CHANGELOG.md

Talos 0.12.0-alpha.1 (2021-08-13)

Welcome to the v0.12.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Support for Self-hosted Control Plane Dropped

Note: This item only applies to clusters bootstrapped with Talos <= 0.8.

Talos 0.12 completely removes support for self-hosted Kubernetes control plane (bootkube-based). Talos 0.9 introduced support for Talos-managed control plane and provided migration path to convert self-hosted control plane to Talos-managed static pods. Automated and manual conversion process is available in Talos from 0.9.x to 0.11.x. For clusters bootstrapped with bootkube (Talos <= 0.8), please make sure control plane is converted to Talos-managed before before upgrading to Talos 0.12. Current control plane status can be checked with talosctl get bootstrapstatus before performing upgrade to Talos 0.12.

Cluster API v0.3.x

Cluster API v0.3.x (v1alpha3) is not compatible with Kubernetes 1.22 used by default in Talos 0.12. Talos can be configued to use Kubernetes 1.21 or CAPI v0.4.x components can be used instead.

Machine Config Validation

Unknown keys in the machine config now make the config invalid, so any attempt to apply/edit the configuration with the unknown keys will lead into an error.

Sysctl Configuration

Sysctl Kernel Params configuration was completely rewritten to be based on controllers and resources, which makes it possible to apply .machine.sysctls in immediate mode (without a reboot). talosctl get kernelparams returns merged list of KSPP, Kubernetes and user defined params along with the default values overwritten by Talos.

Equinix Metal

Added support for Equinix Metal IPs for the Talos virtual (shared) IP (option equnixMetal under vip in the machine configuration). Talos automatically re-assigns IP using the Equinix Metal API when leadership changes.

etcd

New etcd cluster members are now joined in learner mode, which improves cluster resiliency to member join issues.

Join Node Type

Node type join was renamed to worker for clarity. The old value is still accepted in the machine configuration but deprecated. talosctl gen config now generates worker.yaml instead of join.yaml.

Networking

• multiple static addresses can be specified for the interface with new .addresses field (old .cidr field is deprecated now)
• static addresses can be set on interfaces configured with DHCP

Performance

• machined uses less memory and CPU time
• more disk encryption options are exposed via the machine configuration
• disk partitions are now aligned properly with minimum I/O size
• Talos system processes are moved under proper cgroups, resource metrics are now available via the kubelet
• OOM score is set on the system processes making sure they are killed last under memory pressure

Security

• etcd PKI moved to /system/secrets
• kubelet bootstrap CSR auto-signing scoped to kubelet bootstrap tokens only
• enforce default seccomp profile on all system containers
• run system services apid, trustd, and etcd as non-root users

Component Updates

• Linux: 5.10.57
• Kubernetes: 1.22.0
• containerd: 1.5.5
• runc: 1.0.1
• GRUB: 2.06
• Talos is built with Go 1.16.7

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Andrey Smirnov
• Serge Logvinov
• Artem Chernyshev
• Spencer Smith
• Alexey Palazhchenko
• dependabot[bot]
• Andrew Rynhard
• Artem Chernyshev
• Rui Lopes
• Caleb Woodbine
• Seán C McCord

Changes

109 commits

• 1ed5e545 feat: add ClusterID and ClusterSecret
• 228b3761 chore: run etcd as non-root user
• 3518219b chore: drop deprecated --no-reboot param and KernelCurrentRoot const
• 33d1c3e4 chore: run apid and trustd services as non-root user
• dadaa65d feat: print uid/gid for the files in ls -l
• e6fa401b fix: enable seccomp default profile by default
• 8ddbcc96 feat: validate if extra fields present in the decoder
• 5b57a980 chore: update Go to 1.16.7, Linux to 5.10.57
• eefe1c21 feat: add new etcd members in learner mode
• b1c66fba feat: implement Equinix Metal support for virtual (shared) IP
• 62242f97 chore: require GPG signatures
• faecae44 feat: make ISO builds reproducible
• 887c2326 release(v0.12.0-alpha.0): prepare release
• a15f0184 fix: move etcd PKI under /system/secrets
• eb02afe1 fix: match correctly routes on the address family
• cb948acc feat: allow multiple addresses per interface
• e030b2e8 chore: use k8s 1.21.3 in CAPI tests for now
• e08b4f8f feat: implement sysctl controllers
• fdf6b243 chore: revert "improve artifacts generation reproducibility"
• b68ed1eb fix: make route resources ID match closer routing table primary key
• 585f6337 fix: correctly handle nodoc for struct fields
• f2d394dc docs: add AMIs for v0.11.5
• d0970cbf feat: bootstrap token limit
• 5285a46d fix: maintenance mode reason message
• 009d15e8 chore: use etcd client TryLock function on upgrade
• 4dae9ea5 chore: use vtprotobuf compiled marshaling in Talos API
• 7ca5749a chore: bump dependencies via dependabot
• b2507b41 chore: improve artifacts generation reproducibility
• 1f7dad23 chore: update PKGS version (512 cpus, new ca-certficates)
• 1a2e78a2 fix: update go-blockdevice
• 6d6ed117 chore: use parallel xz with higher compression level
• 571f7db1 chore: workaround GitHub new release notes limit
• 09d70b7e feat: update Kubernetes to v1.22.0
• f25f10e7 feat: add an option to disable PSP
• 7c6e4cf2 feat: allow both DHCP and static addressing for the interface
• 3c566dbc fix: remove admission plugins enabled by default from the list
• 69ead373 fix: preserve PMBR bootable flag correctly
• dee63051 fix: align partitions with minimal I/O size
• 62890229 feat: update GRUB to 2.06
• b9d04928 feat: move system processes to cgroups
• 0b8681b4 fix: resolve several issues with Wireguard link specs
• f8f4bf3b docs: add disk encryptions examples
• 79b8fa64 feat: update containerd to 1.5.5
• 539f4209 chore: bump dependencies via dependabot
• 0c7ce1cd feat: remove remnants of bootkube support
• d4f9804f chore: fix typos
• 5f027615 feat: expose more encryption options to the machine config
• 585152a0 chore: bump dependencies
• fc66ec59 feat: set oom score for main processes
• df54584a fix: drop linux capabilities
• f65d0b73 docs: add 0.11.3 AMIs
• 7332d636 fix: bump pkgs for new kernel 5.10.52
• 70d2505b fix: do not require ToVersion to be set when detecting version
• 0953b199 chore: update extras to bring a new CNI bundle
• b6c47f86 fix: set the /etc/os-release HOME_URL parameter
• c780821d feat: update containerd to 1.5.3, runc to 1.0.1
• f8f1c83a feat: detect the lowest Kubernetes version in upgrade-k8s CLI command
• 55e17ccd chore: bump dependencies
• da6f786c fix: kuberentes => kubernetes typo
• 2e463348 fix: pass all logs through the options.Log method
• 4e9c5afb fix: make ethtool optional in link status controller
• bf61c2cc fix: write upgrade logs only to the LogOutput if it's defined
• 9c73257c feat: update Go to 1.16.6
• 23ef1d40 chore: add ability to redirect talos upgrade module logs to io.Writer
• 33e9d6c9 chore: bump github.com/aws/aws-sdk-go in /hack/cloud-image-uploader
• 604434c4 chore: bump github.com/prometheus/procfs from 0.6.0 to 0.7.0
• 2ea28f62 chore: bump node from 16.3.0-alpine to 16.4.2-alpine
• b358a189 fix: correctly pick route scope for link-local destination
• 6848d431 feat: can change clusterdns ip lists
• 72b76abf fix: workaround issues when IPv6 is fully or partially disabled
• 679b08f4 docs: update docs for 0.12
• 6fbec9e0 fix: cache etcd client used for healthchecks
• eea750de chore: rename "join" type to "worker"
• 951493ac docs: update what's new for Talos 0.11
• b47d1098 docs: promote 0.11 docs to be the latest
• d930a265 chore: implement DeepCopy for machine configuration
• fe4ed3c7 chore: ignore tags which don't look like semantic version
• b969e772 chore: update references to old protobuf package
• 2ba8ac9a docs: add documentation directory for 0.12
• 011e2885 fix: validate bond slaves addressing
• 10c28758 fix: ignore DeadlineExceeded error correctly on bootstrap
• 77fabace chore: ignore future pkg/machinery/vX.Y.Z tags
• 6b661114 fix: make COSI runtime history depth smaller
• 9bf899bd fix: make forfeit leadership connect to the right node
• 4708beae feat: implement talosctl config info command
• 6d13d2cf fix: close Kubernetes API client
• aaa36f3b fix: ignore 'not a leader' error on forfeit leadership
• 22a41936 fix: workaround 'Unauthorized' errors when accessing Kubernetes API
• 71c6f700 chore: bump go.mod dependencies
• 915cd8fe docs: add guide for RBAC
• f5721050 fix: controlplane keyusage
• 3d772661 fix: fill uuid argument correctly in the config download URL
• d8602025 chore: update containerd config version 2
• 5949ec4e docs: describe the new network configuration subsystem
• 444d72b4 feat: update pkgs version
• e883c12b fix: make output of upgrade-k8s command less scary
• 7f8e50de fix: restart the merge controllers on conflict
• 60d73609 fix: ignore deadline exceeded errors on bootstrap
• ee06dd69 fix: don't print git sha of the release twice in the dashboard
• 07fb61e5 fix: issue worker apid certs properly on renewal
• 84817f73 chore: bump Talos version in upgrade tests
• 2fa54107 chore: fix tests for disabled RBAC
• 78583ba9 fix: don't set bond delay options if miimon is not enabled
• bbf1c091 feat: add RBAC to talosctl version output
• 5f6ec3ef fix: handle cases when merged resource re-appears before being destroyed
• 1e9a0e74 fix: documentation typos
• f228af40 chore: bump go.mod dependencies
• 2060ceaa chore: add CAPI version to CI setup
• ad047a7d chore: small RBAC improvements

Changes since v0.12.0-alpha.0

12 commits

• 1ed5e545 feat: add ClusterID and ClusterSecret
• 228b3761 chore: run etcd as non-root user
• 3518219b chore: drop deprecated --no-reboot param and KernelCurrentRoot const
• 33d1c3e4 chore: run apid and trustd services as non-root user
• dadaa65d feat: print uid/gid for the files in ls -l
• e6fa401b fix: enable seccomp default profile by default
• 8ddbcc96 feat: validate if extra fields present in the decoder
• 5b57a980 chore: update Go to 1.16.7, Linux to 5.10.57
• eefe1c21 feat: add new etcd members in learner mode
• b1c66fba feat: implement Equinix Metal support for virtual (shared) IP
• 62242f97 chore: require GPG signatures
• faecae44 feat: make ISO builds reproducible

Changes from talos-systems/crypto

1 commit

• deec8d4 chore: implement DeepCopy methods for PEMEncoded* types

Changes from talos-systems/extras

3 commits

• 8ce17e5 chore: bump tools and packages for Go 1.16.7
• 4957f3c chore: update pkgs to use CNI plugins v0.9.1
• 233716a feat: update Go to 1.16.6

Changes from talos-systems/go-blockdevice

4 commits

• fe24303 fix: perform correct PMBR partition calculations
• 2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
• 87816a8 feat: align partition to minimum I/O size
• c34b59f feat: expose more encryption options in the LUKS module

Changes from talos-systems/pkgs

17 commits

• da4ac04 chore: bump tools for Go 1.16.7
• 10275fb feat: update Linux to 5.10.57
• 875c7ec chore: patch grub with support for reproducible ISO builds
• 12856ce feat: increase number of CPUs supported by the kernel to 512
• cbfabac chore: update ca-certificates to 2021-07-05
• 0c011c0 feat: update GRUB to 2.06
• 5090d14 chore: update containerd to v1.5.5
• 6653902 feat: add kernel drivers for fusion and scsi-isci
• 9b4041f chore: update containerd to v1.5.4
• 7b6cc05 feat: update kernel to latest 5.10.52
• 65159fb chore: update runc and CNI plugins
• 514ba34 feat: disable aufs, devmapper, zfs
• 6bc118f chore: update runc and containerd
• b6fca88 feat: update Go to 1.16.6
• fd56852 chore: update open-isns and open-iscsi
• d779204 chore: update dosfstools to v4.2
• bc7c0d7 feat: add support for hotplug of PCIE devices

Changes from talos-systems/tools

5 commits

• 2368154 feat: update Go and protoc-gen-go tools
• 7172a5d feat: update Go to 1.16.6
• 1de34d7 chore: update musl
• 76979a1 chore: update protobuf deps
• 0846c64 chore: update expat

Dependency Changes

• github.com/BurntSushi/toml v0.3.1 -> v0.4.1
• github.com/aws/aws-sdk-go v1.38.66 -> v1.40.2
• github.com/containerd/containerd v1.5.2 -> v1.5.5
• github.com/cosi-project/runtime 93ead370bf57 -> 25f235cd0682
• github.com/docker/docker v20.10.7 -> v20.10.8
• github.com/google/uuid v1.2.0 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.4 -> v1.5.6
• github.com/opencontainers/runtime-spec e6143ca7d51d -> 1c3f411f0417
• github.com/packethost/packngo v0.19.0 new
• github.com/prometheus/procfs v0.6.0 -> v0.7.2
• github.com/rivo/tview d4fb0348227b -> 29d673af0ce2
• github.com/spf13/cobra v1.1.3 -> v1.2.1
• github.com/talos-systems/crypto v0.3.1 -> deec8d47700e
• github.com/talos-systems/extras v0.4.0 -> v0.5.0-alpha.0-2-g8ce17e5
• github.com/talos-systems/go-blockdevice v0.2.1 -> v0.2.3
• github.com/talos-systems/pkgs v0.6.0-1-g7b2e126 -> v0.7.0-alpha.0-16-gda4ac04
• github.com/talos-systems/tools v0.6.0 -> v0.7.0-alpha.0-3-g2368154
• github.com/vmware-tanzu/sonobuoy v0.52.0 -> v0.53.0
• go.uber.org/zap v1.17.0 -> v1.18.1
• golang.org/x/net 04defd469f4e -> 853a461950ff
• golang.org/x/sys 59db8d763f22 -> 0f9fa26af87c
• golang.org/x/time 38a9dc6acbc6 -> 1f47c861a9ac
• google.golang.org/grpc v1.38.0 -> v1.39.1
• google.golang.org/protobuf v1.26.0 -> v1.27.1
• inet.af/netaddr bf05d8b52dda -> ce7a8ad02cc1
• k8s.io/api v0.21.2 -> v0.22.0
• k8s.io/apimachinery v0.21.2 -> v0.22.0
• k8s.io/apiserver v0.21.2 -> v0.22.0
• k8s.io/client-go v0.21.2 -> v0.22.0
• k8s.io/cri-api v0.21.2 -> v0.22.0
• k8s.io/kubectl v0.21.2 -> v0.22.0
• k8s.io/kubelet v0.21.2 -> v0.22.0

Previous release can be found at v0.11.0

Talos 0.12.0-alpha.0 (2021-08-11)

Welcome to the v0.12.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Support for Self-hosted Control Plane Dropped

Note: This item only applies to clusters bootstrapped with Talos <= 0.8.

Talos 0.12 completely removes support for self-hosted Kubernetes control plane (bootkube-based). Talos 0.9 introduced support for Talos-managed control plane and provided migration path to convert self-hosted control plane to Talos-managed static pods. Automated and manual conversion process is available in Talos from 0.9.x to 0.11.x. For clusters bootstrapped with bootkube (Talos <= 0.8), please make sure control plane is converted to Talos-managed before before upgrading to Talos 0.12. Current control plane status can be checked with talosctl get bootstrapstatus before performing upgrade to Talos 0.12.

Cluster API v0.3.x

Cluster API v0.3.x (v1alpha3) is not compatible with Kubernetes 1.22 used by default in Talos 0.12. Talos can be configued to use Kubernetes 1.21 or CAPI v0.4.x components can be used instead.

Sysctl Configuration

Sysctl Kernel Params configuration was completely rewritten to be based on controllers and resources, which makes it possible to apply .machine.sysctls in immediate mode (without a reboot). talosctl get kernelparams returns merged list of KSPP, Kubernetes and user defined params along with the default values overwritten by Talos.

Join Node Type

Node type join was renamed to worker for clarity. The old value is still accepted in the machine configuration but deprecated. talosctl gen config now generates worker.yaml instead of join.yaml.

Networking

• multiple static addresses can be specified for the interface with new .addresses field (old .cidr field is deprecated now)
• static addresses can be set on interfaces configured with DHCP

Performance

• machined uses less memory and CPU time
• more disk encryption options are exposed via the machine configuration
• disk partitions are now aligned properly with minimum I/O size
• Talos system processes are moved under proper cgroups, resource metrics are now available via the kubelet
• OOM score is set on the system processes making sure they are killed last under memory pressure

Security

• etcd PKI moved to /system/secrets
• kubelet bootstrap CSR auto-signing scoped to kubelet bootstrap tokens only

Component Updates

• Linux: 5.10.52
• Kubernetes: 1.22.0
• containerd: 1.5.5
• runc: 1.0.1
• GRUB: 2.06
• Talos is built with Go 1.16.6

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Serge Logvinov
• Andrey Smirnov
• Artem Chernyshev
• Spencer Smith
• Alexey Palazhchenko
• dependabot[bot]
• Rui Lopes
• Andrew Rynhard
• Caleb Woodbine

Changes

96 commits

• a15f0184 fix: move etcd PKI under /system/secrets
• eb02afe1 fix: match correctly routes on the address family
• cb948acc feat: allow multiple addresses per interface
• e030b2e8 chore: use k8s 1.21.3 in CAPI tests for now
• e08b4f8f feat: implement sysctl controllers
• fdf6b243 chore: revert "improve artifacts generation reproducibility"
• b68ed1eb fix: make route resources ID match closer routing table primary key
• 585f6337 fix: correctly handle nodoc for struct fields
• f2d394dc docs: add AMIs for v0.11.5
• d0970cbf feat: bootstrap token limit
• 5285a46d fix: maintenance mode reason message
• 009d15e8 chore: use etcd client TryLock function on upgrade
• 4dae9ea5 chore: use vtprotobuf compiled marshaling in Talos API
• 7ca5749a chore: bump dependencies via dependabot
• b2507b41 chore: improve artifacts generation reproducibility
• 1f7dad23 chore: update PKGS version (512 cpus, new ca-certficates)
• 1a2e78a2 fix: update go-blockdevice
• 6d6ed117 chore: use parallel xz with higher compression level
• 571f7db1 chore: workaround GitHub new release notes limit
• 09d70b7e feat: update Kubernetes to v1.22.0
• f25f10e7 feat: add an option to disable PSP
• 7c6e4cf2 feat: allow both DHCP and static addressing for the interface
• 3c566dbc fix: remove admission plugins enabled by default from the list
• 69ead373 fix: preserve PMBR bootable flag correctly
• dee63051 fix: align partitions with minimal I/O size
• 62890229 feat: update GRUB to 2.06
• b9d04928 feat: move system processes to cgroups
• 0b8681b4 fix: resolve several issues with Wireguard link specs
• f8f4bf3b docs: add disk encryptions examples
• 79b8fa64 feat: update containerd to 1.5.5
• 539f4209 chore: bump dependencies via dependabot
• 0c7ce1cd feat: remove remnants of bootkube support
• d4f9804f chore: fix typos
• 5f027615 feat: expose more encryption options to the machine config
• 585152a0 chore: bump dependencies
• fc66ec59 feat: set oom score for main processes
• df54584a fix: drop linux capabilities
• f65d0b73 docs: add 0.11.3 AMIs
• 7332d636 fix: bump pkgs for new kernel 5.10.52
• 70d2505b fix: do not require ToVersion to be set when detecting version
• 0953b199 chore: update extras to bring a new CNI bundle
• b6c47f86 fix: set the /etc/os-release HOME_URL parameter
• c780821d feat: update containerd to 1.5.3, runc to 1.0.1
• f8f1c83a feat: detect the lowest Kubernetes version in upgrade-k8s CLI command
• 55e17ccd chore: bump dependencies
• da6f786c fix: kuberentes => kubernetes typo
• 2e463348 fix: pass all logs through the options.Log method
• 4e9c5afb fix: make ethtool optional in link status controller
• bf61c2cc fix: write upgrade logs only to the LogOutput if it's defined
• 9c73257c feat: update Go to 1.16.6
• 23ef1d40 chore: add ability to redirect talos upgrade module logs to io.Writer
• 33e9d6c9 chore: bump github.com/aws/aws-sdk-go in /hack/cloud-image-uploader
• 604434c4 chore: bump github.com/prometheus/procfs from 0.6.0 to 0.7.0
• 2ea28f62 chore: bump node from 16.3.0-alpine to 16.4.2-alpine
• b358a189 fix: correctly pick route scope for link-local destination
• 6848d431 feat: can change clusterdns ip lists
• 72b76abf fix: workaround issues when IPv6 is fully or partially disabled
• 679b08f4 docs: update docs for 0.12
• 6fbec9e0 fix: cache etcd client used for healthchecks
• eea750de chore: rename "join" type to "worker"
• 951493ac docs: update what's new for Talos 0.11
• b47d1098 docs: promote 0.11 docs to be the latest
• d930a265 chore: implement DeepCopy for machine configuration
• fe4ed3c7 chore: ignore tags which don't look like semantic version
• b969e772 chore: update references to old protobuf package
• 2ba8ac9a docs: add documentation directory for 0.12
• 011e2885 fix: validate bond slaves addressing
• 10c28758 fix: ignore DeadlineExceeded error correctly on bootstrap
• 77fabace chore: ignore future pkg/machinery/vX.Y.Z tags
• 6b661114 fix: make COSI runtime history depth smaller
• 9bf899bd fix: make forfeit leadership connect to the right node
• 4708beae feat: implement talosctl config info command
• 6d13d2cf fix: close Kubernetes API client
• aaa36f3b fix: ignore 'not a leader' error on forfeit leadership
• 22a41936 fix: workaround 'Unauthorized' errors when accessing Kubernetes API
• 71c6f700 chore: bump go.mod dependencies
• 915cd8fe docs: add guide for RBAC
• f5721050 fix: controlplane keyusage
• 3d772661 fix: fill uuid argument correctly in the config download URL
• d8602025 chore: update containerd config version 2
• 5949ec4e docs: describe the new network configuration subsystem
• 444d72b4 feat: update pkgs version
• e883c12b fix: make output of upgrade-k8s command less scary
• 7f8e50de fix: restart the merge controllers on conflict
• 60d73609 fix: ignore deadline exceeded errors on bootstrap
• ee06dd69 fix: don't print git sha of the release twice in the dashboard
• 07fb61e5 fix: issue worker apid certs properly on renewal
• 84817f73 chore: bump Talos version in upgrade tests
• 2fa54107 chore: fix tests for disabled RBAC
• 78583ba9 fix: don't set bond delay options if miimon is not enabled
• bbf1c091 feat: add RBAC to talosctl version output
• 5f6ec3ef fix: handle cases when merged resource re-appears before being destroyed
• 1e9a0e74 fix: documentation typos
• f228af40 chore: bump go.mod dependencies
• 2060ceaa chore: add CAPI version to CI setup
• ad047a7d chore: small RBAC improvements

Changes from talos-systems/crypto

1 commit

• deec8d4 chore: implement DeepCopy methods for PEMEncoded* types

Changes from talos-systems/extras

2 commits

• 4957f3c chore: update pkgs to use CNI plugins v0.9.1
• 233716a feat: update Go to 1.16.6

Changes from talos-systems/go-blockdevice

4 commits

• fe24303 fix: perform correct PMBR partition calculations
• 2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
• 87816a8 feat: align partition to minimum I/O size
• c34b59f feat: expose more encryption options in the LUKS module

Changes from talos-systems/pkgs

14 commits

• 12856ce feat: increase number of CPUs supported by the kernel to 512
• cbfabac chore: update ca-certificates to 2021-07-05
• 0c011c0 feat: update GRUB to 2.06
• 5090d14 chore: update containerd to v1.5.5
• 6653902 feat: add kernel drivers for fusion and scsi-isci
• 9b4041f chore: update containerd to v1.5.4
• 7b6cc05 feat: update kernel to latest 5.10.52
• 65159fb chore: update runc and CNI plugins
• 514ba34 feat: disable aufs, devmapper, zfs
• 6bc118f chore: update runc and containerd
• b6fca88 feat: update Go to 1.16.6
• fd56852 chore: update open-isns and open-iscsi
• d779204 chore: update dosfstools to v4.2
• bc7c0d7 feat: add support for hotplug of PCIE devices

Changes from talos-systems/tools

4 commits

• 7172a5d feat: update Go to 1.16.6
• 1de34d7 chore: update musl
• 76979a1 chore: update protobuf deps
• 0846c64 chore: update expat

Dependency Changes

• github.com/BurntSushi/toml v0.3.1 -> v0.4.1
• github.com/aws/aws-sdk-go v1.38.66 -> v1.40.2
• github.com/containerd/containerd v1.5.2 -> v1.5.5
• github.com/cosi-project/runtime 93ead370bf57 -> 25f235cd0682
• github.com/docker/docker v20.10.7 -> v20.10.8
• github.com/google/uuid v1.2.0 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.4 -> v1.5.6
• github.com/opencontainers/runtime-spec e6143ca7d51d -> 1c3f411f0417
• github.com/prometheus/procfs v0.6.0 -> v0.7.2
• github.com/rivo/tview d4fb0348227b -> 29d673af0ce2
• github.com/spf13/cobra v1.1.3 -> v1.2.1
• github.com/talos-systems/crypto v0.3.1 -> deec8d47700e
• github.com/talos-systems/extras v0.4.0 -> v0.5.0-alpha.0-1-g4957f3c
• github.com/talos-systems/go-blockdevice v0.2.1 -> v0.2.3
• github.com/talos-systems/pkgs v0.6.0-1-g7b2e126 -> v0.7.0-alpha.0-13-g12856ce
• github.com/talos-systems/tools v0.6.0 -> v0.7.0-alpha.0-2-g7172a5d
• github.com/vmware-tanzu/sonobuoy v0.52.0 -> v0.53.0
• go.uber.org/zap v1.17.0 -> v1.18.1
• golang.org/x/net 04defd469f4e -> 853a461950ff
• golang.org/x/sys 59db8d763f22 -> 0f9fa26af87c
• golang.org/x/time 38a9dc6acbc6 -> 1f47c861a9ac
• google.golang.org/grpc v1.38.0 -> v1.39.1
• google.golang.org/protobuf v1.26.0 -> v1.27.1
• inet.af/netaddr bf05d8b52dda -> ce7a8ad02cc1
• k8s.io/api v0.21.2 -> v0.22.0
• k8s.io/apimachinery v0.21.2 -> v0.22.0
• k8s.io/apiserver v0.21.2 -> v0.22.0
• k8s.io/client-go v0.21.2 -> v0.22.0
• k8s.io/cri-api v0.21.2 -> v0.22.0
• k8s.io/kubectl v0.21.2 -> v0.22.0
• k8s.io/kubelet v0.21.2 -> v0.22.0

Previous release can be found at v0.11.0

Talos 0.11.0-alpha.2 (2021-06-23)

Welcome to the v0.11.0-alpha.2 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Default to Bootstrap workflow

The init.yaml is no longer an output of talosctl gen config. We now encourage using the bootstrap API, instead of init node types, as we intend on deprecating this machine type in the future. The init.yaml and controlplane.yaml machine configs are identical with the exception of the machine type. Users can use a modified controlplane.yaml with the machine type set to init if they would like to avoid using the bootstrap API.

Component Updates

• containerd was updated to 1.5.2
• Linux kernel was updated to 5.10.45
• Kubernetes was updated to 1.21.2
• etcd was updated to 3.4.16

CoreDNS

Added the flag cluster.coreDNS.disabled to coreDNS deployment during the cluster bootstrap.

Legacy BIOS Support

Added an option to the machine.install section of the machine config that can enable marking MBR partition bootable for the machines that have legacy BIOS which does not support GPT partitioning scheme.

Multi-arch Installer

Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture. This means that e.g. images for arm64 SBCs can be generated on amd64 host.

Networking Configuration

Talos networking configuration was completely rewritten to be based on controllers and resources. There are no changes to the machine configuration, but any update to .machine.network can now be applied in immediate mode (without a reboot). Talos should be setting up network configuration much faster on boot now, not blocking on DHCP for unconfigured interfaces and skipping the reset network step.

Talos API RBAC

Limited RBAC support in Talos API is now enabled by default for Talos 0.11. Default talosconfig has os:admin role embedded in the certificate so that all the APIs are available. Certificates with reduced set of roles can be created with talosctl config new command.

When upgrading from Talos 0.10, RBAC is not enabled by default. Before enabling RBAC, generate talosconfig with os:admin role first to make sure that administrator still has access to the cluster when RBAC is enabled.

List of available roles:

• os:admin role enables every Talos API
• os:reader role limits access to read-only APIs which do not return sensitive data
• os:etcd:backup role only allows talosctl etcd snapshot API call (for etcd backup automation)

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Serge Logvinov
• Jorik Jonker
• Spencer Smith
• Andrew Rynhard
• Andrew LeCody
• Kevin Hellemun
• Seán C McCord
• Boran Car
• Brandon Nason
• Gabor Nyiri
• Gabor Nyiri
• Joost Coelingh
• Lance R. Vick
• Lennard Klein
• Sébastien Bernard
• Sébastien Bernard

Changes

162 commits

• 0731be90 feat: add cloud images to releases
• b52b2066 feat: split etcd certificates to peer/client
• 33119d2b chore: add an option to launch cluster with bad RTC state
• d8c2bca1 feat: reimplement apid certificate generation on top of COSI
• 3c1b3219 chore: refactor CLI tests
• 0fd9ea2d feat: enable MACVTAP support
• 898673e8 chore: update e2e tests to use latest capi releases
• e26c5583 docs: add AMI IDs for Talos 0.10.4
• 72ef48f0 fix: assign source address to the DHCP default gateway routes
• 004885a3 feat: update Linux kernel to 5.10.45, etcd to 3.4.16
• 821f469a feat: skip overlay mount checks with docker
• b6e02311 feat: use COSI RD's sensitivity for RBAC
• 46751c1a feat: improve security of Kubernetes control plane components
• 0f659622 fix: build with custom kernel/rootfs
• 5b5089ab fix: mark kube-proxy as system critical priority
• 42c16f67 chore: bump dependencies
• 60f78419 chore: bump etcd client libraries to final 3.5.0 release
• 2b0de9ed feat: improve security of Kubernetes control plane components
• 48a5c460 docs: provide more storage details
• e13d905c release(v0.11.0-alpha.1): prepare release
• 70ac771e fix: use localhost API server endpoint for internal communication
• a941eb7d feat: improve security of Kubernetes control plane components
• 3aae94e5 feat: provide Kubernetes nodename as a COSI resource
• 06209bba chore: update RBAC rules, remove old APIs
• 9f24b519 chore: remove bootkube check from cluster health check
• 4ac9bea2 fix: stop etcd client logs from going to the server console
• f63ab9dd feat: implement talosctl config new command
• fa15a668 fix: don't enable RBAC feature in the config for Talos < 0.11
• 2dc27d99 fix: do not format state partition in the initialize sequence
• b609f33c fix: update networking stack after Equnix Metal testing
• 243a3b53 fix: separate healthy and unknown flags in the service resource
• 1a1378be fix: update retry package with a fix for errors.Is
• cb83edd7 fix: wait for the network to be ready in mainteancne mode
• 96f89071 feat: update controller-runtime logs to console level on config.debug
• 973069b6 feat: support NFS 4.1
• 654dcad4 chore: bump dependencies via dependabot
• d7394457 fix: don't treat ethtool errors as fatal
• f2ae9cd0 feat: replace networkd with new network implementation
• caec3063 fix: do not complain about empty roles
• 11918a11 docs: update community meeting time
• aeddb9c0 feat: implement platform config controller (hostnames)
• 1ece334d feat: implement controller which runs network operators
• 744ea8a5 fix: do not add bootstrap contents option if tail events is not 0
• 5029edfb fix: overwrite nodes in the gRPC metadata
• 6a35c8f1 feat: implement virtual IP (shared IP) network operator
• 0f3b8380 chore: expose WatchRequest in the resources client
• 11e258b1 feat: implement operator configuration controller
• ce3815e7 feat: implement DHCP6 operator
• f010d99a feat: implement operator framework with DHCP4 as the first example
• f93c9c8f feat: bring unconfigured links with link carrier up by default
• 02bd657b feat: implement network.Status resource and controller
• da329f00 feat: enable RBAC by default
• 0f168a88 feat: add configuration for enabling RBAC
• e74f789b feat: implement EtcFileController to render files in /etc
• 5aede1a8 fix: prefer extraConfig over OVF env, skip empty config
• 5ad314fe feat: implement basic RBAC interceptors
• c031be81 chore: use Go 1.16.5
• 8b0763f6 chore: bump dependencies via dependabot
• 8b8de11d feat: implement new controllers for hostname, resolvers and time servers
• 24859b14 docs: update Rpi4 firmware guide
• 62c702c4 fix: remove conflicting etcd member on rejoin with empty data directory
• ff62a599 fix: drop into maintenance mode if config URL is none (metal)
• 14e696d0 feat: update COSI runtime and add support for tail in the Talos gRPC
• a71053fc feat: default to bootstrap workflow
• 76aac4bb feat: implement CPU and Memory stats controller
• 8f90c6a8 feat: parse Talos-specific cmdline params
• ed10e139 feat: implement NodeAddress controller
• 33db8857 fix: use COSI runtime DestroyReady input type
• 6e775363 refactor: rename *.Status() to *.TypedSpec() in the resources
• 97627061 docs: set static IP on ISO install mode
• 5811f4dd feat: implement link (interface) controllers
• 046b229b chore: skip building multi-arch installer for race-enabled build
• 73fbb4b5 fix: only fetch machine uuid if it's not set
• f112a540 fix: clean up stale snapshots on container start
• c036b949 chore: bump dependencies
• a4d67a01 feat: add the ability to disable CoreDNS
• 76dbfb36 feat: add ability to mark MBR partition bootable
• e0f5b1e2 chore: split mgmt/gen.go into several files
• fad1b4f1 chore: fix go generate for the machinery
• 1117294a release(v0.11.0-alpha.0): prepare release
• c0962946 chore: prepare for 0.11 release series
• 72359765 feat: enable GORACE=halt_on_panic=1 in machined binary
• 0acb04ad feat: implement route network controllers
• f5bf88a4 feat: create certificates with os:admin role
• 1db301ed feat: switch controller-runtime to zap.Logger
• f7cf64d4 fix: add talos.config to the vApp Properties in VMware OVA
• 209527ec docs: add AMIs for Talos 0.10.3
• 59cfd312 chore: bump dependencies via dependabot
• 1edb20cf feat: extract config generation
• af77c295 docs: update wirguard guide
• 4fe69121 test: better talosctl ls tests
• 04ddda96 feat: update containerd to 1.5.2, runc to 1.0.0-rc95
• 49c7276b chore: fix markdown linting
• 7270495a docs: add mayastor quickstart
• d3d9112f docs: fix spelling/grammar in What's New for Talos 0.9
• 82804414 test: provide a way to force different boot order in provision library
• a1c0e99a docs: add guide for deploying metrics-server
• 6bc6658b feat: update containerd to 1.5.1
• c6567fae chore: dependabot updates
• 61ccbb3f chore: keep debug symbols in debug builds
• 1ce362e0 docs: update customizing kernel build steps
• a26174b5 fix: properly compose pattern and header in etcd members output
• 0825cf11 fix: stop networkd and pods before leaving etcd on upgrade
• bed6b15d fix: properly populate AllowSchedulingOnMasters option in gen config RPC
• 071f0445 feat: implement AddressSpec handling
• 76e38b7b feat: update Kubernetes to 1.21.1
• 9b1338d9 chore: parse "boolean" variables
• c81cfb21 chore: allow building with debug handlers
• c9651673 feat: update go-smbios library
• 95c656fb feat: update containerd to 1.5.0, runc to 1.0.0-rc94
• db9c35b5 feat: implement AddressStatusController
• 1cf011a8 chore: bump dependencies via dependabot
• e3f407a1 fix: properly pass disk type selector from config to matcher
• 66b2b450 feat: add resources and use HTTPS checks in control plane pods
• 4ffd7c0a fix: stop networkd before leaving etcd on 'reset' path
• 610d38d3 docs: add AMIs for 0.10.1, collapse list of AMIs by default
• 807497ec chore: make conformance pipeline depend on cron-default
• 3c121359 feat: implement LinkStatusController
• 0e8de046 fix: update go-blockdevice to fix disk type detection
• 4d50a4ed fix: update the way NTP sync uses adjtimex syscall
• 1a85c14a fix: avoid data race on CRI pod stop
• 5de8dbc0 fix: repair pine64 support
• 38239097 fix: properly parse matcher expressions
• e54b6b7a chore: update dependencies via dependabot
• f2caed0d chore: use extracted talos-systems/go-kmsg library
• 79d804c5 docs: fix typos
• a2bb390e feat: deterministic builds
• e480fedf feat: add USB serial drivers
• 79299d76 docs: add Matrix room links
• 1b3e8b09 docs: add survey to README
• 8d51c9bb docs: update redirects to Talos 0.10
• 1092c3a5 feat: add Pine64 SBC support
• 63e01754 feat: pull kernel with VMware balloon module enabled
• aeec99d8 chore: remove temporary fork
• 0f49722d feat: add --config-patch flag by node type
• a01b1d22 chore: dump dependencies via dependabot
• d540a4a4 fix: bump crypto library for the CSR verification fix
• c3a4173e chore: remove security API ReadFile/WriteFile
• 38037131 chore: update wgctrl dependecy
• d9ba0fd0 docs: create v0.11 docs, promote v0.10 docs, add v0.10 AMIs
• 2261d7ed fix: use both self-signed and Kubernetes CA to verify Kubelet cert
• a3537a69 docs: update cloud images for Talos v0.9.3
• 5b9ee861 docs: add what's new for Talos 0.10
• f1107fa3 docs: add survey
• 93623d47 docs: update AWS instructions
• a739d1b8 feat: add support of custom registry CA certificate usage
• 7f468d35 fix: update osType in OVA other3xLinux64Guest"
• 4a184b67 docs: add etcd backup and restore guide
• 5fb38d3e chore: refactor Dockerfile for cross-compilation
• a8f1e526 chore: build talosctl for Darwin / Apple Silicon
• eb0b64d3 chore: list specifically for enabled regions
• 669a0cbd fix: check if OVF env is empty
• da92049c chore: use codecov from the build container
• 9996d4b0 chore: use REGISTRY_MIRROR_FLAGS if defined
• 05cbe250 chore: bump dependencies via dependabot
• 9a91142a feat: print complete member info in etcd members
• bb40d6dd feat: update pkgs version
• e7a9164b test: implement talosctl conformance command to run e2e tests
• 6cb266e7 fix: update etcd client errors, print etcd join failures
• 0bd8b0e8 feat: provide an option to recover etcd from data directory copy
• f9818540 chore: fix conform with scopes
• 21018f28 chore: bump website node.js dependencies

Changes since v0.11.0-alpha.1

19 commits

• 0731be90 feat: add cloud images to releases
• b52b2066 feat: split etcd certificates to peer/client
• 33119d2b chore: add an option to launch cluster with bad RTC state
• d8c2bca1 feat: reimplement apid certificate generation on top of COSI
• 3c1b3219 chore: refactor CLI tests
• 0fd9ea2d feat: enable MACVTAP support
• 898673e8 chore: update e2e tests to use latest capi releases
• e26c5583 docs: add AMI IDs for Talos 0.10.4
• 72ef48f0 fix: assign source address to the DHCP default gateway routes
• 004885a3 feat: update Linux kernel to 5.10.45, etcd to 3.4.16
• 821f469a feat: skip overlay mount checks with docker
• b6e02311 feat: use COSI RD's sensitivity for RBAC
• 46751c1a feat: improve security of Kubernetes control plane components
• 0f659622 fix: build with custom kernel/rootfs
• 5b5089ab fix: mark kube-proxy as system critical priority
• 42c16f67 chore: bump dependencies
• 60f78419 chore: bump etcd client libraries to final 3.5.0 release
• 2b0de9ed feat: improve security of Kubernetes control plane components
• 48a5c460 docs: provide more storage details

Changes from talos-systems/crypto

8 commits

• d3cb772 feat: make possible to change KeyUsage
• 6bc5bb5 chore: remove unused argument
• cd18ef6 feat: add support for several organizations
• 97c888b chore: add options to CSR
• 7776057 chore: fix typos
• 80df078 chore: remove named result parameters
• 15bdd28 chore: minor updates
• 4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/extras

1 commit

• 4fe2706 feat: build with Go 1.16.5

Changes from talos-systems/go-blockdevice

3 commits

• 30c2bc3 feat: mark MBR bootable
• 1292574 fix: make disk type matcher parser case insensitive
• b77400e fix: properly detect nvme and sd card disk types

Changes from talos-systems/go-debug

5 commits

• 3d0a6e1 feat: race build tag flag detector
• 5b292e5 feat: disable memory profiling by default
• c6d0ae2 fix: linters and CI
• d969f95 feat: initial implementation
• b2044b7 Initial commit

Changes from talos-systems/go-kmsg

2 commits

• 2edcd3a feat: add initial version
• 53cdd8d chore: initial commit

Changes from talos-systems/go-loadbalancer

3 commits

• a445702 feat: allow dial timeout and keep alive period to be configurable
• 3c8f347 feat: provide a way to configure logger for the loadbalancer
• da8e987 feat: implement Reconcile - ability to change upstream list on the fly

Changes from talos-systems/go-retry

3 commits

• c78cc95 fix: implement errors.Is for all errors in the set
• 7885e16 feat: add ExpectedErrorf
• 3d83f61 feat: deprecate UnexpectedError

Changes from talos-systems/go-smbios

1 commit

• d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

22 commits

• 41d6ccc feat: enable MACVTAP support
• 96072f8 feat: enable adiantum block encryption (both amd64 arm64)
• f5eac03 feat: update Linux to 5.10.45
• d756119 feat: enable HP ILO kernel module (both amd64 arm64)
• 2d51360 feat: support NFS 4.1
• e63e4e9 feat: bump tools for Go 1.16.5
• 1f8af29 feat: update Linux to 5.10.38
• a3a6650 feat: update containerd to 1.5.2
• c70ea44 feat: update runc to 1.0.0-rc95
• db60235 feat: add support for netxen card
• f934187 feat: update containerd to 1.5.1
• e8ed5bc feat: add geneve encapsulation support for openvswitch
• 9f7903c feat: update containerd to 1.5.0, runc to -rc94
• d7c0f70 feat: add AES-NI support for amd64
• b0d9cd2 fix: build zbin utility for both amd64 and arm64
• bb39b97 feat: add IPMI support in kernel
• 1148f9a feat: add DS1307 RTC support for arm64
• 350aa6f feat: add USB serial support
• de9c582 feat: add Pine64 SBC support
• b56f36b feat: enable VMware baloon kernel module
• f87c194 feat: add iPXE build with embedded placeholder script
• a8b9e71 feat: add cpu scaling for rpi

Changes from talos-systems/tools

1 commit

• c8c2a18 feat: update Go to 1.16.5

Dependency Changes

• github.com/aws/aws-sdk-go v1.27.0 new
• github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
• github.com/containerd/containerd v1.4.4 -> v1.5.2
• github.com/containerd/go-cni v1.0.1 -> v1.0.2
• github.com/containerd/typeurl v1.0.1 -> v1.0.2
• github.com/coreos/go-iptables v0.5.0 -> v0.6.0
• github.com/cosi-project/runtime 10d6103c19ab -> f1649aff7641
• github.com/docker/docker v20.10.4 -> v20.10.7
• github.com/emicklei/dot v0.15.0 -> v0.16.0
• github.com/evanphx/json-patch v4.9.0 -> v4.11.0
• github.com/fatih/color v1.10.0 -> v1.12.0
• github.com/google/go-cmp v0.5.5 -> v0.5.6
• github.com/google/gofuzz v1.2.0 new
• github.com/googleapis/gnostic v0.5.5 new
• github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.2 -> v1.5.4
• github.com/imdario/mergo v0.3.12 new
• github.com/insomniacslk/dhcp cc9239ac6294 -> 465dd6c35f6c
• github.com/jsimonetti/rtnetlink 1b79e63a70a0 -> 9c52e516c709
• github.com/magiconair/properties v1.8.5 new
• github.com/mattn/go-isatty v0.0.12 -> v0.0.13
• github.com/mdlayher/arp f72070a231fc new
• github.com/mdlayher/ethtool 2b88debcdd43 new
• github.com/mdlayher/netlink v1.4.0 -> v1.4.1
• github.com/mdlayher/raw 51b895745faf new
• github.com/mitchellh/mapstructure v1.4.1 new
• github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> e6143ca7d51d
• github.com/pelletier/go-toml v1.9.0 new
• github.com/rivo/tview 8a8f78a6dd01 -> d4fb0348227b
• github.com/rs/xid v1.2.1 -> v1.3.0
• github.com/sirupsen/logrus v1.8.1 new
• github.com/spf13/afero v1.6.0 new
• github.com/spf13/cast v1.3.1 new
• github.com/spf13/viper v1.7.1 new
• github.com/talos-systems/crypto 39584f1b6e54 -> d3cb77220384
• github.com/talos-systems/extras v0.3.0 -> v0.3.0-1-g4fe2706
• github.com/talos-systems/go-blockdevice 1d830a25f64f -> v0.2.1
• github.com/talos-systems/go-debug 3d0a6e1bf5e3 new
• github.com/talos-systems/go-kmsg v0.1.0 new
• github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
• github.com/talos-systems/go-retry b9dc1a990133 -> c78cc953d9e9
• github.com/talos-systems/go-smbios fb425d4727e6 -> d3a32bea731a
• github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-alpha.0-12-g41d6ccc
• github.com/talos-systems/talos/pkg/machinery 8ffb55943c71 -> 000000000000
• github.com/talos-systems/tools v0.5.0 -> v0.5.0-1-gc8c2a18
• github.com/vishvananda/netns 2eb08e3e575f new
• github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.51.0
• github.com/vmware/govmomi v0.24.0 -> v0.26.0
• go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0
• go.etcd.io/etcd/client/pkg/v3 v3.5.0 new
• go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0
• go.etcd.io/etcd/etcdutl/v3 v3.5.0 new
• go.uber.org/zap v1.17.0 new
• golang.org/x/net e18ecbb05110 -> 04defd469f4e
• golang.org/x/oauth2 81ed05c6b58c new
• golang.org/x/sys 77cc2087c03b -> 59db8d763f22
• golang.org/x/term 6a3ed077a48d -> 6886f2dfbf5b
• golang.org/x/time f8bda1e9f3ba -> 38a9dc6acbc6
• golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> 92e472f520a5
• google.golang.org/appengine v1.6.7 new
• google.golang.org/grpc v1.37.0 -> v1.38.0
• gopkg.in/ini.v1 v1.62.0 new
• inet.af/netaddr 1d252cf8125e new
• k8s.io/api v0.21.0 -> v0.21.2
• k8s.io/apimachinery v0.21.0 -> v0.21.2
• k8s.io/apiserver v0.21.0 -> v0.21.2
• k8s.io/client-go v0.21.0 -> v0.21.2
• k8s.io/cri-api v0.21.0 -> v0.21.2
• k8s.io/kubectl v0.21.0 -> v0.21.2
• k8s.io/kubelet v0.21.0 -> v0.21.2
• k8s.io/utils 2afb4311ab10 new
• sigs.k8s.io/structured-merge-diff/v4 v4.1.1 new

Previous release can be found at v0.10.0

Talos 0.11.0-alpha.1 (2021-06-18)

Welcome to the v0.11.0-alpha.1 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Default to Bootstrap workflow

The init.yaml is no longer an output of talosctl gen config. We now encourage using the bootstrap API, instead of init node types, as we intend on deprecating this machine type in the future. The init.yaml and controlplane.yaml machine configs are identical with the exception of the machine type. Users can use a modified controlplane.yaml with the machine type set to init if they would like to avoid using the bootstrap API.

Component Updates

• containerd was updated to 1.5.2
• Linux kernel was updated to 5.10.38

CoreDNS

Added the flag cluster.coreDNS.disabled to coreDNS deployment during the cluster bootstrap.

Legacy BIOS Support

Added an option to the machine.install section of the machine config that can enable marking MBR partition bootable for the machines that have legacy BIOS which does not support GPT partitioning scheme.

Multi-arch Installer

Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture. This means that e.g. images for arm64 SBCs can be generated on amd64 host.

Networking Configuration

Talos networking configuration was completely rewritten to be based on controllers and resources. There are no changes to the machine configuration, but any update to .machine.network can now be applied in immediate mode (without a reboot). Talos should be setting up network configuration much faster on boot now, not blocking on DHCP for unconfigured interfaces and skipping the reset network step.

Talos API RBAC

Limited RBAC support in Talos API is now enabled by default for Talos 0.11. Default talosconfig has os:admin role embedded in the certificate so that all the APIs are available. Certificates with reduced set of roles can be created with talosctl config new command.

When upgrading from Talos 0.10, RBAC is not enabled by default. Before enabling RBAC, generate talosconfig with os:admin role first to make sure that administrator still have access to the cluster when RBAC is enabled.

List of available roles:

• os:admin role enables every Talos API
• os:reader role limits access to read-only APIs which do not return sensitive informtation
• os:etcd:backup role only allows talosctl etcd snapshot API call (for etcd backup automation)

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Jorik Jonker
• Spencer Smith
• Andrew Rynhard
• Serge Logvinov
• Andrew LeCody
• Kevin Hellemun
• Boran Car
• Brandon Nason
• Gabor Nyiri
• Joost Coelingh
• Lance R. Vick
• Lennard Klein
• Seán C McCord
• Sébastien Bernard
• Sébastien Bernard

Changes

143 commits

• f8e1cf09 release(v0.11.0-alpha.1): prepare release
• 70ac771e fix: use localhost API server endpoint for internal communication
• a941eb7d feat: improve security of Kubernetes control plane components
• 3aae94e5 feat: provide Kubernetes nodename as a COSI resource
• 06209bba chore: update RBAC rules, remove old APIs
• 9f24b519 chore: remove bootkube check from cluster health check
• 4ac9bea2 fix: stop etcd client logs from going to the server console
• f63ab9dd feat: implement talosctl config new command
• fa15a668 fix: don't enable RBAC feature in the config for Talos < 0.11
• 2dc27d99 fix: do not format state partition in the initialize sequence
• b609f33c fix: update networking stack after Equnix Metal testing
• 243a3b53 fix: separate healthy and unknown flags in the service resource
• 1a1378be fix: update retry package with a fix for errors.Is
• cb83edd7 fix: wait for the network to be ready in mainteancne mode
• 96f89071 feat: update controller-runtime logs to console level on config.debug
• 973069b6 feat: support NFS 4.1
• 654dcad4 chore: bump dependencies via dependabot
• d7394457 fix: don't treat ethtool errors as fatal
• f2ae9cd0 feat: replace networkd with new network implementation
• caec3063 fix: do not complain about empty roles
• 11918a11 docs: update community meeting time
• aeddb9c0 feat: implement platform config controller (hostnames)
• 1ece334d feat: implement controller which runs network operators
• 744ea8a5 fix: do not add bootstrap contents option if tail events is not 0
• 5029edfb fix: overwrite nodes in the gRPC metadata
• 6a35c8f1 feat: implement virtual IP (shared IP) network operator
• 0f3b8380 chore: expose WatchRequest in the resources client
• 11e258b1 feat: implement operator configuration controller
• ce3815e7 feat: implement DHCP6 operator
• f010d99a feat: implement operator framework with DHCP4 as the first example
• f93c9c8f feat: bring unconfigured links with link carrier up by default
• 02bd657b feat: implement network.Status resource and controller
• da329f00 feat: enable RBAC by default
• 0f168a88 feat: add configuration for enabling RBAC
• e74f789b feat: implement EtcFileController to render files in /etc
• 5aede1a8 fix: prefer extraConfig over OVF env, skip empty config
• 5ad314fe feat: implement basic RBAC interceptors
• c031be81 chore: use Go 1.16.5
• 8b0763f6 chore: bump dependencies via dependabot
• 8b8de11d feat: implement new controllers for hostname, resolvers and time servers
• 24859b14 docs: update Rpi4 firmware guide
• 62c702c4 fix: remove conflicting etcd member on rejoin with empty data directory
• ff62a599 fix: drop into maintenance mode if config URL is none (metal)
• 14e696d0 feat: update COSI runtime and add support for tail in the Talos gRPC
• a71053fc feat: default to bootstrap workflow
• 76aac4bb feat: implement CPU and Memory stats controller
• 8f90c6a8 feat: parse Talos-specific cmdline params
• ed10e139 feat: implement NodeAddress controller
• 33db8857 fix: use COSI runtime DestroyReady input type
• 6e775363 refactor: rename *.Status() to *.TypedSpec() in the resources
• 97627061 docs: set static IP on ISO install mode
• 5811f4dd feat: implement link (interface) controllers
• 046b229b chore: skip building multi-arch installer for race-enabled build
• 73fbb4b5 fix: only fetch machine uuid if it's not set
• f112a540 fix: clean up stale snapshots on container start
• c036b949 chore: bump dependencies
• a4d67a01 feat: add the ability to disable CoreDNS
• 76dbfb36 feat: add ability to mark MBR partition bootable
• e0f5b1e2 chore: split mgmt/gen.go into several files
• fad1b4f1 chore: fix go generate for the machinery
• 1117294a release(v0.11.0-alpha.0): prepare release
• c0962946 chore: prepare for 0.11 release series
• 72359765 feat: enable GORACE=halt_on_panic=1 in machined binary
• 0acb04ad feat: implement route network controllers
• f5bf88a4 feat: create certificates with os:admin role
• 1db301ed feat: switch controller-runtime to zap.Logger
• f7cf64d4 fix: add talos.config to the vApp Properties in VMware OVA
• 209527ec docs: add AMIs for Talos 0.10.3
• 59cfd312 chore: bump dependencies via dependabot
• 1edb20cf feat: extract config generation
• af77c295 docs: update wirguard guide
• 4fe69121 test: better talosctl ls tests
• 04ddda96 feat: update containerd to 1.5.2, runc to 1.0.0-rc95
• 49c7276b chore: fix markdown linting
• 7270495a docs: add mayastor quickstart
• d3d9112f docs: fix spelling/grammar in What's New for Talos 0.9
• 82804414 test: provide a way to force different boot order in provision library
• a1c0e99a docs: add guide for deploying metrics-server
• 6bc6658b feat: update containerd to 1.5.1
• c6567fae chore: dependabot updates
• 61ccbb3f chore: keep debug symbols in debug builds
• 1ce362e0 docs: update customizing kernel build steps
• a26174b5 fix: properly compose pattern and header in etcd members output
• 0825cf11 fix: stop networkd and pods before leaving etcd on upgrade
• bed6b15d fix: properly populate AllowSchedulingOnMasters option in gen config RPC
• 071f0445 feat: implement AddressSpec handling
• 76e38b7b feat: update Kubernetes to 1.21.1
• 9b1338d9 chore: parse "boolean" variables
• c81cfb21 chore: allow building with debug handlers
• c9651673 feat: update go-smbios library
• 95c656fb feat: update containerd to 1.5.0, runc to 1.0.0-rc94
• db9c35b5 feat: implement AddressStatusController
• 1cf011a8 chore: bump dependencies via dependabot
• e3f407a1 fix: properly pass disk type selector from config to matcher
• 66b2b450 feat: add resources and use HTTPS checks in control plane pods
• 4ffd7c0a fix: stop networkd before leaving etcd on 'reset' path
• 610d38d3 docs: add AMIs for 0.10.1, collapse list of AMIs by default
• 807497ec chore: make conformance pipeline depend on cron-default
• 3c121359 feat: implement LinkStatusController
• 0e8de046 fix: update go-blockdevice to fix disk type detection
• 4d50a4ed fix: update the way NTP sync uses adjtimex syscall
• 1a85c14a fix: avoid data race on CRI pod stop
• 5de8dbc0 fix: repair pine64 support
• 38239097 fix: properly parse matcher expressions
• e54b6b7a chore: update dependencies via dependabot
• f2caed0d chore: use extracted talos-systems/go-kmsg library
• 79d804c5 docs: fix typos
• a2bb390e feat: deterministic builds
• e480fedf feat: add USB serial drivers
• 79299d76 docs: add Matrix room links
• 1b3e8b09 docs: add survey to README
• 8d51c9bb docs: update redirects to Talos 0.10
• 1092c3a5 feat: add Pine64 SBC support
• 63e01754 feat: pull kernel with VMware balloon module enabled
• aeec99d8 chore: remove temporary fork
• 0f49722d feat: add --config-patch flag by node type
• a01b1d22 chore: dump dependencies via dependabot
• d540a4a4 fix: bump crypto library for the CSR verification fix
• c3a4173e chore: remove security API ReadFile/WriteFile
• 38037131 chore: update wgctrl dependecy
• d9ba0fd0 docs: create v0.11 docs, promote v0.10 docs, add v0.10 AMIs
• 2261d7ed fix: use both self-signed and Kubernetes CA to verify Kubelet cert
• a3537a69 docs: update cloud images for Talos v0.9.3
• 5b9ee861 docs: add what's new for Talos 0.10
• f1107fa3 docs: add survey
• 93623d47 docs: update AWS instructions
• a739d1b8 feat: add support of custom registry CA certificate usage
• 7f468d35 fix: update osType in OVA other3xLinux64Guest"
• 4a184b67 docs: add etcd backup and restore guide
• 5fb38d3e chore: refactor Dockerfile for cross-compilation
• a8f1e526 chore: build talosctl for Darwin / Apple Silicon
• eb0b64d3 chore: list specifically for enabled regions
• 669a0cbd fix: check if OVF env is empty
• da92049c chore: use codecov from the build container
• 9996d4b0 chore: use REGISTRY_MIRROR_FLAGS if defined
• 05cbe250 chore: bump dependencies via dependabot
• 9a91142a feat: print complete member info in etcd members
• bb40d6dd feat: update pkgs version
• e7a9164b test: implement talosctl conformance command to run e2e tests
• 6cb266e7 fix: update etcd client errors, print etcd join failures
• 0bd8b0e8 feat: provide an option to recover etcd from data directory copy
• f9818540 chore: fix conform with scopes
• 21018f28 chore: bump website node.js dependencies

Changes since v0.11.0-alpha.0

60 commits

• f8e1cf09 release(v0.11.0-alpha.1): prepare release
• 70ac771e fix: use localhost API server endpoint for internal communication
• a941eb7d feat: improve security of Kubernetes control plane components
• 3aae94e5 feat: provide Kubernetes nodename as a COSI resource
• 06209bba chore: update RBAC rules, remove old APIs
• 9f24b519 chore: remove bootkube check from cluster health check
• 4ac9bea2 fix: stop etcd client logs from going to the server console
• f63ab9dd feat: implement talosctl config new command
• fa15a668 fix: don't enable RBAC feature in the config for Talos < 0.11
• 2dc27d99 fix: do not format state partition in the initialize sequence
• b609f33c fix: update networking stack after Equnix Metal testing
• 243a3b53 fix: separate healthy and unknown flags in the service resource
• 1a1378be fix: update retry package with a fix for errors.Is
• cb83edd7 fix: wait for the network to be ready in mainteancne mode
• 96f89071 feat: update controller-runtime logs to console level on config.debug
• 973069b6 feat: support NFS 4.1
• 654dcad4 chore: bump dependencies via dependabot
• d7394457 fix: don't treat ethtool errors as fatal
• f2ae9cd0 feat: replace networkd with new network implementation
• caec3063 fix: do not complain about empty roles
• 11918a11 docs: update community meeting time
• aeddb9c0 feat: implement platform config controller (hostnames)
• 1ece334d feat: implement controller which runs network operators
• 744ea8a5 fix: do not add bootstrap contents option if tail events is not 0
• 5029edfb fix: overwrite nodes in the gRPC metadata
• 6a35c8f1 feat: implement virtual IP (shared IP) network operator
• 0f3b8380 chore: expose WatchRequest in the resources client
• 11e258b1 feat: implement operator configuration controller
• ce3815e7 feat: implement DHCP6 operator
• f010d99a feat: implement operator framework with DHCP4 as the first example
• f93c9c8f feat: bring unconfigured links with link carrier up by default
• 02bd657b feat: implement network.Status resource and controller
• da329f00 feat: enable RBAC by default
• 0f168a88 feat: add configuration for enabling RBAC
• e74f789b feat: implement EtcFileController to render files in /etc
• 5aede1a8 fix: prefer extraConfig over OVF env, skip empty config
• 5ad314fe feat: implement basic RBAC interceptors
• c031be81 chore: use Go 1.16.5
• 8b0763f6 chore: bump dependencies via dependabot
• 8b8de11d feat: implement new controllers for hostname, resolvers and time servers
• 24859b14 docs: update Rpi4 firmware guide
• 62c702c4 fix: remove conflicting etcd member on rejoin with empty data directory
• ff62a599 fix: drop into maintenance mode if config URL is none (metal)
• 14e696d0 feat: update COSI runtime and add support for tail in the Talos gRPC
• a71053fc feat: default to bootstrap workflow
• 76aac4bb feat: implement CPU and Memory stats controller
• 8f90c6a8 feat: parse Talos-specific cmdline params
• ed10e139 feat: implement NodeAddress controller
• 33db8857 fix: use COSI runtime DestroyReady input type
• 6e775363 refactor: rename *.Status() to *.TypedSpec() in the resources
• 97627061 docs: set static IP on ISO install mode
• 5811f4dd feat: implement link (interface) controllers
• 046b229b chore: skip building multi-arch installer for race-enabled build
• 73fbb4b5 fix: only fetch machine uuid if it's not set
• f112a540 fix: clean up stale snapshots on container start
• c036b949 chore: bump dependencies
• a4d67a01 feat: add the ability to disable CoreDNS
• 76dbfb36 feat: add ability to mark MBR partition bootable
• e0f5b1e2 chore: split mgmt/gen.go into several files
• fad1b4f1 chore: fix go generate for the machinery

Changes from talos-systems/crypto

7 commits

• 6bc5bb5 chore: remove unused argument
• cd18ef6 feat: add support for several organizations
• 97c888b chore: add options to CSR
• 7776057 chore: fix typos
• 80df078 chore: remove named result parameters
• 15bdd28 chore: minor updates
• 4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/extras

1 commit

• 4fe2706 feat: build with Go 1.16.5

Changes from talos-systems/go-blockdevice

3 commits

• 30c2bc3 feat: mark MBR bootable
• 1292574 fix: make disk type matcher parser case insensitive
• b77400e fix: properly detect nvme and sd card disk types

Changes from talos-systems/go-debug

5 commits

• 3d0a6e1 feat: race build tag flag detector
• 5b292e5 feat: disable memory profiling by default
• c6d0ae2 fix: linters and CI
• d969f95 feat: initial implementation
• b2044b7 Initial commit

Changes from talos-systems/go-kmsg

2 commits

• 2edcd3a feat: add initial version
• 53cdd8d chore: initial commit

Changes from talos-systems/go-loadbalancer

3 commits

• a445702 feat: allow dial timeout and keep alive period to be configurable
• 3c8f347 feat: provide a way to configure logger for the loadbalancer
• da8e987 feat: implement Reconcile - ability to change upstream list on the fly

Changes from talos-systems/go-retry

3 commits

• c78cc95 fix: implement errors.Is for all errors in the set
• 7885e16 feat: add ExpectedErrorf
• 3d83f61 feat: deprecate UnexpectedError

Changes from talos-systems/go-smbios

1 commit

• d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

18 commits

• 2d51360 feat: support NFS 4.1
• e63e4e9 feat: bump tools for Go 1.16.5
• 1f8af29 feat: update Linux to 5.10.38
• a3a6650 feat: update containerd to 1.5.2
• c70ea44 feat: update runc to 1.0.0-rc95
• db60235 feat: add support for netxen card
• f934187 feat: update containerd to 1.5.1
• e8ed5bc feat: add geneve encapsulation support for openvswitch
• 9f7903c feat: update containerd to 1.5.0, runc to -rc94
• d7c0f70 feat: add AES-NI support for amd64
• b0d9cd2 fix: build zbin utility for both amd64 and arm64
• bb39b97 feat: add IPMI support in kernel
• 1148f9a feat: add DS1307 RTC support for arm64
• 350aa6f feat: add USB serial support
• de9c582 feat: add Pine64 SBC support
• b56f36b feat: enable VMware baloon kernel module
• f87c194 feat: add iPXE build with embedded placeholder script
• a8b9e71 feat: add cpu scaling for rpi

Changes from talos-systems/tools

1 commit

• c8c2a18 feat: update Go to 1.16.5

Dependency Changes

• github.com/aws/aws-sdk-go v1.27.0 new
• github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
• github.com/containerd/containerd v1.4.4 -> v1.5.2
• github.com/containerd/go-cni v1.0.1 -> v1.0.2
• github.com/containerd/typeurl v1.0.1 -> v1.0.2
• github.com/coreos/go-iptables v0.5.0 -> v0.6.0
• github.com/cosi-project/runtime 10d6103c19ab -> ca95c7538d17
• github.com/docker/docker v20.10.4 -> v20.10.7
• github.com/emicklei/dot v0.15.0 -> v0.16.0
• github.com/fatih/color v1.10.0 -> v1.12.0
• github.com/google/go-cmp v0.5.5 -> v0.5.6
• github.com/google/gofuzz v1.2.0 new
• github.com/googleapis/gnostic v0.5.5 new
• github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.2 -> v1.5.3
• github.com/imdario/mergo v0.3.12 new
• github.com/insomniacslk/dhcp cc9239ac6294 -> fb4eaaa00ad2
• github.com/jsimonetti/rtnetlink 1b79e63a70a0 -> b34cb89a106b
• github.com/magiconair/properties v1.8.5 new
• github.com/mattn/go-isatty v0.0.12 -> v0.0.13
• github.com/mdlayher/arp f72070a231fc new
• github.com/mdlayher/ethtool 2b88debcdd43 new
• github.com/mdlayher/netlink v1.4.0 -> v1.4.1
• github.com/mdlayher/raw 51b895745faf new
• github.com/mitchellh/mapstructure v1.4.1 new
• github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> e6143ca7d51d
• github.com/pelletier/go-toml v1.9.0 new
• github.com/rivo/tview 8a8f78a6dd01 -> 807e706f86d1
• github.com/rs/xid v1.2.1 -> v1.3.0
• github.com/sirupsen/logrus v1.8.1 new
• github.com/spf13/afero v1.6.0 new
• github.com/spf13/cast v1.3.1 new
• github.com/spf13/viper v1.7.1 new
• github.com/talos-systems/crypto 39584f1b6e54 -> 6bc5bb50c527
• github.com/talos-systems/extras v0.3.0 -> v0.3.0-1-g4fe2706
• github.com/talos-systems/go-blockdevice 1d830a25f64f -> 30c2bc3cb62a
• github.com/talos-systems/go-debug 3d0a6e1bf5e3 new
• github.com/talos-systems/go-kmsg v0.1.0 new
• github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
• github.com/talos-systems/go-retry b9dc1a990133 -> c78cc953d9e9
• github.com/talos-systems/go-smbios fb425d4727e6 -> d3a32bea731a
• github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-alpha.0-8-g2d51360
• github.com/talos-systems/talos/pkg/machinery 8ffb55943c71 -> 000000000000
• github.com/talos-systems/tools v0.5.0 -> v0.5.0-1-gc8c2a18
• github.com/vishvananda/netns 2eb08e3e575f new
• github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.51.0
• github.com/vmware/govmomi v0.24.0 -> v0.26.0
• go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0-rc.1
• go.etcd.io/etcd/client/pkg/v3 v3.5.0-rc.1 new
• go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0-rc.1
• go.etcd.io/etcd/etcdutl/v3 v3.5.0-rc.1 new
• go.uber.org/zap v1.17.0 new
• golang.org/x/net e18ecbb05110 -> abc453219eb5
• golang.org/x/oauth2 81ed05c6b58c new
• golang.org/x/sys 77cc2087c03b -> ebe580a85c40
• golang.org/x/term 6a3ed077a48d -> a79de5458b56
• golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> 92e472f520a5
• google.golang.org/appengine v1.6.7 new
• google.golang.org/grpc v1.37.0 -> v1.38.0
• gopkg.in/ini.v1 v1.62.0 new
• inet.af/netaddr 1d252cf8125e new
• k8s.io/api v0.21.0 -> v0.21.1
• k8s.io/apimachinery v0.21.0 -> v0.21.1
• k8s.io/apiserver v0.21.0 -> v0.21.1
• k8s.io/client-go v0.21.0 -> v0.21.1
• k8s.io/kubectl v0.21.0 -> v0.21.1
• k8s.io/kubelet v0.21.0 -> v0.21.1
• k8s.io/utils 2afb4311ab10 new
• sigs.k8s.io/structured-merge-diff/v4 v4.1.1 new

Previous release can be found at v0.10.0

Talos 0.11.0-alpha.0 (2021-05-26)

Welcome to the v0.11.0-alpha.0 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Component Updates

• containerd was updated to 1.5.2
• Linux kernel was updated to 5.10.29

Multi-arch Installer

Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture. This means that e.g. images for arm64 SBCs can be generated on amd64 host.

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Jorik Jonker
• Spencer Smith
• Serge Logvinov
• Andrew LeCody
• Andrew Rynhard
• Boran Car
• Brandon Nason
• Gabor Nyiri
• Joost Coelingh
• Kevin Hellemun
• Lance R. Vick
• Lennard Klein
• Seán C McCord
• Sébastien Bernard
• Sébastien Bernard

Changes

82 commits

• c0962946 chore: prepare for 0.11 release series
• 72359765 feat: enable GORACE=halt_on_panic=1 in machined binary
• 0acb04ad feat: implement route network controllers
• f5bf88a4 feat: create certificates with os:admin role
• 1db301ed feat: switch controller-runtime to zap.Logger
• f7cf64d4 fix: add talos.config to the vApp Properties in VMware OVA
• 209527ec docs: add AMIs for Talos 0.10.3
• 59cfd312 chore: bump dependencies via dependabot
• 1edb20cf feat: extract config generation
• af77c295 docs: update wirguard guide
• 4fe69121 test: better talosctl ls tests
• 04ddda96 feat: update containerd to 1.5.2, runc to 1.0.0-rc95
• 49c7276b chore: fix markdown linting
• 7270495a docs: add mayastor quickstart
• d3d9112f docs: fix spelling/grammar in What's New for Talos 0.9
• 82804414 test: provide a way to force different boot order in provision library
• a1c0e99a docs: add guide for deploying metrics-server
• 6bc6658b feat: update containerd to 1.5.1
• c6567fae chore: dependabot updates
• 61ccbb3f chore: keep debug symbols in debug builds
• 1ce362e0 docs: update customizing kernel build steps
• a26174b5 fix: properly compose pattern and header in etcd members output
• 0825cf11 fix: stop networkd and pods before leaving etcd on upgrade
• bed6b15d fix: properly populate AllowSchedulingOnMasters option in gen config RPC
• 071f0445 feat: implement AddressSpec handling
• 76e38b7b feat: update Kubernetes to 1.21.1
• 9b1338d9 chore: parse "boolean" variables
• c81cfb21 chore: allow building with debug handlers
• c9651673 feat: update go-smbios library
• 95c656fb feat: update containerd to 1.5.0, runc to 1.0.0-rc94
• db9c35b5 feat: implement AddressStatusController
• 1cf011a8 chore: bump dependencies via dependabot
• e3f407a1 fix: properly pass disk type selector from config to matcher
• 66b2b450 feat: add resources and use HTTPS checks in control plane pods
• 4ffd7c0a fix: stop networkd before leaving etcd on 'reset' path
• 610d38d3 docs: add AMIs for 0.10.1, collapse list of AMIs by default
• 807497ec chore: make conformance pipeline depend on cron-default
• 3c121359 feat: implement LinkStatusController
• 0e8de046 fix: update go-blockdevice to fix disk type detection
• 4d50a4ed fix: update the way NTP sync uses adjtimex syscall
• 1a85c14a fix: avoid data race on CRI pod stop
• 5de8dbc0 fix: repair pine64 support
• 38239097 fix: properly parse matcher expressions
• e54b6b7a chore: update dependencies via dependabot
• f2caed0d chore: use extracted talos-systems/go-kmsg library
• 79d804c5 docs: fix typos
• a2bb390e feat: deterministic builds
• e480fedf feat: add USB serial drivers
• 79299d76 docs: add Matrix room links
• 1b3e8b09 docs: add survey to README
• 8d51c9bb docs: update redirects to Talos 0.10
• 1092c3a5 feat: add Pine64 SBC support
• 63e01754 feat: pull kernel with VMware balloon module enabled
• aeec99d8 chore: remove temporary fork
• 0f49722d feat: add --config-patch flag by node type
• a01b1d22 chore: dump dependencies via dependabot
• d540a4a4 fix: bump crypto library for the CSR verification fix
• c3a4173e chore: remove security API ReadFile/WriteFile
• 38037131 chore: update wgctrl dependecy
• d9ba0fd0 docs: create v0.11 docs, promote v0.10 docs, add v0.10 AMIs
• 2261d7ed fix: use both self-signed and Kubernetes CA to verify Kubelet cert
• a3537a69 docs: update cloud images for Talos v0.9.3
• 5b9ee861 docs: add what's new for Talos 0.10
• f1107fa3 docs: add survey
• 93623d47 docs: update AWS instructions
• a739d1b8 feat: add support of custom registry CA certificate usage
• 7f468d35 fix: update osType in OVA other3xLinux64Guest"
• 4a184b67 docs: add etcd backup and restore guide
• 5fb38d3e chore: refactor Dockerfile for cross-compilation
• a8f1e526 chore: build talosctl for Darwin / Apple Silicon
• eb0b64d3 chore: list specifically for enabled regions
• 669a0cbd fix: check if OVF env is empty
• da92049c chore: use codecov from the build container
• 9996d4b0 chore: use REGISTRY_MIRROR_FLAGS if defined
• 05cbe250 chore: bump dependencies via dependabot
• 9a91142a feat: print complete member info in etcd members
• bb40d6dd feat: update pkgs version
• e7a9164b test: implement talosctl conformance command to run e2e tests
• 6cb266e7 fix: update etcd client errors, print etcd join failures
• 0bd8b0e8 feat: provide an option to recover etcd from data directory copy
• f9818540 chore: fix conform with scopes
• 21018f28 chore: bump website node.js dependencies

Changes from talos-systems/crypto

1 commit

• 4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/go-blockdevice

2 commits

• 1292574 fix: make disk type matcher parser case insensitive
• b77400e fix: properly detect nvme and sd card disk types

Changes from talos-systems/go-debug

5 commits

• 3d0a6e1 feat: race build tag flag detector
• 5b292e5 feat: disable memory profiling by default
• c6d0ae2 fix: linters and CI
• d969f95 feat: initial implementation
• b2044b7 Initial commit

Changes from talos-systems/go-kmsg

2 commits

• 2edcd3a feat: add initial version
• 53cdd8d chore: initial commit

Changes from talos-systems/go-loadbalancer

3 commits

• a445702 feat: allow dial timeout and keep alive period to be configurable
• 3c8f347 feat: provide a way to configure logger for the loadbalancer
• da8e987 feat: implement Reconcile - ability to change upstream list on the fly

Changes from talos-systems/go-smbios

1 commit

• d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

15 commits

• a3a6650 feat: update containerd to 1.5.2
• c70ea44 feat: update runc to 1.0.0-rc95
• db60235 feat: add support for netxen card
• f934187 feat: update containerd to 1.5.1
• e8ed5bc feat: add geneve encapsulation support for openvswitch
• 9f7903c feat: update containerd to 1.5.0, runc to -rc94
• d7c0f70 feat: add AES-NI support for amd64
• b0d9cd2 fix: build zbin utility for both amd64 and arm64
• bb39b97 feat: add IPMI support in kernel
• 1148f9a feat: add DS1307 RTC support for arm64
• 350aa6f feat: add USB serial support
• de9c582 feat: add Pine64 SBC support
• b56f36b feat: enable VMware baloon kernel module
• f87c194 feat: add iPXE build with embedded placeholder script
• a8b9e71 feat: add cpu scaling for rpi

Dependency Changes

• github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
• github.com/containerd/containerd v1.4.4 -> v1.5.2
• github.com/containerd/go-cni v1.0.1 -> v1.0.2
• github.com/containerd/typeurl v1.0.1 -> v1.0.2
• github.com/coreos/go-iptables v0.5.0 -> v0.6.0
• github.com/cosi-project/runtime 10d6103c19ab -> 8a4533ce68e2
• github.com/docker/docker v20.10.4 -> v20.10.6
• github.com/emicklei/dot v0.15.0 -> v0.16.0
• github.com/fatih/color v1.10.0 -> v1.11.0
• github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.2 -> v1.5.3
• github.com/mdlayher/ethtool 2b88debcdd43 new
• github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> e6143ca7d51d
• github.com/plunder-app/kube-vip v0.3.2 -> v0.3.4
• github.com/rs/xid v1.2.1 -> v1.3.0
• github.com/talos-systems/crypto 39584f1b6e54 -> 4f80b976b640
• github.com/talos-systems/go-blockdevice 1d830a25f64f -> 1292574643e0
• github.com/talos-systems/go-debug 3d0a6e1bf5e3 new
• github.com/talos-systems/go-kmsg v0.1.0 new
• github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
• github.com/talos-systems/go-smbios fb425d4727e6 -> d3a32bea731a
• github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-alpha.0-5-ga3a6650
• github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.50.0
• github.com/vmware/govmomi v0.24.0 -> v0.25.0
• go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0-beta.3
• go.etcd.io/etcd/client/pkg/v3 v3.5.0-beta.3 new
• go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0-beta.3
• go.etcd.io/etcd/etcdutl/v3 v3.5.0-beta.3 new
• go.uber.org/zap c23abee72d19 new
• golang.org/x/net e18ecbb05110 -> 0714010a04ed
• golang.org/x/sys 77cc2087c03b -> 0981d6026fa6
• golang.org/x/term 6a3ed077a48d -> a79de5458b56
• golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> f9ad6d392236
• google.golang.org/grpc v1.37.0 -> v1.38.0
• inet.af/netaddr 1d252cf8125e new
• k8s.io/api v0.21.0 -> v0.21.1
• k8s.io/apimachinery v0.21.0 -> v0.21.1
• k8s.io/apiserver v0.21.0 -> v0.21.1
• k8s.io/client-go v0.21.0 -> v0.21.1
• k8s.io/kubectl v0.21.0 -> v0.21.1
• k8s.io/kubelet v0.21.0 -> v0.21.1

Previous release can be found at v0.10.0

Talos 0.10.0-alpha.2 (2021-04-08)

Welcome to the v0.10.0-alpha.2 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Disaster Recovery

• support for creating etcd snapshots (backups) with talosctl etcd snapshot command.
• etcd cluster can be recovered from a snapshot using talosctl boostrap --recover-from= command.

Install Disk Selector

Install section of the machine config now has diskSelector field that allows querying install disk using the list of qualifiers:

...
  install:
    diskSelector:
      size: >= 500GB
      model: WDC*
...

talosctl disks -n <node> -i can be used to check allowed disk qualifiers when the node is running in the maintenance mode.

Optimizations

• Talos system services now run without container images on initramfs from the single executable; this change reduces RAM usage, initramfs size and boot time..

SBCs

• u-boot version was updated to fix the boot and USB issues on Raspberry Pi 4 8GiB version.
• added support for Rock Pi 4.

Time Syncrhonization

• timed service was replaced with a time sync controller, no machine configuration changes.
• Talos now prefers last successful time server (by IP address) on each sync attempt (improves sync accuracy).

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Spencer Smith
• Seán C McCord
• Andrew Rynhard
• Branden Cash
• Jorik Jonker
• Matt Zahorik
• bzub

Changes

104 commits

• e0650218 feat: support etcd recovery from snapshot on bootstrap
• 247bd50e docs: describe steps to install and boot Talos from the SSD on rockpi4
• e6b4e524 test: update CAPA to 0.6.4
• 28753f6d fix: trim endpoints/nodes from arguments in talosctl config
• aca63b88 docs: fix "DigitalOcean" spelling
• 33035901 fix: revert mark PMBR EFI partition as bootable
• fbfd1eb2 refactor: pull new version of os-runtime, update code
• 8737ea71 feat: allow external cloud provides configration
• 3909e2d0 chore: update Go to 1.16.3
• 690eb20e chore: update blockdevice library for PMBR bootable fix
• a8761b8e fix: require leader on etcd member operations
• 3dc84625 fix: make both HDMI ports work on RPi 4
• bd5ae1e0 fix: add a check for overlay mounts in installer pre-flight checks
• df8649cb refactor: download modules before go generate
• 39ae0415 chore: bump dependencies via dependabot
• e16d6d34 fix: publish rockpi4 image to release artifacts
• 39c6dbcc feat: add --config-patch parameter to talosctl gen config
• e664362c feat: add API and command to save etcd snapshot (backup)
• 61b694b9 fix: create rootfs for system services via /system tmpfs
• abc2e17e test: update 0.9.x version in upgrade tests to 0.9.1
• a1e64154 fix: retry Kubernetes API errors on cordon/uncordon/etc
• 063d1abe fix: print task failure error immediately
• e039172e fix: ignore EOF errors from Kubernetes API when converting control plane
• 7bcb91a4 docs: fix typo for stage flag
• a43acb21 feat: bring in Linux 5.10.27, support for 32-bit time syscalls
• e2bb5973 release(v0.10.0-alpha.1): prepare release
• 8309312a chore: build components with race detector enabled in dev mode
• 7d912584 test: fix data race in apply config tests
• 204caf8e test: fix apply-config integration test, bump clusterctl version
• d812099d fix: address several issues in TUI installer
• 269c9ad0 fix: don't write to config object on access
• a9451f57 feat: update Kubernetes to 1.21.0-beta.1
• 4b42ced4 feat: add ability to disable comments in talosctl gen config
• a0dcfc3d fix: workaround race in containerd runner with stdin pipe
• 2ea20f59 feat: replace timed with time sync controller
• c38a161a test: add unit-test for machine config validation
• a6106815 chore: bump dependencies via dependabot
• 35598f39 chore: refactor: extract ClusterConfig
• 03285184 fix: get rid of data race in encoder and fix concurrent map access
• 4b3580aa fix: prevent panic in validate config if machine.install is missing
• d7e9f6d6 chore: build integration tests with -race
• 9f7d67ac chore: fix typo
• 672c9707 fix: allow convert-k8s --remove-initialized-keys with K8s cp is down
• fb605a0f chore: tweak nolintlint settings
• 1f5a0c40 fix: resolve the issue with Kubernetes upgrade
• 74b2b557 docs: update AWS docs to ensure instances are tagged
• dc21d9b4 chore: remove old file
• 966caf7a chore: remove unused module replace directives
• 98b22f1e feat: show short options in talosctl kubeconfig
• 51139d54 chore: cache go modules in the build
• 65701aa7 fix: resolve the issue with DHCP lease not being renewed
• 711f5b23 fix: config validation: CNI should apply to cp nodes, encryption config
• 5ff491d9 fix: allow empty list for CNI URLs
• 946e74f0 docs: update path for kernel downloads in qemu docs
• ed272e60 feat: update Kubernetes to 1.21.0-beta.0
• b0209fd2 refactor: move networkd, timed APIs to machined, remove routerd
• 6ffabe51 feat: add ability to find disk by disk properties
• ac876470 refactor: move apid, routerd, timed and trustd to single executable
• 89a4b09f refactor: run networkd as a goroutine in machined
• f4a6a19c chore: update sonobuoy
• dc294db1 chore: bump dependencies via dependabot
• 2b1641a3 docs: add AMIs for Talos 0.9.0
• 79ceb428 docs: make v0.9 the default docs
• a5b62f4d docs: add documentation for Talos 0.10
• ce795f1c fix: command etcd remove-member shouldn't remove etcd data directory
• aab49a16 fix: repair zsh completion
• fc9c416a fix: build rockpi4 metal image as part of CI build
• 125b86f4 fix: upgrade-k8s bug with empty config values and provision script
• 8b2d228d chore: add script for starting registry proxies
• f7d276b8 chore: remove old osctl reference
• 5b14d6f2 chore: fix make help output
• f0512dfc feat: update Kubernetes to 1.20.5
• 24cd0a20 feat: publish talosctl container image
• 6e17102c chore: remove unused code
• 88104407 docs: add control plane in-depth guide
• ecf03449 chore: bump Go to 1.16.2
• cbc38418 release(v0.10.0-alpha.0): prepare release
• 3455a8e8 chore: use new release tool for changelogs and release notes
• 08271ba9 chore: use Go 1.16 language version
• 7662d033 fix: talosctl health should not check kube-proxy when it is disabled
• 0dbaeb9e chore: update tools, use new generators
• e31790f6 fix: properly format spec comments in the resources
• 78d384eb test: update aws cloud provider version
• 3c5bfbb4 fix: don't touch any partitions on upgrade with --preserve
• 891f90fe chore: update Linux to 5.10.23
• d4d77882 chore: update dependencies via dependabot
• 2e22f20b docs: minor fixes to getting started
• ca8a5596 chore: fix provision tests after changes to build-container
• 4aae924c refactor: provide explicit logger for networkd
• 22f37530 chore: update golanci-lint to 1.38.0
• 83b4e7f7 feat: add Rock pi 4 support
• 1362966f docs: rewrite getting-started for ISO
• 8e57fc4f fix: move containerd CRI config files under /var/
• 6f7df3da fix: update output of convert-k8s command
• dce6118c docs: add guide for VIP
• ee5d9ffa chore: bump Go to 1.16.1
• 7c529e1c docs: fix links in the documentation
• f596c7f6 docs: add video for raspberry pi install
• 47324dca docs: add guide on editing machine configuration
• 99d5f894 chore: update website npm dependencies
• 11056a80 docs: add highlights for 0.9 release
• ae8bedb9 docs: add control plane conversion guide and 0.9 upgrade notes
• ed9673e5 docs: add troubleshooting control plane documentation
• 485cb126 docs: update Kubernetes upgrade guide

Changes since v0.10.0-alpha.1

25 commits

• e0650218 feat: support etcd recovery from snapshot on bootstrap
• 247bd50e docs: describe steps to install and boot Talos from the SSD on rockpi4
• e6b4e524 test: update CAPA to 0.6.4
• 28753f6d fix: trim endpoints/nodes from arguments in talosctl config
• aca63b88 docs: fix "DigitalOcean" spelling
• 33035901 fix: revert mark PMBR EFI partition as bootable
• fbfd1eb2 refactor: pull new version of os-runtime, update code
• 8737ea71 feat: allow external cloud provides configration
• 3909e2d0 chore: update Go to 1.16.3
• 690eb20e chore: update blockdevice library for PMBR bootable fix
• a8761b8e fix: require leader on etcd member operations
• 3dc84625 fix: make both HDMI ports work on RPi 4
• bd5ae1e0 fix: add a check for overlay mounts in installer pre-flight checks
• df8649cb refactor: download modules before go generate
• 39ae0415 chore: bump dependencies via dependabot
• e16d6d34 fix: publish rockpi4 image to release artifacts
• 39c6dbcc feat: add --config-patch parameter to talosctl gen config
• e664362c feat: add API and command to save etcd snapshot (backup)
• 61b694b9 fix: create rootfs for system services via /system tmpfs
• abc2e17e test: update 0.9.x version in upgrade tests to 0.9.1
• a1e64154 fix: retry Kubernetes API errors on cordon/uncordon/etc
• 063d1abe fix: print task failure error immediately
• e039172e fix: ignore EOF errors from Kubernetes API when converting control plane
• 7bcb91a4 docs: fix typo for stage flag
• a43acb21 feat: bring in Linux 5.10.27, support for 32-bit time syscalls

Changes from talos-systems/extras

3 commits

• cf3934a feat: build with Go 1.16.3
• c0fa0c0 feat: bump Go to 1.16.2
• 5f89d77 feat: bump Go to 1.16.1

Changes from talos-systems/go-blockdevice

3 commits

• 1d830a2 fix: revert mark the EFI partition in PMBR as bootable
• bec914f fix: mark the EFI partition in PMBR as bootable
• 776b37d feat: add options to probe disk by various sysblock parameters

Changes from talos-systems/os-runtime

5 commits

• 86d9e09 chore: bump go.mod dependencies
• 2de411a feat: major rewrite of the os-runtime with new features
• ded40a7 feat: implement controller runtime gRPC bridge
• 0d5b5a9 feat: implement resource state service and client
• d04ec51 feat: add common COSI resource protobuf, implement bridge with state

Changes from talos-systems/pkgs

8 commits

• 9a6cf6b feat: build with Go 1.16.3
• 60ce626 feat: update Linux to 5.10.27, enable 32-bit time syscalls
• fdf4866 feat: bump tools for Go 1.16.2
• 35f9b6f feat: update kernel to 5.10.23
• dbae83e fix: do not use git-lfs for rockpi4 binaries
• 1c6b9a3 feat: bump tools for Go 1.16.1
• c18073f feat: add u-boot for Rock Pi 4
• 6b85a2b feat: upgrade u-boot to 2021.04-rc3

Changes from talos-systems/tools

5 commits

• 1f26def feat: update Go to 1.16.3
• 41b8073 feat: bump protobuf-related tools
• f7bce92 chore: bump Go to 1.16.2
• bcf3380 feat: bump protobuf deps, add protoc-gen-go-grpc
• b49c40e feat: bump Go to 1.16.1

Dependency Changes

• github.com/coreos/go-semver v0.3.0 new
• github.com/golang/protobuf v1.4.3 -> v1.5.2
• github.com/google/go-cmp v0.5.4 -> v0.5.5
• github.com/hashicorp/go-multierror v1.1.0 -> v1.1.1
• github.com/talos-systems/extras v0.2.0-1-g0db3328 -> v0.3.0-alpha.0-2-gcf3934a
• github.com/talos-systems/go-blockdevice bb3ad73f6983 -> 1d830a25f64f
• github.com/talos-systems/os-runtime 7b3d14457439 -> 86d9e090bdc4
• github.com/talos-systems/pkgs v0.4.1-2-gd471b60 -> v0.5.0-alpha.0-5-g9a6cf6b
• github.com/talos-systems/tools v0.4.0-1-g3b25a7e -> v0.5.0-alpha.0-4-g1f26def
• go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0 new
• google.golang.org/grpc v1.36.0 -> v1.36.1
• google.golang.org/protobuf v1.25.0 -> v1.26.0
• k8s.io/api v0.20.5 -> v0.21.0-rc.0
• k8s.io/apimachinery v0.20.5 -> v0.21.0-rc.0
• k8s.io/apiserver v0.20.5 -> v0.21.0-rc.0
• k8s.io/client-go v0.20.5 -> v0.21.0-rc.0
• k8s.io/cri-api v0.20.5 -> v0.21.0-rc.0
• k8s.io/kubectl v0.20.5 -> v0.21.0-rc.0
• k8s.io/kubelet v0.20.5 -> v0.21.0-rc.0

Previous release can be found at v0.9.0

Talos 0.10.0-alpha.1 (2021-03-31)

Welcome to the v0.10.0-alpha.1 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

Install Disk Selector

Install section of the machine config now has diskSelector field that allows querying install disk using the list of qualifiers:

...
  install:
    diskSelector:
      size: >= 500GB
      model: WDC*
...

talosctl disks -n <node> -i can be used to check allowed disk qualifiers when the node is running in the maintenance mode.

Optimizations

• Talos system services now run without container images on initramfs from the single executable; this change reduces RAM usage, initramfs size and boot time..

SBCs

• u-boot version was updated to fix the boot and USB issues on Raspberry Pi 4 8GiB version.
• added support for Rock Pi 4.

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Spencer Smith
• Seán C McCord
• Andrew Rynhard
• Jorik Jonker
• bzub

Changes

78 commits

• 8309312a chore: build components with race detector enabled in dev mode
• 7d912584 test: fix data race in apply config tests
• 204caf8e test: fix apply-config integration test, bump clusterctl version
• d812099d fix: address several issues in TUI installer
• 269c9ad0 fix: don't write to config object on access
• a9451f57 feat: update Kubernetes to 1.21.0-beta.1
• 4b42ced4 feat: add ability to disable comments in talosctl gen config
• a0dcfc3d fix: workaround race in containerd runner with stdin pipe
• 2ea20f59 feat: replace timed with time sync controller
• c38a161a test: add unit-test for machine config validation
• a6106815 chore: bump dependencies via dependabot
• 35598f39 chore: refactor: extract ClusterConfig
• 03285184 fix: get rid of data race in encoder and fix concurrent map access
• 4b3580aa fix: prevent panic in validate config if machine.install is missing
• d7e9f6d6 chore: build integration tests with -race
• 9f7d67ac chore: fix typo
• 672c9707 fix: allow convert-k8s --remove-initialized-keys with K8s cp is down
• fb605a0f chore: tweak nolintlint settings
• 1f5a0c40 fix: resolve the issue with Kubernetes upgrade
• 74b2b557 docs: update AWS docs to ensure instances are tagged
• dc21d9b4 chore: remove old file
• 966caf7a chore: remove unused module replace directives
• 98b22f1e feat: show short options in talosctl kubeconfig
• 51139d54 chore: cache go modules in the build
• 65701aa7 fix: resolve the issue with DHCP lease not being renewed
• 711f5b23 fix: config validation: CNI should apply to cp nodes, encryption config
• 5ff491d9 fix: allow empty list for CNI URLs
• 946e74f0 docs: update path for kernel downloads in qemu docs
• ed272e60 feat: update Kubernetes to 1.21.0-beta.0
• b0209fd2 refactor: move networkd, timed APIs to machined, remove routerd
• 6ffabe51 feat: add ability to find disk by disk properties
• ac876470 refactor: move apid, routerd, timed and trustd to single executable
• 89a4b09f refactor: run networkd as a goroutine in machined
• f4a6a19c chore: update sonobuoy
• dc294db1 chore: bump dependencies via dependabot
• 2b1641a3 docs: add AMIs for Talos 0.9.0
• 79ceb428 docs: make v0.9 the default docs
• a5b62f4d docs: add documentation for Talos 0.10
• ce795f1c fix: command etcd remove-member shouldn't remove etcd data directory
• aab49a16 fix: repair zsh completion
• fc9c416a fix: build rockpi4 metal image as part of CI build
• 125b86f4 fix: upgrade-k8s bug with empty config values and provision script
• 8b2d228d chore: add script for starting registry proxies
• f7d276b8 chore: remove old osctl reference
• 5b14d6f2 chore: fix make help output
• f0512dfc feat: update Kubernetes to 1.20.5
• 24cd0a20 feat: publish talosctl container image
• 6e17102c chore: remove unused code
• 88104407 docs: add control plane in-depth guide
• ecf03449 chore: bump Go to 1.16.2
• cbc38418 release(v0.10.0-alpha.0): prepare release
• 3455a8e8 chore: use new release tool for changelogs and release notes
• 08271ba9 chore: use Go 1.16 language version
• 7662d033 fix: talosctl health should not check kube-proxy when it is disabled
• 0dbaeb9e chore: update tools, use new generators
• e31790f6 fix: properly format spec comments in the resources
• 78d384eb test: update aws cloud provider version
• 3c5bfbb4 fix: don't touch any partitions on upgrade with --preserve
• 891f90fe chore: update Linux to 5.10.23
• d4d77882 chore: update dependencies via dependabot
• 2e22f20b docs: minor fixes to getting started
• ca8a5596 chore: fix provision tests after changes to build-container
• 4aae924c refactor: provide explicit logger for networkd
• 22f37530 chore: update golanci-lint to 1.38.0
• 83b4e7f7 feat: add Rock pi 4 support
• 1362966f docs: rewrite getting-started for ISO
• 8e57fc4f fix: move containerd CRI config files under /var/
• 6f7df3da fix: update output of convert-k8s command
• dce6118c docs: add guide for VIP
• ee5d9ffa chore: bump Go to 1.16.1
• 7c529e1c docs: fix links in the documentation
• f596c7f6 docs: add video for raspberry pi install
• 47324dca docs: add guide on editing machine configuration
• 99d5f894 chore: update website npm dependencies
• 11056a80 docs: add highlights for 0.9 release
• ae8bedb9 docs: add control plane conversion guide and 0.9 upgrade notes
• ed9673e5 docs: add troubleshooting control plane documentation
• 485cb126 docs: update Kubernetes upgrade guide

Changes since v0.10.0-alpha.0

50 commits

• 8309312a chore: build components with race detector enabled in dev mode
• 7d912584 test: fix data race in apply config tests
• 204caf8e test: fix apply-config integration test, bump clusterctl version
• d812099d fix: address several issues in TUI installer
• 269c9ad0 fix: don't write to config object on access
• a9451f57 feat: update Kubernetes to 1.21.0-beta.1
• 4b42ced4 feat: add ability to disable comments in talosctl gen config
• a0dcfc3d fix: workaround race in containerd runner with stdin pipe
• 2ea20f59 feat: replace timed with time sync controller
• c38a161a test: add unit-test for machine config validation
• a6106815 chore: bump dependencies via dependabot
• 35598f39 chore: refactor: extract ClusterConfig
• 03285184 fix: get rid of data race in encoder and fix concurrent map access
• 4b3580aa fix: prevent panic in validate config if machine.install is missing
• d7e9f6d6 chore: build integration tests with -race
• 9f7d67ac chore: fix typo
• 672c9707 fix: allow convert-k8s --remove-initialized-keys with K8s cp is down
• fb605a0f chore: tweak nolintlint settings
• 1f5a0c40 fix: resolve the issue with Kubernetes upgrade
• 74b2b557 docs: update AWS docs to ensure instances are tagged
• dc21d9b4 chore: remove old file
• 966caf7a chore: remove unused module replace directives
• 98b22f1e feat: show short options in talosctl kubeconfig
• 51139d54 chore: cache go modules in the build
• 65701aa7 fix: resolve the issue with DHCP lease not being renewed
• 711f5b23 fix: config validation: CNI should apply to cp nodes, encryption config
• 5ff491d9 fix: allow empty list for CNI URLs
• 946e74f0 docs: update path for kernel downloads in qemu docs
• ed272e60 feat: update Kubernetes to 1.21.0-beta.0
• b0209fd2 refactor: move networkd, timed APIs to machined, remove routerd
• 6ffabe51 feat: add ability to find disk by disk properties
• ac876470 refactor: move apid, routerd, timed and trustd to single executable
• 89a4b09f refactor: run networkd as a goroutine in machined
• f4a6a19c chore: update sonobuoy
• dc294db1 chore: bump dependencies via dependabot
• 2b1641a3 docs: add AMIs for Talos 0.9.0
• 79ceb428 docs: make v0.9 the default docs
• a5b62f4d docs: add documentation for Talos 0.10
• ce795f1c fix: command etcd remove-member shouldn't remove etcd data directory
• aab49a16 fix: repair zsh completion
• fc9c416a fix: build rockpi4 metal image as part of CI build
• 125b86f4 fix: upgrade-k8s bug with empty config values and provision script
• 8b2d228d chore: add script for starting registry proxies
• f7d276b8 chore: remove old osctl reference
• 5b14d6f2 chore: fix make help output
• f0512dfc feat: update Kubernetes to 1.20.5
• 24cd0a20 feat: publish talosctl container image
• 6e17102c chore: remove unused code
• 88104407 docs: add control plane in-depth guide
• ecf03449 chore: bump Go to 1.16.2

Changes from talos-systems/extras

2 commits

• c0fa0c0 feat: bump Go to 1.16.2
• 5f89d77 feat: bump Go to 1.16.1

Changes from talos-systems/go-blockdevice

1 commit

• 776b37d feat: add options to probe disk by various sysblock parameters

Changes from talos-systems/pkgs

6 commits

• fdf4866 feat: bump tools for Go 1.16.2
• 35f9b6f feat: update kernel to 5.10.23
• dbae83e fix: do not use git-lfs for rockpi4 binaries
• 1c6b9a3 feat: bump tools for Go 1.16.1
• c18073f feat: add u-boot for Rock Pi 4
• 6b85a2b feat: upgrade u-boot to 2021.04-rc3

Changes from talos-systems/tools

4 commits

• 41b8073 feat: bump protobuf-related tools
• f7bce92 chore: bump Go to 1.16.2
• bcf3380 feat: bump protobuf deps, add protoc-gen-go-grpc
• b49c40e feat: bump Go to 1.16.1

Dependency Changes

• github.com/coreos/go-semver v0.3.0 new
• github.com/golang/protobuf v1.4.3 -> v1.5.1
• github.com/google/go-cmp v0.5.4 -> v0.5.5
• github.com/hashicorp/go-multierror v1.1.0 -> v1.1.1
• github.com/talos-systems/extras v0.2.0-1-g0db3328 -> v0.3.0-alpha.0-1-gc0fa0c0
• github.com/talos-systems/go-blockdevice bb3ad73f6983 -> 776b37d31de0
• github.com/talos-systems/pkgs v0.4.1-2-gd471b60 -> v0.5.0-alpha.0-3-gfdf4866
• github.com/talos-systems/tools v0.4.0-1-g3b25a7e -> v0.5.0-alpha.0-3-g41b8073
• google.golang.org/grpc v1.36.0 -> v1.36.1
• google.golang.org/protobuf v1.25.0 -> v1.26.0
• k8s.io/api v0.20.5 -> v0.21.0-rc.0
• k8s.io/apimachinery v0.20.5 -> v0.21.0-rc.0
• k8s.io/apiserver v0.20.5 -> v0.21.0-rc.0
• k8s.io/client-go v0.20.5 -> v0.21.0-rc.0
• k8s.io/cri-api v0.20.5 -> v0.21.0-rc.0
• k8s.io/kubectl v0.20.5 -> v0.21.0-rc.0
• k8s.io/kubelet v0.20.5 -> v0.21.0-rc.0

Previous release can be found at v0.9.0

Talos 0.10.0-alpha.0 (2021-03-17)

Welcome to the v0.10.0-alpha.0 release of Talos! This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/talos-systems/talos/issues.

SBCs

• u-boot version was updated to fix the boot and USB issues on Raspberry Pi 4 8GiB version.
• added support for Rock Pi 4.

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Seán C McCord
• Spencer Smith
• Andrew Rynhard

Changes

27 commits

• 3455a8e8 chore: use new release tool for changelogs and release notes
• 08271ba9 chore: use Go 1.16 language version
• 7662d033 fix: talosctl health should not check kube-proxy when it is disabled
• 0dbaeb9e chore: update tools, use new generators
• e31790f6 fix: properly format spec comments in the resources
• 78d384eb test: update aws cloud provider version
• 3c5bfbb4 fix: don't touch any partitions on upgrade with --preserve
• 891f90fe chore: update Linux to 5.10.23
• d4d77882 chore: update dependencies via dependabot
• 2e22f20b docs: minor fixes to getting started
• ca8a5596 chore: fix provision tests after changes to build-container
• 4aae924c refactor: provide explicit logger for networkd
• 22f37530 chore: update golanci-lint to 1.38.0
• 83b4e7f7 feat: add Rock pi 4 support
• 1362966f docs: rewrite getting-started for ISO
• 8e57fc4f fix: move containerd CRI config files under /var/
• 6f7df3da fix: update output of convert-k8s command
• dce6118c docs: add guide for VIP
• ee5d9ffa chore: bump Go to 1.16.1
• 7c529e1c docs: fix links in the documentation
• f596c7f6 docs: add video for raspberry pi install
• 47324dca docs: add guide on editing machine configuration
• 99d5f894 chore: update website npm dependencies
• 11056a80 docs: add highlights for 0.9 release
• ae8bedb9 docs: add control plane conversion guide and 0.9 upgrade notes
• ed9673e5 docs: add troubleshooting control plane documentation
• 485cb126 docs: update Kubernetes upgrade guide

Changes since v0.10.0-alpha.0

0 commit

Changes from talos-systems/extras

1 commit

• 5f89d77 feat: bump Go to 1.16.1

Changes from talos-systems/os-runtime

1 commit

• 7b3d144 feat: use go-yaml fork and serialize spec as RawYAML objects

Changes from talos-systems/pkgs

5 commits

• 35f9b6f feat: update kernel to 5.10.23
• dbae83e fix: do not use git-lfs for rockpi4 binaries
• 1c6b9a3 feat: bump tools for Go 1.16.1
• c18073f feat: add u-boot for Rock Pi 4
• 6b85a2b feat: upgrade u-boot to 2021.04-rc3

Changes from talos-systems/tools

2 commits

• bcf3380 feat: bump protobuf deps, add protoc-gen-go-grpc
• b49c40e feat: bump Go to 1.16.1

Dependency Changes

• github.com/hashicorp/go-multierror v1.1.0 -> v1.1.1
• github.com/talos-systems/extras v0.2.0 -> v0.3.0-alpha.0
• github.com/talos-systems/os-runtime 84c3c875eb2b -> 7b3d14457439
• github.com/talos-systems/pkgs v0.4.1 -> v0.5.0-alpha.0-2-g35f9b6f
• github.com/talos-systems/tools v0.4.0 -> v0.5.0-alpha.0-1-gbcf3380

Previous release can be found at v0.9.0-beta.0

v0.9.0-alpha.5 (2021-03-03)

Chore

• bump Go module dependencies
• properly propagate context object in the controller

Feat

• bypass lock if ACPI reboot/shutdown issued
• add --on-reboot flag to talosctl edit/patch machineConfig
• support JSON output in talosctl get, event types
• rename namespaces, resources, types etc

v0.9.0-alpha.4 (2021-03-02)

Chore

• update provision/upgrade tests to 0.9.0-alpha.3

Docs

• bump v0.8 release version in the SBCs guides
• add disk encryption guide

Feat

• update linux kernel to 5.10.19

Fix

• ignore 'ENOENT' (no such file directory) on mount
• move etcd to cri containerd runner

v0.9.0-alpha.3 (2021-03-01)

Chore

• bump dependencies via dependabot
• build both Darwin and Linux versions of talosctl
• bump dependencies via dependabot
• switch CI to stop embedding local registry into the builds

Docs

• update AMI images for 0.8.4

Feat

• implement etcd remove-member cli command
• update etcd to 3.4.15
• talosctl: allow v-prefixed k8s versions
• implement simple layer 2 shared IP for CP
• implement talosctl edit and patch config commands
• bump etcd client library to 3.5.0-alpha.0

Fix

• update in-cluster kubeconfig validity to match other certs
• add ApplyDynamicConfig call in the apply-config --immediate mode
• set hdmi_safe=1 on Raspberry Pi for maximum HDMI compatibility
• show stopped/exited containers via CRI inspector
• make ApplyDynamicConfig idempotent
• improve the drain function
• correctly set service state in the resource
• update the layout of the Disks API to match proxying requirements
• stop and clean up installer container correctly
• sanitize volume name better in static pod extra volumes

Refactor

• add context to the networkd
• split WithNetworkConfig into sub-options

Test

• add integration test with Canal CNI and reset API
• upgrade master to master tests

v0.9.0-alpha.2 (2021-02-20)

Chore

• add default cron pipeline to the list of pipelines
• run default pipeline as part of the cron pipeline

Docs

• add link to GitHub Discussions as a support forum

Feat

• u-boot 2021.01, ca-certificates update, Linux file ACLs
• support control plane upgrades with Talos managed control plane
• add support for extra volume mounts for control plane pods
• add a warning to boot log if running self-hosted control plane
• add an option to disable kube-proxy manifest
• update Kubernetes to 1.20.4
• add state encryption support

Fix

• redirect warnings in manifest apply k8s client
• handle case when kubelet serving certificates are issued
• correctly escape extra args in kube-proxy manifest
• skip empty manifest YAML sub-documents

Refactor

• split kubernetes/etcd resource generation into subresources

Test

• enable disk encryption key rotation test
• update integration tests to use wrapped client for etcd APIs

v0.9.0-alpha.1 (2021-02-09)

Chore

• update artifacts bucket name in Drone
• rework Drone pipelines
• update dependencies via dependabot
• ci: fix schedules in Drone pipelines
• ci: update gcp templates

Docs

• update AMI list for 0.8.2
• fix typos

Feat

• add a tool and package to convert self-hosted CP to static pods
• implement ephemeral partition encryption
• add resource watch API + CLI
• rename apply-config --no-reboot to --on-reboot
• skip filesystem for state and ephemeral partitions in the installer
• stop all pods before unmounting ephemeral partition
• bump Go to 1.15.8
• support version contract for Talos config generation
• update Linux to 5.10.14
• add an option to force upgrade without checks
• upgrade CoreDNS to 1.8.0
• implement IPv6 DHCP client in networkd

Fix

• correctly unwrap responses for etcd commands
• drop cri dependency on etcd
• move versions to annotations in control plane static pods
• find master node IPs correctly in health checks
• add 3 seconds grub boot timeout
• don't use filename from URL when downloading manifest
• pass attributes when adding routes
• correct response structure for GenerateConfig API
• correctly extract wrapped error messages
• prevent crash in machined on apid service stop
• wait for time sync before generating Kubernetes certificates
• set proper hostname on docker nodes
• mount kubelet secrets from system instead of ephemeral
• allow loading of empty config files
• prefer configured nameservers, fix DHCP6 in container
• refresh control plane endpoints on worker apids on schedule
• update DHCP client to use Request-Ack sequence after an Offer

Refactor

• extract go-cmd into a separate library

Test

• trigger e2e on thrice daily
• update aws templates
• add support for IPv6 in talosctl cluster create

v0.9.0-alpha.0 (2021-02-01)

Chore

• bump dependencies (via dependabot)
• fix import path for fsnotify
• add dependabot config
• enable virtio-balloon and monitor in QEMU provisioner
• update protobuf, grpc-go, prototool
• update upgrade test version used

Docs

• update components.md
• add v0.9 docs
• add modes to validate command
• document omitting DiskPartition size
• update references to 0.8.0, add 0.8.0 AWS AMIs
• fix latest docs
• set latest docs to v0.8
• provide AMIs for 0.8.0-beta.0
• fix SBC docs to point to beta.0 instead of beta.1
• update Talos release for SBCs

Feat

• move to ECDSA keys for all Kubernetes/etcd certs and keys
• update kernel
• mount hugetlbfs
• allow fqdn to be used when registering k8s node
• copy cryptsetup executable from pkgs
• use multi-arch images for k8s and Flannel CNI
• replace bootkube with Talos-managed control plane
• implement resource API in Talos
• update Linux to 5.10.7, musl-libc to 1.2.2
• update Kubernetes to 1.20.2
• support Wireguard networking
• bump pkgs for kernel with CONFIG_IPV6_MULTIPLE_TABLES
• support type filter in list API and CLI
• add commands to manage/query etcd cluster
• support disk image in talosctl cluster create
• update Kubernetes to 1.20.1

Fix

• use hugetlbfs instead of none
• use grpc load-balancing when connecting to trustd
• lower memory usage a bit by disabling memory profiling
• don't probe disks in container mode
• prefix rendered Talos-owned static pod manifests
• bump timeout for worker apid waiting for kubelet client config
• kill all processes and umount all disk on reboot/shutdown
• open blockdevices with exclusive flock for partitioning
• list command unlimited recursion default behavior
• pick first interface valid hostname (vs. last one)
• allow 'console' argument in kernel args to be always overridden
• bring up bonded interfaces correctly on packet
• checkpoint controller-manager and scheduler
• correctly transport gRPC errors from apid
• use SetAll instead of AppendAll when building kernel args
• add more dependencies for bootstrap services
• pass disk image flags to e2e-qemu cluster create command
• ignore pods spun up from checkpoints in health checks
• leave etcd for staged upgrades
• ignore errors on stopping/removing pod sandboxes
• use the correct console on Banana Pi M64
• don't run LabelNodeAsMaster in two sequences

Refactor

• update go-blockdevice and restructure disk interaction code
• define default kernel flags in machinery instead of procfs

Test

• clear connection refused errors after reset
• skip etcd tests on non-HA clusters

v0.8.0-alpha.3 (2020-12-10)

Chore

• update CONTRIBUTING.md
• limit unit-test run concurrency
• bump Go to 1.15.6
• bump dockerfile frontend version
• fix conform for releases

Docs

• update Equinix Metal guide
• add architectural doc on the root file system layout
• add a note on caveats in container mode
• add storage doc
• add guide for custom CAs
• add docs for network connectivity
• improve SBC documentation

Feat

• update kernel to 5.9.13, new KSPP requirements
• reset with system disk wipe spec
• add talosctl merge config command
• add talosctl config contexts
• update Kubernetes to 1.20.0
• implement "staged" (failsafe/backup) upgrades
• allow disabling NoSchedule taint on masters using TUI installer

Fix

• remove kmsg ratelimiting on startup
• zero out partitions without filesystems on install
• make interactive installer work without endpoints provided

Test

• add ISO test
• add support for mounting ISO in talosctl cluster create
• bump Talos release version for upgrade test to 0.7.1
• bump defaults for provision tests resources

v0.8.0-alpha.2 (2020-12-04)

Chore

• publish Rock64 image
• enable thrice daily pipeline
• run integration test thrice daily
• output SBC images as compressed raw images
• build SBC images
• update module dependencies
• drop support for docker load
• fix metal image name
• use IMAGE_TAG instead of TAG for :latest pushes

Docs

• fix typos
• add openstack docs
• ensure port for vbox and proxmox docs
• add console kernel arg to rpi_4 image generation
• add console kernel arg to libretech_all_h3_cc_h5 image generation

Feat

• add support for the Pine64 Rock64
• add TUI for configuring network interfaces settings
• make GenerateConfiguration accept current time as a parameter
• introduce configpatcher package in machinery
• suggest fixed control plane endpoints in talosctl gen config
• update kubernetes to 1.20.0-rc.0
• allow boards to set kernel args
• add support for the Banana Pi M64
• stop including K8s version by default in talosctl gen config
• add support for the Raspberry Pi 4 Model B
• implement network interfaces list API
• bump package for kernel with CIFS support
• upgrade etcd to 3.4.14
• update Containerd and Linux
• add support for installing to SBCs
• add ability to choose CNI config

Fix

• make default generate image arch dynamic based on arch
• stabilize serial console on RPi4, add video console
• make reset work again
• node taint doesn't contain value anymore
• defer resolving config context in client code
• remove value (change to empty) for NoSchedule taint
• prevent endless loop with DHCP requests in networkd
• skip board argument to the installer if it's not set
• use the dtb from kernel pkg for libretech_all_h3_cc_h5
• prevent crash in talosctl config commands
• update generated .ova manifest for raw disk size
• security: update Containerd to v1.4.3

Release

• v0.8.0-alpha.2: prepare release

v0.8.0-alpha.1 (2020-11-26)

Chore

• add cloud image uploader (AWS AMIs for now)
• bump K8s to 1.19.4 in e2e scripts with CABPT version
• build arm64 images in CI
• remove maintenance service interface and use machine service

Docs

• provide list of AMIs on AWS documentation page
• add 0.8 docs for the upcoming release
• ensure we configure nodes in guides
• ensure gcp docs have firewall and node info
• add qemu diagram and video walkthrough
• graduate v0.7 docs
• improve configuration reference documentation
• fix small typo in talosctl processes cast
• update asciinemas with talosctl
• add proxmox doc
• add live walkthroughs where applicable

Feat

• support openstack platform
• update Kubernetes to v1.20.0-beta.2
• change UI component for disks selector
• support cluster expansion in the interactive installer
• implement apply configuration without reboot
• make GenerateConfiguration API reuse current node auth
• sync time before installer runs
• set interface MTU in DHCP mode even if DHCP is not successful
• print hint about using interative installer in mainenance mode
• add TUI based talos interactive installer
• support ipv6 routes
• return client config as the second value in GenerateConfiguration
• correctly merge talosconfig (don't ever overwrite)
• drop to maintenance mode in cloud platforms if userdata is missing
• read config from extra guestinfo key (vmware)
• update Go to 1.15.5
• add generate config gRPC API
• upgrade Kubernetes default version to 1.19.4
• add example command in maintenance, enforce cert fingerprint
• add storage API

Fix

• bump blockdevice library for mmcblk part name fix
• ignore 'not found' errors when stopping/removing CRI pods
• return hostname from packet platform
• make fingerprint clearly optional in a boot hint
• ensure packet nics get all IPs
• use ghcr.io/talos-systems/kubelet
• bump timeout for config downloading on bare metal

Refactor

• drop osd compatibility layer

Release

• v0.8.0-alpha.1: prepare release

Test

• update integration test versions, clean up names