Talos 1.1.0-alpha.1 (2022-04-21)
Welcome to the v1.1.0-alpha.1 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Apply Config --dry-run
The commands talosctl apply-config, talosctl patch mc and talosctl edit mc now support --dry-run flag.
If enabled it just prints out the selected config application mode and the configuration diff.
IPv6 in Docker-based Talos Clusters
The command talosctl cluster create now enables IPv6 by default for the Docker containers
created for Talos nodes. This allows to use IPv6 addresses in Kubernetes networking.
If talosctl cluster create fails to work on Linux due to the lack of IPv6 support,
please use the flag --disable-docker-ipv6 to revert the change.
drop some default rules shipped by eudev
Drops some default eudev rules that doesn't make sense in the context of Talos OS.
Especially the ones around sound devices, cd-roms and renaming the network interfaces to be predictable
Pod Security Admission
Pod Security Admission controller is enabled by default with the following policy:
apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
- configuration:
apiVersion: pod-security.admission.config.k8s.io/v1alpha1
defaults:
audit: restricted
audit-version: latest
enforce: baseline
enforce-version: latest
warn: restricted
warn-version: latest
exemptions:
namespaces:
- kube-system
runtimeClasses: []
usernames: []
kind: PodSecurityConfiguration
name: PodSecurity
path: ""The policy is part of the Talos machine configuration, and it can be modified to suite your needs.
Support RockPi 4 variants A and B
Talos now supports RockPi variants A and B in addition to RockPi 4C
Raspberry Pi PoE hat fan
Talos now enables the Raspberry Pi PoE fan control by pulling in the poe overlay that works with upstream kernel
Component Updates
- Linux: 5.15.35
- Kubernetes: 1.24.0-rc.0
- Flannel: 0.17.0
- runc: 1.1.1
Talos is built with Go 1.18.1.
x86-64 Architecture
Talos is built for x86-64 architecture with support for x86-64-v2 microarchitecture level,
so Talos no longer runs on processors supporting only baseline x86-64 microarchitecture (before 2009).
Contributors
- Andrey Smirnov
- Noel Georgi
- Tim Jones
- Spencer Smith
- Dmitriy Matrenichev
- Andrew Rynhard
- Artem Chernyshev
- Steve Francis
- Andrei Dobre
- Caleb Woodbine
- Daniel Höxtermann
- Jori Huisman
- Nico Berlee
- Serge Logvinov
- Seán C McCord
- Steve Francis
- Suraj Shirvankar
- Tim Jones
- Tomasz Zurkowski
- William Ashton
Changes
145 commits
- 8057d076a release(v1.1.0-alpha.1): prepare release
- 1d5c08e74 chore: bump kernel to 5.15.35
- 9bf23e516 feat: update Kubernetes to 1.24.0-rc.0
- d78ed320b docs: fix the docs reference to star registry redirects
- 257dfb870 fix: run the 'post' stage of the service always
- 992e23023 fix: correctly handle stopping services with reverse dependencies
- bb7a50bd5 docs: fix netlify redirects
- 486f79bc7 docs: fix netlify deploy url
- e8cbedb05 docs: add canonical link ref
- 0fe4a7832 docs: improve latest-version banner
- 23984efcd fix: detect lingering mounts in the installer correctly
- 54dba925f chore: refactor network resource to use typed resource
- 4eb9f45cc refactor: split polymorphic K8sControlPlane into typed resources
- 68dfdd331 fix: provide logger to the etcd snapshot restore
- f190403f0 docs: add how to get config after interactive setup
- fac7b9466 docs: improve vip caveats documentation
- 250df9e67 docs: improve rook-ceph description
- b5c1d868d docs: add talos/kubernetes config faq
- 39721ee93 chore: bump dependencies
- 610945774 chore: bump tools and pkgs
- 2b68c8b67 fix: enable long timestamps for xfs
- be00d7749 chore: implement cluster resources using cosi typed resource
- 460d5ab13 docs: fix extension services alias
- bbdfda2dd chore: xfs quota support in kernel
- 8ff8fc77f chore: enable rpi4 poe hat fan control
- 2b9722d1f feat: add
dry-runflag inapply-configandeditcommands - 8af50fcd2 fix: correct cri package import path
- ce09ede83 feat: update etcd to 3.5.3
- 13f41badd chore: bump kernel to 5.15.34
- fa57b5d92 docs: reorganize documentation
- a91eb9358 chore: bump deps
- 0aad0df2e refactor: remove
String()for resource implementation - a4060513c feat: build Talos with support for x86-64-v2 microarchitecture
- 8faebd410 chore: bump tools and pkgs
- 8499b7e7d chore: bump dependencies
- a7ba7ea67 feat: migrate to go 1.18
- 9dace93b5 feat: enable Pod Security Admission by default
- c382cb8cd docs: update vmware docs
- da0e638f0 docs: stableize tools versioning
- f2d2267e7 docs: use template for netlify redirects
- 88f1d8fcc docs: update sitemap to point to direct url
- a6eebee36 chore: update eudev
- 0cb84e8c1 fix: correctly parse tags out of images
- 17d09739f docs: enable nested arrow
- 1e4320b64 chore: add support for rockpi 4A and 4B
- d1869d948 docs: update to Sidero Metal, mention clusterctl
- 18d0038ec fix: avoid panic in DHCPv6 operator on nil dereference
- 9e3d438db docs: fix code fence formatting
- b3f1bb2cf fix: add support for FAT12/16 filesystems
- 8619f95c5 chore: bump dependencies
- 8c4f72004 docs: override sitemap.xml to only include latest results
- 5192ba4e2 docs: fix a typo in QEMU VM setup guide
- 663e3e879 refactor: change the stages for embed files generation
- 19bf12af0 fix: enable IPv6 in Docker-based Talos clusters
- 3889a5839 docs: update config.yaml, storage.md, digital-rebar.md
- 25d19131d release(v1.1.0-alpha.0): prepare release
- 2ca5279e5 fix: retry manifest updates in upgrade-k8s
- eeb756168 feat: use kexec when resetting a node
- 1ed1f73e5 test: bump CAPI to 1.1.3
- 2ee1d2c72 feat: update Kuberentes to 1.24.0-beta.0
- c26fa4ccc test: push GITHUB_TOKEN to the e2e-aws/gcp steps
- 95d900de7 feat: use kubeconfig env var
- 0b407dd17 feat: add dhcp-v6 NTP/DHCP-DUID
- a140a6bad docs: update releases shortcode in upgrade guide
- 12931dced fix: align partitions on 1M boundary
- 37f868e37 fix: validate empty TLS config for registries
- ca8b9c0a3 feat: update Kubernetes to 1.24.0-alpha.4
- d9ec6b215 chore: drop dirty from abbreviated tag
- 08624fd0b docs: add banner to main page
- fc23c7a59 test: bump versions for upgrade tests
- 4bfe68610 feat: update runc to 1.1.1
- b315ed953 chore: use go:embed instead of ldflags
- a5d64fc81 feat: update Flannel to 0.17.0
- 6d6eb3f6a docs: fork docs for 1.1
- 1d55f05d1 docs: update index page
- ad6b7ec1a fix: enable etcd consistency on check startup
- 65a31f753 docs: re-add GA token
- 741c04832 docs: mark 1.0 docs as latest
- e97433c8a docs: update jetson nano
- 6665e0f00 docs: code block copying
- c41f2b216 docs: update whats-new-v1.0
- 0a36fbbf3 docs: add release notes for 1.0
- bd0035f6a docs: add NVIDIA docs
- efa3f2898 fix: correctly find partitions with config data (
metal-iso) - 9ebeec0d0 docs: fix incorrect path for talosconfig
- 9fef4540e docs: fix non-latest download links
- f8ef6a081 docs: add rook ceph configuration guide
- e2666f58f chore: bump kernel to 5.15.32
- 957b2f233 chore: bump dependencies
- 0fd2aa08b fix: correctly escape '.' in volume names
- 108fd03a7 fix: give up virtual IPs before the kubelet workloads are shut down
- 856e1333d fix: use 'localhost' endpoint in docker provisioner on Windows
- c5da38609 docs: use variables and templates in the docs
- 4c83847b9 docs: target search results
- 67fb72d96 docs: add algolia versions to all content
- 5344d6e7c docs: fix extension service
pathdependency - 9b9191c5e fix: increase intiial window and connection window sizes
- 7a88a0224 docs: show archived/pre-release banner based on version
- e403470bf docs: filter algolia results by latest
- 0497d5f9f docs: tag latest docs for search
- a25425483 feat: update containerd to 1.6.2, Linux to 5.15.31
- 9b6422fcc feat: update CoreDNS to 1.9.1
- 020856f80 docs: remove second search bar
- 5f27f4c63 docs: update asset links
- 9ff42b432 docs: fix redirects for /docs URLs
- 7283efd56 chore: update the talosctl CNI download url
- e0eee7fcc test: use clusterctl.yaml overrides after org rename
- 73966f51e docs: fix extensions
- f9766edb5 docs: remove empty doc file
- e06e1473b feat: update golangci-lint to 1.45.0 and gofumpt to 0.3.0
- a92c614b2 docs: add enterprise link to docs header
- 0ae7174ba docs: update search settings and redirects
- 883d401f9 chore: rename github organization to siderolabs
- d1294d014 chore: add day-two tests for e2e-qemu
- a6240e4b6 feat: update Linux to 5.15.30
- e3fda049f docs: overhaul all the docs
- f47750726 fix: the etcd recovery client and tests
- 69e07cddc fix: trigger properly
udevdon types and actions - 47d0e629d fix: clean up custom udev rules if the config is cleared
- b6691b350 chore: bump dependencies
- 27af5d41c feat: pause the boot process on some failures instead of rebooting
- 58cb9db1e feat: allow hardlinks in the system extension images
- 1e982808f fix: ignore pod CIDRs for kubelet node IPs
- 5e0c80f61 fix: ignore connection reset errors on k8s upgrade
- c156580a3 fix: split regular network operation configuration and virtual IP
- cd4d4c605 feat: relax extensions file structure validation
- 50594ab1a fix: ignore terminated pods in pod health checks
- 9d69fb6b4 feat: update Kubernetes to 1.23.5
- 327ce5aba fix: invert the condition to skip kubelet kernel checks
- cf85b3f07 docs: update cilium inline install
- 84ee1795d docs: update logo
- cc7719c9d docs: improve comments in security proto
- caf800fe8 feat: implement D-Bus systemd-compatible shutdown for kubelet
- 6bec08429 feat: add talosctl completions to copy, usage, logs, restart and service
- 355b1a4be fix: refresh etcd certs on startup/join
- d256b5c5e docs: fix spelling mistakes
- 5fdedae20 chore: bump kernel to 5.15.28
- 18a21b5f2 chore: add dependency images-essential -> images
- 714e5eca6 chore: bump dependencies
- 58be4067e docs: update README.md
- c5fb20930 docs: add loki note
- f448cb4f3 feat: bump boot partition size to 1000 MiB
- a095acb09 chore: fix equinixMetal platform name
- 2a7f9a445 fix: check for IPv6 before applying accept_ra
- 59681b8c9 fix: backport fixes from release-1.0 branch
Changes since v1.1.0-alpha.0
55 commits
- 8057d076a release(v1.1.0-alpha.1): prepare release
- 1d5c08e74 chore: bump kernel to 5.15.35
- 9bf23e516 feat: update Kubernetes to 1.24.0-rc.0
- d78ed320b docs: fix the docs reference to star registry redirects
- 257dfb870 fix: run the 'post' stage of the service always
- 992e23023 fix: correctly handle stopping services with reverse dependencies
- bb7a50bd5 docs: fix netlify redirects
- 486f79bc7 docs: fix netlify deploy url
- e8cbedb05 docs: add canonical link ref
- 0fe4a7832 docs: improve latest-version banner
- 23984efcd fix: detect lingering mounts in the installer correctly
- 54dba925f chore: refactor network resource to use typed resource
- 4eb9f45cc refactor: split polymorphic K8sControlPlane into typed resources
- 68dfdd331 fix: provide logger to the etcd snapshot restore
- f190403f0 docs: add how to get config after interactive setup
- fac7b9466 docs: improve vip caveats documentation
- 250df9e67 docs: improve rook-ceph description
- b5c1d868d docs: add talos/kubernetes config faq
- 39721ee93 chore: bump dependencies
- 610945774 chore: bump tools and pkgs
- 2b68c8b67 fix: enable long timestamps for xfs
- be00d7749 chore: implement cluster resources using cosi typed resource
- 460d5ab13 docs: fix extension services alias
- bbdfda2dd chore: xfs quota support in kernel
- 8ff8fc77f chore: enable rpi4 poe hat fan control
- 2b9722d1f feat: add
dry-runflag inapply-configandeditcommands - 8af50fcd2 fix: correct cri package import path
- ce09ede83 feat: update etcd to 3.5.3
- 13f41badd chore: bump kernel to 5.15.34
- fa57b5d92 docs: reorganize documentation
- a91eb9358 chore: bump deps
- 0aad0df2e refactor: remove
String()for resource implementation - a4060513c feat: build Talos with support for x86-64-v2 microarchitecture
- 8faebd410 chore: bump tools and pkgs
- 8499b7e7d chore: bump dependencies
- a7ba7ea67 feat: migrate to go 1.18
- 9dace93b5 feat: enable Pod Security Admission by default
- c382cb8cd docs: update vmware docs
- da0e638f0 docs: stableize tools versioning
- f2d2267e7 docs: use template for netlify redirects
- 88f1d8fcc docs: update sitemap to point to direct url
- a6eebee36 chore: update eudev
- 0cb84e8c1 fix: correctly parse tags out of images
- 17d09739f docs: enable nested arrow
- 1e4320b64 chore: add support for rockpi 4A and 4B
- d1869d948 docs: update to Sidero Metal, mention clusterctl
- 18d0038ec fix: avoid panic in DHCPv6 operator on nil dereference
- 9e3d438db docs: fix code fence formatting
- b3f1bb2cf fix: add support for FAT12/16 filesystems
- 8619f95c5 chore: bump dependencies
- 8c4f72004 docs: override sitemap.xml to only include latest results
- 5192ba4e2 docs: fix a typo in QEMU VM setup guide
- 663e3e879 refactor: change the stages for embed files generation
- 19bf12af0 fix: enable IPv6 in Docker-based Talos clusters
- 3889a5839 docs: update config.yaml, storage.md, digital-rebar.md
Changes from siderolabs/extras
2 commits
- siderolabs/extras@ac3b9a4 chore: bump pkgs
- siderolabs/extras@d4f8e88 chore: update references after org rename
Changes from siderolabs/pkgs
31 commits
- siderolabs/pkgs@95f4418 chore: bump kernel to 5.15.35
- siderolabs/pkgs@201af71 chore: bump tools and bldr
- siderolabs/pkgs@3de14d7 chore: enable xfs quota support
- siderolabs/pkgs@6955fd0 chore: bump raspberrypi-firmware to 1.20220331
- siderolabs/pkgs@5b498d8 chore: bump linux-firmware 20220401
- siderolabs/pkgs@9cda5c0 chore: bump kernel to 5.15.34
- siderolabs/pkgs@8b48af6 chore: bump tools
- siderolabs/pkgs@ff13660 chore: bump kernel to 5.15.33
- siderolabs/pkgs@415020f chore: bump eudev, remove non-relevant default rules
- siderolabs/pkgs@6691342 chore: add rockpi4c
- siderolabs/pkgs@5bd5fad chore: build u-boot spi image for rockpi
- siderolabs/pkgs@4dace49 fix: ipxe prompt arm64
- siderolabs/pkgs@6041fd7 chore: update to use latest tools (specifically go 1.18)
- siderolabs/pkgs@4b3e70e chore: upstream u-boot for jetson nano
- siderolabs/pkgs@cc1c8c7 feat: update runc to 1.1.1
- siderolabs/pkgs@3baf4e4 chore: enable random trust CPU
- siderolabs/pkgs@df31920 chore: disable sound
- siderolabs/pkgs@c27751b chore: bump nvidia drivers to 510.60.02
- siderolabs/pkgs@ba98e20 chore: bump kernel to 5.15.32
- siderolabs/pkgs@a76edfd feat: update containerd to 1.6.2
- siderolabs/pkgs@0c38670 chore: bump kernel to 5.15.31
- siderolabs/pkgs@bc4fb0c chore: org update
- siderolabs/pkgs@41f291d feat: update Flannel CNI to 1.0.1
- siderolabs/pkgs@58603ba chore: bump kernel to 5.15.30
- siderolabs/pkgs@d3bb262 chore: bump kernel to 5.15.29
- siderolabs/pkgs@76a24b5 chore: update openssl to 1.1.1n
- siderolabs/pkgs@490c7b7 chore: enable aarch64 NVIDIA drivers
- siderolabs/pkgs@b794b7a chore: bump linux-firmware to 20220310
- siderolabs/pkgs@acda207 chore: bump kernel to 5.15.28
- siderolabs/pkgs@e0fec11 chore: bump nvidia driver to 510.54
- siderolabs/pkgs@0407f05 chore: bump kernel to 5.15.27
Changes from siderolabs/tools
11 commits
- siderolabs/tools@8c1f801 chore: bump coreutils to 9.1
- siderolabs/tools@533d5c9 chore: bump git to 2.35.2
- siderolabs/tools@a15cbee chore: bump go to 1.18.1
- siderolabs/tools@718ec10 chore: enable conform
- siderolabs/tools@a60a332 chore: bump xz and gzip
- siderolabs/tools@c8a3d4d chore: update go to 1.18
- siderolabs/tools@1684fdc chore: bump expat to 2.4.8
- siderolabs/tools@7f5e44c chore: bump zlib to 1.2.12
- siderolabs/tools@bfc99ca chore: rename org
- siderolabs/tools@99be089 chore: update openssl to 1.1.1n
- siderolabs/tools@b63872b chore: update golang to 1.17.8
Changes from talos-systems/go-blockdevice
2 commits
- siderolabs/go-blockdevice@d9c3a27 feat: support probing FAT12/FAT16 filesystems
- siderolabs/go-blockdevice@b374eb4 fix: align partition to 1M boundary by default
Dependency Changes
- cloud.google.com/go/compute v1.5.0 -> v1.6.0
- github.com/BurntSushi/toml v1.0.0 -> v1.1.0
- github.com/aws/aws-sdk-go v1.43.8 -> v1.43.41
- github.com/containernetworking/plugins v1.1.0 -> v1.1.1
- github.com/cosi-project/runtime 264f8fcd1a4f -> 639b4a2e6120
- github.com/docker/distribution v2.8.0 -> v2.8.1
- github.com/docker/docker v20.10.12 -> v20.10.14
- github.com/gdamore/tcell/v2 f057f0a857a1 -> v2.5.1
- github.com/google/nftables 211824995dcb -> 950e408d48c6
- github.com/insomniacslk/dhcp 3c283ff8b7dd -> 12fbdcb11b41
- github.com/jsimonetti/rtnetlink v1.1.0 -> v1.2.0
- github.com/rivo/tview 96063d6082f3 -> 9994674d60a8
- github.com/rs/xid v1.3.0 -> v1.4.0
- github.com/siderolabs/extras v1.0.0 -> v1.1.0-alpha.0-1-gac3b9a4
- github.com/siderolabs/pkgs v1.0.0-6-g7c293d5 -> v1.1.0-alpha.0-28-g95f4418
- github.com/siderolabs/tools v1.0.0-1-g4c77d96 -> v1.1.0-alpha.0-10-g8c1f801
- github.com/spf13/cobra v1.3.0 -> v1.4.0
- github.com/stretchr/testify v1.7.0 -> v1.7.1
- github.com/talos-systems/go-blockdevice v0.3.1 -> d9c3a2738861
- github.com/vishvananda/netlink 650dca95af54 -> v1.2.0-beta
- github.com/vmware-tanzu/sonobuoy v0.56.2 -> v0.56.4
- github.com/vmware/vmw-guestinfo cc1fd90d572c -> 510905f0efa3
- go.etcd.io/etcd/api/v3 v3.5.2 -> v3.5.3
- go.etcd.io/etcd/client/pkg/v3 v3.5.2 -> v3.5.3
- go.etcd.io/etcd/client/v3 v3.5.2 -> v3.5.3
- go.etcd.io/etcd/etcdutl/v3 v3.5.2 -> v3.5.3
- golang.org/x/net 27dd8689420f -> 290c469a71a5
- golang.org/x/sys 4e6760a101f9 -> 33da011f77ad
- golang.org/x/term 03fcf44c2211 -> e5f449aeb171
- golang.org/x/time 0e9765cccd65 -> 583f2d630306
- golang.zx2c4.com/wireguard/wgctrl fde48d68ee68 -> fec8f2be4827
- google.golang.org/grpc v1.44.0 -> v1.45.0
- google.golang.org/protobuf v1.27.1 -> v1.28.0
- k8s.io/api v0.23.5 -> v0.24.0-beta.0
- k8s.io/apimachinery v0.23.5 -> v0.24.0-beta.0
- k8s.io/apiserver v0.23.5 -> v0.24.0-beta.0
- k8s.io/client-go v0.23.5 -> v0.24.0-beta.0
- k8s.io/component-base v0.23.5 -> v0.24.0-beta.0
- k8s.io/cri-api v0.23.5 -> v0.24.0-beta.0
- k8s.io/kubectl v0.23.5 -> v0.24.0-beta.0
- k8s.io/kubelet v0.23.5 -> v0.24.0-beta.0
- kernel.org/pub/linux/libs/security/libcap/cap v1.2.63 -> v1.2.64
Previous release can be found at v1.0.0
Images
ghcr.io/siderolabs/flannel:v0.17.0
ghcr.io/siderolabs/install-cni:v1.1.0-alpha.0-1-gac3b9a4
docker.io/coredns/coredns:1.9.1
gcr.io/etcd-development/etcd:v3.5.3
k8s.gcr.io/kube-apiserver:v1.24.0-rc.0
k8s.gcr.io/kube-controller-manager:v1.24.0-rc.0
k8s.gcr.io/kube-scheduler:v1.24.0-rc.0
k8s.gcr.io/kube-proxy:v1.24.0-rc.0
ghcr.io/siderolabs/kubelet:v1.24.0-rc.0
ghcr.io/siderolabs/installer:v1.1.0-alpha.1
k8s.gcr.io/pause:3.6