Release v0.9.0 · siderolabs/talos

Talos 0.9.0 (2021-03-22)

Welcome to the v0.9.0 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

New Features

Control Plane as Static Pods
ECDSA Keys for Kubernetes PKI
Disk Encryption
Virtual Shared IP for Control Plane Endpoint

Upgrading

Please read the upgrade notes before upgrading from Talos 0.8.

Contributors

Andrey Smirnov
Artem Chernyshev
Alexey Palazhchenko
Andrew Rynhard
Spencer Smith
Seán C McCord
Andrew Rynhard
Brandon McNama
Guilhem Lettron
Willem Monsuwe
vlad doster

Changes

188 commits

80b7b2219 release(v0.9.0): prepare release
c6f7c7f36 fix: command etcd remove-member shouldn't remove etcd data directory
84d597319 chore: remove old osctl reference
26c924619 fix: upgrade-k8s bug with empty config values and provision script
6ffe084f9 feat: update Kubernetes to 1.20.5
02839b10d release(v0.9.0-beta.1): prepare release
9d3605361 fix: talosctl health should not check kube-proxy when it is disabled
3844103d1 test: update aws cloud provider version
5bf28b8c8 fix: properly format spec comments in the resources
6d7b0efc6 fix: don't touch any partitions on upgrade with --preserve
aaa19e1ed chore: update Linux to 5.10.23
96477d249 chore: fix provision tests after changes to build-container
67e0317b9 fix: update output of convert-k8s command
51f59f435 fix: move containerd CRI config files under /var/
96521a186 chore: update Go to 1.15.9
dbcb643e8 release(v0.9.0-beta.0): prepare release
3863be9ce chore: bump release scope to v0.9
d3798cd7a docs: document controller runtime, resources and talosctl get
c2e353d6a fix: do not print out help string if the parameters are correct
56c95eace chore: bump dependencies via dependabot
49853fc2e fix: mkdir source of the extra mounts for the kubelet
e8e91d643 fix: properly propagate nameservers to provisioned docker clusters
f4ca6e9a6 feat: update containerd to version 1.4.4
3084a3f35 chore: update tools/pkgs/extras tags
81acadf34 fix: ignore connection refused errors when updating/converting cp
db3785b93 fix: align partition start to the physical sector size
df52c1358 chore: fix //nolint directives
f3a32fff9 chore: expire objects in CI S3 bucket
7e8f13652 chore: fix upgrade tests by bumping 0.9 to alpha.5
044fb7708 fix: chmod etcd PKI path to fix virtual IP for upgrades with persistence
ec72ae892 release(v0.9.0-alpha.5): prepare release
4e47f6766 feat: bypass lock if ACPI reboot/shutdown issued
60b7f79fd feat: add --on-reboot flag to talosctl edit/patch machineConfig
49a23bbde chore: bump Go module dependencies
40a2e4d4f feat: support JSON output in talosctl get, event types
638af35db chore: properly propagate context object in the controller
60aa011c7 feat: rename namespaces, resources, types etc
3a2caca78 release(v0.9.0-alpha.4): prepare release
8ffb55943 fix: ignore 'ENOENT' (no such file directory) on mount
a241e9ee4 feat: update linux kernel to 5.10.19
561f8aa15 fix: move etcd to cri containerd runner
1d8ed9b5c chore: update provision/upgrade tests to 0.9.0-alpha.3
02c0c25ba docs: bump v0.8 release version in the SBCs guides
9333e2a60 docs: add disk encryption guide
a12a5dd25 release(v0.9.0-alpha.3): prepare release
31e56e63d fix: update in-cluster kubeconfig validity to match other certs
c2f7a4b6f fix: add ApplyDynamicConfig call in the apply-config --immediate mode
376fdcf6c feat: implement etcd remove-member cli command
c8ae00937 chore: bump dependencies via dependabot
d173fd4c0 feat: update etcd to 3.4.15
5ae315f49 fix: set hdmi_safe=1 on Raspberry Pi for maximum HDMI compatibility
61cb2fb25 feat: talosctl: allow v-prefixed k8s versions
c7ee23908 fix: show stopped/exited containers via CRI inspector
d7cdc8cc1 feat: implement simple layer 2 shared IP for CP
63160277d fix: make ApplyDynamicConfig idempotent
041620c85 feat: implement talosctl edit and patch config commands
c29cfaa09 chore: build both Darwin and Linux versions of talosctl
953ce643a feat: bump etcd client library to 3.5.0-alpha.0
24b4c0bcb refactor: add context to the networkd
9464c4cbc refactor: split WithNetworkConfig into sub-options
779ac74a0 fix: improve the drain function
f24c81537 fix: correctly set service state in the resource
4e19b597a test: add integration test with Canal CNI and reset API
589d01892 fix: update the layout of the Disks API to match proxying requirements
7587af958 docs: update AMI images for 0.8.4
7108bb3f5 test: upgrade master to master tests
09369fedb fix: stop and clean up installer container correctly
85d1669fb chore: bump dependencies via dependabot
84ad6cbb1 chore: switch CI to stop embedding local registry into the builds
1a491ee85 fix: sanitize volume name better in static pod extra volumes
5aa75e020 release(v0.9.0-alpha.2): prepare release
3b672d342 feat: u-boot 2021.01, ca-certificates update, Linux file ACLs
e355d4fae fix: redirect warnings in manifest apply k8s client
c37f2c6d3 docs: add link to GitHub Discussions as a support forum
e2f1fbcfd feat: support control plane upgrades with Talos managed control plane
8789849c7 feat: add support for extra volume mounts for control plane pods
06b8c0948 test: enable disk encryption key rotation test
41430e72d fix: handle case when kubelet serving certificates are issued
7a6e0cd3e fix: correctly escape extra args in kube-proxy manifest
41b9f1345 feat: add a warning to boot log if running self-hosted control plane
2b76c4890 feat: add an option to disable kube-proxy manifest
d2d5c72bb fix: skip empty manifest YAML sub-documents
e9fc54f6e feat: update Kubernetes to 1.20.3
b91439815 refactor: split kubernetes/etcd resource generation into subresources
c2d109637 chore: add default cron pipeline to the list of pipelines
ce6bfbdbb chore: run default pipeline as part of the cron pipeline
32d258852 test: update integration tests to use wrapped client for etcd APIs
54d6a4521 feat: add state encryption support
8e35560ba release(v0.9.0-alpha.1): prepare release
7751920db feat: add a tool and package to convert self-hosted CP to static pods
3a78bfcec test: trigger e2e on thrice daily
58ff2c980 feat: implement ephemeral partition encryption
e5bd35ae3 feat: add resource watch API + CLI
6207fa517 test: update aws templates
cc83b8380 feat: rename apply-config --no-reboot to --on-reboot
254e0e91e fix: correctly unwrap responses for etcd commands
292bc3968 chore(ci): fix schedules in Drone pipelines
02b3719df feat: skip filesystem for state and ephemeral partitions in the installer
edbaa0bc7 chore: update artifacts bucket name in Drone
f1d1f72b5 chore(ci): update gcp templates
162d8b6be fix: drop cri dependency on etcd
b315a7e1f chore: rework Drone pipelines
9205870ee fix: move versions to annotations in control plane static pods
ecd0921d7 feat: stop all pods before unmounting ephemeral partition
aa9bef278 feat: bump Go to 1.15.8
f96548e16 refactor: extract go-cmd into a separate library
8d7a36cc0 fix: find master node IPs correctly in health checks
6791036cf fix: add 3 seconds grub boot timeout
ffe34ec10 fix: don't use filename from URL when downloading manifest
1111edfc7 fix: pass attributes when adding routes
d99a016af fix: correct response structure for GenerateConfig API
df0099036 fix: correctly extract wrapped error messages
1a32d55e4 fix: prevent crash in machined on apid service stop
daea9d381 feat: support version contract for Talos config generation
f9896777f feat: update Linux to 5.10.14
1908ba79d docs: update AMI list for 0.8.2
7f3dca8e4 test: add support for IPv6 in talosctl cluster create
3aaa888f9 docs: fix typos
edf577722 feat: add an option to force upgrade without checks
85ae9f75e fix: wait for time sync before generating Kubernetes certificates
b526c2cc3 fix: set proper hostname on docker nodes
a07cfbd5a fix: mount kubelet secrets from system instead of ephemeral
4734fe7dd feat: upgrade CoreDNS to 1.8.0
d29a56b0c chore: update dependencies via dependabot
33de89ef9 fix: allow loading of empty config files
757cc204e fix: prefer configured nameservers, fix DHCP6 in container
6cf98a732 feat: implement IPv6 DHCP client in networkd
5855b8d53 fix: refresh control plane endpoints on worker apids on schedule
47c260e36 fix: update DHCP client to use Request-Ack sequence after an Offer
42cadf5c5 release(v0.9.0-alpha.0): prepare release
2277ce8ab feat: move to ECDSA keys for all Kubernetes/etcd certs and keys
9947ec84d fix: use hugetlbfs instead of none
389349c02 fix: use grpc load-balancing when connecting to trustd
6eafca037 feat: update kernel
b441915c0 feat: mount hugetlbfs
e4e6da388 feat: allow fqdn to be used when registering k8s node
87ccf0eb2 test: clear connection refused errors after reset
c36e4a935 feat: copy cryptsetup executable from pkgs
8974b529a chore: bump dependencies (via dependabot)
512c79e8d fix: lower memory usage a bit by disabling memory profiling
1cded4d33 chore: fix import path for fsnotify
698fdd9d6 chore: add dependabot config
064d33229 fix: don't probe disks in container mode
1051d2ab6 fix: prefix rendered Talos-owned static pod manifests
7be3a8609 fix: bump timeout for worker apid waiting for kubelet client config
76a679443 fix: kill all processes and umount all disk on reboot/shutdown
18db20dbc fix: open blockdevices with exclusive flock for partitioning
e0a0f5880 feat: use multi-arch images for k8s and Flannel CNI
a83af0373 refactor: update go-blockdevice and restructure disk interaction code
0aaf8fa96 feat: replace bootkube with Talos-managed control plane
a2b6939c2 docs: update components.md
11863dd74 feat: implement resource API in Talos
e9aa49477 feat: update Linux to 5.10.7, musl-libc to 1.2.2
78eecc057 chore: enable virtio-balloon and monitor in QEMU provisioner
d71ac4c4f feat: update Kubernetes to 1.20.2
d515613bb fix: list command unlimited recursion default behavior
9883d0af1 feat: support Wireguard networking
00d345fd3 docs: add v0.9 docs
af5c34b34 fix: pick first interface valid hostname (vs. last one)
275ca76c5 chore: update protobuf, grpc-go, prototool
d19486afa fix: allow 'console' argument in kernel args to be always overridden
47fb5720c test: skip etcd tests on non-HA clusters
529c03587 docs: add modes to validate command
d455f917f docs: document omitting DiskPartition size
5325a66e3 fix: bring up bonded interfaces correctly on packet
a8dd2ff30 fix: checkpoint controller-manager and scheduler
f9ff4848e feat: bump pkgs for kernel with CONFIG_IPV6_MULTIPLE_TABLES
f2c029a07 chore: update upgrade test version used
7b6c4bcb1 refactor: define default kernel flags in machinery instead of procfs
f3465b8e3 feat: support type filter in list API and CLI
5590fe19e docs: update references to 0.8.0, add 0.8.0 AWS AMIs
11229a018 docs: fix latest docs
ff0749c4a docs: set latest docs to v0.8
6a0e652f0 fix: correctly transport gRPC errors from apid
47fb7d26e fix: use SetAll instead of AppendAll when building kernel args
b4ddfbfe9 fix: add more dependencies for bootstrap services
73c81c501 fix: pass disk image flags to e2e-qemu cluster create command
5e3b8ee09 fix: ignore pods spun up from checkpoints in health checks
a83e8758d feat: add commands to manage/query etcd cluster
e75bb27cf fix: leave etcd for staged upgrades
f1964aab5 fix: ignore errors on stopping/removing pod sandboxes
6540e9bf7 feat: support disk image in talosctl cluster create
b1d481430 feat: update Kubernetes to 1.20.1
4f74b11db docs: provide AMIs for 0.8.0-beta.0
14b43068d docs: fix SBC docs to point to beta.0 instead of beta.1
941556cff fix: use the correct console on Banana Pi M64
e791e7dca fix: don't run LabelNodeAsMaster in two sequences
a4f864d46 docs: update Talos release for SBCs

Changes since v0.9.0-beta.1

4 commits

c6f7c7f3 fix: command etcd remove-member shouldn't remove etcd
data directory
84d59731 chore: remove old osctl reference
26c92461 fix: upgrade-k8s bug with empty config values and provis
ion script
6ffe084f feat: update Kubernetes to 1.20.5

Changes from talos-systems/crypto

5 commits

39584f1 feat: support for key/certificate types RSA, Ed25519, ECDSA
cf75519 fix: function NewKeyPair should create certificate with proper subject
751c95a feat: add 'PEMEncodedKey' which allows to transport keys in YAML
562c3b6 feat: add support for public RSA key in RSAKey
bda0e9c feat: enable more conversions between encoded and raw versions

Changes from talos-systems/extras

5 commits

0db3328 feat: bump Go to 1.15.9
b852b69 chore: bump tools and pkgs to 0.4.0
302cc61 feat: bump Go to 1.15.8
3cb9fc9 feat: build tc-redirect-tap from our fork
cc8f5b9 chore: bump tools for Go 1.15.7 update

Changes from talos-systems/go-blockdevice

6 commits

bb3ad73 fix: align partition start to physical sector size
8f976c2 feat: replace exec.Command with go-cmd module
1cf7f25 fix: properly handle no child processes error from cmd.Wait
04a9851 feat: implement luks encryption provider
b0375e4 feat: add an option to open block device with exclusive flock
5a1c7f7 refactor: add devname into gpt.Partition, refactor probe package

Changes from talos-systems/go-cmd

4 commits

68eb006 feat: return typed error for exit error
333ccf1 feat: add stdin support into the Run methods
c5c8f1c feat: extract cmd module from Talos into a separate module
77685fc Initial commit

Changes from talos-systems/go-procfs

2 commits

8cbc42d feat: provide an option to overwrite some args in AppendAll
24d06a9 refactor: remove talos kernel default args

Changes from talos-systems/go-retry

1 commit

b9dc1a9 feat: add support for context.Context in Retry

Changes from talos-systems/go-smbios

2 commits

fb425d4 feat: add memory device
0bb4f96 feat: add physical memory array

Changes from talos-systems/net

3 commits

0519054 feat: add ParseCIDR
52c7509 feat: add a function to format IPs in CIDR notation
005a94f feat: add methods to manage CIDR list, check for non-local IPv6

Changes from talos-systems/os-runtime

13 commits

7b3d144 feat: use go-yaml fork and serialize spec as RawYAML objects
84c3c87 chore: provide fmt.Stringer for EventType
8b3f192 feat: update naming conventions for resources and types
28dd9aa feat: add an option to bootstrap WatchKind with initial list of resources
734f1e1 feat: add support for exporting dependency graph
eb6e3df feat: sort resources returned from the List() API
b8955a5 fix: attach stack trace to panic error message
b64f477 feat: restart failing controllers automatically with exp backoff
98acf0d fix: preserve original YAML formatting in resource.Any
53fb919 feat: controller runtime implementation
f450ab7 feat: implement namespaces, clean up context use
81bf414 feat: initial version of the runtime based on the state
657fda9 Initial commit

Changes from talos-systems/pkgs

23 commits

d471b60 feat: update kernel to 5.10.23
8e2a376 feat: bump tools for Go 1.15.9
af19871 feat: update containerd to 1.4.4
a053811 chore: bump tools to the tag 0.4.0
04e6d12 feat: update kernel to 5.10.19
bf4b778 feat: update u-boot to 2021.01
c02be5f feat: update ca-certificates to 2021-01-19
be6d186 feat: enable POSIX file ACLs on XFS
6748819 feat: update Linux to 5.10.17, disable init_on_free=1 by default
c623457 feat: bump raspberrypi-firmware
a0bb6ab feat: update Go to 1.15.8
0368166 feat: update Linux to 5.10.14
2a04697 chore: add conform configuration
f9d9690 feat: build CNI plugins, bump version to current master
72c4450 chore: bump tools for Go 1.15.7 update
4ce1f2c feat: add cryptsetup dependencies to all targets
3c35918 feat: enable NVME-over-TCP
1380273 feat: enable hyperv_utils in Linux kernel
0386ef5 feat: update libmusl to 1.2.2
d02d119 feat: update Linux kernel to 5.10.7
db10362 feat: enable more VIRTIO options
8e68598 feat: enable CONFIG_WIREGUARD kernel option
2409ba7 feat: enable CONFIG_IPV6_MULTIPLE_TABLES option

Changes from talos-systems/tools

11 commits

3b25a7e feat: bump Go to 1.15.9
017d570 chore: bump tools to 0.2.0
4b418f3 feat: upgrade Python 3.9.2, enable pip
0026740 feat: update Go to version 1.15.8
ca12352 chore: make it easier to update deps.png
e54841a feat: bump Go to 1.15.7
5fa9459 feat: bump rhash to 1.4.1
24a6dac feat: bump toolchain for libmusl CVE-2020-28928 fix
0fe682e feat: switch to older protoc-gen-go with gRPC
2fd95a7 feat: add protoc-gen-go-grpc
4689294 feat: upgrade proto libraries

Dependency Changes

github.com/AlekSi/pointer v1.1.0 new
github.com/containerd/containerd v1.4.3 -> v1.4.4
github.com/containernetworking/cni v0.8.0 -> v0.8.1
github.com/containernetworking/plugins v0.8.7 -> v0.9.1
github.com/coreos/go-iptables v0.4.5 -> v0.5.0
github.com/docker/docker v1.13.1 -> v20.10.4
github.com/elazarl/goproxy a92cc753f88e new
github.com/elazarl/goproxy/ext a92cc753f88e new
github.com/emicklei/dot v0.15.0 new
github.com/emicklei/go-restful v2.15.0 new
github.com/evanphx/json-patch v4.9.0 new
github.com/fsnotify/fsnotify v1.4.9 new
github.com/gdamore/tcell/v2 acf90d56d591 -> v2.2.0
github.com/google/go-cmp v0.5.4 new
github.com/google/uuid v1.1.2 -> v1.2.0
github.com/hashicorp/go-getter v1.5.1 -> v1.5.2
github.com/insomniacslk/dhcp 4de412bc85d8 -> cc9239ac6294
github.com/jsimonetti/rtnetlink 8bebea019a6c -> 1b79e63a70a0
github.com/mdlayher/netlink v1.1.1 -> v1.4.0
github.com/morikuni/aec v1.0.0 new
github.com/plunder-app/kube-vip v0.3.2 new
github.com/prometheus/procfs v0.2.0 -> v0.6.0
github.com/rivo/tview f007e9ad3893 -> 8a8f78a6dd01
github.com/spf13/cobra v1.1.1 -> v1.1.3
github.com/stretchr/testify v1.6.1 -> v1.7.0
github.com/talos-systems/crypto e0dd56ac4745 -> 39584f1b6e54
github.com/talos-systems/extras v0.1.0-6-gdc32cc8 -> v0.2.0-1-g0db3328
github.com/talos-systems/go-blockdevice f2728a581972 -> bb3ad73f6983
github.com/talos-systems/go-cmd 68eb0067e0f0 new
github.com/talos-systems/go-procfs a82654edcec1 -> 8cbc42d3dc24
github.com/talos-systems/go-retry 8c63d290a688 -> b9dc1a990133
github.com/talos-systems/go-smbios 80196199691e -> fb425d4727e6
github.com/talos-systems/net v0.2.0 -> 05190541b0fa
github.com/talos-systems/os-runtime 7b3d14457439 new
github.com/talos-systems/pkgs v0.3.0-59-g3f7a335 -> v0.4.1-2-gd471b60
github.com/talos-systems/talos/pkg/machinery 6a7cc02 -> 8ffb559
github.com/talos-systems/tools v0.3.0-13-g05b7372 -> v0.4.0-1-g3b25a7e
github.com/vmware-tanzu/sonobuoy v0.19.0 -> v0.20.0
go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 new
go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 new
go.etcd.io/etcd/pkg/v3 v3.5.0-alpha.0 new
golang.org/x/crypto c8d3bf9c5392 -> 5ea612d1eb83
golang.org/x/net 69a78807bb2b -> e18ecbb05110
golang.org/x/sync 67f06af15bc9 -> 036812b2e83c
golang.org/x/sys 760e229fe7c5 -> 77cc2087c03b
golang.org/x/term 7de9c90e9dd1 -> 6a3ed077a48d
golang.org/x/time 3af7569d3a1e -> f8bda1e9f3ba
golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b new
google.golang.org/grpc v1.29.1 -> v1.36.0
gopkg.in/yaml.v3 eeeca48fe776 -> 496545a6307b
honnef.co/go/tools v0.1.2 new
k8s.io/api v0.20.1 -> v0.20.5
k8s.io/apimachinery v0.20.1 -> v0.20.5
k8s.io/apiserver v0.20.1 -> v0.20.5
k8s.io/client-go v0.20.1 -> v0.20.5
k8s.io/cri-api v0.20.1 -> v0.20.5
k8s.io/kubectl v0.20.5 new
k8s.io/kubelet v0.20.1 -> v0.20.5

Previous release can be found at v0.8.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.2.0-1-g0db3328
docker.io/coredns/coredns:1.8.0
gcr.io/etcd-development/etcd:v3.4.15
k8s.gcr.io/kube-apiserver:v1.20.5
k8s.gcr.io/kube-controller-manager:v1.20.5
k8s.gcr.io/kube-scheduler:v1.20.5
k8s.gcr.io/kube-proxy:v1.20.5
ghcr.io/talos-systems/kubelet:v1.20.5
ghcr.io/talos-systems/installer:v0.9.0
k8s.gcr.io/pause:3.2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v0.9.0