siderolabs/talos v0.14.0-alpha.0 on GitHub

Talos 0.14.0-alpha.0 (2021-10-25)

Welcome to the v0.14.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Kexec and capabilities

When kexec support is disabled
Talos no longer drops Linux capabilities (CAP_SYS_BOOT and CAP_SYS_MODULES) for child processes.
That is helpful for advanced use-cases like Docker-in-Docker.

If you want to permanently disable kexec and capabilities dropping, pass kexec_load_disabled=1 argument to the kernel.

For example:

install:
  extraKernelArgs:
    - sysctl.kernel.kexec_load_disabled=1

Please note that capabilities are dropped before machine configuration is loaded,
so disabling kexec via machine.sysctls will not be enough.

Cluster Discovery

Cluster Discovery is enabled by default for Talos 0.14.
Cluster Discovery can be disabled with talosctl gen config --with-cluster-discovery=false.

Log Shipping

Talos can now ship system logs to the configured destination using either JSON-over-UDP or JSON-over-TCP:
see .machine.logging machine configuration option.

Component Updates

Linux: 5.10.75
etcd: 3.5.1
containerd: 1.5.7
Kubernetes: 1.23.0-alpha.0
CoreDNS: 1.8.6

Talos is built with Go 1.17.2

Kubernetes Upgrade Enhancements

talosctl upgrade-k8s now syncs all Talos manifest resources generated from templates.

So there is no need to update CoreDNS, Flannel container manually after running upgrade-k8s anymore.

Contributors

Andrey Smirnov
Alexey Palazhchenko
Serge Logvinov
Artem Chernyshev
Spencer Smith
Andrew Rynhard
Branden Cash
Gerard de Leeuw

Changes

57 commits

01b0f0abb release(v0.14.0-alpha.0): prepare release
8b6206537 fix: skip generating empty .machine.logging
60ad00636 fix: don't drop ability to use ambient capabilities
b6b78e7fe test: add cluster discovery integration tests
97d64d160 fix: hcloud network config changes
4c76865d0 feat: multiple logging improvements
1d1e1df64 fix: handle skipped mounts correctly
0a964d921 test: fix openstack unit-test stability
72f62ac27 chore: bump Go and Docker dependencies
9c48ebe8f fix: gcp fetching externalIP
6c297268c test: fix e2e k8s version
ae5af9d3f feat: update Kubernetes to 1.23.0-alpha.3
28d3a69e9 feat: openstack config-drive support
2258bc491 test: update GCP e2e script to work with new templates
36b6ace25 feat: update Linux to 5.10.75
38516a549 test: update Talos versions in upgrade tests
cff20ec78 fix: change services OOM score
666a2b620 feat: azure platform ipv6 support
d32814e30 feat: extract JSON fields from log lines
e77d81fff fix: treat literal 'unknown' as a valid machine type
c8e404e35 test: update vars for AWS cluster
ad23891b1 feat: update CoreDNS version 1.8.6
41299cae9 feat: udev rules support
5237fdc95 feat: send JSON logs over UDP
6d44587a4 feat: coredns service dualstack
12f7888b7 feat: feed control plane endpoints on workers from cluster discovery
431e4fb4b chore: bump Go and Docker dependencies
89f3b9f8d feat: update etcd to 3.5.1
e60469a38 feat: initial support for JSON logging
68c420e3c feat: enable cluster discovery by default
3e100aa97 test: workaround EventsWatch test flakiness
9bd4838ac chore: stop using sonobuoy CLI
6ad459519 docs: fix field names for bonding configuration
d7a3b7b5b chore: use discovery-client and discovery-api modules
d6309eed6 docs: create docs for Talos 0.14
c0fda6436 fix: attempt to clean up tasks in containerd runner
8cf442daa chore: bump tools, pkgs, extras
0dad5f4d7 chore: small cleanup
e3e2113ad feat: upgrade CoreDNS during upgrade-k8s call
d92c98e19 docs: fix discovery service documentation link
e44b11c59 feat: update containerd to 1.5.7, bump Go dependencies
24129307a docs: make Talos 0.13 docs latest, update documentation
31b6e39e5 fix: delete expired affiliates from the discovery service
877a2b6fc test: bump CAPI components to v1alpha4
2ba0e0ac4 docs: add KubeSpan documentation
997873b6d fix: use ECDSA-SHA512 when generating certs for Talos < 0.13
7137166d1 fix: allow overriding audit-policy-file in kube-apiserver static pod
8fcd42196 chore: fix integration-qemu-race
91a858b53 fix: sort output of the argument builder
657f7a56b fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs
983d2459e feat: suppress logging NTP sync to the console
022c7335f fix: add interface route if DHCP4 router is not directly routeable
66a1579ea fix: don't enable 'no new privs' on the system level
423861cf9 feat: don't drop capabilities if kexec is disabled
facc8c38a docs: fix documentation for cluster discovery
ce65ca4e4 chore: build using only amd64 builders
e9b0f010d chore: update docker image in the pipeline

Changes from talos-systems/discovery-api

2 commits

siderolabs/discovery-api@db279ef feat: initial set of APIs and generated files
siderolabs/discovery-api@ac52a37 chore: initial commit

Changes from talos-systems/discovery-client

2 commits

siderolabs/discovery-client@a9a5e9b feat: initial client code
siderolabs/discovery-client@98eb999 chore: initial commit

Changes from talos-systems/extras

1 commit

siderolabs/extras@d6e8b3a chore: update pkgs and tools

Changes from talos-systems/pkgs

8 commits

siderolabs/pkgs@80a63d4 feat: update Linux to 5.10.75
siderolabs/pkgs@5c98efd feat: add QLogic QED 25/40/100Gb Ethernet NIC driver
siderolabs/pkgs@bfb2365 feat: enable driver for SuperMicro raid controller
siderolabs/pkgs@657e16b feat: enable Intel VMD driver
siderolabs/pkgs@f7d9d72 feat: enable smarpqi driver and related options
siderolabs/pkgs@bca3be0 feat: enable aqtion device driver
siderolabs/pkgs@b88127a chore: update tools
siderolabs/pkgs@971735f feat: update containerd to 1.5.7

Changes from talos-systems/tools

1 commit

siderolabs/tools@fab7532 feat: update Go to 1.17.2

Dependency Changes

github.com/AlekSi/pointer v1.1.0 -> v1.2.0
github.com/containerd/cgroups v1.0.1 -> v1.0.2
github.com/containerd/containerd v1.5.5 -> v1.5.7
github.com/docker/docker v20.10.8 -> v20.10.9
github.com/hashicorp/go-getter v1.5.8 -> v1.5.9
github.com/insomniacslk/dhcp b95caade3eac -> 509557e9f781
github.com/jsimonetti/rtnetlink 435639c8e6a8 -> e34540a94caa
github.com/jxskiss/base62 4f11678b909b -> v1.0.0
github.com/rivo/tview ee97a7ab3975 -> 5508f4b00266
github.com/talos-systems/discovery-api v0.1.0 new
github.com/talos-systems/discovery-client v0.1.0 new
github.com/talos-systems/extras v0.6.0 -> v0.7.0-alpha.0
github.com/talos-systems/pkgs v0.8.0 -> v0.9.0-alpha.0-7-g80a63d4
github.com/talos-systems/talos/pkg/machinery v0.13.0 -> 000000000000
github.com/talos-systems/tools v0.8.0 -> v0.9.0-alpha.0
github.com/vmware-tanzu/sonobuoy v0.53.2 -> v0.54.0
github.com/vmware/govmomi v0.26.1 -> v0.27.1
github.com/vmware/vmw-guestinfo 687661b8bd8e -> cc1fd90d572c
go.etcd.io/etcd/api/v3 v3.5.0 -> v3.5.1
go.etcd.io/etcd/client/pkg/v3 v3.5.0 -> v3.5.1
go.etcd.io/etcd/client/v3 v3.5.0 -> v3.5.1
go.etcd.io/etcd/etcdutl/v3 v3.5.0 -> v3.5.1
golang.org/x/net 3ad01bbaa167 -> d418f374d309
golang.org/x/sys 39ccf1dd6fa6 -> d6a326fbbf70
golang.org/x/term 140adaaadfaf -> 03fcf44c2211
golang.zx2c4.com/wireguard/wgctrl 0a2f4901cba6 -> 5be1d6054c42
k8s.io/api v0.22.2 -> v0.23.0-alpha.3
k8s.io/apimachinery v0.22.2 -> v0.23.0-alpha.3
k8s.io/client-go v0.22.2 -> v0.23.0-alpha.3
k8s.io/cri-api v0.22.2 -> v0.23.0-alpha.3
k8s.io/kubectl v0.22.2 -> v0.23.0-alpha.3
k8s.io/kubelet v0.22.2 -> v0.23.0-alpha.3
kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 -> v1.2.60
sigs.k8s.io/yaml v1.3.0 new

Previous release can be found at v0.13.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.7.0-alpha.0
docker.io/coredns/coredns:1.8.6
gcr.io/etcd-development/etcd:v3.5.1
k8s.gcr.io/kube-apiserver:v1.23.0-alpha.3
k8s.gcr.io/kube-controller-manager:v1.23.0-alpha.3
k8s.gcr.io/kube-scheduler:v1.23.0-alpha.3
k8s.gcr.io/kube-proxy:v1.23.0-alpha.3
ghcr.io/talos-systems/kubelet:v1.23.0-alpha.3
ghcr.io/talos-systems/installer:v0.14.0-alpha.0
k8s.gcr.io/pause:3.2