6 commits
Changes from talos-systems/pkgs
7 commits
Changes from talos-systems/tools
5 commits
Dependency Changes
- github.com/containerd/go-cni v1.0.2 -> v1.1.0
- github.com/containernetworking/cni v0.8.1 -> v1.0.1
- github.com/containernetworking/plugins v0.9.1 -> v1.0.1
- github.com/cosi-project/runtime 25f235cd0682 -> 5cb7f5002d77
- github.com/fatih/color v1.12.0 -> v1.13.0
- github.com/fsnotify/fsnotify v1.4.9 -> v1.5.1
- github.com/gdamore/tcell/v2 v2.4.0 -> f057f0a857a1
- github.com/google/nftables 16a134723a96 new
- github.com/hashicorp/go-getter v1.5.7 -> v1.5.8
- github.com/hetznercloud/hcloud-go v1.32.0 new
- github.com/insomniacslk/dhcp 1cac67f12b1e -> b95caade3eac
- github.com/jsimonetti/rtnetlink 9c52e516c709 -> 435639c8e6a8
- github.com/jxskiss/base62 4f11678b909b new
- github.com/mattn/go-isatty v0.0.13 -> v0.0.14
- github.com/mdlayher/netx 669a06fde734 new
- github.com/packethost/packngo v0.19.0 -> v0.19.1
- github.com/prometheus/procfs v0.7.2 -> v0.7.3
- github.com/rivo/tview 29d673af0ce2 -> ee97a7ab3975
- github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7 new
- github.com/talos-systems/discovery-service b2e2079088a5 new
- github.com/talos-systems/extras v0.5.0 -> v0.6.0-alpha.0
- github.com/talos-systems/go-blockdevice v0.2.3 -> 70d28650b398
- github.com/talos-systems/pkgs v0.7.0 -> v0.8.0-alpha.0-4-g28cda67
- github.com/talos-systems/tools v0.7.0-1-ga33ccc1 -> v0.8.0-alpha.0-3-g2790b55
- github.com/vishvananda/netlink f5de75959ad5 new
- github.com/vmware-tanzu/sonobuoy v0.53.1 -> v0.53.2
- github.com/vmware/govmomi v0.26.0 -> v0.26.1
- github.com/vultr/metadata v1.0.3 new
- go.uber.org/zap v1.19.0 -> v1.19.1
- golang.org/x/net 853a461950ff -> 3ad01bbaa167
- golang.org/x/sys 0f9fa26af87c -> 39ccf1dd6fa6
- golang.org/x/term 6886f2dfbf5b -> 140adaaadfaf
- golang.zx2c4.com/wireguard/wgctrl 92e472f520a5 -> 0a2f4901cba6
- google.golang.org/grpc v1.40.0 -> v1.41.0
- inet.af/netaddr ce7a8ad02cc1 -> 85fa6c94624e
- k8s.io/api v0.22.1 -> v0.22.2
- k8s.io/apimachinery v0.22.1 -> v0.22.2
- k8s.io/client-go v0.22.1 -> v0.22.2
- k8s.io/kubectl v0.22.1 -> v0.22.2
- k8s.io/kubelet v0.22.1 -> v0.22.2
- kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 new
Previous release can be found at v0.12.0
Talos 0.13.0-alpha.2 (2021-09-28)
Welcome to the v0.13.0-alpha.2 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.
Hetzner, Scaleway, Upcloud and Vultr
Talos now natively supports three new cloud platforms:
Also generic cloud-init nocloud platform is supported in both networking and storage-based modes.
etcd Advertised Address
The address advertised by etcd can now be controlled with new machine configuration option machine.etcd.subnet.
Reboots via kexec
Talos now reboots by default via kexec syscall which means BIOS POST process is skipped. On bare-metal hardware BIOS POST process might take 10-15 minutes, so Talos reboots 10-15 minutes faster on bare-metal.
Kexec support can be disabled with the following change to the machine configuration:
machine:
sysctls:
kernel.kexec_load_disabled: "1"
Cluster Discovery and KubeSpan
This release of Talos provides initial support for cluster membership discovery and KubeSpan.
These new features are not enabled by default, to enable them please make following changes to the machine configuration:
machine:
network:
kubespan:
enabled: true
cluster:
discovery:
enabled: true
Windows Support
CLI tool talosctl is now built for Windows and published as part of the release.
Contributors
- Andrey Smirnov
- Artem Chernyshev
- Seán C McCord
- Serge Logvinov
- Alexey Palazhchenko
- Andrew Rynhard
- Olli Janatuinen
- Andrey Smirnov
- Lennard Klein
- Rui Lopes
- Spencer Smith
Changes
93 commits
30ae7142feat: implement integration with Discovery Service353d632afeat: add nocloud platform support628fbf9bchore: update Linux to 5.10.6962acd625fix: check trustd API CA on worker nodesba27bc36feat: implement Hetzner Cloud support for virtual (shared) IP95f440eatest: add fuzz test for configloaderd2cf021dchore: remove deprecated "join" term0e18e280chore: bump dependenciesb450b7cechore: deprecate Interfaces and Routes APIscddcb962fix: find devices without partition tableb1b6d613fix: check for existence of dhcp6 FQDN first519999b8fix: use readonly mode when probing devices withAlllookup2b520420feat: enable resource API in the maintenance mode452893c2fix: make probe open blockdevice in readonly mode96bccdd3test: update CABPT provider to 0.3 released9eb18bffix: containerd log symlinkefa7f48edocs: quicklinks on landing page1cb9f282fix: don't marshal clock with SecretsBundleb27c75b3release(v0.13.0-alpha.1): prepare release9d803d75chore: bump dependencies and drop firecracker support50a24104feat: add operating system version field to discovery085c61b2chore: add a special condition to check for kubeconfig readiness21cdd854fix: add node address to the list of allowed IPs (kubespan)fdd80a12feat: add an option to continue booting on NTP timeoutef368498feat: add routes, routing rules and nftables rules for KubeSpaned12379ffix: patch multi nodes supportd943bb0efeat: update Kubernetes to 1.22.2d0585fb6feat: reboot via kexec3de505c8fix: skip bad cloud-config in OpenStack platforma394d1e2fix: tear down control plane static pods when etcd is stopped1c05089bfeat: implement KubeSpan manager for Wireguard peer stateec7f44effix: completely prevent editing resources other than mc19a8ae97feat: add vultr.com cloud support0ff4c7cdfix: write KubernetesCACert chmodded 0400 instead of 0500a1c9d649fix: update the way results are retrieved for certified conformancea0594540chore: build using Go 1.177c5045bdrelease(v0.13.0-alpha.0): prepare releaseee2dce6cchore: bump dependenciesef022959fix: print etcd member ID in hex5ca1fb82fix: multiple fixes for KubeSpan and Wireguard implementationb1bd6425fix: build platform images3b5f4038feat: add scaleway.com cloud supportf156ab18feat: add upcloud.com cloud supportc3b2429cfix: suppress spurious Kubernetes API server cert updatesff90b575feat: implement KubeSpan peer generation controller14c69df5fix: correctly parse multiple pod/service CIDRs69897dbbfeat: drop some capabilities to be never available51e9836bdocs: promote 0.12 docs to be the latest812d59c7feat: add hetzner.com cloud supportd53e9e89chore: use named constants2dfe7f1fchore: bump tools to the latest version82b130e7docs: document required options for extraMountsaf662210feat: implement Kubernetes cluster discovery registry2c66e1b3feat: provide building of localAffiliatestructure (for the node)d69bd2afchore: enable GPG identity check for Talos8dbd851fchore: update tools/pkgs/extras to the new version0b347570feat: use dynamic NodeAddresses/HostnameStatus in Kubernetes certsbd5b9c96fix: correctly define example forextraMounts01cca099docs: update docs for Talos 0.12 release668627d5feat: add subnet filter for etcd address3c3c281bchore: bump dependencies via dependabotf8bebba2fix: ignore error on duplicate forMountStatus6956edd0feat: add node address filters, filter out k8s addresses for Talos APIcaee24bffeat: implement KubeSpan identity controllerda0f6e7efix: allow updating diskSelector option761ccaf3feat: provide machine configuration for KubeSpan and cluster discoverya81e30cbdocs: add bootstrap command to VMware docs97da354cfix: do not panic on invalid machine configsc4048e26fix: don't extract nil IPs in the GCP platformba169c6ffeat: provide talosctl.exe for Windows6312f473fix: properly handle omitempty fields in the validator7f22879afeat: provide random node identity032e7c6bchore: import yaml.v3 consistently80b5f0e7fix: validate IP address returned as HTTP response in platform codec9af8f7fdocs: fork docs for 0.1385cda1b9feat: provide MountStatus resource for system partition mounts950f122cchore: update versions in upgrade tests83fdb772feat: provide first NIC hardware addr as a resource5f5ac12ffix: properly case the VMware name0a6048f4fix: don't allow bootstrap if etcd data directory is not emptye24b93b4fix: cgroup delegate751f64f9docs: add release notes for 0.12, support matrix57a77696feat: update Kubernetes to 1.22.1244b08ccchore: bump dependencies576ba195fix: do not set KSPP kernel params in container modeb8c92edefix: don't support cgroups nesting in process runner9bb0b797test: adapt tests to the cgroupsv21abc12befix: extramount should haveyaml:",inline"tag2b614e43feat: check if cluster has deprecated resources versions0b86edabfix: don't panic if the machine config doesn't have network (EM)8bef41e4fix: make sure file mode is same (reproducibility issue)fcfca55achore: do not check that go mod tidy gives empty output5ce92ca5docs: ensure azure VMs are 0 indexed
Changes since v0.13.0-alpha.1
18 commits
30ae7142feat: implement integration with Discovery Service353d632afeat: add nocloud platform support628fbf9bchore: update Linux to 5.10.6962acd625fix: check trustd API CA on worker nodesba27bc36feat: implement Hetzner Cloud support for virtual (shared) IP95f440eatest: add fuzz test for configloaderd2cf021dchore: remove deprecated "join" term0e18e280chore: bump dependenciesb450b7cechore: deprecate Interfaces and Routes APIscddcb962fix: find devices without partition tableb1b6d613fix: check for existence of dhcp6 FQDN first519999b8fix: use readonly mode when probing devices withAlllookup2b520420feat: enable resource API in the maintenance mode452893c2fix: make probe open blockdevice in readonly mode96bccdd3test: update CABPT provider to 0.3 released9eb18bffix: containerd log symlinkefa7f48edocs: quicklinks on landing page1cb9f282fix: don't marshal clock with SecretsBundle
Changes from talos-systems/discovery-service
16 commits
e9d5dfafix: enable connections to endpoints with public certs509e9b2feat: implement client wrapper around discovery service API6195466feat: enable vtprotobuf, watch batching, more limits7174ec1feat: implement new discovery service1a43970feat: add node and cluster validation6454cfcrefactor: kresify, fix linter and rename to Kubespan managerd782452add redis database backend924fed4refactor to flexible addressescd02b5arevert to string IDs576288fadd self-reported IPs6ad15castrong typing and known endpoint API3437ff2fixes from testingd3fd1f3add Name to Nodeeb0e8baadd simple client pkg5e0c1dfadd cluster hash groupingf982696initial commit
Changes from talos-systems/extras
Changes from talos-systems/go-blockdevice
6 commits
Changes from talos-systems/pkgs
7 commits
Changes from talos-systems/tools
5 commits
Dependency Changes
- github.com/containerd/go-cni v1.0.2 -> v1.1.0
- github.com/containernetworking/cni v0.8.1 -> v1.0.1
- github.com/containernetworking/plugins v0.9.1 -> v1.0.1
- github.com/cosi-project/runtime 25f235cd0682 -> 5cb7f5002d77
- github.com/fatih/color v1.12.0 -> v1.13.0
- github.com/fsnotify/fsnotify v1.4.9 -> v1.5.1
- github.com/gdamore/tcell/v2 v2.4.0 -> f057f0a857a1
- github.com/google/nftables 16a134723a96 new
- github.com/hashicorp/go-getter v1.5.7 -> v1.5.8
- github.com/hetznercloud/hcloud-go v1.32.0 new
- github.com/insomniacslk/dhcp 1cac67f12b1e -> b95caade3eac
- github.com/jsimonetti/rtnetlink 9c52e516c709 -> 435639c8e6a8
- github.com/jxskiss/base62 4f11678b909b new
- github.com/mattn/go-isatty v0.0.13 -> v0.0.14
- github.com/mdlayher/netx 669a06fde734 new
- github.com/packethost/packngo v0.19.0 -> v0.19.1
- github.com/prometheus/procfs v0.7.2 -> v0.7.3
- github.com/rivo/tview 29d673af0ce2 -> ee97a7ab3975
- github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7 new
- github.com/talos-systems/discovery-service e9d5dfa15e92 new
- github.com/talos-systems/extras v0.5.0 -> v0.6.0-alpha.0
- github.com/talos-systems/go-blockdevice v0.2.3 -> 70d28650b398
- github.com/talos-systems/pkgs v0.7.0 -> v0.8.0-alpha.0-4-g28cda67
- github.com/talos-systems/tools v0.7.0-1-ga33ccc1 -> v0.8.0-alpha.0-3-g2790b55
- github.com/vishvananda/netlink f5de75959ad5 new
- github.com/vmware-tanzu/sonobuoy v0.53.1 -> v0.53.2
- github.com/vmware/govmomi v0.26.0 -> v0.26.1
- github.com/vultr/metadata v1.0.3 new
- go.uber.org/zap v1.19.0 -> v1.19.1
- golang.org/x/net 853a461950ff -> 3ad01bbaa167
- golang.org/x/sys 0f9fa26af87c -> 39ccf1dd6fa6
- golang.org/x/term 6886f2dfbf5b -> 140adaaadfaf
- golang.zx2c4.com/wireguard/wgctrl 92e472f520a5 -> 0a2f4901cba6
- google.golang.org/grpc v1.40.0 -> v1.41.0
- inet.af/netaddr ce7a8ad02cc1 -> 85fa6c94624e
- k8s.io/api v0.22.1 -> v0.22.2
- k8s.io/apimachinery v0.22.1 -> v0.22.2
- k8s.io/client-go v0.22.1 -> v0.22.2
- k8s.io/kubectl v0.22.1 -> v0.22.2
- k8s.io/kubelet v0.22.1 -> v0.22.2
- kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 new
Previous release can be found at v0.12.0
Talos 0.13.0-alpha.1 (2021-09-20)
Welcome to the v0.13.0-alpha.1 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.
Hetzner, Scaleway, Upcloud and Vultr
Talos now natively supports three new cloud platforms:
etcd Advertised Address
The address advertised by etcd can now be controlled with new machine configuration option machine.etcd.subnet.
Reboots via kexec
Talos now reboots by default via kexec syscall which means BIOS POST process is skipped. On bare-metal hardware BIOS POST process might take 10-15 minutes, so Talos reboots 10-15 minutes faster on bare-metal.
Kexec support can be disabled with the following change to the machine configuration:
machine:
sysctls:
kernel.kexec_load_disabled: "1"
Cluster Discovery and KubeSpan
This release of Talos provides initial support for cluster membership discovery and KubeSpan.
These new features are not enabled by default, to enable them please make following changes to the machine configuration:
machine:
network:
kubespan:
enabled: true
cluster:
discovery:
enabled: true
Windows Support
CLI tool talosctl is now built for Windows and published as part of the release.
Contributors
- Andrey Smirnov
- Alexey Palazhchenko
- Artem Chernyshev
- Serge Logvinov
- Andrew Rynhard
- Olli Janatuinen
- Andrey Smirnov
- Lennard Klein
- Rui Lopes
- Spencer Smith
Changes
74 commits
9d803d75chore: bump dependencies and drop firecracker support50a24104feat: add operating system version field to discovery085c61b2chore: add a special condition to check for kubeconfig readiness21cdd854fix: add node address to the list of allowed IPs (kubespan)fdd80a12feat: add an option to continue booting on NTP timeoutef368498feat: add routes, routing rules and nftables rules for KubeSpaned12379ffix: patch multi nodes supportd943bb0efeat: update Kubernetes to 1.22.2d0585fb6feat: reboot via kexec3de505c8fix: skip bad cloud-config in OpenStack platforma394d1e2fix: tear down control plane static pods when etcd is stopped1c05089bfeat: implement KubeSpan manager for Wireguard peer stateec7f44effix: completely prevent editing resources other than mc19a8ae97feat: add vultr.com cloud support0ff4c7cdfix: write KubernetesCACert chmodded 0400 instead of 0500a1c9d649fix: update the way results are retrieved for certified conformancea0594540chore: build using Go 1.177c5045bdrelease(v0.13.0-alpha.0): prepare releaseee2dce6cchore: bump dependenciesef022959fix: print etcd member ID in hex5ca1fb82fix: multiple fixes for KubeSpan and Wireguard implementationb1bd6425fix: build platform images3b5f4038feat: add scaleway.com cloud supportf156ab18feat: add upcloud.com cloud supportc3b2429cfix: suppress spurious Kubernetes API server cert updatesff90b575feat: implement KubeSpan peer generation controller14c69df5fix: correctly parse multiple pod/service CIDRs69897dbbfeat: drop some capabilities to be never available51e9836bdocs: promote 0.12 docs to be the latest812d59c7feat: add hetzner.com cloud supportd53e9e89chore: use named constants2dfe7f1fchore: bump tools to the latest version82b130e7docs: document required options for extraMountsaf662210feat: implement Kubernetes cluster discovery registry2c66e1b3feat: provide building of localAffiliatestructure (for the node)d69bd2afchore: enable GPG identity check for Talos8dbd851fchore: update tools/pkgs/extras to the new version0b347570feat: use dynamic NodeAddresses/HostnameStatus in Kubernetes certsbd5b9c96fix: correctly define example forextraMounts01cca099docs: update docs for Talos 0.12 release668627d5feat: add subnet filter for etcd address3c3c281bchore: bump dependencies via dependabotf8bebba2fix: ignore error on duplicate forMountStatus6956edd0feat: add node address filters, filter out k8s addresses for Talos APIcaee24bffeat: implement KubeSpan identity controllerda0f6e7efix: allow updating diskSelector option761ccaf3feat: provide machine configuration for KubeSpan and cluster discoverya81e30cbdocs: add bootstrap command to VMware docs97da354cfix: do not panic on invalid machine configsc4048e26fix: don't extract nil IPs in the GCP platformba169c6ffeat: provide talosctl.exe for Windows6312f473fix: properly handle omitempty fields in the validator7f22879afeat: provide random node identity032e7c6bchore: import yaml.v3 consistently80b5f0e7fix: validate IP address returned as HTTP response in platform codec9af8f7fdocs: fork docs for 0.1385cda1b9feat: provide MountStatus resource for system partition mounts950f122cchore: update versions in upgrade tests83fdb772feat: provide first NIC hardware addr as a resource5f5ac12ffix: properly case the VMware name0a6048f4fix: don't allow bootstrap if etcd data directory is not emptye24b93b4fix: cgroup delegate751f64f9docs: add release notes for 0.12, support matrix57a77696feat: update Kubernetes to 1.22.1244b08ccchore: bump dependencies576ba195fix: do not set KSPP kernel params in container modeb8c92edefix: don't support cgroups nesting in process runner9bb0b797test: adapt tests to the cgroupsv21abc12befix: extramount should haveyaml:",inline"tag2b614e43feat: check if cluster has deprecated resources versions0b86edabfix: don't panic if the machine config doesn't have network (EM)8bef41e4fix: make sure file mode is same (reproducibility issue)fcfca55achore: do not check that go mod tidy gives empty output5ce92ca5docs: ensure azure VMs are 0 indexed
Changes since v0.13.0-alpha.0
17 commits
9d803d75chore: bump dependencies and drop firecracker support50a24104feat: add operating system version field to discovery085c61b2chore: add a special condition to check for kubeconfig readiness21cdd854fix: add node address to the list of allowed IPs (kubespan)fdd80a12feat: add an option to continue booting on NTP timeoutef368498feat: add routes, routing rules and nftables rules for KubeSpaned12379ffix: patch multi nodes supportd943bb0efeat: update Kubernetes to 1.22.2d0585fb6feat: reboot via kexec3de505c8fix: skip bad cloud-config in OpenStack platforma394d1e2fix: tear down control plane static pods when etcd is stopped1c05089bfeat: implement KubeSpan manager for Wireguard peer stateec7f44effix: completely prevent editing resources other than mc19a8ae97feat: add vultr.com cloud support0ff4c7cdfix: write KubernetesCACert chmodded 0400 instead of 0500a1c9d649fix: update the way results are retrieved for certified conformancea0594540chore: build using Go 1.17
Changes from talos-systems/extras
Changes from talos-systems/go-blockdevice
Changes from talos-systems/pkgs
6 commits
Changes from talos-systems/tools
5 commits
Dependency Changes
- github.com/containerd/go-cni v1.0.2 -> v1.1.0
- github.com/containernetworking/cni v0.8.1 -> v1.0.1
- github.com/containernetworking/plugins v0.9.1 -> v1.0.1
- github.com/cosi-project/runtime 25f235cd0682 -> 5cb7f5002d77
- github.com/fsnotify/fsnotify v1.4.9 -> v1.5.1
- github.com/gdamore/tcell/v2 v2.4.0 -> f057f0a857a1
- github.com/google/nftables 16a134723a96 new
- github.com/hashicorp/go-getter v1.5.7 -> v1.5.8
- github.com/insomniacslk/dhcp 1cac67f12b1e -> b95caade3eac
- github.com/jsimonetti/rtnetlink 9c52e516c709 -> 4cc3c1489576
- github.com/jxskiss/base62 4f11678b909b new
- github.com/mattn/go-isatty v0.0.13 -> v0.0.14
- github.com/mdlayher/netx 669a06fde734 new
- github.com/packethost/packngo v0.19.0 -> v0.19.1
- github.com/prometheus/procfs v0.7.2 -> v0.7.3
- github.com/rivo/tview 29d673af0ce2 -> f7430b878d17
- github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7 new
- github.com/talos-systems/extras v0.5.0 -> v0.6.0-alpha.0
- github.com/talos-systems/go-blockdevice v0.2.3 -> d9811569588b
- github.com/talos-systems/pkgs v0.7.0 -> v0.8.0-alpha.0-3-gdb90f93
- github.com/talos-systems/tools v0.7.0-1-ga33ccc1 -> v0.8.0-alpha.0-3-g2790b55
- github.com/vishvananda/netlink f5de75959ad5 new
- github.com/vmware-tanzu/sonobuoy v0.53.1 -> v0.53.2
- github.com/vmware/govmomi v0.26.0 -> v0.26.1
- github.com/vultr/metadata v1.0.3 new
- go.uber.org/zap v1.19.0 -> v1.19.1
- golang.org/x/net 853a461950ff -> 978cfadd31cf
- golang.org/x/sys 0f9fa26af87c -> d61c044b1678
- golang.org/x/term 6886f2dfbf5b -> 140adaaadfaf
- golang.zx2c4.com/wireguard/wgctrl 92e472f520a5 -> 91d1988e44de
- inet.af/netaddr ce7a8ad02cc1 -> 85fa6c94624e
- k8s.io/api v0.22.1 -> v0.22.2
- k8s.io/apimachinery v0.22.1 -> v0.22.2
- k8s.io/client-go v0.22.1 -> v0.22.2
- k8s.io/kubectl v0.22.1 -> v0.22.2
- k8s.io/kubelet v0.22.1 -> v0.22.2
- kernel.org/pub/linux/libs/security/libcap/cap v1.2.58 new
Previous release can be found at v0.12.0
Talos 0.13.0-alpha.0 (2021-09-13)
Welcome to the v0.13.0-alpha.0 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.
Hetzner, Scaleway and Upcloud
Talos now natively supports three new cloud platforms:
etcd Advertised Address
The address advertised by etcd can now be controlled with new machine configuration option machine.etcd.subnet.
Cluster Discovery and KubeSpan
This release of Talos provides some initial support for cluster membership discovery and KubeSpan.
These new features are not enabled by default.
Windows Support
CLI tool talosctl is now built for Windows and published as part of the release.
Contributors
- Andrey Smirnov
- Artem Chernyshev
- Alexey Palazhchenko
- Serge Logvinov
- Andrew Rynhard
- Olli Janatuinen
- Andrey Smirnov
- Rui Lopes
- Spencer Smith
Changes
55 commits
ef022959fix: print etcd member ID in hex5ca1fb82fix: multiple fixes for KubeSpan and Wireguard implementationb1bd6425fix: build platform images3b5f4038feat: add scaleway.com cloud supportf156ab18feat: add upcloud.com cloud supportc3b2429cfix: suppress spurious Kubernetes API server cert updatesff90b575feat: implement KubeSpan peer generation controller14c69df5fix: correctly parse multiple pod/service CIDRs69897dbbfeat: drop some capabilities to be never available51e9836bdocs: promote 0.12 docs to be the latest812d59c7feat: add hetzner.com cloud supportd53e9e89chore: use named constants2dfe7f1fchore: bump tools to the latest version82b130e7docs: document required options for extraMountsaf662210feat: implement Kubernetes cluster discovery registry2c66e1b3feat: provide building of localAffiliatestructure (for the node)d69bd2afchore: enable GPG identity check for Talos8dbd851fchore: update tools/pkgs/extras to the new version0b347570feat: use dynamic NodeAddresses/HostnameStatus in Kubernetes certsbd5b9c96fix: correctly define example forextraMounts01cca099docs: update docs for Talos 0.12 release668627d5feat: add subnet filter for etcd address3c3c281bchore: bump dependencies via dependabotf8bebba2fix: ignore error on duplicate forMountStatus6956edd0feat: add node address filters, filter out k8s addresses for Talos APIcaee24bffeat: implement KubeSpan identity controllerda0f6e7efix: allow updating diskSelector option761ccaf3feat: provide machine configuration for KubeSpan and cluster discoverya81e30cbdocs: add bootstrap command to VMware docs97da354cfix: do not panic on invalid machine configsc4048e26fix: don't extract nil IPs in the GCP platformba169c6ffeat: provide talosctl.exe for Windows6312f473fix: properly handle omitempty fields in the validator7f22879afeat: provide random node identity032e7c6bchore: import yaml.v3 consistently80b5f0e7fix: validate IP address returned as HTTP response in platform codec9af8f7fdocs: fork docs for 0.1385cda1b9feat: provide MountStatus resource for system partition mounts950f122cchore: update versions in upgrade tests83fdb772feat: provide first NIC hardware addr as a resource5f5ac12ffix: properly case the VMware name0a6048f4fix: don't allow bootstrap if etcd data directory is not emptye24b93b4fix: cgroup delegate751f64f9docs: add release notes for 0.12, support matrix57a77696feat: update Kubernetes to 1.22.1244b08ccchore: bump dependencies576ba195fix: do not set KSPP kernel params in container modeb8c92edefix: don't support cgroups nesting in process runner9bb0b797test: adapt tests to the cgroupsv21abc12befix: extramount should haveyaml:",inline"tag2b614e43feat: check if cluster has deprecated resources versions0b86edabfix: don't panic if the machine config doesn't have network (EM)8bef41e4fix: make sure file mode is same (reproducibility issue)fcfca55achore: do not check that go mod tidy gives empty output5ce92ca5docs: ensure azure VMs are 0 indexed
Changes from talos-systems/extras
Changes from talos-systems/go-blockdevice
Changes from talos-systems/pkgs
3 commits
Changes from talos-systems/tools
4 commits
Dependency Changes
- github.com/cosi-project/runtime 25f235cd0682 -> 57b048cd66b0
- github.com/fsnotify/fsnotify v1.4.9 -> v1.5.1
- github.com/insomniacslk/dhcp 1cac67f12b1e -> d82598001386
- github.com/jxskiss/base62 4f11678b909b new
- github.com/mdlayher/netx 669a06fde734 new
- github.com/prometheus/procfs v0.7.2 -> v0.7.3
- github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7 new
- github.com/talos-systems/extras v0.5.0 -> v0.6.0-alpha.0
- github.com/talos-systems/go-blockdevice v0.2.3 -> d9811569588b
- github.com/talos-systems/pkgs v0.7.0 -> v0.8.0-alpha.0
- github.com/talos-systems/tools v0.7.0-1-ga33ccc1 -> v0.8.0-alpha.0-2-g5b9d214
- github.com/vmware-tanzu/sonobuoy v0.53.1 -> v0.53.2
- github.com/vmware/govmomi v0.26.0 -> v0.26.1
- golang.org/x/net 853a461950ff -> 60bc85c4be6d
- golang.org/x/sys 0f9fa26af87c -> 63515b42dcdf
- kernel.org/pub/linux/libs/security/libcap/cap v1.2.56 new
Previous release can be found at v0.12.0
Talos 0.12.0-alpha.1 (2021-08-13)
Welcome to the v0.12.0-alpha.1 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.
Support for Self-hosted Control Plane Dropped
Note
: This item only applies to clusters bootstrapped with Talos <= 0.8.
Talos 0.12 completely removes support for self-hosted Kubernetes control plane (bootkube-based).
Talos 0.9 introduced support for Talos-managed control plane and provided migration path to convert self-hosted control plane
to Talos-managed static pods.
Automated and manual conversion process is available in Talos from 0.9.x to 0.11.x.
For clusters bootstrapped with bootkube (Talos <= 0.8), please make sure control plane is converted to Talos-managed before
before upgrading to Talos 0.12.
Current control plane status can be checked with talosctl get bootstrapstatus before performing upgrade to Talos 0.12.
Cluster API v0.3.x
Cluster API v0.3.x (v1alpha3) is not compatible with Kubernetes 1.22 used by default in Talos 0.12. Talos can be configued to use Kubernetes 1.21 or CAPI v0.4.x components can be used instead.
Machine Config Validation
Unknown keys in the machine config now make the config invalid, so any attempt to apply/edit the configuration with the unknown keys will lead into an error.
Sysctl Configuration
Sysctl Kernel Params configuration was completely rewritten to be based on controllers and resources,
which makes it possible to apply .machine.sysctls in immediate mode (without a reboot).
talosctl get kernelparams returns merged list of KSPP, Kubernetes and user defined params along with
the default values overwritten by Talos.
Equinix Metal
Added support for Equinix Metal IPs for the Talos virtual (shared) IP (option equnixMetal under vip in the machine configuration).
Talos automatically re-assigns IP using the Equinix Metal API when leadership changes.
etcd
New etcd cluster members are now joined in learner mode, which improves cluster resiliency to member join issues.
Join Node Type
Node type join was renamed to worker for clarity. The old value is still accepted in the machine configuration but deprecated.
talosctl gen config now generates worker.yaml instead of join.yaml.
Networking
- multiple static addresses can be specified for the interface with new
.addressesfield (old.cidrfield is deprecated now) - static addresses can be set on interfaces configured with DHCP
Performance
- machined uses less memory and CPU time
- more disk encryption options are exposed via the machine configuration
- disk partitions are now aligned properly with minimum I/O size
- Talos system processes are moved under proper cgroups, resource metrics are now available via the kubelet
- OOM score is set on the system processes making sure they are killed last under memory pressure
Security
- etcd PKI moved to
/system/secrets - kubelet bootstrap CSR auto-signing scoped to kubelet bootstrap tokens only
- enforce default seccomp profile on all system containers
- run system services apid, trustd, and etcd as non-root users
Component Updates
- Linux: 5.10.57
- Kubernetes: 1.22.0
- containerd: 1.5.5
- runc: 1.0.1
- GRUB: 2.06
- Talos is built with Go 1.16.7
Contributors
- Andrey Smirnov
- Alexey Palazhchenko
- Andrey Smirnov
- Serge Logvinov
- Artem Chernyshev
- Spencer Smith
- Alexey Palazhchenko
- dependabot[bot]
- Andrew Rynhard
- Artem Chernyshev
- Rui Lopes
- Caleb Woodbine
- Seán C McCord
Changes
109 commits
1ed5e545feat: add ClusterID and ClusterSecret228b3761chore: run etcd as non-root user3518219bchore: drop deprecated--no-rebootparam and KernelCurrentRoot const33d1c3e4chore: run apid and trustd services as non-root userdadaa65dfeat: print uid/gid for the files inls -le6fa401bfix: enable seccomp default profile by default8ddbcc96feat: validate if extra fields present in the decoder5b57a980chore: update Go to 1.16.7, Linux to 5.10.57eefe1c21feat: add new etcd members in learner modeb1c66fbafeat: implement Equinix Metal support for virtual (shared) IP62242f97chore: require GPG signaturesfaecae44feat: make ISO builds reproducible887c2326release(v0.12.0-alpha.0): prepare releasea15f0184fix: move etcd PKI under /system/secretseb02afe1fix: match correctly routes on the address familycb948accfeat: allow multiple addresses per interfacee030b2e8chore: use k8s 1.21.3 in CAPI tests for nowe08b4f8ffeat: implement sysctl controllersfdf6b243chore: revert "improve artifacts generation reproducibility"b68ed1ebfix: make route resources ID match closer routing table primary key585f6337fix: correctly handle nodoc for struct fieldsf2d394dcdocs: add AMIs for v0.11.5d0970cbffeat: bootstrap token limit5285a46dfix: maintenance mode reason message009d15e8chore: use etcd client TryLock function on upgrade4dae9ea5chore: use vtprotobuf compiled marshaling in Talos API7ca5749achore: bump dependencies via dependabotb2507b41chore: improve artifacts generation reproducibility1f7dad23chore: update PKGS version (512 cpus, new ca-certficates)1a2e78a2fix: update go-blockdevice6d6ed117chore: use parallel xz with higher compression level571f7db1chore: workaround GitHub new release notes limit09d70b7efeat: update Kubernetes to v1.22.0f25f10e7feat: add an option to disable PSP7c6e4cf2feat: allow both DHCP and static addressing for the interface3c566dbcfix: remove admission plugins enabled by default from the list69ead373fix: preserve PMBR bootable flag correctlydee63051fix: align partitions with minimal I/O size62890229feat: update GRUB to 2.06b9d04928feat: move system processes to cgroups0b8681b4fix: resolve several issues with Wireguard link specsf8f4bf3bdocs: add disk encryptions examples79b8fa64feat: update containerd to 1.5.5539f4209chore: bump dependencies via dependabot0c7ce1cdfeat: remove remnants of bootkube supportd4f9804fchore: fix typos5f027615feat: expose more encryption options to the machine config585152a0chore: bump dependenciesfc66ec59feat: set oom score for main processesdf54584afix: drop linux capabilitiesf65d0b73docs: add 0.11.3 AMIs7332d636fix: bump pkgs for new kernel 5.10.5270d2505bfix: do not require ToVersion to be set when detecting version0953b199chore: update extras to bring a new CNI bundleb6c47f86fix: set the /etc/os-release HOME_URL parameterc780821dfeat: update containerd to 1.5.3, runc to 1.0.1f8f1c83afeat: detect the lowest Kubernetes version in upgrade-k8s CLI command55e17ccdchore: bump dependenciesda6f786cfix: kuberentes => kubernetes typo2e463348fix: pass all logs through the options.Log method4e9c5afbfix: make ethtool optional in link status controllerbf61c2ccfix: write upgrade logs only to the LogOutput if it's defined9c73257cfeat: update Go to 1.16.623ef1d40chore: add ability to redirect talos upgrade module logs to io.Writer33e9d6c9chore: bump github.com/aws/aws-sdk-go in /hack/cloud-image-uploader604434c4chore: bump github.com/prometheus/procfs from 0.6.0 to 0.7.02ea28f62chore: bump node from 16.3.0-alpine to 16.4.2-alpineb358a189fix: correctly pick route scope for link-local destination6848d431feat: can change clusterdns ip lists72b76abffix: workaround issues when IPv6 is fully or partially disabled679b08f4docs: update docs for 0.126fbec9e0fix: cache etcd client used for healthcheckseea750dechore: rename "join" type to "worker"951493acdocs: update what's new for Talos 0.11b47d1098docs: promote 0.11 docs to be the latestd930a265chore: implement DeepCopy for machine configurationfe4ed3c7chore: ignore tags which don't look like semantic versionb969e772chore: update references to old protobuf package2ba8ac9adocs: add documentation directory for 0.12011e2885fix: validate bond slaves addressing10c28758fix: ignore DeadlineExceeded error correctly on bootstrap77fabacechore: ignore future pkg/machinery/vX.Y.Z tags6b661114fix: make COSI runtime history depth smaller9bf899bdfix: make forfeit leadership connect to the right node4708beaefeat: implementtalosctl config infocommand6d13d2cffix: close Kubernetes API clientaaa36f3bfix: ignore 'not a leader' error on forfeit leadership22a41936fix: workaround 'Unauthorized' errors when accessing Kubernetes API71c6f700chore: bump go.mod dependencies915cd8fedocs: add guide for RBACf5721050fix: controlplane keyusage3d772661fix: fill uuid argument correctly in the config download URLd8602025chore: update containerd config version 25949ec4edocs: describe the new network configuration subsystem444d72b4feat: update pkgs versione883c12bfix: make output ofupgrade-k8scommand less scary7f8e50defix: restart the merge controllers on conflict60d73609fix: ignore deadline exceeded errors on bootstrapee06dd69fix: don't print git sha of the release twice in the dashboard07fb61e5fix: issue worker apid certs properly on renewal84817f73chore: bump Talos version in upgrade tests2fa54107chore: fix tests for disabled RBAC78583ba9fix: don't set bond delay options if miimon is not enabledbbf1c091feat: add RBAC totalosctl versionoutput5f6ec3effix: handle cases when merged resource re-appears before being destroyed1e9a0e74fix: documentation typosf228af40chore: bump go.mod dependencies2060ceaachore: add CAPI version to CI setupad047a7dchore: small RBAC improvements
Changes since v0.12.0-alpha.0
12 commits
1ed5e545feat: add ClusterID and ClusterSecret228b3761chore: run etcd as non-root user3518219bchore: drop deprecated--no-rebootparam and KernelCurrentRoot const33d1c3e4chore: run apid and trustd services as non-root userdadaa65dfeat: print uid/gid for the files inls -le6fa401bfix: enable seccomp default profile by default8ddbcc96feat: validate if extra fields present in the decoder5b57a980chore: update Go to 1.16.7, Linux to 5.10.57eefe1c21feat: add new etcd members in learner modeb1c66fbafeat: implement Equinix Metal support for virtual (shared) IP62242f97chore: require GPG signaturesfaecae44feat: make ISO builds reproducible
Changes from talos-systems/crypto
Changes from talos-systems/extras
3 commits
Changes from talos-systems/go-blockdevice
4 commits
Changes from talos-systems/pkgs
17 commits
da4ac04chore: bump tools for Go 1.16.710275fbfeat: update Linux to 5.10.57875c7ecchore: patch grub with support for reproducible ISO builds12856cefeat: increase number of CPUs supported by the kernel to 512cbfabacchore: update ca-certificates to 2021-07-050c011c0feat: update GRUB to 2.065090d14chore: update containerd to v1.5.56653902feat: add kernel drivers for fusion and scsi-isci9b4041fchore: update containerd to v1.5.47b6cc05feat: update kernel to latest 5.10.5265159fbchore: update runc and CNI plugins514ba34feat: disable aufs, devmapper, zfs6bc118fchore: update runc and containerdb6fca88feat: update Go to 1.16.6fd56852chore: updateopen-isnsandopen-iscsid779204chore: update dosfstools to v4.2bc7c0d7feat: add support for hotplug of PCIE devices
Changes from talos-systems/tools
5 commits
Dependency Changes
- github.com/BurntSushi/toml v0.3.1 -> v0.4.1
- github.com/aws/aws-sdk-go v1.38.66 -> v1.40.2
- github.com/containerd/containerd v1.5.2 -> v1.5.5
- github.com/cosi-project/runtime 93ead370bf57 -> 25f235cd0682
- github.com/docker/docker v20.10.7 -> v20.10.8
- github.com/google/uuid v1.2.0 -> v1.3.0
- github.com/hashicorp/go-getter v1.5.4 -> v1.5.6
- github.com/opencontainers/runtime-spec e6143ca7d51d -> 1c3f411f0417
- github.com/packethost/packngo v0.19.0 new
- github.com/prometheus/procfs v0.6.0 -> v0.7.2
- github.com/rivo/tview d4fb0348227b -> 29d673af0ce2
- github.com/spf13/cobra v1.1.3 -> v1.2.1
- github.com/talos-systems/crypto v0.3.1 -> deec8d47700e
- github.com/talos-systems/extras v0.4.0 -> v0.5.0-alpha.0-2-g8ce17e5
- github.com/talos-systems/go-blockdevice v0.2.1 -> v0.2.3
- github.com/talos-systems/pkgs v0.6.0-1-g7b2e126 -> v0.7.0-alpha.0-16-gda4ac04
- github.com/talos-systems/tools v0.6.0 -> v0.7.0-alpha.0-3-g2368154
- github.com/vmware-tanzu/sonobuoy v0.52.0 -> v0.53.0
- go.uber.org/zap v1.17.0 -> v1.18.1
- golang.org/x/net 04defd469f4e -> 853a461950ff
- golang.org/x/sys 59db8d763f22 -> 0f9fa26af87c
- golang.org/x/time 38a9dc6acbc6 -> 1f47c861a9ac
- google.golang.org/grpc v1.38.0 -> v1.39.1
- google.golang.org/protobuf v1.26.0 -> v1.27.1
- inet.af/netaddr bf05d8b52dda -> ce7a8ad02cc1
- k8s.io/api v0.21.2 -> v0.22.0
- k8s.io/apimachinery v0.21.2 -> v0.22.0
- k8s.io/apiserver v0.21.2 -> v0.22.0
- k8s.io/client-go v0.21.2 -> v0.22.0
- k8s.io/cri-api v0.21.2 -> v0.22.0
- k8s.io/kubectl v0.21.2 -> v0.22.0
- k8s.io/kubelet v0.21.2 -> v0.22.0
Previous release can be found at v0.11.0
Talos 0.12.0-alpha.0 (2021-08-11)
Welcome to the v0.12.0-alpha.0 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.
Support for Self-hosted Control Plane Dropped
Note
: This item only applies to clusters bootstrapped with Talos <= 0.8.
Talos 0.12 completely removes support for self-hosted Kubernetes control plane (bootkube-based).
Talos 0.9 introduced support for Talos-managed control plane and provided migration path to convert self-hosted control plane
to Talos-managed static pods.
Automated and manual conversion process is available in Talos from 0.9.x to 0.11.x.
For clusters bootstrapped with bootkube (Talos <= 0.8), please make sure control plane is converted to Talos-managed before
before upgrading to Talos 0.12.
Current control plane status can be checked with talosctl get bootstrapstatus before performing upgrade to Talos 0.12.
Cluster API v0.3.x
Cluster API v0.3.x (v1alpha3) is not compatible with Kubernetes 1.22 used by default in Talos 0.12. Talos can be configued to use Kubernetes 1.21 or CAPI v0.4.x components can be used instead.
Sysctl Configuration
Sysctl Kernel Params configuration was completely rewritten to be based on controllers and resources,
which makes it possible to apply .machine.sysctls in immediate mode (without a reboot).
talosctl get kernelparams returns merged list of KSPP, Kubernetes and user defined params along with
the default values overwritten by Talos.
Join Node Type
Node type join was renamed to worker for clarity. The old value is still accepted in the machine configuration but deprecated.
talosctl gen config now generates worker.yaml instead of join.yaml.
Networking
- multiple static addresses can be specified for the interface with new
.addressesfield (old.cidrfield is deprecated now) - static addresses can be set on interfaces configured with DHCP
Performance
- machined uses less memory and CPU time
- more disk encryption options are exposed via the machine configuration
- disk partitions are now aligned properly with minimum I/O size
- Talos system processes are moved under proper cgroups, resource metrics are now available via the kubelet
- OOM score is set on the system processes making sure they are killed last under memory pressure
Security
- etcd PKI moved to
/system/secrets - kubelet bootstrap CSR auto-signing scoped to kubelet bootstrap tokens only
Component Updates
- Linux: 5.10.52
- Kubernetes: 1.22.0
- containerd: 1.5.5
- runc: 1.0.1
- GRUB: 2.06
- Talos is built with Go 1.16.6
Contributors
- Andrey Smirnov
- Alexey Palazhchenko
- Serge Logvinov
- Andrey Smirnov
- Artem Chernyshev
- Spencer Smith
- Alexey Palazhchenko
- dependabot[bot]
- Rui Lopes
- Andrew Rynhard
- Caleb Woodbine
Changes
96 commits
a15f0184fix: move etcd PKI under /system/secretseb02afe1fix: match correctly routes on the address familycb948accfeat: allow multiple addresses per interfacee030b2e8chore: use k8s 1.21.3 in CAPI tests for nowe08b4f8ffeat: implement sysctl controllersfdf6b243chore: revert "improve artifacts generation reproducibility"b68ed1ebfix: make route resources ID match closer routing table primary key585f6337fix: correctly handle nodoc for struct fieldsf2d394dcdocs: add AMIs for v0.11.5d0970cbffeat: bootstrap token limit5285a46dfix: maintenance mode reason message009d15e8chore: use etcd client TryLock function on upgrade4dae9ea5chore: use vtprotobuf compiled marshaling in Talos API7ca5749achore: bump dependencies via dependabotb2507b41chore: improve artifacts generation reproducibility1f7dad23chore: update PKGS version (512 cpus, new ca-certficates)1a2e78a2fix: update go-blockdevice6d6ed117chore: use parallel xz with higher compression level571f7db1chore: workaround GitHub new release notes limit09d70b7efeat: update Kubernetes to v1.22.0f25f10e7feat: add an option to disable PSP7c6e4cf2feat: allow both DHCP and static addressing for the interface3c566dbcfix: remove admission plugins enabled by default from the list69ead373fix: preserve PMBR bootable flag correctlydee63051fix: align partitions with minimal I/O size62890229feat: update GRUB to 2.06b9d04928feat: move system processes to cgroups0b8681b4fix: resolve several issues with Wireguard link specsf8f4bf3bdocs: add disk encryptions examples79b8fa64feat: update containerd to 1.5.5539f4209chore: bump dependencies via dependabot0c7ce1cdfeat: remove remnants of bootkube supportd4f9804fchore: fix typos5f027615feat: expose more encryption options to the machine config585152a0chore: bump dependenciesfc66ec59feat: set oom score for main processesdf54584afix: drop linux capabilitiesf65d0b73docs: add 0.11.3 AMIs7332d636fix: bump pkgs for new kernel 5.10.5270d2505bfix: do not require ToVersion to be set when detecting version0953b199chore: update extras to bring a new CNI bundleb6c47f86fix: set the /etc/os-release HOME_URL parameterc780821dfeat: update containerd to 1.5.3, runc to 1.0.1f8f1c83afeat: detect the lowest Kubernetes version in upgrade-k8s CLI command55e17ccdchore: bump dependenciesda6f786cfix: kuberentes => kubernetes typo2e463348fix: pass all logs through the options.Log method4e9c5afbfix: make ethtool optional in link status controllerbf61c2ccfix: write upgrade logs only to the LogOutput if it's defined9c73257cfeat: update Go to 1.16.623ef1d40chore: add ability to redirect talos upgrade module logs to io.Writer33e9d6c9chore: bump github.com/aws/aws-sdk-go in /hack/cloud-image-uploader604434c4chore: bump github.com/prometheus/procfs from 0.6.0 to 0.7.02ea28f62chore: bump node from 16.3.0-alpine to 16.4.2-alpineb358a189fix: correctly pick route scope for link-local destination6848d431feat: can change clusterdns ip lists72b76abffix: workaround issues when IPv6 is fully or partially disabled679b08f4docs: update docs for 0.126fbec9e0fix: cache etcd client used for healthcheckseea750dechore: rename "join" type to "worker"951493acdocs: update what's new for Talos 0.11b47d1098docs: promote 0.11 docs to be the latestd930a265chore: implement DeepCopy for machine configurationfe4ed3c7chore: ignore tags which don't look like semantic versionb969e772chore: update references to old protobuf package2ba8ac9adocs: add documentation directory for 0.12011e2885fix: validate bond slaves addressing10c28758fix: ignore DeadlineExceeded error correctly on bootstrap77fabacechore: ignore future pkg/machinery/vX.Y.Z tags6b661114fix: make COSI runtime history depth smaller9bf899bdfix: make forfeit leadership connect to the right node4708beaefeat: implementtalosctl config infocommand6d13d2cffix: close Kubernetes API clientaaa36f3bfix: ignore 'not a leader' error on forfeit leadership22a41936fix: workaround 'Unauthorized' errors when accessing Kubernetes API71c6f700chore: bump go.mod dependencies915cd8fedocs: add guide for RBACf5721050fix: controlplane keyusage3d772661fix: fill uuid argument correctly in the config download URLd8602025chore: update containerd config version 25949ec4edocs: describe the new network configuration subsystem444d72b4feat: update pkgs versione883c12bfix: make output ofupgrade-k8scommand less scary7f8e50defix: restart the merge controllers on conflict60d73609fix: ignore deadline exceeded errors on bootstrapee06dd69fix: don't print git sha of the release twice in the dashboard07fb61e5fix: issue worker apid certs properly on renewal84817f73chore: bump Talos version in upgrade tests2fa54107chore: fix tests for disabled RBAC78583ba9fix: don't set bond delay options if miimon is not enabledbbf1c091feat: add RBAC totalosctl versionoutput5f6ec3effix: handle cases when merged resource re-appears before being destroyed1e9a0e74fix: documentation typosf228af40chore: bump go.mod dependencies2060ceaachore: add CAPI version to CI setupad047a7dchore: small RBAC improvements
Changes from talos-systems/crypto
Changes from talos-systems/extras
Changes from talos-systems/go-blockdevice
4 commits
Changes from talos-systems/pkgs
14 commits
12856cefeat: increase number of CPUs supported by the kernel to 512cbfabacchore: update ca-certificates to 2021-07-050c011c0feat: update GRUB to 2.065090d14chore: update containerd to v1.5.56653902feat: add kernel drivers for fusion and scsi-isci9b4041fchore: update containerd to v1.5.47b6cc05feat: update kernel to latest 5.10.5265159fbchore: update runc and CNI plugins514ba34feat: disable aufs, devmapper, zfs6bc118fchore: update runc and containerdb6fca88feat: update Go to 1.16.6fd56852chore: updateopen-isnsandopen-iscsid779204chore: update dosfstools to v4.2bc7c0d7feat: add support for hotplug of PCIE devices
Changes from talos-systems/tools
4 commits
Dependency Changes
- github.com/BurntSushi/toml v0.3.1 -> v0.4.1
- github.com/aws/aws-sdk-go v1.38.66 -> v1.40.2
- github.com/containerd/containerd v1.5.2 -> v1.5.5
- github.com/cosi-project/runtime 93ead370bf57 -> 25f235cd0682
- github.com/docker/docker v20.10.7 -> v20.10.8
- github.com/google/uuid v1.2.0 -> v1.3.0
- github.com/hashicorp/go-getter v1.5.4 -> v1.5.6
- github.com/opencontainers/runtime-spec e6143ca7d51d -> 1c3f411f0417
- github.com/prometheus/procfs v0.6.0 -> v0.7.2
- github.com/rivo/tview d4fb0348227b -> 29d673af0ce2
- github.com/spf13/cobra v1.1.3 -> v1.2.1
- github.com/talos-systems/crypto v0.3.1 -> deec8d47700e
- github.com/talos-systems/extras v0.4.0 -> v0.5.0-alpha.0-1-g4957f3c
- github.com/talos-systems/go-blockdevice v0.2.1 -> v0.2.3
- github.com/talos-systems/pkgs v0.6.0-1-g7b2e126 -> v0.7.0-alpha.0-13-g12856ce
- github.com/talos-systems/tools v0.6.0 -> v0.7.0-alpha.0-2-g7172a5d
- github.com/vmware-tanzu/sonobuoy v0.52.0 -> v0.53.0
- go.uber.org/zap v1.17.0 -> v1.18.1
- golang.org/x/net 04defd469f4e -> 853a461950ff
- golang.org/x/sys 59db8d763f22 -> 0f9fa26af87c
- golang.org/x/time 38a9dc6acbc6 -> 1f47c861a9ac
- google.golang.org/grpc v1.38.0 -> v1.39.1
- google.golang.org/protobuf v1.26.0 -> v1.27.1
- inet.af/netaddr bf05d8b52dda -> ce7a8ad02cc1
- k8s.io/api v0.21.2 -> v0.22.0
- k8s.io/apimachinery v0.21.2 -> v0.22.0
- k8s.io/apiserver v0.21.2 -> v0.22.0
- k8s.io/client-go v0.21.2 -> v0.22.0
- k8s.io/cri-api v0.21.2 -> v0.22.0
- k8s.io/kubectl v0.21.2 -> v0.22.0
- k8s.io/kubelet v0.21.2 -> v0.22.0
Previous release can be found at v0.11.0
Talos 0.11.0-alpha.2 (2021-06-23)
Welcome to the v0.11.0-alpha.2 release of Talos! This is a pre-release of Talos
Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.
Default to Bootstrap workflow
The init.yaml is no longer an output of talosctl gen config.
We now encourage using the bootstrap API, instead of init node types, as we
intend on deprecating this machine type in the future.
The init.yaml and controlplane.yaml machine configs are identical with the
exception of the machine type.
Users can use a modified controlplane.yaml with the machine type set to
init if they would like to avoid using the bootstrap API.
Component Updates
- containerd was updated to 1.5.2
- Linux kernel was updated to 5.10.45
- Kubernetes was updated to 1.21.2
- etcd was updated to 3.4.16
CoreDNS
Added the flag cluster.coreDNS.disabled to coreDNS deployment during the cluster bootstrap.
Legacy BIOS Support
Added an option to the machine.install section of the machine config that can enable marking MBR partition bootable
for the machines that have legacy BIOS which does not support GPT partitioning scheme.
Multi-arch Installer
Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture.
This means that e.g. images for arm64 SBCs can be generated on amd64 host.
Networking Configuration
Talos networking configuration was completely rewritten to be based on controllers
and resources.
There are no changes to the machine configuration, but any update to .machine.network can now
be applied in immediate mode (without a reboot).
Talos should be setting up network configuration much faster on boot now, not blocking on DHCP for unconfigured
interfaces and skipping the reset network step.
Talos API RBAC
Limited RBAC support in Talos API is now enabled by default for Talos 0.11.
Default talosconfig has os:admin role embedded in the certificate so that all the APIs are available.
Certificates with reduced set of roles can be created with talosctl config new command.
When upgrading from Talos 0.10, RBAC is not enabled by default. Before enabling RBAC, generate talosconfig with
os:admin role first to make sure that administrator still has access to the cluster when RBAC is enabled.
List of available roles:
os:adminrole enables every Talos APIos:readerrole limits access to read-only APIs which do not return sensitive dataos:etcd:backuprole only allowstalosctl etcd snapshotAPI call (for etcd backup automation)
Contributors
- Andrey Smirnov
- Alexey Palazhchenko
- Artem Chernyshev
- Serge Logvinov
- Jorik Jonker
- Spencer Smith
- Andrew Rynhard
- Andrew LeCody
- Kevin Hellemun
- Seán C McCord
- Boran Car
- Brandon Nason
- Gabor Nyiri
- Gabor Nyiri
- Joost Coelingh
- Lance R. Vick
- Lennard Klein
- Sébastien Bernard
- Sébastien Bernard
Changes
162 commits
0731be90feat: add cloud images to releasesb52b2066feat: split etcd certificates to peer/client33119d2bchore: add an option to launch cluster with bad RTC stated8c2bca1feat: reimplement apid certificate generation on top of COSI3c1b3219chore: refactor CLI tests0fd9ea2dfeat: enable MACVTAP support898673e8chore: update e2e tests to use latest capi releasese26c5583docs: add AMI IDs for Talos 0.10.472ef48f0fix: assign source address to the DHCP default gateway routes004885a3feat: update Linux kernel to 5.10.45, etcd to 3.4.16821f469afeat: skip overlay mount checks with dockerb6e02311feat: use COSI RD's sensitivity for RBAC46751c1afeat: improve security of Kubernetes control plane components0f659622fix: build with custom kernel/rootfs5b5089abfix: mark kube-proxy as system critical priority42c16f67chore: bump dependencies60f78419chore: bump etcd client libraries to final 3.5.0 release2b0de9edfeat: improve security of Kubernetes control plane components48a5c460docs: provide more storage detailse13d905crelease(v0.11.0-alpha.1): prepare release70ac771efix: use localhost API server endpoint for internal communicationa941eb7dfeat: improve security of Kubernetes control plane components3aae94e5feat: provide Kubernetes nodename as a COSI resource06209bbachore: update RBAC rules, remove old APIs9f24b519chore: remove bootkube check from cluster health check4ac9bea2fix: stop etcd client logs from going to the server consolef63ab9ddfeat: implementtalosctl config newcommandfa15a668fix: don't enable RBAC feature in the config for Talos < 0.112dc27d99fix: do not format state partition in the initialize sequenceb609f33cfix: update networking stack after Equnix Metal testing243a3b53fix: separate healthy and unknown flags in the service resource1a1378befix: update retry package with a fix for errors.Iscb83edd7fix: wait for the network to be ready in mainteancne mode96f89071feat: update controller-runtime logs to console level on config.debug973069b6feat: support NFS 4.1654dcad4chore: bump dependencies via dependabotd7394457fix: don't treat ethtool errors as fatalf2ae9cd0feat: replace networkd with new network implementationcaec3063fix: do not complain about empty roles11918a11docs: update community meeting timeaeddb9c0feat: implement platform config controller (hostnames)1ece334dfeat: implement controller which runs network operators744ea8a5fix: do not add bootstrap contents option if tail events is not 05029edfbfix: overwrite nodes in the gRPC metadata6a35c8f1feat: implement virtual IP (shared IP) network operator0f3b8380chore: expose WatchRequest in the resources client11e258b1feat: implement operator configuration controllerce3815e7feat: implement DHCP6 operatorf010d99afeat: implement operator framework with DHCP4 as the first examplef93c9c8ffeat: bring unconfigured links with link carrier up by default02bd657bfeat: implement network.Status resource and controllerda329f00feat: enable RBAC by default0f168a88feat: add configuration for enabling RBACe74f789bfeat: implement EtcFileController to render files in/etc5aede1a8fix: prefer extraConfig over OVF env, skip empty config5ad314fefeat: implement basic RBAC interceptorsc031be81chore: use Go 1.16.58b0763f6chore: bump dependencies via dependabot8b8de11dfeat: implement new controllers for hostname, resolvers and time servers24859b14docs: update Rpi4 firmware guide62c702c4fix: remove conflicting etcd member on rejoin with empty data directoryff62a599fix: drop into maintenance mode if config URL isnone(metal)14e696d0feat: update COSI runtime and add support for tail in the Talos gRPCa71053fcfeat: default to bootstrap workflow76aac4bbfeat: implement CPU and Memory stats controller8f90c6a8feat: parse Talos-specific cmdline paramsed10e139feat: implement NodeAddress controller33db8857fix: use COSI runtime DestroyReady input type6e775363refactor: rename *.Status() to *.TypedSpec() in the resources97627061docs: set static IP on ISO install mode5811f4ddfeat: implement link (interface) controllers046b229bchore: skip building multi-arch installer for race-enabled build73fbb4b5fix: only fetch machine uuid if it's not setf112a540fix: clean up stale snapshots on container startc036b949chore: bump dependenciesa4d67a01feat: add the ability to disable CoreDNS76dbfb36feat: add ability to mark MBR partition bootablee0f5b1e2chore: split mgmt/gen.go into several filesfad1b4f1chore: fix go generate for the machinery1117294arelease(v0.11.0-alpha.0): prepare releasec0962946chore: prepare for 0.11 release series72359765feat: enable GORACE=halt_on_panic=1 in machined binary0acb04adfeat: implement route network controllersf5bf88a4feat: create certificates with os:admin role1db301edfeat: switch controller-runtime to zap.Loggerf7cf64d4fix: add talos.config to the vApp Properties in VMware OVA209527ecdocs: add AMIs for Talos 0.10.359cfd312chore: bump dependencies via dependabot1edb20cffeat: extract config generationaf77c295docs: update wirguard guide4fe69121test: bettertalosctl lstests04ddda96feat: update containerd to 1.5.2, runc to 1.0.0-rc9549c7276bchore: fix markdown linting7270495adocs: add mayastor quickstartd3d9112fdocs: fix spelling/grammar in What's New for Talos 0.982804414test: provide a way to force different boot order in provision librarya1c0e99adocs: add guide for deploying metrics-server6bc6658bfeat: update containerd to 1.5.1c6567faechore: dependabot updates61ccbb3fchore: keep debug symbols in debug builds1ce362e0docs: update customizing kernel build stepsa26174b5fix: properly compose pattern and header in etcd members output0825cf11fix: stop networkd and pods before leaving etcd on upgradebed6b15dfix: properly populate AllowSchedulingOnMasters option in gen config RPC071f0445feat: implement AddressSpec handling76e38b7bfeat: update Kubernetes to 1.21.19b1338d9chore: parse "boolean" variablesc81cfb21chore: allow building with debug handlersc9651673feat: update go-smbios library95c656fbfeat: update containerd to 1.5.0, runc to 1.0.0-rc94db9c35b5feat: implement AddressStatusController1cf011a8chore: bump dependencies via dependabote3f407a1fix: properly pass disk type selector from config to matcher66b2b450feat: add resources and use HTTPS checks in control plane pods4ffd7c0afix: stop networkd before leaving etcd on 'reset' path610d38d3docs: add AMIs for 0.10.1, collapse list of AMIs by default807497ecchore: make conformance pipeline depend on cron-default3c121359feat: implement LinkStatusController0e8de046fix: update go-blockdevice to fix disk type detection4d50a4edfix: update the way NTP sync usesadjtimexsyscall1a85c14afix: avoid data race on CRI pod stop5de8dbc0fix: repair pine64 support38239097fix: properly parse matcher expressionse54b6b7achore: update dependencies via dependabotf2caed0dchore: use extracted talos-systems/go-kmsg library79d804c5docs: fix typosa2bb390efeat: deterministic buildse480fedffeat: add USB serial drivers79299d76docs: add Matrix room links1b3e8b09docs: add survey to README8d51c9bbdocs: update redirects to Talos 0.101092c3a5feat: add Pine64 SBC support63e01754feat: pull kernel with VMware balloon module enabledaeec99d8chore: remove temporary fork0f49722dfeat: add--config-patchflag by node typea01b1d22chore: dump dependencies via dependabotd540a4a4fix: bump crypto library for the CSR verification fixc3a4173echore: remove security API ReadFile/WriteFile38037131chore: update wgctrl dependecyd9ba0fd0docs: create v0.11 docs, promote v0.10 docs, add v0.10 AMIs2261d7edfix: use both self-signed and Kubernetes CA to verify Kubelet certa3537a69docs: update cloud images for Talos v0.9.35b9ee861docs: add what's new for Talos 0.10f1107fa3docs: add survey93623d47docs: update AWS instructionsa739d1b8feat: add support of custom registry CA certificate usage7f468d35fix: update osType in OVA other3xLinux64Guest"4a184b67docs: add etcd backup and restore guide5fb38d3echore: refactor Dockerfile for cross-compilationa8f1e526chore: build talosctl for Darwin / Apple Siliconeb0b64d3chore: list specifically for enabled regions669a0cbdfix: check if OVF env is emptyda92049cchore: use codecov from the build container9996d4b0chore: use REGISTRY_MIRROR_FLAGS if defined05cbe250chore: bump dependencies via dependabot9a91142afeat: print complete member info in etcd membersbb40d6ddfeat: update pkgs versione7a9164btest: implementtalosctl conformancecommand to run e2e tests6cb266e7fix: update etcd client errors, print etcd join failures0bd8b0e8feat: provide an option to recover etcd from data directory copyf9818540chore: fix conform with scopes21018f28chore: bump website node.js dependencies
Changes since v0.11.0-alpha.1
19 commits
0731be90feat: add cloud images to releasesb52b2066feat: split etcd certificates to peer/client33119d2bchore: add an option to launch cluster with bad RTC stated8c2bca1feat: reimplement apid certificate generation on top of COSI3c1b3219chore: refactor CLI tests0fd9ea2dfeat: enable MACVTAP support898673e8chore: update e2e tests to use latest capi releasese26c5583docs: add AMI IDs for Talos 0.10.472ef48f0fix: assign source address to the DHCP default gateway routes004885a3feat: update Linux kernel to 5.10.45, etcd to 3.4.16821f469afeat: skip overlay mount checks with dockerb6e02311feat: use COSI RD's sensitivity for RBAC46751c1afeat: improve security of Kubernetes control plane components0f659622fix: build with custom kernel/rootfs5b5089abfix: mark kube-proxy as system critical priority42c16f67chore: bump dependencies60f78419chore: bump etcd client libraries to final 3.5.0 release2b0de9edfeat: improve security of Kubernetes control plane components48a5c460docs: provide more storage details
Changes from talos-systems/crypto
8 commits
d3cb772feat: make possible to change KeyUsage6bc5bb5chore: remove unused argumentcd18ef6feat: add support for several organizations97c888bchore: add options to CSR7776057chore: fix typos80df078chore: remove named result parameters15bdd28chore: minor updates4f80b97fix: verify CSR signature before issuing a certificate
Changes from talos-systems/extras
Changes from talos-systems/go-blockdevice
3 commits
Changes from talos-systems/go-debug
5 commits
Changes from talos-systems/go-kmsg
Changes from talos-systems/go-loadbalancer
3 commits
Changes from talos-systems/go-retry
3 commits
Changes from talos-systems/go-smbios
Changes from talos-systems/pkgs
22 commits
41d6cccfeat: enable MACVTAP support96072f8feat: enable adiantum block encryption (both amd64 arm64)f5eac03feat: update Linux to 5.10.45d756119feat: enable HP ILO kernel module (both amd64 arm64)2d51360feat: support NFS 4.1e63e4e9feat: bump tools for Go 1.16.51f8af29feat: update Linux to 5.10.38a3a6650feat: update containerd to 1.5.2c70ea44feat: update runc to 1.0.0-rc95db60235feat: add support for netxen cardf934187feat: update containerd to 1.5.1e8ed5bcfeat: add geneve encapsulation support for openvswitch9f7903cfeat: update containerd to 1.5.0, runc to -rc94d7c0f70feat: add AES-NI support for amd64b0d9cd2fix: buildzbinutility for both amd64 and arm64bb39b97feat: add IPMI support in kernel1148f9afeat: add DS1307 RTC support for arm64350aa6ffeat: add USB serial supportde9c582feat: add Pine64 SBC supportb56f36bfeat: enable VMware baloon kernel modulef87c194feat: add iPXE build with embedded placeholder scripta8b9e71feat: add cpu scaling for rpi
Changes from talos-systems/tools
Dependency Changes
- github.com/aws/aws-sdk-go v1.27.0 new
- github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
- github.com/containerd/containerd v1.4.4 -> v1.5.2
- github.com/containerd/go-cni v1.0.1 -> v1.0.2
- github.com/containerd/typeurl v1.0.1 -> v1.0.2
- github.com/coreos/go-iptables v0.5.0 -> v0.6.0
- github.com/cosi-project/runtime 10d6103c19ab -> f1649aff7641
- github.com/docker/docker v20.10.4 -> v20.10.7
- github.com/emicklei/dot v0.15.0 -> v0.16.0
- github.com/evanphx/json-patch v4.9.0 -> v4.11.0
- github.com/fatih/color v1.10.0 -> v1.12.0
- github.com/google/go-cmp v0.5.5 -> v0.5.6
- github.com/google/gofuzz v1.2.0 new
- github.com/googleapis/gnostic v0.5.5 new
- github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
- github.com/hashicorp/go-getter v1.5.2 -> v1.5.4
- github.com/imdario/mergo v0.3.12 new
- github.com/insomniacslk/dhcp cc9239ac6294 -> 465dd6c35f6c
- github.com/jsimonetti/rtnetlink 1b79e63a70a0 -> 9c52e516c709
- github.com/magiconair/properties v1.8.5 new
- github.com/mattn/go-isatty v0.0.12 -> v0.0.13
- github.com/mdlayher/arp f72070a231fc new
- github.com/mdlayher/ethtool 2b88debcdd43 new
- github.com/mdlayher/netlink v1.4.0 -> v1.4.1
- github.com/mdlayher/raw 51b895745faf new
- github.com/mitchellh/mapstructure v1.4.1 new
- github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> e6143ca7d51d
- github.com/pelletier/go-toml v1.9.0 new
- github.com/rivo/tview 8a8f78a6dd01 -> d4fb0348227b
- github.com/rs/xid v1.2.1 -> v1.3.0
- github.com/sirupsen/logrus v1.8.1 new
- github.com/spf13/afero v1.6.0 new
- github.com/spf13/cast v1.3.1 new
- github.com/spf13/viper v1.7.1 new
- github.com/talos-systems/crypto 39584f1b6e54 -> d3cb77220384
- github.com/talos-systems/extras v0.3.0 -> v0.3.0-1-g4fe2706
- github.com/talos-systems/go-blockdevice 1d830a25f64f -> v0.2.1
- github.com/talos-systems/go-debug 3d0a6e1bf5e3 new
- github.com/talos-systems/go-kmsg v0.1.0 new
- github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
- github.com/talos-systems/go-retry b9dc1a990133 -> c78cc953d9e9
- github.com/talos-systems/go-smbios fb425d4727e6 -> d3a32bea731a
- github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-alpha.0-12-g41d6ccc
- github.com/talos-systems/talos/pkg/machinery
8ffb55943c-> 000000000000 - github.com/talos-systems/tools v0.5.0 -> v0.5.0-1-gc8c2a18
- github.com/vishvananda/netns 2eb08e3e575f new
- github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.51.0
- github.com/vmware/govmomi v0.24.0 -> v0.26.0
- go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0
- go.etcd.io/etcd/client/pkg/v3 v3.5.0 new
- go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0
- go.etcd.io/etcd/etcdutl/v3 v3.5.0 new
- go.uber.org/zap v1.17.0 new
- golang.org/x/net e18ecbb05110 -> 04defd469f4e
- golang.org/x/oauth2 81ed05c6b58c new
- golang.org/x/sys 77cc2087c03b -> 59db8d763f22
- golang.org/x/term 6a3ed077a48d -> 6886f2dfbf5b
- golang.org/x/time f8bda1e9f3ba -> 38a9dc6acbc6
- golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> 92e472f520a5
- google.golang.org/appengine v1.6.7 new
- google.golang.org/grpc v1.37.0 -> v1.38.0
- gopkg.in/ini.v1 v1.62.0 new
- inet.af/netaddr 1d252cf8125e new
- k8s.io/api v0.21.0 -> v0.21.2
- k8s.io/apimachinery v0.21.0 -> v0.21.2
- k8s.io/apiserver v0.21.0 -> v0.21.2
- k8s.io/client-go v0.21.0 -> v0.21.2
- k8s.io/cri-api v0.21.0 -> v0.21.2
- k8s.io/kubectl v0.21.0 -> v0.21.2
- k8s.io/kubelet v0.21.0 -> v0.21.2
- k8s.io/utils 2afb4311ab10 new
- sigs.k8s.io/structured-merge-diff/v4 v4.1.1 new
Previous release can be found at v0.10.0
Talos 0.11.0-alpha.1 (2021-06-18)
Welcome to the v0.11.0-alpha.1 release of Talos! This is a pre-release of Talos
Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.
Default to Bootstrap workflow
The init.yaml is no longer an output of talosctl gen config.
We now encourage using the bootstrap API, instead of init node types, as we
intend on deprecating this machine type in the future.
The init.yaml and controlplane.yaml machine configs are identical with the
exception of the machine type.
Users can use a modified controlplane.yaml with the machine type set to
init if they would like to avoid using the bootstrap API.
Component Updates
- containerd was updated to 1.5.2
- Linux kernel was updated to 5.10.38
CoreDNS
Added the flag cluster.coreDNS.disabled to coreDNS deployment during the cluster bootstrap.
Legacy BIOS Support
Added an option to the machine.install section of the machine config that can enable marking MBR partition bootable
for the machines that have legacy BIOS which does not support GPT partitioning scheme.
Multi-arch Installer
Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture.
This means that e.g. images for arm64 SBCs can be generated on amd64 host.
Networking Configuration
Talos networking configuration was completely rewritten to be based on controllers
and resources.
There are no changes to the machine configuration, but any update to .machine.network can now
be applied in immediate mode (without a reboot).
Talos should be setting up network configuration much faster on boot now, not blocking on DHCP for unconfigured
interfaces and skipping the reset network step.
Talos API RBAC
Limited RBAC support in Talos API is now enabled by default for Talos 0.11.
Default talosconfig has os:admin role embedded in the certificate so that all the APIs are available.
Certificates with reduced set of roles can be created with talosctl config new command.
When upgrading from Talos 0.10, RBAC is not enabled by default. Before enabling RBAC, generate talosconfig with
os:admin role first to make sure that administrator still have access to the cluster when RBAC is enabled.
List of available roles:
os:adminrole enables every Talos APIos:readerrole limits access to read-only APIs which do not return sensitive informtationos:etcd:backuprole only allowstalosctl etcd snapshotAPI call (for etcd backup automation)
Contributors
- Andrey Smirnov
- Alexey Palazhchenko
- Artem Chernyshev
- Jorik Jonker
- Spencer Smith
- Andrew Rynhard
- Serge Logvinov
- Andrew LeCody
- Kevin Hellemun
- Boran Car
- Brandon Nason
- Gabor Nyiri
- Joost Coelingh
- Lance R. Vick
- Lennard Klein
- Seán C McCord
- Sébastien Bernard
- Sébastien Bernard
Changes
143 commits
f8e1cf09release(v0.11.0-alpha.1): prepare release70ac771efix: use localhost API server endpoint for internal communicationa941eb7dfeat: improve security of Kubernetes control plane components3aae94e5feat: provide Kubernetes nodename as a COSI resource06209bbachore: update RBAC rules, remove old APIs9f24b519chore: remove bootkube check from cluster health check4ac9bea2fix: stop etcd client logs from going to the server consolef63ab9ddfeat: implementtalosctl config newcommandfa15a668fix: don't enable RBAC feature in the config for Talos < 0.112dc27d99fix: do not format state partition in the initialize sequenceb609f33cfix: update networking stack after Equnix Metal testing243a3b53fix: separate healthy and unknown flags in the service resource1a1378befix: update retry package with a fix for errors.Iscb83edd7fix: wait for the network to be ready in mainteancne mode96f89071feat: update controller-runtime logs to console level on config.debug973069b6feat: support NFS 4.1654dcad4chore: bump dependencies via dependabotd7394457fix: don't treat ethtool errors as fatalf2ae9cd0feat: replace networkd with new network implementationcaec3063fix: do not complain about empty roles11918a11docs: update community meeting timeaeddb9c0feat: implement platform config controller (hostnames)1ece334dfeat: implement controller which runs network operators744ea8a5fix: do not add bootstrap contents option if tail events is not 05029edfbfix: overwrite nodes in the gRPC metadata6a35c8f1feat: implement virtual IP (shared IP) network operator0f3b8380chore: expose WatchRequest in the resources client11e258b1feat: implement operator configuration controllerce3815e7feat: implement DHCP6 operatorf010d99afeat: implement operator framework with DHCP4 as the first examplef93c9c8ffeat: bring unconfigured links with link carrier up by default02bd657bfeat: implement network.Status resource and controllerda329f00feat: enable RBAC by default0f168a88feat: add configuration for enabling RBACe74f789bfeat: implement EtcFileController to render files in/etc5aede1a8fix: prefer extraConfig over OVF env, skip empty config5ad314fefeat: implement basic RBAC interceptorsc031be81chore: use Go 1.16.58b0763f6chore: bump dependencies via dependabot8b8de11dfeat: implement new controllers for hostname, resolvers and time servers24859b14docs: update Rpi4 firmware guide62c702c4fix: remove conflicting etcd member on rejoin with empty data directoryff62a599fix: drop into maintenance mode if config URL isnone(metal)14e696d0feat: update COSI runtime and add support for tail in the Talos gRPCa71053fcfeat: default to bootstrap workflow76aac4bbfeat: implement CPU and Memory stats controller8f90c6a8feat: parse Talos-specific cmdline paramsed10e139feat: implement NodeAddress controller33db8857fix: use COSI runtime DestroyReady input type6e775363refactor: rename *.Status() to *.TypedSpec() in the resources97627061docs: set static IP on ISO install mode5811f4ddfeat: implement link (interface) controllers046b229bchore: skip building multi-arch installer for race-enabled build73fbb4b5fix: only fetch machine uuid if it's not setf112a540fix: clean up stale snapshots on container startc036b949chore: bump dependenciesa4d67a01feat: add the ability to disable CoreDNS76dbfb36feat: add ability to mark MBR partition bootablee0f5b1e2chore: split mgmt/gen.go into several filesfad1b4f1chore: fix go generate for the machinery1117294arelease(v0.11.0-alpha.0): prepare releasec0962946chore: prepare for 0.11 release series72359765feat: enable GORACE=halt_on_panic=1 in machined binary0acb04adfeat: implement route network controllersf5bf88a4feat: create certificates with os:admin role1db301edfeat: switch controller-runtime to zap.Loggerf7cf64d4fix: add talos.config to the vApp Properties in VMware OVA209527ecdocs: add AMIs for Talos 0.10.359cfd312chore: bump dependencies via dependabot1edb20cffeat: extract config generationaf77c295docs: update wirguard guide4fe69121test: bettertalosctl lstests04ddda96feat: update containerd to 1.5.2, runc to 1.0.0-rc9549c7276bchore: fix markdown linting7270495adocs: add mayastor quickstartd3d9112fdocs: fix spelling/grammar in What's New for Talos 0.982804414test: provide a way to force different boot order in provision librarya1c0e99adocs: add guide for deploying metrics-server6bc6658bfeat: update containerd to 1.5.1c6567faechore: dependabot updates61ccbb3fchore: keep debug symbols in debug builds1ce362e0docs: update customizing kernel build stepsa26174b5fix: properly compose pattern and header in etcd members output0825cf11fix: stop networkd and pods before leaving etcd on upgradebed6b15dfix: properly populate AllowSchedulingOnMasters option in gen config RPC071f0445feat: implement AddressSpec handling76e38b7bfeat: update Kubernetes to 1.21.19b1338d9chore: parse "boolean" variablesc81cfb21chore: allow building with debug handlersc9651673feat: update go-smbios library95c656fbfeat: update containerd to 1.5.0, runc to 1.0.0-rc94db9c35b5feat: implement AddressStatusController1cf011a8chore: bump dependencies via dependabote3f407a1fix: properly pass disk type selector from config to matcher66b2b450feat: add resources and use HTTPS checks in control plane pods4ffd7c0afix: stop networkd before leaving etcd on 'reset' path610d38d3docs: add AMIs for 0.10.1, collapse list of AMIs by default807497ecchore: make conformance pipeline depend on cron-default3c121359feat: implement LinkStatusController0e8de046fix: update go-blockdevice to fix disk type detection4d50a4edfix: update the way NTP sync usesadjtimexsyscall1a85c14afix: avoid data race on CRI pod stop5de8dbc0fix: repair pine64 support38239097fix: properly parse matcher expressionse54b6b7achore: update dependencies via dependabotf2caed0dchore: use extracted talos-systems/go-kmsg library79d804c5docs: fix typosa2bb390efeat: deterministic buildse480fedffeat: add USB serial drivers79299d76docs: add Matrix room links1b3e8b09docs: add survey to README8d51c9bbdocs: update redirects to Talos 0.101092c3a5feat: add Pine64 SBC support63e01754feat: pull kernel with VMware balloon module enabledaeec99d8chore: remove temporary fork0f49722dfeat: add--config-patchflag by node typea01b1d22chore: dump dependencies via dependabotd540a4a4fix: bump crypto library for the CSR verification fixc3a4173echore: remove security API ReadFile/WriteFile38037131chore: update wgctrl dependecyd9ba0fd0docs: create v0.11 docs, promote v0.10 docs, add v0.10 AMIs2261d7edfix: use both self-signed and Kubernetes CA to verify Kubelet certa3537a69docs: update cloud images for Talos v0.9.35b9ee861docs: add what's new for Talos 0.10f1107fa3docs: add survey93623d47docs: update AWS instructionsa739d1b8feat: add support of custom registry CA certificate usage7f468d35fix: update osType in OVA other3xLinux64Guest"4a184b67docs: add etcd backup and restore guide5fb38d3echore: refactor Dockerfile for cross-compilationa8f1e526chore: build talosctl for Darwin / Apple Siliconeb0b64d3chore: list specifically for enabled regions669a0cbdfix: check if OVF env is emptyda92049cchore: use codecov from the build container9996d4b0chore: use REGISTRY_MIRROR_FLAGS if defined05cbe250chore: bump dependencies via dependabot9a91142afeat: print complete member info in etcd membersbb40d6ddfeat: update pkgs versione7a9164btest: implementtalosctl conformancecommand to run e2e tests6cb266e7fix: update etcd client errors, print etcd join failures0bd8b0e8feat: provide an option to recover etcd from data directory copyf9818540chore: fix conform with scopes21018f28chore: bump website node.js dependencies
Changes since v0.11.0-alpha.0
60 commits
f8e1cf09release(v0.11.0-alpha.1): prepare release70ac771efix: use localhost API server endpoint for internal communicationa941eb7dfeat: improve security of Kubernetes control plane components3aae94e5feat: provide Kubernetes nodename as a COSI resource06209bbachore: update RBAC rules, remove old APIs9f24b519chore: remove bootkube check from cluster health check4ac9bea2fix: stop etcd client logs from going to the server consolef63ab9ddfeat: implementtalosctl config newcommandfa15a668fix: don't enable RBAC feature in the config for Talos < 0.112dc27d99fix: do not format state partition in the initialize sequenceb609f33cfix: update networking stack after Equnix Metal testing243a3b53fix: separate healthy and unknown flags in the service resource1a1378befix: update retry package with a fix for errors.Iscb83edd7fix: wait for the network to be ready in mainteancne mode96f89071feat: update controller-runtime logs to console level on config.debug973069b6feat: support NFS 4.1654dcad4chore: bump dependencies via dependabotd7394457fix: don't treat ethtool errors as fatalf2ae9cd0feat: replace networkd with new network implementationcaec3063fix: do not complain about empty roles11918a11docs: update community meeting timeaeddb9c0feat: implement platform config controller (hostnames)1ece334dfeat: implement controller which runs network operators744ea8a5fix: do not add bootstrap contents option if tail events is not 05029edfbfix: overwrite nodes in the gRPC metadata6a35c8f1feat: implement virtual IP (shared IP) network operator0f3b8380chore: expose WatchRequest in the resources client11e258b1feat: implement operator configuration controllerce3815e7feat: implement DHCP6 operatorf010d99afeat: implement operator framework with DHCP4 as the first examplef93c9c8ffeat: bring unconfigured links with link carrier up by default02bd657bfeat: implement network.Status resource and controllerda329f00feat: enable RBAC by default0f168a88feat: add configuration for enabling RBACe74f789bfeat: implement EtcFileController to render files in/etc5aede1a8fix: prefer extraConfig over OVF env, skip empty config5ad314fefeat: implement basic RBAC interceptorsc031be81chore: use Go 1.16.58b0763f6chore: bump dependencies via dependabot8b8de11dfeat: implement new controllers for hostname, resolvers and time servers24859b14docs: update Rpi4 firmware guide62c702c4fix: remove conflicting etcd member on rejoin with empty data directoryff62a599fix: drop into maintenance mode if config URL isnone(metal)14e696d0feat: update COSI runtime and add support for tail in the Talos gRPCa71053fcfeat: default to bootstrap workflow76aac4bbfeat: implement CPU and Memory stats controller8f90c6a8feat: parse Talos-specific cmdline paramsed10e139feat: implement NodeAddress controller33db8857fix: use COSI runtime DestroyReady input type6e775363refactor: rename *.Status() to *.TypedSpec() in the resources97627061docs: set static IP on ISO install mode5811f4ddfeat: implement link (interface) controllers046b229bchore: skip building multi-arch installer for race-enabled build73fbb4b5fix: only fetch machine uuid if it's not setf112a540fix: clean up stale snapshots on container startc036b949chore: bump dependenciesa4d67a01feat: add the ability to disable CoreDNS76dbfb36feat: add ability to mark MBR partition bootablee0f5b1e2chore: split mgmt/gen.go into several filesfad1b4f1chore: fix go generate for the machinery
Changes from talos-systems/crypto
7 commits
Changes from talos-systems/extras
Changes from talos-systems/go-blockdevice
3 commits
Changes from talos-systems/go-debug
5 commits
Changes from talos-systems/go-kmsg
Changes from talos-systems/go-loadbalancer
3 commits
Changes from talos-systems/go-retry
3 commits
Changes from talos-systems/go-smbios
Changes from talos-systems/pkgs
18 commits
2d51360feat: support NFS 4.1e63e4e9feat: bump tools for Go 1.16.51f8af29feat: update Linux to 5.10.38a3a6650feat: update containerd to 1.5.2c70ea44feat: update runc to 1.0.0-rc95db60235feat: add support for netxen cardf934187feat: update containerd to 1.5.1e8ed5bcfeat: add geneve encapsulation support for openvswitch9f7903cfeat: update containerd to 1.5.0, runc to -rc94d7c0f70feat: add AES-NI support for amd64b0d9cd2fix: buildzbinutility for both amd64 and arm64bb39b97feat: add IPMI support in kernel1148f9afeat: add DS1307 RTC support for arm64350aa6ffeat: add USB serial supportde9c582feat: add Pine64 SBC supportb56f36bfeat: enable VMware baloon kernel modulef87c194feat: add iPXE build with embedded placeholder scripta8b9e71feat: add cpu scaling for rpi
Changes from talos-systems/tools
Dependency Changes
- github.com/aws/aws-sdk-go v1.27.0 new
- github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
- github.com/containerd/containerd v1.4.4 -> v1.5.2
- github.com/containerd/go-cni v1.0.1 -> v1.0.2
- github.com/containerd/typeurl v1.0.1 -> v1.0.2
- github.com/coreos/go-iptables v0.5.0 -> v0.6.0
- github.com/cosi-project/runtime 10d6103c19ab -> ca95c7538d17
- github.com/docker/docker v20.10.4 -> v20.10.7
- github.com/emicklei/dot v0.15.0 -> v0.16.0
- github.com/fatih/color v1.10.0 -> v1.12.0
- github.com/google/go-cmp v0.5.5 -> v0.5.6
- github.com/google/gofuzz v1.2.0 new
- github.com/googleapis/gnostic v0.5.5 new
- github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
- github.com/hashicorp/go-getter v1.5.2 -> v1.5.3
- github.com/imdario/mergo v0.3.12 new
- github.com/insomniacslk/dhcp cc9239ac6294 -> fb4eaaa00ad2
- github.com/jsimonetti/rtnetlink 1b79e63a70a0 -> b34cb89a106b
- github.com/magiconair/properties v1.8.5 new
- github.com/mattn/go-isatty v0.0.12 -> v0.0.13
- github.com/mdlayher/arp f72070a231fc new
- github.com/mdlayher/ethtool 2b88debcdd43 new
- github.com/mdlayher/netlink v1.4.0 -> v1.4.1
- github.com/mdlayher/raw 51b895745faf new
- github.com/mitchellh/mapstructure v1.4.1 new
- github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> e6143ca7d51d
- github.com/pelletier/go-toml v1.9.0 new
- github.com/rivo/tview 8a8f78a6dd01 -> 807e706f86d1
- github.com/rs/xid v1.2.1 -> v1.3.0
- github.com/sirupsen/logrus v1.8.1 new
- github.com/spf13/afero v1.6.0 new
- github.com/spf13/cast v1.3.1 new
- github.com/spf13/viper v1.7.1 new
- github.com/talos-systems/crypto 39584f1b6e54 -> 6bc5bb50c527
- github.com/talos-systems/extras v0.3.0 -> v0.3.0-1-g4fe2706
- github.com/talos-systems/go-blockdevice 1d830a25f64f -> 30c2bc3cb62a
- github.com/talos-systems/go-debug 3d0a6e1bf5e3 new
- github.com/talos-systems/go-kmsg v0.1.0 new
- github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
- github.com/talos-systems/go-retry b9dc1a990133 -> c78cc953d9e9
- github.com/talos-systems/go-smbios fb425d4727e6 -> d3a32bea731a
- github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-alpha.0-8-g2d51360
- github.com/talos-systems/talos/pkg/machinery
8ffb55943c-> 000000000000 - github.com/talos-systems/tools v0.5.0 -> v0.5.0-1-gc8c2a18
- github.com/vishvananda/netns 2eb08e3e575f new
- github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.51.0
- github.com/vmware/govmomi v0.24.0 -> v0.26.0
- go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0-rc.1
- go.etcd.io/etcd/client/pkg/v3 v3.5.0-rc.1 new
- go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0-rc.1
- go.etcd.io/etcd/etcdutl/v3 v3.5.0-rc.1 new
- go.uber.org/zap v1.17.0 new
- golang.org/x/net e18ecbb05110 -> abc453219eb5
- golang.org/x/oauth2 81ed05c6b58c new
- golang.org/x/sys 77cc2087c03b -> ebe580a85c40
- golang.org/x/term 6a3ed077a48d -> a79de5458b56
- golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> 92e472f520a5
- google.golang.org/appengine v1.6.7 new
- google.golang.org/grpc v1.37.0 -> v1.38.0
- gopkg.in/ini.v1 v1.62.0 new
- inet.af/netaddr 1d252cf8125e new
- k8s.io/api v0.21.0 -> v0.21.1
- k8s.io/apimachinery v0.21.0 -> v0.21.1
- k8s.io/apiserver v0.21.0 -> v0.21.1
- k8s.io/client-go v0.21.0 -> v0.21.1
- k8s.io/kubectl v0.21.0 -> v0.21.1
- k8s.io/kubelet v0.21.0 -> v0.21.1
- k8s.io/utils 2afb4311ab10 new
- sigs.k8s.io/structured-merge-diff/v4 v4.1.1 new
Previous release can be found at v0.10.0
Talos 0.11.0-alpha.0 (2021-05-26)
Welcome to the v0.11.0-alpha.0 release of Talos! This is a pre-release of Talos
Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.
Component Updates
- containerd was updated to 1.5.2
- Linux kernel was updated to 5.10.29
Multi-arch Installer
Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture.
This means that e.g. images for arm64 SBCs can be generated on amd64 host.
Contributors
- Andrey Smirnov
- Alexey Palazhchenko
- Artem Chernyshev
- Jorik Jonker
- Spencer Smith
- Serge Logvinov
- Andrew LeCody
- Andrew Rynhard
- Boran Car
- Brandon Nason
- Gabor Nyiri
- Joost Coelingh
- Kevin Hellemun
- Lance R. Vick
- Lennard Klein
- Seán C McCord
- Sébastien Bernard
- Sébastien Bernard
Changes
82 commits
c0962946chore: prepare for 0.11 release series72359765feat: enable GORACE=halt_on_panic=1 in machined binary0acb04adfeat: implement route network controllersf5bf88a4feat: create certificates with os:admin role1db301edfeat: switch controller-runtime to zap.Loggerf7cf64d4fix: add talos.config to the vApp Properties in VMware OVA209527ecdocs: add AMIs for Talos 0.10.359cfd312chore: bump dependencies via dependabot1edb20cffeat: extract config generationaf77c295docs: update wirguard guide4fe69121test: bettertalosctl lstests04ddda96feat: update containerd to 1.5.2, runc to 1.0.0-rc9549c7276bchore: fix markdown linting7270495adocs: add mayastor quickstartd3d9112fdocs: fix spelling/grammar in What's New for Talos 0.982804414test: provide a way to force different boot order in provision librarya1c0e99adocs: add guide for deploying metrics-server6bc6658bfeat: update containerd to 1.5.1c6567faechore: dependabot updates61ccbb3fchore: keep debug symbols in debug builds1ce362e0docs: update customizing kernel build stepsa26174b5fix: properly compose pattern and header in etcd members output0825cf11fix: stop networkd and pods before leaving etcd on upgradebed6b15dfix: properly populate AllowSchedulingOnMasters option in gen config RPC071f0445feat: implement AddressSpec handling76e38b7bfeat: update Kubernetes to 1.21.19b1338d9chore: parse "boolean" variablesc81cfb21chore: allow building with debug handlersc9651673feat: update go-smbios library95c656fbfeat: update containerd to 1.5.0, runc to 1.0.0-rc94db9c35b5feat: implement AddressStatusController1cf011a8chore: bump dependencies via dependabote3f407a1fix: properly pass disk type selector from config to matcher66b2b450feat: add resources and use HTTPS checks in control plane pods4ffd7c0afix: stop networkd before leaving etcd on 'reset' path610d38d3docs: add AMIs for 0.10.1, collapse list of AMIs by default807497ecchore: make conformance pipeline depend on cron-default3c121359feat: implement LinkStatusController0e8de046fix: update go-blockdevice to fix disk type detection4d50a4edfix: update the way NTP sync usesadjtimexsyscall1a85c14afix: avoid data race on CRI pod stop5de8dbc0fix: repair pine64 support38239097fix: properly parse matcher expressionse54b6b7achore: update dependencies via dependabotf2caed0dchore: use extracted talos-systems/go-kmsg library79d804c5docs: fix typosa2bb390efeat: deterministic buildse480fedffeat: add USB serial drivers79299d76docs: add Matrix room links1b3e8b09docs: add survey to README8d51c9bbdocs: update redirects to Talos 0.101092c3a5feat: add Pine64 SBC support63e01754feat: pull kernel with VMware balloon module enabledaeec99d8chore: remove temporary fork0f49722dfeat: add--config-patchflag by node typea01b1d22chore: dump dependencies via dependabotd540a4a4fix: bump crypto library for the CSR verification fixc3a4173echore: remove security API ReadFile/WriteFile38037131chore: update wgctrl dependecyd9ba0fd0docs: create v0.11 docs, promote v0.10 docs, add v0.10 AMIs2261d7edfix: use both self-signed and Kubernetes CA to verify Kubelet certa3537a69docs: update cloud images for Talos v0.9.35b9ee861docs: add what's new for Talos 0.10f1107fa3docs: add survey93623d47docs: update AWS instructionsa739d1b8feat: add support of custom registry CA certificate usage7f468d35fix: update osType in OVA other3xLinux64Guest"4a184b67docs: add etcd backup and restore guide5fb38d3echore: refactor Dockerfile for cross-compilationa8f1e526chore: build talosctl for Darwin / Apple Siliconeb0b64d3chore: list specifically for enabled regions669a0cbdfix: check if OVF env is emptyda92049cchore: use codecov from the build container9996d4b0chore: use REGISTRY_MIRROR_FLAGS if defined05cbe250chore: bump dependencies via dependabot9a91142afeat: print complete member info in etcd membersbb40d6ddfeat: update pkgs versione7a9164btest: implementtalosctl conformancecommand to run e2e tests6cb266e7fix: update etcd client errors, print etcd join failures0bd8b0e8feat: provide an option to recover etcd from data directory copyf9818540chore: fix conform with scopes21018f28chore: bump website node.js dependencies
Changes from talos-systems/crypto
Changes from talos-systems/go-blockdevice
2 commits
Changes from talos-systems/go-debug
5 commits
Changes from talos-systems/go-kmsg
Changes from talos-systems/go-loadbalancer
3 commits
Changes from talos-systems/go-smbios
Changes from talos-systems/pkgs
15 commits
a3a6650feat: update containerd to 1.5.2c70ea44feat: update runc to 1.0.0-rc95db60235feat: add support for netxen cardf934187feat: update containerd to 1.5.1e8ed5bcfeat: add geneve encapsulation support for openvswitch9f7903cfeat: update containerd to 1.5.0, runc to -rc94d7c0f70feat: add AES-NI support for amd64b0d9cd2fix: buildzbinutility for both amd64 and arm64bb39b97feat: add IPMI support in kernel1148f9afeat: add DS1307 RTC support for arm64350aa6ffeat: add USB serial supportde9c582feat: add Pine64 SBC supportb56f36bfeat: enable VMware baloon kernel modulef87c194feat: add iPXE build with embedded placeholder scripta8b9e71feat: add cpu scaling for rpi
Dependency Changes
- github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
- github.com/containerd/containerd v1.4.4 -> v1.5.2
- github.com/containerd/go-cni v1.0.1 -> v1.0.2
- github.com/containerd/typeurl v1.0.1 -> v1.0.2
- github.com/coreos/go-iptables v0.5.0 -> v0.6.0
- github.com/cosi-project/runtime 10d6103c19ab -> 8a4533ce68e2
- github.com/docker/docker v20.10.4 -> v20.10.6
- github.com/emicklei/dot v0.15.0 -> v0.16.0
- github.com/fatih/color v1.10.0 -> v1.11.0
- github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
- github.com/hashicorp/go-getter v1.5.2 -> v1.5.3
- github.com/mdlayher/ethtool 2b88debcdd43 new
- github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> e6143ca7d51d
- github.com/plunder-app/kube-vip v0.3.2 -> v0.3.4
- github.com/rs/xid v1.2.1 -> v1.3.0
- github.com/talos-systems/crypto 39584f1b6e54 -> 4f80b976b640
- github.com/talos-systems/go-blockdevice 1d830a25f64f -> 1292574643e0
- github.com/talos-systems/go-debug 3d0a6e1bf5e3 new
- github.com/talos-systems/go-kmsg v0.1.0 new
- github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
- github.com/talos-systems/go-smbios fb425d4727e6 -> d3a32bea731a
- github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-alpha.0-5-ga3a6650
- github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.50.0
- github.com/vmware/govmomi v0.24.0 -> v0.25.0
- go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0-beta.3
- go.etcd.io/etcd/client/pkg/v3 v3.5.0-beta.3 new
- go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0-beta.3
- go.etcd.io/etcd/etcdutl/v3 v3.5.0-beta.3 new
- go.uber.org/zap c23abee72d19 new
- golang.org/x/net e18ecbb05110 -> 0714010a04ed
- golang.org/x/sys 77cc2087c03b -> 0981d6026fa6
- golang.org/x/term 6a3ed077a48d -> a79de5458b56
- golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> f9ad6d392236
- google.golang.org/grpc v1.37.0 -> v1.38.0
- inet.af/netaddr 1d252cf8125e new
- k8s.io/api v0.21.0 -> v0.21.1
- k8s.io/apimachinery v0.21.0 -> v0.21.1
- k8s.io/apiserver v0.21.0 -> v0.21.1
- k8s.io/client-go v0.21.0 -> v0.21.1
- k8s.io/kubectl v0.21.0 -> v0.21.1
- k8s.io/kubelet v0.21.0 -> v0.21.1
Previous release can be found at v0.10.0
Talos 0.10.0-alpha.2 (2021-04-08)
Welcome to the v0.10.0-alpha.2 release of Talos! This is a pre-release of Talos
Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.
Disaster Recovery
- support for creating etcd snapshots (backups) with
talosctl etcd snapshotcommand. - etcd cluster can be recovered from a snapshot using
talosctl boostrap --recover-from=command.
Install Disk Selector
Install section of the machine config now has diskSelector field that allows querying install disk using the list of qualifiers:
...
install:
diskSelector:
size: >= 500GB
model: WDC*
...
talosctl disks -n <node> -i can be used to check allowed disk qualifiers when the node is running in the maintenance mode.
Optimizations
- Talos
systemservices now run without container images on initramfs from the single executable; this change reduces RAM usage, initramfs size and boot time..
SBCs
- u-boot version was updated to fix the boot and USB issues on Raspberry Pi 4 8GiB version.
- added support for Rock Pi 4.
Time Syncrhonization
timedservice was replaced with a time sync controller, no machine configuration changes.- Talos now prefers last successful time server (by IP address) on each sync attempt (improves sync accuracy).
Contributors
- Andrey Smirnov
- Alexey Palazhchenko
- Artem Chernyshev
- Spencer Smith
- Seán C McCord
- Andrew Rynhard
- Branden Cash
- Jorik Jonker
- Matt Zahorik
- bzub
Changes
104 commits
e0650218feat: support etcd recovery from snapshot on bootstrap247bd50edocs: describe steps to install and boot Talos from the SSD on rockpi4e6b4e524test: update CAPA to 0.6.428753f6dfix: trim endpoints/nodes from arguments in talosctl configaca63b88docs: fix "DigitalOcean" spelling33035901fix: revert mark PMBR EFI partition as bootablefbfd1eb2refactor: pull new version of os-runtime, update code8737ea71feat: allow external cloud provides configration3909e2d0chore: update Go to 1.16.3690eb20echore: update blockdevice library for PMBR bootable fixa8761b8efix: require leader on etcd member operations3dc84625fix: make both HDMI ports work on RPi 4bd5ae1e0fix: add a check for overlay mounts in installer pre-flight checksdf8649cbrefactor: download modules beforego generate39ae0415chore: bump dependencies via dependabote16d6d34fix: publish rockpi4 image to release artifacts39c6dbccfeat: add --config-patch parameter to talosctl gen confige664362cfeat: add API and command to save etcd snapshot (backup)61b694b9fix: create rootfs for system services via /system tmpfsabc2e17etest: update 0.9.x version in upgrade tests to 0.9.1a1e64154fix: retry Kubernetes API errors on cordon/uncordon/etc063d1abefix: print task failure error immediatelye039172efix: ignore EOF errors from Kubernetes API when converting control plane7bcb91a4docs: fix typo for stage flaga43acb21feat: bring in Linux 5.10.27, support for 32-bit time syscallse2bb5973release(v0.10.0-alpha.1): prepare release8309312achore: build components with race detector enabled in dev mode7d912584test: fix data race in apply config tests204caf8etest: fix apply-config integration test, bump clusterctl versiond812099dfix: address several issues in TUI installer269c9ad0fix: don't write to config object on accessa9451f57feat: update Kubernetes to 1.21.0-beta.14b42ced4feat: add ability to disable comments in talosctl gen configa0dcfc3dfix: workaround race in containerd runner with stdin pipe2ea20f59feat: replace timed with time sync controllerc38a161atest: add unit-test for machine config validationa6106815chore: bump dependencies via dependabot35598f39chore: refactor: extract ClusterConfig03285184fix: get rid of data race in encoder and fix concurrent map access4b3580aafix: prevent panic in validate config ifmachine.installis missingd7e9f6d6chore: build integration tests with -race9f7d67acchore: fix typo672c9707fix: allowconvert-k8s --remove-initialized-keyswith K8s cp is downfb605a0fchore: tweak nolintlint settings1f5a0c40fix: resolve the issue with Kubernetes upgrade74b2b557docs: update AWS docs to ensure instances are taggeddc21d9b4chore: remove old file966caf7achore: remove unused module replace directives98b22f1efeat: show short options in talosctl kubeconfig51139d54chore: cache go modules in the build65701aa7fix: resolve the issue with DHCP lease not being renewed711f5b23fix: config validation: CNI should apply to cp nodes, encryption config5ff491d9fix: allow empty list for CNI URLs946e74f0docs: update path for kernel downloads in qemu docsed272e60feat: update Kubernetes to 1.21.0-beta.0b0209fd2refactor: move networkd, timed APIs to machined, remove routerd6ffabe51feat: add ability to find disk by disk propertiesac876470refactor: move apid, routerd, timed and trustd to single executable89a4b09frefactor: run networkd as a goroutine in machinedf4a6a19cchore: update sonobuoydc294db1chore: bump dependencies via dependabot2b1641a3docs: add AMIs for Talos 0.9.079ceb428docs: make v0.9 the default docsa5b62f4ddocs: add documentation for Talos 0.10ce795f1cfix: commandetcd remove-membershouldn't remove etcd data directoryaab49a16fix: repair zsh completionfc9c416afix: build rockpi4 metal image as part of CI build125b86f4fix: upgrade-k8s bug with empty config values and provision script8b2d228dchore: add script for starting registry proxiesf7d276b8chore: remove oldosctlreference5b14d6f2chore: fixmake helpoutputf0512dfcfeat: update Kubernetes to 1.20.524cd0a20feat: publish talosctl container image6e17102cchore: remove unused code88104407docs: add control plane in-depth guideecf03449chore: bump Go to 1.16.2cbc38418release(v0.10.0-alpha.0): prepare release3455a8e8chore: use new release tool for changelogs and release notes08271ba9chore: use Go 1.16 language version7662d033fix: talosctl health should not check kube-proxy when it is disabled0dbaeb9echore: update tools, use new generatorse31790f6fix: properly format spec comments in the resources78d384ebtest: update aws cloud provider version3c5bfbb4fix: don't touch any partitions on upgrade with --preserve891f90fechore: update Linux to 5.10.23d4d77882chore: update dependencies via dependabot2e22f20bdocs: minor fixes to getting startedca8a5596chore: fix provision tests after changes to build-container4aae924crefactor: provide explicit logger for networkd22f37530chore: update golanci-lint to 1.38.083b4e7f7feat: add Rock pi 4 support1362966fdocs: rewrite getting-started for ISO8e57fc4ffix: move containerd CRI config files under/var/6f7df3dafix: update output ofconvert-k8scommanddce6118cdocs: add guide for VIPee5d9ffachore: bump Go to 1.16.17c529e1cdocs: fix links in the documentationf596c7f6docs: add video for raspberry pi install47324dcadocs: add guide on editing machine configuration99d5f894chore: update website npm dependencies11056a80docs: add highlights for 0.9 releaseae8bedb9docs: add control plane conversion guide and 0.9 upgrade notesed9673e5docs: add troubleshooting control plane documentation485cb126docs: update Kubernetes upgrade guide
Changes since v0.10.0-alpha.1
25 commits
e0650218feat: support etcd recovery from snapshot on bootstrap247bd50edocs: describe steps to install and boot Talos from the SSD on rockpi4e6b4e524test: update CAPA to 0.6.428753f6dfix: trim endpoints/nodes from arguments in talosctl configaca63b88docs: fix "DigitalOcean" spelling33035901fix: revert mark PMBR EFI partition as bootablefbfd1eb2refactor: pull new version of os-runtime, update code8737ea71feat: allow external cloud provides configration3909e2d0chore: update Go to 1.16.3690eb20echore: update blockdevice library for PMBR bootable fixa8761b8efix: require leader on etcd member operations3dc84625fix: make both HDMI ports work on RPi 4bd5ae1e0fix: add a check for overlay mounts in installer pre-flight checksdf8649cbrefactor: download modules beforego generate39ae0415chore: bump dependencies via dependabote16d6d34fix: publish rockpi4 image to release artifacts39c6dbccfeat: add --config-patch parameter to talosctl gen confige664362cfeat: add API and command to save etcd snapshot (backup)61b694b9fix: create rootfs for system services via /system tmpfsabc2e17etest: update 0.9.x version in upgrade tests to 0.9.1a1e64154fix: retry Kubernetes API errors on cordon/uncordon/etc063d1abefix: print task failure error immediatelye039172efix: ignore EOF errors from Kubernetes API when converting control plane7bcb91a4docs: fix typo for stage flaga43acb21feat: bring in Linux 5.10.27, support for 32-bit time syscalls
Changes from talos-systems/extras
3 commits
Changes from talos-systems/go-blockdevice
3 commits
Changes from talos-systems/os-runtime
5 commits
Changes from talos-systems/pkgs
8 commits
9a6cf6bfeat: build with Go 1.16.360ce626feat: update Linux to 5.10.27, enable 32-bit time syscallsfdf4866feat: bump tools for Go 1.16.235f9b6ffeat: update kernel to 5.10.23dbae83efix: do not use git-lfs for rockpi4 binaries1c6b9a3feat: bump tools for Go 1.16.1c18073ffeat: add u-boot for Rock Pi 46b85a2bfeat: upgrade u-boot to 2021.04-rc3
Changes from talos-systems/tools
5 commits
Dependency Changes
- github.com/coreos/go-semver v0.3.0 new
- github.com/golang/protobuf v1.4.3 -> v1.5.2
- github.com/google/go-cmp v0.5.4 -> v0.5.5
- github.com/hashicorp/go-multierror v1.1.0 -> v1.1.1
- github.com/talos-systems/extras v0.2.0-1-g0db3328 -> v0.3.0-alpha.0-2-gcf3934a
- github.com/talos-systems/go-blockdevice bb3ad73f6983 -> 1d830a25f64f
- github.com/talos-systems/os-runtime 7b3d14457439 -> 86d9e090bdc4
- github.com/talos-systems/pkgs v0.4.1-2-gd471b60 -> v0.5.0-alpha.0-5-g9a6cf6b
- github.com/talos-systems/tools v0.4.0-1-g3b25a7e -> v0.5.0-alpha.0-4-g1f26def
- go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0 new
- google.golang.org/grpc v1.36.0 -> v1.36.1
- google.golang.org/protobuf v1.25.0 -> v1.26.0
- k8s.io/api v0.20.5 -> v0.21.0-rc.0
- k8s.io/apimachinery v0.20.5 -> v0.21.0-rc.0
- k8s.io/apiserver v0.20.5 -> v0.21.0-rc.0
- k8s.io/client-go v0.20.5 -> v0.21.0-rc.0
- k8s.io/cri-api v0.20.5 -> v0.21.0-rc.0
- k8s.io/kubectl v0.20.5 -> v0.21.0-rc.0
- k8s.io/kubelet v0.20.5 -> v0.21.0-rc.0
Previous release can be found at v0.9.0
Talos 0.10.0-alpha.1 (2021-03-31)
Welcome to the v0.10.0-alpha.1 release of Talos! This is a pre-release of Talos
Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.
Install Disk Selector
Install section of the machine config now has diskSelector field that allows querying install disk using the list of qualifiers:
...
install:
diskSelector:
size: >= 500GB
model: WDC*
...
talosctl disks -n <node> -i can be used to check allowed disk qualifiers when the node is running in the maintenance mode.
Optimizations
- Talos
systemservices now run without container images on initramfs from the single executable; this change reduces RAM usage, initramfs size and boot time..
SBCs
- u-boot version was updated to fix the boot and USB issues on Raspberry Pi 4 8GiB version.
- added support for Rock Pi 4.
Contributors
- Andrey Smirnov
- Alexey Palazhchenko
- Artem Chernyshev
- Spencer Smith
- Seán C McCord
- Andrew Rynhard
- Jorik Jonker
- bzub
Changes
78 commits
8309312achore: build components with race detector enabled in dev mode7d912584test: fix data race in apply config tests204caf8etest: fix apply-config integration test, bump clusterctl versiond812099dfix: address several issues in TUI installer269c9ad0fix: don't write to config object on accessa9451f57feat: update Kubernetes to 1.21.0-beta.14b42ced4feat: add ability to disable comments in talosctl gen configa0dcfc3dfix: workaround race in containerd runner with stdin pipe2ea20f59feat: replace timed with time sync controllerc38a161atest: add unit-test for machine config validationa6106815chore: bump dependencies via dependabot35598f39chore: refactor: extract ClusterConfig03285184fix: get rid of data race in encoder and fix concurrent map access4b3580aafix: prevent panic in validate config ifmachine.installis missingd7e9f6d6chore: build integration tests with -race9f7d67acchore: fix typo672c9707fix: allowconvert-k8s --remove-initialized-keyswith K8s cp is downfb605a0fchore: tweak nolintlint settings1f5a0c40fix: resolve the issue with Kubernetes upgrade74b2b557docs: update AWS docs to ensure instances are taggeddc21d9b4chore: remove old file966caf7achore: remove unused module replace directives98b22f1efeat: show short options in talosctl kubeconfig51139d54chore: cache go modules in the build65701aa7fix: resolve the issue with DHCP lease not being renewed711f5b23fix: config validation: CNI should apply to cp nodes, encryption config5ff491d9fix: allow empty list for CNI URLs946e74f0docs: update path for kernel downloads in qemu docsed272e60feat: update Kubernetes to 1.21.0-beta.0b0209fd2refactor: move networkd, timed APIs to machined, remove routerd6ffabe51feat: add ability to find disk by disk propertiesac876470refactor: move apid, routerd, timed and trustd to single executable89a4b09frefactor: run networkd as a goroutine in machinedf4a6a19cchore: update sonobuoydc294db1chore: bump dependencies via dependabot2b1641a3docs: add AMIs for Talos 0.9.079ceb428docs: make v0.9 the default docsa5b62f4ddocs: add documentation for Talos 0.10ce795f1cfix: commandetcd remove-membershouldn't remove etcd data directoryaab49a16fix: repair zsh completionfc9c416afix: build rockpi4 metal image as part of CI build125b86f4fix: upgrade-k8s bug with empty config values and provision script8b2d228dchore: add script for starting registry proxiesf7d276b8chore: remove oldosctlreference5b14d6f2chore: fixmake helpoutputf0512dfcfeat: update Kubernetes to 1.20.524cd0a20feat: publish talosctl container image6e17102cchore: remove unused code88104407docs: add control plane in-depth guideecf03449chore: bump Go to 1.16.2cbc38418release(v0.10.0-alpha.0): prepare release3455a8e8chore: use new release tool for changelogs and release notes08271ba9chore: use Go 1.16 language version7662d033fix: talosctl health should not check kube-proxy when it is disabled0dbaeb9echore: update tools, use new generatorse31790f6fix: properly format spec comments in the resources78d384ebtest: update aws cloud provider version3c5bfbb4fix: don't touch any partitions on upgrade with --preserve891f90fechore: update Linux to 5.10.23d4d77882chore: update dependencies via dependabot2e22f20bdocs: minor fixes to getting startedca8a5596chore: fix provision tests after changes to build-container4aae924crefactor: provide explicit logger for networkd22f37530chore: update golanci-lint to 1.38.083b4e7f7feat: add Rock pi 4 support1362966fdocs: rewrite getting-started for ISO8e57fc4ffix: move containerd CRI config files under/var/6f7df3dafix: update output ofconvert-k8scommanddce6118cdocs: add guide for VIPee5d9ffachore: bump Go to 1.16.17c529e1cdocs: fix links in the documentationf596c7f6docs: add video for raspberry pi install47324dcadocs: add guide on editing machine configuration99d5f894chore: update website npm dependencies11056a80docs: add highlights for 0.9 releaseae8bedb9docs: add control plane conversion guide and 0.9 upgrade notesed9673e5docs: add troubleshooting control plane documentation485cb126docs: update Kubernetes upgrade guide
Changes since v0.10.0-alpha.0
50 commits
8309312achore: build components with race detector enabled in dev mode7d912584test: fix data race in apply config tests204caf8etest: fix apply-config integration test, bump clusterctl versiond812099dfix: address several issues in TUI installer269c9ad0fix: don't write to config object on accessa9451f57feat: update Kubernetes to 1.21.0-beta.14b42ced4feat: add ability to disable comments in talosctl gen configa0dcfc3dfix: workaround race in containerd runner with stdin pipe2ea20f59feat: replace timed with time sync controllerc38a161atest: add unit-test for machine config validationa6106815chore: bump dependencies via dependabot35598f39chore: refactor: extract ClusterConfig03285184fix: get rid of data race in encoder and fix concurrent map access4b3580aafix: prevent panic in validate config ifmachine.installis missingd7e9f6d6chore: build integration tests with -race9f7d67acchore: fix typo672c9707fix: allowconvert-k8s --remove-initialized-keyswith K8s cp is downfb605a0fchore: tweak nolintlint settings1f5a0c40fix: resolve the issue with Kubernetes upgrade74b2b557docs: update AWS docs to ensure instances are taggeddc21d9b4chore: remove old file966caf7achore: remove unused module replace directives98b22f1efeat: show short options in talosctl kubeconfig51139d54chore: cache go modules in the build65701aa7fix: resolve the issue with DHCP lease not being renewed711f5b23fix: config validation: CNI should apply to cp nodes, encryption config5ff491d9fix: allow empty list for CNI URLs946e74f0docs: update path for kernel downloads in qemu docsed272e60feat: update Kubernetes to 1.21.0-beta.0b0209fd2refactor: move networkd, timed APIs to machined, remove routerd6ffabe51feat: add ability to find disk by disk propertiesac876470refactor: move apid, routerd, timed and trustd to single executable89a4b09frefactor: run networkd as a goroutine in machinedf4a6a19cchore: update sonobuoydc294db1chore: bump dependencies via dependabot2b1641a3docs: add AMIs for Talos 0.9.079ceb428docs: make v0.9 the default docsa5b62f4ddocs: add documentation for Talos 0.10ce795f1cfix: commandetcd remove-membershouldn't remove etcd data directoryaab49a16fix: repair zsh completionfc9c416afix: build rockpi4 metal image as part of CI build125b86f4fix: upgrade-k8s bug with empty config values and provision script8b2d228dchore: add script for starting registry proxiesf7d276b8chore: remove oldosctlreference5b14d6f2chore: fixmake helpoutputf0512dfcfeat: update Kubernetes to 1.20.524cd0a20feat: publish talosctl container image6e17102cchore: remove unused code88104407docs: add control plane in-depth guideecf03449chore: bump Go to 1.16.2
Changes from talos-systems/extras
Changes from talos-systems/go-blockdevice
Changes from talos-systems/pkgs
6 commits
Changes from talos-systems/tools
4 commits
Dependency Changes
- github.com/coreos/go-semver v0.3.0 new
- github.com/golang/protobuf v1.4.3 -> v1.5.1
- github.com/google/go-cmp v0.5.4 -> v0.5.5
- github.com/hashicorp/go-multierror v1.1.0 -> v1.1.1
- github.com/talos-systems/extras v0.2.0-1-g0db3328 -> v0.3.0-alpha.0-1-gc0fa0c0
- github.com/talos-systems/go-blockdevice bb3ad73f6983 -> 776b37d31de0
- github.com/talos-systems/pkgs v0.4.1-2-gd471b60 -> v0.5.0-alpha.0-3-gfdf4866
- github.com/talos-systems/tools v0.4.0-1-g3b25a7e -> v0.5.0-alpha.0-3-g41b8073
- google.golang.org/grpc v1.36.0 -> v1.36.1
- google.golang.org/protobuf v1.25.0 -> v1.26.0
- k8s.io/api v0.20.5 -> v0.21.0-rc.0
- k8s.io/apimachinery v0.20.5 -> v0.21.0-rc.0
- k8s.io/apiserver v0.20.5 -> v0.21.0-rc.0
- k8s.io/client-go v0.20.5 -> v0.21.0-rc.0
- k8s.io/cri-api v0.20.5 -> v0.21.0-rc.0
- k8s.io/kubectl v0.20.5 -> v0.21.0-rc.0
- k8s.io/kubelet v0.20.5 -> v0.21.0-rc.0
Previous release can be found at v0.9.0
Talos 0.10.0-alpha.0 (2021-03-17)
Welcome to the v0.10.0-alpha.0 release of Talos! This is a pre-release of Talos
Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.
SBCs
- u-boot version was updated to fix the boot and USB issues on Raspberry Pi 4 8GiB version.
- added support for Rock Pi 4.
Contributors
- Andrey Smirnov
- Alexey Palazhchenko
- Artem Chernyshev
- Seán C McCord
- Spencer Smith
- Andrew Rynhard
Changes
27 commits
3455a8e8chore: use new release tool for changelogs and release notes08271ba9chore: use Go 1.16 language version7662d033fix: talosctl health should not check kube-proxy when it is disabled0dbaeb9echore: update tools, use new generatorse31790f6fix: properly format spec comments in the resources78d384ebtest: update aws cloud provider version3c5bfbb4fix: don't touch any partitions on upgrade with --preserve891f90fechore: update Linux to 5.10.23d4d77882chore: update dependencies via dependabot2e22f20bdocs: minor fixes to getting startedca8a5596chore: fix provision tests after changes to build-container4aae924crefactor: provide explicit logger for networkd22f37530chore: update golanci-lint to 1.38.083b4e7f7feat: add Rock pi 4 support1362966fdocs: rewrite getting-started for ISO8e57fc4ffix: move containerd CRI config files under/var/6f7df3dafix: update output ofconvert-k8scommanddce6118cdocs: add guide for VIPee5d9ffachore: bump Go to 1.16.17c529e1cdocs: fix links in the documentationf596c7f6docs: add video for raspberry pi install47324dcadocs: add guide on editing machine configuration99d5f894chore: update website npm dependencies11056a80docs: add highlights for 0.9 releaseae8bedb9docs: add control plane conversion guide and 0.9 upgrade notesed9673e5docs: add troubleshooting control plane documentation485cb126docs: update Kubernetes upgrade guide
Changes since v0.10.0-alpha.0
0 commit
Changes from talos-systems/extras
Changes from talos-systems/os-runtime
Changes from talos-systems/pkgs
5 commits
Changes from talos-systems/tools
Dependency Changes
- github.com/hashicorp/go-multierror v1.1.0 -> v1.1.1
- github.com/talos-systems/extras v0.2.0 -> v0.3.0-alpha.0
- github.com/talos-systems/os-runtime 84c3c875eb2b -> 7b3d14457439
- github.com/talos-systems/pkgs v0.4.1 -> v0.5.0-alpha.0-2-g35f9b6f
- github.com/talos-systems/tools v0.4.0 -> v0.5.0-alpha.0-1-gbcf3380
Previous release can be found at v0.9.0-beta.0
v0.9.0-alpha.5 (2021-03-03)
Chore
- bump Go module dependencies
- properly propagate context object in the controller
Feat
- bypass lock if ACPI reboot/shutdown issued
- add
--on-rebootflag to talosctl edit/patch machineConfig - support JSON output in
talosctl get, event types - rename namespaces, resources, types etc
v0.9.0-alpha.4 (2021-03-02)
Chore
- update provision/upgrade tests to 0.9.0-alpha.3
Docs
- bump v0.8 release version in the SBCs guides
- add disk encryption guide
Feat
- update linux kernel to 5.10.19
Fix
- ignore 'ENOENT' (no such file directory) on mount
- move etcd to
cricontainerd runner
v0.9.0-alpha.3 (2021-03-01)
Chore
- bump dependencies via dependabot
- build both Darwin and Linux versions of talosctl
- bump dependencies via dependabot
- switch CI to stop embedding local registry into the builds
Docs
- update AMI images for 0.8.4
Feat
- implement etcd remove-member cli command
- update etcd to 3.4.15
- talosctl: allow v-prefixed k8s versions
- implement simple layer 2 shared IP for CP
- implement talosctl edit and patch config commands
- bump etcd client library to 3.5.0-alpha.0
Fix
- update in-cluster kubeconfig validity to match other certs
- add ApplyDynamicConfig call in the apply-config --immediate mode
- set hdmi_safe=1 on Raspberry Pi for maximum HDMI compatibility
- show stopped/exited containers via CRI inspector
- make ApplyDynamicConfig idempotent
- improve the drain function
- correctly set service state in the resource
- update the layout of the Disks API to match proxying requirements
- stop and clean up installer container correctly
- sanitize volume name better in static pod extra volumes
Refactor
- add context to the networkd
- split WithNetworkConfig into sub-options
Test
- add integration test with Canal CNI and reset API
- upgrade master to master tests
v0.9.0-alpha.2 (2021-02-20)
Chore
- add default cron pipeline to the list of pipelines
- run default pipeline as part of the
cronpipeline
Docs
- add link to GitHub Discussions as a support forum
Feat
- u-boot 2021.01, ca-certificates update, Linux file ACLs
- support control plane upgrades with Talos managed control plane
- add support for extra volume mounts for control plane pods
- add a warning to boot log if running self-hosted control plane
- add an option to disable kube-proxy manifest
- update Kubernetes to 1.20.4
- add state encryption support
Fix
- redirect warnings in manifest apply k8s client
- handle case when kubelet serving certificates are issued
- correctly escape extra args in kube-proxy manifest
- skip empty manifest YAML sub-documents
Refactor
- split kubernetes/etcd resource generation into subresources
Test
- enable disk encryption key rotation test
- update integration tests to use wrapped client for etcd APIs
v0.9.0-alpha.1 (2021-02-09)
Chore
- update artifacts bucket name in Drone
- rework Drone pipelines
- update dependencies via dependabot
- ci: fix schedules in Drone pipelines
- ci: update gcp templates
Docs
- update AMI list for 0.8.2
- fix typos
Feat
- add a tool and package to convert self-hosted CP to static pods
- implement ephemeral partition encryption
- add resource watch API + CLI
- rename apply-config --no-reboot to --on-reboot
- skip filesystem for state and ephemeral partitions in the installer
- stop all pods before unmounting ephemeral partition
- bump Go to 1.15.8
- support version contract for Talos config generation
- update Linux to 5.10.14
- add an option to force upgrade without checks
- upgrade CoreDNS to 1.8.0
- implement IPv6 DHCP client in networkd
Fix
- correctly unwrap responses for etcd commands
- drop cri dependency on etcd
- move versions to annotations in control plane static pods
- find master node IPs correctly in health checks
- add 3 seconds grub boot timeout
- don't use filename from URL when downloading manifest
- pass attributes when adding routes
- correct response structure for GenerateConfig API
- correctly extract wrapped error messages
- prevent crash in machined on apid service stop
- wait for time sync before generating Kubernetes certificates
- set proper hostname on docker nodes
- mount kubelet secrets from system instead of ephemeral
- allow loading of empty config files
- prefer configured nameservers, fix DHCP6 in container
- refresh control plane endpoints on worker apids on schedule
- update DHCP client to use Request-Ack sequence after an Offer
Refactor
- extract go-cmd into a separate library
Test
- trigger e2e on thrice daily
- update aws templates
- add support for IPv6 in talosctl cluster create
v0.9.0-alpha.0 (2021-02-01)
Chore
- bump dependencies (via dependabot)
- fix import path for fsnotify
- add dependabot config
- enable virtio-balloon and monitor in QEMU provisioner
- update protobuf, grpc-go, prototool
- update upgrade test version used
Docs
- update components.md
- add v0.9 docs
- add modes to validate command
- document omitting DiskPartition size
- update references to 0.8.0, add 0.8.0 AWS AMIs
- fix latest docs
- set latest docs to v0.8
- provide AMIs for 0.8.0-beta.0
- fix SBC docs to point to beta.0 instead of beta.1
- update Talos release for SBCs
Feat
- move to ECDSA keys for all Kubernetes/etcd certs and keys
- update kernel
- mount hugetlbfs
- allow fqdn to be used when registering k8s node
- copy cryptsetup executable from pkgs
- use multi-arch images for k8s and Flannel CNI
- replace bootkube with Talos-managed control plane
- implement resource API in Talos
- update Linux to 5.10.7, musl-libc to 1.2.2
- update Kubernetes to 1.20.2
- support Wireguard networking
- bump pkgs for kernel with CONFIG_IPV6_MULTIPLE_TABLES
- support type filter in list API and CLI
- add commands to manage/query etcd cluster
- support disk image in talosctl cluster create
- update Kubernetes to 1.20.1
Fix
- use hugetlbfs instead of none
- use grpc load-balancing when connecting to trustd
- lower memory usage a bit by disabling memory profiling
- don't probe disks in container mode
- prefix rendered Talos-owned static pod manifests
- bump timeout for worker apid waiting for kubelet client config
- kill all processes and umount all disk on reboot/shutdown
- open blockdevices with exclusive flock for partitioning
- list command unlimited recursion default behavior
- pick first interface valid hostname (vs. last one)
- allow 'console' argument in kernel args to be always overridden
- bring up bonded interfaces correctly on packet
- checkpoint controller-manager and scheduler
- correctly transport gRPC errors from apid
- use SetAll instead of AppendAll when building kernel args
- add more dependencies for bootstrap services
- pass disk image flags to e2e-qemu cluster create command
- ignore pods spun up from checkpoints in health checks
- leave etcd for staged upgrades
- ignore errors on stopping/removing pod sandboxes
- use the correct console on Banana Pi M64
- don't run LabelNodeAsMaster in two sequences
Refactor
- update go-blockdevice and restructure disk interaction code
- define default kernel flags in machinery instead of procfs
Test
- clear connection refused errors after reset
- skip etcd tests on non-HA clusters
v0.8.0-alpha.3 (2020-12-10)
Chore
- update CONTRIBUTING.md
- limit unit-test run concurrency
- bump Go to 1.15.6
- bump dockerfile frontend version
- fix conform for releases
Docs
- update Equinix Metal guide
- add architectural doc on the root file system layout
- add a note on caveats in container mode
- add storage doc
- add guide for custom CAs
- add docs for network connectivity
- improve SBC documentation
Feat
- update kernel to 5.9.13, new KSPP requirements
- reset with system disk wipe spec
- add talosctl merge config command
- add talosctl config contexts
- update Kubernetes to 1.20.0
- implement "staged" (failsafe/backup) upgrades
- allow disabling NoSchedule taint on masters using TUI installer
Fix
- remove kmsg ratelimiting on startup
- zero out partitions without filesystems on install
- make interactive installer work without endpoints provided
Test
- add ISO test
- add support for mounting ISO in talosctl cluster create
- bump Talos release version for upgrade test to 0.7.1
- bump defaults for provision tests resources
v0.8.0-alpha.2 (2020-12-04)
Chore
- publish Rock64 image
- enable thrice daily pipeline
- run integration test thrice daily
- output SBC images as compressed raw images
- build SBC images
- update module dependencies
- drop support for
docker load - fix metal image name
- use IMAGE_TAG instead of TAG for :latest pushes
Docs
- fix typos
- add openstack docs
- ensure port for vbox and proxmox docs
- add console kernel arg to rpi_4 image generation
- add console kernel arg to libretech_all_h3_cc_h5 image generation
Feat
- add support for the Pine64 Rock64
- add TUI for configuring network interfaces settings
- make GenerateConfiguration accept current time as a parameter
- introduce configpatcher package in machinery
- suggest fixed control plane endpoints in talosctl gen config
- update kubernetes to 1.20.0-rc.0
- allow boards to set kernel args
- add support for the Banana Pi M64
- stop including K8s version by default in
talosctl gen config - add support for the Raspberry Pi 4 Model B
- implement network interfaces list API
- bump package for kernel with CIFS support
- upgrade etcd to 3.4.14
- update Containerd and Linux
- add support for installing to SBCs
- add ability to choose CNI config
Fix
- make default generate image arch dynamic based on arch
- stabilize serial console on RPi4, add video console
- make reset work again
- node taint doesn't contain value anymore
- defer resolving config context in client code
- remove value (change to empty) for
NoScheduletaint - prevent endless loop with DHCP requests in networkd
- skip
boardargument to the installer if it's not set - use the dtb from kernel pkg for libretech_all_h3_cc_h5
- prevent crash in
talosctl configcommands - update generated .ova manifest for raw disk size
- security: update Containerd to v1.4.3
Release
- v0.8.0-alpha.2: prepare release
v0.8.0-alpha.1 (2020-11-26)
Chore
- add cloud image uploader (AWS AMIs for now)
- bump K8s to 1.19.4 in e2e scripts with CABPT version
- build arm64 images in CI
- remove maintenance service interface and use machine service
Docs
- provide list of AMIs on AWS documentation page
- add 0.8 docs for the upcoming release
- ensure we configure nodes in guides
- ensure gcp docs have firewall and node info
- add qemu diagram and video walkthrough
- graduate v0.7 docs
- improve configuration reference documentation
- fix small typo in talosctl processes cast
- update asciinemas with talosctl
- add proxmox doc
- add live walkthroughs where applicable
Feat
- support openstack platform
- update Kubernetes to v1.20.0-beta.2
- change UI component for disks selector
- support cluster expansion in the interactive installer
- implement apply configuration without reboot
- make GenerateConfiguration API reuse current node auth
- sync time before installer runs
- set interface MTU in DHCP mode even if DHCP is not successful
- print hint about using interative installer in mainenance mode
- add TUI based talos interactive installer
- support ipv6 routes
- return client config as the second value in GenerateConfiguration
- correctly merge talosconfig (don't ever overwrite)
- drop to maintenance mode in cloud platforms if userdata is missing
- read config from extra guestinfo key (vmware)
- update Go to 1.15.5
- add generate config gRPC API
- upgrade Kubernetes default version to 1.19.4
- add example command in maintenance, enforce cert fingerprint
- add storage API
Fix
- bump blockdevice library for
mmcblkpart name fix - ignore 'not found' errors when stopping/removing CRI pods
- return hostname from packet platform
- make fingerprint clearly optional in a boot hint
- ensure packet nics get all IPs
- use ghcr.io/talos-systems/kubelet
- bump timeout for config downloading on bare metal
Refactor
- drop osd compatibility layer
Release
- v0.8.0-alpha.1: prepare release
Test
- update integration test versions, clean up names