Skip to content

v0.11.0-beta.2

Pre-release
Pre-release
Compare
Choose a tag to compare
@talos-bot talos-bot released this 01 Jul 20:13
v0.11.0-beta.2
1179d6b

Talos 0.11.0-beta.2 (2021-07-01)

Welcome to the v0.11.0-beta.2 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Default to Bootstrap workflow

The init.yaml is no longer an output of talosctl gen config.
We now encourage using the bootstrap API, instead of init node types, as we
intend on deprecating this machine type in the future.
The init.yaml and controlplane.yaml machine configs are identical with the
exception of the machine type.
Users can use a modified controlplane.yaml with the machine type set to
init if they would like to avoid using the bootstrap API.

Component Updates

  • containerd was updated to 1.5.2
  • Linux kernel was updated to 5.10.45
  • Kubernetes was updated to 1.21.2
  • etcd was updated to 3.4.16
  • CoreDNS was updated to 1.8.4

CoreDNS

Added the flag cluster.coreDNS.disabled to coreDNS deployment during the cluster bootstrap.

Legacy BIOS Support

Added an option to the machine.install section of the machine config that can enable marking MBR partition bootable
for the machines that have legacy BIOS which does not support GPT partitioning scheme.

Multi-arch Installer

Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture.
This means that e.g. images for arm64 SBCs can be generated on amd64 host.

Networking Configuration

Talos networking configuration was completely rewritten to be based on controllers
and resources.
There are no changes to the machine configuration, but any update to .machine.network can now
be applied in immediate mode (without a reboot).
Talos should be setting up network configuration much faster on boot now, not blocking on DHCP for unconfigured
interfaces and skipping the reset network step.

Talos API RBAC

Limited RBAC support in Talos API is now enabled by default for Talos 0.11.
Default talosconfig has os:admin role embedded in the certificate so that all the APIs are available.
Certificates with reduced set of roles can be created with talosctl config new command.

When upgrading from Talos 0.10, RBAC is not enabled by default. Before enabling RBAC, generate talosconfig with
os:admin role first to make sure that administrator still has access to the cluster when RBAC is enabled
(using talosctl config new command).

List of available roles:

  • os:admin role enables every Talos API
  • os:reader role limits access to read-only APIs which do not return sensitive data
  • os:etcd:backup role only allows talosctl etcd snapshot API call (for etcd backup automation)

Contributors

  • Andrey Smirnov
  • Alexey Palazhchenko
  • Artem Chernyshev
  • Serge Logvinov
  • Spencer Smith
  • Jorik Jonker
  • Andrew Rynhard
  • Andrew LeCody
  • Kevin Hellemun
  • Seán C McCord
  • Boran Car
  • Brandon Nason
  • Gabor Nyiri
  • Gabor Nyiri
  • Joost Coelingh
  • Lance R. Vick
  • Lennard Klein
  • Sébastien Bernard
  • Sébastien Bernard

Changes

188 commits

  • 1179d6baf release(v0.11.0-beta.2): prepare release
  • 8aed6c2e1 fix: fill uuid argument correctly in the config download URL
  • d6c5e5004 fix: make output of upgrade-k8s command less scary
  • 452e096e1 fix: restart the merge controllers on conflict
  • 79f4f1aa8 fix: ignore deadline exceeded errors on bootstrap
  • 8904009f0 feat: update pkgs version
  • 223abaab0 release(v0.11.0-beta.1): prepare release
  • 7abadf726 fix: issue worker apid certs properly on renewal
  • 33d73189e fix: don't set bond delay options if miimon is not enabled
  • de7db38e3 release(v0.11.0-beta.0): prepare release
  • 74111d7b6 feat: add RBAC to talosctl version output
  • 728ad5c6f fix: handle cases when merged resource re-appears before being destroyed
  • 283e9f026 chore: add CAPI version to CI setup
  • 01a196ea4 chore: small RBAC improvements
  • 829e54f1a fix: limit apid access to COSI runtime resources
  • f9e01d027 fix: ignore EINVAL on unmount operations
  • 7672435e1 feat: add a method to get gRPC connection from the client
  • b5244bf18 chore: bump go.mod dependencies, fix netaddr API changes
  • c7e622567 chore: update coredns to 1.8.4
  • 3a34f1a51 chore: bump Talos Go modules to release versions
  • 8d60abff7 chore: use tagged versions of bldr dependencies for 0.11
  • 8ef68a6fb feat: remove go-runner in staticpods
  • a650531fa release(v0.11.0-alpha.2): prepare release
  • 71fff02ff fix: revert back resource.proto order
  • d3f4e6006 fix: replace tabs with spaces in console output
  • 1990ad252 feat: add created and updated timestamps to the resource metadata
  • 0731be908 feat: add cloud images to releases
  • b52b20666 feat: split etcd certificates to peer/client
  • 33119d2b8 chore: add an option to launch cluster with bad RTC state
  • d8c2bca1b feat: reimplement apid certificate generation on top of COSI
  • 3c1b32199 chore: refactor CLI tests
  • 0fd9ea2d6 feat: enable MACVTAP support
  • 898673e8d chore: update e2e tests to use latest capi releases
  • e26c5583c docs: add AMI IDs for Talos 0.10.4
  • 72ef48f0e fix: assign source address to the DHCP default gateway routes
  • 004885a37 feat: update Linux kernel to 5.10.45, etcd to 3.4.16
  • 821f469a1 feat: skip overlay mount checks with docker
  • b6e02311a feat: use COSI RD's sensitivity for RBAC
  • 46751c1ad feat: improve security of Kubernetes control plane components
  • 0f659622d fix: build with custom kernel/rootfs
  • 5b5089ab9 fix: mark kube-proxy as system critical priority
  • 42c16f67f chore: bump dependencies
  • 60f78419e chore: bump etcd client libraries to final 3.5.0 release
  • 2b0de9edb feat: improve security of Kubernetes control plane components
  • 48a5c460a docs: provide more storage details
  • e13d905c2 release(v0.11.0-alpha.1): prepare release
  • 70ac771e0 fix: use localhost API server endpoint for internal communication
  • a941eb7da feat: improve security of Kubernetes control plane components
  • 3aae94e53 feat: provide Kubernetes nodename as a COSI resource
  • 06209bba2 chore: update RBAC rules, remove old APIs
  • 9f24b519d chore: remove bootkube check from cluster health check
  • 4ac9bea27 fix: stop etcd client logs from going to the server console
  • f63ab9dd9 feat: implement talosctl config new command
  • fa15a6687 fix: don't enable RBAC feature in the config for Talos < 0.11
  • 2dc27d996 fix: do not format state partition in the initialize sequence
  • b609f33cd fix: update networking stack after Equnix Metal testing
  • 243a3b53e fix: separate healthy and unknown flags in the service resource
  • 1a1378be1 fix: update retry package with a fix for errors.Is
  • cb83edd7f fix: wait for the network to be ready in mainteancne mode
  • 96f89071c feat: update controller-runtime logs to console level on config.debug
  • 973069b61 feat: support NFS 4.1
  • 654dcad47 chore: bump dependencies via dependabot
  • d7394457d fix: don't treat ethtool errors as fatal
  • f2ae9cd0c feat: replace networkd with new network implementation
  • caec3063c fix: do not complain about empty roles
  • 11918a110 docs: update community meeting time
  • aeddb9c09 feat: implement platform config controller (hostnames)
  • 1ece334da feat: implement controller which runs network operators
  • 744ea8a5d fix: do not add bootstrap contents option if tail events is not 0
  • 5029edfb7 fix: overwrite nodes in the gRPC metadata
  • 6a35c8f11 feat: implement virtual IP (shared IP) network operator
  • 0f3b83803 chore: expose WatchRequest in the resources client
  • 11e258b15 feat: implement operator configuration controller
  • ce3815e75 feat: implement DHCP6 operator
  • f010d99af feat: implement operator framework with DHCP4 as the first example
  • f93c9c8fa feat: bring unconfigured links with link carrier up by default
  • 02bd657b2 feat: implement network.Status resource and controller
  • da329f00a feat: enable RBAC by default
  • 0f168a880 feat: add configuration for enabling RBAC
  • e74f789b0 feat: implement EtcFileController to render files in /etc
  • 5aede1a83 fix: prefer extraConfig over OVF env, skip empty config
  • 5ad314fe7 feat: implement basic RBAC interceptors
  • c031be813 chore: use Go 1.16.5
  • 8b0763f6a chore: bump dependencies via dependabot
  • 8b8de11d9 feat: implement new controllers for hostname, resolvers and time servers
  • 24859b141 docs: update Rpi4 firmware guide
  • 62c702c4f fix: remove conflicting etcd member on rejoin with empty data directory
  • ff62a5998 fix: drop into maintenance mode if config URL is none (metal)
  • 14e696d06 feat: update COSI runtime and add support for tail in the Talos gRPC
  • a71053fcd feat: default to bootstrap workflow
  • 76aac4bb2 feat: implement CPU and Memory stats controller
  • 8f90c6a8e feat: parse Talos-specific cmdline params
  • ed10e139c feat: implement NodeAddress controller
  • 33db8857a fix: use COSI runtime DestroyReady input type
  • 6e7753639 refactor: rename *.Status() to *.TypedSpec() in the resources
  • 97627061d docs: set static IP on ISO install mode
  • 5811f4dda feat: implement link (interface) controllers
  • 046b229b1 chore: skip building multi-arch installer for race-enabled build
  • 73fbb4b52 fix: only fetch machine uuid if it's not set
  • f112a540b fix: clean up stale snapshots on container start
  • c036b9494 chore: bump dependencies
  • a4d67a018 feat: add the ability to disable CoreDNS
  • 76dbfb369 feat: add ability to mark MBR partition bootable
  • e0f5b1e20 chore: split mgmt/gen.go into several files
  • fad1b4f1f chore: fix go generate for the machinery
  • 1117294ad release(v0.11.0-alpha.0): prepare release
  • c09629466 chore: prepare for 0.11 release series
  • 723597657 feat: enable GORACE=halt_on_panic=1 in machined binary
  • 0acb04ad7 feat: implement route network controllers
  • f5bf88a4c feat: create certificates with os:admin role
  • 1db301edf feat: switch controller-runtime to zap.Logger
  • f7cf64d42 fix: add talos.config to the vApp Properties in VMware OVA
  • 209527ecc docs: add AMIs for Talos 0.10.3
  • 59cfd312c chore: bump dependencies via dependabot
  • 1edb20cf9 feat: extract config generation
  • af77c2956 docs: update wirguard guide
  • 4fe691214 test: better talosctl ls tests
  • 04ddda962 feat: update containerd to 1.5.2, runc to 1.0.0-rc95
  • 49c7276b1 chore: fix markdown linting
  • 7270495ac docs: add mayastor quickstart
  • d3d9112f2 docs: fix spelling/grammar in What's New for Talos 0.9
  • 82804414f test: provide a way to force different boot order in provision library
  • a1c0e99a1 docs: add guide for deploying metrics-server
  • 6bc6658b5 feat: update containerd to 1.5.1
  • c6567fae9 chore: dependabot updates
  • 61ccbb3f5 chore: keep debug symbols in debug builds
  • 1ce362e05 docs: update customizing kernel build steps
  • a26174b54 fix: properly compose pattern and header in etcd members output
  • 0825cf11f fix: stop networkd and pods before leaving etcd on upgrade
  • bed6b15d6 fix: properly populate AllowSchedulingOnMasters option in gen config RPC
  • 071f04456 feat: implement AddressSpec handling
  • 76e38b7b8 feat: update Kubernetes to 1.21.1
  • 9b1338d98 chore: parse "boolean" variables
  • c81cfb216 chore: allow building with debug handlers
  • c9651673b feat: update go-smbios library
  • 95c656fb7 feat: update containerd to 1.5.0, runc to 1.0.0-rc94
  • db9c35b57 feat: implement AddressStatusController
  • 1cf011a80 chore: bump dependencies via dependabot
  • e3f407a1d fix: properly pass disk type selector from config to matcher
  • 66b2b4505 feat: add resources and use HTTPS checks in control plane pods
  • 4ffd7c0ad fix: stop networkd before leaving etcd on 'reset' path
  • 610d38d30 docs: add AMIs for 0.10.1, collapse list of AMIs by default
  • 807497ec2 chore: make conformance pipeline depend on cron-default
  • 3c1213596 feat: implement LinkStatusController
  • 0e8de0469 fix: update go-blockdevice to fix disk type detection
  • 4d50a4edd fix: update the way NTP sync uses adjtimex syscall
  • 1a85c14a5 fix: avoid data race on CRI pod stop
  • 5de8dbc06 fix: repair pine64 support
  • 382390973 fix: properly parse matcher expressions
  • e54b6b7a3 chore: update dependencies via dependabot
  • f2caed0df chore: use extracted talos-systems/go-kmsg library
  • 79d804c5b docs: fix typos
  • a2bb390e1 feat: deterministic builds
  • e480fedff feat: add USB serial drivers
  • 79299d761 docs: add Matrix room links
  • 1b3e8b09e docs: add survey to README
  • 8d51c9bb1 docs: update redirects to Talos 0.10
  • 1092c3a50 feat: add Pine64 SBC support
  • 63e017543 feat: pull kernel with VMware balloon module enabled
  • aeec99d82 chore: remove temporary fork
  • 0f49722d0 feat: add --config-patch flag by node type
  • a01b1d22d chore: dump dependencies via dependabot
  • d540a4a47 fix: bump crypto library for the CSR verification fix
  • c3a4173e1 chore: remove security API ReadFile/WriteFile
  • 38037131c chore: update wgctrl dependecy
  • d9ba0fd01 docs: create v0.11 docs, promote v0.10 docs, add v0.10 AMIs
  • 2261d7ed0 fix: use both self-signed and Kubernetes CA to verify Kubelet cert
  • a3537a691 docs: update cloud images for Talos v0.9.3
  • 5b9ee8617 docs: add what's new for Talos 0.10
  • f1107fa3a docs: add survey
  • 93623d47f docs: update AWS instructions
  • a739d1b8a feat: add support of custom registry CA certificate usage
  • 7f468d350 fix: update osType in OVA other3xLinux64Guest"
  • 4a184b67d docs: add etcd backup and restore guide
  • 5fb38d3e5 chore: refactor Dockerfile for cross-compilation
  • a8f1e526b chore: build talosctl for Darwin / Apple Silicon
  • eb0b64d31 chore: list specifically for enabled regions
  • 669a0cbdc fix: check if OVF env is empty
  • da92049c0 chore: use codecov from the build container
  • 9996d4b02 chore: use REGISTRY_MIRROR_FLAGS if defined
  • 05cbe250c chore: bump dependencies via dependabot
  • 9a91142a3 feat: print complete member info in etcd members
  • bb40d6dd0 feat: update pkgs version
  • e7a9164b1 test: implement talosctl conformance command to run e2e tests
  • 6cb266e74 fix: update etcd client errors, print etcd join failures
  • 0bd8b0e80 feat: provide an option to recover etcd from data directory copy
  • f98185408 chore: fix conform with scopes
  • 21018f28c chore: bump website node.js dependencies

Changes since v0.11.0-beta.1

6 commits

  • 1179d6baf release(v0.11.0-beta.2): prepare release
  • 8aed6c2e1 fix: fill uuid argument correctly in the config download URL
  • d6c5e5004 fix: make output of upgrade-k8s command less scary
  • 452e096e1 fix: restart the merge controllers on conflict
  • 79f4f1aa8 fix: ignore deadline exceeded errors on bootstrap
  • 8904009f0 feat: update pkgs version

Changes from talos-systems/crypto

8 commits

  • d3cb772 feat: make possible to change KeyUsage
  • 6bc5bb5 chore: remove unused argument
  • cd18ef6 feat: add support for several organizations
  • 97c888b chore: add options to CSR
  • 7776057 chore: fix typos
  • 80df078 chore: remove named result parameters
  • 15bdd28 chore: minor updates
  • 4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/extras

2 commits

  • 918e161 chore: update deps to final release versions
  • 4fe2706 feat: build with Go 1.16.5

Changes from talos-systems/go-blockdevice

3 commits

  • 30c2bc3 feat: mark MBR bootable
  • 1292574 fix: make disk type matcher parser case insensitive
  • b77400e fix: properly detect nvme and sd card disk types

Changes from talos-systems/go-debug

5 commits

  • 3d0a6e1 feat: race build tag flag detector
  • 5b292e5 feat: disable memory profiling by default
  • c6d0ae2 fix: linters and CI
  • d969f95 feat: initial implementation
  • b2044b7 Initial commit

Changes from talos-systems/go-kmsg

3 commits

  • b08e4d3 feat: replace tab character with space in console output
  • 2edcd3a feat: add initial version
  • 53cdd8d chore: initial commit

Changes from talos-systems/go-loadbalancer

3 commits

  • a445702 feat: allow dial timeout and keep alive period to be configurable
  • 3c8f347 feat: provide a way to configure logger for the loadbalancer
  • da8e987 feat: implement Reconcile - ability to change upstream list on the fly

Changes from talos-systems/go-retry

3 commits

  • c78cc95 fix: implement errors.Is for all errors in the set
  • 7885e16 feat: add ExpectedErrorf
  • 3d83f61 feat: deprecate UnexpectedError

Changes from talos-systems/go-smbios

1 commit

  • d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

24 commits

  • 7b2e126 feat: add support for hotplug of PCIE devices
  • f499062 chore: bump tools to final release 0.6.0
  • 41d6ccc feat: enable MACVTAP support
  • 96072f8 feat: enable adiantum block encryption (both amd64 arm64)
  • f5eac03 feat: update Linux to 5.10.45
  • d756119 feat: enable HP ILO kernel module (both amd64 arm64)
  • 2d51360 feat: support NFS 4.1
  • e63e4e9 feat: bump tools for Go 1.16.5
  • 1f8af29 feat: update Linux to 5.10.38
  • a3a6650 feat: update containerd to 1.5.2
  • c70ea44 feat: update runc to 1.0.0-rc95
  • db60235 feat: add support for netxen card
  • f934187 feat: update containerd to 1.5.1
  • e8ed5bc feat: add geneve encapsulation support for openvswitch
  • 9f7903c feat: update containerd to 1.5.0, runc to -rc94
  • d7c0f70 feat: add AES-NI support for amd64
  • b0d9cd2 fix: build zbin utility for both amd64 and arm64
  • bb39b97 feat: add IPMI support in kernel
  • 1148f9a feat: add DS1307 RTC support for arm64
  • 350aa6f feat: add USB serial support
  • de9c582 feat: add Pine64 SBC support
  • b56f36b feat: enable VMware baloon kernel module
  • f87c194 feat: add iPXE build with embedded placeholder script
  • a8b9e71 feat: add cpu scaling for rpi

Changes from talos-systems/tools

1 commit

  • c8c2a18 feat: update Go to 1.16.5

Dependency Changes

  • github.com/aws/aws-sdk-go v1.38.66 new
  • github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
  • github.com/containerd/containerd v1.4.4 -> v1.5.2
  • github.com/containerd/go-cni v1.0.1 -> v1.0.2
  • github.com/containerd/typeurl v1.0.1 -> v1.0.2
  • github.com/coreos/go-iptables v0.5.0 -> v0.6.0
  • github.com/cosi-project/runtime 10d6103c19ab -> 93ead370bf57
  • github.com/docker/docker v20.10.4 -> v20.10.7
  • github.com/emicklei/dot v0.15.0 -> v0.16.0
  • github.com/evanphx/json-patch v4.9.0 -> v4.11.0
  • github.com/fatih/color v1.10.0 -> v1.12.0
  • github.com/google/go-cmp v0.5.5 -> v0.5.6
  • github.com/google/gofuzz v1.2.0 new
  • github.com/googleapis/gnostic v0.5.5 new
  • github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
  • github.com/hashicorp/go-getter v1.5.2 -> v1.5.4
  • github.com/imdario/mergo v0.3.12 new
  • github.com/insomniacslk/dhcp cc9239ac6294 -> 1cac67f12b1e
  • github.com/jsimonetti/rtnetlink 1b79e63a70a0 -> 9c52e516c709
  • github.com/mattn/go-isatty v0.0.12 -> v0.0.13
  • github.com/mdlayher/arp f72070a231fc new
  • github.com/mdlayher/ethtool 2b88debcdd43 new
  • github.com/mdlayher/netlink v1.4.0 -> v1.4.1
  • github.com/mdlayher/raw 51b895745faf new
  • github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> e6143ca7d51d
  • github.com/rivo/tview 8a8f78a6dd01 -> d4fb0348227b
  • github.com/rs/xid v1.2.1 -> v1.3.0
  • github.com/sirupsen/logrus v1.8.1 new
  • github.com/spf13/viper v1.8.0 new
  • github.com/talos-systems/crypto 39584f1b6e54 -> v0.3.1
  • github.com/talos-systems/extras v0.3.0 -> v0.4.0
  • github.com/talos-systems/go-blockdevice 1d830a25f64f -> v0.2.1
  • github.com/talos-systems/go-debug v0.2.1 new
  • github.com/talos-systems/go-kmsg v0.1.1 new
  • github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
  • github.com/talos-systems/go-retry b9dc1a990133 -> v0.3.1
  • github.com/talos-systems/go-smbios fb425d4727e6 -> v0.1.0
  • github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-1-g7b2e126
  • github.com/talos-systems/talos/pkg/machinery 8ffb559 -> 000000000000
  • github.com/talos-systems/tools v0.5.0 -> v0.6.0
  • github.com/vishvananda/netns 2eb08e3e575f new
  • github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.52.0
  • github.com/vmware/govmomi v0.24.0 -> v0.26.0
  • go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0
  • go.etcd.io/etcd/client/pkg/v3 v3.5.0 new
  • go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0
  • go.etcd.io/etcd/etcdutl/v3 v3.5.0 new
  • go.uber.org/zap v1.17.0 new
  • golang.org/x/net e18ecbb05110 -> 04defd469f4e
  • golang.org/x/oauth2 a8dc77f794b6 new
  • golang.org/x/sys 77cc2087c03b -> 59db8d763f22
  • golang.org/x/term 6a3ed077a48d -> 6886f2dfbf5b
  • golang.org/x/time f8bda1e9f3ba -> 38a9dc6acbc6
  • golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> 92e472f520a5
  • google.golang.org/grpc v1.37.0 -> v1.38.0
  • inet.af/netaddr bf05d8b52dda new
  • k8s.io/api v0.21.0 -> v0.21.2
  • k8s.io/apimachinery v0.21.0 -> v0.21.2
  • k8s.io/apiserver v0.21.0 -> v0.21.2
  • k8s.io/client-go v0.21.0 -> v0.21.2
  • k8s.io/cri-api v0.21.0 -> v0.21.2
  • k8s.io/kubectl v0.21.0 -> v0.21.2
  • k8s.io/kubelet v0.21.0 -> v0.21.2
  • k8s.io/utils 6fdb442a123b new
  • sigs.k8s.io/structured-merge-diff/v4 v4.1.1 new

Previous release can be found at v0.10.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.4.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.21.2
k8s.gcr.io/kube-controller-manager:v1.21.2
k8s.gcr.io/kube-scheduler:v1.21.2
k8s.gcr.io/kube-proxy:v1.21.2
ghcr.io/talos-systems/kubelet:v1.21.2
ghcr.io/talos-systems/installer:v0.11.0-beta.2
k8s.gcr.io/pause:3.2
Assets 40
Loading
0 Join discussion