github siderolabs/talos v0.11.0-alpha.1
on GitHub

latest releases: v1.7.0, pkg/machinery/v1.7.0, v1.7.0-beta.1...
pre-release2 years ago

Talos 0.11.0-alpha.1 (2021-06-18)

Welcome to the v0.11.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Default to Bootstrap workflow

The init.yaml is no longer an output of talosctl gen config.
We now encourage using the bootstrap API, instead of init node types, as we
intend on deprecating this machine type in the future.
The init.yaml and controlplane.yaml machine configs are identical with the
exception of the machine type.
Users can use a modified controlplane.yaml with the machine type set to
init if they would like to avoid using the bootstrap API.

Component Updates

  • containerd was updated to 1.5.2
  • Linux kernel was updated to 5.10.38

CoreDNS

Added the flag cluster.coreDNS.disabled to coreDNS deployment during the cluster bootstrap.

Legacy BIOS Support

Added an option to the machine.install section of the machine config that can enable marking MBR partition bootable
for the machines that have legacy BIOS which does not support GPT partitioning scheme.

Multi-arch Installer

Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture.
This means that e.g. images for arm64 SBCs can be generated on amd64 host.

Networking Configuration

Talos networking configuration was completely rewritten to be based on controllers
and resources.
There are no changes to the machine configuration, but any update to .machine.network can now
be applied in immediate mode (without a reboot).
Talos should be setting up network configuration much faster on boot now, not blocking on DHCP for unconfigured
interfaces and skipping the reset network step.

Talos API RBAC

Limited RBAC support in Talos API is now enabled by default for Talos 0.11.
Default talosconfig has os:admin role embedded in the certificate so that all the APIs are available.
Certificates with reduced set of roles can be created with talosctl config new command.

When upgrading from Talos 0.10, RBAC is not enabled by default. Before enabling RBAC, generate talosconfig with
os:admin role first to make sure that administrator still has access to the cluster when RBAC is enabled.

List of available roles:

  • os:admin role enables every Talos API
  • os:reader role limits access to read-only APIs which do not return sensitive data
  • os:etcd:backup role only allows talosctl etcd snapshot API call (for etcd backup automation)

Contributors

  • Andrey Smirnov
  • Alexey Palazhchenko
  • Artem Chernyshev
  • Jorik Jonker
  • Spencer Smith
  • Andrew Rynhard
  • Serge Logvinov
  • Andrew LeCody
  • Kevin Hellemun
  • Boran Car
  • Brandon Nason
  • Gabor Nyiri
  • Joost Coelingh
  • Lance R. Vick
  • Lennard Klein
  • Seán C McCord
  • Sébastien Bernard
  • Sébastien Bernard

Changes

143 commits

  • e13d905c2 release(v0.11.0-alpha.1): prepare release
  • 70ac771e0 fix: use localhost API server endpoint for internal communication
  • a941eb7da feat: improve security of Kubernetes control plane components
  • 3aae94e53 feat: provide Kubernetes nodename as a COSI resource
  • 06209bba2 chore: update RBAC rules, remove old APIs
  • 9f24b519d chore: remove bootkube check from cluster health check
  • 4ac9bea27 fix: stop etcd client logs from going to the server console
  • f63ab9dd9 feat: implement talosctl config new command
  • fa15a6687 fix: don't enable RBAC feature in the config for Talos < 0.11
  • 2dc27d996 fix: do not format state partition in the initialize sequence
  • b609f33cd fix: update networking stack after Equnix Metal testing
  • 243a3b53e fix: separate healthy and unknown flags in the service resource
  • 1a1378be1 fix: update retry package with a fix for errors.Is
  • cb83edd7f fix: wait for the network to be ready in mainteancne mode
  • 96f89071c feat: update controller-runtime logs to console level on config.debug
  • 973069b61 feat: support NFS 4.1
  • 654dcad47 chore: bump dependencies via dependabot
  • d7394457d fix: don't treat ethtool errors as fatal
  • f2ae9cd0c feat: replace networkd with new network implementation
  • caec3063c fix: do not complain about empty roles
  • 11918a110 docs: update community meeting time
  • aeddb9c09 feat: implement platform config controller (hostnames)
  • 1ece334da feat: implement controller which runs network operators
  • 744ea8a5d fix: do not add bootstrap contents option if tail events is not 0
  • 5029edfb7 fix: overwrite nodes in the gRPC metadata
  • 6a35c8f11 feat: implement virtual IP (shared IP) network operator
  • 0f3b83803 chore: expose WatchRequest in the resources client
  • 11e258b15 feat: implement operator configuration controller
  • ce3815e75 feat: implement DHCP6 operator
  • f010d99af feat: implement operator framework with DHCP4 as the first example
  • f93c9c8fa feat: bring unconfigured links with link carrier up by default
  • 02bd657b2 feat: implement network.Status resource and controller
  • da329f00a feat: enable RBAC by default
  • 0f168a880 feat: add configuration for enabling RBAC
  • e74f789b0 feat: implement EtcFileController to render files in /etc
  • 5aede1a83 fix: prefer extraConfig over OVF env, skip empty config
  • 5ad314fe7 feat: implement basic RBAC interceptors
  • c031be813 chore: use Go 1.16.5
  • 8b0763f6a chore: bump dependencies via dependabot
  • 8b8de11d9 feat: implement new controllers for hostname, resolvers and time servers
  • 24859b141 docs: update Rpi4 firmware guide
  • 62c702c4f fix: remove conflicting etcd member on rejoin with empty data directory
  • ff62a5998 fix: drop into maintenance mode if config URL is none (metal)
  • 14e696d06 feat: update COSI runtime and add support for tail in the Talos gRPC
  • a71053fcd feat: default to bootstrap workflow
  • 76aac4bb2 feat: implement CPU and Memory stats controller
  • 8f90c6a8e feat: parse Talos-specific cmdline params
  • ed10e139c feat: implement NodeAddress controller
  • 33db8857a fix: use COSI runtime DestroyReady input type
  • 6e7753639 refactor: rename *.Status() to *.TypedSpec() in the resources
  • 97627061d docs: set static IP on ISO install mode
  • 5811f4dda feat: implement link (interface) controllers
  • 046b229b1 chore: skip building multi-arch installer for race-enabled build
  • 73fbb4b52 fix: only fetch machine uuid if it's not set
  • f112a540b fix: clean up stale snapshots on container start
  • c036b9494 chore: bump dependencies
  • a4d67a018 feat: add the ability to disable CoreDNS
  • 76dbfb369 feat: add ability to mark MBR partition bootable
  • e0f5b1e20 chore: split mgmt/gen.go into several files
  • fad1b4f1f chore: fix go generate for the machinery
  • 1117294ad release(v0.11.0-alpha.0): prepare release
  • c09629466 chore: prepare for 0.11 release series
  • 723597657 feat: enable GORACE=halt_on_panic=1 in machined binary
  • 0acb04ad7 feat: implement route network controllers
  • f5bf88a4c feat: create certificates with os:admin role
  • 1db301edf feat: switch controller-runtime to zap.Logger
  • f7cf64d42 fix: add talos.config to the vApp Properties in VMware OVA
  • 209527ecc docs: add AMIs for Talos 0.10.3
  • 59cfd312c chore: bump dependencies via dependabot
  • 1edb20cf9 feat: extract config generation
  • af77c2956 docs: update wirguard guide
  • 4fe691214 test: better talosctl ls tests
  • 04ddda962 feat: update containerd to 1.5.2, runc to 1.0.0-rc95
  • 49c7276b1 chore: fix markdown linting
  • 7270495ac docs: add mayastor quickstart
  • d3d9112f2 docs: fix spelling/grammar in What's New for Talos 0.9
  • 82804414f test: provide a way to force different boot order in provision library
  • a1c0e99a1 docs: add guide for deploying metrics-server
  • 6bc6658b5 feat: update containerd to 1.5.1
  • c6567fae9 chore: dependabot updates
  • 61ccbb3f5 chore: keep debug symbols in debug builds
  • 1ce362e05 docs: update customizing kernel build steps
  • a26174b54 fix: properly compose pattern and header in etcd members output
  • 0825cf11f fix: stop networkd and pods before leaving etcd on upgrade
  • bed6b15d6 fix: properly populate AllowSchedulingOnMasters option in gen config RPC
  • 071f04456 feat: implement AddressSpec handling
  • 76e38b7b8 feat: update Kubernetes to 1.21.1
  • 9b1338d98 chore: parse "boolean" variables
  • c81cfb216 chore: allow building with debug handlers
  • c9651673b feat: update go-smbios library
  • 95c656fb7 feat: update containerd to 1.5.0, runc to 1.0.0-rc94
  • db9c35b57 feat: implement AddressStatusController
  • 1cf011a80 chore: bump dependencies via dependabot
  • e3f407a1d fix: properly pass disk type selector from config to matcher
  • 66b2b4505 feat: add resources and use HTTPS checks in control plane pods
  • 4ffd7c0ad fix: stop networkd before leaving etcd on 'reset' path
  • 610d38d30 docs: add AMIs for 0.10.1, collapse list of AMIs by default
  • 807497ec2 chore: make conformance pipeline depend on cron-default
  • 3c1213596 feat: implement LinkStatusController
  • 0e8de0469 fix: update go-blockdevice to fix disk type detection
  • 4d50a4edd fix: update the way NTP sync uses adjtimex syscall
  • 1a85c14a5 fix: avoid data race on CRI pod stop
  • 5de8dbc06 fix: repair pine64 support
  • 382390973 fix: properly parse matcher expressions
  • e54b6b7a3 chore: update dependencies via dependabot
  • f2caed0df chore: use extracted talos-systems/go-kmsg library
  • 79d804c5b docs: fix typos
  • a2bb390e1 feat: deterministic builds
  • e480fedff feat: add USB serial drivers
  • 79299d761 docs: add Matrix room links
  • 1b3e8b09e docs: add survey to README
  • 8d51c9bb1 docs: update redirects to Talos 0.10
  • 1092c3a50 feat: add Pine64 SBC support
  • 63e017543 feat: pull kernel with VMware balloon module enabled
  • aeec99d82 chore: remove temporary fork
  • 0f49722d0 feat: add --config-patch flag by node type
  • a01b1d22d chore: dump dependencies via dependabot
  • d540a4a47 fix: bump crypto library for the CSR verification fix
  • c3a4173e1 chore: remove security API ReadFile/WriteFile
  • 38037131c chore: update wgctrl dependecy
  • d9ba0fd01 docs: create v0.11 docs, promote v0.10 docs, add v0.10 AMIs
  • 2261d7ed0 fix: use both self-signed and Kubernetes CA to verify Kubelet cert
  • a3537a691 docs: update cloud images for Talos v0.9.3
  • 5b9ee8617 docs: add what's new for Talos 0.10
  • f1107fa3a docs: add survey
  • 93623d47f docs: update AWS instructions
  • a739d1b8a feat: add support of custom registry CA certificate usage
  • 7f468d350 fix: update osType in OVA other3xLinux64Guest"
  • 4a184b67d docs: add etcd backup and restore guide
  • 5fb38d3e5 chore: refactor Dockerfile for cross-compilation
  • a8f1e526b chore: build talosctl for Darwin / Apple Silicon
  • eb0b64d31 chore: list specifically for enabled regions
  • 669a0cbdc fix: check if OVF env is empty
  • da92049c0 chore: use codecov from the build container
  • 9996d4b02 chore: use REGISTRY_MIRROR_FLAGS if defined
  • 05cbe250c chore: bump dependencies via dependabot
  • 9a91142a3 feat: print complete member info in etcd members
  • bb40d6dd0 feat: update pkgs version
  • e7a9164b1 test: implement talosctl conformance command to run e2e tests
  • 6cb266e74 fix: update etcd client errors, print etcd join failures
  • 0bd8b0e80 feat: provide an option to recover etcd from data directory copy
  • f98185408 chore: fix conform with scopes
  • 21018f28c chore: bump website node.js dependencies

Changes since v0.11.0-alpha.0

60 commits

  • e13d905c2 release(v0.11.0-alpha.1): prepare release
  • 70ac771e0 fix: use localhost API server endpoint for internal communication
  • a941eb7da feat: improve security of Kubernetes control plane components
  • 3aae94e53 feat: provide Kubernetes nodename as a COSI resource
  • 06209bba2 chore: update RBAC rules, remove old APIs
  • 9f24b519d chore: remove bootkube check from cluster health check
  • 4ac9bea27 fix: stop etcd client logs from going to the server console
  • f63ab9dd9 feat: implement talosctl config new command
  • fa15a6687 fix: don't enable RBAC feature in the config for Talos < 0.11
  • 2dc27d996 fix: do not format state partition in the initialize sequence
  • b609f33cd fix: update networking stack after Equnix Metal testing
  • 243a3b53e fix: separate healthy and unknown flags in the service resource
  • 1a1378be1 fix: update retry package with a fix for errors.Is
  • cb83edd7f fix: wait for the network to be ready in mainteancne mode
  • 96f89071c feat: update controller-runtime logs to console level on config.debug
  • 973069b61 feat: support NFS 4.1
  • 654dcad47 chore: bump dependencies via dependabot
  • d7394457d fix: don't treat ethtool errors as fatal
  • f2ae9cd0c feat: replace networkd with new network implementation
  • caec3063c fix: do not complain about empty roles
  • 11918a110 docs: update community meeting time
  • aeddb9c09 feat: implement platform config controller (hostnames)
  • 1ece334da feat: implement controller which runs network operators
  • 744ea8a5d fix: do not add bootstrap contents option if tail events is not 0
  • 5029edfb7 fix: overwrite nodes in the gRPC metadata
  • 6a35c8f11 feat: implement virtual IP (shared IP) network operator
  • 0f3b83803 chore: expose WatchRequest in the resources client
  • 11e258b15 feat: implement operator configuration controller
  • ce3815e75 feat: implement DHCP6 operator
  • f010d99af feat: implement operator framework with DHCP4 as the first example
  • f93c9c8fa feat: bring unconfigured links with link carrier up by default
  • 02bd657b2 feat: implement network.Status resource and controller
  • da329f00a feat: enable RBAC by default
  • 0f168a880 feat: add configuration for enabling RBAC
  • e74f789b0 feat: implement EtcFileController to render files in /etc
  • 5aede1a83 fix: prefer extraConfig over OVF env, skip empty config
  • 5ad314fe7 feat: implement basic RBAC interceptors
  • c031be813 chore: use Go 1.16.5
  • 8b0763f6a chore: bump dependencies via dependabot
  • 8b8de11d9 feat: implement new controllers for hostname, resolvers and time servers
  • 24859b141 docs: update Rpi4 firmware guide
  • 62c702c4f fix: remove conflicting etcd member on rejoin with empty data directory
  • ff62a5998 fix: drop into maintenance mode if config URL is none (metal)
  • 14e696d06 feat: update COSI runtime and add support for tail in the Talos gRPC
  • a71053fcd feat: default to bootstrap workflow
  • 76aac4bb2 feat: implement CPU and Memory stats controller
  • 8f90c6a8e feat: parse Talos-specific cmdline params
  • ed10e139c feat: implement NodeAddress controller
  • 33db8857a fix: use COSI runtime DestroyReady input type
  • 6e7753639 refactor: rename *.Status() to *.TypedSpec() in the resources
  • 97627061d docs: set static IP on ISO install mode
  • 5811f4dda feat: implement link (interface) controllers
  • 046b229b1 chore: skip building multi-arch installer for race-enabled build
  • 73fbb4b52 fix: only fetch machine uuid if it's not set
  • f112a540b fix: clean up stale snapshots on container start
  • c036b9494 chore: bump dependencies
  • a4d67a018 feat: add the ability to disable CoreDNS
  • 76dbfb369 feat: add ability to mark MBR partition bootable
  • e0f5b1e20 chore: split mgmt/gen.go into several files
  • fad1b4f1f chore: fix go generate for the machinery

Changes from talos-systems/crypto

7 commits

  • 6bc5bb5 chore: remove unused argument
  • cd18ef6 feat: add support for several organizations
  • 97c888b chore: add options to CSR
  • 7776057 chore: fix typos
  • 80df078 chore: remove named result parameters
  • 15bdd28 chore: minor updates
  • 4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/extras

1 commit

  • 4fe2706 feat: build with Go 1.16.5

Changes from talos-systems/go-blockdevice

3 commits

  • 30c2bc3 feat: mark MBR bootable
  • 1292574 fix: make disk type matcher parser case insensitive
  • b77400e fix: properly detect nvme and sd card disk types

Changes from talos-systems/go-debug

5 commits

  • 3d0a6e1 feat: race build tag flag detector
  • 5b292e5 feat: disable memory profiling by default
  • c6d0ae2 fix: linters and CI
  • d969f95 feat: initial implementation
  • b2044b7 Initial commit

Changes from talos-systems/go-kmsg

2 commits

Changes from talos-systems/go-loadbalancer

3 commits

  • a445702 feat: allow dial timeout and keep alive period to be configurable
  • 3c8f347 feat: provide a way to configure logger for the loadbalancer
  • da8e987 feat: implement Reconcile - ability to change upstream list on the fly

Changes from talos-systems/go-retry

3 commits

  • c78cc95 fix: implement errors.Is for all errors in the set
  • 7885e16 feat: add ExpectedErrorf
  • 3d83f61 feat: deprecate UnexpectedError

Changes from talos-systems/go-smbios

1 commit

  • d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

18 commits

  • 2d51360 feat: support NFS 4.1
  • e63e4e9 feat: bump tools for Go 1.16.5
  • 1f8af29 feat: update Linux to 5.10.38
  • a3a6650 feat: update containerd to 1.5.2
  • c70ea44 feat: update runc to 1.0.0-rc95
  • db60235 feat: add support for netxen card
  • f934187 feat: update containerd to 1.5.1
  • e8ed5bc feat: add geneve encapsulation support for openvswitch
  • 9f7903c feat: update containerd to 1.5.0, runc to -rc94
  • d7c0f70 feat: add AES-NI support for amd64
  • b0d9cd2 fix: build zbin utility for both amd64 and arm64
  • bb39b97 feat: add IPMI support in kernel
  • 1148f9a feat: add DS1307 RTC support for arm64
  • 350aa6f feat: add USB serial support
  • de9c582 feat: add Pine64 SBC support
  • b56f36b feat: enable VMware baloon kernel module
  • f87c194 feat: add iPXE build with embedded placeholder script
  • a8b9e71 feat: add cpu scaling for rpi

Changes from talos-systems/tools

1 commit

  • c8c2a18 feat: update Go to 1.16.5

Dependency Changes

  • github.com/aws/aws-sdk-go v1.27.0 new
  • github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
  • github.com/containerd/containerd v1.4.4 -> v1.5.2
  • github.com/containerd/go-cni v1.0.1 -> v1.0.2
  • github.com/containerd/typeurl v1.0.1 -> v1.0.2
  • github.com/coreos/go-iptables v0.5.0 -> v0.6.0
  • github.com/cosi-project/runtime 10d6103c19ab -> ca95c7538d17
  • github.com/docker/docker v20.10.4 -> v20.10.7
  • github.com/emicklei/dot v0.15.0 -> v0.16.0
  • github.com/fatih/color v1.10.0 -> v1.12.0
  • github.com/google/go-cmp v0.5.5 -> v0.5.6
  • github.com/google/gofuzz v1.2.0 new
  • github.com/googleapis/gnostic v0.5.5 new
  • github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
  • github.com/hashicorp/go-getter v1.5.2 -> v1.5.3
  • github.com/imdario/mergo v0.3.12 new
  • github.com/insomniacslk/dhcp cc9239ac6294 -> fb4eaaa00ad2
  • github.com/jsimonetti/rtnetlink 1b79e63a70a0 -> b34cb89a106b
  • github.com/magiconair/properties v1.8.5 new
  • github.com/mattn/go-isatty v0.0.12 -> v0.0.13
  • github.com/mdlayher/arp f72070a231fc new
  • github.com/mdlayher/ethtool 2b88debcdd43 new
  • github.com/mdlayher/netlink v1.4.0 -> v1.4.1
  • github.com/mdlayher/raw 51b895745faf new
  • github.com/mitchellh/mapstructure v1.4.1 new
  • github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> e6143ca7d51d
  • github.com/pelletier/go-toml v1.9.0 new
  • github.com/rivo/tview 8a8f78a6dd01 -> 807e706f86d1
  • github.com/rs/xid v1.2.1 -> v1.3.0
  • github.com/sirupsen/logrus v1.8.1 new
  • github.com/spf13/afero v1.6.0 new
  • github.com/spf13/cast v1.3.1 new
  • github.com/spf13/viper v1.7.1 new
  • github.com/talos-systems/crypto 39584f1b6e54 -> 6bc5bb50c527
  • github.com/talos-systems/extras v0.3.0 -> v0.3.0-1-g4fe2706
  • github.com/talos-systems/go-blockdevice 1d830a25f64f -> 30c2bc3cb62a
  • github.com/talos-systems/go-debug 3d0a6e1bf5e3 new
  • github.com/talos-systems/go-kmsg v0.1.0 new
  • github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
  • github.com/talos-systems/go-retry b9dc1a990133 -> c78cc953d9e9
  • github.com/talos-systems/go-smbios fb425d4727e6 -> d3a32bea731a
  • github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-alpha.0-8-g2d51360
  • github.com/talos-systems/talos/pkg/machinery 8ffb559 -> 000000000000
  • github.com/talos-systems/tools v0.5.0 -> v0.5.0-1-gc8c2a18
  • github.com/vishvananda/netns 2eb08e3e575f new
  • github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.51.0
  • github.com/vmware/govmomi v0.24.0 -> v0.26.0
  • go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0-rc.1
  • go.etcd.io/etcd/client/pkg/v3 v3.5.0-rc.1 new
  • go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0-rc.1
  • go.etcd.io/etcd/etcdutl/v3 v3.5.0-rc.1 new
  • go.uber.org/zap v1.17.0 new
  • golang.org/x/net e18ecbb05110 -> abc453219eb5
  • golang.org/x/oauth2 81ed05c6b58c new
  • golang.org/x/sys 77cc2087c03b -> ebe580a85c40
  • golang.org/x/term 6a3ed077a48d -> a79de5458b56
  • golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> 92e472f520a5
  • google.golang.org/appengine v1.6.7 new
  • google.golang.org/grpc v1.37.0 -> v1.38.0
  • gopkg.in/ini.v1 v1.62.0 new
  • inet.af/netaddr 1d252cf8125e new
  • k8s.io/api v0.21.0 -> v0.21.1
  • k8s.io/apimachinery v0.21.0 -> v0.21.1
  • k8s.io/apiserver v0.21.0 -> v0.21.1
  • k8s.io/client-go v0.21.0 -> v0.21.1
  • k8s.io/kubectl v0.21.0 -> v0.21.1
  • k8s.io/kubelet v0.21.0 -> v0.21.1
  • k8s.io/utils 2afb4311ab10 new
  • sigs.k8s.io/structured-merge-diff/v4 v4.1.1 new

Previous release can be found at v0.10.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.3.0-1-g4fe2706
docker.io/coredns/coredns:1.8.0
gcr.io/etcd-development/etcd:v3.4.15
k8s.gcr.io/kube-apiserver:v1.21.1
k8s.gcr.io/kube-controller-manager:v1.21.1
k8s.gcr.io/kube-scheduler:v1.21.1
k8s.gcr.io/kube-proxy:v1.21.1
ghcr.io/talos-systems/kubelet:v1.21.1
ghcr.io/talos-systems/installer:v0.11.0-alpha.1
k8s.gcr.io/pause:3.2
Check out latest releases or
releases around siderolabs/talos v0.11.0-alpha.1

Don't miss a new talos release

NewReleases is sending notifications on new releases.

Get notifications