siderolabs/talos v0.14.0-alpha.1 on GitHub

Talos 0.14.0-alpha.1 (2021-11-15)

Welcome to the v0.14.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Kexec and capabilities

When kexec support is disabled
Talos no longer drops Linux capabilities (CAP_SYS_BOOT and CAP_SYS_MODULES) for child processes.
That is helpful for advanced use-cases like Docker-in-Docker.

If you want to permanently disable kexec and capabilities dropping, pass kexec_load_disabled=1 argument to the kernel.

For example:

install:
  extraKernelArgs:
    - sysctl.kernel.kexec_load_disabled=1

Please note that capabilities are dropped before machine configuration is loaded,
so disabling kexec via machine.sysctls will not be enough.

Cluster Discovery

Cluster Discovery is enabled by default for Talos 0.14.
Cluster Discovery can be disabled with talosctl gen config --with-cluster-discovery=false.

Kubelet

Kubelet service can now be restarted with talosctl service kubelet restart.

Kubelet node IP configuration (.machine.kubelet.nodeIP.validSubnets) can now include negative subnet matches (prefixed with !).

Log Shipping

Talos can now ship system logs to the configured destination using either JSON-over-UDP or JSON-over-TCP:
see .machine.logging machine configuration option.

`talosctl support`

talosctl CLI tool now has a new subcommand called support, that can gather all
cluster information that could help with future debugging in a single run.

Output of the command is a zip archive with all talos service logs, kubernetes pod logs and manifests,
talos resources manifests and so on.
Generated archive does not contain any secret information so it is safe to send it for analysis to a third party.

Component Updates

Linux: 5.15.1
etcd: 3.5.1
containerd: 1.5.7
Kubernetes: 1.23.0-alpha.4
CoreDNS: 1.8.6

Talos is built with Go 1.17.2

Kubernetes Upgrade Enhancements

talosctl upgrade-k8s now syncs all Talos manifest resources generated from templates.

So there is no need to update CoreDNS, Flannel container manually after running upgrade-k8s anymore.

Contributors

Andrey Smirnov
Alexey Palazhchenko
Artem Chernyshev
Serge Logvinov
Noel Georgi
Spencer Smith
Nico Berlee
Alex Zero
Andrew Rynhard
Branden Cash
David Haines
Gerard de Leeuw
Michael Fornaro
Rui Lopes

Changes

102 commits

695300dac release(v0.14.0-alpha.1): prepare release
753a82188 refactor: move pkg/resources to machinery
0102a64a5 refactor: remove pkg/resources dependencies on wgtypes, netx
7462733bc chore: update golangci-lint
032c99a03 refactor: remove pkg/resources dependencies on k8s and base62
4a5cff45f perf: raspberry PIs clockspeed as fast as firmware allows
a76f6d69d feat: allow kubelet to be restarted and provide negative nodeIP subnets
189221d58 chore: update dependencies
41f0aecc1 docs: update partition info
95105071d chore: fix simple issues found by golangci-lint
d4b0ca21a test: retry upgrade mutex lock failures
4357e9a84 docs: add Talos partions info
8e8687d75 fix: use temporary sonobuoy version
e4e8e8737 test: disable e2e-misc test with Canal CNI
897da2f6e docs: common typos
a50483ddd feat: update Linux to 5.15.1
a2233bfe4 fix: improve NTP sync process
7efc1238e fix: parse partition size correctly
d6147eb17 chore: update sonobuoy
efbae7857 fix: use etc folder for du cli tests
198eea51a fix: wait for follow reader to start before writing to the file
e7f715eb0 chore: log KubeSpan IPs overlaps
82a1ad168 chore: bump dependencies
e8fccbf53 fix: clear time adjustment error when setting time to specific value
e6f90bb41 chore: remove unused parameters
785161d19 feat: update k8s to 1.23.0-alpha.4
fe228d7c8 fix: do not use yaml.v2 in the support cmd
9b48ca217 fix: endpoints and nodes in generated talosconfig
6e16fd2fe chore: update tools, pkgs, and extras
261c497c7 feat: implement talosctl support command
fc7dc4548 chore: check our API idiosyncrasies
b15844298 feat: use GCP deployment manager
3e7d4df99 chore: bump dependencies
88f242295 refactor: get rid of prometheus/procfs dependency in pkg/resources
dd196d300 refactor: prepare for move of pkg/resources to machinery
f6110f803 fix: remove listening socket to fix Talos in a container restart
53bbb13ed docs: update docs with emmc boot guide
8329d2111 chore: split polymorphic RootSecret resource into specific types
c97becdd9 chore: remove interfaces and routes APIs
d798635d9 feat: automatically limit kubelet node IP family based on service CIDRs
205a8d6dc chore: make nethelpers build on all OSes
5b5dd49f6 feat: extract JSON fields from more log messages
eb4f11822 docs: create cluster in hetzner cloud
728164e25 docs: fix kexec_load_disabled param name in release notes
f6328f09a fix: fix filename typo
01b0f0abb release(v0.14.0-alpha.0): prepare release
8b6206537 fix: skip generating empty .machine.logging
60ad00636 fix: don't drop ability to use ambient capabilities
b6b78e7fe test: add cluster discovery integration tests
97d64d160 fix: hcloud network config changes
4c76865d0 feat: multiple logging improvements
1d1e1df64 fix: handle skipped mounts correctly
0a964d921 test: fix openstack unit-test stability
72f62ac27 chore: bump Go and Docker dependencies
9c48ebe8f fix: gcp fetching externalIP
6c297268c test: fix e2e k8s version
ae5af9d3f feat: update Kubernetes to 1.23.0-alpha.3
28d3a69e9 feat: openstack config-drive support
2258bc491 test: update GCP e2e script to work with new templates
36b6ace25 feat: update Linux to 5.10.75
38516a549 test: update Talos versions in upgrade tests
cff20ec78 fix: change services OOM score
666a2b620 feat: azure platform ipv6 support
d32814e30 feat: extract JSON fields from log lines
e77d81fff fix: treat literal 'unknown' as a valid machine type
c8e404e35 test: update vars for AWS cluster
ad23891b1 feat: update CoreDNS version 1.8.6
41299cae9 feat: udev rules support
5237fdc95 feat: send JSON logs over UDP
6d44587a4 feat: coredns service dualstack
12f7888b7 feat: feed control plane endpoints on workers from cluster discovery
431e4fb4b chore: bump Go and Docker dependencies
89f3b9f8d feat: update etcd to 3.5.1
e60469a38 feat: initial support for JSON logging
68c420e3c feat: enable cluster discovery by default
3e100aa97 test: workaround EventsWatch test flakiness
9bd4838ac chore: stop using sonobuoy CLI
6ad459519 docs: fix field names for bonding configuration
d7a3b7b5b chore: use discovery-client and discovery-api modules
d6309eed6 docs: create docs for Talos 0.14
c0fda6436 fix: attempt to clean up tasks in containerd runner
8cf442daa chore: bump tools, pkgs, extras
0dad5f4d7 chore: small cleanup
e3e2113ad feat: upgrade CoreDNS during upgrade-k8s call
d92c98e19 docs: fix discovery service documentation link
e44b11c59 feat: update containerd to 1.5.7, bump Go dependencies
24129307a docs: make Talos 0.13 docs latest, update documentation
31b6e39e5 fix: delete expired affiliates from the discovery service
877a2b6fc test: bump CAPI components to v1alpha4
2ba0e0ac4 docs: add KubeSpan documentation
997873b6d fix: use ECDSA-SHA512 when generating certs for Talos < 0.13
7137166d1 fix: allow overriding audit-policy-file in kube-apiserver static pod
8fcd42196 chore: fix integration-qemu-race
91a858b53 fix: sort output of the argument builder
657f7a56b fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs
983d2459e feat: suppress logging NTP sync to the console
022c7335f fix: add interface route if DHCP4 router is not directly routeable
66a1579ea fix: don't enable 'no new privs' on the system level
423861cf9 feat: don't drop capabilities if kexec is disabled
facc8c38a docs: fix documentation for cluster discovery
ce65ca4e4 chore: build using only amd64 builders
e9b0f010d chore: update docker image in the pipeline

Changes since v0.14.0-alpha.0

45 commits

695300dac release(v0.14.0-alpha.1): prepare release
753a82188 refactor: move pkg/resources to machinery
0102a64a5 refactor: remove pkg/resources dependencies on wgtypes, netx
7462733bc chore: update golangci-lint
032c99a03 refactor: remove pkg/resources dependencies on k8s and base62
4a5cff45f perf: raspberry PIs clockspeed as fast as firmware allows
a76f6d69d feat: allow kubelet to be restarted and provide negative nodeIP subnets
189221d58 chore: update dependencies
41f0aecc1 docs: update partition info
95105071d chore: fix simple issues found by golangci-lint
d4b0ca21a test: retry upgrade mutex lock failures
4357e9a84 docs: add Talos partions info
8e8687d75 fix: use temporary sonobuoy version
e4e8e8737 test: disable e2e-misc test with Canal CNI
897da2f6e docs: common typos
a50483ddd feat: update Linux to 5.15.1
a2233bfe4 fix: improve NTP sync process
7efc1238e fix: parse partition size correctly
d6147eb17 chore: update sonobuoy
efbae7857 fix: use etc folder for du cli tests
198eea51a fix: wait for follow reader to start before writing to the file
e7f715eb0 chore: log KubeSpan IPs overlaps
82a1ad168 chore: bump dependencies
e8fccbf53 fix: clear time adjustment error when setting time to specific value
e6f90bb41 chore: remove unused parameters
785161d19 feat: update k8s to 1.23.0-alpha.4
fe228d7c8 fix: do not use yaml.v2 in the support cmd
9b48ca217 fix: endpoints and nodes in generated talosconfig
6e16fd2fe chore: update tools, pkgs, and extras
261c497c7 feat: implement talosctl support command
fc7dc4548 chore: check our API idiosyncrasies
b15844298 feat: use GCP deployment manager
3e7d4df99 chore: bump dependencies
88f242295 refactor: get rid of prometheus/procfs dependency in pkg/resources
dd196d300 refactor: prepare for move of pkg/resources to machinery
f6110f803 fix: remove listening socket to fix Talos in a container restart
53bbb13ed docs: update docs with emmc boot guide
8329d2111 chore: split polymorphic RootSecret resource into specific types
c97becdd9 chore: remove interfaces and routes APIs
d798635d9 feat: automatically limit kubelet node IP family based on service CIDRs
205a8d6dc chore: make nethelpers build on all OSes
5b5dd49f6 feat: extract JSON fields from more log messages
eb4f11822 docs: create cluster in hetzner cloud
728164e25 docs: fix kexec_load_disabled param name in release notes
f6328f09a fix: fix filename typo

Changes from talos-systems/discovery-api

2 commits

siderolabs/discovery-api@db279ef feat: initial set of APIs and generated files
siderolabs/discovery-api@ac52a37 chore: initial commit

Changes from talos-systems/discovery-client

2 commits

siderolabs/discovery-client@a9a5e9b feat: initial client code
siderolabs/discovery-client@98eb999 chore: initial commit

Changes from talos-systems/extras

2 commits

siderolabs/extras@2bb2efc chore: update pkgs and tools
siderolabs/extras@d6e8b3a chore: update pkgs and tools

Changes from talos-systems/net

1 commit

siderolabs/net@0abe5bd feat: implement FilterIPs function

Changes from talos-systems/pkgs

15 commits

siderolabs/pkgs@740da24 feat: bump raspberrypi-firmware to 1.20211029
siderolabs/pkgs@832dae4 fix: enable CONFIG_DM_SNAPSHOT
siderolabs/pkgs@f307e64 feat: update Linux to 5.15.1
siderolabs/pkgs@4f0f238 chore: update tools
siderolabs/pkgs@932c3cf feat: update libseccomp to 2.5.3
siderolabs/pkgs@7f3311e feat: update cpu governor to schedutil
siderolabs/pkgs@b4cdb99 fix: update containerd shas
siderolabs/pkgs@80a63d4 feat: update Linux to 5.10.75
siderolabs/pkgs@5c98efd feat: add QLogic QED 25/40/100Gb Ethernet NIC driver
siderolabs/pkgs@bfb2365 feat: enable driver for SuperMicro raid controller
siderolabs/pkgs@657e16b feat: enable Intel VMD driver
siderolabs/pkgs@f7d9d72 feat: enable smarpqi driver and related options
siderolabs/pkgs@bca3be0 feat: enable aqtion device driver
siderolabs/pkgs@b88127a chore: update tools
siderolabs/pkgs@971735f feat: update containerd to 1.5.7

Changes from talos-systems/tools

6 commits

siderolabs/tools@96e0231 feat: update squashfs-tools to 4.5
siderolabs/tools@2c9c826 feat: update libseccomp to 2.5.3
siderolabs/tools@f713a7c feat: update protobuf to 3.19.1, grpc-go to 1.42.0
siderolabs/tools@972c5ef feat: update Go to 1.17.3
siderolabs/tools@f63848c feat: update PCRE version and source host
siderolabs/tools@fab7532 feat: update Go to 1.17.2

Dependency Changes

github.com/AlekSi/pointer v1.1.0 -> v1.2.0
github.com/containerd/cgroups v1.0.1 -> v1.0.2
github.com/containerd/containerd v1.5.5 -> v1.5.7
github.com/docker/docker v20.10.8 -> v20.10.10
github.com/evanphx/json-patch v4.11.0 -> v4.12.0
github.com/gosuri/uiprogress v0.0.1 new
github.com/hashicorp/go-getter v1.5.8 -> v1.5.9
github.com/hetznercloud/hcloud-go v1.32.0 -> v1.33.1
github.com/insomniacslk/dhcp b95caade3eac -> ad197bcd36fd
github.com/jsimonetti/rtnetlink 435639c8e6a8 -> 93da33804786
github.com/jxskiss/base62 4f11678b909b -> v1.0.0
github.com/mdlayher/ethtool 2b88debcdd43 -> 288d040e9d60
github.com/rivo/tview ee97a7ab3975 -> badfa0f0b301
github.com/talos-systems/discovery-api v0.1.0 new
github.com/talos-systems/discovery-client v0.1.0 new
github.com/talos-systems/extras v0.6.0 -> v0.7.0-alpha.0-1-g2bb2efc
github.com/talos-systems/net v0.3.0 -> 0abe5bdae8f8
github.com/talos-systems/pkgs v0.8.0 -> v0.9.0-alpha.0-14-g740da24
github.com/talos-systems/talos/pkg/machinery v0.13.0 -> 000000000000
github.com/talos-systems/tools v0.8.0 -> v0.9.0-alpha.0-5-g96e0231
github.com/vmware-tanzu/sonobuoy v0.53.2 -> v0.55.0
github.com/vmware/govmomi v0.26.1 -> v0.27.1
github.com/vmware/vmw-guestinfo 687661b8bd8e -> cc1fd90d572c
go.etcd.io/etcd/api/v3 v3.5.0 -> v3.5.1
go.etcd.io/etcd/client/pkg/v3 v3.5.0 -> v3.5.1
go.etcd.io/etcd/client/v3 v3.5.0 -> v3.5.1
go.etcd.io/etcd/etcdutl/v3 v3.5.0 -> v3.5.1
golang.org/x/net 3ad01bbaa167 -> 69e39bad7dc2
golang.org/x/sys 39ccf1dd6fa6 -> 0c823b97ae02
golang.org/x/term 140adaaadfaf -> 03fcf44c2211
golang.zx2c4.com/wireguard/wgctrl 0a2f4901cba6 -> 0073765f69ba
google.golang.org/grpc v1.41.0 -> v1.42.0
inet.af/netaddr 85fa6c94624e -> c74959edd3b6
k8s.io/api v0.22.2 -> v0.23.0-alpha.4
k8s.io/apimachinery v0.22.2 -> v0.23.0-alpha.4
k8s.io/client-go v0.22.2 -> v0.23.0-alpha.4
k8s.io/cri-api v0.22.2 -> v0.23.0-alpha.4
k8s.io/kubectl v0.22.2 -> v0.23.0-alpha.4
k8s.io/kubelet v0.22.2 -> v0.23.0-alpha.4
kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 -> v1.2.60
sigs.k8s.io/yaml v1.3.0 new

Previous release can be found at v0.13.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.7.0-alpha.0-1-g2bb2efc
docker.io/coredns/coredns:1.8.6
gcr.io/etcd-development/etcd:v3.5.1
k8s.gcr.io/kube-apiserver:v1.23.0-alpha.4
k8s.gcr.io/kube-controller-manager:v1.23.0-alpha.4
k8s.gcr.io/kube-scheduler:v1.23.0-alpha.4
k8s.gcr.io/kube-proxy:v1.23.0-alpha.4
ghcr.io/talos-systems/kubelet:v1.23.0-alpha.4
ghcr.io/talos-systems/installer:v0.14.0-alpha.1
k8s.gcr.io/pause:3.2