Talos 0.11.4 (2021-08-05)
Welcome to the v0.11.4 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.
Default to Bootstrap workflow
The init.yaml is no longer an output of talosctl gen config.
We now encourage using the bootstrap API, instead of init node types, as we
intend on deprecating this machine type in the future.
The init.yaml and controlplane.yaml machine configs are identical with the
exception of the machine type.
Users can use a modified controlplane.yaml with the machine type set to
init if they would like to avoid using the bootstrap API.
Component Updates
- containerd was updated to 1.5.5
- Linux kernel was updated to 5.10.52
- Kubernetes was updated to 1.21.3
- etcd was updated to 3.4.16
- CoreDNS was updated to 1.8.4
CoreDNS
Added the flag cluster.coreDNS.disabled to disable coreDNS deployment during the cluster bootstrap.
Legacy BIOS Support
Added an option to the machine.install section of the machine config that can enable marking MBR partition bootable
for the machines that have legacy BIOS which does not support GPT partitioning scheme.
Multi-arch Installer
Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture.
This means that e.g. images for arm64 SBCs can be generated on amd64 host.
Networking Configuration
Talos networking configuration was completely rewritten to be based on controllers
and resources.
There are no changes to the machine configuration, but any update to .machine.network can now
be applied in immediate mode (without a reboot).
Talos should be setting up network configuration much faster on boot now, not blocking on DHCP for unconfigured
interfaces and skipping the reset network step.
Talos API RBAC
Limited RBAC support in Talos API is now enabled by default for Talos 0.11.
Default talosconfig has os:admin role embedded in the certificate so that all the APIs are available.
Certificates with reduced set of roles can be created with talosctl config new command.
When upgrading from Talos 0.10, RBAC is not enabled by default. Before enabling RBAC, generate talosconfig with
os:admin role first to make sure that administrator still has access to the cluster when RBAC is enabled
(using talosctl config new command).
List of available roles:
os:adminrole enables every Talos APIos:readerrole limits access to read-only APIs which do not return sensitive dataos:etcd:backuprole only allowstalosctl etcd snapshotAPI call (for etcd backup automation)
Contributors
- Andrey Smirnov
- Alexey Palazhchenko
- Artem Chernyshev
- Spencer Smith
- Serge Logvinov
- Jorik Jonker
- Andrew Rynhard
- Andrew LeCody
- Kevin Hellemun
- Seán C McCord
- Boran Car
- Brandon Nason
- Gabor Nyiri
- Gabor Nyiri
- Joost Coelingh
- Lance R. Vick
- Lennard Klein
- Sébastien Bernard
- Sébastien Bernard
Changes since v0.11.3
3 commits
9f388bbbdrelease(v0.11.4): prepare releasee61c275e5feat: update containerd to 1.5.5, runc to 1.0.164259fd0afix: preserve PMBR bootable, align partitions with minimal I/O size
Changes from talos-systems/crypto
8 commits
d3cb772feat: make possible to change KeyUsage6bc5bb5chore: remove unused argumentcd18ef6feat: add support for several organizations97c888bchore: add options to CSR7776057chore: fix typos80df078chore: remove named result parameters15bdd28chore: minor updates4f80b97fix: verify CSR signature before issuing a certificate
Changes from talos-systems/extras
3 commits
0f96c53feat: update Go to 1.16.6918e161chore: update deps to final release versions4fe2706feat: build with Go 1.16.5
Changes from talos-systems/go-blockdevice
6 commits
2ec0c3cfix: preserve the PMBR bootable flag when opening GPT partition87816a8feat: align partition to minimum I/O sizec34b59ffeat: expose more encryption options in the LUKS module30c2bc3feat: mark MBR bootable1292574fix: make disk type matcher parser case insensitiveb77400efix: properly detect nvme and sd card disk types
Changes from talos-systems/go-debug
5 commits
3d0a6e1feat: race build tag flag detector5b292e5feat: disable memory profiling by defaultc6d0ae2fix: linters and CId969f95feat: initial implementationb2044b7Initial commit
Changes from talos-systems/go-kmsg
3 commits
b08e4d3feat: replace tab character with space in console output2edcd3afeat: add initial version53cdd8dchore: initial commit
Changes from talos-systems/go-loadbalancer
3 commits
a445702feat: allow dial timeout and keep alive period to be configurable3c8f347feat: provide a way to configure logger for the loadbalancerda8e987feat: implement Reconcile - ability to change upstream list on the fly
Changes from talos-systems/go-retry
3 commits
c78cc95fix: implementerrors.Isfor all errors in the set7885e16feat: add ExpectedErrorf3d83f61feat: deprecate UnexpectedError
Changes from talos-systems/go-smbios
Changes from talos-systems/pkgs
27 commits
752c90efeat: update containerd and runc versions5e6def3feat: update kernel to latest 5.10.52f8d83b4feat: update Go to 1.16.67b2e126feat: add support for hotplug of PCIE devicesf499062chore: bump tools to final release 0.6.041d6cccfeat: enable MACVTAP support96072f8feat: enable adiantum block encryption (both amd64 arm64)f5eac03feat: update Linux to 5.10.45d756119feat: enable HP ILO kernel module (both amd64 arm64)2d51360feat: support NFS 4.1e63e4e9feat: bump tools for Go 1.16.51f8af29feat: update Linux to 5.10.38a3a6650feat: update containerd to 1.5.2c70ea44feat: update runc to 1.0.0-rc95db60235feat: add support for netxen cardf934187feat: update containerd to 1.5.1e8ed5bcfeat: add geneve encapsulation support for openvswitch9f7903cfeat: update containerd to 1.5.0, runc to -rc94d7c0f70feat: add AES-NI support for amd64b0d9cd2fix: buildzbinutility for both amd64 and arm64bb39b97feat: add IPMI support in kernel1148f9afeat: add DS1307 RTC support for arm64350aa6ffeat: add USB serial supportde9c582feat: add Pine64 SBC supportb56f36bfeat: enable VMware baloon kernel modulef87c194feat: add iPXE build with embedded placeholder scripta8b9e71feat: add cpu scaling for rpi
Changes from talos-systems/tools
Dependency Changes
- github.com/aws/aws-sdk-go v1.38.66 new
- github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
- github.com/containerd/containerd v1.4.4 -> v1.5.5
- github.com/containerd/go-cni v1.0.1 -> v1.0.2
- github.com/containerd/typeurl v1.0.1 -> v1.0.2
- github.com/coreos/go-iptables v0.5.0 -> v0.6.0
- github.com/cosi-project/runtime 10d6103c19ab -> 93ead370bf57
- github.com/docker/docker v20.10.4 -> v20.10.7
- github.com/emicklei/dot v0.15.0 -> v0.16.0
- github.com/evanphx/json-patch v4.9.0 -> v4.11.0
- github.com/fatih/color v1.10.0 -> v1.12.0
- github.com/google/go-cmp v0.5.5 -> v0.5.6
- github.com/google/gofuzz v1.2.0 new
- github.com/googleapis/gnostic v0.5.5 new
- github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
- github.com/hashicorp/go-getter v1.5.2 -> v1.5.4
- github.com/imdario/mergo v0.3.12 new
- github.com/insomniacslk/dhcp cc9239ac6294 -> 1cac67f12b1e
- github.com/jsimonetti/rtnetlink 1b79e63a70a0 -> 9c52e516c709
- github.com/mattn/go-isatty v0.0.12 -> v0.0.13
- github.com/mdlayher/arp f72070a231fc new
- github.com/mdlayher/ethtool 2b88debcdd43 new
- github.com/mdlayher/netlink v1.4.0 -> v1.4.1
- github.com/mdlayher/raw 51b895745faf new
- github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> 1c3f411f0417
- github.com/rivo/tview 8a8f78a6dd01 -> d4fb0348227b
- github.com/rs/xid v1.2.1 -> v1.3.0
- github.com/spf13/viper v1.8.0 new
- github.com/talos-systems/crypto 39584f1b6e54 -> v0.3.1
- github.com/talos-systems/extras v0.3.0 -> v0.4.0-1-g0f96c53
- github.com/talos-systems/go-blockdevice 1d830a25f64f -> v0.2.2
- github.com/talos-systems/go-debug v0.2.1 new
- github.com/talos-systems/go-kmsg v0.1.1 new
- github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
- github.com/talos-systems/go-retry b9dc1a990133 -> v0.3.1
- github.com/talos-systems/go-smbios fb425d4727e6 -> v0.1.0
- github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-4-g752c90e
- github.com/talos-systems/talos/pkg/machinery 8ffb559 -> 000000000000
- github.com/talos-systems/tools v0.5.0 -> v0.6.0-1-g545d839
- github.com/vishvananda/netns 2eb08e3e575f new
- github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.52.0
- github.com/vmware/govmomi v0.24.0 -> v0.26.0
- go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0
- go.etcd.io/etcd/client/pkg/v3 v3.5.0 new
- go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0
- go.etcd.io/etcd/etcdutl/v3 v3.5.0 new
- go.uber.org/zap v1.17.0 new
- golang.org/x/net e18ecbb05110 -> 04defd469f4e
- golang.org/x/oauth2 a8dc77f794b6 new
- golang.org/x/sys 77cc2087c03b -> 59db8d763f22
- golang.org/x/term 6a3ed077a48d -> 6886f2dfbf5b
- golang.org/x/time f8bda1e9f3ba -> 38a9dc6acbc6
- golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> 92e472f520a5
- google.golang.org/grpc v1.37.0 -> v1.38.0
- inet.af/netaddr bf05d8b52dda new
- k8s.io/api v0.21.0 -> v0.21.3
- k8s.io/apimachinery v0.21.0 -> v0.21.3
- k8s.io/apiserver v0.21.0 -> v0.21.3
- k8s.io/client-go v0.21.0 -> v0.21.3
- k8s.io/cri-api v0.21.0 -> v0.21.3
- k8s.io/kubectl v0.21.0 -> v0.21.3
- k8s.io/kubelet v0.21.0 -> v0.21.3
- k8s.io/utils 6fdb442a123b new
Previous release can be found at v0.10.0
Images
quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.4.0-1-g0f96c53
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.21.3
k8s.gcr.io/kube-controller-manager:v1.21.3
k8s.gcr.io/kube-scheduler:v1.21.3
k8s.gcr.io/kube-proxy:v1.21.3
ghcr.io/talos-systems/kubelet:v1.21.3
ghcr.io/talos-systems/installer:v0.11.4
k8s.gcr.io/pause:3.2