CHANGELOG.md

Talos 0.14.0-alpha.1 (2021-11-15)

Welcome to the v0.14.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Kexec and capabilities

When kexec support is disabled Talos no longer drops Linux capabilities (CAP_SYS_BOOT and CAP_SYS_MODULES) for child processes. That is helpful for advanced use-cases like Docker-in-Docker.

If you want to permanently disable kexec and capabilities dropping, pass kexec_load_disabled=1 argument to the kernel.

For example:

install:
  extraKernelArgs:
    - sysctl.kernel.kexec_load_disabled=1

Please note that capabilities are dropped before machine configuration is loaded, so disabling kexec via machine.sysctls will not be enough.

Cluster Discovery

Cluster Discovery is enabled by default for Talos 0.14. Cluster Discovery can be disabled with talosctl gen config --with-cluster-discovery=false.

Kubelet

Kubelet service can now be restarted with talosctl service kubelet restart.

Kubelet node IP configuration (.machine.kubelet.nodeIP.validSubnets) can now include negative subnet matches (prefixed with !).

Log Shipping

Talos can now ship system logs to the configured destination using either JSON-over-UDP or JSON-over-TCP: see .machine.logging machine configuration option.

talosctl support

talosctl CLI tool now has a new subcommand called support, that can gather all cluster information that could help with future debugging in a single run.

Output of the command is a zip archive with all talos service logs, kubernetes pod logs and manifests, talos resources manifests and so on. Generated archive does not contain any secret information so it is safe to send it for analysis to a third party.

Component Updates

• Linux: 5.15.1
• etcd: 3.5.1
• containerd: 1.5.7
• Kubernetes: 1.23.0-alpha.4
• CoreDNS: 1.8.6

Talos is built with Go 1.17.2

Kubernetes Upgrade Enhancements

talosctl upgrade-k8s now syncs all Talos manifest resources generated from templates.

So there is no need to update CoreDNS, Flannel container manually after running upgrade-k8s anymore.

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Serge Logvinov
• Noel Georgi
• Spencer Smith
• Nico Berlee
• Alex Zero
• Andrew Rynhard
• Branden Cash
• David Haines
• Gerard de Leeuw
• Michael Fornaro
• Rui Lopes

Changes

101 commits

• 753a8218 refactor: move pkg/resources to machinery
• 0102a64a refactor: remove pkg/resources dependencies on wgtypes, netx
• 7462733b chore: update golangci-lint
• 032c99a0 refactor: remove pkg/resources dependencies on k8s and base62
• 4a5cff45 perf: raspberry PIs clockspeed as fast as firmware allows
• a76f6d69 feat: allow kubelet to be restarted and provide negative nodeIP subnets
• 189221d5 chore: update dependencies
• 41f0aecc docs: update partition info
• 95105071 chore: fix simple issues found by golangci-lint
• d4b0ca21 test: retry upgrade mutex lock failures
• 4357e9a8 docs: add Talos partions info
• 8e8687d7 fix: use temporary sonobuoy version
• e4e8e873 test: disable e2e-misc test with Canal CNI
• 897da2f6 docs: common typos
• a50483dd feat: update Linux to 5.15.1
• a2233bfe fix: improve NTP sync process
• 7efc1238 fix: parse partition size correctly
• d6147eb1 chore: update sonobuoy
• efbae785 fix: use etc folder for du cli tests
• 198eea51 fix: wait for follow reader to start before writing to the file
• e7f715eb chore: log KubeSpan IPs overlaps
• 82a1ad16 chore: bump dependencies
• e8fccbf5 fix: clear time adjustment error when setting time to specific value
• e6f90bb4 chore: remove unused parameters
• 785161d1 feat: update k8s to 1.23.0-alpha.4
• fe228d7c fix: do not use yaml.v2 in the support cmd
• 9b48ca21 fix: endpoints and nodes in generated talosconfig
• 6e16fd2f chore: update tools, pkgs, and extras
• 261c497c feat: implement talosctl support command
• fc7dc454 chore: check our API idiosyncrasies
• b1584429 feat: use GCP deployment manager
• 3e7d4df9 chore: bump dependencies
• 88f24229 refactor: get rid of prometheus/procfs dependency in pkg/resources
• dd196d30 refactor: prepare for move of pkg/resources to machinery
• f6110f80 fix: remove listening socket to fix Talos in a container restart
• 53bbb13e docs: update docs with emmc boot guide
• 8329d211 chore: split polymorphic RootSecret resource into specific types
• c97becdd chore: remove interfaces and routes APIs
• d798635d feat: automatically limit kubelet node IP family based on service CIDRs
• 205a8d6d chore: make nethelpers build on all OSes
• 5b5dd49f feat: extract JSON fields from more log messages
• eb4f1182 docs: create cluster in hetzner cloud
• 728164e2 docs: fix kexec_load_disabled param name in release notes
• f6328f09 fix: fix filename typo
• 01b0f0ab release(v0.14.0-alpha.0): prepare release
• 8b620653 fix: skip generating empty .machine.logging
• 60ad0063 fix: don't drop ability to use ambient capabilities
• b6b78e7f test: add cluster discovery integration tests
• 97d64d16 fix: hcloud network config changes
• 4c76865d feat: multiple logging improvements
• 1d1e1df6 fix: handle skipped mounts correctly
• 0a964d92 test: fix openstack unit-test stability
• 72f62ac2 chore: bump Go and Docker dependencies
• 9c48ebe8 fix: gcp fetching externalIP
• 6c297268 test: fix e2e k8s version
• ae5af9d3 feat: update Kubernetes to 1.23.0-alpha.3
• 28d3a69e feat: openstack config-drive support
• 2258bc49 test: update GCP e2e script to work with new templates
• 36b6ace2 feat: update Linux to 5.10.75
• 38516a54 test: update Talos versions in upgrade tests
• cff20ec7 fix: change services OOM score
• 666a2b62 feat: azure platform ipv6 support
• d32814e3 feat: extract JSON fields from log lines
• e77d81ff fix: treat literal 'unknown' as a valid machine type
• c8e404e3 test: update vars for AWS cluster
• ad23891b feat: update CoreDNS version 1.8.6
• 41299cae feat: udev rules support
• 5237fdc9 feat: send JSON logs over UDP
• 6d44587a feat: coredns service dualstack
• 12f7888b feat: feed control plane endpoints on workers from cluster discovery
• 431e4fb4 chore: bump Go and Docker dependencies
• 89f3b9f8 feat: update etcd to 3.5.1
• e60469a3 feat: initial support for JSON logging
• 68c420e3 feat: enable cluster discovery by default
• 3e100aa9 test: workaround EventsWatch test flakiness
• 9bd4838a chore: stop using sonobuoy CLI
• 6ad45951 docs: fix field names for bonding configuration
• d7a3b7b5 chore: use discovery-client and discovery-api modules
• d6309eed docs: create docs for Talos 0.14
• c0fda643 fix: attempt to clean up tasks in containerd runner
• 8cf442da chore: bump tools, pkgs, extras
• 0dad5f4d chore: small cleanup
• e3e2113a feat: upgrade CoreDNS during upgrade-k8s call
• d92c98e1 docs: fix discovery service documentation link
• e44b11c5 feat: update containerd to 1.5.7, bump Go dependencies
• 24129307 docs: make Talos 0.13 docs latest, update documentation
• 31b6e39e fix: delete expired affiliates from the discovery service
• 877a2b6f test: bump CAPI components to v1alpha4
• 2ba0e0ac docs: add KubeSpan documentation
• 997873b6 fix: use ECDSA-SHA512 when generating certs for Talos < 0.13
• 7137166d fix: allow overriding audit-policy-file in kube-apiserver static pod
• 8fcd4219 chore: fix integration-qemu-race
• 91a858b5 fix: sort output of the argument builder
• 657f7a56 fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs
• 983d2459 feat: suppress logging NTP sync to the console
• 022c7335 fix: add interface route if DHCP4 router is not directly routeable
• 66a1579e fix: don't enable 'no new privs' on the system level
• 423861cf feat: don't drop capabilities if kexec is disabled
• facc8c38 docs: fix documentation for cluster discovery
• ce65ca4e chore: build using only amd64 builders
• e9b0f010 chore: update docker image in the pipeline

Changes since v0.14.0-alpha.0

44 commits

• 753a8218 refactor: move pkg/resources to machinery
• 0102a64a refactor: remove pkg/resources dependencies on wgtypes, netx
• 7462733b chore: update golangci-lint
• 032c99a0 refactor: remove pkg/resources dependencies on k8s and base62
• 4a5cff45 perf: raspberry PIs clockspeed as fast as firmware allows
• a76f6d69 feat: allow kubelet to be restarted and provide negative nodeIP subnets
• 189221d5 chore: update dependencies
• 41f0aecc docs: update partition info
• 95105071 chore: fix simple issues found by golangci-lint
• d4b0ca21 test: retry upgrade mutex lock failures
• 4357e9a8 docs: add Talos partions info
• 8e8687d7 fix: use temporary sonobuoy version
• e4e8e873 test: disable e2e-misc test with Canal CNI
• 897da2f6 docs: common typos
• a50483dd feat: update Linux to 5.15.1
• a2233bfe fix: improve NTP sync process
• 7efc1238 fix: parse partition size correctly
• d6147eb1 chore: update sonobuoy
• efbae785 fix: use etc folder for du cli tests
• 198eea51 fix: wait for follow reader to start before writing to the file
• e7f715eb chore: log KubeSpan IPs overlaps
• 82a1ad16 chore: bump dependencies
• e8fccbf5 fix: clear time adjustment error when setting time to specific value
• e6f90bb4 chore: remove unused parameters
• 785161d1 feat: update k8s to 1.23.0-alpha.4
• fe228d7c fix: do not use yaml.v2 in the support cmd
• 9b48ca21 fix: endpoints and nodes in generated talosconfig
• 6e16fd2f chore: update tools, pkgs, and extras
• 261c497c feat: implement talosctl support command
• fc7dc454 chore: check our API idiosyncrasies
• b1584429 feat: use GCP deployment manager
• 3e7d4df9 chore: bump dependencies
• 88f24229 refactor: get rid of prometheus/procfs dependency in pkg/resources
• dd196d30 refactor: prepare for move of pkg/resources to machinery
• f6110f80 fix: remove listening socket to fix Talos in a container restart
• 53bbb13e docs: update docs with emmc boot guide
• 8329d211 chore: split polymorphic RootSecret resource into specific types
• c97becdd chore: remove interfaces and routes APIs
• d798635d feat: automatically limit kubelet node IP family based on service CIDRs
• 205a8d6d chore: make nethelpers build on all OSes
• 5b5dd49f feat: extract JSON fields from more log messages
• eb4f1182 docs: create cluster in hetzner cloud
• 728164e2 docs: fix kexec_load_disabled param name in release notes
• f6328f09 fix: fix filename typo

Changes from talos-systems/discovery-api

2 commits

• db279ef feat: initial set of APIs and generated files
• ac52a37 chore: initial commit

Changes from talos-systems/discovery-client

2 commits

• a9a5e9b feat: initial client code
• 98eb999 chore: initial commit

Changes from talos-systems/extras

2 commits

• 2bb2efc chore: update pkgs and tools
• d6e8b3a chore: update pkgs and tools

Changes from talos-systems/net

1 commit

• 0abe5bd feat: implement FilterIPs function

Changes from talos-systems/pkgs

15 commits

• 740da24 feat: bump raspberrypi-firmware to 1.20211029
• 832dae4 fix: enable CONFIG_DM_SNAPSHOT
• f307e64 feat: update Linux to 5.15.1
• 4f0f238 chore: update tools
• 932c3cf feat: update libseccomp to 2.5.3
• 7f3311e feat: update cpu governor to schedutil
• b4cdb99 fix: update containerd shas
• 80a63d4 feat: update Linux to 5.10.75
• 5c98efd feat: add QLogic QED 25/40/100Gb Ethernet NIC driver
• bfb2365 feat: enable driver for SuperMicro raid controller
• 657e16b feat: enable Intel VMD driver
• f7d9d72 feat: enable smarpqi driver and related options
• bca3be0 feat: enable aqtion device driver
• b88127a chore: update tools
• 971735f feat: update containerd to 1.5.7

Changes from talos-systems/tools

6 commits

• 96e0231 feat: update squashfs-tools to 4.5
• 2c9c826 feat: update libseccomp to 2.5.3
• f713a7c feat: update protobuf to 3.19.1, grpc-go to 1.42.0
• 972c5ef feat: update Go to 1.17.3
• f63848c feat: update PCRE version and source host
• fab7532 feat: update Go to 1.17.2

Dependency Changes

• github.com/AlekSi/pointer v1.1.0 -> v1.2.0
• github.com/containerd/cgroups v1.0.1 -> v1.0.2
• github.com/containerd/containerd v1.5.5 -> v1.5.7
• github.com/docker/docker v20.10.8 -> v20.10.10
• github.com/evanphx/json-patch v4.11.0 -> v4.12.0
• github.com/gosuri/uiprogress v0.0.1 new
• github.com/hashicorp/go-getter v1.5.8 -> v1.5.9
• github.com/hetznercloud/hcloud-go v1.32.0 -> v1.33.1
• github.com/insomniacslk/dhcp b95caade3eac -> ad197bcd36fd
• github.com/jsimonetti/rtnetlink 435639c8e6a8 -> 93da33804786
• github.com/jxskiss/base62 4f11678b909b -> v1.0.0
• github.com/mdlayher/ethtool 2b88debcdd43 -> 288d040e9d60
• github.com/rivo/tview ee97a7ab3975 -> badfa0f0b301
• github.com/talos-systems/discovery-api v0.1.0 new
• github.com/talos-systems/discovery-client v0.1.0 new
• github.com/talos-systems/extras v0.6.0 -> v0.7.0-alpha.0-1-g2bb2efc
• github.com/talos-systems/net v0.3.0 -> 0abe5bdae8f8
• github.com/talos-systems/pkgs v0.8.0 -> v0.9.0-alpha.0-14-g740da24
• github.com/talos-systems/talos/pkg/machinery v0.13.0 -> 000000000000
• github.com/talos-systems/tools v0.8.0 -> v0.9.0-alpha.0-5-g96e0231
• github.com/vmware-tanzu/sonobuoy v0.53.2 -> v0.55.0
• github.com/vmware/govmomi v0.26.1 -> v0.27.1
• github.com/vmware/vmw-guestinfo 687661b8bd8e -> cc1fd90d572c
• go.etcd.io/etcd/api/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/client/pkg/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/client/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/etcdutl/v3 v3.5.0 -> v3.5.1
• golang.org/x/net 3ad01bbaa167 -> 69e39bad7dc2
• golang.org/x/sys 39ccf1dd6fa6 -> 0c823b97ae02
• golang.org/x/term 140adaaadfaf -> 03fcf44c2211
• golang.zx2c4.com/wireguard/wgctrl 0a2f4901cba6 -> 0073765f69ba
• google.golang.org/grpc v1.41.0 -> v1.42.0
• inet.af/netaddr 85fa6c94624e -> c74959edd3b6
• k8s.io/api v0.22.2 -> v0.23.0-alpha.4
• k8s.io/apimachinery v0.22.2 -> v0.23.0-alpha.4
• k8s.io/client-go v0.22.2 -> v0.23.0-alpha.4
• k8s.io/cri-api v0.22.2 -> v0.23.0-alpha.4
• k8s.io/kubectl v0.22.2 -> v0.23.0-alpha.4
• k8s.io/kubelet v0.22.2 -> v0.23.0-alpha.4
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 -> v1.2.60
• sigs.k8s.io/yaml v1.3.0 new

Previous release can be found at v0.13.0

Talos 0.14.0-alpha.0 (2021-10-25)

Welcome to the v0.14.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Kexec and capabilities

When kexec support is disabled Talos no longer drops Linux capabilities (CAP_SYS_BOOT and CAP_SYS_MODULES) for child processes. That is helpful for advanced use-cases like Docker-in-Docker.

If you want to permanently disable kexec and capabilities dropping, pass kexec_load_disabled=1 argument to the kernel.

For example:

install:
  extraKernelArgs:
    - kexec_load_disabled=1

Please note that capabilities are dropped before machine configuration is loaded, so disabling kexec via machine.sysctls will not be enough.

Cluster Discovery

Cluster Discovery is enabled by default for Talos 0.14. Cluster Discovery can be disabled with talosctl gen config --with-cluster-discovery=false.

Log Shipping

Talos can now ship system logs to the configured destination using either JSON-over-UDP or JSON-over-TCP: see .machine.logging machine configuration option.

Component Updates

• Linux: 5.10.75
• etcd: 3.5.1
• containerd: 1.5.7
• Kubernetes: 1.23.0-alpha.0
• CoreDNS: 1.8.6

Talos is built with Go 1.17.2

Kubernetes Upgrade Enhancements

talosctl upgrade-k8s now syncs all Talos manifest resources generated from templates.

So there is no need to update CoreDNS, Flannel container manually after running upgrade-k8s anymore.

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Serge Logvinov
• Artem Chernyshev
• Spencer Smith
• Andrew Rynhard
• Branden Cash
• Gerard de Leeuw

Changes

56 commits

• 8b620653 fix: skip generating empty .machine.logging
• 60ad0063 fix: don't drop ability to use ambient capabilities
• b6b78e7f test: add cluster discovery integration tests
• 97d64d16 fix: hcloud network config changes
• 4c76865d feat: multiple logging improvements
• 1d1e1df6 fix: handle skipped mounts correctly
• 0a964d92 test: fix openstack unit-test stability
• 72f62ac2 chore: bump Go and Docker dependencies
• 9c48ebe8 fix: gcp fetching externalIP
• 6c297268 test: fix e2e k8s version
• ae5af9d3 feat: update Kubernetes to 1.23.0-alpha.3
• 28d3a69e feat: openstack config-drive support
• 2258bc49 test: update GCP e2e script to work with new templates
• 36b6ace2 feat: update Linux to 5.10.75
• 38516a54 test: update Talos versions in upgrade tests
• cff20ec7 fix: change services OOM score
• 666a2b62 feat: azure platform ipv6 support
• d32814e3 feat: extract JSON fields from log lines
• e77d81ff fix: treat literal 'unknown' as a valid machine type
• c8e404e3 test: update vars for AWS cluster
• ad23891b feat: update CoreDNS version 1.8.6
• 41299cae feat: udev rules support
• 5237fdc9 feat: send JSON logs over UDP
• 6d44587a feat: coredns service dualstack
• 12f7888b feat: feed control plane endpoints on workers from cluster discovery
• 431e4fb4 chore: bump Go and Docker dependencies
• 89f3b9f8 feat: update etcd to 3.5.1
• e60469a3 feat: initial support for JSON logging
• 68c420e3 feat: enable cluster discovery by default
• 3e100aa9 test: workaround EventsWatch test flakiness
• 9bd4838a chore: stop using sonobuoy CLI
• 6ad45951 docs: fix field names for bonding configuration
• d7a3b7b5 chore: use discovery-client and discovery-api modules
• d6309eed docs: create docs for Talos 0.14
• c0fda643 fix: attempt to clean up tasks in containerd runner
• 8cf442da chore: bump tools, pkgs, extras
• 0dad5f4d chore: small cleanup
• e3e2113a feat: upgrade CoreDNS during upgrade-k8s call
• d92c98e1 docs: fix discovery service documentation link
• e44b11c5 feat: update containerd to 1.5.7, bump Go dependencies
• 24129307 docs: make Talos 0.13 docs latest, update documentation
• 31b6e39e fix: delete expired affiliates from the discovery service
• 877a2b6f test: bump CAPI components to v1alpha4
• 2ba0e0ac docs: add KubeSpan documentation
• 997873b6 fix: use ECDSA-SHA512 when generating certs for Talos < 0.13
• 7137166d fix: allow overriding audit-policy-file in kube-apiserver static pod
• 8fcd4219 chore: fix integration-qemu-race
• 91a858b5 fix: sort output of the argument builder
• 657f7a56 fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs
• 983d2459 feat: suppress logging NTP sync to the console
• 022c7335 fix: add interface route if DHCP4 router is not directly routeable
• 66a1579e fix: don't enable 'no new privs' on the system level
• 423861cf feat: don't drop capabilities if kexec is disabled
• facc8c38 docs: fix documentation for cluster discovery
• ce65ca4e chore: build using only amd64 builders
• e9b0f010 chore: update docker image in the pipeline

Changes from talos-systems/discovery-api

2 commits

• db279ef feat: initial set of APIs and generated files
• ac52a37 chore: initial commit

Changes from talos-systems/discovery-client

2 commits

• a9a5e9b feat: initial client code
• 98eb999 chore: initial commit

Changes from talos-systems/extras

1 commit

• d6e8b3a chore: update pkgs and tools

Changes from talos-systems/pkgs

8 commits

• 80a63d4 feat: update Linux to 5.10.75
• 5c98efd feat: add QLogic QED 25/40/100Gb Ethernet NIC driver
• bfb2365 feat: enable driver for SuperMicro raid controller
• 657e16b feat: enable Intel VMD driver
• f7d9d72 feat: enable smarpqi driver and related options
• bca3be0 feat: enable aqtion device driver
• b88127a chore: update tools
• 971735f feat: update containerd to 1.5.7

Changes from talos-systems/tools

1 commit

• fab7532 feat: update Go to 1.17.2

Dependency Changes

• github.com/AlekSi/pointer v1.1.0 -> v1.2.0
• github.com/containerd/cgroups v1.0.1 -> v1.0.2
• github.com/containerd/containerd v1.5.5 -> v1.5.7
• github.com/docker/docker v20.10.8 -> v20.10.9
• github.com/hashicorp/go-getter v1.5.8 -> v1.5.9
• github.com/insomniacslk/dhcp b95caade3eac -> 509557e9f781
• github.com/jsimonetti/rtnetlink 435639c8e6a8 -> e34540a94caa
• github.com/jxskiss/base62 4f11678b909b -> v1.0.0
• github.com/rivo/tview ee97a7ab3975 -> 5508f4b00266
• github.com/talos-systems/discovery-api v0.1.0 new
• github.com/talos-systems/discovery-client v0.1.0 new
• github.com/talos-systems/extras v0.6.0 -> v0.7.0-alpha.0
• github.com/talos-systems/pkgs v0.8.0 -> v0.9.0-alpha.0-7-g80a63d4
• github.com/talos-systems/talos/pkg/machinery v0.13.0 -> 000000000000
• github.com/talos-systems/tools v0.8.0 -> v0.9.0-alpha.0
• github.com/vmware-tanzu/sonobuoy v0.53.2 -> v0.54.0
• github.com/vmware/govmomi v0.26.1 -> v0.27.1
• github.com/vmware/vmw-guestinfo 687661b8bd8e -> cc1fd90d572c
• go.etcd.io/etcd/api/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/client/pkg/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/client/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/etcdutl/v3 v3.5.0 -> v3.5.1
• golang.org/x/net 3ad01bbaa167 -> d418f374d309
• golang.org/x/sys 39ccf1dd6fa6 -> d6a326fbbf70
• golang.org/x/term 140adaaadfaf -> 03fcf44c2211
• golang.zx2c4.com/wireguard/wgctrl 0a2f4901cba6 -> 5be1d6054c42
• k8s.io/api v0.22.2 -> v0.23.0-alpha.3
• k8s.io/apimachinery v0.22.2 -> v0.23.0-alpha.3
• k8s.io/client-go v0.22.2 -> v0.23.0-alpha.3
• k8s.io/cri-api v0.22.2 -> v0.23.0-alpha.3
• k8s.io/kubectl v0.22.2 -> v0.23.0-alpha.3
• k8s.io/kubelet v0.22.2 -> v0.23.0-alpha.3
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 -> v1.2.60
• sigs.k8s.io/yaml v1.3.0 new

Previous release can be found at v0.13.0

Talos 0.13.0-alpha.3 (2021-09-29)

Welcome to the v0.13.0-alpha.3 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Hetzner, Scaleway, Upcloud and Vultr

Talos now natively supports three new cloud platforms:

• Hetzner, including VIP support
• Scaleway
• Upcloud
• Vultr

Also generic cloud-init nocloud platform is supported in both networking and storage-based modes.

etcd Advertised Address

The address advertised by etcd can now be controlled with new machine configuration option machine.etcd.subnet.

Reboots via kexec

Talos now reboots by default via kexec syscall which means BIOS POST process is skipped. On bare-metal hardware BIOS POST process might take 10-15 minutes, so Talos reboots 10-15 minutes faster on bare-metal.

Kexec support can be disabled with the following change to the machine configuration:

machine:
  sysctls:
    kernel.kexec_load_disabled: "1"

Cluster Discovery and KubeSpan

This release of Talos provides initial support for cluster membership discovery and KubeSpan.

These new features are not enabled by default, to enable them please make following changes to the machine configuration:

machine:
  network:
    kubespan:
      enabled: true
cluster:
  discovery:
    enabled: true

Windows Suport

CLI tool talosctl is now built for Windows and published as part of the release.

Contributors

• Andrey Smirnov
• Artem Chernyshev
• Seán C McCord
• Serge Logvinov
• Alexey Palazhchenko
• Andrew Rynhard
• Olli Janatuinen
• Andrey Smirnov
• Lennard Klein
• Rui Lopes
• Spencer Smith

Changes

100 commits

• 4044372e feat: harvest discovered endpoints and push them via discovery svc
• 9a51aa83 feat: add an option to skip downed peers in KubeSpan
• cbbd7c68 feat: publish node's ExternalIPs as node addresses
• 0f60ef6d fix: reset inputs back to initial state in secrets.APIController
• 64cb873e feat: override static pods default args by extra Args
• ecdd7757 test: workaround race in the tests with zaptest package
• 9c67fde7 release(v0.13.0-alpha.2): prepare release
• 30ae7142 feat: implement integration with Discovery Service
• 353d632a feat: add nocloud platform support
• 628fbf9b chore: update Linux to 5.10.69
• 62acd625 fix: check trustd API CA on worker nodes
• ba27bc36 feat: implement Hetzner Cloud support for virtual (shared) IP
• 95f440ea test: add fuzz test for configloader
• d2cf021d chore: remove deprecated "join" term
• 0e18e280 chore: bump dependencies
• b450b7ce chore: deprecate Interfaces and Routes APIs
• cddcb962 fix: find devices without partition table
• b1b6d613 fix: check for existence of dhcp6 FQDN first
• 519999b8 fix: use readonly mode when probing devices with All lookup
• 2b520420 feat: enable resource API in the maintenance mode
• 452893c2 fix: make probe open blockdevice in readonly mode
• 96bccdd3 test: update CABPT provider to 0.3 release
• d9eb18bf fix: containerd log symlink
• efa7f48e docs: quicklinks on landing page
• 1cb9f282 fix: don't marshal clock with SecretsBundle
• b27c75b3 release(v0.13.0-alpha.1): prepare release
• 9d803d75 chore: bump dependencies and drop firecracker support
• 50a24104 feat: add operating system version field to discovery
• 085c61b2 chore: add a special condition to check for kubeconfig readiness
• 21cdd854 fix: add node address to the list of allowed IPs (kubespan)
• fdd80a12 feat: add an option to continue booting on NTP timeout
• ef368498 feat: add routes, routing rules and nftables rules for KubeSpan
• ed12379f fix: patch multi nodes support
• d943bb0e feat: update Kubernetes to 1.22.2
• d0585fb6 feat: reboot via kexec
• 3de505c8 fix: skip bad cloud-config in OpenStack platform
• a394d1e2 fix: tear down control plane static pods when etcd is stopped
• 1c05089b feat: implement KubeSpan manager for Wireguard peer state
• ec7f44ef fix: completely prevent editing resources other than mc
• 19a8ae97 feat: add vultr.com cloud support
• 0ff4c7cd fix: write KubernetesCACert chmodded 0400 instead of 0500
• a1c9d649 fix: update the way results are retrieved for certified conformance
• a0594540 chore: build using Go 1.17
• 7c5045bd release(v0.13.0-alpha.0): prepare release
• ee2dce6c chore: bump dependencies
• ef022959 fix: print etcd member ID in hex
• 5ca1fb82 fix: multiple fixes for KubeSpan and Wireguard implementation
• b1bd6425 fix: build platform images
• 3b5f4038 feat: add scaleway.com cloud support
• f156ab18 feat: add upcloud.com cloud support
• c3b2429c fix: suppress spurious Kubernetes API server cert updates
• ff90b575 feat: implement KubeSpan peer generation controller
• 14c69df5 fix: correctly parse multiple pod/service CIDRs
• 69897dbb feat: drop some capabilities to be never available
• 51e9836b docs: promote 0.12 docs to be the latest
• 812d59c7 feat: add hetzner.com cloud support
• d53e9e89 chore: use named constants
• 2dfe7f1f chore: bump tools to the latest version
• 82b130e7 docs: document required options for extraMounts
• af662210 feat: implement Kubernetes cluster discovery registry
• 2c66e1b3 feat: provide building of local Affiliate structure (for the node)
• d69bd2af chore: enable GPG identity check for Talos
• 8dbd851f chore: update tools/pkgs/extras to the new version
• 0b347570 feat: use dynamic NodeAddresses/HostnameStatus in Kubernetes certs
• bd5b9c96 fix: correctly define example for extraMounts
• 01cca099 docs: update docs for Talos 0.12 release
• 668627d5 feat: add subnet filter for etcd address
• 3c3c281b chore: bump dependencies via dependabot
• f8bebba2 fix: ignore error on duplicate for MountStatus
• 6956edd0 feat: add node address filters, filter out k8s addresses for Talos API
• caee24bf feat: implement KubeSpan identity controller
• da0f6e7e fix: allow updating diskSelector option
• 761ccaf3 feat: provide machine configuration for KubeSpan and cluster discovery
• a81e30cb docs: add bootstrap command to VMware docs
• 97da354c fix: do not panic on invalid machine configs
• c4048e26 fix: don't extract nil IPs in the GCP platform
• ba169c6f feat: provide talosctl.exe for Windows
• 6312f473 fix: properly handle omitempty fields in the validator
• 7f22879a feat: provide random node identity
• 032e7c6b chore: import yaml.v3 consistently
• 80b5f0e7 fix: validate IP address returned as HTTP response in platform code
• c9af8f7f docs: fork docs for 0.13
• 85cda1b9 feat: provide MountStatus resource for system partition mounts
• 950f122c chore: update versions in upgrade tests
• 83fdb772 feat: provide first NIC hardware addr as a resource
• 5f5ac12f fix: properly case the VMware name
• 0a6048f4 fix: don't allow bootstrap if etcd data directory is not empty
• e24b93b4 fix: cgroup delegate
• 751f64f9 docs: add release notes for 0.12, support matrix
• 57a77696 feat: update Kubernetes to 1.22.1
• 244b08cc chore: bump dependencies
• 576ba195 fix: do not set KSPP kernel params in container mode
• b8c92ede fix: don't support cgroups nesting in process runner
• 9bb0b797 test: adapt tests to the cgroupsv2
• 1abc12be fix: extramount should have yaml:",inline" tag
• 2b614e43 feat: check if cluster has deprecated resources versions
• 0b86edab fix: don't panic if the machine config doesn't have network (EM)
• 8bef41e4 fix: make sure file mode is same (reproducibility issue)
• fcfca55a chore: do not check that go mod tidy gives empty output
• 5ce92ca5 docs: ensure azure VMs are 0 indexed

Changes since v0.13.0-alpha.2

6 commits

• 4044372e feat: harvest discovered endpoints and push them via discovery svc
• 9a51aa83 feat: add an option to skip downed peers in KubeSpan
• cbbd7c68 feat: publish node's ExternalIPs as node addresses
• 0f60ef6d fix: reset inputs back to initial state in secrets.APIController
• 64cb873e feat: override static pods default args by extra Args
• ecdd7757 test: workaround race in the tests with zaptest package

Changes from talos-systems/discovery-service

17 commits

• b2e2079 fix: properly encrypt IPv6 endpoints
• e9d5dfa fix: enable connections to endpoints with public certs
• 509e9b2 feat: implement client wrapper around discovery service API
• 6195466 feat: enable vtprotobuf, watch batching, more limits
• 7174ec1 feat: implement new discovery service
• 1a43970 feat: add node and cluster validation
• 6454cfc refactor: kresify, fix linter and rename to Kubespan manager
• d782452 add redis database backend
• 924fed4 refactor to flexible addresses
• cd02b5a revert to string IDs
• 576288f add self-reported IPs
• 6ad15ca strong typing and known endpoint API
• 3437ff2 fixes from testing
• d3fd1f3 add Name to Node
• eb0e8ba add simple client pkg
• 5e0c1df add cluster hash grouping
• f982696 initial commit

Changes from talos-systems/extras

1 commit

• 52b27da chore: update pkgs and tools to 0.8.0-alpha.0

Changes from talos-systems/go-blockdevice

6 commits

• 70d2865 fix: try to find cdrom disks
• 667bf53 fix: revert gpt partition not found
• d7d4cdd fix: gpt partition not found
• 33afba3 fix: also open in readonly mode when running All lookup method
• e367f9d feat: make probe always open blockdevices in readonly mode
• d981156 fix: allow Build for Windows

Changes from talos-systems/pkgs

7 commits

• 28cda67 feat: update Linux kernel to 5.10.69
• db90f93 chore: update tools
• ca38c59 feat: enable KEXEC_FILE_LOAD in the kernel
• 982bc18 chore: update tools
• a243ab8 feat: add /usr/src to FHS
• 428abdb chore: support builds with HTTP_PROXY
• 13151c5 chore: update bldr version, update tools

Changes from talos-systems/tools

5 commits

• 2790b55 feat: update Go to 1.17.1
• 5b9d214 fix: restore static library for ncurses
• 01104e5 chore: reproducible builds
• 53fe146 chore: update bldr with new version
• bf4540d chore: add patch dependency

Dependency Changes

• github.com/containerd/go-cni v1.0.2 -> v1.1.0
• github.com/containernetworking/cni v0.8.1 -> v1.0.1
• github.com/containernetworking/plugins v0.9.1 -> v1.0.1
• github.com/cosi-project/runtime 25f235cd0682 -> 5cb7f5002d77
• github.com/fatih/color v1.12.0 -> v1.13.0
• github.com/fsnotify/fsnotify v1.4.9 -> v1.5.1
• github.com/gdamore/tcell/v2 v2.4.0 -> f057f0a857a1
• github.com/google/nftables 16a134723a96 new
• github.com/hashicorp/go-getter v1.5.7 -> v1.5.8
• github.com/hetznercloud/hcloud-go v1.32.0 new
• github.com/insomniacslk/dhcp 1cac67f12b1e -> b95caade3eac
• github.com/jsimonetti/rtnetlink 9c52e516c709 -> 435639c8e6a8
• github.com/jxskiss/base62 4f11678b909b new
• github.com/mattn/go-isatty v0.0.13 -> v0.0.14
• github.com/mdlayher/netx 669a06fde734 new
• github.com/packethost/packngo v0.19.0 -> v0.19.1
• github.com/prometheus/procfs v0.7.2 -> v0.7.3
• github.com/rivo/tview 29d673af0ce2 -> ee97a7ab3975
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7 new
• github.com/talos-systems/discovery-service b2e2079088a5 new
• github.com/talos-systems/extras v0.5.0 -> v0.6.0-alpha.0
• github.com/talos-systems/go-blockdevice v0.2.3 -> 70d28650b398
• github.com/talos-systems/pkgs v0.7.0 -> v0.8.0-alpha.0-4-g28cda67
• github.com/talos-systems/tools v0.7.0-1-ga33ccc1 -> v0.8.0-alpha.0-3-g2790b55
• github.com/vishvananda/netlink f5de75959ad5 new
• github.com/vmware-tanzu/sonobuoy v0.53.1 -> v0.53.2
• github.com/vmware/govmomi v0.26.0 -> v0.26.1
• github.com/vultr/metadata v1.0.3 new
• go.uber.org/zap v1.19.0 -> v1.19.1
• golang.org/x/net 853a461950ff -> 3ad01bbaa167
• golang.org/x/sys 0f9fa26af87c -> 39ccf1dd6fa6
• golang.org/x/term 6886f2dfbf5b -> 140adaaadfaf
• golang.zx2c4.com/wireguard/wgctrl 92e472f520a5 -> 0a2f4901cba6
• google.golang.org/grpc v1.40.0 -> v1.41.0
• inet.af/netaddr ce7a8ad02cc1 -> 85fa6c94624e
• k8s.io/api v0.22.1 -> v0.22.2
• k8s.io/apimachinery v0.22.1 -> v0.22.2
• k8s.io/client-go v0.22.1 -> v0.22.2
• k8s.io/kubectl v0.22.1 -> v0.22.2
• k8s.io/kubelet v0.22.1 -> v0.22.2
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 new

Previous release can be found at v0.12.0

Talos 0.13.0-alpha.2 (2021-09-28)

Welcome to the v0.13.0-alpha.2 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Hetzner, Scaleway, Upcloud and Vultr

Talos now natively supports three new cloud platforms:

• Hetzner, including VIP support
• Scaleway
• Upcloud
• Vultr

Also generic cloud-init nocloud platform is supported in both networking and storage-based modes.

etcd Advertised Address

The address advertised by etcd can now be controlled with new machine configuration option machine.etcd.subnet.

Reboots via kexec

Talos now reboots by default via kexec syscall which means BIOS POST process is skipped. On bare-metal hardware BIOS POST process might take 10-15 minutes, so Talos reboots 10-15 minutes faster on bare-metal.

Kexec support can be disabled with the following change to the machine configuration:

machine:
  sysctls:
    kernel.kexec_load_disabled: "1"

Cluster Discovery and KubeSpan

This release of Talos provides initial support for cluster membership discovery and KubeSpan.

These new features are not enabled by default, to enable them please make following changes to the machine configuration:

machine:
  network:
    kubespan:
      enabled: true
cluster:
  discovery:
    enabled: true

Windows Suport

CLI tool talosctl is now built for Windows and published as part of the release.

Contributors

• Andrey Smirnov
• Artem Chernyshev
• Seán C McCord
• Serge Logvinov
• Alexey Palazhchenko
• Andrew Rynhard
• Olli Janatuinen
• Andrey Smirnov
• Lennard Klein
• Rui Lopes
• Spencer Smith

Changes

93 commits

• 30ae7142 feat: implement integration with Discovery Service
• 353d632a feat: add nocloud platform support
• 628fbf9b chore: update Linux to 5.10.69
• 62acd625 fix: check trustd API CA on worker nodes
• ba27bc36 feat: implement Hetzner Cloud support for virtual (shared) IP
• 95f440ea test: add fuzz test for configloader
• d2cf021d chore: remove deprecated "join" term
• 0e18e280 chore: bump dependencies
• b450b7ce chore: deprecate Interfaces and Routes APIs
• cddcb962 fix: find devices without partition table
• b1b6d613 fix: check for existence of dhcp6 FQDN first
• 519999b8 fix: use readonly mode when probing devices with All lookup
• 2b520420 feat: enable resource API in the maintenance mode
• 452893c2 fix: make probe open blockdevice in readonly mode
• 96bccdd3 test: update CABPT provider to 0.3 release
• d9eb18bf fix: containerd log symlink
• efa7f48e docs: quicklinks on landing page
• 1cb9f282 fix: don't marshal clock with SecretsBundle
• b27c75b3 release(v0.13.0-alpha.1): prepare release
• 9d803d75 chore: bump dependencies and drop firecracker support
• 50a24104 feat: add operating system version field to discovery
• 085c61b2 chore: add a special condition to check for kubeconfig readiness
• 21cdd854 fix: add node address to the list of allowed IPs (kubespan)
• fdd80a12 feat: add an option to continue booting on NTP timeout
• ef368498 feat: add routes, routing rules and nftables rules for KubeSpan
• ed12379f fix: patch multi nodes support
• d943bb0e feat: update Kubernetes to 1.22.2
• d0585fb6 feat: reboot via kexec
• 3de505c8 fix: skip bad cloud-config in OpenStack platform
• a394d1e2 fix: tear down control plane static pods when etcd is stopped
• 1c05089b feat: implement KubeSpan manager for Wireguard peer state
• ec7f44ef fix: completely prevent editing resources other than mc
• 19a8ae97 feat: add vultr.com cloud support
• 0ff4c7cd fix: write KubernetesCACert chmodded 0400 instead of 0500
• a1c9d649 fix: update the way results are retrieved for certified conformance
• a0594540 chore: build using Go 1.17
• 7c5045bd release(v0.13.0-alpha.0): prepare release
• ee2dce6c chore: bump dependencies
• ef022959 fix: print etcd member ID in hex
• 5ca1fb82 fix: multiple fixes for KubeSpan and Wireguard implementation
• b1bd6425 fix: build platform images
• 3b5f4038 feat: add scaleway.com cloud support
• f156ab18 feat: add upcloud.com cloud support
• c3b2429c fix: suppress spurious Kubernetes API server cert updates
• ff90b575 feat: implement KubeSpan peer generation controller
• 14c69df5 fix: correctly parse multiple pod/service CIDRs
• 69897dbb feat: drop some capabilities to be never available
• 51e9836b docs: promote 0.12 docs to be the latest
• 812d59c7 feat: add hetzner.com cloud support
• d53e9e89 chore: use named constants
• 2dfe7f1f chore: bump tools to the latest version
• 82b130e7 docs: document required options for extraMounts
• af662210 feat: implement Kubernetes cluster discovery registry
• 2c66e1b3 feat: provide building of local Affiliate structure (for the node)
• d69bd2af chore: enable GPG identity check for Talos
• 8dbd851f chore: update tools/pkgs/extras to the new version
• 0b347570 feat: use dynamic NodeAddresses/HostnameStatus in Kubernetes certs
• bd5b9c96 fix: correctly define example for extraMounts
• 01cca099 docs: update docs for Talos 0.12 release
• 668627d5 feat: add subnet filter for etcd address
• 3c3c281b chore: bump dependencies via dependabot
• f8bebba2 fix: ignore error on duplicate for MountStatus
• 6956edd0 feat: add node address filters, filter out k8s addresses for Talos API
• caee24bf feat: implement KubeSpan identity controller
• da0f6e7e fix: allow updating diskSelector option
• 761ccaf3 feat: provide machine configuration for KubeSpan and cluster discovery
• a81e30cb docs: add bootstrap command to VMware docs
• 97da354c fix: do not panic on invalid machine configs
• c4048e26 fix: don't extract nil IPs in the GCP platform
• ba169c6f feat: provide talosctl.exe for Windows
• 6312f473 fix: properly handle omitempty fields in the validator
• 7f22879a feat: provide random node identity
• 032e7c6b chore: import yaml.v3 consistently
• 80b5f0e7 fix: validate IP address returned as HTTP response in platform code
• c9af8f7f docs: fork docs for 0.13
• 85cda1b9 feat: provide MountStatus resource for system partition mounts
• 950f122c chore: update versions in upgrade tests
• 83fdb772 feat: provide first NIC hardware addr as a resource
• 5f5ac12f fix: properly case the VMware name
• 0a6048f4 fix: don't allow bootstrap if etcd data directory is not empty
• e24b93b4 fix: cgroup delegate
• 751f64f9 docs: add release notes for 0.12, support matrix
• 57a77696 feat: update Kubernetes to 1.22.1
• 244b08cc chore: bump dependencies
• 576ba195 fix: do not set KSPP kernel params in container mode
• b8c92ede fix: don't support cgroups nesting in process runner
• 9bb0b797 test: adapt tests to the cgroupsv2
• 1abc12be fix: extramount should have yaml:",inline" tag
• 2b614e43 feat: check if cluster has deprecated resources versions
• 0b86edab fix: don't panic if the machine config doesn't have network (EM)
• 8bef41e4 fix: make sure file mode is same (reproducibility issue)
• fcfca55a chore: do not check that go mod tidy gives empty output
• 5ce92ca5 docs: ensure azure VMs are 0 indexed

Changes since v0.13.0-alpha.1

18 commits

• 30ae7142 feat: implement integration with Discovery Service
• 353d632a feat: add nocloud platform support
• 628fbf9b chore: update Linux to 5.10.69
• 62acd625 fix: check trustd API CA on worker nodes
• ba27bc36 feat: implement Hetzner Cloud support for virtual (shared) IP
• 95f440ea test: add fuzz test for configloader
• d2cf021d chore: remove deprecated "join" term
• 0e18e280 chore: bump dependencies
• b450b7ce chore: deprecate Interfaces and Routes APIs
• cddcb962 fix: find devices without partition table
• b1b6d613 fix: check for existence of dhcp6 FQDN first
• 519999b8 fix: use readonly mode when probing devices with All lookup
• 2b520420 feat: enable resource API in the maintenance mode
• 452893c2 fix: make probe open blockdevice in readonly mode
• 96bccdd3 test: update CABPT provider to 0.3 release
• d9eb18bf fix: containerd log symlink
• efa7f48e docs: quicklinks on landing page
• 1cb9f282 fix: don't marshal clock with SecretsBundle

Changes from talos-systems/discovery-service

16 commits

• e9d5dfa fix: enable connections to endpoints with public certs
• 509e9b2 feat: implement client wrapper around discovery service API
• 6195466 feat: enable vtprotobuf, watch batching, more limits
• 7174ec1 feat: implement new discovery service
• 1a43970 feat: add node and cluster validation
• 6454cfc refactor: kresify, fix linter and rename to Kubespan manager
• d782452 add redis database backend
• 924fed4 refactor to flexible addresses
• cd02b5a revert to string IDs
• 576288f add self-reported IPs
• 6ad15ca strong typing and known endpoint API
• 3437ff2 fixes from testing
• d3fd1f3 add Name to Node
• eb0e8ba add simple client pkg
• 5e0c1df add cluster hash grouping
• f982696 initial commit

Changes from talos-systems/extras

1 commit

• 52b27da chore: update pkgs and tools to 0.8.0-alpha.0

Changes from talos-systems/go-blockdevice

6 commits

• 70d2865 fix: try to find cdrom disks
• 667bf53 fix: revert gpt partition not found
• d7d4cdd fix: gpt partition not found
• 33afba3 fix: also open in readonly mode when running All lookup method
• e367f9d feat: make probe always open blockdevices in readonly mode
• d981156 fix: allow Build for Windows

Changes from talos-systems/pkgs

7 commits

• 28cda67 feat: update Linux kernel to 5.10.69
• db90f93 chore: update tools
• ca38c59 feat: enable KEXEC_FILE_LOAD in the kernel
• 982bc18 chore: update tools
• a243ab8 feat: add /usr/src to FHS
• 428abdb chore: support builds with HTTP_PROXY
• 13151c5 chore: update bldr version, update tools

Changes from talos-systems/tools

5 commits

• 2790b55 feat: update Go to 1.17.1
• 5b9d214 fix: restore static library for ncurses
• 01104e5 chore: reproducible builds
• 53fe146 chore: update bldr with new version
• bf4540d chore: add patch dependency

Dependency Changes

• github.com/containerd/go-cni v1.0.2 -> v1.1.0
• github.com/containernetworking/cni v0.8.1 -> v1.0.1
• github.com/containernetworking/plugins v0.9.1 -> v1.0.1
• github.com/cosi-project/runtime 25f235cd0682 -> 5cb7f5002d77
• github.com/fatih/color v1.12.0 -> v1.13.0
• github.com/fsnotify/fsnotify v1.4.9 -> v1.5.1
• github.com/gdamore/tcell/v2 v2.4.0 -> f057f0a857a1
• github.com/google/nftables 16a134723a96 new
• github.com/hashicorp/go-getter v1.5.7 -> v1.5.8
• github.com/hetznercloud/hcloud-go v1.32.0 new
• github.com/insomniacslk/dhcp 1cac67f12b1e -> b95caade3eac
• github.com/jsimonetti/rtnetlink 9c52e516c709 -> 435639c8e6a8
• github.com/jxskiss/base62 4f11678b909b new
• github.com/mattn/go-isatty v0.0.13 -> v0.0.14
• github.com/mdlayher/netx 669a06fde734 new
• github.com/packethost/packngo v0.19.0 -> v0.19.1
• github.com/prometheus/procfs v0.7.2 -> v0.7.3
• github.com/rivo/tview 29d673af0ce2 -> ee97a7ab3975
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7 new
• github.com/talos-systems/discovery-service e9d5dfa15e92 new
• github.com/talos-systems/extras v0.5.0 -> v0.6.0-alpha.0
• github.com/talos-systems/go-blockdevice v0.2.3 -> 70d28650b398
• github.com/talos-systems/pkgs v0.7.0 -> v0.8.0-alpha.0-4-g28cda67
• github.com/talos-systems/tools v0.7.0-1-ga33ccc1 -> v0.8.0-alpha.0-3-g2790b55
• github.com/vishvananda/netlink f5de75959ad5 new
• github.com/vmware-tanzu/sonobuoy v0.53.1 -> v0.53.2
• github.com/vmware/govmomi v0.26.0 -> v0.26.1
• github.com/vultr/metadata v1.0.3 new
• go.uber.org/zap v1.19.0 -> v1.19.1
• golang.org/x/net 853a461950ff -> 3ad01bbaa167
• golang.org/x/sys 0f9fa26af87c -> 39ccf1dd6fa6
• golang.org/x/term 6886f2dfbf5b -> 140adaaadfaf
• golang.zx2c4.com/wireguard/wgctrl 92e472f520a5 -> 0a2f4901cba6
• google.golang.org/grpc v1.40.0 -> v1.41.0
• inet.af/netaddr ce7a8ad02cc1 -> 85fa6c94624e
• k8s.io/api v0.22.1 -> v0.22.2
• k8s.io/apimachinery v0.22.1 -> v0.22.2
• k8s.io/client-go v0.22.1 -> v0.22.2
• k8s.io/kubectl v0.22.1 -> v0.22.2
• k8s.io/kubelet v0.22.1 -> v0.22.2
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 new

Previous release can be found at v0.12.0

Talos 0.13.0-alpha.1 (2021-09-20)

Welcome to the v0.13.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Hetzner, Scaleway, Upcloud and Vultr

Talos now natively supports three new cloud platforms:

• Hetzner
• Scaleway
• Upcloud
• Vultr

etcd Advertised Address

The address advertised by etcd can now be controlled with new machine configuration option machine.etcd.subnet.

Reboots via kexec

Talos now reboots by default via kexec syscall which means BIOS POST process is skipped. On bare-metal hardware BIOS POST process might take 10-15 minutes, so Talos reboots 10-15 minutes faster on bare-metal.

Kexec support can be disabled with the following change to the machine configuration:

machine:
  sysctls:
    kernel.kexec_load_disabled: "1"

Cluster Discovery and KubeSpan

This release of Talos provides initial support for cluster membership discovery and KubeSpan.

These new features are not enabled by default, to enable them please make following changes to the machine configuration:

machine:
  network:
    kubespan:
      enabled: true
cluster:
  discovery:
    enabled: true

Windows Suport

CLI tool talosctl is now built for Windows and published as part of the release.

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Serge Logvinov
• Andrew Rynhard
• Olli Janatuinen
• Andrey Smirnov
• Lennard Klein
• Rui Lopes
• Spencer Smith

Changes

74 commits

• 9d803d75 chore: bump dependencies and drop firecracker support
• 50a24104 feat: add operating system version field to discovery
• 085c61b2 chore: add a special condition to check for kubeconfig readiness
• 21cdd854 fix: add node address to the list of allowed IPs (kubespan)
• fdd80a12 feat: add an option to continue booting on NTP timeout
• ef368498 feat: add routes, routing rules and nftables rules for KubeSpan
• ed12379f fix: patch multi nodes support
• d943bb0e feat: update Kubernetes to 1.22.2
• d0585fb6 feat: reboot via kexec
• 3de505c8 fix: skip bad cloud-config in OpenStack platform
• a394d1e2 fix: tear down control plane static pods when etcd is stopped
• 1c05089b feat: implement KubeSpan manager for Wireguard peer state
• ec7f44ef fix: completely prevent editing resources other than mc
• 19a8ae97 feat: add vultr.com cloud support
• 0ff4c7cd fix: write KubernetesCACert chmodded 0400 instead of 0500
• a1c9d649 fix: update the way results are retrieved for certified conformance
• a0594540 chore: build using Go 1.17
• 7c5045bd release(v0.13.0-alpha.0): prepare release
• ee2dce6c chore: bump dependencies
• ef022959 fix: print etcd member ID in hex
• 5ca1fb82 fix: multiple fixes for KubeSpan and Wireguard implementation
• b1bd6425 fix: build platform images
• 3b5f4038 feat: add scaleway.com cloud support
• f156ab18 feat: add upcloud.com cloud support
• c3b2429c fix: suppress spurious Kubernetes API server cert updates
• ff90b575 feat: implement KubeSpan peer generation controller
• 14c69df5 fix: correctly parse multiple pod/service CIDRs
• 69897dbb feat: drop some capabilities to be never available
• 51e9836b docs: promote 0.12 docs to be the latest
• 812d59c7 feat: add hetzner.com cloud support
• d53e9e89 chore: use named constants
• 2dfe7f1f chore: bump tools to the latest version
• 82b130e7 docs: document required options for extraMounts
• af662210 feat: implement Kubernetes cluster discovery registry
• 2c66e1b3 feat: provide building of local Affiliate structure (for the node)
• d69bd2af chore: enable GPG identity check for Talos
• 8dbd851f chore: update tools/pkgs/extras to the new version
• 0b347570 feat: use dynamic NodeAddresses/HostnameStatus in Kubernetes certs
• bd5b9c96 fix: correctly define example for extraMounts
• 01cca099 docs: update docs for Talos 0.12 release
• 668627d5 feat: add subnet filter for etcd address
• 3c3c281b chore: bump dependencies via dependabot
• f8bebba2 fix: ignore error on duplicate for MountStatus
• 6956edd0 feat: add node address filters, filter out k8s addresses for Talos API
• caee24bf feat: implement KubeSpan identity controller
• da0f6e7e fix: allow updating diskSelector option
• 761ccaf3 feat: provide machine configuration for KubeSpan and cluster discovery
• a81e30cb docs: add bootstrap command to VMware docs
• 97da354c fix: do not panic on invalid machine configs
• c4048e26 fix: don't extract nil IPs in the GCP platform
• ba169c6f feat: provide talosctl.exe for Windows
• 6312f473 fix: properly handle omitempty fields in the validator
• 7f22879a feat: provide random node identity
• 032e7c6b chore: import yaml.v3 consistently
• 80b5f0e7 fix: validate IP address returned as HTTP response in platform code
• c9af8f7f docs: fork docs for 0.13
• 85cda1b9 feat: provide MountStatus resource for system partition mounts
• 950f122c chore: update versions in upgrade tests
• 83fdb772 feat: provide first NIC hardware addr as a resource
• 5f5ac12f fix: properly case the VMware name
• 0a6048f4 fix: don't allow bootstrap if etcd data directory is not empty
• e24b93b4 fix: cgroup delegate
• 751f64f9 docs: add release notes for 0.12, support matrix
• 57a77696 feat: update Kubernetes to 1.22.1
• 244b08cc chore: bump dependencies
• 576ba195 fix: do not set KSPP kernel params in container mode
• b8c92ede fix: don't support cgroups nesting in process runner
• 9bb0b797 test: adapt tests to the cgroupsv2
• 1abc12be fix: extramount should have yaml:",inline" tag
• 2b614e43 feat: check if cluster has deprecated resources versions
• 0b86edab fix: don't panic if the machine config doesn't have network (EM)
• 8bef41e4 fix: make sure file mode is same (reproducibility issue)
• fcfca55a chore: do not check that go mod tidy gives empty output
• 5ce92ca5 docs: ensure azure VMs are 0 indexed

Changes since v0.13.0-alpha.0

17 commits

• 9d803d75 chore: bump dependencies and drop firecracker support
• 50a24104 feat: add operating system version field to discovery
• 085c61b2 chore: add a special condition to check for kubeconfig readiness
• 21cdd854 fix: add node address to the list of allowed IPs (kubespan)
• fdd80a12 feat: add an option to continue booting on NTP timeout
• ef368498 feat: add routes, routing rules and nftables rules for KubeSpan
• ed12379f fix: patch multi nodes support
• d943bb0e feat: update Kubernetes to 1.22.2
• d0585fb6 feat: reboot via kexec
• 3de505c8 fix: skip bad cloud-config in OpenStack platform
• a394d1e2 fix: tear down control plane static pods when etcd is stopped
• 1c05089b feat: implement KubeSpan manager for Wireguard peer state
• ec7f44ef fix: completely prevent editing resources other than mc
• 19a8ae97 feat: add vultr.com cloud support
• 0ff4c7cd fix: write KubernetesCACert chmodded 0400 instead of 0500
• a1c9d649 fix: update the way results are retrieved for certified conformance
• a0594540 chore: build using Go 1.17

Changes from talos-systems/extras

1 commit

• 52b27da chore: update pkgs and tools to 0.8.0-alpha.0

Changes from talos-systems/go-blockdevice

1 commit

• d981156 fix: allow Build for Windows

Changes from talos-systems/pkgs

6 commits

• db90f93 chore: update tools
• ca38c59 feat: enable KEXEC_FILE_LOAD in the kernel
• 982bc18 chore: update tools
• a243ab8 feat: add /usr/src to FHS
• 428abdb chore: support builds with HTTP_PROXY
• 13151c5 chore: update bldr version, update tools

Changes from talos-systems/tools

5 commits

• 2790b55 feat: update Go to 1.17.1
• 5b9d214 fix: restore static library for ncurses
• 01104e5 chore: reproducible builds
• 53fe146 chore: update bldr with new version
• bf4540d chore: add patch dependency

Dependency Changes

• github.com/containerd/go-cni v1.0.2 -> v1.1.0
• github.com/containernetworking/cni v0.8.1 -> v1.0.1
• github.com/containernetworking/plugins v0.9.1 -> v1.0.1
• github.com/cosi-project/runtime 25f235cd0682 -> 5cb7f5002d77
• github.com/fsnotify/fsnotify v1.4.9 -> v1.5.1
• github.com/gdamore/tcell/v2 v2.4.0 -> f057f0a857a1
• github.com/google/nftables 16a134723a96 new
• github.com/hashicorp/go-getter v1.5.7 -> v1.5.8
• github.com/insomniacslk/dhcp 1cac67f12b1e -> b95caade3eac
• github.com/jsimonetti/rtnetlink 9c52e516c709 -> 4cc3c1489576
• github.com/jxskiss/base62 4f11678b909b new
• github.com/mattn/go-isatty v0.0.13 -> v0.0.14
• github.com/mdlayher/netx 669a06fde734 new
• github.com/packethost/packngo v0.19.0 -> v0.19.1
• github.com/prometheus/procfs v0.7.2 -> v0.7.3
• github.com/rivo/tview 29d673af0ce2 -> f7430b878d17
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7 new
• github.com/talos-systems/extras v0.5.0 -> v0.6.0-alpha.0
• github.com/talos-systems/go-blockdevice v0.2.3 -> d9811569588b
• github.com/talos-systems/pkgs v0.7.0 -> v0.8.0-alpha.0-3-gdb90f93
• github.com/talos-systems/tools v0.7.0-1-ga33ccc1 -> v0.8.0-alpha.0-3-g2790b55
• github.com/vishvananda/netlink f5de75959ad5 new
• github.com/vmware-tanzu/sonobuoy v0.53.1 -> v0.53.2
• github.com/vmware/govmomi v0.26.0 -> v0.26.1
• github.com/vultr/metadata v1.0.3 new
• go.uber.org/zap v1.19.0 -> v1.19.1
• golang.org/x/net 853a461950ff -> 978cfadd31cf
• golang.org/x/sys 0f9fa26af87c -> d61c044b1678
• golang.org/x/term 6886f2dfbf5b -> 140adaaadfaf
• golang.zx2c4.com/wireguard/wgctrl 92e472f520a5 -> 91d1988e44de
• inet.af/netaddr ce7a8ad02cc1 -> 85fa6c94624e
• k8s.io/api v0.22.1 -> v0.22.2
• k8s.io/apimachinery v0.22.1 -> v0.22.2
• k8s.io/client-go v0.22.1 -> v0.22.2
• k8s.io/kubectl v0.22.1 -> v0.22.2
• k8s.io/kubelet v0.22.1 -> v0.22.2
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.58 new

Previous release can be found at v0.12.0

Talos 0.13.0-alpha.0 (2021-09-13)

Welcome to the v0.13.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Hetzner, Scaleway and Upcloud

Talos now natively supports three new cloud platforms:

• Hetzner
• Scaleway
• Upcloud

etcd Advertised Address

The address advertised by etcd can now be controlled with new machine configuration option machine.etcd.subnet.

Cluster Discovery and KubeSpan

This release of Talos provides some initial support for cluster membership discovery and KubeSpan.

These new features are not enabled by default.

Windows Suport

CLI tool talosctl is now built for Windows and published as part of the release.

Contributors

• Andrey Smirnov
• Artem Chernyshev
• Alexey Palazhchenko
• Serge Logvinov
• Andrew Rynhard
• Olli Janatuinen
• Andrey Smirnov
• Rui Lopes
• Spencer Smith

Changes

55 commits

• ef022959 fix: print etcd member ID in hex
• 5ca1fb82 fix: multiple fixes for KubeSpan and Wireguard implementation
• b1bd6425 fix: build platform images
• 3b5f4038 feat: add scaleway.com cloud support
• f156ab18 feat: add upcloud.com cloud support
• c3b2429c fix: suppress spurious Kubernetes API server cert updates
• ff90b575 feat: implement KubeSpan peer generation controller
• 14c69df5 fix: correctly parse multiple pod/service CIDRs
• 69897dbb feat: drop some capabilities to be never available
• 51e9836b docs: promote 0.12 docs to be the latest
• 812d59c7 feat: add hetzner.com cloud support
• d53e9e89 chore: use named constants
• 2dfe7f1f chore: bump tools to the latest version
• 82b130e7 docs: document required options for extraMounts
• af662210 feat: implement Kubernetes cluster discovery registry
• 2c66e1b3 feat: provide building of local Affiliate structure (for the node)
• d69bd2af chore: enable GPG identity check for Talos
• 8dbd851f chore: update tools/pkgs/extras to the new version
• 0b347570 feat: use dynamic NodeAddresses/HostnameStatus in Kubernetes certs
• bd5b9c96 fix: correctly define example for extraMounts
• 01cca099 docs: update docs for Talos 0.12 release
• 668627d5 feat: add subnet filter for etcd address
• 3c3c281b chore: bump dependencies via dependabot
• f8bebba2 fix: ignore error on duplicate for MountStatus
• 6956edd0 feat: add node address filters, filter out k8s addresses for Talos API
• caee24bf feat: implement KubeSpan identity controller
• da0f6e7e fix: allow updating diskSelector option
• 761ccaf3 feat: provide machine configuration for KubeSpan and cluster discovery
• a81e30cb docs: add bootstrap command to VMware docs
• 97da354c fix: do not panic on invalid machine configs
• c4048e26 fix: don't extract nil IPs in the GCP platform
• ba169c6f feat: provide talosctl.exe for Windows
• 6312f473 fix: properly handle omitempty fields in the validator
• 7f22879a feat: provide random node identity
• 032e7c6b chore: import yaml.v3 consistently
• 80b5f0e7 fix: validate IP address returned as HTTP response in platform code
• c9af8f7f docs: fork docs for 0.13
• 85cda1b9 feat: provide MountStatus resource for system partition mounts
• 950f122c chore: update versions in upgrade tests
• 83fdb772 feat: provide first NIC hardware addr as a resource
• 5f5ac12f fix: properly case the VMware name
• 0a6048f4 fix: don't allow bootstrap if etcd data directory is not empty
• e24b93b4 fix: cgroup delegate
• 751f64f9 docs: add release notes for 0.12, support matrix
• 57a77696 feat: update Kubernetes to 1.22.1
• 244b08cc chore: bump dependencies
• 576ba195 fix: do not set KSPP kernel params in container mode
• b8c92ede fix: don't support cgroups nesting in process runner
• 9bb0b797 test: adapt tests to the cgroupsv2
• 1abc12be fix: extramount should have yaml:",inline" tag
• 2b614e43 feat: check if cluster has deprecated resources versions
• 0b86edab fix: don't panic if the machine config doesn't have network (EM)
• 8bef41e4 fix: make sure file mode is same (reproducibility issue)
• fcfca55a chore: do not check that go mod tidy gives empty output
• 5ce92ca5 docs: ensure azure VMs are 0 indexed

Changes from talos-systems/extras

1 commit

• 52b27da chore: update pkgs and tools to 0.8.0-alpha.0

Changes from talos-systems/go-blockdevice

1 commit

• d981156 fix: allow Build for Windows

Changes from talos-systems/pkgs

3 commits

• a243ab8 feat: add /usr/src to FHS
• 428abdb chore: support builds with HTTP_PROXY
• 13151c5 chore: update bldr version, update tools

Changes from talos-systems/tools

4 commits

• 5b9d214 fix: restore static library for ncurses
• 01104e5 chore: reproducible builds
• 53fe146 chore: update bldr with new version
• bf4540d chore: add patch dependency

Dependency Changes

• github.com/cosi-project/runtime 25f235cd0682 -> 57b048cd66b0
• github.com/fsnotify/fsnotify v1.4.9 -> v1.5.1
• github.com/insomniacslk/dhcp 1cac67f12b1e -> d82598001386
• github.com/jxskiss/base62 4f11678b909b new
• github.com/mdlayher/netx 669a06fde734 new
• github.com/prometheus/procfs v0.7.2 -> v0.7.3
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7 new
• github.com/talos-systems/extras v0.5.0 -> v0.6.0-alpha.0
• github.com/talos-systems/go-blockdevice v0.2.3 -> d9811569588b
• github.com/talos-systems/pkgs v0.7.0 -> v0.8.0-alpha.0
• github.com/talos-systems/tools v0.7.0-1-ga33ccc1 -> v0.8.0-alpha.0-2-g5b9d214
• github.com/vmware-tanzu/sonobuoy v0.53.1 -> v0.53.2
• github.com/vmware/govmomi v0.26.0 -> v0.26.1
• golang.org/x/net 853a461950ff -> 60bc85c4be6d
• golang.org/x/sys 0f9fa26af87c -> 63515b42dcdf
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.56 new

Previous release can be found at v0.12.0

Talos 0.12.0-alpha.1 (2021-08-13)

Welcome to the v0.12.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Support for Self-hosted Control Plane Dropped

Note: This item only applies to clusters bootstrapped with Talos <= 0.8.

Talos 0.12 completely removes support for self-hosted Kubernetes control plane (bootkube-based). Talos 0.9 introduced support for Talos-managed control plane and provided migration path to convert self-hosted control plane to Talos-managed static pods. Automated and manual conversion process is available in Talos from 0.9.x to 0.11.x. For clusters bootstrapped with bootkube (Talos <= 0.8), please make sure control plane is converted to Talos-managed before before upgrading to Talos 0.12. Current control plane status can be checked with talosctl get bootstrapstatus before performing upgrade to Talos 0.12.

Cluster API v0.3.x

Cluster API v0.3.x (v1alpha3) is not compatible with Kubernetes 1.22 used by default in Talos 0.12. Talos can be configued to use Kubernetes 1.21 or CAPI v0.4.x components can be used instead.

Machine Config Validation

Unknown keys in the machine config now make the config invalid, so any attempt to apply/edit the configuration with the unknown keys will lead into an error.

Sysctl Configuration

Sysctl Kernel Params configuration was completely rewritten to be based on controllers and resources, which makes it possible to apply .machine.sysctls in immediate mode (without a reboot). talosctl get kernelparams returns merged list of KSPP, Kubernetes and user defined params along with the default values overwritten by Talos.

Equinix Metal

Added support for Equinix Metal IPs for the Talos virtual (shared) IP (option equnixMetal under vip in the machine configuration). Talos automatically re-assigns IP using the Equinix Metal API when leadership changes.

etcd

New etcd cluster members are now joined in learner mode, which improves cluster resiliency to member join issues.

Join Node Type

Node type join was renamed to worker for clarity. The old value is still accepted in the machine configuration but deprecated. talosctl gen config now generates worker.yaml instead of join.yaml.

Networking

• multiple static addresses can be specified for the interface with new .addresses field (old .cidr field is deprecated now)
• static addresses can be set on interfaces configured with DHCP

Performance

• machined uses less memory and CPU time
• more disk encryption options are exposed via the machine configuration
• disk partitions are now aligned properly with minimum I/O size
• Talos system processes are moved under proper cgroups, resource metrics are now available via the kubelet
• OOM score is set on the system processes making sure they are killed last under memory pressure

Security

• etcd PKI moved to /system/secrets
• kubelet bootstrap CSR auto-signing scoped to kubelet bootstrap tokens only
• enforce default seccomp profile on all system containers
• run system services apid, trustd, and etcd as non-root users

Component Updates

• Linux: 5.10.57
• Kubernetes: 1.22.0
• containerd: 1.5.5
• runc: 1.0.1
• GRUB: 2.06
• Talos is built with Go 1.16.7

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Andrey Smirnov
• Serge Logvinov
• Artem Chernyshev
• Spencer Smith
• Alexey Palazhchenko
• dependabot[bot]
• Andrew Rynhard
• Artem Chernyshev
• Rui Lopes
• Caleb Woodbine
• Seán C McCord

Changes

109 commits

• 1ed5e545 feat: add ClusterID and ClusterSecret
• 228b3761 chore: run etcd as non-root user
• 3518219b chore: drop deprecated --no-reboot param and KernelCurrentRoot const
• 33d1c3e4 chore: run apid and trustd services as non-root user
• dadaa65d feat: print uid/gid for the files in ls -l
• e6fa401b fix: enable seccomp default profile by default
• 8ddbcc96 feat: validate if extra fields present in the decoder
• 5b57a980 chore: update Go to 1.16.7, Linux to 5.10.57
• eefe1c21 feat: add new etcd members in learner mode
• b1c66fba feat: implement Equinix Metal support for virtual (shared) IP
• 62242f97 chore: require GPG signatures
• faecae44 feat: make ISO builds reproducible
• 887c2326 release(v0.12.0-alpha.0): prepare release
• a15f0184 fix: move etcd PKI under /system/secrets
• eb02afe1 fix: match correctly routes on the address family
• cb948acc feat: allow multiple addresses per interface
• e030b2e8 chore: use k8s 1.21.3 in CAPI tests for now
• e08b4f8f feat: implement sysctl controllers
• fdf6b243 chore: revert "improve artifacts generation reproducibility"
• b68ed1eb fix: make route resources ID match closer routing table primary key
• 585f6337 fix: correctly handle nodoc for struct fields
• f2d394dc docs: add AMIs for v0.11.5
• d0970cbf feat: bootstrap token limit
• 5285a46d fix: maintenance mode reason message
• 009d15e8 chore: use etcd client TryLock function on upgrade
• 4dae9ea5 chore: use vtprotobuf compiled marshaling in Talos API
• 7ca5749a chore: bump dependencies via dependabot
• b2507b41 chore: improve artifacts generation reproducibility
• 1f7dad23 chore: update PKGS version (512 cpus, new ca-certficates)
• 1a2e78a2 fix: update go-blockdevice
• 6d6ed117 chore: use parallel xz with higher compression level
• 571f7db1 chore: workaround GitHub new release notes limit
• 09d70b7e feat: update Kubernetes to v1.22.0
• f25f10e7 feat: add an option to disable PSP
• 7c6e4cf2 feat: allow both DHCP and static addressing for the interface
• 3c566dbc fix: remove admission plugins enabled by default from the list
• 69ead373 fix: preserve PMBR bootable flag correctly
• dee63051 fix: align partitions with minimal I/O size
• 62890229 feat: update GRUB to 2.06
• b9d04928 feat: move system processes to cgroups
• 0b8681b4 fix: resolve several issues with Wireguard link specs
• f8f4bf3b docs: add disk encryptions examples
• 79b8fa64 feat: update containerd to 1.5.5
• 539f4209 chore: bump dependencies via dependabot
• 0c7ce1cd feat: remove remnants of bootkube support
• d4f9804f chore: fix typos
• 5f027615 feat: expose more encryption options to the machine config
• 585152a0 chore: bump dependencies
• fc66ec59 feat: set oom score for main processes
• df54584a fix: drop linux capabilities
• f65d0b73 docs: add 0.11.3 AMIs
• 7332d636 fix: bump pkgs for new kernel 5.10.52
• 70d2505b fix: do not require ToVersion to be set when detecting version
• 0953b199 chore: update extras to bring a new CNI bundle
• b6c47f86 fix: set the /etc/os-release HOME_URL parameter
• c780821d feat: update containerd to 1.5.3, runc to 1.0.1
• f8f1c83a feat: detect the lowest Kubernetes version in upgrade-k8s CLI command
• 55e17ccd chore: bump dependencies
• da6f786c fix: kuberentes => kubernetes typo
• 2e463348 fix: pass all logs through the options.Log method
• 4e9c5afb fix: make ethtool optional in link status controller
• bf61c2cc fix: write upgrade logs only to the LogOutput if it's defined
• 9c73257c feat: update Go to 1.16.6
• 23ef1d40 chore: add ability to redirect talos upgrade module logs to io.Writer
• 33e9d6c9 chore: bump github.com/aws/aws-sdk-go in /hack/cloud-image-uploader
• 604434c4 chore: bump github.com/prometheus/procfs from 0.6.0 to 0.7.0
• 2ea28f62 chore: bump node from 16.3.0-alpine to 16.4.2-alpine
• b358a189 fix: correctly pick route scope for link-local destination
• 6848d431 feat: can change clusterdns ip lists
• 72b76abf fix: workaround issues when IPv6 is fully or partially disabled
• 679b08f4 docs: update docs for 0.12
• 6fbec9e0 fix: cache etcd client used for healthchecks
• eea750de chore: rename "join" type to "worker"
• 951493ac docs: update what's new for Talos 0.11
• b47d1098 docs: promote 0.11 docs to be the latest
• d930a265 chore: implement DeepCopy for machine configuration
• fe4ed3c7 chore: ignore tags which don't look like semantic version
• b969e772 chore: update references to old protobuf package
• 2ba8ac9a docs: add documentation directory for 0.12
• 011e2885 fix: validate bond slaves addressing
• 10c28758 fix: ignore DeadlineExceeded error correctly on bootstrap
• 77fabace chore: ignore future pkg/machinery/vX.Y.Z tags
• 6b661114 fix: make COSI runtime history depth smaller
• 9bf899bd fix: make forfeit leadership connect to the right node
• 4708beae feat: implement talosctl config info command
• 6d13d2cf fix: close Kubernetes API client
• aaa36f3b fix: ignore 'not a leader' error on forfeit leadership
• 22a41936 fix: workaround 'Unauthorized' errors when accessing Kubernetes API
• 71c6f700 chore: bump go.mod dependencies
• 915cd8fe docs: add guide for RBAC
• f5721050 fix: controlplane keyusage
• 3d772661 fix: fill uuid argument correctly in the config download URL
• d8602025 chore: update containerd config version 2
• 5949ec4e docs: describe the new network configuration subsystem
• 444d72b4 feat: update pkgs version
• e883c12b fix: make output of upgrade-k8s command less scary
• 7f8e50de fix: restart the merge controllers on conflict
• 60d73609 fix: ignore deadline exceeded errors on bootstrap
• ee06dd69 fix: don't print git sha of the release twice in the dashboard
• 07fb61e5 fix: issue worker apid certs properly on renewal
• 84817f73 chore: bump Talos version in upgrade tests
• 2fa54107 chore: fix tests for disabled RBAC
• 78583ba9 fix: don't set bond delay options if miimon is not enabled
• bbf1c091 feat: add RBAC to talosctl version output
• 5f6ec3ef fix: handle cases when merged resource re-appears before being destroyed
• 1e9a0e74 fix: documentation typos
• f228af40 chore: bump go.mod dependencies
• 2060ceaa chore: add CAPI version to CI setup
• ad047a7d chore: small RBAC improvements

Changes since v0.12.0-alpha.0

12 commits

• 1ed5e545 feat: add ClusterID and ClusterSecret
• 228b3761 chore: run etcd as non-root user
• 3518219b chore: drop deprecated --no-reboot param and KernelCurrentRoot const
• 33d1c3e4 chore: run apid and trustd services as non-root user
• dadaa65d feat: print uid/gid for the files in ls -l
• e6fa401b fix: enable seccomp default profile by default
• 8ddbcc96 feat: validate if extra fields present in the decoder
• 5b57a980 chore: update Go to 1.16.7, Linux to 5.10.57
• eefe1c21 feat: add new etcd members in learner mode
• b1c66fba feat: implement Equinix Metal support for virtual (shared) IP
• 62242f97 chore: require GPG signatures
• faecae44 feat: make ISO builds reproducible

Changes from talos-systems/crypto

1 commit

• deec8d4 chore: implement DeepCopy methods for PEMEncoded* types

Changes from talos-systems/extras

3 commits

• 8ce17e5 chore: bump tools and packages for Go 1.16.7
• 4957f3c chore: update pkgs to use CNI plugins v0.9.1
• 233716a feat: update Go to 1.16.6

Changes from talos-systems/go-blockdevice

4 commits

• fe24303 fix: perform correct PMBR partition calculations
• 2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
• 87816a8 feat: align partition to minimum I/O size
• c34b59f feat: expose more encryption options in the LUKS module

Changes from talos-systems/pkgs

17 commits

• da4ac04 chore: bump tools for Go 1.16.7
• 10275fb feat: update Linux to 5.10.57
• 875c7ec chore: patch grub with support for reproducible ISO builds
• 12856ce feat: increase number of CPUs supported by the kernel to 512
• cbfabac chore: update ca-certificates to 2021-07-05
• 0c011c0 feat: update GRUB to 2.06
• 5090d14 chore: update containerd to v1.5.5
• 6653902 feat: add kernel drivers for fusion and scsi-isci
• 9b4041f chore: update containerd to v1.5.4
• 7b6cc05 feat: update kernel to latest 5.10.52
• 65159fb chore: update runc and CNI plugins
• 514ba34 feat: disable aufs, devmapper, zfs
• 6bc118f chore: update runc and containerd
• b6fca88 feat: update Go to 1.16.6
• fd56852 chore: update open-isns and open-iscsi
• d779204 chore: update dosfstools to v4.2
• bc7c0d7 feat: add support for hotplug of PCIE devices

Changes from talos-systems/tools

5 commits

• 2368154 feat: update Go and protoc-gen-go tools
• 7172a5d feat: update Go to 1.16.6
• 1de34d7 chore: update musl
• 76979a1 chore: update protobuf deps
• 0846c64 chore: update expat

Dependency Changes

• github.com/BurntSushi/toml v0.3.1 -> v0.4.1
• github.com/aws/aws-sdk-go v1.38.66 -> v1.40.2
• github.com/containerd/containerd v1.5.2 -> v1.5.5
• github.com/cosi-project/runtime 93ead370bf57 -> 25f235cd0682
• github.com/docker/docker v20.10.7 -> v20.10.8
• github.com/google/uuid v1.2.0 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.4 -> v1.5.6
• github.com/opencontainers/runtime-spec e6143ca7d51d -> 1c3f411f0417
• github.com/packethost/packngo v0.19.0 new
• github.com/prometheus/procfs v0.6.0 -> v0.7.2
• github.com/rivo/tview d4fb0348227b -> 29d673af0ce2
• github.com/spf13/cobra v1.1.3 -> v1.2.1
• github.com/talos-systems/crypto v0.3.1 -> deec8d47700e
• github.com/talos-systems/extras v0.4.0 -> v0.5.0-alpha.0-2-g8ce17e5
• github.com/talos-systems/go-blockdevice v0.2.1 -> v0.2.3
• github.com/talos-systems/pkgs v0.6.0-1-g7b2e126 -> v0.7.0-alpha.0-16-gda4ac04
• github.com/talos-systems/tools v0.6.0 -> v0.7.0-alpha.0-3-g2368154
• github.com/vmware-tanzu/sonobuoy v0.52.0 -> v0.53.0
• go.uber.org/zap v1.17.0 -> v1.18.1
• golang.org/x/net 04defd469f4e -> 853a461950ff
• golang.org/x/sys 59db8d763f22 -> 0f9fa26af87c
• golang.org/x/time 38a9dc6acbc6 -> 1f47c861a9ac
• google.golang.org/grpc v1.38.0 -> v1.39.1
• google.golang.org/protobuf v1.26.0 -> v1.27.1
• inet.af/netaddr bf05d8b52dda -> ce7a8ad02cc1
• k8s.io/api v0.21.2 -> v0.22.0
• k8s.io/apimachinery v0.21.2 -> v0.22.0
• k8s.io/apiserver v0.21.2 -> v0.22.0
• k8s.io/client-go v0.21.2 -> v0.22.0
• k8s.io/cri-api v0.21.2 -> v0.22.0
• k8s.io/kubectl v0.21.2 -> v0.22.0
• k8s.io/kubelet v0.21.2 -> v0.22.0

Previous release can be found at v0.11.0

Talos 0.12.0-alpha.0 (2021-08-11)

Welcome to the v0.12.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Support for Self-hosted Control Plane Dropped

Note: This item only applies to clusters bootstrapped with Talos <= 0.8.

Talos 0.12 completely removes support for self-hosted Kubernetes control plane (bootkube-based). Talos 0.9 introduced support for Talos-managed control plane and provided migration path to convert self-hosted control plane to Talos-managed static pods. Automated and manual conversion process is available in Talos from 0.9.x to 0.11.x. For clusters bootstrapped with bootkube (Talos <= 0.8), please make sure control plane is converted to Talos-managed before before upgrading to Talos 0.12. Current control plane status can be checked with talosctl get bootstrapstatus before performing upgrade to Talos 0.12.

Cluster API v0.3.x

Cluster API v0.3.x (v1alpha3) is not compatible with Kubernetes 1.22 used by default in Talos 0.12. Talos can be configued to use Kubernetes 1.21 or CAPI v0.4.x components can be used instead.

Sysctl Configuration

Sysctl Kernel Params configuration was completely rewritten to be based on controllers and resources, which makes it possible to apply .machine.sysctls in immediate mode (without a reboot). talosctl get kernelparams returns merged list of KSPP, Kubernetes and user defined params along with the default values overwritten by Talos.

Join Node Type

Node type join was renamed to worker for clarity. The old value is still accepted in the machine configuration but deprecated. talosctl gen config now generates worker.yaml instead of join.yaml.

Networking

• multiple static addresses can be specified for the interface with new .addresses field (old .cidr field is deprecated now)
• static addresses can be set on interfaces configured with DHCP

Performance

• machined uses less memory and CPU time
• more disk encryption options are exposed via the machine configuration
• disk partitions are now aligned properly with minimum I/O size
• Talos system processes are moved under proper cgroups, resource metrics are now available via the kubelet
• OOM score is set on the system processes making sure they are killed last under memory pressure

Security

• etcd PKI moved to /system/secrets
• kubelet bootstrap CSR auto-signing scoped to kubelet bootstrap tokens only

Component Updates

• Linux: 5.10.52
• Kubernetes: 1.22.0
• containerd: 1.5.5
• runc: 1.0.1
• GRUB: 2.06
• Talos is built with Go 1.16.6

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Serge Logvinov
• Andrey Smirnov
• Artem Chernyshev
• Spencer Smith
• Alexey Palazhchenko
• dependabot[bot]
• Rui Lopes
• Andrew Rynhard
• Caleb Woodbine

Changes

96 commits

• a15f0184 fix: move etcd PKI under /system/secrets
• eb02afe1 fix: match correctly routes on the address family
• cb948acc feat: allow multiple addresses per interface
• e030b2e8 chore: use k8s 1.21.3 in CAPI tests for now
• e08b4f8f feat: implement sysctl controllers
• fdf6b243 chore: revert "improve artifacts generation reproducibility"
• b68ed1eb fix: make route resources ID match closer routing table primary key
• 585f6337 fix: correctly handle nodoc for struct fields
• f2d394dc docs: add AMIs for v0.11.5
• d0970cbf feat: bootstrap token limit
• 5285a46d fix: maintenance mode reason message
• 009d15e8 chore: use etcd client TryLock function on upgrade
• 4dae9ea5 chore: use vtprotobuf compiled marshaling in Talos API
• 7ca5749a chore: bump dependencies via dependabot
• b2507b41 chore: improve artifacts generation reproducibility
• 1f7dad23 chore: update PKGS version (512 cpus, new ca-certficates)
• 1a2e78a2 fix: update go-blockdevice
• 6d6ed117 chore: use parallel xz with higher compression level
• 571f7db1 chore: workaround GitHub new release notes limit
• 09d70b7e feat: update Kubernetes to v1.22.0
• f25f10e7 feat: add an option to disable PSP
• 7c6e4cf2 feat: allow both DHCP and static addressing for the interface
• 3c566dbc fix: remove admission plugins enabled by default from the list
• 69ead373 fix: preserve PMBR bootable flag correctly
• dee63051 fix: align partitions with minimal I/O size
• 62890229 feat: update GRUB to 2.06
• b9d04928 feat: move system processes to cgroups
• 0b8681b4 fix: resolve several issues with Wireguard link specs
• f8f4bf3b docs: add disk encryptions examples
• 79b8fa64 feat: update containerd to 1.5.5
• 539f4209 chore: bump dependencies via dependabot
• 0c7ce1cd feat: remove remnants of bootkube support
• d4f9804f chore: fix typos
• 5f027615 feat: expose more encryption options to the machine config
• 585152a0 chore: bump dependencies
• fc66ec59 feat: set oom score for main processes
• df54584a fix: drop linux capabilities
• f65d0b73 docs: add 0.11.3 AMIs
• 7332d636 fix: bump pkgs for new kernel 5.10.52
• 70d2505b fix: do not require ToVersion to be set when detecting version
• 0953b199 chore: update extras to bring a new CNI bundle
• b6c47f86 fix: set the /etc/os-release HOME_URL parameter
• c780821d feat: update containerd to 1.5.3, runc to 1.0.1
• f8f1c83a feat: detect the lowest Kubernetes version in upgrade-k8s CLI command
• 55e17ccd chore: bump dependencies
• da6f786c fix: kuberentes => kubernetes typo
• 2e463348 fix: pass all logs through the options.Log method
• 4e9c5afb fix: make ethtool optional in link status controller
• bf61c2cc fix: write upgrade logs only to the LogOutput if it's defined
• 9c73257c feat: update Go to 1.16.6
• 23ef1d40 chore: add ability to redirect talos upgrade module logs to io.Writer
• 33e9d6c9 chore: bump github.com/aws/aws-sdk-go in /hack/cloud-image-uploader
• 604434c4 chore: bump github.com/prometheus/procfs from 0.6.0 to 0.7.0
• 2ea28f62 chore: bump node from 16.3.0-alpine to 16.4.2-alpine
• b358a189 fix: correctly pick route scope for link-local destination
• 6848d431 feat: can change clusterdns ip lists
• 72b76abf fix: workaround issues when IPv6 is fully or partially disabled
• 679b08f4 docs: update docs for 0.12
• 6fbec9e0 fix: cache etcd client used for healthchecks
• eea750de chore: rename "join" type to "worker"
• 951493ac docs: update what's new for Talos 0.11
• b47d1098 docs: promote 0.11 docs to be the latest
• d930a265 chore: implement DeepCopy for machine configuration
• fe4ed3c7 chore: ignore tags which don't look like semantic version
• b969e772 chore: update references to old protobuf package
• 2ba8ac9a docs: add documentation directory for 0.12
• 011e2885 fix: validate bond slaves addressing
• 10c28758 fix: ignore DeadlineExceeded error correctly on bootstrap
• 77fabace chore: ignore future pkg/machinery/vX.Y.Z tags
• 6b661114 fix: make COSI runtime history depth smaller
• 9bf899bd fix: make forfeit leadership connect to the right node
• 4708beae feat: implement talosctl config info command
• 6d13d2cf fix: close Kubernetes API client
• aaa36f3b fix: ignore 'not a leader' error on forfeit leadership
• 22a41936 fix: workaround 'Unauthorized' errors when accessing Kubernetes API
• 71c6f700 chore: bump go.mod dependencies
• 915cd8fe docs: add guide for RBAC
• f5721050 fix: controlplane keyusage
• 3d772661 fix: fill uuid argument correctly in the config download URL
• d8602025 chore: update containerd config version 2
• 5949ec4e docs: describe the new network configuration subsystem
• 444d72b4 feat: update pkgs version
• e883c12b fix: make output of upgrade-k8s command less scary
• 7f8e50de fix: restart the merge controllers on conflict
• 60d73609 fix: ignore deadline exceeded errors on bootstrap
• ee06dd69 fix: don't print git sha of the release twice in the dashboard
• 07fb61e5 fix: issue worker apid certs properly on renewal
• 84817f73 chore: bump Talos version in upgrade tests
• 2fa54107 chore: fix tests for disabled RBAC
• 78583ba9 fix: don't set bond delay options if miimon is not enabled
• bbf1c091 feat: add RBAC to talosctl version output
• 5f6ec3ef fix: handle cases when merged resource re-appears before being destroyed
• 1e9a0e74 fix: documentation typos
• f228af40 chore: bump go.mod dependencies
• 2060ceaa chore: add CAPI version to CI setup
• ad047a7d chore: small RBAC improvements

Changes from talos-systems/crypto

1 commit

• deec8d4 chore: implement DeepCopy methods for PEMEncoded* types

Changes from talos-systems/extras

2 commits

• 4957f3c chore: update pkgs to use CNI plugins v0.9.1
• 233716a feat: update Go to 1.16.6

Changes from talos-systems/go-blockdevice

4 commits

• fe24303 fix: perform correct PMBR partition calculations
• 2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
• 87816a8 feat: align partition to minimum I/O size
• c34b59f feat: expose more encryption options in the LUKS module

Changes from talos-systems/pkgs

14 commits

• 12856ce feat: increase number of CPUs supported by the kernel to 512
• cbfabac chore: update ca-certificates to 2021-07-05
• 0c011c0 feat: update GRUB to 2.06
• 5090d14 chore: update containerd to v1.5.5
• 6653902 feat: add kernel drivers for fusion and scsi-isci
• 9b4041f chore: update containerd to v1.5.4
• 7b6cc05 feat: update kernel to latest 5.10.52
• 65159fb chore: update runc and CNI plugins
• 514ba34 feat: disable aufs, devmapper, zfs
• 6bc118f chore: update runc and containerd
• b6fca88 feat: update Go to 1.16.6
• fd56852 chore: update open-isns and open-iscsi
• d779204 chore: update dosfstools to v4.2
• bc7c0d7 feat: add support for hotplug of PCIE devices

Changes from talos-systems/tools

4 commits

• 7172a5d feat: update Go to 1.16.6
• 1de34d7 chore: update musl
• 76979a1 chore: update protobuf deps
• 0846c64 chore: update expat

Dependency Changes

• github.com/BurntSushi/toml v0.3.1 -> v0.4.1
• github.com/aws/aws-sdk-go v1.38.66 -> v1.40.2
• github.com/containerd/containerd v1.5.2 -> v1.5.5
• github.com/cosi-project/runtime 93ead370bf57 -> 25f235cd0682
• github.com/docker/docker v20.10.7 -> v20.10.8
• github.com/google/uuid v1.2.0 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.4 -> v1.5.6
• github.com/opencontainers/runtime-spec e6143ca7d51d -> 1c3f411f0417
• github.com/prometheus/procfs v0.6.0 -> v0.7.2
• github.com/rivo/tview d4fb0348227b -> 29d673af0ce2
• github.com/spf13/cobra v1.1.3 -> v1.2.1
• github.com/talos-systems/crypto v0.3.1 -> deec8d47700e
• github.com/talos-systems/extras v0.4.0 -> v0.5.0-alpha.0-1-g4957f3c
• github.com/talos-systems/go-blockdevice v0.2.1 -> v0.2.3
• github.com/talos-systems/pkgs v0.6.0-1-g7b2e126 -> v0.7.0-alpha.0-13-g12856ce
• github.com/talos-systems/tools v0.6.0 -> v0.7.0-alpha.0-2-g7172a5d
• github.com/vmware-tanzu/sonobuoy v0.52.0 -> v0.53.0
• go.uber.org/zap v1.17.0 -> v1.18.1
• golang.org/x/net 04defd469f4e -> 853a461950ff
• golang.org/x/sys 59db8d763f22 -> 0f9fa26af87c
• golang.org/x/time 38a9dc6acbc6 -> 1f47c861a9ac
• google.golang.org/grpc v1.38.0 -> v1.39.1
• google.golang.org/protobuf v1.26.0 -> v1.27.1
• inet.af/netaddr bf05d8b52dda -> ce7a8ad02cc1
• k8s.io/api v0.21.2 -> v0.22.0
• k8s.io/apimachinery v0.21.2 -> v0.22.0
• k8s.io/apiserver v0.21.2 -> v0.22.0
• k8s.io/client-go v0.21.2 -> v0.22.0
• k8s.io/cri-api v0.21.2 -> v0.22.0
• k8s.io/kubectl v0.21.2 -> v0.22.0
• k8s.io/kubelet v0.21.2 -> v0.22.0

Previous release can be found at v0.11.0

Talos 0.11.0-alpha.2 (2021-06-23)

Welcome to the v0.11.0-alpha.2 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Default to Bootstrap workflow

The init.yaml is no longer an output of talosctl gen config. We now encourage using the bootstrap API, instead of init node types, as we intend on deprecating this machine type in the future. The init.yaml and controlplane.yaml machine configs are identical with the exception of the machine type. Users can use a modified controlplane.yaml with the machine type set to init if they would like to avoid using the bootstrap API.

Component Updates

• containerd was updated to 1.5.2
• Linux kernel was updated to 5.10.45
• Kubernetes was updated to 1.21.2
• etcd was updated to 3.4.16

CoreDNS

Added the flag cluster.coreDNS.disabled to coreDNS deployment during the cluster bootstrap.

Legacy BIOS Support

Added an option to the machine.install section of the machine config that can enable marking MBR partition bootable for the machines that have legacy BIOS which does not support GPT partitioning scheme.

Multi-arch Installer

Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture. This means that e.g. images for arm64 SBCs can be generated on amd64 host.

Networking Configuration

Talos networking configuration was completely rewritten to be based on controllers and resources. There are no changes to the machine configuration, but any update to .machine.network can now be applied in immediate mode (without a reboot). Talos should be setting up network configuration much faster on boot now, not blocking on DHCP for unconfigured interfaces and skipping the reset network step.

Talos API RBAC

Limited RBAC support in Talos API is now enabled by default for Talos 0.11. Default talosconfig has os:admin role embedded in the certificate so that all the APIs are available. Certificates with reduced set of roles can be created with talosctl config new command.

When upgrading from Talos 0.10, RBAC is not enabled by default. Before enabling RBAC, generate talosconfig with os:admin role first to make sure that administrator still has access to the cluster when RBAC is enabled.

List of available roles:

• os:admin role enables every Talos API
• os:reader role limits access to read-only APIs which do not return sensitive data
• os:etcd:backup role only allows talosctl etcd snapshot API call (for etcd backup automation)

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Serge Logvinov
• Jorik Jonker
• Spencer Smith
• Andrew Rynhard
• Andrew LeCody
• Kevin Hellemun
• Seán C McCord
• Boran Car
• Brandon Nason
• Gabor Nyiri
• Gabor Nyiri
• Joost Coelingh
• Lance R. Vick
• Lennard Klein
• Sébastien Bernard
• Sébastien Bernard

Changes

162 commits

• 0731be90 feat: add cloud images to releases
• b52b2066 feat: split etcd certificates to peer/client
• 33119d2b chore: add an option to launch cluster with bad RTC state
• d8c2bca1 feat: reimplement apid certificate generation on top of COSI
• 3c1b3219 chore: refactor CLI tests
• 0fd9ea2d feat: enable MACVTAP support
• 898673e8 chore: update e2e tests to use latest capi releases
• e26c5583 docs: add AMI IDs for Talos 0.10.4
• 72ef48f0 fix: assign source address to the DHCP default gateway routes
• 004885a3 feat: update Linux kernel to 5.10.45, etcd to 3.4.16
• 821f469a feat: skip overlay mount checks with docker
• b6e02311 feat: use COSI RD's sensitivity for RBAC
• 46751c1a feat: improve security of Kubernetes control plane components
• 0f659622 fix: build with custom kernel/rootfs
• 5b5089ab fix: mark kube-proxy as system critical priority
• 42c16f67 chore: bump dependencies
• 60f78419 chore: bump etcd client libraries to final 3.5.0 release
• 2b0de9ed feat: improve security of Kubernetes control plane components
• 48a5c460 docs: provide more storage details
• e13d905c release(v0.11.0-alpha.1): prepare release
• 70ac771e fix: use localhost API server endpoint for internal communication
• a941eb7d feat: improve security of Kubernetes control plane components
• 3aae94e5 feat: provide Kubernetes nodename as a COSI resource
• 06209bba chore: update RBAC rules, remove old APIs
• 9f24b519 chore: remove bootkube check from cluster health check
• 4ac9bea2 fix: stop etcd client logs from going to the server console
• f63ab9dd feat: implement talosctl config new command
• fa15a668 fix: don't enable RBAC feature in the config for Talos < 0.11
• 2dc27d99 fix: do not format state partition in the initialize sequence
• b609f33c fix: update networking stack after Equnix Metal testing
• 243a3b53 fix: separate healthy and unknown flags in the service resource
• 1a1378be fix: update retry package with a fix for errors.Is
• cb83edd7 fix: wait for the network to be ready in mainteancne mode
• 96f89071 feat: update controller-runtime logs to console level on config.debug
• 973069b6 feat: support NFS 4.1
• 654dcad4 chore: bump dependencies via dependabot
• d7394457 fix: don't treat ethtool errors as fatal
• f2ae9cd0 feat: replace networkd with new network implementation
• caec3063 fix: do not complain about empty roles
• 11918a11 docs: update community meeting time
• aeddb9c0 feat: implement platform config controller (hostnames)
• 1ece334d feat: implement controller which runs network operators
• 744ea8a5 fix: do not add bootstrap contents option if tail events is not 0
• 5029edfb fix: overwrite nodes in the gRPC metadata
• 6a35c8f1 feat: implement virtual IP (shared IP) network operator
• 0f3b8380 chore: expose WatchRequest in the resources client
• 11e258b1 feat: implement operator configuration controller
• ce3815e7 feat: implement DHCP6 operator
• f010d99a feat: implement operator framework with DHCP4 as the first example
• f93c9c8f feat: bring unconfigured links with link carrier up by default
• 02bd657b feat: implement network.Status resource and controller
• da329f00 feat: enable RBAC by default
• 0f168a88 feat: add configuration for enabling RBAC
• e74f789b feat: implement EtcFileController to render files in /etc
• 5aede1a8 fix: prefer extraConfig over OVF env, skip empty config
• 5ad314fe feat: implement basic RBAC interceptors
• c031be81 chore: use Go 1.16.5
• 8b0763f6 chore: bump dependencies via dependabot
• 8b8de11d feat: implement new controllers for hostname, resolvers and time servers
• 24859b14 docs: update Rpi4 firmware guide
• 62c702c4 fix: remove conflicting etcd member on rejoin with empty data directory
• ff62a599 fix: drop into maintenance mode if config URL is none (metal)
• 14e696d0 feat: update COSI runtime and add support for tail in the Talos gRPC
• a71053fc feat: default to bootstrap workflow
• 76aac4bb feat: implement CPU and Memory stats controller
• 8f90c6a8 feat: parse Talos-specific cmdline params
• ed10e139 feat: implement NodeAddress controller
• 33db8857 fix: use COSI runtime DestroyReady input type
• 6e775363 refactor: rename *.Status() to *.TypedSpec() in the resources
• 97627061 docs: set static IP on ISO install mode
• 5811f4dd feat: implement link (interface) controllers
• 046b229b chore: skip building multi-arch installer for race-enabled build
• 73fbb4b5 fix: only fetch machine uuid if it's not set
• f112a540 fix: clean up stale snapshots on container start
• c036b949 chore: bump dependencies
• a4d67a01 feat: add the ability to disable CoreDNS
• 76dbfb36 feat: add ability to mark MBR partition bootable
• e0f5b1e2 chore: split mgmt/gen.go into several files
• fad1b4f1 chore: fix go generate for the machinery
• 1117294a release(v0.11.0-alpha.0): prepare release
• c0962946 chore: prepare for 0.11 release series
• 72359765 feat: enable GORACE=halt_on_panic=1 in machined binary
• 0acb04ad feat: implement route network controllers
• f5bf88a4 feat: create certificates with os:admin role
• 1db301ed feat: switch controller-runtime to zap.Logger
• f7cf64d4 fix: add talos.config to the vApp Properties in VMware OVA
• 209527ec docs: add AMIs for Talos 0.10.3
• 59cfd312 chore: bump dependencies via dependabot
• 1edb20cf feat: extract config generation
• af77c295 docs: update wirguard guide
• 4fe69121 test: better talosctl ls tests
• 04ddda96 feat: update containerd to 1.5.2, runc to 1.0.0-rc95
• 49c7276b chore: fix markdown linting
• 7270495a docs: add mayastor quickstart
• d3d9112f docs: fix spelling/grammar in What's New for Talos 0.9
• 82804414 test: provide a way to force different boot order in provision library
• a1c0e99a docs: add guide for deploying metrics-server
• 6bc6658b feat: update containerd to 1.5.1
• c6567fae chore: dependabot updates
• 61ccbb3f chore: keep debug symbols in debug builds
• 1ce362e0 docs: update customizing kernel build steps
• a26174b5 fix: properly compose pattern and header in etcd members output
• 0825cf11 fix: stop networkd and pods before leaving etcd on upgrade
• bed6b15d fix: properly populate AllowSchedulingOnMasters option in gen config RPC
• 071f0445 feat: implement AddressSpec handling
• 76e38b7b feat: update Kubernetes to 1.21.1
• 9b1338d9 chore: parse "boolean" variables
• c81cfb21 chore: allow building with debug handlers
• c9651673 feat: update go-smbios library
• 95c656fb feat: update containerd to 1.5.0, runc to 1.0.0-rc94
• db9c35b5 feat: implement AddressStatusController
• 1cf011a8 chore: bump dependencies via dependabot
• e3f407a1 fix: properly pass disk type selector from config to matcher
• 66b2b450 feat: add resources and use HTTPS checks in control plane pods
• 4ffd7c0a fix: stop networkd before leaving etcd on 'reset' path
• 610d38d3 docs: add AMIs for 0.10.1, collapse list of AMIs by default
• 807497ec chore: make conformance pipeline depend on cron-default
• 3c121359 feat: implement LinkStatusController
• 0e8de046 fix: update go-blockdevice to fix disk type detection
• 4d50a4ed fix: update the way NTP sync uses adjtimex syscall
• 1a85c14a fix: avoid data race on CRI pod stop
• 5de8dbc0 fix: repair pine64 support
• 38239097 fix: properly parse matcher expressions
• e54b6b7a chore: update dependencies via dependabot
• f2caed0d chore: use extracted talos-systems/go-kmsg library
• 79d804c5 docs: fix typos
• a2bb390e feat: deterministic builds
• e480fedf feat: add USB serial drivers
• 79299d76 docs: add Matrix room links
• 1b3e8b09 docs: add survey to README
• 8d51c9bb docs: update redirects to Talos 0.10
• 1092c3a5 feat: add Pine64 SBC support
• 63e01754 feat: pull kernel with VMware balloon module enabled
• aeec99d8 chore: remove temporary fork
• 0f49722d feat: add --config-patch flag by node type
• a01b1d22 chore: dump dependencies via dependabot
• d540a4a4 fix: bump crypto library for the CSR verification fix
• c3a4173e chore: remove security API ReadFile/WriteFile
• 38037131 chore: update wgctrl dependecy
• d9ba0fd0 docs: create v0.11 docs, promote v0.10 docs, add v0.10 AMIs
• 2261d7ed fix: use both self-signed and Kubernetes CA to verify Kubelet cert
• a3537a69 docs: update cloud images for Talos v0.9.3
• 5b9ee861 docs: add what's new for Talos 0.10
• f1107fa3 docs: add survey
• 93623d47 docs: update AWS instructions
• a739d1b8 feat: add support of custom registry CA certificate usage
• 7f468d35 fix: update osType in OVA other3xLinux64Guest"
• 4a184b67 docs: add etcd backup and restore guide
• 5fb38d3e chore: refactor Dockerfile for cross-compilation
• a8f1e526 chore: build talosctl for Darwin / Apple Silicon
• eb0b64d3 chore: list specifically for enabled regions
• 669a0cbd fix: check if OVF env is empty
• da92049c chore: use codecov from the build container
• 9996d4b0 chore: use REGISTRY_MIRROR_FLAGS if defined
• 05cbe250 chore: bump dependencies via dependabot
• 9a91142a feat: print complete member info in etcd members
• bb40d6dd feat: update pkgs version
• e7a9164b test: implement talosctl conformance command to run e2e tests
• 6cb266e7 fix: update etcd client errors, print etcd join failures
• 0bd8b0e8 feat: provide an option to recover etcd from data directory copy
• f9818540 chore: fix conform with scopes
• 21018f28 chore: bump website node.js dependencies

Changes since v0.11.0-alpha.1

19 commits

• 0731be90 feat: add cloud images to releases
• b52b2066 feat: split etcd certificates to peer/client
• 33119d2b chore: add an option to launch cluster with bad RTC state
• d8c2bca1 feat: reimplement apid certificate generation on top of COSI
• 3c1b3219 chore: refactor CLI tests
• 0fd9ea2d feat: enable MACVTAP support
• 898673e8 chore: update e2e tests to use latest capi releases
• e26c5583 docs: add AMI IDs for Talos 0.10.4
• 72ef48f0 fix: assign source address to the DHCP default gateway routes
• 004885a3 feat: update Linux kernel to 5.10.45, etcd to 3.4.16
• 821f469a feat: skip overlay mount checks with docker
• b6e02311 feat: use COSI RD's sensitivity for RBAC
• 46751c1a feat: improve security of Kubernetes control plane components
• 0f659622 fix: build with custom kernel/rootfs
• 5b5089ab fix: mark kube-proxy as system critical priority
• 42c16f67 chore: bump dependencies
• 60f78419 chore: bump etcd client libraries to final 3.5.0 release
• 2b0de9ed feat: improve security of Kubernetes control plane components
• 48a5c460 docs: provide more storage details

Changes from talos-systems/crypto

8 commits

• d3cb772 feat: make possible to change KeyUsage
• 6bc5bb5 chore: remove unused argument
• cd18ef6 feat: add support for several organizations
• 97c888b chore: add options to CSR
• 7776057 chore: fix typos
• 80df078 chore: remove named result parameters
• 15bdd28 chore: minor updates
• 4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/extras

1 commit

• 4fe2706 feat: build with Go 1.16.5

Changes from talos-systems/go-blockdevice

3 commits

• 30c2bc3 feat: mark MBR bootable
• 1292574 fix: make disk type matcher parser case insensitive
• b77400e fix: properly detect nvme and sd card disk types

Changes from talos-systems/go-debug

5 commits

• 3d0a6e1 feat: race build tag flag detector
• 5b292e5 feat: disable memory profiling by default
• c6d0ae2 fix: linters and CI
• d969f95 feat: initial implementation
• b2044b7 Initial commit

Changes from talos-systems/go-kmsg

2 commits

• 2edcd3a feat: add initial version
• 53cdd8d chore: initial commit

Changes from talos-systems/go-loadbalancer

3 commits

• a445702 feat: allow dial timeout and keep alive period to be configurable
• 3c8f347 feat: provide a way to configure logger for the loadbalancer
• da8e987 feat: implement Reconcile - ability to change upstream list on the fly

Changes from talos-systems/go-retry

3 commits

• c78cc95 fix: implement errors.Is for all errors in the set
• 7885e16 feat: add ExpectedErrorf
• 3d83f61 feat: deprecate UnexpectedError

Changes from talos-systems/go-smbios

1 commit

• d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

22 commits

• 41d6ccc feat: enable MACVTAP support
• 96072f8 feat: enable adiantum block encryption (both amd64 arm64)
• f5eac03 feat: update Linux to 5.10.45
• d756119 feat: enable HP ILO kernel module (both amd64 arm64)
• 2d51360 feat: support NFS 4.1
• e63e4e9 feat: bump tools for Go 1.16.5
• 1f8af29 feat: update Linux to 5.10.38
• a3a6650 feat: update containerd to 1.5.2
• c70ea44 feat: update runc to 1.0.0-rc95
• db60235 feat: add support for netxen card
• f934187 feat: update containerd to 1.5.1
• e8ed5bc feat: add geneve encapsulation support for openvswitch
• 9f7903c feat: update containerd to 1.5.0, runc to -rc94
• d7c0f70 feat: add AES-NI support for amd64
• b0d9cd2 fix: build zbin utility for both amd64 and arm64
• bb39b97 feat: add IPMI support in kernel
• 1148f9a feat: add DS1307 RTC support for arm64
• 350aa6f feat: add USB serial support
• de9c582 feat: add Pine64 SBC support
• b56f36b feat: enable VMware baloon kernel module
• f87c194 feat: add iPXE build with embedded placeholder script
• a8b9e71 feat: add cpu scaling for rpi

Changes from talos-systems/tools

1 commit

• c8c2a18 feat: update Go to 1.16.5

Dependency Changes

• github.com/aws/aws-sdk-go v1.27.0 new
• github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
• github.com/containerd/containerd v1.4.4 -> v1.5.2
• github.com/containerd/go-cni v1.0.1 -> v1.0.2
• github.com/containerd/typeurl v1.0.1 -> v1.0.2
• github.com/coreos/go-iptables v0.5.0 -> v0.6.0
• github.com/cosi-project/runtime 10d6103c19ab -> f1649aff7641
• github.com/docker/docker v20.10.4 -> v20.10.7
• github.com/emicklei/dot v0.15.0 -> v0.16.0
• github.com/evanphx/json-patch v4.9.0 -> v4.11.0
• github.com/fatih/color v1.10.0 -> v1.12.0
• github.com/google/go-cmp v0.5.5 -> v0.5.6
• github.com/google/gofuzz v1.2.0 new
• github.com/googleapis/gnostic v0.5.5 new
• github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.2 -> v1.5.4
• github.com/imdario/mergo v0.3.12 new
• github.com/insomniacslk/dhcp cc9239ac6294 -> 465dd6c35f6c
• github.com/jsimonetti/rtnetlink 1b79e63a70a0 -> 9c52e516c709
• github.com/magiconair/properties v1.8.5 new
• github.com/mattn/go-isatty v0.0.12 -> v0.0.13
• github.com/mdlayher/arp f72070a231fc new
• github.com/mdlayher/ethtool 2b88debcdd43 new
• github.com/mdlayher/netlink v1.4.0 -> v1.4.1
• github.com/mdlayher/raw 51b895745faf new
• github.com/mitchellh/mapstructure v1.4.1 new
• github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> e6143ca7d51d
• github.com/pelletier/go-toml v1.9.0 new
• github.com/rivo/tview 8a8f78a6dd01 -> d4fb0348227b
• github.com/rs/xid v1.2.1 -> v1.3.0
• github.com/sirupsen/logrus v1.8.1 new
• github.com/spf13/afero v1.6.0 new
• github.com/spf13/cast v1.3.1 new
• github.com/spf13/viper v1.7.1 new
• github.com/talos-systems/crypto 39584f1b6e54 -> d3cb77220384
• github.com/talos-systems/extras v0.3.0 -> v0.3.0-1-g4fe2706
• github.com/talos-systems/go-blockdevice 1d830a25f64f -> v0.2.1
• github.com/talos-systems/go-debug 3d0a6e1bf5e3 new
• github.com/talos-systems/go-kmsg v0.1.0 new
• github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
• github.com/talos-systems/go-retry b9dc1a990133 -> c78cc953d9e9
• github.com/talos-systems/go-smbios fb425d4727e6 -> d3a32bea731a
• github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-alpha.0-12-g41d6ccc
• github.com/talos-systems/talos/pkg/machinery 8ffb55943c71 -> 000000000000
• github.com/talos-systems/tools v0.5.0 -> v0.5.0-1-gc8c2a18
• github.com/vishvananda/netns 2eb08e3e575f new
• github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.51.0
• github.com/vmware/govmomi v0.24.0 -> v0.26.0
• go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0
• go.etcd.io/etcd/client/pkg/v3 v3.5.0 new
• go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0
• go.etcd.io/etcd/etcdutl/v3 v3.5.0 new
• go.uber.org/zap v1.17.0 new
• golang.org/x/net e18ecbb05110 -> 04defd469f4e
• golang.org/x/oauth2 81ed05c6b58c new
• golang.org/x/sys 77cc2087c03b -> 59db8d763f22
• golang.org/x/term 6a3ed077a48d -> 6886f2dfbf5b
• golang.org/x/time f8bda1e9f3ba -> 38a9dc6acbc6
• golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> 92e472f520a5
• google.golang.org/appengine v1.6.7 new
• google.golang.org/grpc v1.37.0 -> v1.38.0
• gopkg.in/ini.v1 v1.62.0 new
• inet.af/netaddr 1d252cf8125e new
• k8s.io/api v0.21.0 -> v0.21.2
• k8s.io/apimachinery v0.21.0 -> v0.21.2
• k8s.io/apiserver v0.21.0 -> v0.21.2
• k8s.io/client-go v0.21.0 -> v0.21.2
• k8s.io/cri-api v0.21.0 -> v0.21.2
• k8s.io/kubectl v0.21.0 -> v0.21.2
• k8s.io/kubelet v0.21.0 -> v0.21.2
• k8s.io/utils 2afb4311ab10 new
• sigs.k8s.io/structured-merge-diff/v4 v4.1.1 new

Previous release can be found at v0.10.0

Talos 0.11.0-alpha.1 (2021-06-18)

Welcome to the v0.11.0-alpha.1 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Default to Bootstrap workflow

The init.yaml is no longer an output of talosctl gen config. We now encourage using the bootstrap API, instead of init node types, as we intend on deprecating this machine type in the future. The init.yaml and controlplane.yaml machine configs are identical with the exception of the machine type. Users can use a modified controlplane.yaml with the machine type set to init if they would like to avoid using the bootstrap API.

Component Updates

• containerd was updated to 1.5.2
• Linux kernel was updated to 5.10.38

CoreDNS

Added the flag cluster.coreDNS.disabled to coreDNS deployment during the cluster bootstrap.

Legacy BIOS Support

Added an option to the machine.install section of the machine config that can enable marking MBR partition bootable for the machines that have legacy BIOS which does not support GPT partitioning scheme.

Multi-arch Installer

Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture. This means that e.g. images for arm64 SBCs can be generated on amd64 host.

Networking Configuration

Talos networking configuration was completely rewritten to be based on controllers and resources. There are no changes to the machine configuration, but any update to .machine.network can now be applied in immediate mode (without a reboot). Talos should be setting up network configuration much faster on boot now, not blocking on DHCP for unconfigured interfaces and skipping the reset network step.

Talos API RBAC

Limited RBAC support in Talos API is now enabled by default for Talos 0.11. Default talosconfig has os:admin role embedded in the certificate so that all the APIs are available. Certificates with reduced set of roles can be created with talosctl config new command.

When upgrading from Talos 0.10, RBAC is not enabled by default. Before enabling RBAC, generate talosconfig with os:admin role first to make sure that administrator still have access to the cluster when RBAC is enabled.

List of available roles:

• os:admin role enables every Talos API
• os:reader role limits access to read-only APIs which do not return sensitive informtation
• os:etcd:backup role only allows talosctl etcd snapshot API call (for etcd backup automation)

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Jorik Jonker
• Spencer Smith
• Andrew Rynhard
• Serge Logvinov
• Andrew LeCody
• Kevin Hellemun
• Boran Car
• Brandon Nason
• Gabor Nyiri
• Joost Coelingh
• Lance R. Vick
• Lennard Klein
• Seán C McCord
• Sébastien Bernard
• Sébastien Bernard

Changes

143 commits

• f8e1cf09 release(v0.11.0-alpha.1): prepare release
• 70ac771e fix: use localhost API server endpoint for internal communication
• a941eb7d feat: improve security of Kubernetes control plane components
• 3aae94e5 feat: provide Kubernetes nodename as a COSI resource
• 06209bba chore: update RBAC rules, remove old APIs
• 9f24b519 chore: remove bootkube check from cluster health check
• 4ac9bea2 fix: stop etcd client logs from going to the server console
• f63ab9dd feat: implement talosctl config new command
• fa15a668 fix: don't enable RBAC feature in the config for Talos < 0.11
• 2dc27d99 fix: do not format state partition in the initialize sequence
• b609f33c fix: update networking stack after Equnix Metal testing
• 243a3b53 fix: separate healthy and unknown flags in the service resource
• 1a1378be fix: update retry package with a fix for errors.Is
• cb83edd7 fix: wait for the network to be ready in mainteancne mode
• 96f89071 feat: update controller-runtime logs to console level on config.debug
• 973069b6 feat: support NFS 4.1
• 654dcad4 chore: bump dependencies via dependabot
• d7394457 fix: don't treat ethtool errors as fatal
• f2ae9cd0 feat: replace networkd with new network implementation
• caec3063 fix: do not complain about empty roles
• 11918a11 docs: update community meeting time
• aeddb9c0 feat: implement platform config controller (hostnames)
• 1ece334d feat: implement controller which runs network operators
• 744ea8a5 fix: do not add bootstrap contents option if tail events is not 0
• 5029edfb fix: overwrite nodes in the gRPC metadata
• 6a35c8f1 feat: implement virtual IP (shared IP) network operator
• 0f3b8380 chore: expose WatchRequest in the resources client
• 11e258b1 feat: implement operator configuration controller
• ce3815e7 feat: implement DHCP6 operator
• f010d99a feat: implement operator framework with DHCP4 as the first example
• f93c9c8f feat: bring unconfigured links with link carrier up by default
• 02bd657b feat: implement network.Status resource and controller
• da329f00 feat: enable RBAC by default
• 0f168a88 feat: add configuration for enabling RBAC
• e74f789b feat: implement EtcFileController to render files in /etc
• 5aede1a8 fix: prefer extraConfig over OVF env, skip empty config
• 5ad314fe feat: implement basic RBAC interceptors
• c031be81 chore: use Go 1.16.5
• 8b0763f6 chore: bump dependencies via dependabot
• 8b8de11d feat: implement new controllers for hostname, resolvers and time servers
• 24859b14 docs: update Rpi4 firmware guide
• 62c702c4 fix: remove conflicting etcd member on rejoin with empty data directory
• ff62a599 fix: drop into maintenance mode if config URL is none (metal)
• 14e696d0 feat: update COSI runtime and add support for tail in the Talos gRPC
• a71053fc feat: default to bootstrap workflow
• 76aac4bb feat: implement CPU and Memory stats controller
• 8f90c6a8 feat: parse Talos-specific cmdline params
• ed10e139 feat: implement NodeAddress controller
• 33db8857 fix: use COSI runtime DestroyReady input type
• 6e775363 refactor: rename *.Status() to *.TypedSpec() in the resources
• 97627061 docs: set static IP on ISO install mode
• 5811f4dd feat: implement link (interface) controllers
• 046b229b chore: skip building multi-arch installer for race-enabled build
• 73fbb4b5 fix: only fetch machine uuid if it's not set
• f112a540 fix: clean up stale snapshots on container start
• c036b949 chore: bump dependencies
• a4d67a01 feat: add the ability to disable CoreDNS
• 76dbfb36 feat: add ability to mark MBR partition bootable
• e0f5b1e2 chore: split mgmt/gen.go into several files
• fad1b4f1 chore: fix go generate for the machinery
• 1117294a release(v0.11.0-alpha.0): prepare release
• c0962946 chore: prepare for 0.11 release series
• 72359765 feat: enable GORACE=halt_on_panic=1 in machined binary
• 0acb04ad feat: implement route network controllers
• f5bf88a4 feat: create certificates with os:admin role
• 1db301ed feat: switch controller-runtime to zap.Logger
• f7cf64d4 fix: add talos.config to the vApp Properties in VMware OVA
• 209527ec docs: add AMIs for Talos 0.10.3
• 59cfd312 chore: bump dependencies via dependabot
• 1edb20cf feat: extract config generation
• af77c295 docs: update wirguard guide
• 4fe69121 test: better talosctl ls tests
• 04ddda96 feat: update containerd to 1.5.2, runc to 1.0.0-rc95
• 49c7276b chore: fix markdown linting
• 7270495a docs: add mayastor quickstart
• d3d9112f docs: fix spelling/grammar in What's New for Talos 0.9
• 82804414 test: provide a way to force different boot order in provision library
• a1c0e99a docs: add guide for deploying metrics-server
• 6bc6658b feat: update containerd to 1.5.1
• c6567fae chore: dependabot updates
• 61ccbb3f chore: keep debug symbols in debug builds
• 1ce362e0 docs: update customizing kernel build steps
• a26174b5 fix: properly compose pattern and header in etcd members output
• 0825cf11 fix: stop networkd and pods before leaving etcd on upgrade
• bed6b15d fix: properly populate AllowSchedulingOnMasters option in gen config RPC
• 071f0445 feat: implement AddressSpec handling
• 76e38b7b feat: update Kubernetes to 1.21.1
• 9b1338d9 chore: parse "boolean" variables
• c81cfb21 chore: allow building with debug handlers
• c9651673 feat: update go-smbios library
• 95c656fb feat: update containerd to 1.5.0, runc to 1.0.0-rc94
• db9c35b5 feat: implement AddressStatusController
• 1cf011a8 chore: bump dependencies via dependabot
• e3f407a1 fix: properly pass disk type selector from config to matcher
• 66b2b450 feat: add resources and use HTTPS checks in control plane pods
• 4ffd7c0a fix: stop networkd before leaving etcd on 'reset' path
• 610d38d3 docs: add AMIs for 0.10.1, collapse list of AMIs by default
• 807497ec chore: make conformance pipeline depend on cron-default
• 3c121359 feat: implement LinkStatusController
• 0e8de046 fix: update go-blockdevice to fix disk type detection
• 4d50a4ed fix: update the way NTP sync uses adjtimex syscall
• 1a85c14a fix: avoid data race on CRI pod stop
• 5de8dbc0 fix: repair pine64 support
• 38239097 fix: properly parse matcher expressions
• e54b6b7a chore: update dependencies via dependabot
• f2caed0d chore: use extracted talos-systems/go-kmsg library
• 79d804c5 docs: fix typos
• a2bb390e feat: deterministic builds
• e480fedf feat: add USB serial drivers
• 79299d76 docs: add Matrix room links
• 1b3e8b09 docs: add survey to README
• 8d51c9bb docs: update redirects to Talos 0.10
• 1092c3a5 feat: add Pine64 SBC support
• 63e01754 feat: pull kernel with VMware balloon module enabled
• aeec99d8 chore: remove temporary fork
• 0f49722d feat: add --config-patch flag by node type
• a01b1d22 chore: dump dependencies via dependabot
• d540a4a4 fix: bump crypto library for the CSR verification fix
• c3a4173e chore: remove security API ReadFile/WriteFile
• 38037131 chore: update wgctrl dependecy
• d9ba0fd0 docs: create v0.11 docs, promote v0.10 docs, add v0.10 AMIs
• 2261d7ed fix: use both self-signed and Kubernetes CA to verify Kubelet cert
• a3537a69 docs: update cloud images for Talos v0.9.3
• 5b9ee861 docs: add what's new for Talos 0.10
• f1107fa3 docs: add survey
• 93623d47 docs: update AWS instructions
• a739d1b8 feat: add support of custom registry CA certificate usage
• 7f468d35 fix: update osType in OVA other3xLinux64Guest"
• 4a184b67 docs: add etcd backup and restore guide
• 5fb38d3e chore: refactor Dockerfile for cross-compilation
• a8f1e526 chore: build talosctl for Darwin / Apple Silicon
• eb0b64d3 chore: list specifically for enabled regions
• 669a0cbd fix: check if OVF env is empty
• da92049c chore: use codecov from the build container
• 9996d4b0 chore: use REGISTRY_MIRROR_FLAGS if defined
• 05cbe250 chore: bump dependencies via dependabot
• 9a91142a feat: print complete member info in etcd members
• bb40d6dd feat: update pkgs version
• e7a9164b test: implement talosctl conformance command to run e2e tests
• 6cb266e7 fix: update etcd client errors, print etcd join failures
• 0bd8b0e8 feat: provide an option to recover etcd from data directory copy
• f9818540 chore: fix conform with scopes
• 21018f28 chore: bump website node.js dependencies

Changes since v0.11.0-alpha.0

60 commits

• f8e1cf09 release(v0.11.0-alpha.1): prepare release
• 70ac771e fix: use localhost API server endpoint for internal communication
• a941eb7d feat: improve security of Kubernetes control plane components
• 3aae94e5 feat: provide Kubernetes nodename as a COSI resource
• 06209bba chore: update RBAC rules, remove old APIs
• 9f24b519 chore: remove bootkube check from cluster health check
• 4ac9bea2 fix: stop etcd client logs from going to the server console
• f63ab9dd feat: implement talosctl config new command
• fa15a668 fix: don't enable RBAC feature in the config for Talos < 0.11
• 2dc27d99 fix: do not format state partition in the initialize sequence
• b609f33c fix: update networking stack after Equnix Metal testing
• 243a3b53 fix: separate healthy and unknown flags in the service resource
• 1a1378be fix: update retry package with a fix for errors.Is
• cb83edd7 fix: wait for the network to be ready in mainteancne mode
• 96f89071 feat: update controller-runtime logs to console level on config.debug
• 973069b6 feat: support NFS 4.1
• 654dcad4 chore: bump dependencies via dependabot
• d7394457 fix: don't treat ethtool errors as fatal
• f2ae9cd0 feat: replace networkd with new network implementation
• caec3063 fix: do not complain about empty roles
• 11918a11 docs: update community meeting time
• aeddb9c0 feat: implement platform config controller (hostnames)
• 1ece334d feat: implement controller which runs network operators
• 744ea8a5 fix: do not add bootstrap contents option if tail events is not 0
• 5029edfb fix: overwrite nodes in the gRPC metadata
• 6a35c8f1 feat: implement virtual IP (shared IP) network operator
• 0f3b8380 chore: expose WatchRequest in the resources client
• 11e258b1 feat: implement operator configuration controller
• ce3815e7 feat: implement DHCP6 operator
• f010d99a feat: implement operator framework with DHCP4 as the first example
• f93c9c8f feat: bring unconfigured links with link carrier up by default
• 02bd657b feat: implement network.Status resource and controller
• da329f00 feat: enable RBAC by default
• 0f168a88 feat: add configuration for enabling RBAC
• e74f789b feat: implement EtcFileController to render files in /etc
• 5aede1a8 fix: prefer extraConfig over OVF env, skip empty config
• 5ad314fe feat: implement basic RBAC interceptors
• c031be81 chore: use Go 1.16.5
• 8b0763f6 chore: bump dependencies via dependabot
• 8b8de11d feat: implement new controllers for hostname, resolvers and time servers
• 24859b14 docs: update Rpi4 firmware guide
• 62c702c4 fix: remove conflicting etcd member on rejoin with empty data directory
• ff62a599 fix: drop into maintenance mode if config URL is none (metal)
• 14e696d0 feat: update COSI runtime and add support for tail in the Talos gRPC
• a71053fc feat: default to bootstrap workflow
• 76aac4bb feat: implement CPU and Memory stats controller
• 8f90c6a8 feat: parse Talos-specific cmdline params
• ed10e139 feat: implement NodeAddress controller
• 33db8857 fix: use COSI runtime DestroyReady input type
• 6e775363 refactor: rename *.Status() to *.TypedSpec() in the resources
• 97627061 docs: set static IP on ISO install mode
• 5811f4dd feat: implement link (interface) controllers
• 046b229b chore: skip building multi-arch installer for race-enabled build
• 73fbb4b5 fix: only fetch machine uuid if it's not set
• f112a540 fix: clean up stale snapshots on container start
• c036b949 chore: bump dependencies
• a4d67a01 feat: add the ability to disable CoreDNS
• 76dbfb36 feat: add ability to mark MBR partition bootable
• e0f5b1e2 chore: split mgmt/gen.go into several files
• fad1b4f1 chore: fix go generate for the machinery

Changes from talos-systems/crypto

7 commits

• 6bc5bb5 chore: remove unused argument
• cd18ef6 feat: add support for several organizations
• 97c888b chore: add options to CSR
• 7776057 chore: fix typos
• 80df078 chore: remove named result parameters
• 15bdd28 chore: minor updates
• 4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/extras

1 commit

• 4fe2706 feat: build with Go 1.16.5

Changes from talos-systems/go-blockdevice

3 commits

• 30c2bc3 feat: mark MBR bootable
• 1292574 fix: make disk type matcher parser case insensitive
• b77400e fix: properly detect nvme and sd card disk types

Changes from talos-systems/go-debug

5 commits

• 3d0a6e1 feat: race build tag flag detector
• 5b292e5 feat: disable memory profiling by default
• c6d0ae2 fix: linters and CI
• d969f95 feat: initial implementation
• b2044b7 Initial commit

Changes from talos-systems/go-kmsg

2 commits

• 2edcd3a feat: add initial version
• 53cdd8d chore: initial commit

Changes from talos-systems/go-loadbalancer

3 commits

• a445702 feat: allow dial timeout and keep alive period to be configurable
• 3c8f347 feat: provide a way to configure logger for the loadbalancer
• da8e987 feat: implement Reconcile - ability to change upstream list on the fly

Changes from talos-systems/go-retry

3 commits

• c78cc95 fix: implement errors.Is for all errors in the set
• 7885e16 feat: add ExpectedErrorf
• 3d83f61 feat: deprecate UnexpectedError

Changes from talos-systems/go-smbios

1 commit

• d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

18 commits

• 2d51360 feat: support NFS 4.1
• e63e4e9 feat: bump tools for Go 1.16.5
• 1f8af29 feat: update Linux to 5.10.38
• a3a6650 feat: update containerd to 1.5.2
• c70ea44 feat: update runc to 1.0.0-rc95
• db60235 feat: add support for netxen card
• f934187 feat: update containerd to 1.5.1
• e8ed5bc feat: add geneve encapsulation support for openvswitch
• 9f7903c feat: update containerd to 1.5.0, runc to -rc94
• d7c0f70 feat: add AES-NI support for amd64
• b0d9cd2 fix: build zbin utility for both amd64 and arm64
• bb39b97 feat: add IPMI support in kernel
• 1148f9a feat: add DS1307 RTC support for arm64
• 350aa6f feat: add USB serial support
• de9c582 feat: add Pine64 SBC support
• b56f36b feat: enable VMware baloon kernel module
• f87c194 feat: add iPXE build with embedded placeholder script
• a8b9e71 feat: add cpu scaling for rpi

Changes from talos-systems/tools

1 commit

• c8c2a18 feat: update Go to 1.16.5

Dependency Changes

• github.com/aws/aws-sdk-go v1.27.0 new
• github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
• github.com/containerd/containerd v1.4.4 -> v1.5.2
• github.com/containerd/go-cni v1.0.1 -> v1.0.2
• github.com/containerd/typeurl v1.0.1 -> v1.0.2
• github.com/coreos/go-iptables v0.5.0 -> v0.6.0
• github.com/cosi-project/runtime 10d6103c19ab -> ca95c7538d17
• github.com/docker/docker v20.10.4 -> v20.10.7
• github.com/emicklei/dot v0.15.0 -> v0.16.0
• github.com/fatih/color v1.10.0 -> v1.12.0
• github.com/google/go-cmp v0.5.5 -> v0.5.6
• github.com/google/gofuzz v1.2.0 new
• github.com/googleapis/gnostic v0.5.5 new
• github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.2 -> v1.5.3
• github.com/imdario/mergo v0.3.12 new
• github.com/insomniacslk/dhcp cc9239ac6294 -> fb4eaaa00ad2
• github.com/jsimonetti/rtnetlink 1b79e63a70a0 -> b34cb89a106b
• github.com/magiconair/properties v1.8.5 new
• github.com/mattn/go-isatty v0.0.12 -> v0.0.13
• github.com/mdlayher/arp f72070a231fc new
• github.com/mdlayher/ethtool 2b88debcdd43 new
• github.com/mdlayher/netlink v1.4.0 -> v1.4.1
• github.com/mdlayher/raw 51b895745faf new
• github.com/mitchellh/mapstructure v1.4.1 new
• github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> e6143ca7d51d
• github.com/pelletier/go-toml v1.9.0 new
• github.com/rivo/tview 8a8f78a6dd01 -> 807e706f86d1
• github.com/rs/xid v1.2.1 -> v1.3.0
• github.com/sirupsen/logrus v1.8.1 new
• github.com/spf13/afero v1.6.0 new
• github.com/spf13/cast v1.3.1 new
• github.com/spf13/viper v1.7.1 new
• github.com/talos-systems/crypto 39584f1b6e54 -> 6bc5bb50c527
• github.com/talos-systems/extras v0.3.0 -> v0.3.0-1-g4fe2706
• github.com/talos-systems/go-blockdevice 1d830a25f64f -> 30c2bc3cb62a
• github.com/talos-systems/go-debug 3d0a6e1bf5e3 new
• github.com/talos-systems/go-kmsg v0.1.0 new
• github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
• github.com/talos-systems/go-retry b9dc1a990133 -> c78cc953d9e9
• github.com/talos-systems/go-smbios fb425d4727e6 -> d3a32bea731a
• github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-alpha.0-8-g2d51360
• github.com/talos-systems/talos/pkg/machinery 8ffb55943c71 -> 000000000000
• github.com/talos-systems/tools v0.5.0 -> v0.5.0-1-gc8c2a18
• github.com/vishvananda/netns 2eb08e3e575f new
• github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.51.0
• github.com/vmware/govmomi v0.24.0 -> v0.26.0
• go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0-rc.1
• go.etcd.io/etcd/client/pkg/v3 v3.5.0-rc.1 new
• go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0-rc.1
• go.etcd.io/etcd/etcdutl/v3 v3.5.0-rc.1 new
• go.uber.org/zap v1.17.0 new
• golang.org/x/net e18ecbb05110 -> abc453219eb5
• golang.org/x/oauth2 81ed05c6b58c new
• golang.org/x/sys 77cc2087c03b -> ebe580a85c40
• golang.org/x/term 6a3ed077a48d -> a79de5458b56
• golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> 92e472f520a5
• google.golang.org/appengine v1.6.7 new
• google.golang.org/grpc v1.37.0 -> v1.38.0
• gopkg.in/ini.v1 v1.62.0 new
• inet.af/netaddr 1d252cf8125e new
• k8s.io/api v0.21.0 -> v0.21.1
• k8s.io/apimachinery v0.21.0 -> v0.21.1
• k8s.io/apiserver v0.21.0 -> v0.21.1
• k8s.io/client-go v0.21.0 -> v0.21.1
• k8s.io/kubectl v0.21.0 -> v0.21.1
• k8s.io/kubelet v0.21.0 -> v0.21.1
• k8s.io/utils 2afb4311ab10 new
• sigs.k8s.io/structured-merge-diff/v4 v4.1.1 new

Previous release can be found at v0.10.0

Talos 0.11.0-alpha.0 (2021-05-26)

Welcome to the v0.11.0-alpha.0 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Component Updates

• containerd was updated to 1.5.2
• Linux kernel was updated to 5.10.29

Multi-arch Installer

Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture. This means that e.g. images for arm64 SBCs can be generated on amd64 host.

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Jorik Jonker
• Spencer Smith
• Serge Logvinov
• Andrew LeCody
• Andrew Rynhard
• Boran Car
• Brandon Nason
• Gabor Nyiri
• Joost Coelingh
• Kevin Hellemun
• Lance R. Vick
• Lennard Klein
• Seán C McCord
• Sébastien Bernard
• Sébastien Bernard

Changes

82 commits

• c0962946 chore: prepare for 0.11 release series
• 72359765 feat: enable GORACE=halt_on_panic=1 in machined binary
• 0acb04ad feat: implement route network controllers
• f5bf88a4 feat: create certificates with os:admin role
• 1db301ed feat: switch controller-runtime to zap.Logger
• f7cf64d4 fix: add talos.config to the vApp Properties in VMware OVA
• 209527ec docs: add AMIs for Talos 0.10.3
• 59cfd312 chore: bump dependencies via dependabot
• 1edb20cf feat: extract config generation
• af77c295 docs: update wirguard guide
• 4fe69121 test: better talosctl ls tests
• 04ddda96 feat: update containerd to 1.5.2, runc to 1.0.0-rc95
• 49c7276b chore: fix markdown linting
• 7270495a docs: add mayastor quickstart
• d3d9112f docs: fix spelling/grammar in What's New for Talos 0.9
• 82804414 test: provide a way to force different boot order in provision library
• a1c0e99a docs: add guide for deploying metrics-server
• 6bc6658b feat: update containerd to 1.5.1
• c6567fae chore: dependabot updates
• 61ccbb3f chore: keep debug symbols in debug builds
• 1ce362e0 docs: update customizing kernel build steps
• a26174b5 fix: properly compose pattern and header in etcd members output
• 0825cf11 fix: stop networkd and pods before leaving etcd on upgrade
• bed6b15d fix: properly populate AllowSchedulingOnMasters option in gen config RPC
• 071f0445 feat: implement AddressSpec handling
• 76e38b7b feat: update Kubernetes to 1.21.1
• 9b1338d9 chore: parse "boolean" variables
• c81cfb21 chore: allow building with debug handlers
• c9651673 feat: update go-smbios library
• 95c656fb feat: update containerd to 1.5.0, runc to 1.0.0-rc94
• db9c35b5 feat: implement AddressStatusController
• 1cf011a8 chore: bump dependencies via dependabot
• e3f407a1 fix: properly pass disk type selector from config to matcher
• 66b2b450 feat: add resources and use HTTPS checks in control plane pods
• 4ffd7c0a fix: stop networkd before leaving etcd on 'reset' path
• 610d38d3 docs: add AMIs for 0.10.1, collapse list of AMIs by default
• 807497ec chore: make conformance pipeline depend on cron-default
• 3c121359 feat: implement LinkStatusController
• 0e8de046 fix: update go-blockdevice to fix disk type detection
• 4d50a4ed fix: update the way NTP sync uses adjtimex syscall
• 1a85c14a fix: avoid data race on CRI pod stop
• 5de8dbc0 fix: repair pine64 support
• 38239097 fix: properly parse matcher expressions
• e54b6b7a chore: update dependencies via dependabot
• f2caed0d chore: use extracted talos-systems/go-kmsg library
• 79d804c5 docs: fix typos
• a2bb390e feat: deterministic builds
• e480fedf feat: add USB serial drivers
• 79299d76 docs: add Matrix room links
• 1b3e8b09 docs: add survey to README
• 8d51c9bb docs: update redirects to Talos 0.10
• 1092c3a5 feat: add Pine64 SBC support
• 63e01754 feat: pull kernel with VMware balloon module enabled
• aeec99d8 chore: remove temporary fork
• 0f49722d feat: add --config-patch flag by node type
• a01b1d22 chore: dump dependencies via dependabot
• d540a4a4 fix: bump crypto library for the CSR verification fix
• c3a4173e chore: remove security API ReadFile/WriteFile
• 38037131 chore: update wgctrl dependecy
• d9ba0fd0 docs: create v0.11 docs, promote v0.10 docs, add v0.10 AMIs
• 2261d7ed fix: use both self-signed and Kubernetes CA to verify Kubelet cert
• a3537a69 docs: update cloud images for Talos v0.9.3
• 5b9ee861 docs: add what's new for Talos 0.10
• f1107fa3 docs: add survey
• 93623d47 docs: update AWS instructions
• a739d1b8 feat: add support of custom registry CA certificate usage
• 7f468d35 fix: update osType in OVA other3xLinux64Guest"
• 4a184b67 docs: add etcd backup and restore guide
• 5fb38d3e chore: refactor Dockerfile for cross-compilation
• a8f1e526 chore: build talosctl for Darwin / Apple Silicon
• eb0b64d3 chore: list specifically for enabled regions
• 669a0cbd fix: check if OVF env is empty
• da92049c chore: use codecov from the build container
• 9996d4b0 chore: use REGISTRY_MIRROR_FLAGS if defined
• 05cbe250 chore: bump dependencies via dependabot
• 9a91142a feat: print complete member info in etcd members
• bb40d6dd feat: update pkgs version
• e7a9164b test: implement talosctl conformance command to run e2e tests
• 6cb266e7 fix: update etcd client errors, print etcd join failures
• 0bd8b0e8 feat: provide an option to recover etcd from data directory copy
• f9818540 chore: fix conform with scopes
• 21018f28 chore: bump website node.js dependencies

Changes from talos-systems/crypto

1 commit

• 4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/go-blockdevice

2 commits

• 1292574 fix: make disk type matcher parser case insensitive
• b77400e fix: properly detect nvme and sd card disk types

Changes from talos-systems/go-debug

5 commits

• 3d0a6e1 feat: race build tag flag detector
• 5b292e5 feat: disable memory profiling by default
• c6d0ae2 fix: linters and CI
• d969f95 feat: initial implementation
• b2044b7 Initial commit

Changes from talos-systems/go-kmsg

2 commits

• 2edcd3a feat: add initial version
• 53cdd8d chore: initial commit

Changes from talos-systems/go-loadbalancer

3 commits

• a445702 feat: allow dial timeout and keep alive period to be configurable
• 3c8f347 feat: provide a way to configure logger for the loadbalancer
• da8e987 feat: implement Reconcile - ability to change upstream list on the fly

Changes from talos-systems/go-smbios

1 commit

• d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

15 commits

• a3a6650 feat: update containerd to 1.5.2
• c70ea44 feat: update runc to 1.0.0-rc95
• db60235 feat: add support for netxen card
• f934187 feat: update containerd to 1.5.1
• e8ed5bc feat: add geneve encapsulation support for openvswitch
• 9f7903c feat: update containerd to 1.5.0, runc to -rc94
• d7c0f70 feat: add AES-NI support for amd64
• b0d9cd2 fix: build zbin utility for both amd64 and arm64
• bb39b97 feat: add IPMI support in kernel
• 1148f9a feat: add DS1307 RTC support for arm64
• 350aa6f feat: add USB serial support
• de9c582 feat: add Pine64 SBC support
• b56f36b feat: enable VMware baloon kernel module
• f87c194 feat: add iPXE build with embedded placeholder script
• a8b9e71 feat: add cpu scaling for rpi

Dependency Changes

• github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
• github.com/containerd/containerd v1.4.4 -> v1.5.2
• github.com/containerd/go-cni v1.0.1 -> v1.0.2
• github.com/containerd/typeurl v1.0.1 -> v1.0.2
• github.com/coreos/go-iptables v0.5.0 -> v0.6.0
• github.com/cosi-project/runtime 10d6103c19ab -> 8a4533ce68e2
• github.com/docker/docker v20.10.4 -> v20.10.6
• github.com/emicklei/dot v0.15.0 -> v0.16.0
• github.com/fatih/color v1.10.0 -> v1.11.0
• github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.2 -> v1.5.3
• github.com/mdlayher/ethtool 2b88debcdd43 new
• github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> e6143ca7d51d
• github.com/plunder-app/kube-vip v0.3.2 -> v0.3.4
• github.com/rs/xid v1.2.1 -> v1.3.0
• github.com/talos-systems/crypto 39584f1b6e54 -> 4f80b976b640
• github.com/talos-systems/go-blockdevice 1d830a25f64f -> 1292574643e0
• github.com/talos-systems/go-debug 3d0a6e1bf5e3 new
• github.com/talos-systems/go-kmsg v0.1.0 new
• github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
• github.com/talos-systems/go-smbios fb425d4727e6 -> d3a32bea731a
• github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-alpha.0-5-ga3a6650
• github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.50.0
• github.com/vmware/govmomi v0.24.0 -> v0.25.0
• go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0-beta.3
• go.etcd.io/etcd/client/pkg/v3 v3.5.0-beta.3 new
• go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0-beta.3
• go.etcd.io/etcd/etcdutl/v3 v3.5.0-beta.3 new
• go.uber.org/zap c23abee72d19 new
• golang.org/x/net e18ecbb05110 -> 0714010a04ed
• golang.org/x/sys 77cc2087c03b -> 0981d6026fa6
• golang.org/x/term 6a3ed077a48d -> a79de5458b56
• golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> f9ad6d392236
• google.golang.org/grpc v1.37.0 -> v1.38.0
• inet.af/netaddr 1d252cf8125e new
• k8s.io/api v0.21.0 -> v0.21.1
• k8s.io/apimachinery v0.21.0 -> v0.21.1
• k8s.io/apiserver v0.21.0 -> v0.21.1
• k8s.io/client-go v0.21.0 -> v0.21.1
• k8s.io/kubectl v0.21.0 -> v0.21.1
• k8s.io/kubelet v0.21.0 -> v0.21.1

Previous release can be found at v0.10.0

Talos 0.10.0-alpha.2 (2021-04-08)

Welcome to the v0.10.0-alpha.2 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Disaster Recovery

• support for creating etcd snapshots (backups) with talosctl etcd snapshot command.
• etcd cluster can be recovered from a snapshot using talosctl boostrap --recover-from= command.

Install Disk Selector

Install section of the machine config now has diskSelector field that allows querying install disk using the list of qualifiers:

...
  install:
    diskSelector:
      size: >= 500GB
      model: WDC*
...

talosctl disks -n <node> -i can be used to check allowed disk qualifiers when the node is running in the maintenance mode.

Optimizations

• Talos system services now run without container images on initramfs from the single executable; this change reduces RAM usage, initramfs size and boot time..

SBCs

• u-boot version was updated to fix the boot and USB issues on Raspberry Pi 4 8GiB version.
• added support for Rock Pi 4.

Time Syncrhonization

• timed service was replaced with a time sync controller, no machine configuration changes.
• Talos now prefers last successful time server (by IP address) on each sync attempt (improves sync accuracy).

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Spencer Smith
• Seán C McCord
• Andrew Rynhard
• Branden Cash
• Jorik Jonker
• Matt Zahorik
• bzub

Changes

104 commits

• e0650218 feat: support etcd recovery from snapshot on bootstrap
• 247bd50e docs: describe steps to install and boot Talos from the SSD on rockpi4
• e6b4e524 test: update CAPA to 0.6.4
• 28753f6d fix: trim endpoints/nodes from arguments in talosctl config
• aca63b88 docs: fix "DigitalOcean" spelling
• 33035901 fix: revert mark PMBR EFI partition as bootable
• fbfd1eb2 refactor: pull new version of os-runtime, update code
• 8737ea71 feat: allow external cloud provides configration
• 3909e2d0 chore: update Go to 1.16.3
• 690eb20e chore: update blockdevice library for PMBR bootable fix
• a8761b8e fix: require leader on etcd member operations
• 3dc84625 fix: make both HDMI ports work on RPi 4
• bd5ae1e0 fix: add a check for overlay mounts in installer pre-flight checks
• df8649cb refactor: download modules before go generate
• 39ae0415 chore: bump dependencies via dependabot
• e16d6d34 fix: publish rockpi4 image to release artifacts
• 39c6dbcc feat: add --config-patch parameter to talosctl gen config
• e664362c feat: add API and command to save etcd snapshot (backup)
• 61b694b9 fix: create rootfs for system services via /system tmpfs
• abc2e17e test: update 0.9.x version in upgrade tests to 0.9.1
• a1e64154 fix: retry Kubernetes API errors on cordon/uncordon/etc
• 063d1abe fix: print task failure error immediately
• e039172e fix: ignore EOF errors from Kubernetes API when converting control plane
• 7bcb91a4 docs: fix typo for stage flag
• a43acb21 feat: bring in Linux 5.10.27, support for 32-bit time syscalls
• e2bb5973 release(v0.10.0-alpha.1): prepare release
• 8309312a chore: build components with race detector enabled in dev mode
• 7d912584 test: fix data race in apply config tests
• 204caf8e test: fix apply-config integration test, bump clusterctl version
• d812099d fix: address several issues in TUI installer
• 269c9ad0 fix: don't write to config object on access
• a9451f57 feat: update Kubernetes to 1.21.0-beta.1
• 4b42ced4 feat: add ability to disable comments in talosctl gen config
• a0dcfc3d fix: workaround race in containerd runner with stdin pipe
• 2ea20f59 feat: replace timed with time sync controller
• c38a161a test: add unit-test for machine config validation
• a6106815 chore: bump dependencies via dependabot
• 35598f39 chore: refactor: extract ClusterConfig
• 03285184 fix: get rid of data race in encoder and fix concurrent map access
• 4b3580aa fix: prevent panic in validate config if machine.install is missing
• d7e9f6d6 chore: build integration tests with -race
• 9f7d67ac chore: fix typo
• 672c9707 fix: allow convert-k8s --remove-initialized-keys with K8s cp is down
• fb605a0f chore: tweak nolintlint settings
• 1f5a0c40 fix: resolve the issue with Kubernetes upgrade
• 74b2b557 docs: update AWS docs to ensure instances are tagged
• dc21d9b4 chore: remove old file
• 966caf7a chore: remove unused module replace directives
• 98b22f1e feat: show short options in talosctl kubeconfig
• 51139d54 chore: cache go modules in the build
• 65701aa7 fix: resolve the issue with DHCP lease not being renewed
• 711f5b23 fix: config validation: CNI should apply to cp nodes, encryption config
• 5ff491d9 fix: allow empty list for CNI URLs
• 946e74f0 docs: update path for kernel downloads in qemu docs
• ed272e60 feat: update Kubernetes to 1.21.0-beta.0
• b0209fd2 refactor: move networkd, timed APIs to machined, remove routerd
• 6ffabe51 feat: add ability to find disk by disk properties
• ac876470 refactor: move apid, routerd, timed and trustd to single executable
• 89a4b09f refactor: run networkd as a goroutine in machined
• f4a6a19c chore: update sonobuoy
• dc294db1 chore: bump dependencies via dependabot
• 2b1641a3 docs: add AMIs for Talos 0.9.0
• 79ceb428 docs: make v0.9 the default docs
• a5b62f4d docs: add documentation for Talos 0.10
• ce795f1c fix: command etcd remove-member shouldn't remove etcd data directory
• aab49a16 fix: repair zsh completion
• fc9c416a fix: build rockpi4 metal image as part of CI build
• 125b86f4 fix: upgrade-k8s bug with empty config values and provision script
• 8b2d228d chore: add script for starting registry proxies
• f7d276b8 chore: remove old osctl reference
• 5b14d6f2 chore: fix make help output
• f0512dfc feat: update Kubernetes to 1.20.5
• 24cd0a20 feat: publish talosctl container image
• 6e17102c chore: remove unused code
• 88104407 docs: add control plane in-depth guide
• ecf03449 chore: bump Go to 1.16.2
• cbc38418 release(v0.10.0-alpha.0): prepare release
• 3455a8e8 chore: use new release tool for changelogs and release notes
• 08271ba9 chore: use Go 1.16 language version
• 7662d033 fix: talosctl health should not check kube-proxy when it is disabled
• 0dbaeb9e chore: update tools, use new generators
• e31790f6 fix: properly format spec comments in the resources
• 78d384eb test: update aws cloud provider version
• 3c5bfbb4 fix: don't touch any partitions on upgrade with --preserve
• 891f90fe chore: update Linux to 5.10.23
• d4d77882 chore: update dependencies via dependabot
• 2e22f20b docs: minor fixes to getting started
• ca8a5596 chore: fix provision tests after changes to build-container
• 4aae924c refactor: provide explicit logger for networkd
• 22f37530 chore: update golanci-lint to 1.38.0
• 83b4e7f7 feat: add Rock pi 4 support
• 1362966f docs: rewrite getting-started for ISO
• 8e57fc4f fix: move containerd CRI config files under /var/
• 6f7df3da fix: update output of convert-k8s command
• dce6118c docs: add guide for VIP
• ee5d9ffa chore: bump Go to 1.16.1
• 7c529e1c docs: fix links in the documentation
• f596c7f6 docs: add video for raspberry pi install
• 47324dca docs: add guide on editing machine configuration
• 99d5f894 chore: update website npm dependencies
• 11056a80 docs: add highlights for 0.9 release
• ae8bedb9 docs: add control plane conversion guide and 0.9 upgrade notes
• ed9673e5 docs: add troubleshooting control plane documentation
• 485cb126 docs: update Kubernetes upgrade guide

Changes since v0.10.0-alpha.1

25 commits

• e0650218 feat: support etcd recovery from snapshot on bootstrap
• 247bd50e docs: describe steps to install and boot Talos from the SSD on rockpi4
• e6b4e524 test: update CAPA to 0.6.4
• 28753f6d fix: trim endpoints/nodes from arguments in talosctl config
• aca63b88 docs: fix "DigitalOcean" spelling
• 33035901 fix: revert mark PMBR EFI partition as bootable
• fbfd1eb2 refactor: pull new version of os-runtime, update code
• 8737ea71 feat: allow external cloud provides configration
• 3909e2d0 chore: update Go to 1.16.3
• 690eb20e chore: update blockdevice library for PMBR bootable fix
• a8761b8e fix: require leader on etcd member operations
• 3dc84625 fix: make both HDMI ports work on RPi 4
• bd5ae1e0 fix: add a check for overlay mounts in installer pre-flight checks
• df8649cb refactor: download modules before go generate
• 39ae0415 chore: bump dependencies via dependabot
• e16d6d34 fix: publish rockpi4 image to release artifacts
• 39c6dbcc feat: add --config-patch parameter to talosctl gen config
• e664362c feat: add API and command to save etcd snapshot (backup)
• 61b694b9 fix: create rootfs for system services via /system tmpfs
• abc2e17e test: update 0.9.x version in upgrade tests to 0.9.1
• a1e64154 fix: retry Kubernetes API errors on cordon/uncordon/etc
• 063d1abe fix: print task failure error immediately
• e039172e fix: ignore EOF errors from Kubernetes API when converting control plane
• 7bcb91a4 docs: fix typo for stage flag
• a43acb21 feat: bring in Linux 5.10.27, support for 32-bit time syscalls

Changes from talos-systems/extras

3 commits

• cf3934a feat: build with Go 1.16.3
• c0fa0c0 feat: bump Go to 1.16.2
• 5f89d77 feat: bump Go to 1.16.1

Changes from talos-systems/go-blockdevice

3 commits

• 1d830a2 fix: revert mark the EFI partition in PMBR as bootable
• bec914f fix: mark the EFI partition in PMBR as bootable
• 776b37d feat: add options to probe disk by various sysblock parameters

Changes from talos-systems/os-runtime

5 commits

• 86d9e09 chore: bump go.mod dependencies
• 2de411a feat: major rewrite of the os-runtime with new features
• ded40a7 feat: implement controller runtime gRPC bridge
• 0d5b5a9 feat: implement resource state service and client
• d04ec51 feat: add common COSI resource protobuf, implement bridge with state

Changes from talos-systems/pkgs

8 commits

• 9a6cf6b feat: build with Go 1.16.3
• 60ce626 feat: update Linux to 5.10.27, enable 32-bit time syscalls
• fdf4866 feat: bump tools for Go 1.16.2
• 35f9b6f feat: update kernel to 5.10.23
• dbae83e fix: do not use git-lfs for rockpi4 binaries
• 1c6b9a3 feat: bump tools for Go 1.16.1
• c18073f feat: add u-boot for Rock Pi 4
• 6b85a2b feat: upgrade u-boot to 2021.04-rc3

Changes from talos-systems/tools

5 commits

• 1f26def feat: update Go to 1.16.3
• 41b8073 feat: bump protobuf-related tools
• f7bce92 chore: bump Go to 1.16.2
• bcf3380 feat: bump protobuf deps, add protoc-gen-go-grpc
• b49c40e feat: bump Go to 1.16.1

Dependency Changes

• github.com/coreos/go-semver v0.3.0 new
• github.com/golang/protobuf v1.4.3 -> v1.5.2
• github.com/google/go-cmp v0.5.4 -> v0.5.5
• github.com/hashicorp/go-multierror v1.1.0 -> v1.1.1
• github.com/talos-systems/extras v0.2.0-1-g0db3328 -> v0.3.0-alpha.0-2-gcf3934a
• github.com/talos-systems/go-blockdevice bb3ad73f6983 -> 1d830a25f64f
• github.com/talos-systems/os-runtime 7b3d14457439 -> 86d9e090bdc4
• github.com/talos-systems/pkgs v0.4.1-2-gd471b60 -> v0.5.0-alpha.0-5-g9a6cf6b
• github.com/talos-systems/tools v0.4.0-1-g3b25a7e -> v0.5.0-alpha.0-4-g1f26def
• go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0 new
• google.golang.org/grpc v1.36.0 -> v1.36.1
• google.golang.org/protobuf v1.25.0 -> v1.26.0
• k8s.io/api v0.20.5 -> v0.21.0-rc.0
• k8s.io/apimachinery v0.20.5 -> v0.21.0-rc.0
• k8s.io/apiserver v0.20.5 -> v0.21.0-rc.0
• k8s.io/client-go v0.20.5 -> v0.21.0-rc.0
• k8s.io/cri-api v0.20.5 -> v0.21.0-rc.0
• k8s.io/kubectl v0.20.5 -> v0.21.0-rc.0
• k8s.io/kubelet v0.20.5 -> v0.21.0-rc.0

Previous release can be found at v0.9.0

Talos 0.10.0-alpha.1 (2021-03-31)

Welcome to the v0.10.0-alpha.1 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Install Disk Selector

Install section of the machine config now has diskSelector field that allows querying install disk using the list of qualifiers:

...
  install:
    diskSelector:
      size: >= 500GB
      model: WDC*
...

talosctl disks -n <node> -i can be used to check allowed disk qualifiers when the node is running in the maintenance mode.

Optimizations

• Talos system services now run without container images on initramfs from the single executable; this change reduces RAM usage, initramfs size and boot time..

SBCs

• u-boot version was updated to fix the boot and USB issues on Raspberry Pi 4 8GiB version.
• added support for Rock Pi 4.

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Spencer Smith
• Seán C McCord
• Andrew Rynhard
• Jorik Jonker
• bzub

Changes

78 commits

• 8309312a chore: build components with race detector enabled in dev mode
• 7d912584 test: fix data race in apply config tests
• 204caf8e test: fix apply-config integration test, bump clusterctl version
• d812099d fix: address several issues in TUI installer
• 269c9ad0 fix: don't write to config object on access
• a9451f57 feat: update Kubernetes to 1.21.0-beta.1
• 4b42ced4 feat: add ability to disable comments in talosctl gen config
• a0dcfc3d fix: workaround race in containerd runner with stdin pipe
• 2ea20f59 feat: replace timed with time sync controller
• c38a161a test: add unit-test for machine config validation
• a6106815 chore: bump dependencies via dependabot
• 35598f39 chore: refactor: extract ClusterConfig
• 03285184 fix: get rid of data race in encoder and fix concurrent map access
• 4b3580aa fix: prevent panic in validate config if machine.install is missing
• d7e9f6d6 chore: build integration tests with -race
• 9f7d67ac chore: fix typo
• 672c9707 fix: allow convert-k8s --remove-initialized-keys with K8s cp is down
• fb605a0f chore: tweak nolintlint settings
• 1f5a0c40 fix: resolve the issue with Kubernetes upgrade
• 74b2b557 docs: update AWS docs to ensure instances are tagged
• dc21d9b4 chore: remove old file
• 966caf7a chore: remove unused module replace directives
• 98b22f1e feat: show short options in talosctl kubeconfig
• 51139d54 chore: cache go modules in the build
• 65701aa7 fix: resolve the issue with DHCP lease not being renewed
• 711f5b23 fix: config validation: CNI should apply to cp nodes, encryption config
• 5ff491d9 fix: allow empty list for CNI URLs
• 946e74f0 docs: update path for kernel downloads in qemu docs
• ed272e60 feat: update Kubernetes to 1.21.0-beta.0
• b0209fd2 refactor: move networkd, timed APIs to machined, remove routerd
• 6ffabe51 feat: add ability to find disk by disk properties
• ac876470 refactor: move apid, routerd, timed and trustd to single executable
• 89a4b09f refactor: run networkd as a goroutine in machined
• f4a6a19c chore: update sonobuoy
• dc294db1 chore: bump dependencies via dependabot
• 2b1641a3 docs: add AMIs for Talos 0.9.0
• 79ceb428 docs: make v0.9 the default docs
• a5b62f4d docs: add documentation for Talos 0.10
• ce795f1c fix: command etcd remove-member shouldn't remove etcd data directory
• aab49a16 fix: repair zsh completion
• fc9c416a fix: build rockpi4 metal image as part of CI build
• 125b86f4 fix: upgrade-k8s bug with empty config values and provision script
• 8b2d228d chore: add script for starting registry proxies
• f7d276b8 chore: remove old osctl reference
• 5b14d6f2 chore: fix make help output
• f0512dfc feat: update Kubernetes to 1.20.5
• 24cd0a20 feat: publish talosctl container image
• 6e17102c chore: remove unused code
• 88104407 docs: add control plane in-depth guide
• ecf03449 chore: bump Go to 1.16.2
• cbc38418 release(v0.10.0-alpha.0): prepare release
• 3455a8e8 chore: use new release tool for changelogs and release notes
• 08271ba9 chore: use Go 1.16 language version
• 7662d033 fix: talosctl health should not check kube-proxy when it is disabled
• 0dbaeb9e chore: update tools, use new generators
• e31790f6 fix: properly format spec comments in the resources
• 78d384eb test: update aws cloud provider version
• 3c5bfbb4 fix: don't touch any partitions on upgrade with --preserve
• 891f90fe chore: update Linux to 5.10.23
• d4d77882 chore: update dependencies via dependabot
• 2e22f20b docs: minor fixes to getting started
• ca8a5596 chore: fix provision tests after changes to build-container
• 4aae924c refactor: provide explicit logger for networkd
• 22f37530 chore: update golanci-lint to 1.38.0
• 83b4e7f7 feat: add Rock pi 4 support
• 1362966f docs: rewrite getting-started for ISO
• 8e57fc4f fix: move containerd CRI config files under /var/
• 6f7df3da fix: update output of convert-k8s command
• dce6118c docs: add guide for VIP
• ee5d9ffa chore: bump Go to 1.16.1
• 7c529e1c docs: fix links in the documentation
• f596c7f6 docs: add video for raspberry pi install
• 47324dca docs: add guide on editing machine configuration
• 99d5f894 chore: update website npm dependencies
• 11056a80 docs: add highlights for 0.9 release
• ae8bedb9 docs: add control plane conversion guide and 0.9 upgrade notes
• ed9673e5 docs: add troubleshooting control plane documentation
• 485cb126 docs: update Kubernetes upgrade guide

Changes since v0.10.0-alpha.0

50 commits

• 8309312a chore: build components with race detector enabled in dev mode
• 7d912584 test: fix data race in apply config tests
• 204caf8e test: fix apply-config integration test, bump clusterctl version
• d812099d fix: address several issues in TUI installer
• 269c9ad0 fix: don't write to config object on access
• a9451f57 feat: update Kubernetes to 1.21.0-beta.1
• 4b42ced4 feat: add ability to disable comments in talosctl gen config
• a0dcfc3d fix: workaround race in containerd runner with stdin pipe
• 2ea20f59 feat: replace timed with time sync controller
• c38a161a test: add unit-test for machine config validation
• a6106815 chore: bump dependencies via dependabot
• 35598f39 chore: refactor: extract ClusterConfig
• 03285184 fix: get rid of data race in encoder and fix concurrent map access
• 4b3580aa fix: prevent panic in validate config if machine.install is missing
• d7e9f6d6 chore: build integration tests with -race
• 9f7d67ac chore: fix typo
• 672c9707 fix: allow convert-k8s --remove-initialized-keys with K8s cp is down
• fb605a0f chore: tweak nolintlint settings
• 1f5a0c40 fix: resolve the issue with Kubernetes upgrade
• 74b2b557 docs: update AWS docs to ensure instances are tagged
• dc21d9b4 chore: remove old file
• 966caf7a chore: remove unused module replace directives
• 98b22f1e feat: show short options in talosctl kubeconfig
• 51139d54 chore: cache go modules in the build
• 65701aa7 fix: resolve the issue with DHCP lease not being renewed
• 711f5b23 fix: config validation: CNI should apply to cp nodes, encryption config
• 5ff491d9 fix: allow empty list for CNI URLs
• 946e74f0 docs: update path for kernel downloads in qemu docs
• ed272e60 feat: update Kubernetes to 1.21.0-beta.0
• b0209fd2 refactor: move networkd, timed APIs to machined, remove routerd
• 6ffabe51 feat: add ability to find disk by disk properties
• ac876470 refactor: move apid, routerd, timed and trustd to single executable
• 89a4b09f refactor: run networkd as a goroutine in machined
• f4a6a19c chore: update sonobuoy
• dc294db1 chore: bump dependencies via dependabot
• 2b1641a3 docs: add AMIs for Talos 0.9.0
• 79ceb428 docs: make v0.9 the default docs
• a5b62f4d docs: add documentation for Talos 0.10
• ce795f1c fix: command etcd remove-member shouldn't remove etcd data directory
• aab49a16 fix: repair zsh completion
• fc9c416a fix: build rockpi4 metal image as part of CI build
• 125b86f4 fix: upgrade-k8s bug with empty config values and provision script
• 8b2d228d chore: add script for starting registry proxies
• f7d276b8 chore: remove old osctl reference
• 5b14d6f2 chore: fix make help output
• f0512dfc feat: update Kubernetes to 1.20.5
• 24cd0a20 feat: publish talosctl container image
• 6e17102c chore: remove unused code
• 88104407 docs: add control plane in-depth guide
• ecf03449 chore: bump Go to 1.16.2

Changes from talos-systems/extras

2 commits

• c0fa0c0 feat: bump Go to 1.16.2
• 5f89d77 feat: bump Go to 1.16.1

Changes from talos-systems/go-blockdevice

1 commit

• 776b37d feat: add options to probe disk by various sysblock parameters

Changes from talos-systems/pkgs

6 commits

• fdf4866 feat: bump tools for Go 1.16.2
• 35f9b6f feat: update kernel to 5.10.23
• dbae83e fix: do not use git-lfs for rockpi4 binaries
• 1c6b9a3 feat: bump tools for Go 1.16.1
• c18073f feat: add u-boot for Rock Pi 4
• 6b85a2b feat: upgrade u-boot to 2021.04-rc3

Changes from talos-systems/tools

4 commits

• 41b8073 feat: bump protobuf-related tools
• f7bce92 chore: bump Go to 1.16.2
• bcf3380 feat: bump protobuf deps, add protoc-gen-go-grpc
• b49c40e feat: bump Go to 1.16.1

Dependency Changes

• github.com/coreos/go-semver v0.3.0 new
• github.com/golang/protobuf v1.4.3 -> v1.5.1
• github.com/google/go-cmp v0.5.4 -> v0.5.5
• github.com/hashicorp/go-multierror v1.1.0 -> v1.1.1
• github.com/talos-systems/extras v0.2.0-1-g0db3328 -> v0.3.0-alpha.0-1-gc0fa0c0
• github.com/talos-systems/go-blockdevice bb3ad73f6983 -> 776b37d31de0
• github.com/talos-systems/pkgs v0.4.1-2-gd471b60 -> v0.5.0-alpha.0-3-gfdf4866
• github.com/talos-systems/tools v0.4.0-1-g3b25a7e -> v0.5.0-alpha.0-3-g41b8073
• google.golang.org/grpc v1.36.0 -> v1.36.1
• google.golang.org/protobuf v1.25.0 -> v1.26.0
• k8s.io/api v0.20.5 -> v0.21.0-rc.0
• k8s.io/apimachinery v0.20.5 -> v0.21.0-rc.0
• k8s.io/apiserver v0.20.5 -> v0.21.0-rc.0
• k8s.io/client-go v0.20.5 -> v0.21.0-rc.0
• k8s.io/cri-api v0.20.5 -> v0.21.0-rc.0
• k8s.io/kubectl v0.20.5 -> v0.21.0-rc.0
• k8s.io/kubelet v0.20.5 -> v0.21.0-rc.0

Previous release can be found at v0.9.0

Talos 0.10.0-alpha.0 (2021-03-17)

Welcome to the v0.10.0-alpha.0 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

SBCs

• u-boot version was updated to fix the boot and USB issues on Raspberry Pi 4 8GiB version.
• added support for Rock Pi 4.

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Seán C McCord
• Spencer Smith
• Andrew Rynhard

Changes

27 commits

• 3455a8e8 chore: use new release tool for changelogs and release notes
• 08271ba9 chore: use Go 1.16 language version
• 7662d033 fix: talosctl health should not check kube-proxy when it is disabled
• 0dbaeb9e chore: update tools, use new generators
• e31790f6 fix: properly format spec comments in the resources
• 78d384eb test: update aws cloud provider version
• 3c5bfbb4 fix: don't touch any partitions on upgrade with --preserve
• 891f90fe chore: update Linux to 5.10.23
• d4d77882 chore: update dependencies via dependabot
• 2e22f20b docs: minor fixes to getting started
• ca8a5596 chore: fix provision tests after changes to build-container
• 4aae924c refactor: provide explicit logger for networkd
• 22f37530 chore: update golanci-lint to 1.38.0
• 83b4e7f7 feat: add Rock pi 4 support
• 1362966f docs: rewrite getting-started for ISO
• 8e57fc4f fix: move containerd CRI config files under /var/
• 6f7df3da fix: update output of convert-k8s command
• dce6118c docs: add guide for VIP
• ee5d9ffa chore: bump Go to 1.16.1
• 7c529e1c docs: fix links in the documentation
• f596c7f6 docs: add video for raspberry pi install
• 47324dca docs: add guide on editing machine configuration
• 99d5f894 chore: update website npm dependencies
• 11056a80 docs: add highlights for 0.9 release
• ae8bedb9 docs: add control plane conversion guide and 0.9 upgrade notes
• ed9673e5 docs: add troubleshooting control plane documentation
• 485cb126 docs: update Kubernetes upgrade guide

Changes since v0.10.0-alpha.0

0 commit

Changes from talos-systems/extras

1 commit

• 5f89d77 feat: bump Go to 1.16.1

Changes from talos-systems/os-runtime

1 commit

• 7b3d144 feat: use go-yaml fork and serialize spec as RawYAML objects

Changes from talos-systems/pkgs

5 commits

• 35f9b6f feat: update kernel to 5.10.23
• dbae83e fix: do not use git-lfs for rockpi4 binaries
• 1c6b9a3 feat: bump tools for Go 1.16.1
• c18073f feat: add u-boot for Rock Pi 4
• 6b85a2b feat: upgrade u-boot to 2021.04-rc3

Changes from talos-systems/tools

2 commits

• bcf3380 feat: bump protobuf deps, add protoc-gen-go-grpc
• b49c40e feat: bump Go to 1.16.1

Dependency Changes

• github.com/hashicorp/go-multierror v1.1.0 -> v1.1.1
• github.com/talos-systems/extras v0.2.0 -> v0.3.0-alpha.0
• github.com/talos-systems/os-runtime 84c3c875eb2b -> 7b3d14457439
• github.com/talos-systems/pkgs v0.4.1 -> v0.5.0-alpha.0-2-g35f9b6f
• github.com/talos-systems/tools v0.4.0 -> v0.5.0-alpha.0-1-gbcf3380

Previous release can be found at v0.9.0-beta.0

v0.9.0-alpha.5 (2021-03-03)

Chore

• bump Go module dependencies
• properly propagate context object in the controller

Feat

• bypass lock if ACPI reboot/shutdown issued
• add --on-reboot flag to talosctl edit/patch machineConfig
• support JSON output in talosctl get, event types
• rename namespaces, resources, types etc

v0.9.0-alpha.4 (2021-03-02)

Chore

• update provision/upgrade tests to 0.9.0-alpha.3

Docs

• bump v0.8 release version in the SBCs guides
• add disk encryption guide

Feat

• update linux kernel to 5.10.19

Fix

• ignore 'ENOENT' (no such file directory) on mount
• move etcd to cri containerd runner

v0.9.0-alpha.3 (2021-03-01)

Chore

• bump dependencies via dependabot
• build both Darwin and Linux versions of talosctl
• bump dependencies via dependabot
• switch CI to stop embedding local registry into the builds

Docs

• update AMI images for 0.8.4

Feat

• implement etcd remove-member cli command
• update etcd to 3.4.15
• talosctl: allow v-prefixed k8s versions
• implement simple layer 2 shared IP for CP
• implement talosctl edit and patch config commands
• bump etcd client library to 3.5.0-alpha.0

Fix

• update in-cluster kubeconfig validity to match other certs
• add ApplyDynamicConfig call in the apply-config --immediate mode
• set hdmi_safe=1 on Raspberry Pi for maximum HDMI compatibility
• show stopped/exited containers via CRI inspector
• make ApplyDynamicConfig idempotent
• improve the drain function
• correctly set service state in the resource
• update the layout of the Disks API to match proxying requirements
• stop and clean up installer container correctly
• sanitize volume name better in static pod extra volumes

Refactor

• add context to the networkd
• split WithNetworkConfig into sub-options

Test

• add integration test with Canal CNI and reset API
• upgrade master to master tests

v0.9.0-alpha.2 (2021-02-20)

Chore

• add default cron pipeline to the list of pipelines
• run default pipeline as part of the cron pipeline

Docs

• add link to GitHub Discussions as a support forum

Feat

• u-boot 2021.01, ca-certificates update, Linux file ACLs
• support control plane upgrades with Talos managed control plane
• add support for extra volume mounts for control plane pods
• add a warning to boot log if running self-hosted control plane
• add an option to disable kube-proxy manifest
• update Kubernetes to 1.20.4
• add state encryption support

Fix

• redirect warnings in manifest apply k8s client
• handle case when kubelet serving certificates are issued
• correctly escape extra args in kube-proxy manifest
• skip empty manifest YAML sub-documents

Refactor

• split kubernetes/etcd resource generation into subresources

Test

• enable disk encryption key rotation test
• update integration tests to use wrapped client for etcd APIs

v0.9.0-alpha.1 (2021-02-09)

Chore

• update artifacts bucket name in Drone
• rework Drone pipelines
• update dependencies via dependabot
• ci: fix schedules in Drone pipelines
• ci: update gcp templates

Docs

• update AMI list for 0.8.2
• fix typos

Feat

• add a tool and package to convert self-hosted CP to static pods
• implement ephemeral partition encryption
• add resource watch API + CLI
• rename apply-config --no-reboot to --on-reboot
• skip filesystem for state and ephemeral partitions in the installer
• stop all pods before unmounting ephemeral partition
• bump Go to 1.15.8
• support version contract for Talos config generation
• update Linux to 5.10.14
• add an option to force upgrade without checks
• upgrade CoreDNS to 1.8.0
• implement IPv6 DHCP client in networkd

Fix

• correctly unwrap responses for etcd commands
• drop cri dependency on etcd
• move versions to annotations in control plane static pods
• find master node IPs correctly in health checks
• add 3 seconds grub boot timeout
• don't use filename from URL when downloading manifest
• pass attributes when adding routes
• correct response structure for GenerateConfig API
• correctly extract wrapped error messages
• prevent crash in machined on apid service stop
• wait for time sync before generating Kubernetes certificates
• set proper hostname on docker nodes
• mount kubelet secrets from system instead of ephemeral
• allow loading of empty config files
• prefer configured nameservers, fix DHCP6 in container
• refresh control plane endpoints on worker apids on schedule
• update DHCP client to use Request-Ack sequence after an Offer

Refactor

• extract go-cmd into a separate library

Test

• trigger e2e on thrice daily
• update aws templates
• add support for IPv6 in talosctl cluster create

v0.9.0-alpha.0 (2021-02-01)

Chore

• bump dependencies (via dependabot)
• fix import path for fsnotify
• add dependabot config
• enable virtio-balloon and monitor in QEMU provisioner
• update protobuf, grpc-go, prototool
• update upgrade test version used

Docs

• update components.md
• add v0.9 docs
• add modes to validate command
• document omitting DiskPartition size
• update references to 0.8.0, add 0.8.0 AWS AMIs
• fix latest docs
• set latest docs to v0.8
• provide AMIs for 0.8.0-beta.0
• fix SBC docs to point to beta.0 instead of beta.1
• update Talos release for SBCs

Feat

• move to ECDSA keys for all Kubernetes/etcd certs and keys
• update kernel
• mount hugetlbfs
• allow fqdn to be used when registering k8s node
• copy cryptsetup executable from pkgs
• use multi-arch images for k8s and Flannel CNI
• replace bootkube with Talos-managed control plane
• implement resource API in Talos
• update Linux to 5.10.7, musl-libc to 1.2.2
• update Kubernetes to 1.20.2
• support Wireguard networking
• bump pkgs for kernel with CONFIG_IPV6_MULTIPLE_TABLES
• support type filter in list API and CLI
• add commands to manage/query etcd cluster
• support disk image in talosctl cluster create
• update Kubernetes to 1.20.1

Fix

• use hugetlbfs instead of none
• use grpc load-balancing when connecting to trustd
• lower memory usage a bit by disabling memory profiling
• don't probe disks in container mode
• prefix rendered Talos-owned static pod manifests
• bump timeout for worker apid waiting for kubelet client config
• kill all processes and umount all disk on reboot/shutdown
• open blockdevices with exclusive flock for partitioning
• list command unlimited recursion default behavior
• pick first interface valid hostname (vs. last one)
• allow 'console' argument in kernel args to be always overridden
• bring up bonded interfaces correctly on packet
• checkpoint controller-manager and scheduler
• correctly transport gRPC errors from apid
• use SetAll instead of AppendAll when building kernel args
• add more dependencies for bootstrap services
• pass disk image flags to e2e-qemu cluster create command
• ignore pods spun up from checkpoints in health checks
• leave etcd for staged upgrades
• ignore errors on stopping/removing pod sandboxes
• use the correct console on Banana Pi M64
• don't run LabelNodeAsMaster in two sequences

Refactor

• update go-blockdevice and restructure disk interaction code
• define default kernel flags in machinery instead of procfs

Test

• clear connection refused errors after reset
• skip etcd tests on non-HA clusters

v0.8.0-alpha.3 (2020-12-10)

Chore

• update CONTRIBUTING.md
• limit unit-test run concurrency
• bump Go to 1.15.6
• bump dockerfile frontend version
• fix conform for releases

Docs

• update Equinix Metal guide
• add architectural doc on the root file system layout
• add a note on caveats in container mode
• add storage doc
• add guide for custom CAs
• add docs for network connectivity
• improve SBC documentation

Feat

• update kernel to 5.9.13, new KSPP requirements
• reset with system disk wipe spec
• add talosctl merge config command
• add talosctl config contexts
• update Kubernetes to 1.20.0
• implement "staged" (failsafe/backup) upgrades
• allow disabling NoSchedule taint on masters using TUI installer

Fix

• remove kmsg ratelimiting on startup
• zero out partitions without filesystems on install
• make interactive installer work without endpoints provided

Test

• add ISO test
• add support for mounting ISO in talosctl cluster create
• bump Talos release version for upgrade test to 0.7.1
• bump defaults for provision tests resources

v0.8.0-alpha.2 (2020-12-04)

Chore

• publish Rock64 image
• enable thrice daily pipeline
• run integration test thrice daily
• output SBC images as compressed raw images
• build SBC images
• update module dependencies
• drop support for docker load
• fix metal image name
• use IMAGE_TAG instead of TAG for :latest pushes

Docs

• fix typos
• add openstack docs
• ensure port for vbox and proxmox docs
• add console kernel arg to rpi_4 image generation
• add console kernel arg to libretech_all_h3_cc_h5 image generation

Feat

• add support for the Pine64 Rock64
• add TUI for configuring network interfaces settings
• make GenerateConfiguration accept current time as a parameter
• introduce configpatcher package in machinery
• suggest fixed control plane endpoints in talosctl gen config
• update kubernetes to 1.20.0-rc.0
• allow boards to set kernel args
• add support for the Banana Pi M64
• stop including K8s version by default in talosctl gen config
• add support for the Raspberry Pi 4 Model B
• implement network interfaces list API
• bump package for kernel with CIFS support
• upgrade etcd to 3.4.14
• update Containerd and Linux
• add support for installing to SBCs
• add ability to choose CNI config

Fix

• make default generate image arch dynamic based on arch
• stabilize serial console on RPi4, add video console
• make reset work again
• node taint doesn't contain value anymore
• defer resolving config context in client code
• remove value (change to empty) for NoSchedule taint
• prevent endless loop with DHCP requests in networkd
• skip board argument to the installer if it's not set
• use the dtb from kernel pkg for libretech_all_h3_cc_h5
• prevent crash in talosctl config commands
• update generated .ova manifest for raw disk size
• security: update Containerd to v1.4.3

Release

• v0.8.0-alpha.2: prepare release

v0.8.0-alpha.1 (2020-11-26)

Chore

• add cloud image uploader (AWS AMIs for now)
• bump K8s to 1.19.4 in e2e scripts with CABPT version
• build arm64 images in CI
• remove maintenance service interface and use machine service

Docs

• provide list of AMIs on AWS documentation page
• add 0.8 docs for the upcoming release
• ensure we configure nodes in guides
• ensure gcp docs have firewall and node info
• add qemu diagram and video walkthrough
• graduate v0.7 docs
• improve configuration reference documentation
• fix small typo in talosctl processes cast
• update asciinemas with talosctl
• add proxmox doc
• add live walkthroughs where applicable

Feat

• support openstack platform
• update Kubernetes to v1.20.0-beta.2
• change UI component for disks selector
• support cluster expansion in the interactive installer
• implement apply configuration without reboot
• make GenerateConfiguration API reuse current node auth
• sync time before installer runs
• set interface MTU in DHCP mode even if DHCP is not successful
• print hint about using interative installer in mainenance mode
• add TUI based talos interactive installer
• support ipv6 routes
• return client config as the second value in GenerateConfiguration
• correctly merge talosconfig (don't ever overwrite)
• drop to maintenance mode in cloud platforms if userdata is missing
• read config from extra guestinfo key (vmware)
• update Go to 1.15.5
• add generate config gRPC API
• upgrade Kubernetes default version to 1.19.4
• add example command in maintenance, enforce cert fingerprint
• add storage API

Fix

• bump blockdevice library for mmcblk part name fix
• ignore 'not found' errors when stopping/removing CRI pods
• return hostname from packet platform
• make fingerprint clearly optional in a boot hint
• ensure packet nics get all IPs
• use ghcr.io/talos-systems/kubelet
• bump timeout for config downloading on bare metal

Refactor

• drop osd compatibility layer

Release

• v0.8.0-alpha.1: prepare release

Test

• update integration test versions, clean up names