Talos 0.13.2 (2021-11-02)
Welcome to the v0.13.2 release of Talos!
Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.
Kexec and capabilities
When kexec support is disabled Talos no longer drops Linux capabilities (CAP_SYS_BOOT and CAP_SYS_MODULES) for child processes.
That is helpful for advanced use-cases like Docker-in-Docker.
If you want to permanently disable kexec and capabilities dropping, pass kexec_load_disabled=1 argument to the kernel.
For example:
install:
extraKernelArgs:
- kexec_load_disabled=1Please note that capabilities are dropped before machine configuration is loaded,
so disabling kexec via machine.sysctls (like in the section Reboots via kexec) will not be enough.
Contributors
- Andrey Smirnov
- Artem Chernyshev
- Serge Logvinov
Changes
6 commits
- b7fc1a69b release(v0.13.2): prepare release
- a937e6f7d fix: remove listening socket to fix Talos in a container restart
- 269867916 feat: automatically limit kubelet node IP family based on service CIDRs
- c873dc5d0 fix: don't drop ability to use ambient capabilities
- 2226a9924 fix: hcloud network config changes
- 7cb9813b6 feat: update Kubernetes to 1.22.3
Dependency Changes
- k8s.io/api v0.22.2 -> v0.22.3
- k8s.io/client-go v0.22.2 -> v0.22.3
- k8s.io/kubectl v0.22.2 -> v0.22.3
- k8s.io/kubelet v0.22.2 -> v0.22.3
Previous release can be found at v0.13.1
Images
quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.6.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.22.3
k8s.gcr.io/kube-controller-manager:v1.22.3
k8s.gcr.io/kube-scheduler:v1.22.3
k8s.gcr.io/kube-proxy:v1.22.3
ghcr.io/talos-systems/kubelet:v1.22.3
ghcr.io/talos-systems/installer:v0.13.2
k8s.gcr.io/pause:3.2