Talos 0.11.0 (2021-07-08)
Welcome to the v0.11.0 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.
Default to Bootstrap workflow
The init.yaml
is no longer an output of talosctl gen config
.
We now encourage using the bootstrap API, instead of init
node types, as we
intend on deprecating this machine type in the future.
The init.yaml
and controlplane.yaml
machine configs are identical with the
exception of the machine type.
Users can use a modified controlplane.yaml
with the machine type set to
init
if they would like to avoid using the bootstrap API.
Component Updates
- containerd was updated to 1.5.2
- Linux kernel was updated to 5.10.45
- Kubernetes was updated to 1.21.2
- etcd was updated to 3.4.16
- CoreDNS was updated to 1.8.4
CoreDNS
Added the flag cluster.coreDNS.disabled
to coreDNS deployment during the cluster bootstrap.
Legacy BIOS Support
Added an option to the machine.install
section of the machine config that can enable marking MBR partition bootable
for the machines that have legacy BIOS which does not support GPT partitioning scheme.
Multi-arch Installer
Talos installer image (for any arch) now contains artifacts for both amd64
and arm64
architecture.
This means that e.g. images for arm64 SBCs can be generated on amd64 host.
Networking Configuration
Talos networking configuration was completely rewritten to be based on controllers
and resources.
There are no changes to the machine configuration, but any update to .machine.network
can now
be applied in immediate mode (without a reboot).
Talos should be setting up network configuration much faster on boot now, not blocking on DHCP for unconfigured
interfaces and skipping the reset network step.
Talos API RBAC
Limited RBAC support in Talos API is now enabled by default for Talos 0.11.
Default talosconfig
has os:admin
role embedded in the certificate so that all the APIs are available.
Certificates with reduced set of roles can be created with talosctl config new
command.
When upgrading from Talos 0.10, RBAC is not enabled by default. Before enabling RBAC, generate talosconfig
with
os:admin
role first to make sure that administrator still has access to the cluster when RBAC is enabled
(using talosctl config new
command).
List of available roles:
os:admin
role enables every Talos APIos:reader
role limits access to read-only APIs which do not return sensitive dataos:etcd:backup
role only allowstalosctl etcd snapshot
API call (for etcd backup automation)
Contributors
- Andrey Smirnov
- Alexey Palazhchenko
- Artem Chernyshev
- Serge Logvinov
- Spencer Smith
- Jorik Jonker
- Andrew Rynhard
- Andrew LeCody
- Kevin Hellemun
- Seán C McCord
- Boran Car
- Brandon Nason
- Gabor Nyiri
- Gabor Nyiri
- Joost Coelingh
- Lance R. Vick
- Lennard Klein
- Sébastien Bernard
- Sébastien Bernard
Changes
199 commits
3f6b56c68
release(v0.11.0): prepare release4a54fe00d
chore: ignore tags which don't look like semantic version1a40f379f
release(v0.11.0-beta.3): prepare release673b27160
fix: validate bond slaves addressingf3f646fde
chore: ignore future pkg/machinery/vX.Y.Z tags5c640cd52
fix: ignore DeadlineExceeded error correctly on bootstrap17edc883c
fix: make forfeit leadership connect to the right node08c9a2e58
feat: implementtalosctl config info
commandf6892dba7
fix: close Kubernetes API client06aa24fb9
fix: ignore 'not a leader' error on forfeit leadership9075fc41c
fix: workaround 'Unauthorized' errors when accessing Kubernetes API1179d6baf
release(v0.11.0-beta.2): prepare release8aed6c2e1
fix: fill uuid argument correctly in the config download URLd6c5e5004
fix: make output ofupgrade-k8s
command less scary452e096e1
fix: restart the merge controllers on conflict79f4f1aa8
fix: ignore deadline exceeded errors on bootstrap8904009f0
feat: update pkgs version223abaab0
release(v0.11.0-beta.1): prepare release7abadf726
fix: issue worker apid certs properly on renewal33d73189e
fix: don't set bond delay options if miimon is not enabledde7db38e3
release(v0.11.0-beta.0): prepare release74111d7b6
feat: add RBAC totalosctl version
output728ad5c6f
fix: handle cases when merged resource re-appears before being destroyed283e9f026
chore: add CAPI version to CI setup01a196ea4
chore: small RBAC improvements829e54f1a
fix: limit apid access to COSI runtime resourcesf9e01d027
fix: ignore EINVAL onunmount
operations7672435e1
feat: add a method to get gRPC connection from the clientb5244bf18
chore: bump go.mod dependencies, fix netaddr API changesc7e622567
chore: update coredns to 1.8.43a34f1a51
chore: bump Talos Go modules to release versions8d60abff7
chore: use tagged versions of bldr dependencies for 0.118ef68a6fb
feat: remove go-runner in staticpodsa650531fa
release(v0.11.0-alpha.2): prepare release71fff02ff
fix: revert back resource.proto orderd3f4e6006
fix: replace tabs with spaces in console output1990ad252
feat: add created and updated timestamps to the resource metadata0731be908
feat: add cloud images to releasesb52b20666
feat: split etcd certificates to peer/client33119d2b8
chore: add an option to launch cluster with bad RTC stated8c2bca1b
feat: reimplement apid certificate generation on top of COSI3c1b32199
chore: refactor CLI tests0fd9ea2d6
feat: enable MACVTAP support898673e8d
chore: update e2e tests to use latest capi releasese26c5583c
docs: add AMI IDs for Talos 0.10.472ef48f0e
fix: assign source address to the DHCP default gateway routes004885a37
feat: update Linux kernel to 5.10.45, etcd to 3.4.16821f469a1
feat: skip overlay mount checks with dockerb6e02311a
feat: use COSI RD's sensitivity for RBAC46751c1ad
feat: improve security of Kubernetes control plane components0f659622d
fix: build with custom kernel/rootfs5b5089ab9
fix: mark kube-proxy as system critical priority42c16f67f
chore: bump dependencies60f78419e
chore: bump etcd client libraries to final 3.5.0 release2b0de9edb
feat: improve security of Kubernetes control plane components48a5c460a
docs: provide more storage detailse13d905c2
release(v0.11.0-alpha.1): prepare release70ac771e0
fix: use localhost API server endpoint for internal communicationa941eb7da
feat: improve security of Kubernetes control plane components3aae94e53
feat: provide Kubernetes nodename as a COSI resource06209bba2
chore: update RBAC rules, remove old APIs9f24b519d
chore: remove bootkube check from cluster health check4ac9bea27
fix: stop etcd client logs from going to the server consolef63ab9dd9
feat: implementtalosctl config new
commandfa15a6687
fix: don't enable RBAC feature in the config for Talos < 0.112dc27d996
fix: do not format state partition in the initialize sequenceb609f33cd
fix: update networking stack after Equnix Metal testing243a3b53e
fix: separate healthy and unknown flags in the service resource1a1378be1
fix: update retry package with a fix for errors.Iscb83edd7f
fix: wait for the network to be ready in mainteancne mode96f89071c
feat: update controller-runtime logs to console level on config.debug973069b61
feat: support NFS 4.1654dcad47
chore: bump dependencies via dependabotd7394457d
fix: don't treat ethtool errors as fatalf2ae9cd0c
feat: replace networkd with new network implementationcaec3063c
fix: do not complain about empty roles11918a110
docs: update community meeting timeaeddb9c09
feat: implement platform config controller (hostnames)1ece334da
feat: implement controller which runs network operators744ea8a5d
fix: do not add bootstrap contents option if tail events is not 05029edfb7
fix: overwrite nodes in the gRPC metadata6a35c8f11
feat: implement virtual IP (shared IP) network operator0f3b83803
chore: expose WatchRequest in the resources client11e258b15
feat: implement operator configuration controllerce3815e75
feat: implement DHCP6 operatorf010d99af
feat: implement operator framework with DHCP4 as the first examplef93c9c8fa
feat: bring unconfigured links with link carrier up by default02bd657b2
feat: implement network.Status resource and controllerda329f00a
feat: enable RBAC by default0f168a880
feat: add configuration for enabling RBACe74f789b0
feat: implement EtcFileController to render files in/etc
5aede1a83
fix: prefer extraConfig over OVF env, skip empty config5ad314fe7
feat: implement basic RBAC interceptorsc031be813
chore: use Go 1.16.58b0763f6a
chore: bump dependencies via dependabot8b8de11d9
feat: implement new controllers for hostname, resolvers and time servers24859b141
docs: update Rpi4 firmware guide62c702c4f
fix: remove conflicting etcd member on rejoin with empty data directoryff62a5998
fix: drop into maintenance mode if config URL isnone
(metal)14e696d06
feat: update COSI runtime and add support for tail in the Talos gRPCa71053fcd
feat: default to bootstrap workflow76aac4bb2
feat: implement CPU and Memory stats controller8f90c6a8e
feat: parse Talos-specific cmdline paramsed10e139c
feat: implement NodeAddress controller33db8857a
fix: use COSI runtime DestroyReady input type6e7753639
refactor: rename *.Status() to *.TypedSpec() in the resources97627061d
docs: set static IP on ISO install mode5811f4dda
feat: implement link (interface) controllers046b229b1
chore: skip building multi-arch installer for race-enabled build73fbb4b52
fix: only fetch machine uuid if it's not setf112a540b
fix: clean up stale snapshots on container startc036b9494
chore: bump dependenciesa4d67a018
feat: add the ability to disable CoreDNS76dbfb369
feat: add ability to mark MBR partition bootablee0f5b1e20
chore: split mgmt/gen.go into several filesfad1b4f1f
chore: fix go generate for the machinery1117294ad
release(v0.11.0-alpha.0): prepare releasec09629466
chore: prepare for 0.11 release series723597657
feat: enable GORACE=halt_on_panic=1 in machined binary0acb04ad7
feat: implement route network controllersf5bf88a4c
feat: create certificates with os:admin role1db301edf
feat: switch controller-runtime to zap.Loggerf7cf64d42
fix: add talos.config to the vApp Properties in VMware OVA209527ecc
docs: add AMIs for Talos 0.10.359cfd312c
chore: bump dependencies via dependabot1edb20cf9
feat: extract config generationaf77c2956
docs: update wirguard guide4fe691214
test: bettertalosctl ls
tests04ddda962
feat: update containerd to 1.5.2, runc to 1.0.0-rc9549c7276b1
chore: fix markdown linting7270495ac
docs: add mayastor quickstartd3d9112f2
docs: fix spelling/grammar in What's New for Talos 0.982804414f
test: provide a way to force different boot order in provision librarya1c0e99a1
docs: add guide for deploying metrics-server6bc6658b5
feat: update containerd to 1.5.1c6567fae9
chore: dependabot updates61ccbb3f5
chore: keep debug symbols in debug builds1ce362e05
docs: update customizing kernel build stepsa26174b54
fix: properly compose pattern and header in etcd members output0825cf11f
fix: stop networkd and pods before leaving etcd on upgradebed6b15d6
fix: properly populate AllowSchedulingOnMasters option in gen config RPC071f04456
feat: implement AddressSpec handling76e38b7b8
feat: update Kubernetes to 1.21.19b1338d98
chore: parse "boolean" variablesc81cfb216
chore: allow building with debug handlersc9651673b
feat: update go-smbios library95c656fb7
feat: update containerd to 1.5.0, runc to 1.0.0-rc94db9c35b57
feat: implement AddressStatusController1cf011a80
chore: bump dependencies via dependabote3f407a1d
fix: properly pass disk type selector from config to matcher66b2b4505
feat: add resources and use HTTPS checks in control plane pods4ffd7c0ad
fix: stop networkd before leaving etcd on 'reset' path610d38d30
docs: add AMIs for 0.10.1, collapse list of AMIs by default807497ec2
chore: make conformance pipeline depend on cron-default3c1213596
feat: implement LinkStatusController0e8de0469
fix: update go-blockdevice to fix disk type detection4d50a4edd
fix: update the way NTP sync usesadjtimex
syscall1a85c14a5
fix: avoid data race on CRI pod stop5de8dbc06
fix: repair pine64 support382390973
fix: properly parse matcher expressionse54b6b7a3
chore: update dependencies via dependabotf2caed0df
chore: use extracted talos-systems/go-kmsg library79d804c5b
docs: fix typosa2bb390e1
feat: deterministic buildse480fedff
feat: add USB serial drivers79299d761
docs: add Matrix room links1b3e8b09e
docs: add survey to README8d51c9bb1
docs: update redirects to Talos 0.101092c3a50
feat: add Pine64 SBC support63e017543
feat: pull kernel with VMware balloon module enabledaeec99d82
chore: remove temporary fork0f49722d0
feat: add--config-patch
flag by node typea01b1d22d
chore: dump dependencies via dependabotd540a4a47
fix: bump crypto library for the CSR verification fixc3a4173e1
chore: remove security API ReadFile/WriteFile38037131c
chore: update wgctrl dependecyd9ba0fd01
docs: create v0.11 docs, promote v0.10 docs, add v0.10 AMIs2261d7ed0
fix: use both self-signed and Kubernetes CA to verify Kubelet certa3537a691
docs: update cloud images for Talos v0.9.35b9ee8617
docs: add what's new for Talos 0.10f1107fa3a
docs: add survey93623d47f
docs: update AWS instructionsa739d1b8a
feat: add support of custom registry CA certificate usage7f468d350
fix: update osType in OVA other3xLinux64Guest"4a184b67d
docs: add etcd backup and restore guide5fb38d3e5
chore: refactor Dockerfile for cross-compilationa8f1e526b
chore: build talosctl for Darwin / Apple Siliconeb0b64d31
chore: list specifically for enabled regions669a0cbdc
fix: check if OVF env is emptyda92049c0
chore: use codecov from the build container9996d4b02
chore: use REGISTRY_MIRROR_FLAGS if defined05cbe250c
chore: bump dependencies via dependabot9a91142a3
feat: print complete member info in etcd membersbb40d6dd0
feat: update pkgs versione7a9164b1
test: implementtalosctl conformance
command to run e2e tests6cb266e74
fix: update etcd client errors, print etcd join failures0bd8b0e80
feat: provide an option to recover etcd from data directory copyf98185408
chore: fix conform with scopes21018f28c
chore: bump website node.js dependencies
Changes since v0.11.0-beta.3
2 commits
3f6b56c68
release(v0.11.0): prepare release4a54fe00d
chore: ignore tags which don't look like semantic version
Changes from talos-systems/crypto
8 commits
d3cb772
feat: make possible to change KeyUsage6bc5bb5
chore: remove unused argumentcd18ef6
feat: add support for several organizations97c888b
chore: add options to CSR7776057
chore: fix typos80df078
chore: remove named result parameters15bdd28
chore: minor updates4f80b97
fix: verify CSR signature before issuing a certificate
Changes from talos-systems/extras
Changes from talos-systems/go-blockdevice
3 commits
30c2bc3
feat: mark MBR bootable1292574
fix: make disk type matcher parser case insensitiveb77400e
fix: properly detect nvme and sd card disk types
Changes from talos-systems/go-debug
5 commits
3d0a6e1
feat: race build tag flag detector5b292e5
feat: disable memory profiling by defaultc6d0ae2
fix: linters and CId969f95
feat: initial implementationb2044b7
Initial commit
Changes from talos-systems/go-kmsg
3 commits
b08e4d3
feat: replace tab character with space in console output2edcd3a
feat: add initial version53cdd8d
chore: initial commit
Changes from talos-systems/go-loadbalancer
3 commits
a445702
feat: allow dial timeout and keep alive period to be configurable3c8f347
feat: provide a way to configure logger for the loadbalancerda8e987
feat: implement Reconcile - ability to change upstream list on the fly
Changes from talos-systems/go-retry
3 commits
c78cc95
fix: implementerrors.Is
for all errors in the set7885e16
feat: add ExpectedErrorf3d83f61
feat: deprecate UnexpectedError
Changes from talos-systems/go-smbios
Changes from talos-systems/pkgs
24 commits
7b2e126
feat: add support for hotplug of PCIE devicesf499062
chore: bump tools to final release 0.6.041d6ccc
feat: enable MACVTAP support96072f8
feat: enable adiantum block encryption (both amd64 arm64)f5eac03
feat: update Linux to 5.10.45d756119
feat: enable HP ILO kernel module (both amd64 arm64)2d51360
feat: support NFS 4.1e63e4e9
feat: bump tools for Go 1.16.51f8af29
feat: update Linux to 5.10.38a3a6650
feat: update containerd to 1.5.2c70ea44
feat: update runc to 1.0.0-rc95db60235
feat: add support for netxen cardf934187
feat: update containerd to 1.5.1e8ed5bc
feat: add geneve encapsulation support for openvswitch9f7903c
feat: update containerd to 1.5.0, runc to -rc94d7c0f70
feat: add AES-NI support for amd64b0d9cd2
fix: buildzbin
utility for both amd64 and arm64bb39b97
feat: add IPMI support in kernel1148f9a
feat: add DS1307 RTC support for arm64350aa6f
feat: add USB serial supportde9c582
feat: add Pine64 SBC supportb56f36b
feat: enable VMware baloon kernel modulef87c194
feat: add iPXE build with embedded placeholder scripta8b9e71
feat: add cpu scaling for rpi
Changes from talos-systems/tools
Dependency Changes
- github.com/aws/aws-sdk-go v1.38.66 new
- github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
- github.com/containerd/containerd v1.4.4 -> v1.5.2
- github.com/containerd/go-cni v1.0.1 -> v1.0.2
- github.com/containerd/typeurl v1.0.1 -> v1.0.2
- github.com/coreos/go-iptables v0.5.0 -> v0.6.0
- github.com/cosi-project/runtime 10d6103c19ab -> 93ead370bf57
- github.com/docker/docker v20.10.4 -> v20.10.7
- github.com/emicklei/dot v0.15.0 -> v0.16.0
- github.com/evanphx/json-patch v4.9.0 -> v4.11.0
- github.com/fatih/color v1.10.0 -> v1.12.0
- github.com/google/go-cmp v0.5.5 -> v0.5.6
- github.com/google/gofuzz v1.2.0 new
- github.com/googleapis/gnostic v0.5.5 new
- github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
- github.com/hashicorp/go-getter v1.5.2 -> v1.5.4
- github.com/imdario/mergo v0.3.12 new
- github.com/insomniacslk/dhcp cc9239ac6294 -> 1cac67f12b1e
- github.com/jsimonetti/rtnetlink 1b79e63a70a0 -> 9c52e516c709
- github.com/mattn/go-isatty v0.0.12 -> v0.0.13
- github.com/mdlayher/arp f72070a231fc new
- github.com/mdlayher/ethtool 2b88debcdd43 new
- github.com/mdlayher/netlink v1.4.0 -> v1.4.1
- github.com/mdlayher/raw 51b895745faf new
- github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> e6143ca7d51d
- github.com/rivo/tview 8a8f78a6dd01 -> d4fb0348227b
- github.com/rs/xid v1.2.1 -> v1.3.0
- github.com/sirupsen/logrus v1.8.1 new
- github.com/spf13/viper v1.8.0 new
- github.com/talos-systems/crypto 39584f1b6e54 -> v0.3.1
- github.com/talos-systems/extras v0.3.0 -> v0.4.0
- github.com/talos-systems/go-blockdevice 1d830a25f64f -> v0.2.1
- github.com/talos-systems/go-debug v0.2.1 new
- github.com/talos-systems/go-kmsg v0.1.1 new
- github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
- github.com/talos-systems/go-retry b9dc1a990133 -> v0.3.1
- github.com/talos-systems/go-smbios fb425d4727e6 -> v0.1.0
- github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-1-g7b2e126
- github.com/talos-systems/talos/pkg/machinery 8ffb559 -> 000000000000
- github.com/talos-systems/tools v0.5.0 -> v0.6.0
- github.com/vishvananda/netns 2eb08e3e575f new
- github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.52.0
- github.com/vmware/govmomi v0.24.0 -> v0.26.0
- go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0
- go.etcd.io/etcd/client/pkg/v3 v3.5.0 new
- go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0
- go.etcd.io/etcd/etcdutl/v3 v3.5.0 new
- go.uber.org/zap v1.17.0 new
- golang.org/x/net e18ecbb05110 -> 04defd469f4e
- golang.org/x/oauth2 a8dc77f794b6 new
- golang.org/x/sys 77cc2087c03b -> 59db8d763f22
- golang.org/x/term 6a3ed077a48d -> 6886f2dfbf5b
- golang.org/x/time f8bda1e9f3ba -> 38a9dc6acbc6
- golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> 92e472f520a5
- google.golang.org/grpc v1.37.0 -> v1.38.0
- inet.af/netaddr bf05d8b52dda new
- k8s.io/api v0.21.0 -> v0.21.2
- k8s.io/apimachinery v0.21.0 -> v0.21.2
- k8s.io/apiserver v0.21.0 -> v0.21.2
- k8s.io/client-go v0.21.0 -> v0.21.2
- k8s.io/cri-api v0.21.0 -> v0.21.2
- k8s.io/kubectl v0.21.0 -> v0.21.2
- k8s.io/kubelet v0.21.0 -> v0.21.2
- k8s.io/utils 6fdb442a123b new
- sigs.k8s.io/structured-merge-diff/v4 v4.1.1 new
Previous release can be found at v0.10.0
Images
quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.4.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.21.2
k8s.gcr.io/kube-controller-manager:v1.21.2
k8s.gcr.io/kube-scheduler:v1.21.2
k8s.gcr.io/kube-proxy:v1.21.2
ghcr.io/talos-systems/kubelet:v1.21.2
ghcr.io/talos-systems/installer:v0.11.0
k8s.gcr.io/pause:3.2