Talos 0.11.4 (2021-08-05)
Welcome to the v0.11.4 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.
Default to Bootstrap workflow
The init.yaml
is no longer an output of talosctl gen config
.
We now encourage using the bootstrap API, instead of init
node types, as we
intend on deprecating this machine type in the future.
The init.yaml
and controlplane.yaml
machine configs are identical with the
exception of the machine type.
Users can use a modified controlplane.yaml
with the machine type set to
init
if they would like to avoid using the bootstrap API.
Component Updates
- containerd was updated to 1.5.5
- Linux kernel was updated to 5.10.52
- Kubernetes was updated to 1.21.3
- etcd was updated to 3.4.16
- CoreDNS was updated to 1.8.4
CoreDNS
Added the flag cluster.coreDNS.disabled
to disable coreDNS deployment during the cluster bootstrap.
Legacy BIOS Support
Added an option to the machine.install
section of the machine config that can enable marking MBR partition bootable
for the machines that have legacy BIOS which does not support GPT partitioning scheme.
Multi-arch Installer
Talos installer image (for any arch) now contains artifacts for both amd64
and arm64
architecture.
This means that e.g. images for arm64 SBCs can be generated on amd64 host.
Networking Configuration
Talos networking configuration was completely rewritten to be based on controllers
and resources.
There are no changes to the machine configuration, but any update to .machine.network
can now
be applied in immediate mode (without a reboot).
Talos should be setting up network configuration much faster on boot now, not blocking on DHCP for unconfigured
interfaces and skipping the reset network step.
Talos API RBAC
Limited RBAC support in Talos API is now enabled by default for Talos 0.11.
Default talosconfig
has os:admin
role embedded in the certificate so that all the APIs are available.
Certificates with reduced set of roles can be created with talosctl config new
command.
When upgrading from Talos 0.10, RBAC is not enabled by default. Before enabling RBAC, generate talosconfig
with
os:admin
role first to make sure that administrator still has access to the cluster when RBAC is enabled
(using talosctl config new
command).
List of available roles:
os:admin
role enables every Talos APIos:reader
role limits access to read-only APIs which do not return sensitive dataos:etcd:backup
role only allowstalosctl etcd snapshot
API call (for etcd backup automation)
Contributors
- Andrey Smirnov
- Alexey Palazhchenko
- Artem Chernyshev
- Spencer Smith
- Serge Logvinov
- Jorik Jonker
- Andrew Rynhard
- Andrew LeCody
- Kevin Hellemun
- Seán C McCord
- Boran Car
- Brandon Nason
- Gabor Nyiri
- Gabor Nyiri
- Joost Coelingh
- Lance R. Vick
- Lennard Klein
- Sébastien Bernard
- Sébastien Bernard
Changes since v0.11.3
3 commits
9f388bbbd
release(v0.11.4): prepare releasee61c275e5
feat: update containerd to 1.5.5, runc to 1.0.164259fd0a
fix: preserve PMBR bootable, align partitions with minimal I/O size
Changes from talos-systems/crypto
8 commits
d3cb772
feat: make possible to change KeyUsage6bc5bb5
chore: remove unused argumentcd18ef6
feat: add support for several organizations97c888b
chore: add options to CSR7776057
chore: fix typos80df078
chore: remove named result parameters15bdd28
chore: minor updates4f80b97
fix: verify CSR signature before issuing a certificate
Changes from talos-systems/extras
3 commits
0f96c53
feat: update Go to 1.16.6918e161
chore: update deps to final release versions4fe2706
feat: build with Go 1.16.5
Changes from talos-systems/go-blockdevice
6 commits
2ec0c3c
fix: preserve the PMBR bootable flag when opening GPT partition87816a8
feat: align partition to minimum I/O sizec34b59f
feat: expose more encryption options in the LUKS module30c2bc3
feat: mark MBR bootable1292574
fix: make disk type matcher parser case insensitiveb77400e
fix: properly detect nvme and sd card disk types
Changes from talos-systems/go-debug
5 commits
3d0a6e1
feat: race build tag flag detector5b292e5
feat: disable memory profiling by defaultc6d0ae2
fix: linters and CId969f95
feat: initial implementationb2044b7
Initial commit
Changes from talos-systems/go-kmsg
3 commits
b08e4d3
feat: replace tab character with space in console output2edcd3a
feat: add initial version53cdd8d
chore: initial commit
Changes from talos-systems/go-loadbalancer
3 commits
a445702
feat: allow dial timeout and keep alive period to be configurable3c8f347
feat: provide a way to configure logger for the loadbalancerda8e987
feat: implement Reconcile - ability to change upstream list on the fly
Changes from talos-systems/go-retry
3 commits
c78cc95
fix: implementerrors.Is
for all errors in the set7885e16
feat: add ExpectedErrorf3d83f61
feat: deprecate UnexpectedError
Changes from talos-systems/go-smbios
Changes from talos-systems/pkgs
27 commits
752c90e
feat: update containerd and runc versions5e6def3
feat: update kernel to latest 5.10.52f8d83b4
feat: update Go to 1.16.67b2e126
feat: add support for hotplug of PCIE devicesf499062
chore: bump tools to final release 0.6.041d6ccc
feat: enable MACVTAP support96072f8
feat: enable adiantum block encryption (both amd64 arm64)f5eac03
feat: update Linux to 5.10.45d756119
feat: enable HP ILO kernel module (both amd64 arm64)2d51360
feat: support NFS 4.1e63e4e9
feat: bump tools for Go 1.16.51f8af29
feat: update Linux to 5.10.38a3a6650
feat: update containerd to 1.5.2c70ea44
feat: update runc to 1.0.0-rc95db60235
feat: add support for netxen cardf934187
feat: update containerd to 1.5.1e8ed5bc
feat: add geneve encapsulation support for openvswitch9f7903c
feat: update containerd to 1.5.0, runc to -rc94d7c0f70
feat: add AES-NI support for amd64b0d9cd2
fix: buildzbin
utility for both amd64 and arm64bb39b97
feat: add IPMI support in kernel1148f9a
feat: add DS1307 RTC support for arm64350aa6f
feat: add USB serial supportde9c582
feat: add Pine64 SBC supportb56f36b
feat: enable VMware baloon kernel modulef87c194
feat: add iPXE build with embedded placeholder scripta8b9e71
feat: add cpu scaling for rpi
Changes from talos-systems/tools
Dependency Changes
- github.com/aws/aws-sdk-go v1.38.66 new
- github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
- github.com/containerd/containerd v1.4.4 -> v1.5.5
- github.com/containerd/go-cni v1.0.1 -> v1.0.2
- github.com/containerd/typeurl v1.0.1 -> v1.0.2
- github.com/coreos/go-iptables v0.5.0 -> v0.6.0
- github.com/cosi-project/runtime 10d6103c19ab -> 93ead370bf57
- github.com/docker/docker v20.10.4 -> v20.10.7
- github.com/emicklei/dot v0.15.0 -> v0.16.0
- github.com/evanphx/json-patch v4.9.0 -> v4.11.0
- github.com/fatih/color v1.10.0 -> v1.12.0
- github.com/google/go-cmp v0.5.5 -> v0.5.6
- github.com/google/gofuzz v1.2.0 new
- github.com/googleapis/gnostic v0.5.5 new
- github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
- github.com/hashicorp/go-getter v1.5.2 -> v1.5.4
- github.com/imdario/mergo v0.3.12 new
- github.com/insomniacslk/dhcp cc9239ac6294 -> 1cac67f12b1e
- github.com/jsimonetti/rtnetlink 1b79e63a70a0 -> 9c52e516c709
- github.com/mattn/go-isatty v0.0.12 -> v0.0.13
- github.com/mdlayher/arp f72070a231fc new
- github.com/mdlayher/ethtool 2b88debcdd43 new
- github.com/mdlayher/netlink v1.4.0 -> v1.4.1
- github.com/mdlayher/raw 51b895745faf new
- github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> 1c3f411f0417
- github.com/rivo/tview 8a8f78a6dd01 -> d4fb0348227b
- github.com/rs/xid v1.2.1 -> v1.3.0
- github.com/spf13/viper v1.8.0 new
- github.com/talos-systems/crypto 39584f1b6e54 -> v0.3.1
- github.com/talos-systems/extras v0.3.0 -> v0.4.0-1-g0f96c53
- github.com/talos-systems/go-blockdevice 1d830a25f64f -> v0.2.2
- github.com/talos-systems/go-debug v0.2.1 new
- github.com/talos-systems/go-kmsg v0.1.1 new
- github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
- github.com/talos-systems/go-retry b9dc1a990133 -> v0.3.1
- github.com/talos-systems/go-smbios fb425d4727e6 -> v0.1.0
- github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-4-g752c90e
- github.com/talos-systems/talos/pkg/machinery 8ffb559 -> 000000000000
- github.com/talos-systems/tools v0.5.0 -> v0.6.0-1-g545d839
- github.com/vishvananda/netns 2eb08e3e575f new
- github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.52.0
- github.com/vmware/govmomi v0.24.0 -> v0.26.0
- go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0
- go.etcd.io/etcd/client/pkg/v3 v3.5.0 new
- go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0
- go.etcd.io/etcd/etcdutl/v3 v3.5.0 new
- go.uber.org/zap v1.17.0 new
- golang.org/x/net e18ecbb05110 -> 04defd469f4e
- golang.org/x/oauth2 a8dc77f794b6 new
- golang.org/x/sys 77cc2087c03b -> 59db8d763f22
- golang.org/x/term 6a3ed077a48d -> 6886f2dfbf5b
- golang.org/x/time f8bda1e9f3ba -> 38a9dc6acbc6
- golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> 92e472f520a5
- google.golang.org/grpc v1.37.0 -> v1.38.0
- inet.af/netaddr bf05d8b52dda new
- k8s.io/api v0.21.0 -> v0.21.3
- k8s.io/apimachinery v0.21.0 -> v0.21.3
- k8s.io/apiserver v0.21.0 -> v0.21.3
- k8s.io/client-go v0.21.0 -> v0.21.3
- k8s.io/cri-api v0.21.0 -> v0.21.3
- k8s.io/kubectl v0.21.0 -> v0.21.3
- k8s.io/kubelet v0.21.0 -> v0.21.3
- k8s.io/utils 6fdb442a123b new
Previous release can be found at v0.10.0
Images
quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.4.0-1-g0f96c53
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.21.3
k8s.gcr.io/kube-controller-manager:v1.21.3
k8s.gcr.io/kube-scheduler:v1.21.3
k8s.gcr.io/kube-proxy:v1.21.3
ghcr.io/talos-systems/kubelet:v1.21.3
ghcr.io/talos-systems/installer:v0.11.4
k8s.gcr.io/pause:3.2