github siderolabs/talos v0.14.0-alpha.1

latest releases: v1.8.2, pkg/machinery/v1.8.2, v1.9.0-alpha.0...
pre-release2 years ago

Talos 0.14.0-alpha.1 (2021-11-15)

Welcome to the v0.14.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Kexec and capabilities

When kexec support is disabled
Talos no longer drops Linux capabilities (CAP_SYS_BOOT and CAP_SYS_MODULES) for child processes.
That is helpful for advanced use-cases like Docker-in-Docker.

If you want to permanently disable kexec and capabilities dropping, pass kexec_load_disabled=1 argument to the kernel.

For example:

install:
  extraKernelArgs:
    - sysctl.kernel.kexec_load_disabled=1

Please note that capabilities are dropped before machine configuration is loaded,
so disabling kexec via machine.sysctls will not be enough.

Cluster Discovery

Cluster Discovery is enabled by default for Talos 0.14.
Cluster Discovery can be disabled with talosctl gen config --with-cluster-discovery=false.

Kubelet

Kubelet service can now be restarted with talosctl service kubelet restart.

Kubelet node IP configuration (.machine.kubelet.nodeIP.validSubnets) can now include negative subnet matches (prefixed with !).

Log Shipping

Talos can now ship system logs to the configured destination using either JSON-over-UDP or JSON-over-TCP:
see .machine.logging machine configuration option.

talosctl support

talosctl CLI tool now has a new subcommand called support, that can gather all
cluster information that could help with future debugging in a single run.

Output of the command is a zip archive with all talos service logs, kubernetes pod logs and manifests,
talos resources manifests and so on.
Generated archive does not contain any secret information so it is safe to send it for analysis to a third party.

Component Updates

  • Linux: 5.15.1
  • etcd: 3.5.1
  • containerd: 1.5.7
  • Kubernetes: 1.23.0-alpha.4
  • CoreDNS: 1.8.6

Talos is built with Go 1.17.2

Kubernetes Upgrade Enhancements

talosctl upgrade-k8s now syncs all Talos manifest resources generated from templates.

So there is no need to update CoreDNS, Flannel container manually after running upgrade-k8s anymore.

Contributors

  • Andrey Smirnov
  • Alexey Palazhchenko
  • Artem Chernyshev
  • Serge Logvinov
  • Noel Georgi
  • Spencer Smith
  • Nico Berlee
  • Alex Zero
  • Andrew Rynhard
  • Branden Cash
  • David Haines
  • Gerard de Leeuw
  • Michael Fornaro
  • Rui Lopes

Changes

102 commits

  • 695300dac release(v0.14.0-alpha.1): prepare release
  • 753a82188 refactor: move pkg/resources to machinery
  • 0102a64a5 refactor: remove pkg/resources dependencies on wgtypes, netx
  • 7462733bc chore: update golangci-lint
  • 032c99a03 refactor: remove pkg/resources dependencies on k8s and base62
  • 4a5cff45f perf: raspberry PIs clockspeed as fast as firmware allows
  • a76f6d69d feat: allow kubelet to be restarted and provide negative nodeIP subnets
  • 189221d58 chore: update dependencies
  • 41f0aecc1 docs: update partition info
  • 95105071d chore: fix simple issues found by golangci-lint
  • d4b0ca21a test: retry upgrade mutex lock failures
  • 4357e9a84 docs: add Talos partions info
  • 8e8687d75 fix: use temporary sonobuoy version
  • e4e8e8737 test: disable e2e-misc test with Canal CNI
  • 897da2f6e docs: common typos
  • a50483ddd feat: update Linux to 5.15.1
  • a2233bfe4 fix: improve NTP sync process
  • 7efc1238e fix: parse partition size correctly
  • d6147eb17 chore: update sonobuoy
  • efbae7857 fix: use etc folder for du cli tests
  • 198eea51a fix: wait for follow reader to start before writing to the file
  • e7f715eb0 chore: log KubeSpan IPs overlaps
  • 82a1ad168 chore: bump dependencies
  • e8fccbf53 fix: clear time adjustment error when setting time to specific value
  • e6f90bb41 chore: remove unused parameters
  • 785161d19 feat: update k8s to 1.23.0-alpha.4
  • fe228d7c8 fix: do not use yaml.v2 in the support cmd
  • 9b48ca217 fix: endpoints and nodes in generated talosconfig
  • 6e16fd2fe chore: update tools, pkgs, and extras
  • 261c497c7 feat: implement talosctl support command
  • fc7dc4548 chore: check our API idiosyncrasies
  • b15844298 feat: use GCP deployment manager
  • 3e7d4df99 chore: bump dependencies
  • 88f242295 refactor: get rid of prometheus/procfs dependency in pkg/resources
  • dd196d300 refactor: prepare for move of pkg/resources to machinery
  • f6110f803 fix: remove listening socket to fix Talos in a container restart
  • 53bbb13ed docs: update docs with emmc boot guide
  • 8329d2111 chore: split polymorphic RootSecret resource into specific types
  • c97becdd9 chore: remove interfaces and routes APIs
  • d798635d9 feat: automatically limit kubelet node IP family based on service CIDRs
  • 205a8d6dc chore: make nethelpers build on all OSes
  • 5b5dd49f6 feat: extract JSON fields from more log messages
  • eb4f11822 docs: create cluster in hetzner cloud
  • 728164e25 docs: fix kexec_load_disabled param name in release notes
  • f6328f09a fix: fix filename typo
  • 01b0f0abb release(v0.14.0-alpha.0): prepare release
  • 8b6206537 fix: skip generating empty .machine.logging
  • 60ad00636 fix: don't drop ability to use ambient capabilities
  • b6b78e7fe test: add cluster discovery integration tests
  • 97d64d160 fix: hcloud network config changes
  • 4c76865d0 feat: multiple logging improvements
  • 1d1e1df64 fix: handle skipped mounts correctly
  • 0a964d921 test: fix openstack unit-test stability
  • 72f62ac27 chore: bump Go and Docker dependencies
  • 9c48ebe8f fix: gcp fetching externalIP
  • 6c297268c test: fix e2e k8s version
  • ae5af9d3f feat: update Kubernetes to 1.23.0-alpha.3
  • 28d3a69e9 feat: openstack config-drive support
  • 2258bc491 test: update GCP e2e script to work with new templates
  • 36b6ace25 feat: update Linux to 5.10.75
  • 38516a549 test: update Talos versions in upgrade tests
  • cff20ec78 fix: change services OOM score
  • 666a2b620 feat: azure platform ipv6 support
  • d32814e30 feat: extract JSON fields from log lines
  • e77d81fff fix: treat literal 'unknown' as a valid machine type
  • c8e404e35 test: update vars for AWS cluster
  • ad23891b1 feat: update CoreDNS version 1.8.6
  • 41299cae9 feat: udev rules support
  • 5237fdc95 feat: send JSON logs over UDP
  • 6d44587a4 feat: coredns service dualstack
  • 12f7888b7 feat: feed control plane endpoints on workers from cluster discovery
  • 431e4fb4b chore: bump Go and Docker dependencies
  • 89f3b9f8d feat: update etcd to 3.5.1
  • e60469a38 feat: initial support for JSON logging
  • 68c420e3c feat: enable cluster discovery by default
  • 3e100aa97 test: workaround EventsWatch test flakiness
  • 9bd4838ac chore: stop using sonobuoy CLI
  • 6ad459519 docs: fix field names for bonding configuration
  • d7a3b7b5b chore: use discovery-client and discovery-api modules
  • d6309eed6 docs: create docs for Talos 0.14
  • c0fda6436 fix: attempt to clean up tasks in containerd runner
  • 8cf442daa chore: bump tools, pkgs, extras
  • 0dad5f4d7 chore: small cleanup
  • e3e2113ad feat: upgrade CoreDNS during upgrade-k8s call
  • d92c98e19 docs: fix discovery service documentation link
  • e44b11c59 feat: update containerd to 1.5.7, bump Go dependencies
  • 24129307a docs: make Talos 0.13 docs latest, update documentation
  • 31b6e39e5 fix: delete expired affiliates from the discovery service
  • 877a2b6fc test: bump CAPI components to v1alpha4
  • 2ba0e0ac4 docs: add KubeSpan documentation
  • 997873b6d fix: use ECDSA-SHA512 when generating certs for Talos < 0.13
  • 7137166d1 fix: allow overriding audit-policy-file in kube-apiserver static pod
  • 8fcd42196 chore: fix integration-qemu-race
  • 91a858b53 fix: sort output of the argument builder
  • 657f7a56b fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs
  • 983d2459e feat: suppress logging NTP sync to the console
  • 022c7335f fix: add interface route if DHCP4 router is not directly routeable
  • 66a1579ea fix: don't enable 'no new privs' on the system level
  • 423861cf9 feat: don't drop capabilities if kexec is disabled
  • facc8c38a docs: fix documentation for cluster discovery
  • ce65ca4e4 chore: build using only amd64 builders
  • e9b0f010d chore: update docker image in the pipeline

Changes since v0.14.0-alpha.0

45 commits

  • 695300dac release(v0.14.0-alpha.1): prepare release
  • 753a82188 refactor: move pkg/resources to machinery
  • 0102a64a5 refactor: remove pkg/resources dependencies on wgtypes, netx
  • 7462733bc chore: update golangci-lint
  • 032c99a03 refactor: remove pkg/resources dependencies on k8s and base62
  • 4a5cff45f perf: raspberry PIs clockspeed as fast as firmware allows
  • a76f6d69d feat: allow kubelet to be restarted and provide negative nodeIP subnets
  • 189221d58 chore: update dependencies
  • 41f0aecc1 docs: update partition info
  • 95105071d chore: fix simple issues found by golangci-lint
  • d4b0ca21a test: retry upgrade mutex lock failures
  • 4357e9a84 docs: add Talos partions info
  • 8e8687d75 fix: use temporary sonobuoy version
  • e4e8e8737 test: disable e2e-misc test with Canal CNI
  • 897da2f6e docs: common typos
  • a50483ddd feat: update Linux to 5.15.1
  • a2233bfe4 fix: improve NTP sync process
  • 7efc1238e fix: parse partition size correctly
  • d6147eb17 chore: update sonobuoy
  • efbae7857 fix: use etc folder for du cli tests
  • 198eea51a fix: wait for follow reader to start before writing to the file
  • e7f715eb0 chore: log KubeSpan IPs overlaps
  • 82a1ad168 chore: bump dependencies
  • e8fccbf53 fix: clear time adjustment error when setting time to specific value
  • e6f90bb41 chore: remove unused parameters
  • 785161d19 feat: update k8s to 1.23.0-alpha.4
  • fe228d7c8 fix: do not use yaml.v2 in the support cmd
  • 9b48ca217 fix: endpoints and nodes in generated talosconfig
  • 6e16fd2fe chore: update tools, pkgs, and extras
  • 261c497c7 feat: implement talosctl support command
  • fc7dc4548 chore: check our API idiosyncrasies
  • b15844298 feat: use GCP deployment manager
  • 3e7d4df99 chore: bump dependencies
  • 88f242295 refactor: get rid of prometheus/procfs dependency in pkg/resources
  • dd196d300 refactor: prepare for move of pkg/resources to machinery
  • f6110f803 fix: remove listening socket to fix Talos in a container restart
  • 53bbb13ed docs: update docs with emmc boot guide
  • 8329d2111 chore: split polymorphic RootSecret resource into specific types
  • c97becdd9 chore: remove interfaces and routes APIs
  • d798635d9 feat: automatically limit kubelet node IP family based on service CIDRs
  • 205a8d6dc chore: make nethelpers build on all OSes
  • 5b5dd49f6 feat: extract JSON fields from more log messages
  • eb4f11822 docs: create cluster in hetzner cloud
  • 728164e25 docs: fix kexec_load_disabled param name in release notes
  • f6328f09a fix: fix filename typo

Changes from talos-systems/discovery-api

2 commits

Changes from talos-systems/discovery-client

2 commits

Changes from talos-systems/extras

2 commits

Changes from talos-systems/net

1 commit

Changes from talos-systems/pkgs

15 commits

Changes from talos-systems/tools

6 commits

Dependency Changes

  • github.com/AlekSi/pointer v1.1.0 -> v1.2.0
  • github.com/containerd/cgroups v1.0.1 -> v1.0.2
  • github.com/containerd/containerd v1.5.5 -> v1.5.7
  • github.com/docker/docker v20.10.8 -> v20.10.10
  • github.com/evanphx/json-patch v4.11.0 -> v4.12.0
  • github.com/gosuri/uiprogress v0.0.1 new
  • github.com/hashicorp/go-getter v1.5.8 -> v1.5.9
  • github.com/hetznercloud/hcloud-go v1.32.0 -> v1.33.1
  • github.com/insomniacslk/dhcp b95caade3eac -> ad197bcd36fd
  • github.com/jsimonetti/rtnetlink 435639c8e6a8 -> 93da33804786
  • github.com/jxskiss/base62 4f11678b909b -> v1.0.0
  • github.com/mdlayher/ethtool 2b88debcdd43 -> 288d040e9d60
  • github.com/rivo/tview ee97a7ab3975 -> badfa0f0b301
  • github.com/talos-systems/discovery-api v0.1.0 new
  • github.com/talos-systems/discovery-client v0.1.0 new
  • github.com/talos-systems/extras v0.6.0 -> v0.7.0-alpha.0-1-g2bb2efc
  • github.com/talos-systems/net v0.3.0 -> 0abe5bdae8f8
  • github.com/talos-systems/pkgs v0.8.0 -> v0.9.0-alpha.0-14-g740da24
  • github.com/talos-systems/talos/pkg/machinery v0.13.0 -> 000000000000
  • github.com/talos-systems/tools v0.8.0 -> v0.9.0-alpha.0-5-g96e0231
  • github.com/vmware-tanzu/sonobuoy v0.53.2 -> v0.55.0
  • github.com/vmware/govmomi v0.26.1 -> v0.27.1
  • github.com/vmware/vmw-guestinfo 687661b8bd8e -> cc1fd90d572c
  • go.etcd.io/etcd/api/v3 v3.5.0 -> v3.5.1
  • go.etcd.io/etcd/client/pkg/v3 v3.5.0 -> v3.5.1
  • go.etcd.io/etcd/client/v3 v3.5.0 -> v3.5.1
  • go.etcd.io/etcd/etcdutl/v3 v3.5.0 -> v3.5.1
  • golang.org/x/net 3ad01bbaa167 -> 69e39bad7dc2
  • golang.org/x/sys 39ccf1dd6fa6 -> 0c823b97ae02
  • golang.org/x/term 140adaaadfaf -> 03fcf44c2211
  • golang.zx2c4.com/wireguard/wgctrl 0a2f4901cba6 -> 0073765f69ba
  • google.golang.org/grpc v1.41.0 -> v1.42.0
  • inet.af/netaddr 85fa6c94624e -> c74959edd3b6
  • k8s.io/api v0.22.2 -> v0.23.0-alpha.4
  • k8s.io/apimachinery v0.22.2 -> v0.23.0-alpha.4
  • k8s.io/client-go v0.22.2 -> v0.23.0-alpha.4
  • k8s.io/cri-api v0.22.2 -> v0.23.0-alpha.4
  • k8s.io/kubectl v0.22.2 -> v0.23.0-alpha.4
  • k8s.io/kubelet v0.22.2 -> v0.23.0-alpha.4
  • kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 -> v1.2.60
  • sigs.k8s.io/yaml v1.3.0 new

Previous release can be found at v0.13.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.7.0-alpha.0-1-g2bb2efc
docker.io/coredns/coredns:1.8.6
gcr.io/etcd-development/etcd:v3.5.1
k8s.gcr.io/kube-apiserver:v1.23.0-alpha.4
k8s.gcr.io/kube-controller-manager:v1.23.0-alpha.4
k8s.gcr.io/kube-scheduler:v1.23.0-alpha.4
k8s.gcr.io/kube-proxy:v1.23.0-alpha.4
ghcr.io/talos-systems/kubelet:v1.23.0-alpha.4
ghcr.io/talos-systems/installer:v0.14.0-alpha.1
k8s.gcr.io/pause:3.2

Don't miss a new talos release

NewReleases is sending notifications on new releases.