Talos 0.13.0-beta.0 (2021-10-01)
Welcome to the v0.13.0-beta.0 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.
Hetzner, Scaleway, Upcloud and Vultr
Talos now natively supports four new cloud platforms:
Also generic cloud-init
nocloud
platform is supported in both networking and storage-based modes.
Component Updates
Linux: 5.10.69
Kubernetes: 1.22.2
containerd: 1.5.6
runc: 1.0.2
Talos is built with Go 1.17.1.
etcd Advertised Address
The address advertised by etcd can now be controlled with new machine configuration option machine.etcd.subnet
.
Reboots via kexec
Talos now reboots by default via kexec syscall which means BIOS POST process is skipped.
On bare-metal hardware BIOS POST process might take 10-15 minutes, so Talos reboots 10-15 minutes faster on bare-metal.
Kexec support can be disabled with the following change to the machine configuration:
machine:
sysctls:
kernel.kexec_load_disabled: "1"
kubelet Node IP
The addresses picked by kubelet can now be controlled with new machine configuration option machine.kubelet.nodeIP.validSubnets
.
Cluster Discovery and KubeSpan
This release of Talos provides initial support for cluster membership discovery and KubeSpan.
These new features are not enabled by default, to enable them please make following changes to the machine configuration:
machine:
network:
kubespan:
enabled: true
cluster:
discovery:
enabled: true
Windows Suport
CLI tool talosctl is now built for Windows and published as part of the release.
Contributors
- Andrey Smirnov
- Artem Chernyshev
- Alexey Palazhchenko
- Seán C McCord
- Serge Logvinov
- Andrew Rynhard
- Olli Janatuinen
- Spencer Smith
- Andrey Smirnov
- Lennard Klein
- Rui Lopes
Changes
107 commits
- e82a443e8 release(v0.13.0-beta.0): prepare release
- 5f277713f chore: prepare for 0.13-beta release
- 5e41dd4a6 feat: add an option to configure kubelet node IP based on subnets
- 72e49029e chore: allow insecure discovery in debug builds
- d52befd1a fix: ignore 404 for AWS external IPs
- 44a63e9a4 feat: update containerd to 1.5.6
- 0e0fb6847 release(v0.13.0-alpha.3): prepare release
- 4044372e1 feat: harvest discovered endpoints and push them via discovery svc
- 9a51aa835 feat: add an option to skip downed peers in KubeSpan
- cbbd7c682 feat: publish node's ExternalIPs as node addresses
- 0f60ef6d3 fix: reset inputs back to initial state in secrets.APIController
- 64cb873ec feat: override static pods default args by extra Args
- ecdd7757f test: workaround race in the tests with zaptest package
- 9c67fde75 release(v0.13.0-alpha.2): prepare release
- 30ae71424 feat: implement integration with Discovery Service
- 353d632ae feat: add nocloud platform support
- 628fbf9b4 chore: update Linux to 5.10.69
- 62acd6251 fix: check trustd API CA on worker nodes
- ba27bc366 feat: implement Hetzner Cloud support for virtual (shared) IP
- 95f440eaa test: add fuzz test for configloader
- d2cf021d8 chore: remove deprecated "join" term
- 0e18e2800 chore: bump dependencies
- b450b7cef chore: deprecate Interfaces and Routes APIs
- cddcb9622 fix: find devices without partition table
- b1b6d6136 fix: check for existence of dhcp6 FQDN first
- 519999b84 fix: use readonly mode when probing devices with
All
lookup - 2b5204200 feat: enable resource API in the maintenance mode
- 452893c26 fix: make probe open blockdevice in readonly mode
- 96bccdd3b test: update CABPT provider to 0.3 release
- d9eb18bfd fix: containerd log symlink
- efa7f48e0 docs: quicklinks on landing page
- 1cb9f282b fix: don't marshal clock with SecretsBundle
- b27c75b30 release(v0.13.0-alpha.1): prepare release
- 9d803d75b chore: bump dependencies and drop firecracker support
- 50a241048 feat: add operating system version field to discovery
- 085c61b2e chore: add a special condition to check for kubeconfig readiness
- 21cdd8540 fix: add node address to the list of allowed IPs (kubespan)
- fdd80a123 feat: add an option to continue booting on NTP timeout
- ef3684989 feat: add routes, routing rules and nftables rules for KubeSpan
- ed12379f2 fix: patch multi nodes support
- d943bb0e2 feat: update Kubernetes to 1.22.2
- d0585fb6b feat: reboot via kexec
- 3de505c89 fix: skip bad cloud-config in OpenStack platform
- a394d1e20 fix: tear down control plane static pods when etcd is stopped
- 1c05089bb feat: implement KubeSpan manager for Wireguard peer state
- ec7f44efe fix: completely prevent editing resources other than mc
- 19a8ae97c feat: add vultr.com cloud support
- 0ff4c7cdb fix: write KubernetesCACert chmodded 0400 instead of 0500
- a1c9d6490 fix: update the way results are retrieved for certified conformance
- a05945404 chore: build using Go 1.17
- 7c5045bd9 release(v0.13.0-alpha.0): prepare release
- ee2dce6c1 chore: bump dependencies
- ef0229592 fix: print etcd member ID in hex
- 5ca1fb822 fix: multiple fixes for KubeSpan and Wireguard implementation
- b1bd64250 fix: build platform images
- 3b5f4038d feat: add scaleway.com cloud support
- f156ab184 feat: add upcloud.com cloud support
- c3b2429ce fix: suppress spurious Kubernetes API server cert updates
- ff90b5751 feat: implement KubeSpan peer generation controller
- 14c69df50 fix: correctly parse multiple pod/service CIDRs
- 69897dbba feat: drop some capabilities to be never available
- 51e9836b0 docs: promote 0.12 docs to be the latest
- 812d59c70 feat: add hetzner.com cloud support
- d53e9e896 chore: use named constants
- 2dfe7f1fc chore: bump tools to the latest version
- 82b130e78 docs: document required options for extraMounts
- af6622109 feat: implement Kubernetes cluster discovery registry
- 2c66e1b3c feat: provide building of local
Affiliate
structure (for the node) - d69bd2af3 chore: enable GPG identity check for Talos
- 8dbd851fd chore: update tools/pkgs/extras to the new version
- 0b347570a feat: use dynamic NodeAddresses/HostnameStatus in Kubernetes certs
- bd5b9c96e fix: correctly define example for
extraMounts
- 01cca099f docs: update docs for Talos 0.12 release
- 668627d5b feat: add subnet filter for etcd address
- 3c3c281bf chore: bump dependencies via dependabot
- f8bebba2d fix: ignore error on duplicate for
MountStatus
- 6956edd0b feat: add node address filters, filter out k8s addresses for Talos API
- caee24bf6 feat: implement KubeSpan identity controller
- da0f6e7e1 fix: allow updating diskSelector option
- 761ccaf32 feat: provide machine configuration for KubeSpan and cluster discovery
- a81e30cb4 docs: add bootstrap command to VMware docs
- 97da354cc fix: do not panic on invalid machine configs
- c4048e263 fix: don't extract nil IPs in the GCP platform
- ba169c6f9 feat: provide talosctl.exe for Windows
- 6312f473e fix: properly handle omitempty fields in the validator
- 7f22879af feat: provide random node identity
- 032e7c6b8 chore: import yaml.v3 consistently
- 80b5f0e7f fix: validate IP address returned as HTTP response in platform code
- c9af8f7ff docs: fork docs for 0.13
- 85cda1b95 feat: provide MountStatus resource for system partition mounts
- 950f122c9 chore: update versions in upgrade tests
- 83fdb7721 feat: provide first NIC hardware addr as a resource
- 5f5ac12f1 fix: properly case the VMware name
- 0a6048f46 fix: don't allow bootstrap if etcd data directory is not empty
- e24b93b4e fix: cgroup delegate
- 751f64f9b docs: add release notes for 0.12, support matrix
- 57a77696e feat: update Kubernetes to 1.22.1
- 244b08cc1 chore: bump dependencies
- 576ba1957 fix: do not set KSPP kernel params in container mode
- b8c92ede5 fix: don't support cgroups nesting in process runner
- 9bb0b7970 test: adapt tests to the cgroupsv2
- 1abc12be1 fix: extramount should have
yaml:",inline"
tag - 2b614e430 feat: check if cluster has deprecated resources versions
- 0b86edab8 fix: don't panic if the machine config doesn't have network (EM)
- 8bef41e4b fix: make sure file mode is same (reproducibility issue)
- fcfca55a0 chore: do not check that go mod tidy gives empty output
- 5ce92ca51 docs: ensure azure VMs are 0 indexed
Changes since v0.13.0-alpha.3
6 commits
- e82a443e8 release(v0.13.0-beta.0): prepare release
- 5f277713f chore: prepare for 0.13-beta release
- 5e41dd4a6 feat: add an option to configure kubelet node IP based on subnets
- 72e49029e chore: allow insecure discovery in debug builds
- d52befd1a fix: ignore 404 for AWS external IPs
- 44a63e9a4 feat: update containerd to 1.5.6
Changes from talos-systems/discovery-service
19 commits
- siderolabs/discovery-service@ee4b2a4 fix: retry on Hello failures
- siderolabs/discovery-service@ab9c7c9 chore: add Prometheus metrics
- siderolabs/discovery-service@b2e2079 fix: properly encrypt IPv6 endpoints
- siderolabs/discovery-service@e9d5dfa fix: enable connections to endpoints with public certs
- siderolabs/discovery-service@509e9b2 feat: implement client wrapper around discovery service API
- siderolabs/discovery-service@6195466 feat: enable vtprotobuf, watch batching, more limits
- siderolabs/discovery-service@7174ec1 feat: implement new discovery service
- siderolabs/discovery-service@1a43970 feat: add node and cluster validation
- siderolabs/discovery-service@6454cfc refactor: kresify, fix linter and rename to Kubespan manager
- siderolabs/discovery-service@d782452 add redis database backend
- siderolabs/discovery-service@924fed4 refactor to flexible addresses
- siderolabs/discovery-service@cd02b5a revert to string IDs
- siderolabs/discovery-service@576288f add self-reported IPs
- siderolabs/discovery-service@6ad15ca strong typing and known endpoint API
- siderolabs/discovery-service@3437ff2 fixes from testing
- siderolabs/discovery-service@d3fd1f3 add Name to Node
- siderolabs/discovery-service@eb0e8ba add simple client pkg
- siderolabs/discovery-service@5e0c1df add cluster hash grouping
- siderolabs/discovery-service@f982696 initial commit
Changes from talos-systems/extras
3 commits
- siderolabs/extras@9706baf chore: use tagged versions tools and pkgs 0.8.0
- siderolabs/extras@8738709 chore: update pkgs and tools
- siderolabs/extras@52b27da chore: update pkgs and tools to 0.8.0-alpha.0
Changes from talos-systems/go-blockdevice
6 commits
- siderolabs/go-blockdevice@70d2865 fix: try to find cdrom disks
- siderolabs/go-blockdevice@667bf53 fix: revert gpt partition not found
- siderolabs/go-blockdevice@d7d4cdd fix: gpt partition not found
- siderolabs/go-blockdevice@33afba3 fix: also open in readonly mode when running
All
lookup method - siderolabs/go-blockdevice@e367f9d feat: make probe always open blockdevices in readonly mode
- siderolabs/go-blockdevice@d981156 fix: allow Build for Windows
Changes from talos-systems/pkgs
9 commits
- siderolabs/pkgs@3148f01 chore: update tools to tagged version 0.8.0
- siderolabs/pkgs@f22ce18 feat: update containerd to 1.5.6, runc to 1.0.2, libseccomp to 2.5.2
- siderolabs/pkgs@28cda67 feat: update Linux kernel to 5.10.69
- siderolabs/pkgs@db90f93 chore: update tools
- siderolabs/pkgs@ca38c59 feat: enable KEXEC_FILE_LOAD in the kernel
- siderolabs/pkgs@982bc18 chore: update tools
- siderolabs/pkgs@a243ab8 feat: add /usr/src to FHS
- siderolabs/pkgs@428abdb chore: support builds with HTTP_PROXY
- siderolabs/pkgs@13151c5 chore: update bldr version, update tools
Changes from talos-systems/tools
6 commits
- siderolabs/tools@835b297 chore: use tagged toolchain 0.3.0
- siderolabs/tools@2790b55 feat: update Go to 1.17.1
- siderolabs/tools@5b9d214 fix: restore static library for ncurses
- siderolabs/tools@01104e5 chore: reproducible builds
- siderolabs/tools@53fe146 chore: update bldr with new version
- siderolabs/tools@bf4540d chore: add patch dependency
Dependency Changes
- github.com/containerd/go-cni v1.0.2 -> v1.1.0
- github.com/containernetworking/cni v0.8.1 -> v1.0.1
- github.com/containernetworking/plugins v0.9.1 -> v1.0.1
- github.com/cosi-project/runtime 25f235cd0682 -> 5cb7f5002d77
- github.com/fatih/color v1.12.0 -> v1.13.0
- github.com/fsnotify/fsnotify v1.4.9 -> v1.5.1
- github.com/gdamore/tcell/v2 v2.4.0 -> f057f0a857a1
- github.com/google/nftables 16a134723a96 new
- github.com/hashicorp/go-getter v1.5.7 -> v1.5.8
- github.com/hetznercloud/hcloud-go v1.32.0 new
- github.com/insomniacslk/dhcp 1cac67f12b1e -> b95caade3eac
- github.com/jsimonetti/rtnetlink 9c52e516c709 -> 435639c8e6a8
- github.com/jxskiss/base62 4f11678b909b new
- github.com/mattn/go-isatty v0.0.13 -> v0.0.14
- github.com/mdlayher/netx 669a06fde734 new
- github.com/packethost/packngo v0.19.0 -> v0.19.1
- github.com/prometheus/procfs v0.7.2 -> v0.7.3
- github.com/rivo/tview 29d673af0ce2 -> ee97a7ab3975
- github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7 new
- github.com/talos-systems/discovery-service v0.1.0 new
- github.com/talos-systems/extras v0.5.0 -> v0.6.0
- github.com/talos-systems/go-blockdevice v0.2.3 -> v0.2.4
- github.com/talos-systems/pkgs v0.7.0 -> v0.8.0
- github.com/talos-systems/tools v0.7.0-1-ga33ccc1 -> v0.8.0
- github.com/vishvananda/netlink f5de75959ad5 new
- github.com/vmware-tanzu/sonobuoy v0.53.1 -> v0.53.2
- github.com/vmware/govmomi v0.26.0 -> v0.26.1
- github.com/vultr/metadata v1.0.3 new
- go.uber.org/zap v1.19.0 -> v1.19.1
- golang.org/x/net 853a461950ff -> 3ad01bbaa167
- golang.org/x/sys 0f9fa26af87c -> 39ccf1dd6fa6
- golang.org/x/term 6886f2dfbf5b -> 140adaaadfaf
- golang.zx2c4.com/wireguard/wgctrl 92e472f520a5 -> 0a2f4901cba6
- google.golang.org/grpc v1.40.0 -> v1.41.0
- inet.af/netaddr ce7a8ad02cc1 -> 85fa6c94624e
- k8s.io/api v0.22.1 -> v0.22.2
- k8s.io/apimachinery v0.22.1 -> v0.22.2
- k8s.io/client-go v0.22.1 -> v0.22.2
- k8s.io/kubectl v0.22.1 -> v0.22.2
- k8s.io/kubelet v0.22.1 -> v0.22.2
- kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 new
Previous release can be found at v0.12.0
Images
quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.6.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.22.2
k8s.gcr.io/kube-controller-manager:v1.22.2
k8s.gcr.io/kube-scheduler:v1.22.2
k8s.gcr.io/kube-proxy:v1.22.2
ghcr.io/talos-systems/kubelet:v1.22.2
ghcr.io/talos-systems/installer:v0.13.0-beta.0
k8s.gcr.io/pause:3.2