talos

Talos 0.14.2 (2022-02-11)

Welcome to the v0.14.2 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Component Updates

• Linux: 5.15.23

Talos is built with Go 1.17.7

Contributors

• Andrey Smirnov
• Noel Georgi
• Spencer Smith

Changes

• talos-systems/talos@06ea409b5 release(v0.14.2): prepare release
• talos-systems/talos@097f59b61 feat: update Linux to 5.15.23, Go to 1.17.7
• talos-systems/talos@8023d9970 chore: bump CAPI to 1.0.4
• talos-systems/talos@bdcbf9bb7 feat: enable persistence for docker provider
• talos-systems/talos@2eeb91d18 fix: use leaf certificate in the apid RBAC check
• talos-systems/talos@5dd813a85 chore: fix golangci-lint install
• talos-systems/talos@7182bcf20 release(v0.14.1): prepare release
• talos-systems/talos@b6be476b4 feat: update CoreDNS to 1.8.7
• talos-systems/talos@ba39f682c test: attempt number on two on proper retries in CLI time tests
• talos-systems/talos@c1c5d9e8e fix: pass path to conformance retrieve results
• talos-systems/talos@4e2b32f98 chore: update Linux to 5.15.16

Changes since v0.14.1

• talos-systems/talos@06ea409b5 release(v0.14.2): prepare release
• talos-systems/talos@097f59b61 feat: update Linux to 5.15.23, Go to 1.17.7
• talos-systems/talos@8023d9970 chore: bump CAPI to 1.0.4
• talos-systems/talos@bdcbf9bb7 feat: enable persistence for docker provider
• talos-systems/talos@2eeb91d18 fix: use leaf certificate in the apid RBAC check
• talos-systems/talos@5dd813a85 chore: fix golangci-lint install

Changes from talos-systems/extras

• talos-systems/extras@b4c9d21 chore: update Go to 1.17.7

Changes from talos-systems/pkgs

• talos-systems/pkgs@c875fbe feat: update Linux to 5.15.23
• talos-systems/pkgs@d67ea69 chore: update tools for Go 1.17.7
• talos-systems/pkgs@447ce75 feat: update Linux to 5.15.16

Changes from talos-systems/tools

• talos-systems/tools@c89ed2c chore: bump go to 1.17.7

Dependency Changes

• github.com/talos-systems/extras v0.7.0-1-gd6b73a7 -> v0.7.0-2-gb4c9d21
• github.com/talos-systems/pkgs v0.9.0-1-g7a3419a -> v0.9.0-4-gc875fbe
• github.com/talos-systems/tools v0.9.0-1-gb1146f9 -> v0.9.0-2-gc89ed2c

Previous release can be found at v0.14.0

Images

quay.io/coreos/flannel:v0.15.1
ghcr.io/talos-systems/install-cni:v0.7.0-2-gb4c9d21
docker.io/coredns/coredns:1.8.7
gcr.io/etcd-development/etcd:v3.5.1
k8s.gcr.io/kube-apiserver:v1.23.1
k8s.gcr.io/kube-controller-manager:v1.23.1
k8s.gcr.io/kube-scheduler:v1.23.1
k8s.gcr.io/kube-proxy:v1.23.1
ghcr.io/talos-systems/kubelet:v1.23.1
ghcr.io/talos-systems/installer:v0.14.2
k8s.gcr.io/pause:3.2

Talos 0.15.0-alpha.2 (2022-02-11)

Welcome to the v0.15.0-alpha.2 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Apply Config Enhancements

talosctl apply/patch/edit cli commands got revamped.
Separate flags --on-reboot, --immediate, --interactive were replaced
with a single --mode flag that can take the following values:

• auto new mode that automatically applies the configuration in immediate/reboot mode.
• no-reboot force apply immediately, if not possible, then fail.
• reboot force reboot with apply config.
• staged write new machine configuration to STATE, but don't apply it (it will be applied after a reboot).
• interactive starts interactive installer, only for apply.

Pinned Kubernets Version

Command talosctl gen config now defaults to Kubernetes version pinning in the generate machine configuration.
Previously default was to omit explicit Kubernetes version, so Talos picked up the default version it was built against.
Old behavior can be achieved by specifiying empty flag value: --kubernetes-version=.

Machine Configuration

Talos now preserves machine configuration as it was submitted to the node.

Machine Configuration Patching

talosctl commands which accept JSON patches (gen config, cluster create, patch machineconfig) now support multiple patches, loading patches
from files with @file.json syntax, and support loading from YAML format.

Platform Support

Talos now supports Oracle Cloud.

Platform network configuration was rewritten to avoid modifying Talos machine configuration.
Network configuration is performed independent of the machine configuration presence, so it works
even if Talos is booted in maintenance mode (without machine configuration is platform userdata).

SBC Support

Talos now supports Jetson Nano SBC.

Static Pods in the Machine Configuration

Talos now accepts static pod definitions in the .machine.pods key of the machine configuration.
Please note that static pod definitions are not validated by Talos.
Static pod definitions can be updated without a node reboot.

System Extensions

System extensions allow extending Talos root filesystem, which enables a set of different features, including custom
container runtimes, additional firmware, etc.

System extensions are only activated during Talos installation (or upgrade), and with system extensions installed, Talos
root filesystem is still immutable and read-only.

Please see extensions repository and documentation for more information.

Component Updates

• Linux: 5.15.23
• Kubernetes: 1.23.3
• CoreDNS: 1.8.7
• etcd: 3.5.2
• containerd: 1.6.0-rc.0
• runc: 1.1.0

Talos is built with Go 1.17.7

Wipe System Kernel Parameter

Added new kernel parameter talos.experimental.wipe=system which can help resetting system disk for the machine
and start over with a fresh installation.
See Resetting a Machine on how to use it.

Contributors

• Andrey Smirnov
• Noel Georgi
• Artem Chernyshev
• Spencer Smith
• Serge Logvinov
• Seán C McCord
• Florian Klink
• Steve Francis
• Andrew Rynhard
• Anthony Rabbito
• Bernard Sébastien
• Charlie Haley
• Eric Wohltman
• Niklas Metje
• Philipp Sauter
• Shahar Naveh
• Tim Jones
• nebulait

Changes

• talos-systems/talos@f1a93d28f release(v0.15.0-alpha.2): prepare release
• talos-systems/talos@1e9f0ad4c feat: update Go to 1.17.7, Linux to 5.15.23
• talos-systems/talos@fef99892d chore: pin kubernetes version to talosctl gen config
• talos-systems/talos@bcf928134 feat: udev extensions support
• talos-systems/talos@47619f832 docs: update system extensions guide with grammar fixes
• talos-systems/talos@2bcceb6e4 chore: disable TIPC and B.A.T.M.A.N
• talos-systems/talos@c6bca1b33 docs: add guide on system extensions
• talos-systems/talos@492b156da feat: implement static pods via machine configuration
• talos-systems/talos@6fadfa8db fix: parse properly IPv6 address in the cmdline ip= arg
• talos-systems/talos@d991f3982 chore: update the kernel with IGC driver enabled
• talos-systems/talos@cbc9610be feat: sysctl system optimization
• talos-systems/talos@8b6d6220d fix: parse interface ip correctly (nocloud)
• talos-systems/talos@54632b1be docs: fix developing Talos docs
• talos-systems/talos@0da370dfe test: unlock CABPT/CACPPT provider versions
• talos-systems/talos@df0e388a4 feat: extract firmware part of system extensions into initramfs
• talos-systems/talos@8899dd349 chore: add json-tags for SecretsBundle
• talos-systems/talos@4f391cd5c chore: bump kernel to 5.15.22
• talos-systems/talos@6bd07406e feat: disable reboots via kexec
• talos-systems/talos@1e3f2f952 fix: validate kubelet node IP subnets correctly
• talos-systems/talos@d211bff47 feat: enable accept_ra when IPv6 forwarding
• talos-systems/talos@930205831 chore: update kernel to 5.15.21
• talos-systems/talos@c7186ed08 chore: bump dependencies
• talos-systems/talos@9ee470f95 feat: set /etc/localtime to UTC
• talos-systems/talos@c34768367 fix: disable auto-tls for etcd
• talos-systems/talos@9bffc7e8d fix: pass proper sequence to shutdown sequence on ACPI shutdown
• talos-systems/talos@e47387e41 chore: bump CAPI to 1.0.4
• talos-systems/talos@5462f5ed1 feat: update etcd to 3.5.2
• talos-systems/talos@f6fa12e53 docs: update upgrading Talos, Kubernetes, and Docker guides
• talos-systems/talos@5484579c1 feat: allow link scope routes in the machine config
• talos-systems/talos@56b83b087 feat: enable persistence for docker provider
• talos-systems/talos@949464e4b fix: use leaf certificate in the apid RBAC check
• talos-systems/talos@446972f21 chore: bump kernel to 5.15.19
• talos-systems/talos@fe40e7b1b feat: drain node on shutdown
• talos-systems/talos@7f0b3aae0 feat: add multiple config patches, patches from files, YAML support
• talos-systems/talos@202290be7 docs: update Kubernetes upgrade video
• talos-systems/talos@036644f7a chore: bump kernel to 5.15.18
• talos-systems/talos@dcde2c4f6 chore: update k8s upgrade message
• talos-systems/talos@1c949335c docs: add documentation for Hyper-V
• talos-systems/talos@7f9790912 fix: clean up containerd state on installer run/validate
• talos-systems/talos@8b98d8eb3 docs: clarify Filebeat example
• talos-systems/talos@74c03120c docs: replace Talos upgrades video
• talos-systems/talos@65e64d425 chore: update kernel to stable 5.15.17
• talos-systems/talos@4245f72d3 feat: add --extra-uefi-search-paths option
• talos-systems/talos@7ffeb6c2e docs: update oracle cloud example
• talos-systems/talos@151c9df09 chore: add CSI tests for e2e-qemu
• talos-systems/talos@cdb621c82 feat: provide a way to list installed system extensions
• talos-systems/talos@abfb25812 feat: share /lib/firmware across initramfs and rootfs
• talos-systems/talos@ebec5d4a0 feat: support full disk path in the diskSelector
• talos-systems/talos@831f65a07 fix: close client provider instead of Talos client in the upgrade module
• talos-systems/talos@0bf161dff test: add integration test for system extensions
• talos-systems/talos@7b3962745 fix: handle 404 errors from AWS IMDS correctly
• talos-systems/talos@85782faa2 feat: update Kubernetes to 1.23.3
• talos-systems/talos@c5e5922e5 chore: bump dependencies
• talos-systems/talos@b3c3ef29b feat: install system extensions
• talos-systems/talos@a0889600f chore: fix golangci-lint install
• talos-systems/talos@a50c42980 fix: use #!/usr/bin/env bash as shebang instead of #!/bin/bash
• talos-systems/talos@4464b725c fix: qemu: always use runtime.GOARCH for CNI bundle
• talos-systems/talos@e7379c81b release(v0.15.0-alpha.1): prepare release
• talos-systems/talos@58eb3600f fix: enforce reasonable TLS min tls-min-version
• talos-systems/talos@b8d4c5dfa fix: use correct error in kernel_param_spec Modify call handling
• talos-systems/talos@4961d6867 docs: drop talos.interface kernel arg
• talos-systems/talos@b1e61fa5b chore: update Linux to 5.15.16
• talos-systems/talos@d4b844593 feat: support CRI configuration merging and reimplement registry config
• talos-systems/talos@f94c8c6e1 feat: update Kubernetes to 1.23.2
• talos-systems/talos@21f497b3e feat: install readonly overlay mounts during talos chroot sequence
• talos-systems/talos@9ad5a67d2 feat: inject platform network configuration as network resources
• talos-systems/talos@907f8cbfb docs: fix patch flag
• talos-systems/talos@caa434426 docs: add documentation on developing Talos
• talos-systems/talos@16eeb6776 docs: readme updates
• talos-systems/talos@3c0737027 chore: update release notes
• talos-systems/talos@6d8bea5d5 feat: jetson nano SoC
• talos-systems/talos@1d8955ebe feat: update CoreDNS to 1.8.7
• talos-systems/talos@6af83afd5 fix: handle multiple-IP cluster nodes
• talos-systems/talos@43b2d8137 chore: bump dependencies
• talos-systems/talos@529e80f4f docs: update home page and footer
• talos-systems/talos@37630e70c Update twitter link
• talos-systems/talos@af440919b fix: avoid panic in config loading/validation
• talos-systems/talos@4b8e9de59 docs: add guide on adding proprietary kernel modules
• talos-systems/talos@833dc4169 docs: rework vmware assets
• talos-systems/talos@2869b5eea feat: add oraclecloud.com platform support
• talos-systems/talos@f3ec24beb fix: vmware documentation typo
• talos-systems/talos@2f2bdb26a feat: replace flags with --mode in apply, edit and patch commands
• talos-systems/talos@b09be2a69 docs: update index.md and sync across versions
• talos-systems/talos@ca65b918a docs: add nocloud documentation
• talos-systems/talos@59437d6d8 fix: filter down nameservers for docker-based cluster create
• talos-systems/talos@194eaa6f2 chore: clean up /usr/bin from unneeded files
• talos-systems/talos@74e727240 docs: update office office
• talos-systems/talos@539af338c docs: update vmware docs
• talos-systems/talos@279a3fda7 feat: update Go to 1.17.6, containerd to 1.5.9
• talos-systems/talos@3d3088941 chore: bump Go dependencies
• talos-systems/talos@d02d944ec chore: provide umarshal from YAML methods for network resource specs
• talos-systems/talos@2e735714d fix: derive machine-id from node identity
• talos-systems/talos@d8a2721e1 test: update CAPI components to latest
• talos-systems/talos@7dff8a53e fix: ignore missing init.yaml for cluster create
• talos-systems/talos@f4516c7d8 chore: bump dependencies
• talos-systems/talos@944f13221 chore: fix release pipeline
• talos-systems/talos@cb548a368 release(v0.15.0-alpha.0): prepare release
• talos-systems/talos@da0b36e61 feat: introduce talos.exp.wipe kernel param to wipe system disk
• talos-systems/talos@c079eb32b refactor: use AWS SDK to access AWS metadata service
• talos-systems/talos@2f4b9d8d6 feat: make machine configuration read-only in Talos (almost)
• talos-systems/talos@524f83d3d feat: use official Go SDK to fetch GCP instance metadata
• talos-systems/talos@d2a7e082c test: retry in discovery tests
• talos-systems/talos@f4219e530 chore: remove unused methods in AWS platform
• talos-systems/talos@35bc2940e fix: kexec on RPI4
• talos-systems/talos@f235cfbae fix: multiple usability fixes
• talos-systems/talos@b3fbb2f31 test: don't build all images in the default CI pipeline
• talos-systems/talos@dac550a50 docs: fix troubleshooting guide
• talos-systems/talos@83e8bec6b feat: update Linux to 5.15.11
• talos-systems/talos@d5a82b37e feat: remove ApplyDynamicConfig
• talos-systems/talos@3623da136 feat: provide a way to load Linux kernel modules
• talos-systems/talos@4d1514add docs: update Mayastor deployment process
• talos-systems/talos@cff1ff6d5 feat: shell completion for list, read
• talos-systems/talos@19728437e feat: output IPs when etcd needs to be bootstrapped
• talos-systems/talos@c297d66a1 test: attempt number on two on proper retries in CLI time tests
• talos-systems/talos@dc299da9e docs: add arm64 option to talosctl download
• talos-systems/talos@f49f40a33 fix: pass path to conformance retrieve results
• talos-systems/talos@942c8074f docs: fork docs for 0.15
• talos-systems/talos@880a7782c docs: update documentation for 0.14.0 release
• talos-systems/talos@dc9a0cfe9 chore: bump Go dependencies
• talos-systems/talos@773496935 fix: config apply immediate
• talos-systems/talos@17c147488 test: retry talosctl time call in the tests
• talos-systems/talos@acf1ac0f1 feat: show human-readable aliases in talosctl get rd
• talos-systems/talos@5532867b0 refactor: rewrite the implementation of Processes API
• talos-systems/talos@80350861a feat: update Kubernetes to 1.23.1
• talos-systems/talos@4c96e936e docs: add cilium guide
• talos-systems/talos@e3f2acb5e refactor: rewrite the check for unknown keys in the machine configuration
• talos-systems/talos@4175396a8 refactor: use update go-blockdevice library with allocation fixes
• talos-systems/talos@b58f567a1 refactor: optimize Runtime config interface to avoid config marshaling
• talos-systems/talos@bb355c9ab chore: remove govalidator library
• talos-systems/talos@3af56bd2e test: update capi templates to v1beta1
• talos-systems/talos@936b4c4ce fix: update DHCP library with the panic fix
• talos-systems/talos@ab42886bf fix: allow kubelet to be started via the API
• talos-systems/talos@ec641f729 fix: use default time servers in time API if none are configured
• talos-systems/talos@79f213eec fix: cleanup affiliates
• talos-systems/talos@2dd0b5b68 chore: update Go to 1.17.5
• talos-systems/talos@97ffa7a64 feat: upgrade kubelet version in talosctl upgrade-k8s
• talos-systems/talos@5bc5123eb docs: document ip= kernel argument
• talos-systems/talos@8e1d0bfb5 feat: update Kubernetes to 1.23.0

Changes since v0.15.0-alpha.1

• talos-systems/talos@f1a93d28f release(v0.15.0-alpha.2): prepare release
• talos-systems/talos@1e9f0ad4c feat: update Go to 1.17.7, Linux to 5.15.23
• talos-systems/talos@fef99892d chore: pin kubernetes version to talosctl gen config
• talos-systems/talos@bcf928134 feat: udev extensions support
• talos-systems/talos@47619f832 docs: update system extensions guide with grammar fixes
• talos-systems/talos@2bcceb6e4 chore: disable TIPC and B.A.T.M.A.N
• talos-systems/talos@c6bca1b33 docs: add guide on system extensions
• talos-systems/talos@492b156da feat: implement static pods via machine configuration
• talos-systems/talos@6fadfa8db fix: parse properly IPv6 address in the cmdline ip= arg
• talos-systems/talos@d991f3982 chore: update the kernel with IGC driver enabled
• talos-systems/talos@cbc9610be feat: sysctl system optimization
• talos-systems/talos@8b6d6220d fix: parse interface ip correctly (nocloud)
• talos-systems/talos@54632b1be docs: fix developing Talos docs
• talos-systems/talos@0da370dfe test: unlock CABPT/CACPPT provider versions
• talos-systems/talos@df0e388a4 feat: extract firmware part of system extensions into initramfs
• talos-systems/talos@8899dd349 chore: add json-tags for SecretsBundle
• talos-systems/talos@4f391cd5c chore: bump kernel to 5.15.22
• talos-systems/talos@6bd07406e feat: disable reboots via kexec
• talos-systems/talos@1e3f2f952 fix: validate kubelet node IP subnets correctly
• talos-systems/talos@d211bff47 feat: enable accept_ra when IPv6 forwarding
• talos-systems/talos@930205831 chore: update kernel to 5.15.21
• talos-systems/talos@c7186ed08 chore: bump dependencies
• talos-systems/talos@9ee470f95 feat: set /etc/localtime to UTC
• talos-systems/talos@c34768367 fix: disable auto-tls for etcd
• talos-systems/talos@9bffc7e8d fix: pass proper sequence to shutdown sequence on ACPI shutdown
• talos-systems/talos@e47387e41 chore: bump CAPI to 1.0.4
• talos-systems/talos@5462f5ed1 feat: update etcd to 3.5.2
• talos-systems/talos@f6fa12e53 docs: update upgrading Talos, Kubernetes, and Docker guides
• talos-systems/talos@5484579c1 feat: allow link scope routes in the machine config
• talos-systems/talos@56b83b087 feat: enable persistence for docker provider
• talos-systems/talos@949464e4b fix: use leaf certificate in the apid RBAC check
• talos-systems/talos@446972f21 chore: bump kernel to 5.15.19
• talos-systems/talos@fe40e7b1b feat: drain node on shutdown
• talos-systems/talos@7f0b3aae0 feat: add multiple config patches, patches from files, YAML support
• talos-systems/talos@202290be7 docs: update Kubernetes upgrade video
• talos-systems/talos@036644f7a chore: bump kernel to 5.15.18
• talos-systems/talos@dcde2c4f6 chore: update k8s upgrade message
• talos-systems/talos@1c949335c docs: add documentation for Hyper-V
• talos-systems/talos@7f9790912 fix: clean up containerd state on installer run/validate
• talos-systems/talos@8b98d8eb3 docs: clarify Filebeat example
• talos-systems/talos@74c03120c docs: replace Talos upgrades video
• talos-systems/talos@65e64d425 chore: update kernel to stable 5.15.17
• talos-systems/talos@4245f72d3 feat: add --extra-uefi-search-paths option
• talos-systems/talos@7ffeb6c2e docs: update oracle cloud example
• talos-systems/talos@151c9df09 chore: add CSI tests for e2e-qemu
• talos-systems/talos@cdb621c82 feat: provide a way to list installed system extensions
• talos-systems/talos@abfb25812 feat: share /lib/firmware across initramfs and rootfs
• talos-systems/talos@ebec5d4a0 feat: support full disk path in the diskSelector
• talos-systems/talos@831f65a07 fix: close client provider instead of Talos client in the upgrade module
• talos-systems/talos@0bf161dff test: add integration test for system extensions
• talos-systems/talos@7b3962745 fix: handle 404 errors from AWS IMDS correctly
• talos-systems/talos@85782faa2 feat: update Kubernetes to 1.23.3
• talos-systems/talos@c5e5922e5 chore: bump dependencies
• talos-systems/talos@b3c3ef29b feat: install system extensions
• talos-systems/talos@a0889600f chore: fix golangci-lint install
• talos-systems/talos@a50c42980 fix: use #!/usr/bin/env bash as shebang instead of #!/bin/bash
• talos-systems/talos@4464b725c fix: qemu: always use runtime.GOARCH for CNI bundle

Changes from talos-systems/crypto

• talos-systems/crypto@510b0d2 chore: add json tags
• talos-systems/crypto@6fa2d93 fix: deepcopy nil fields as nil

Changes from talos-systems/extras

• talos-systems/extras@8f607fc chore: bump to Go 1.17.7
• talos-systems/extras@7c1f3cc feat: update Go to 1.17.6
• talos-systems/extras@495a5b2 feat: update Go to 1.17.5

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@7b9de26 feat: read symlink fullpath in block device list function
• talos-systems/go-blockdevice@6928ee4 refactor: rewrite GPT serialize/deserialize functions
• talos-systems/go-blockdevice@0c7e429 refactor: simplify middle endian functions

Changes from talos-systems/net

• talos-systems/net@409926a fix: parse correctly some IPv6 CIDRs

Changes from talos-systems/pkgs

• talos-systems/pkgs@6019223 chore: bump kernel to 5.15.23
• talos-systems/pkgs@ff4b2d8 chore: bump tools for Go 1.17.7
• talos-systems/pkgs@e34f883 chore: disable TIPC and B.A.T.M.A.N
• talos-systems/pkgs@2b8cd88 feat: add Intel Ethernet Controller I225-V driver
• talos-systems/pkgs@407459d feat: enable zstd squashfs compression and firmware (xz) compression
• talos-systems/pkgs@81a4b1c chore: bump kernel to 5.15.22
• talos-systems/pkgs@c9a6415 chore: bump kernel to 5.15.21
• talos-systems/pkgs@90dcd00 chore: bump kernel to 5.15.19
• talos-systems/pkgs@d457b87 chore: bump kernel to 5.15.18
• talos-systems/pkgs@dd69678 chore: disable ATA-over-Ethernet driver for arm64
• talos-systems/pkgs@388ce13 chore: bump kernel to 5.15.17
• talos-systems/pkgs@c14eb99 feat: update Linux to 5.15.16
• talos-systems/pkgs@5d4d8d6 feat: bump containerd to 1.6.0-rc.0, runc to 1.1.0
• talos-systems/pkgs@5dd08a7 feat: jetson nano SoC
• talos-systems/pkgs@402b960 chore: bump u-boot to 2022.01
• talos-systems/pkgs@6ce1a40 feat: update Go to 1.17.6
• talos-systems/pkgs@08f2519 feat: update containerd to 1.5.9
• talos-systems/pkgs@fbb5c5c feat: add qlcnic drivers to kernel
• talos-systems/pkgs@0505e01 chore: fix =m kernel build options
• talos-systems/pkgs@54aa902 feat: enable amdgpu in kernel
• talos-systems/pkgs@2779c3f fix: kexec on rpi4
• talos-systems/pkgs@950361f feat: update Linux to 5.15.11
• talos-systems/pkgs@ad611bc feat: provide build instructions for NVIDIA kernel module
• talos-systems/pkgs@b22723d feat: update iPXE to the latest available version
• talos-systems/pkgs@a675c67 feat: update Go to 1.17.5

Changes from talos-systems/tools

• talos-systems/tools@4c9e7a4 chore: bump go to 1.17.7
• talos-systems/tools@d33b4b6 feat: support zstd compression
• talos-systems/tools@67314b1 feat: update Go to 1.17.6
• talos-systems/tools@9c2b9df feat: update Go to 1.17.5

Dependency Changes

• cloud.google.com/go/compute v1.2.0 new
• github.com/BurntSushi/toml v0.4.1 -> v1.0.0
• github.com/aws/aws-sdk-go v1.42.47 new
• github.com/containerd/cgroups v1.0.2 -> v1.0.3
• github.com/containerd/containerd v1.5.8 -> v1.6.0-rc.2
• github.com/docker/docker v20.10.11 -> v20.10.12
• github.com/google/go-cmp v0.5.6 -> v0.5.7
• github.com/google/nftables 16a134723a96 -> 91d3b4571db1
• github.com/hashicorp/go-getter v1.5.9 -> v1.5.11
• github.com/hashicorp/go-version v1.4.0 new
• github.com/insomniacslk/dhcp 5297eed8f489 -> 3c283ff8b7dd
• github.com/jsimonetti/rtnetlink fd9a11f42291 -> v1.1.0
• github.com/jxskiss/base62 v1.0.0 -> v1.1.0
• github.com/mdlayher/ethtool 288d040e9d60 -> 81c2608dd90e
• github.com/mdlayher/genetlink v1.0.0 -> v1.2.0
• github.com/mdlayher/netlink v1.4.2 -> v1.6.0
• github.com/opencontainers/image-spec v1.0.2 new
• github.com/packethost/packngo v0.20.0 -> v0.21.0
• github.com/pelletier/go-toml v1.9.4 new
• github.com/pmorjan/kmod v1.0.0 new
• github.com/rivo/tview 2a6de950f73b -> 1f7581b67bd1
• github.com/spf13/cobra v1.2.1 -> v1.3.0
• github.com/talos-systems/crypto v0.3.4 -> 510b0d2753a8
• github.com/talos-systems/extras v0.7.0-1-gd6b73a7 -> v0.8.0-alpha.0-2-g8f607fc
• github.com/talos-systems/go-blockdevice v0.2.5 -> 7b9de26bc6bc
• github.com/talos-systems/net v0.3.1 -> 409926aec1c3
• github.com/talos-systems/pkgs v0.9.0-1-g7a3419a -> v0.10.0-alpha.0-24-g6019223
• github.com/talos-systems/tools v0.9.0-1-gb1146f9 -> v0.10.0-alpha.0-3-g4c9e7a4
• github.com/u-root/u-root v7.0.0 -> v0.8.0
• github.com/vishvananda/netlink f5de75959ad5 -> 650dca95af54
• github.com/vmware-tanzu/sonobuoy v0.55.1 -> v0.56.0
• github.com/vmware/govmomi v0.27.2 -> v0.27.3
• go.etcd.io/etcd/api/v3 v3.5.1 -> v3.5.2
• go.etcd.io/etcd/client/pkg/v3 v3.5.1 -> v3.5.2
• go.etcd.io/etcd/client/v3 v3.5.1 -> v3.5.2
• go.etcd.io/etcd/etcdutl/v3 v3.5.1 -> v3.5.2
• go.uber.org/zap v1.19.1 -> v1.20.0
• golang.org/x/net 491a49abca63 -> cd36cc0744dd
• golang.org/x/sys 97ca703d548d -> 1c1b9b1eba6a
• golang.zx2c4.com/wireguard/wgctrl dd7407c86d22 -> daad0b7ba671
• google.golang.org/grpc v1.42.0 -> v1.44.0
• k8s.io/api v0.23.1 -> v0.23.3
• k8s.io/apimachinery v0.23.1 -> v0.23.3
• k8s.io/client-go v0.23.1 -> v0.23.3
• k8s.io/component-base v0.23.1 -> v0.23.3
• k8s.io/kubectl v0.23.1 -> v0.23.3
• k8s.io/kubelet v0.23.1 -> v0.23.3
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.61 -> v1.2.63

Previous release can be found at v0.14.0

Images

quay.io/coreos/flannel:v0.15.1
ghcr.io/talos-systems/install-cni:v0.8.0-alpha.0-2-g8f607fc
docker.io/coredns/coredns:1.8.7
gcr.io/etcd-development/etcd:v3.5.2
k8s.gcr.io/kube-apiserver:v1.23.3
k8s.gcr.io/kube-controller-manager:v1.23.3
k8s.gcr.io/kube-scheduler:v1.23.3
k8s.gcr.io/kube-proxy:v1.23.3
ghcr.io/talos-systems/kubelet:v1.23.3
ghcr.io/talos-systems/installer:v0.15.0-alpha.2
k8s.gcr.io/pause:3.2

Talos 0.15.0-alpha.1 (2022-01-24)

Welcome to the v0.15.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Apply Config Enhancements

talosctl apply/patch/edit cli commands got revamped.
Separate flags --on-reboot, --immediate, --interactive were replaced
with a single --mode flag that can take the following values:

• auto new mode that automatically applies the configuration in immediate/reboot mode.
• no-reboot force apply immediately, if not possible, then fail.
• reboot force reboot with apply config.
• staged write new machine configuration to STATE, but don't apply it (it will be applied after a reboot).
• interactive starts interactive installer, only for apply.

Machine Configuration

Talos now preserves machine configuration as it was submitted to the node.

Platform Support

Talos now supports Oracle Cloud.

Platform network configuration was rewritten to avoid modifying Talos machine configuration.
Network configuration is performed independent of the machine configuration presence, so it works
even if Talos is booted in maintenance mode (without machine configuration is platform userdata).

SBC Support

Talos now supports Jetson Nano SBC.

Component Updates

• Linux: 5.15.16
• containerd: 1.5.9
• CoreDNS: 1.8.7
• containerd: 1.6.0-rc.0
• runc: 1.1.0

Talos is built with Go 1.17.6

Wipe System Kernel Parameter

Added new kernel parameter talos.experimental.wipe=system which can help resetting system disk for the machine
and start over with a fresh installation.
See Resetting a Machine on how to use it.

Contributors

• Andrey Smirnov
• Noel Georgi
• Spencer Smith
• Artem Chernyshev
• Seán C McCord
• Steve Francis
• Serge Logvinov
• Andrew Rynhard
• Anthony Rabbito
• Eric Wohltman
• Niklas Metje
• Shahar Naveh

Changes

• talos-systems/talos@e7379c81b release(v0.15.0-alpha.1): prepare release
• talos-systems/talos@58eb3600f fix: enforce reasonable TLS min tls-min-version
• talos-systems/talos@b8d4c5dfa fix: use correct error in kernel_param_spec Modify call handling
• talos-systems/talos@4961d6867 docs: drop talos.interface kernel arg
• talos-systems/talos@b1e61fa5b chore: update Linux to 5.15.16
• talos-systems/talos@d4b844593 feat: support CRI configuration merging and reimplement registry config
• talos-systems/talos@f94c8c6e1 feat: update Kubernetes to 1.23.2
• talos-systems/talos@21f497b3e feat: install readonly overlay mounts during talos chroot sequence
• talos-systems/talos@9ad5a67d2 feat: inject platform network configuration as network resources
• talos-systems/talos@907f8cbfb docs: fix patch flag
• talos-systems/talos@caa434426 docs: add documentation on developing Talos
• talos-systems/talos@16eeb6776 docs: readme updates
• talos-systems/talos@3c0737027 chore: update release notes
• talos-systems/talos@6d8bea5d5 feat: jetson nano SoC
• talos-systems/talos@1d8955ebe feat: update CoreDNS to 1.8.7
• talos-systems/talos@6af83afd5 fix: handle multiple-IP cluster nodes
• talos-systems/talos@43b2d8137 chore: bump dependencies
• talos-systems/talos@529e80f4f docs: update home page and footer
• talos-systems/talos@37630e70c Update twitter link
• talos-systems/talos@af440919b fix: avoid panic in config loading/validation
• talos-systems/talos@4b8e9de59 docs: add guide on adding proprietary kernel modules
• talos-systems/talos@833dc4169 docs: rework vmware assets
• talos-systems/talos@2869b5eea feat: add oraclecloud.com platform support
• talos-systems/talos@f3ec24beb fix: vmware documentation typo
• talos-systems/talos@2f2bdb26a feat: replace flags with --mode in apply, edit and patch commands
• talos-systems/talos@b09be2a69 docs: update index.md and sync across versions
• talos-systems/talos@ca65b918a docs: add nocloud documentation
• talos-systems/talos@59437d6d8 fix: filter down nameservers for docker-based cluster create
• talos-systems/talos@194eaa6f2 chore: clean up /usr/bin from unneeded files
• talos-systems/talos@74e727240 docs: update office office
• talos-systems/talos@539af338c docs: update vmware docs
• talos-systems/talos@279a3fda7 feat: update Go to 1.17.6, containerd to 1.5.9
• talos-systems/talos@3d3088941 chore: bump Go dependencies
• talos-systems/talos@d02d944ec chore: provide umarshal from YAML methods for network resource specs
• talos-systems/talos@2e735714d fix: derive machine-id from node identity
• talos-systems/talos@d8a2721e1 test: update CAPI components to latest
• talos-systems/talos@7dff8a53e fix: ignore missing init.yaml for cluster create
• talos-systems/talos@f4516c7d8 chore: bump dependencies
• talos-systems/talos@944f13221 chore: fix release pipeline
• talos-systems/talos@cb548a368 release(v0.15.0-alpha.0): prepare release
• talos-systems/talos@da0b36e61 feat: introduce talos.exp.wipe kernel param to wipe system disk
• talos-systems/talos@c079eb32b refactor: use AWS SDK to access AWS metadata service
• talos-systems/talos@2f4b9d8d6 feat: make machine configuration read-only in Talos (almost)
• talos-systems/talos@524f83d3d feat: use official Go SDK to fetch GCP instance metadata
• talos-systems/talos@d2a7e082c test: retry in discovery tests
• talos-systems/talos@f4219e530 chore: remove unused methods in AWS platform
• talos-systems/talos@35bc2940e fix: kexec on RPI4
• talos-systems/talos@f235cfbae fix: multiple usability fixes
• talos-systems/talos@b3fbb2f31 test: don't build all images in the default CI pipeline
• talos-systems/talos@dac550a50 docs: fix troubleshooting guide
• talos-systems/talos@83e8bec6b feat: update Linux to 5.15.11
• talos-systems/talos@d5a82b37e feat: remove ApplyDynamicConfig
• talos-systems/talos@3623da136 feat: provide a way to load Linux kernel modules
• talos-systems/talos@4d1514add docs: update Mayastor deployment process
• talos-systems/talos@cff1ff6d5 feat: shell completion for list, read
• talos-systems/talos@19728437e feat: output IPs when etcd needs to be bootstrapped
• talos-systems/talos@c297d66a1 test: attempt number on two on proper retries in CLI time tests
• talos-systems/talos@dc299da9e docs: add arm64 option to talosctl download
• talos-systems/talos@f49f40a33 fix: pass path to conformance retrieve results
• talos-systems/talos@942c8074f docs: fork docs for 0.15
• talos-systems/talos@880a7782c docs: update documentation for 0.14.0 release
• talos-systems/talos@dc9a0cfe9 chore: bump Go dependencies
• talos-systems/talos@773496935 fix: config apply immediate
• talos-systems/talos@17c147488 test: retry talosctl time call in the tests
• talos-systems/talos@acf1ac0f1 feat: show human-readable aliases in talosctl get rd
• talos-systems/talos@5532867b0 refactor: rewrite the implementation of Processes API
• talos-systems/talos@80350861a feat: update Kubernetes to 1.23.1
• talos-systems/talos@4c96e936e docs: add cilium guide
• talos-systems/talos@e3f2acb5e refactor: rewrite the check for unknown keys in the machine configuration
• talos-systems/talos@4175396a8 refactor: use update go-blockdevice library with allocation fixes
• talos-systems/talos@b58f567a1 refactor: optimize Runtime config interface to avoid config marshaling
• talos-systems/talos@bb355c9ab chore: remove govalidator library
• talos-systems/talos@3af56bd2e test: update capi templates to v1beta1
• talos-systems/talos@936b4c4ce fix: update DHCP library with the panic fix
• talos-systems/talos@ab42886bf fix: allow kubelet to be started via the API
• talos-systems/talos@ec641f729 fix: use default time servers in time API if none are configured
• talos-systems/talos@79f213eec fix: cleanup affiliates
• talos-systems/talos@2dd0b5b68 chore: update Go to 1.17.5
• talos-systems/talos@97ffa7a64 feat: upgrade kubelet version in talosctl upgrade-k8s
• talos-systems/talos@5bc5123eb docs: document ip= kernel argument
• talos-systems/talos@8e1d0bfb5 feat: update Kubernetes to 1.23.0

Changes since v0.15.0-alpha.0

• talos-systems/talos@e7379c81b release(v0.15.0-alpha.1): prepare release
• talos-systems/talos@58eb3600f fix: enforce reasonable TLS min tls-min-version
• talos-systems/talos@b8d4c5dfa fix: use correct error in kernel_param_spec Modify call handling
• talos-systems/talos@4961d6867 docs: drop talos.interface kernel arg
• talos-systems/talos@b1e61fa5b chore: update Linux to 5.15.16
• talos-systems/talos@d4b844593 feat: support CRI configuration merging and reimplement registry config
• talos-systems/talos@f94c8c6e1 feat: update Kubernetes to 1.23.2
• talos-systems/talos@21f497b3e feat: install readonly overlay mounts during talos chroot sequence
• talos-systems/talos@9ad5a67d2 feat: inject platform network configuration as network resources
• talos-systems/talos@907f8cbfb docs: fix patch flag
• talos-systems/talos@caa434426 docs: add documentation on developing Talos
• talos-systems/talos@16eeb6776 docs: readme updates
• talos-systems/talos@3c0737027 chore: update release notes
• talos-systems/talos@6d8bea5d5 feat: jetson nano SoC
• talos-systems/talos@1d8955ebe feat: update CoreDNS to 1.8.7
• talos-systems/talos@6af83afd5 fix: handle multiple-IP cluster nodes
• talos-systems/talos@43b2d8137 chore: bump dependencies
• talos-systems/talos@529e80f4f docs: update home page and footer
• talos-systems/talos@37630e70c Update twitter link
• talos-systems/talos@af440919b fix: avoid panic in config loading/validation
• talos-systems/talos@4b8e9de59 docs: add guide on adding proprietary kernel modules
• talos-systems/talos@833dc4169 docs: rework vmware assets
• talos-systems/talos@2869b5eea feat: add oraclecloud.com platform support
• talos-systems/talos@f3ec24beb fix: vmware documentation typo
• talos-systems/talos@2f2bdb26a feat: replace flags with --mode in apply, edit and patch commands
• talos-systems/talos@b09be2a69 docs: update index.md and sync across versions
• talos-systems/talos@ca65b918a docs: add nocloud documentation
• talos-systems/talos@59437d6d8 fix: filter down nameservers for docker-based cluster create
• talos-systems/talos@194eaa6f2 chore: clean up /usr/bin from unneeded files
• talos-systems/talos@74e727240 docs: update office office
• talos-systems/talos@539af338c docs: update vmware docs
• talos-systems/talos@279a3fda7 feat: update Go to 1.17.6, containerd to 1.5.9
• talos-systems/talos@3d3088941 chore: bump Go dependencies
• talos-systems/talos@d02d944ec chore: provide umarshal from YAML methods for network resource specs
• talos-systems/talos@2e735714d fix: derive machine-id from node identity
• talos-systems/talos@d8a2721e1 test: update CAPI components to latest
• talos-systems/talos@7dff8a53e fix: ignore missing init.yaml for cluster create
• talos-systems/talos@f4516c7d8 chore: bump dependencies

Changes from talos-systems/crypto

• talos-systems/crypto@6fa2d93 fix: deepcopy nil fields as nil

Changes from talos-systems/extras

• talos-systems/extras@7c1f3cc feat: update Go to 1.17.6
• talos-systems/extras@495a5b2 feat: update Go to 1.17.5

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@6928ee4 refactor: rewrite GPT serialize/deserialize functions
• talos-systems/go-blockdevice@0c7e429 refactor: simplify middle endian functions

Changes from talos-systems/pkgs

• talos-systems/pkgs@c14eb99 feat: update Linux to 5.15.16
• talos-systems/pkgs@5d4d8d6 feat: bump containerd to 1.6.0-rc.0, runc to 1.1.0
• talos-systems/pkgs@5dd08a7 feat: jetson nano SoC
• talos-systems/pkgs@402b960 chore: bump u-boot to 2022.01
• talos-systems/pkgs@6ce1a40 feat: update Go to 1.17.6
• talos-systems/pkgs@08f2519 feat: update containerd to 1.5.9
• talos-systems/pkgs@fbb5c5c feat: add qlcnic drivers to kernel
• talos-systems/pkgs@0505e01 chore: fix =m kernel build options
• talos-systems/pkgs@54aa902 feat: enable amdgpu in kernel
• talos-systems/pkgs@2779c3f fix: kexec on rpi4
• talos-systems/pkgs@950361f feat: update Linux to 5.15.11
• talos-systems/pkgs@ad611bc feat: provide build instructions for NVIDIA kernel module
• talos-systems/pkgs@b22723d feat: update iPXE to the latest available version
• talos-systems/pkgs@a675c67 feat: update Go to 1.17.5

Changes from talos-systems/tools

• talos-systems/tools@67314b1 feat: update Go to 1.17.6
• talos-systems/tools@9c2b9df feat: update Go to 1.17.5

Dependency Changes

• cloud.google.com/go/compute v1.0.0 new
• github.com/BurntSushi/toml v0.4.1 -> v1.0.0
• github.com/aws/aws-sdk-go v1.42.35 new
• github.com/containerd/containerd v1.5.8 -> v1.6.0-rc.0
• github.com/containerd/containerd/api v1.6.0-beta.3 new
• github.com/docker/docker v20.10.11 -> v20.10.12
• github.com/google/nftables 16a134723a96 -> 6f19c4381e13
• github.com/hashicorp/go-getter v1.5.9 -> v1.5.11
• github.com/jsimonetti/rtnetlink fd9a11f42291 -> 9dff439f7e79
• github.com/jxskiss/base62 v1.0.0 -> v1.1.0
• github.com/mdlayher/ethtool 288d040e9d60 -> bc8fdcf6e99c
• github.com/mdlayher/genetlink v1.0.0 -> v1.1.0
• github.com/mdlayher/netlink v1.4.2 -> v1.5.0
• github.com/packethost/packngo v0.20.0 -> v0.21.0
• github.com/pelletier/go-toml v1.9.4 new
• github.com/pmorjan/kmod v1.0.0 new
• github.com/rivo/tview 2a6de950f73b -> 90d72bc664f5
• github.com/spf13/cobra v1.2.1 -> v1.3.0
• github.com/talos-systems/crypto v0.3.4 -> 6fa2d93d0382
• github.com/talos-systems/extras v0.7.0-1-gd6b73a7 -> v0.8.0-alpha.0-1-g7c1f3cc
• github.com/talos-systems/go-blockdevice v0.2.5 -> 6928ee43c303
• github.com/talos-systems/pkgs v0.9.0-1-g7a3419a -> v0.10.0-alpha.0-13-gc14eb99
• github.com/talos-systems/tools v0.9.0-1-gb1146f9 -> v0.10.0-alpha.0-1-g67314b1
• github.com/u-root/u-root v7.0.0 -> v0.8.0
• github.com/vishvananda/netlink f5de75959ad5 -> 650dca95af54
• go.uber.org/zap v1.19.1 -> v1.20.0
• golang.org/x/net 491a49abca63 -> 0dd24b26b47d
• golang.org/x/sys 97ca703d548d -> da31bd327af9
• golang.zx2c4.com/wireguard/wgctrl dd7407c86d22 -> daad0b7ba671
• google.golang.org/grpc v1.42.0 -> v1.43.0
• k8s.io/api v0.23.1 -> v0.23.2
• k8s.io/apimachinery v0.23.1 -> v0.23.2
• k8s.io/client-go v0.23.1 -> v0.23.2
• k8s.io/component-base v0.23.1 -> v0.23.2
• k8s.io/kubectl v0.23.1 -> v0.23.2
• k8s.io/kubelet v0.23.1 -> v0.23.2
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.61 -> v1.2.62

Previous release can be found at v0.14.0

Images

quay.io/coreos/flannel:v0.15.1
ghcr.io/talos-systems/install-cni:v0.8.0-alpha.0-1-g7c1f3cc
docker.io/coredns/coredns:1.8.7
gcr.io/etcd-development/etcd:v3.5.1
k8s.gcr.io/kube-apiserver:v1.23.2
k8s.gcr.io/kube-controller-manager:v1.23.2
k8s.gcr.io/kube-scheduler:v1.23.2
k8s.gcr.io/kube-proxy:v1.23.2
ghcr.io/talos-systems/kubelet:v1.23.2
ghcr.io/talos-systems/installer:v0.15.0-alpha.1
k8s.gcr.io/pause:3.2

Talos 0.14.1 (2022-01-21)

Welcome to the v0.14.1 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Component Updates

• Linux: 5.15.16
• CoreDNS: 1.8.7

Contributors

• Andrey Smirnov

Changes

• talos-systems/talos@7182bcf20 release(v0.14.1): prepare release
• talos-systems/talos@b6be476b4 feat: update CoreDNS to 1.8.7
• talos-systems/talos@ba39f682c test: attempt number on two on proper retries in CLI time tests
• talos-systems/talos@c1c5d9e8e fix: pass path to conformance retrieve results
• talos-systems/talos@4e2b32f98 chore: update Linux to 5.15.16

Changes from talos-systems/pkgs

• talos-systems/pkgs@447ce75 feat: update Linux to 5.15.16

Dependency Changes

• github.com/talos-systems/pkgs v0.9.0-1-g7a3419a -> v0.9.0-2-g447ce75

Previous release can be found at v0.14.0

Images

quay.io/coreos/flannel:v0.15.1
ghcr.io/talos-systems/install-cni:v0.7.0-1-gd6b73a7
docker.io/coredns/coredns:1.8.7
gcr.io/etcd-development/etcd:v3.5.1
k8s.gcr.io/kube-apiserver:v1.23.1
k8s.gcr.io/kube-controller-manager:v1.23.1
k8s.gcr.io/kube-scheduler:v1.23.1
k8s.gcr.io/kube-proxy:v1.23.1
ghcr.io/talos-systems/kubelet:v1.23.1
ghcr.io/talos-systems/installer:v0.14.1
k8s.gcr.io/pause:3.2

Talos 0.13.5 (2022-01-21)

Welcome to the v0.13.5 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Component Updates

• Linux: 5.10.93

Contributors

• Andrey Smirnov

Changes

• talos-systems/talos@2d541c64e release(v0.13.5): prepare release
• talos-systems/talos@8f8e2984e chore: update Linux to 5.10.93

Changes from talos-systems/pkgs

• talos-systems/pkgs@fad52ab feat: update Linux to 5.10.93

Dependency Changes

• github.com/talos-systems/pkgs v0.8.0 -> v0.8.0-1-gfad52ab

Previous release can be found at v0.13.4

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.6.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.22.3
k8s.gcr.io/kube-controller-manager:v1.22.3
k8s.gcr.io/kube-scheduler:v1.22.3
k8s.gcr.io/kube-proxy:v1.22.3
ghcr.io/talos-systems/kubelet:v1.22.3
ghcr.io/talos-systems/installer:v0.13.5
k8s.gcr.io/pause:3.2

Talos 0.15.0-alpha.0 (2021-12-30)

Welcome to the v0.15.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Machine Configuration

Talos now preserves machine configuration as it was submitted to the node.
There is some work still going on various cloud platforms to stop modifying machine configuration on the fly.

Component Updates

• Linux: 5.15.11

Wipe System Kernel Parameter

Added new kernel parameter talos.experimental.wipe=system which can help resetting system disk for the machine
and start over with a fresh installation.
See Resetting a Machine on how to use it.

Contributors

• Andrey Smirnov
• Noel Georgi
• Spencer Smith
• Artem Chernyshev
• Niklas Metje

Changes

• talos-systems/talos@944f13221 chore: fix release pipeline
• talos-systems/talos@cb548a368 release(v0.15.0-alpha.0): prepare release
• talos-systems/talos@da0b36e61 feat: introduce talos.exp.wipe kernel param to wipe system disk
• talos-systems/talos@c079eb32b refactor: use AWS SDK to access AWS metadata service
• talos-systems/talos@2f4b9d8d6 feat: make machine configuration read-only in Talos (almost)
• talos-systems/talos@524f83d3d feat: use official Go SDK to fetch GCP instance metadata
• talos-systems/talos@d2a7e082c test: retry in discovery tests
• talos-systems/talos@f4219e530 chore: remove unused methods in AWS platform
• talos-systems/talos@35bc2940e fix: kexec on RPI4
• talos-systems/talos@f235cfbae fix: multiple usability fixes
• talos-systems/talos@b3fbb2f31 test: don't build all images in the default CI pipeline
• talos-systems/talos@dac550a50 docs: fix troubleshooting guide
• talos-systems/talos@83e8bec6b feat: update Linux to 5.15.11
• talos-systems/talos@d5a82b37e feat: remove ApplyDynamicConfig
• talos-systems/talos@3623da136 feat: provide a way to load Linux kernel modules
• talos-systems/talos@4d1514add docs: update Mayastor deployment process
• talos-systems/talos@cff1ff6d5 feat: shell completion for list, read
• talos-systems/talos@19728437e feat: output IPs when etcd needs to be bootstrapped
• talos-systems/talos@c297d66a1 test: attempt number on two on proper retries in CLI time tests
• talos-systems/talos@dc299da9e docs: add arm64 option to talosctl download
• talos-systems/talos@f49f40a33 fix: pass path to conformance retrieve results
• talos-systems/talos@942c8074f docs: fork docs for 0.15
• talos-systems/talos@880a7782c docs: update documentation for 0.14.0 release
• talos-systems/talos@dc9a0cfe9 chore: bump Go dependencies
• talos-systems/talos@773496935 fix: config apply immediate
• talos-systems/talos@17c147488 test: retry talosctl time call in the tests
• talos-systems/talos@acf1ac0f1 feat: show human-readable aliases in talosctl get rd
• talos-systems/talos@5532867b0 refactor: rewrite the implementation of Processes API
• talos-systems/talos@80350861a feat: update Kubernetes to 1.23.1
• talos-systems/talos@4c96e936e docs: add cilium guide
• talos-systems/talos@e3f2acb5e refactor: rewrite the check for unknown keys in the machine configuration
• talos-systems/talos@4175396a8 refactor: use update go-blockdevice library with allocation fixes
• talos-systems/talos@b58f567a1 refactor: optimize Runtime config interface to avoid config marshaling
• talos-systems/talos@bb355c9ab chore: remove govalidator library
• talos-systems/talos@3af56bd2e test: update capi templates to v1beta1
• talos-systems/talos@936b4c4ce fix: update DHCP library with the panic fix
• talos-systems/talos@ab42886bf fix: allow kubelet to be started via the API
• talos-systems/talos@ec641f729 fix: use default time servers in time API if none are configured
• talos-systems/talos@79f213eec fix: cleanup affiliates
• talos-systems/talos@2dd0b5b68 chore: update Go to 1.17.5
• talos-systems/talos@97ffa7a64 feat: upgrade kubelet version in talosctl upgrade-k8s
• talos-systems/talos@5bc5123eb docs: document ip= kernel argument
• talos-systems/talos@8e1d0bfb5 feat: update Kubernetes to 1.23.0

Changes from talos-systems/crypto

• talos-systems/crypto@6fa2d93 fix: deepcopy nil fields as nil

Changes from talos-systems/extras

• talos-systems/extras@495a5b2 feat: update Go to 1.17.5

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@6928ee4 refactor: rewrite GPT serialize/deserialize functions
• talos-systems/go-blockdevice@0c7e429 refactor: simplify middle endian functions

Changes from talos-systems/pkgs

• talos-systems/pkgs@2779c3f fix: kexec on rpi4
• talos-systems/pkgs@950361f feat: update Linux to 5.15.11
• talos-systems/pkgs@ad611bc feat: provide build instructions for NVIDIA kernel module
• talos-systems/pkgs@b22723d feat: update iPXE to the latest available version
• talos-systems/pkgs@a675c67 feat: update Go to 1.17.5

Changes from talos-systems/tools

• talos-systems/tools@9c2b9df feat: update Go to 1.17.5

Dependency Changes

• cloud.google.com/go v0.99.0 new
• github.com/aws/aws-sdk-go v1.42.25 new
• github.com/docker/docker v20.10.11 -> v20.10.12
• github.com/google/nftables 16a134723a96 -> 6f19c4381e13
• github.com/jsimonetti/rtnetlink fd9a11f42291 -> 9dff439f7e79
• github.com/mdlayher/ethtool 288d040e9d60 -> bc8fdcf6e99c
• github.com/mdlayher/genetlink v1.0.0 -> v1.1.0
• github.com/mdlayher/netlink v1.4.2 -> v1.5.0
• github.com/pmorjan/kmod v1.0.0 new
• github.com/spf13/cobra v1.2.1 -> v1.3.0
• github.com/talos-systems/crypto v0.3.4 -> 6fa2d93d0382
• github.com/talos-systems/extras v0.7.0-1-gd6b73a7 -> v0.8.0-alpha.0
• github.com/talos-systems/go-blockdevice v0.2.5 -> 6928ee43c303
• github.com/talos-systems/pkgs v0.9.0-1-g7a3419a -> v0.10.0-alpha.0-4-g2779c3f
• github.com/talos-systems/tools v0.9.0-1-gb1146f9 -> v0.10.0-alpha.0
• golang.org/x/net 491a49abca63 -> fe4d6282115f
• golang.org/x/sys 97ca703d548d -> 1d35b9e2eb4e
• golang.zx2c4.com/wireguard/wgctrl dd7407c86d22 -> 7a385b3431de
• google.golang.org/grpc v1.42.0 -> v1.43.0
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.61 -> v1.2.62

Previous release can be found at v0.14.0

Images

quay.io/coreos/flannel:v0.15.1
ghcr.io/talos-systems/install-cni:v0.8.0-alpha.0
docker.io/coredns/coredns:1.8.6
gcr.io/etcd-development/etcd:v3.5.1
k8s.gcr.io/kube-apiserver:v1.23.1
k8s.gcr.io/kube-controller-manager:v1.23.1
k8s.gcr.io/kube-scheduler:v1.23.1
k8s.gcr.io/kube-proxy:v1.23.1
ghcr.io/talos-systems/kubelet:v1.23.1
ghcr.io/talos-systems/installer:v0.15.0-alpha.0
k8s.gcr.io/pause:3.2

Talos 0.14.0 (2021-12-21)

Welcome to the v0.14.0 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Kexec and capabilities

When kexec support is disabled
Talos no longer drops Linux capabilities (CAP_SYS_BOOT and CAP_SYS_MODULES) for child processes.
That is helpful for advanced use-cases like Docker-in-Docker.

If you want to permanently disable kexec and capabilities dropping, pass kexec_load_disabled=1 argument to the kernel.

For example:

install:
  extraKernelArgs:
    - sysctl.kernel.kexec_load_disabled=1

Please note that capabilities are dropped before machine configuration is loaded,
so disabling kexec via machine.sysctls will not be enough.

Cluster Discovery

Cluster Discovery is enabled by default for Talos 0.14.
Cluster Discovery can be disabled with talosctl gen config --with-cluster-discovery=false.

installer and imager images

Talos supports two target architectures: amd64 and arm64, so all Talos images are built for both amd64 and arm64.

New image imager was added which contains Talos assets for both architectures which allows to generate Talos disk images
cross-arch: e.g. generate Talos Raspberry PI disk image on amd64 machine.

As installer image is used only to do initial install and upgrades, it now contains Talos assets for a specific architecture.
This reduces size of the installer image leading to faster upgrades and less memory usage.

There are no user-visible changes except that now imager container image should be used to produce Talos disk images.

Kubelet

Kubelet configuration can be updated without node restart (.machine.kubelet section of machine configuration) with commands
talosctl edit mc --immediate, talosctl apply-config --immediate, talosctl patch mc --immediate.

Kubelet service can now be restarted with talosctl service kubelet restart.

Kubelet node IP configuration (.machine.kubelet.nodeIP.validSubnets) can now include negative subnet matches (prefixed with !).

Log Shipping

Talos can now ship system logs
to the configured destination using either JSON-over-UDP or JSON-over-TCP:
see .machine.logging machine configuration option.

NTP Sync

Talos NTP sync process was improved to align better with kernel time adjustment periods and to filter out spikes.

SideroLink

A set of Talos ehancements is going to unlock a number of exciting features in the upcoming release of Sidero:

• SideroLink: a point-to-point Wireguard tunnel connecting Talos node back to the provisioning platform (Sidero).
• event sink (kernel arg talos.event.sink=http://10.0.0.1:4000) delivers Talos internal events to the specified destination.
• kmsg log delivery (kernel arg talos.logging.kernel=tcp://10.0.0.1:4001) sends kernel logs as JSON lines over TCP or UDP.

talosctl support

talosctl CLI tool now has a new subcommand called support, that can gather all
cluster information that could help with future debugging in a single run.

Output of the command is a zip archive with all talos service logs, kubernetes pod logs and manifests,
talos resources manifests and so on.
Generated archive does not contain any secret information so it is safe to send it for analysis to a third party.

Component Updates

• Linux: 5.15.6
• etcd: 3.5.1
• containerd: 1.5.8
• runc: 1.0.3
• Kubernetes: 1.23.1
• CoreDNS: 1.8.6
• Flannel (default CNI): 0.15.1

Talos is built with Go 1.17.5

Kubernetes Upgrade Enhancements

talosctl upgrade-k8s was improved to:

• sync all boostrap manifest resources in the Kubernetes cluster with versions bundled with current version Talos
• upgrade kubelet to the version of the control plane components (without node reboot)

So there is no need to update CoreDNS, Flannel container manually after running upgrade-k8s anymore.

VLAN Enhancements

Talos now supports setting MTU and Virtual IPs on VLAN interfaces.

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Noel Georgi
• Serge Logvinov
• Nico Berlee
• Spencer Smith
• Alex Zero
• Andrew Rynhard
• Branden Cash
• David Haines
• Gerard de Leeuw
• Michael Fornaro
• Rohit Dandamudi
• Rui Lopes
• Seán C McCord

Changes

• talos-systems/talos@675dee0e7 release(v0.14.0): prepare release
• talos-systems/talos@79cf214b7 test: retry talosctl time call in the tests
• talos-systems/talos@b79948f9a feat: show human-readable aliases in talosctl get rd
• talos-systems/talos@ccf468ea2 feat: update Kubernetes to 1.23.1
• talos-systems/talos@5bf3a1519 fix: update DHCP library with the panic fix
• talos-systems/talos@bc8983b93 release(v0.14.0-beta.1): prepare release
• talos-systems/talos@02796f889 fix: allow kubelet to be started via the API
• talos-systems/talos@e69eacae1 fix: use default time servers in time API if none are configured
• talos-systems/talos@c60e153a1 fix: cleanup affiliates
• talos-systems/talos@301f9e4e0 feat: update Kubernetes to 1.23.0
• talos-systems/talos@fe2e953af feat: upgrade kubelet version in talosctl upgrade-k8s
• talos-systems/talos@4daff7895 chore: update Go to 1.17.5
• talos-systems/talos@35cb34bd5 release(v0.14.0-beta.0): prepare release
• talos-systems/talos@1d6f140d7 fix: make apply-config work reliably in any Talos state
• talos-systems/talos@a5a6c720e chore: remove boot-{arch}.tar.gz artifact
• talos-systems/talos@fc5ec5007 fix: relax validation for wireguard endpoints
• talos-systems/talos@cdbd5cff4 docs: vlan VIP
• talos-systems/talos@149ffa977 fix: increase boot and etcd join timeouts
• talos-systems/talos@dc9db2141 feat: autocomplete nodes, context and resource definitions
• talos-systems/talos@b4b3e2133 chore: bump tools/pkgs/extra to final released versions
• talos-systems/talos@d225cf91e fix: tmpfs default permissions
• talos-systems/talos@8f3e1a4ad fix: drop unpacked layers from containerd image store
• talos-systems/talos@1fc43619d docs: improve clarity for users
• talos-systems/talos@36c9a65ac feat: update deps and Kubernetes to 1.23.0-rc.1
• talos-systems/talos@64a4f6e77 test: bump Talos versions in upgrade tests
• talos-systems/talos@d2ebda78c feat: update runc to 1.0.3
• talos-systems/talos@adf05072a chore: drop unused package
• talos-systems/talos@961d1567d chore: update Go to 1.17.4
• talos-systems/talos@d2fd7c217 feat: make kubelet service apply changes immediately
• talos-systems/talos@4f5d9da92 feat: allow overriding KSPP kernel parameters
• talos-systems/talos@6377f3df7 test: uplift capi versions and templates
• talos-systems/talos@2a0da0624 feat: split installer and imager images
• talos-systems/talos@1a13aaa23 feat: update Linux to 5.15.6
• talos-systems/talos@73293bc2a feat: can disable controlmanager and scheduler
• talos-systems/talos@7f9922296 feat: add powercycle mode in reboot
• talos-systems/talos@bc69f6ec8 feat: vip for VLANs
• talos-systems/talos@99338e5ff feat: update Flannel to 0.15.1
• talos-systems/talos@8370dde1f docs: fix typos
• talos-systems/talos@a5646db29 feat: support MTU for VLAN's
• talos-systems/talos@4aad0ebf9 docs: expand logging documentation
• talos-systems/talos@400225c88 docs: fix GCP docs
• talos-systems/talos@f7c87d1d9 release(v0.14.0-alpha.2): prepare release
• talos-systems/talos@e9f4b7b20 feat: update Linux to 5.15.5
• talos-systems/talos@4d0a75a3f docs: add documentation about logging
• talos-systems/talos@8d1cbeef9 chore: add API breaking changes detector
• talos-systems/talos@ed7fb9db1 feat: move kubelet proccesses to /podruntime cgroup
• talos-systems/talos@2cd3f9be1 feat: filter out SideroLink addresses by default
• talos-systems/talos@0f169bf9b chore: add API deprecations mechanism
• talos-systems/talos@eaf6d4720 refactor: use random port listener in kernel log delivery tests
• talos-systems/talos@bf4c81e7d feat: kernel log (kmsg) delivery controller
• talos-systems/talos@f3149780e feat: update Kubernetes to 1.23.0-rc.0
• talos-systems/talos@b824909d6 fix: disable kexec on RPi4
• talos-systems/talos@3257751bc fix: initialize Drainer properly
• talos-systems/talos@e4bc68bf0 fix: leave only a single IPv4/IPv6 address as kubelet's node IP
• talos-systems/talos@e6d007418 feat: update pkgs - Linux 5.15.4, LibreSSL 3.2.7
• talos-systems/talos@d5cbc3640 feat: add GCP ccm
• talos-systems/talos@7433150fd feat: implement events sink controller
• talos-systems/talos@b4a406ae7 test: pin cluster API templates version to tag v1alpha4
• talos-systems/talos@9427e78dc fix: catch panics in network operator runs
• talos-systems/talos@d1f55f901 fix: update blockdevice library to properly handle absent GPT
• talos-systems/talos@5ac64b2d9 chore: set version in unit-tests
• talos-systems/talos@20d39c0b4 chore: format .proto files
• talos-systems/talos@852bf4a7d feat: talosctl fish completion support
• talos-systems/talos@6bb75150a fix: allow add_key and request_key in kubelet seccomp profile
• talos-systems/talos@6487b21fe feat: update pkgs for u-boot, containerd, etc
• talos-systems/talos@f7d1e7776 feat: provide SideroLink client implementation
• talos-systems/talos@58892cd69 fix: unblock events watch on context cancel
• talos-systems/talos@caa76be2c fix: containerd failed to load plugin
• talos-systems/talos@1ffa8e048 feat: add ULA prefix for SideroLink
• talos-systems/talos@c6a67b866 fix: ignore not existing nodes on cordoning
• talos-systems/talos@f73025257 feat: add new event types
• talos-systems/talos@7c9b082f7 feat: update Kubernetes to 1.23.0-beta.0
• talos-systems/talos@750e31c4a fix: ignore EBUSY from kexec_file_load
• talos-systems/talos@2d11b5955 fix: ignore virtual IP as kubelet node IPs
• talos-systems/talos@030fd349b fix: don't run kexec prepare on shutdown and reset
• talos-systems/talos@6dcce20e6 test: set proper pod CIDR for Cilium tests
• talos-systems/talos@695300dac release(v0.14.0-alpha.1): prepare release
• talos-systems/talos@753a82188 refactor: move pkg/resources to machinery
• talos-systems/talos@0102a64a5 refactor: remove pkg/resources dependencies on wgtypes, netx
• talos-systems/talos@7462733bc chore: update golangci-lint
• talos-systems/talos@032c99a03 refactor: remove pkg/resources dependencies on k8s and base62
• talos-systems/talos@4a5cff45f perf: raspberry PIs clockspeed as fast as firmware allows
• talos-systems/talos@a76f6d69d feat: allow kubelet to be restarted and provide negative nodeIP subnets
• talos-systems/talos@189221d58 chore: update dependencies
• talos-systems/talos@41f0aecc1 docs: update partition info
• talos-systems/talos@95105071d chore: fix simple issues found by golangci-lint
• talos-systems/talos@d4b0ca21a test: retry upgrade mutex lock failures
• talos-systems/talos@4357e9a84 docs: add Talos partions info
• talos-systems/talos@8e8687d75 fix: use temporary sonobuoy version
• talos-systems/talos@e4e8e8737 test: disable e2e-misc test with Canal CNI
• talos-systems/talos@897da2f6e docs: common typos
• talos-systems/talos@a50483ddd feat: update Linux to 5.15.1
• talos-systems/talos@a2233bfe4 fix: improve NTP sync process
• talos-systems/talos@7efc1238e fix: parse partition size correctly
• talos-systems/talos@d6147eb17 chore: update sonobuoy
• talos-systems/talos@efbae7857 fix: use etc folder for du cli tests
• talos-systems/talos@198eea51a fix: wait for follow reader to start before writing to the file
• talos-systems/talos@e7f715eb0 chore: log KubeSpan IPs overlaps
• talos-systems/talos@82a1ad168 chore: bump dependencies
• talos-systems/talos@e8fccbf53 fix: clear time adjustment error when setting time to specific value
• talos-systems/talos@e6f90bb41 chore: remove unused parameters
• talos-systems/talos@785161d19 feat: update k8s to 1.23.0-alpha.4
• talos-systems/talos@fe228d7c8 fix: do not use yaml.v2 in the support cmd
• talos-systems/talos@9b48ca217 fix: endpoints and nodes in generated talosconfig
• talos-systems/talos@6e16fd2fe chore: update tools, pkgs, and extras
• talos-systems/talos@261c497c7 feat: implement talosctl support command
• talos-systems/talos@fc7dc4548 chore: check our API idiosyncrasies
• talos-systems/talos@b15844298 feat: use GCP deployment manager
• talos-systems/talos@3e7d4df99 chore: bump dependencies
• talos-systems/talos@88f242295 refactor: get rid of prometheus/procfs dependency in pkg/resources
• talos-systems/talos@dd196d300 refactor: prepare for move of pkg/resources to machinery
• talos-systems/talos@f6110f803 fix: remove listening socket to fix Talos in a container restart
• talos-systems/talos@53bbb13ed docs: update docs with emmc boot guide
• talos-systems/talos@8329d2111 chore: split polymorphic RootSecret resource into specific types
• talos-systems/talos@c97becdd9 chore: remove interfaces and routes APIs
• talos-systems/talos@d798635d9 feat: automatically limit kubelet node IP family based on service CIDRs
• talos-systems/talos@205a8d6dc chore: make nethelpers build on all OSes
• talos-systems/talos@5b5dd49f6 feat: extract JSON fields from more log messages
• talos-systems/talos@eb4f11822 docs: create cluster in hetzner cloud
• talos-systems/talos@728164e25 docs: fix kexec_load_disabled param name in release notes
• talos-systems/talos@f6328f09a fix: fix filename typo
• talos-systems/talos@01b0f0abb release(v0.14.0-alpha.0): prepare release
• talos-systems/talos@8b6206537 fix: skip generating empty .machine.logging
• talos-systems/talos@60ad00636 fix: don't drop ability to use ambient capabilities
• talos-systems/talos@b6b78e7fe test: add cluster discovery integration tests
• talos-systems/talos@97d64d160 fix: hcloud network config changes
• talos-systems/talos@4c76865d0 feat: multiple logging improvements
• talos-systems/talos@1d1e1df64 fix: handle skipped mounts correctly
• talos-systems/talos@0a964d921 test: fix openstack unit-test stability
• talos-systems/talos@72f62ac27 chore: bump Go and Docker dependencies
• talos-systems/talos@9c48ebe8f fix: gcp fetching externalIP
• talos-systems/talos@6c297268c test: fix e2e k8s version
• talos-systems/talos@ae5af9d3f feat: update Kubernetes to 1.23.0-alpha.3
• talos-systems/talos@28d3a69e9 feat: openstack config-drive support
• talos-systems/talos@2258bc491 test: update GCP e2e script to work with new templates
• talos-systems/talos@36b6ace25 feat: update Linux to 5.10.75
• talos-systems/talos@38516a549 test: update Talos versions in upgrade tests
• talos-systems/talos@cff20ec78 fix: change services OOM score
• talos-systems/talos@666a2b620 feat: azure platform ipv6 support
• talos-systems/talos@d32814e30 feat: extract JSON fields from log lines
• talos-systems/talos@e77d81fff fix: treat literal 'unknown' as a valid machine type
• talos-systems/talos@c8e404e35 test: update vars for AWS cluster
• talos-systems/talos@ad23891b1 feat: update CoreDNS version 1.8.6
• talos-systems/talos@41299cae9 feat: udev rules support
• talos-systems/talos@5237fdc95 feat: send JSON logs over UDP
• talos-systems/talos@6d44587a4 feat: coredns service dualstack
• talos-systems/talos@12f7888b7 feat: feed control plane endpoints on workers from cluster discovery
• talos-systems/talos@431e4fb4b chore: bump Go and Docker dependencies
• talos-systems/talos@89f3b9f8d feat: update etcd to 3.5.1
• talos-systems/talos@e60469a38 feat: initial support for JSON logging
• talos-systems/talos@68c420e3c feat: enable cluster discovery by default
• talos-systems/talos@3e100aa97 test: workaround EventsWatch test flakiness
• talos-systems/talos@9bd4838ac chore: stop using sonobuoy CLI
• talos-systems/talos@6ad459519 docs: fix field names for bonding configuration
• talos-systems/talos@d7a3b7b5b chore: use discovery-client and discovery-api modules
• talos-systems/talos@d6309eed6 docs: create docs for Talos 0.14
• talos-systems/talos@c0fda6436 fix: attempt to clean up tasks in containerd runner
• talos-systems/talos@8cf442daa chore: bump tools, pkgs, extras
• talos-systems/talos@0dad5f4d7 chore: small cleanup
• talos-systems/talos@e3e2113ad feat: upgrade CoreDNS during upgrade-k8s call
• talos-systems/talos@d92c98e19 docs: fix discovery service documentation link
• talos-systems/talos@e44b11c59 feat: update containerd to 1.5.7, bump Go dependencies
• talos-systems/talos@24129307a docs: make Talos 0.13 docs latest, update documentation
• talos-systems/talos@31b6e39e5 fix: delete expired affiliates from the discovery service
• talos-systems/talos@877a2b6fc test: bump CAPI components to v1alpha4
• talos-systems/talos@2ba0e0ac4 docs: add KubeSpan documentation
• talos-systems/talos@997873b6d fix: use ECDSA-SHA512 when generating certs for Talos < 0.13
• talos-systems/talos@7137166d1 fix: allow overriding audit-policy-file in kube-apiserver static pod
• talos-systems/talos@8fcd42196 chore: fix integration-qemu-race
• talos-systems/talos@91a858b53 fix: sort output of the argument builder
• talos-systems/talos@657f7a56b fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs
• talos-systems/talos@983d2459e feat: suppress logging NTP sync to the console
• talos-systems/talos@022c7335f fix: add interface route if DHCP4 router is not directly routeable
• talos-systems/talos@66a1579ea fix: don't enable 'no new privs' on the system level
• talos-systems/talos@423861cf9 feat: don't drop capabilities if kexec is disabled
• talos-systems/talos@facc8c38a docs: fix documentation for cluster discovery
• talos-systems/talos@ce65ca4e4 chore: build using only amd64 builders
• talos-systems/talos@e9b0f010d chore: update docker image in the pipeline

Changes since v0.14.0-beta.1

• talos-systems/talos@675dee0e7 release(v0.14.0): prepare release
• talos-systems/talos@79cf214b7 test: retry talosctl time call in the tests
• talos-systems/talos@b79948f9a feat: show human-readable aliases in talosctl get rd
• talos-systems/talos@ccf468ea2 feat: update Kubernetes to 1.23.1
• talos-systems/talos@5bf3a1519 fix: update DHCP library with the panic fix

Changes from talos-systems/discovery-api

• talos-systems/discovery-api@db279ef feat: initial set of APIs and generated files
• talos-systems/discovery-api@ac52a37 chore: initial commit

Changes from talos-systems/discovery-client

• talos-systems/discovery-client@a9a5e9b feat: initial client code
• talos-systems/discovery-client@98eb999 chore: initial commit

Changes from talos-systems/extras

• talos-systems/extras@d6b73a7 feat: update Go to 1.17.5
• talos-systems/extras@bc66403 chore: update pkgs and tools to 0.9.0
• talos-systems/extras@d5ffdd8 feat: update Go to 1.17.4
• talos-systems/extras@50fc401 feat: include flannel CNI plugin into install-cni package
• talos-systems/extras@2bb2efc chore: update pkgs and tools
• talos-systems/extras@d6e8b3a chore: update pkgs and tools

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@15b182d fix: return partition table not exist when trying to read an empty dev
• talos-systems/go-blockdevice@b9517d5 fix: resize partition

Changes from talos-systems/go-smbios

• talos-systems/go-smbios@fd5ec8c fix: remove useless (?) goroutines leading to data race error

Changes from talos-systems/net

• talos-systems/net@b4b7181 feat: add a way to filter list of IPs for the machine
• talos-systems/net@0abe5bd feat: implement FilterIPs function

Changes from talos-systems/pkgs

• talos-systems/pkgs@7a3419a feat: update Go to 1.17.5
• talos-systems/pkgs@4534074 feat: update tools to 0.9.0
• talos-systems/pkgs@4112eed feat: update runc to 1.0.3
• talos-systems/pkgs@49f3c17 feat: enable additional support for RPi hardware
• talos-systems/pkgs@7c066d0 feat: update Go to 1.17.4
• talos-systems/pkgs@4b55a29 feat: update Linux to 5.15.6
• talos-systems/pkgs@80a5f97 feat: update CNI to 1.0.1, separate package for flannel
• talos-systems/pkgs@422276d feat: update Linux to 5.15.5
• talos-systems/pkgs@d385e24 chore: update LibreSSL to 3.2.7
• talos-systems/pkgs@39a3b76 feat: update Linux to 5.15.4
• talos-systems/pkgs@ca30b50 feat: update u-boot to 2021.10
• talos-systems/pkgs@cea93f1 chore: add conformance
• talos-systems/pkgs@79d16b8 feat: update containerd to 1.5.8
• talos-systems/pkgs@1c76107 feat: add mdraid 1/0/10
• talos-systems/pkgs@740da24 feat: bump raspberrypi-firmware to 1.20211029
• talos-systems/pkgs@832dae4 fix: enable CONFIG_DM_SNAPSHOT
• talos-systems/pkgs@f307e64 feat: update Linux to 5.15.1
• talos-systems/pkgs@4f0f238 chore: update tools
• talos-systems/pkgs@932c3cf feat: update libseccomp to 2.5.3
• talos-systems/pkgs@7f3311e feat: update cpu governor to schedutil
• talos-systems/pkgs@b4cdb99 fix: update containerd shas
• talos-systems/pkgs@80a63d4 feat: update Linux to 5.10.75
• talos-systems/pkgs@5c98efd feat: add QLogic QED 25/40/100Gb Ethernet NIC driver
• talos-systems/pkgs@bfb2365 feat: enable driver for SuperMicro raid controller
• talos-systems/pkgs@657e16b feat: enable Intel VMD driver
• talos-systems/pkgs@f7d9d72 feat: enable smarpqi driver and related options
• talos-systems/pkgs@bca3be0 feat: enable aqtion device driver
• talos-systems/pkgs@b88127a chore: update tools
• talos-systems/pkgs@971735f feat: update containerd to 1.5.7

Changes from talos-systems/siderolink

• talos-systems/siderolink@d0612a7 refactor: pass in listener to the log receiver
• talos-systems/siderolink@d86cdd5 feat: implement logreceiver for kernel logs
• talos-systems/siderolink@f7cadbc fix: handle duplicate peer updates
• talos-systems/siderolink@0755b24 feat: initial implementation of SideroLink
• talos-systems/siderolink@ee73ea9 feat: add Talos events sink proto files and the reference implementation
• talos-systems/siderolink@1e2cd9d Initial commit

Changes from talos-systems/tools

• talos-systems/tools@b1146f9 feat: update Go to 1.17.5
• talos-systems/tools@86ce921 chore: bump toolchain to the final 0.4.0 version
• talos-systems/tools@cc8426b feat: update Go to 1.17.4
• talos-systems/tools@aacbc5b feat: update toolchain with Linux headers 5.15
• talos-systems/tools@96e0231 feat: update squashfs-tools to 4.5
• talos-systems/tools@2c9c826 feat: update libseccomp to 2.5.3
• talos-systems/tools@f713a7c feat: update protobuf to 3.19.1, grpc-go to 1.42.0
• talos-systems/tools@972c5ef feat: update Go to 1.17.3
• talos-systems/tools@f63848c feat: update PCRE version and source host
• talos-systems/tools@fab7532 feat: update Go to 1.17.2

Dependency Changes

• github.com/AlekSi/pointer v1.1.0 -> v1.2.0
• github.com/cenkalti/backoff/v4 v4.1.2 new
• github.com/containerd/cgroups v1.0.1 -> v1.0.2
• github.com/containerd/containerd v1.5.5 -> v1.5.8
• github.com/cosi-project/runtime 5cb7f5002d77 -> 264f8fcd1a4f
• github.com/docker/docker v20.10.8 -> v20.10.11
• github.com/evanphx/json-patch v4.11.0 -> v5.6.0
• github.com/gosuri/uiprogress v0.0.1 new
• github.com/hashicorp/go-getter v1.5.8 -> v1.5.9
• github.com/hetznercloud/hcloud-go v1.32.0 -> v1.33.1
• github.com/insomniacslk/dhcp b95caade3eac -> 5297eed8f489
• github.com/jsimonetti/rtnetlink 435639c8e6a8 -> fd9a11f42291
• github.com/jxskiss/base62 4f11678b909b -> v1.0.0
• github.com/mdlayher/ethtool 2b88debcdd43 -> 288d040e9d60
• github.com/mdlayher/netlink v1.4.1 -> v1.4.2
• github.com/packethost/packngo v0.19.1 -> v0.20.0
• github.com/rivo/tview ee97a7ab3975 -> 2a6de950f73b
• github.com/talos-systems/discovery-api v0.1.0 new
• github.com/talos-systems/discovery-client v0.1.0 new
• github.com/talos-systems/extras v0.6.0 -> v0.7.0-1-gd6b73a7
• github.com/talos-systems/go-blockdevice v0.2.4 -> v0.2.5
• github.com/talos-systems/go-smbios v0.1.0 -> v0.1.1
• github.com/talos-systems/net v0.3.0 -> v0.3.1
• github.com/talos-systems/pkgs v0.8.0 -> v0.9.0-1-g7a3419a
• github.com/talos-systems/siderolink v0.1.0 new
• github.com/talos-systems/tools v0.8.0 -> v0.9.0-1-gb1146f9
• github.com/vmware-tanzu/sonobuoy v0.53.2 -> v0.55.1
• github.com/vmware/govmomi v0.26.1 -> v0.27.2
• github.com/vmware/vmw-guestinfo 687661b8bd8e -> cc1fd90d572c
• go.etcd.io/etcd/api/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/client/pkg/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/client/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/etcdutl/v3 v3.5.0 -> v3.5.1
• go.uber.org/atomic v1.9.0 new
• golang.org/x/net 3ad01bbaa167 -> 491a49abca63
• golang.org/x/sys 39ccf1dd6fa6 -> 97ca703d548d
• golang.org/x/term 140adaaadfaf -> 03fcf44c2211
• golang.org/x/time 1f47c861a9ac -> f0f3c7e86c11
• golang.zx2c4.com/wireguard/wgctrl 0a2f4901cba6 -> dd7407c86d22
• google.golang.org/grpc v1.41.0 -> v1.42.0
• inet.af/netaddr 85fa6c94624e -> c74959edd3b6
• k8s.io/api v0.22.2 -> v0.23.1
• k8s.io/apimachinery v0.22.2 -> v0.23.1
• k8s.io/client-go v0.22.2 -> v0.23.1
• k8s.io/component-base v0.23.1 new
• k8s.io/cri-api v0.22.2 -> v0.23.1
• k8s.io/kubectl v0.22.2 -> v0.23.1
• k8s.io/kubelet v0.22.2 -> v0.23.1
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 -> v1.2.61
• sigs.k8s.io/yaml v1.3.0 new

Previous release can be found at v0.13.0

Images

quay.io/coreos/flannel:v0.15.1
ghcr.io/talos-systems/install-cni:v0.7.0-1-gd6b73a7
docker.io/coredns/coredns:1.8.6
gcr.io/etcd-development/etcd:v3.5.1
k8s.gcr.io/kube-apiserver:v1.23.1
k8s.gcr.io/kube-controller-manager:v1.23.1
k8s.gcr.io/kube-scheduler:v1.23.1
k8s.gcr.io/kube-proxy:v1.23.1
ghcr.io/talos-systems/kubelet:v1.23.1
ghcr.io/talos-systems/installer:v0.14.0
k8s.gcr.io/pause:3.2

Talos 0.14.0-beta.1 (2021-12-13)

Welcome to the v0.14.0-beta.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Kexec and capabilities

When kexec support is disabled
Talos no longer drops Linux capabilities (CAP_SYS_BOOT and CAP_SYS_MODULES) for child processes.
That is helpful for advanced use-cases like Docker-in-Docker.

If you want to permanently disable kexec and capabilities dropping, pass kexec_load_disabled=1 argument to the kernel.

For example:

install:
  extraKernelArgs:
    - sysctl.kernel.kexec_load_disabled=1

Please note that capabilities are dropped before machine configuration is loaded,
so disabling kexec via machine.sysctls will not be enough.

Cluster Discovery

Cluster Discovery is enabled by default for Talos 0.14.
Cluster Discovery can be disabled with talosctl gen config --with-cluster-discovery=false.

installer and imager images

Talos supports two target architectures: amd64 and arm64, so all Talos images are built for both amd64 and arm64.

New image imager was added which contains Talos assets for both architectures which allows to generate Talos disk images
cross-arch: e.g. generate Talos Raspberry PI disk image on amd64 machine.

As installer image is used only to do initial install and upgrades, it now contains Talos assets for a specific architecture.
This reduces size of the installer image leading to faster upgrades and less memory usage.

There are no user-visible changes except that now imager container image should be used to produce Talos disk images.

Kubelet

Kubelet configuration can be updated without node restart (.machine.kubelet section of machine configuration) with commands
talosctl edit mc --immediate, talosctl apply-config --immediate, talosctl patch mc --immediate.

Kubelet service can now be restarted with talosctl service kubelet restart.

Kubelet node IP configuration (.machine.kubelet.nodeIP.validSubnets) can now include negative subnet matches (prefixed with !).

Log Shipping

Talos can now ship system logs
to the configured destination using either JSON-over-UDP or JSON-over-TCP:
see .machine.logging machine configuration option.

NTP Sync

Talos NTP sync process was improved to align better with kernel time adjustment periods and to filter out spikes.

SideroLink

A set of Talos ehancements is going to unlock a number of exciting features in the upcoming release of Sidero:

• SideroLink: a point-to-point Wireguard tunnel connecting Talos node back to the provisioning platform (Sidero).
• event sink (kernel arg talos.event.sink=http://10.0.0.1:4000) delivers Talos internal events to the specified destination.
• kmsg log delivery (kernel arg talos.logging.kernel=tcp://10.0.0.1:4001) sends kernel logs as JSON lines over TCP or UDP.

talosctl support

talosctl CLI tool now has a new subcommand called support, that can gather all
cluster information that could help with future debugging in a single run.

Output of the command is a zip archive with all talos service logs, kubernetes pod logs and manifests,
talos resources manifests and so on.
Generated archive does not contain any secret information so it is safe to send it for analysis to a third party.

Component Updates

• Linux: 5.15.6
• etcd: 3.5.1
• containerd: 1.5.8
• runc: 1.0.3
• Kubernetes: 1.23.0
• CoreDNS: 1.8.6
• Flannel (default CNI): 0.15.1

Talos is built with Go 1.17.5

Kubernetes Upgrade Enhancements

talosctl upgrade-k8s was improved to:

• sync all boostrap manifest resources in the Kubernetes cluster with versions bundled with current version Talos
• upgrade kubelet to the version of the control plane components (without node reboot)

So there is no need to update CoreDNS, Flannel container manually after running upgrade-k8s anymore.

VLAN Enhancements

Talos now supports setting MTU and Virtual IPs on VLAN interfaces.

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Noel Georgi
• Serge Logvinov
• Nico Berlee
• Spencer Smith
• Alex Zero
• Andrew Rynhard
• Branden Cash
• David Haines
• Gerard de Leeuw
• Michael Fornaro
• Rohit Dandamudi
• Rui Lopes
• Seán C McCord

Changes

• talos-systems/talos@bc8983b93 release(v0.14.0-beta.1): prepare release
• talos-systems/talos@02796f889 fix: allow kubelet to be started via the API
• talos-systems/talos@e69eacae1 fix: use default time servers in time API if none are configured
• talos-systems/talos@c60e153a1 fix: cleanup affiliates
• talos-systems/talos@301f9e4e0 feat: update Kubernetes to 1.23.0
• talos-systems/talos@fe2e953af feat: upgrade kubelet version in talosctl upgrade-k8s
• talos-systems/talos@4daff7895 chore: update Go to 1.17.5
• talos-systems/talos@35cb34bd5 release(v0.14.0-beta.0): prepare release
• talos-systems/talos@1d6f140d7 fix: make apply-config work reliably in any Talos state
• talos-systems/talos@a5a6c720e chore: remove boot-{arch}.tar.gz artifact
• talos-systems/talos@fc5ec5007 fix: relax validation for wireguard endpoints
• talos-systems/talos@cdbd5cff4 docs: vlan VIP
• talos-systems/talos@149ffa977 fix: increase boot and etcd join timeouts
• talos-systems/talos@dc9db2141 feat: autocomplete nodes, context and resource definitions
• talos-systems/talos@b4b3e2133 chore: bump tools/pkgs/extra to final released versions
• talos-systems/talos@d225cf91e fix: tmpfs default permissions
• talos-systems/talos@8f3e1a4ad fix: drop unpacked layers from containerd image store
• talos-systems/talos@1fc43619d docs: improve clarity for users
• talos-systems/talos@36c9a65ac feat: update deps and Kubernetes to 1.23.0-rc.1
• talos-systems/talos@64a4f6e77 test: bump Talos versions in upgrade tests
• talos-systems/talos@d2ebda78c feat: update runc to 1.0.3
• talos-systems/talos@adf05072a chore: drop unused package
• talos-systems/talos@961d1567d chore: update Go to 1.17.4
• talos-systems/talos@d2fd7c217 feat: make kubelet service apply changes immediately
• talos-systems/talos@4f5d9da92 feat: allow overriding KSPP kernel parameters
• talos-systems/talos@6377f3df7 test: uplift capi versions and templates
• talos-systems/talos@2a0da0624 feat: split installer and imager images
• talos-systems/talos@1a13aaa23 feat: update Linux to 5.15.6
• talos-systems/talos@73293bc2a feat: can disable controlmanager and scheduler
• talos-systems/talos@7f9922296 feat: add powercycle mode in reboot
• talos-systems/talos@bc69f6ec8 feat: vip for VLANs
• talos-systems/talos@99338e5ff feat: update Flannel to 0.15.1
• talos-systems/talos@8370dde1f docs: fix typos
• talos-systems/talos@a5646db29 feat: support MTU for VLAN's
• talos-systems/talos@4aad0ebf9 docs: expand logging documentation
• talos-systems/talos@400225c88 docs: fix GCP docs
• talos-systems/talos@f7c87d1d9 release(v0.14.0-alpha.2): prepare release
• talos-systems/talos@e9f4b7b20 feat: update Linux to 5.15.5
• talos-systems/talos@4d0a75a3f docs: add documentation about logging
• talos-systems/talos@8d1cbeef9 chore: add API breaking changes detector
• talos-systems/talos@ed7fb9db1 feat: move kubelet proccesses to /podruntime cgroup
• talos-systems/talos@2cd3f9be1 feat: filter out SideroLink addresses by default
• talos-systems/talos@0f169bf9b chore: add API deprecations mechanism
• talos-systems/talos@eaf6d4720 refactor: use random port listener in kernel log delivery tests
• talos-systems/talos@bf4c81e7d feat: kernel log (kmsg) delivery controller
• talos-systems/talos@f3149780e feat: update Kubernetes to 1.23.0-rc.0
• talos-systems/talos@b824909d6 fix: disable kexec on RPi4
• talos-systems/talos@3257751bc fix: initialize Drainer properly
• talos-systems/talos@e4bc68bf0 fix: leave only a single IPv4/IPv6 address as kubelet's node IP
• talos-systems/talos@e6d007418 feat: update pkgs - Linux 5.15.4, LibreSSL 3.2.7
• talos-systems/talos@d5cbc3640 feat: add GCP ccm
• talos-systems/talos@7433150fd feat: implement events sink controller
• talos-systems/talos@b4a406ae7 test: pin cluster API templates version to tag v1alpha4
• talos-systems/talos@9427e78dc fix: catch panics in network operator runs
• talos-systems/talos@d1f55f901 fix: update blockdevice library to properly handle absent GPT
• talos-systems/talos@5ac64b2d9 chore: set version in unit-tests
• talos-systems/talos@20d39c0b4 chore: format .proto files
• talos-systems/talos@852bf4a7d feat: talosctl fish completion support
• talos-systems/talos@6bb75150a fix: allow add_key and request_key in kubelet seccomp profile
• talos-systems/talos@6487b21fe feat: update pkgs for u-boot, containerd, etc
• talos-systems/talos@f7d1e7776 feat: provide SideroLink client implementation
• talos-systems/talos@58892cd69 fix: unblock events watch on context cancel
• talos-systems/talos@caa76be2c fix: containerd failed to load plugin
• talos-systems/talos@1ffa8e048 feat: add ULA prefix for SideroLink
• talos-systems/talos@c6a67b866 fix: ignore not existing nodes on cordoning
• talos-systems/talos@f73025257 feat: add new event types
• talos-systems/talos@7c9b082f7 feat: update Kubernetes to 1.23.0-beta.0
• talos-systems/talos@750e31c4a fix: ignore EBUSY from kexec_file_load
• talos-systems/talos@2d11b5955 fix: ignore virtual IP as kubelet node IPs
• talos-systems/talos@030fd349b fix: don't run kexec prepare on shutdown and reset
• talos-systems/talos@6dcce20e6 test: set proper pod CIDR for Cilium tests
• talos-systems/talos@695300dac release(v0.14.0-alpha.1): prepare release
• talos-systems/talos@753a82188 refactor: move pkg/resources to machinery
• talos-systems/talos@0102a64a5 refactor: remove pkg/resources dependencies on wgtypes, netx
• talos-systems/talos@7462733bc chore: update golangci-lint
• talos-systems/talos@032c99a03 refactor: remove pkg/resources dependencies on k8s and base62
• talos-systems/talos@4a5cff45f perf: raspberry PIs clockspeed as fast as firmware allows
• talos-systems/talos@a76f6d69d feat: allow kubelet to be restarted and provide negative nodeIP subnets
• talos-systems/talos@189221d58 chore: update dependencies
• talos-systems/talos@41f0aecc1 docs: update partition info
• talos-systems/talos@95105071d chore: fix simple issues found by golangci-lint
• talos-systems/talos@d4b0ca21a test: retry upgrade mutex lock failures
• talos-systems/talos@4357e9a84 docs: add Talos partions info
• talos-systems/talos@8e8687d75 fix: use temporary sonobuoy version
• talos-systems/talos@e4e8e8737 test: disable e2e-misc test with Canal CNI
• talos-systems/talos@897da2f6e docs: common typos
• talos-systems/talos@a50483ddd feat: update Linux to 5.15.1
• talos-systems/talos@a2233bfe4 fix: improve NTP sync process
• talos-systems/talos@7efc1238e fix: parse partition size correctly
• talos-systems/talos@d6147eb17 chore: update sonobuoy
• talos-systems/talos@efbae7857 fix: use etc folder for du cli tests
• talos-systems/talos@198eea51a fix: wait for follow reader to start before writing to the file
• talos-systems/talos@e7f715eb0 chore: log KubeSpan IPs overlaps
• talos-systems/talos@82a1ad168 chore: bump dependencies
• talos-systems/talos@e8fccbf53 fix: clear time adjustment error when setting time to specific value
• talos-systems/talos@e6f90bb41 chore: remove unused parameters
• talos-systems/talos@785161d19 feat: update k8s to 1.23.0-alpha.4
• talos-systems/talos@fe228d7c8 fix: do not use yaml.v2 in the support cmd
• talos-systems/talos@9b48ca217 fix: endpoints and nodes in generated talosconfig
• talos-systems/talos@6e16fd2fe chore: update tools, pkgs, and extras
• talos-systems/talos@261c497c7 feat: implement talosctl support command
• talos-systems/talos@fc7dc4548 chore: check our API idiosyncrasies
• talos-systems/talos@b15844298 feat: use GCP deployment manager
• talos-systems/talos@3e7d4df99 chore: bump dependencies
• talos-systems/talos@88f242295 refactor: get rid of prometheus/procfs dependency in pkg/resources
• talos-systems/talos@dd196d300 refactor: prepare for move of pkg/resources to machinery
• talos-systems/talos@f6110f803 fix: remove listening socket to fix Talos in a container restart
• talos-systems/talos@53bbb13ed docs: update docs with emmc boot guide
• talos-systems/talos@8329d2111 chore: split polymorphic RootSecret resource into specific types
• talos-systems/talos@c97becdd9 chore: remove interfaces and routes APIs
• talos-systems/talos@d798635d9 feat: automatically limit kubelet node IP family based on service CIDRs
• talos-systems/talos@205a8d6dc chore: make nethelpers build on all OSes
• talos-systems/talos@5b5dd49f6 feat: extract JSON fields from more log messages
• talos-systems/talos@eb4f11822 docs: create cluster in hetzner cloud
• talos-systems/talos@728164e25 docs: fix kexec_load_disabled param name in release notes
• talos-systems/talos@f6328f09a fix: fix filename typo
• talos-systems/talos@01b0f0abb release(v0.14.0-alpha.0): prepare release
• talos-systems/talos@8b6206537 fix: skip generating empty .machine.logging
• talos-systems/talos@60ad00636 fix: don't drop ability to use ambient capabilities
• talos-systems/talos@b6b78e7fe test: add cluster discovery integration tests
• talos-systems/talos@97d64d160 fix: hcloud network config changes
• talos-systems/talos@4c76865d0 feat: multiple logging improvements
• talos-systems/talos@1d1e1df64 fix: handle skipped mounts correctly
• talos-systems/talos@0a964d921 test: fix openstack unit-test stability
• talos-systems/talos@72f62ac27 chore: bump Go and Docker dependencies
• talos-systems/talos@9c48ebe8f fix: gcp fetching externalIP
• talos-systems/talos@6c297268c test: fix e2e k8s version
• talos-systems/talos@ae5af9d3f feat: update Kubernetes to 1.23.0-alpha.3
• talos-systems/talos@28d3a69e9 feat: openstack config-drive support
• talos-systems/talos@2258bc491 test: update GCP e2e script to work with new templates
• talos-systems/talos@36b6ace25 feat: update Linux to 5.10.75
• talos-systems/talos@38516a549 test: update Talos versions in upgrade tests
• talos-systems/talos@cff20ec78 fix: change services OOM score
• talos-systems/talos@666a2b620 feat: azure platform ipv6 support
• talos-systems/talos@d32814e30 feat: extract JSON fields from log lines
• talos-systems/talos@e77d81fff fix: treat literal 'unknown' as a valid machine type
• talos-systems/talos@c8e404e35 test: update vars for AWS cluster
• talos-systems/talos@ad23891b1 feat: update CoreDNS version 1.8.6
• talos-systems/talos@41299cae9 feat: udev rules support
• talos-systems/talos@5237fdc95 feat: send JSON logs over UDP
• talos-systems/talos@6d44587a4 feat: coredns service dualstack
• talos-systems/talos@12f7888b7 feat: feed control plane endpoints on workers from cluster discovery
• talos-systems/talos@431e4fb4b chore: bump Go and Docker dependencies
• talos-systems/talos@89f3b9f8d feat: update etcd to 3.5.1
• talos-systems/talos@e60469a38 feat: initial support for JSON logging
• talos-systems/talos@68c420e3c feat: enable cluster discovery by default
• talos-systems/talos@3e100aa97 test: workaround EventsWatch test flakiness
• talos-systems/talos@9bd4838ac chore: stop using sonobuoy CLI
• talos-systems/talos@6ad459519 docs: fix field names for bonding configuration
• talos-systems/talos@d7a3b7b5b chore: use discovery-client and discovery-api modules
• talos-systems/talos@d6309eed6 docs: create docs for Talos 0.14
• talos-systems/talos@c0fda6436 fix: attempt to clean up tasks in containerd runner
• talos-systems/talos@8cf442daa chore: bump tools, pkgs, extras
• talos-systems/talos@0dad5f4d7 chore: small cleanup
• talos-systems/talos@e3e2113ad feat: upgrade CoreDNS during upgrade-k8s call
• talos-systems/talos@d92c98e19 docs: fix discovery service documentation link
• talos-systems/talos@e44b11c59 feat: update containerd to 1.5.7, bump Go dependencies
• talos-systems/talos@24129307a docs: make Talos 0.13 docs latest, update documentation
• talos-systems/talos@31b6e39e5 fix: delete expired affiliates from the discovery service
• talos-systems/talos@877a2b6fc test: bump CAPI components to v1alpha4
• talos-systems/talos@2ba0e0ac4 docs: add KubeSpan documentation
• talos-systems/talos@997873b6d fix: use ECDSA-SHA512 when generating certs for Talos < 0.13
• talos-systems/talos@7137166d1 fix: allow overriding audit-policy-file in kube-apiserver static pod
• talos-systems/talos@8fcd42196 chore: fix integration-qemu-race
• talos-systems/talos@91a858b53 fix: sort output of the argument builder
• talos-systems/talos@657f7a56b fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs
• talos-systems/talos@983d2459e feat: suppress logging NTP sync to the console
• talos-systems/talos@022c7335f fix: add interface route if DHCP4 router is not directly routeable
• talos-systems/talos@66a1579ea fix: don't enable 'no new privs' on the system level
• talos-systems/talos@423861cf9 feat: don't drop capabilities if kexec is disabled
• talos-systems/talos@facc8c38a docs: fix documentation for cluster discovery
• talos-systems/talos@ce65ca4e4 chore: build using only amd64 builders
• talos-systems/talos@e9b0f010d chore: update docker image in the pipeline

Changes since v0.14.0-beta.0

• talos-systems/talos@bc8983b93 release(v0.14.0-beta.1): prepare release
• talos-systems/talos@02796f889 fix: allow kubelet to be started via the API
• talos-systems/talos@e69eacae1 fix: use default time servers in time API if none are configured
• talos-systems/talos@c60e153a1 fix: cleanup affiliates
• talos-systems/talos@301f9e4e0 feat: update Kubernetes to 1.23.0
• talos-systems/talos@fe2e953af feat: upgrade kubelet version in talosctl upgrade-k8s
• talos-systems/talos@4daff7895 chore: update Go to 1.17.5

Changes from talos-systems/discovery-api

• talos-systems/discovery-api@db279ef feat: initial set of APIs and generated files
• talos-systems/discovery-api@ac52a37 chore: initial commit

Changes from talos-systems/discovery-client

• talos-systems/discovery-client@a9a5e9b feat: initial client code
• talos-systems/discovery-client@98eb999 chore: initial commit

Changes from talos-systems/extras

• talos-systems/extras@d6b73a7 feat: update Go to 1.17.5
• talos-systems/extras@bc66403 chore: update pkgs and tools to 0.9.0
• talos-systems/extras@d5ffdd8 feat: update Go to 1.17.4
• talos-systems/extras@50fc401 feat: include flannel CNI plugin into install-cni package
• talos-systems/extras@2bb2efc chore: update pkgs and tools
• talos-systems/extras@d6e8b3a chore: update pkgs and tools

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@15b182d fix: return partition table not exist when trying to read an empty dev
• talos-systems/go-blockdevice@b9517d5 fix: resize partition

Changes from talos-systems/go-smbios

• talos-systems/go-smbios@fd5ec8c fix: remove useless (?) goroutines leading to data race error

Changes from talos-systems/net

• talos-systems/net@b4b7181 feat: add a way to filter list of IPs for the machine
• talos-systems/net@0abe5bd feat: implement FilterIPs function

Changes from talos-systems/pkgs

• talos-systems/pkgs@7a3419a feat: update Go to 1.17.5
• talos-systems/pkgs@4534074 feat: update tools to 0.9.0
• talos-systems/pkgs@4112eed feat: update runc to 1.0.3
• talos-systems/pkgs@49f3c17 feat: enable additional support for RPi hardware
• talos-systems/pkgs@7c066d0 feat: update Go to 1.17.4
• talos-systems/pkgs@4b55a29 feat: update Linux to 5.15.6
• talos-systems/pkgs@80a5f97 feat: update CNI to 1.0.1, separate package for flannel
• talos-systems/pkgs@422276d feat: update Linux to 5.15.5
• talos-systems/pkgs@d385e24 chore: update LibreSSL to 3.2.7
• talos-systems/pkgs@39a3b76 feat: update Linux to 5.15.4
• talos-systems/pkgs@ca30b50 feat: update u-boot to 2021.10
• talos-systems/pkgs@cea93f1 chore: add conformance
• talos-systems/pkgs@79d16b8 feat: update containerd to 1.5.8
• talos-systems/pkgs@1c76107 feat: add mdraid 1/0/10
• talos-systems/pkgs@740da24 feat: bump raspberrypi-firmware to 1.20211029
• talos-systems/pkgs@832dae4 fix: enable CONFIG_DM_SNAPSHOT
• talos-systems/pkgs@f307e64 feat: update Linux to 5.15.1
• talos-systems/pkgs@4f0f238 chore: update tools
• talos-systems/pkgs@932c3cf feat: update libseccomp to 2.5.3
• talos-systems/pkgs@7f3311e feat: update cpu governor to schedutil
• talos-systems/pkgs@b4cdb99 fix: update containerd shas
• talos-systems/pkgs@80a63d4 feat: update Linux to 5.10.75
• talos-systems/pkgs@5c98efd feat: add QLogic QED 25/40/100Gb Ethernet NIC driver
• talos-systems/pkgs@bfb2365 feat: enable driver for SuperMicro raid controller
• talos-systems/pkgs@657e16b feat: enable Intel VMD driver
• talos-systems/pkgs@f7d9d72 feat: enable smarpqi driver and related options
• talos-systems/pkgs@bca3be0 feat: enable aqtion device driver
• talos-systems/pkgs@b88127a chore: update tools
• talos-systems/pkgs@971735f feat: update containerd to 1.5.7

Changes from talos-systems/siderolink

• talos-systems/siderolink@d0612a7 refactor: pass in listener to the log receiver
• talos-systems/siderolink@d86cdd5 feat: implement logreceiver for kernel logs
• talos-systems/siderolink@f7cadbc fix: handle duplicate peer updates
• talos-systems/siderolink@0755b24 feat: initial implementation of SideroLink
• talos-systems/siderolink@ee73ea9 feat: add Talos events sink proto files and the reference implementation
• talos-systems/siderolink@1e2cd9d Initial commit

Changes from talos-systems/tools

• talos-systems/tools@b1146f9 feat: update Go to 1.17.5
• talos-systems/tools@86ce921 chore: bump toolchain to the final 0.4.0 version
• talos-systems/tools@cc8426b feat: update Go to 1.17.4
• talos-systems/tools@aacbc5b feat: update toolchain with Linux headers 5.15
• talos-systems/tools@96e0231 feat: update squashfs-tools to 4.5
• talos-systems/tools@2c9c826 feat: update libseccomp to 2.5.3
• talos-systems/tools@f713a7c feat: update protobuf to 3.19.1, grpc-go to 1.42.0
• talos-systems/tools@972c5ef feat: update Go to 1.17.3
• talos-systems/tools@f63848c feat: update PCRE version and source host
• talos-systems/tools@fab7532 feat: update Go to 1.17.2

Dependency Changes

• github.com/AlekSi/pointer v1.1.0 -> v1.2.0
• github.com/cenkalti/backoff/v4 v4.1.2 new
• github.com/containerd/cgroups v1.0.1 -> v1.0.2
• github.com/containerd/containerd v1.5.5 -> v1.5.8
• github.com/docker/docker v20.10.8 -> v20.10.11
• github.com/evanphx/json-patch v4.11.0 -> v5.6.0
• github.com/gosuri/uiprogress v0.0.1 new
• github.com/hashicorp/go-getter v1.5.8 -> v1.5.9
• github.com/hetznercloud/hcloud-go v1.32.0 -> v1.33.1
• github.com/insomniacslk/dhcp b95caade3eac -> ad197bcd36fd
• github.com/jsimonetti/rtnetlink 435639c8e6a8 -> fd9a11f42291
• github.com/jxskiss/base62 4f11678b909b -> v1.0.0
• github.com/mdlayher/ethtool 2b88debcdd43 -> 288d040e9d60
• github.com/mdlayher/netlink v1.4.1 -> v1.4.2
• github.com/packethost/packngo v0.19.1 -> v0.20.0
• github.com/rivo/tview ee97a7ab3975 -> 2a6de950f73b
• github.com/talos-systems/discovery-api v0.1.0 new
• github.com/talos-systems/discovery-client v0.1.0 new
• github.com/talos-systems/extras v0.6.0 -> v0.7.0-1-gd6b73a7
• github.com/talos-systems/go-blockdevice v0.2.4 -> v0.2.5
• github.com/talos-systems/go-smbios v0.1.0 -> v0.1.1
• github.com/talos-systems/net v0.3.0 -> v0.3.1
• github.com/talos-systems/pkgs v0.8.0 -> v0.9.0-1-g7a3419a
• github.com/talos-systems/siderolink v0.1.0 new
• github.com/talos-systems/tools v0.8.0 -> v0.9.0-1-gb1146f9
• github.com/vmware-tanzu/sonobuoy v0.53.2 -> v0.55.1
• github.com/vmware/govmomi v0.26.1 -> v0.27.2
• github.com/vmware/vmw-guestinfo 687661b8bd8e -> cc1fd90d572c
• go.etcd.io/etcd/api/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/client/pkg/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/client/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/etcdutl/v3 v3.5.0 -> v3.5.1
• go.uber.org/atomic v1.9.0 new
• golang.org/x/net 3ad01bbaa167 -> 012df41ee64c
• golang.org/x/sys 39ccf1dd6fa6 -> 97ca703d548d
• golang.org/x/term 140adaaadfaf -> 03fcf44c2211
• golang.org/x/time 1f47c861a9ac -> f0f3c7e86c11
• golang.zx2c4.com/wireguard/wgctrl 0a2f4901cba6 -> dd7407c86d22
• google.golang.org/grpc v1.41.0 -> v1.42.0
• inet.af/netaddr 85fa6c94624e -> c74959edd3b6
• k8s.io/api v0.22.2 -> v0.23.0
• k8s.io/apimachinery v0.22.2 -> v0.23.0
• k8s.io/client-go v0.22.2 -> v0.23.0
• k8s.io/component-base v0.23.0 new
• k8s.io/cri-api v0.22.2 -> v0.23.0
• k8s.io/kubectl v0.22.2 -> v0.23.0
• k8s.io/kubelet v0.22.2 -> v0.23.0
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 -> v1.2.61
• sigs.k8s.io/yaml v1.3.0 new

Previous release can be found at v0.13.0

Images

quay.io/coreos/flannel:v0.15.1
ghcr.io/talos-systems/install-cni:v0.7.0-1-gd6b73a7
docker.io/coredns/coredns:1.8.6
gcr.io/etcd-development/etcd:v3.5.1
k8s.gcr.io/kube-apiserver:v1.23.0
k8s.gcr.io/kube-controller-manager:v1.23.0
k8s.gcr.io/kube-scheduler:v1.23.0
k8s.gcr.io/kube-proxy:v1.23.0
ghcr.io/talos-systems/kubelet:v1.23.0
ghcr.io/talos-systems/installer:v0.14.0-beta.1
k8s.gcr.io/pause:3.2

Talos 0.14.0-beta.0 (2021-12-08)

Welcome to the v0.14.0-beta.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Kexec and capabilities

When kexec support is disabled
Talos no longer drops Linux capabilities (CAP_SYS_BOOT and CAP_SYS_MODULES) for child processes.
That is helpful for advanced use-cases like Docker-in-Docker.

If you want to permanently disable kexec and capabilities dropping, pass kexec_load_disabled=1 argument to the kernel.

For example:

install:
  extraKernelArgs:
    - sysctl.kernel.kexec_load_disabled=1

Please note that capabilities are dropped before machine configuration is loaded,
so disabling kexec via machine.sysctls will not be enough.

Cluster Discovery

Cluster Discovery is enabled by default for Talos 0.14.
Cluster Discovery can be disabled with talosctl gen config --with-cluster-discovery=false.

installer and imager images

Talos supports two target architectures: amd64 and arm64, so all Talos images are built for both amd64 and arm64.

New image imager was added which contains Talos assets for both architectures which allows to generate Talos disk images
cross-arch: e.g. generate Talos Raspberry PI disk image on amd64 machine.

As installer image is used only to do initial install and upgrades, it now contains Talos assets for a specific architecture.
This reduces size of the installer image leading to faster upgrades and less memory usage.

There are no user-visible changes except that now imager container image should be used to produce Talos disk images.

Kubelet

Kubelet configuration can be updated without node restart (.machine.kubelet section of machine configuration) with commands
talosctl edit mc --immediate, talosctl apply-config --immediate, talosctl patch mc --immediate.

Kubelet service can now be restarted with talosctl service kubelet restart.

Kubelet node IP configuration (.machine.kubelet.nodeIP.validSubnets) can now include negative subnet matches (prefixed with !).

Log Shipping

Talos can now ship system logs
to the configured destination using either JSON-over-UDP or JSON-over-TCP:
see .machine.logging machine configuration option.

NTP Sync

Talos NTP sync process was improved to align better with kernel time adjustment periods and to filter out spikes.

SideroLink

A set of Talos ehancements is going to unlock a number of exciting features in the upcoming release of Sidero:

• SideroLink: a point-to-point Wireguard tunnel connecting Talos node back to the provisioning platform (Sidero).
• event sink (kernel arg talos.event.sink=http://10.0.0.1:4000) delivers Talos internal events to the specified destination.
• kmsg log delivery (kernel arg talos.logging.kernel=tcp://10.0.0.1:4001) sends kernel logs as JSON lines over TCP or UDP.

talosctl support

talosctl CLI tool now has a new subcommand called support, that can gather all
cluster information that could help with future debugging in a single run.

Output of the command is a zip archive with all talos service logs, kubernetes pod logs and manifests,
talos resources manifests and so on.
Generated archive does not contain any secret information so it is safe to send it for analysis to a third party.

Component Updates

• Linux: 5.15.6
• etcd: 3.5.1
• containerd: 1.5.8
• runc: 1.0.3
• Kubernetes: 1.23.0-rc.1
• CoreDNS: 1.8.6
• Flannel (default CNI): 0.15.1

Talos is built with Go 1.17.4

Kubernetes Upgrade Enhancements

talosctl upgrade-k8s now syncs all Talos manifest resources generated from templates.

So there is no need to update CoreDNS, Flannel container manually after running upgrade-k8s anymore.

VLAN Enhancements

Talos now supports setting MTU and Virtual IPs on VLAN interfaces.

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Noel Georgi
• Serge Logvinov
• Nico Berlee
• Spencer Smith
• Alex Zero
• Andrew Rynhard
• Branden Cash
• David Haines
• Gerard de Leeuw
• Michael Fornaro
• Rohit Dandamudi
• Rui Lopes
• Seán C McCord

Changes

• talos-systems/talos@35cb34bd5 release(v0.14.0-beta.0): prepare release
• talos-systems/talos@1d6f140d7 fix: make apply-config work reliably in any Talos state
• talos-systems/talos@a5a6c720e chore: remove boot-{arch}.tar.gz artifact
• talos-systems/talos@fc5ec5007 fix: relax validation for wireguard endpoints
• talos-systems/talos@cdbd5cff4 docs: vlan VIP
• talos-systems/talos@149ffa977 fix: increase boot and etcd join timeouts
• talos-systems/talos@dc9db2141 feat: autocomplete nodes, context and resource definitions
• talos-systems/talos@b4b3e2133 chore: bump tools/pkgs/extra to final released versions
• talos-systems/talos@d225cf91e fix: tmpfs default permissions
• talos-systems/talos@8f3e1a4ad fix: drop unpacked layers from containerd image store
• talos-systems/talos@1fc43619d docs: improve clarity for users
• talos-systems/talos@36c9a65ac feat: update deps and Kubernetes to 1.23.0-rc.1
• talos-systems/talos@64a4f6e77 test: bump Talos versions in upgrade tests
• talos-systems/talos@d2ebda78c feat: update runc to 1.0.3
• talos-systems/talos@adf05072a chore: drop unused package
• talos-systems/talos@961d1567d chore: update Go to 1.17.4
• talos-systems/talos@d2fd7c217 feat: make kubelet service apply changes immediately
• talos-systems/talos@4f5d9da92 feat: allow overriding KSPP kernel parameters
• talos-systems/talos@6377f3df7 test: uplift capi versions and templates
• talos-systems/talos@2a0da0624 feat: split installer and imager images
• talos-systems/talos@1a13aaa23 feat: update Linux to 5.15.6
• talos-systems/talos@73293bc2a feat: can disable controlmanager and scheduler
• talos-systems/talos@7f9922296 feat: add powercycle mode in reboot
• talos-systems/talos@bc69f6ec8 feat: vip for VLANs
• talos-systems/talos@99338e5ff feat: update Flannel to 0.15.1
• talos-systems/talos@8370dde1f docs: fix typos
• talos-systems/talos@a5646db29 feat: support MTU for VLAN's
• talos-systems/talos@4aad0ebf9 docs: expand logging documentation
• talos-systems/talos@400225c88 docs: fix GCP docs
• talos-systems/talos@f7c87d1d9 release(v0.14.0-alpha.2): prepare release
• talos-systems/talos@e9f4b7b20 feat: update Linux to 5.15.5
• talos-systems/talos@4d0a75a3f docs: add documentation about logging
• talos-systems/talos@8d1cbeef9 chore: add API breaking changes detector
• talos-systems/talos@ed7fb9db1 feat: move kubelet proccesses to /podruntime cgroup
• talos-systems/talos@2cd3f9be1 feat: filter out SideroLink addresses by default
• talos-systems/talos@0f169bf9b chore: add API deprecations mechanism
• talos-systems/talos@eaf6d4720 refactor: use random port listener in kernel log delivery tests
• talos-systems/talos@bf4c81e7d feat: kernel log (kmsg) delivery controller
• talos-systems/talos@f3149780e feat: update Kubernetes to 1.23.0-rc.0
• talos-systems/talos@b824909d6 fix: disable kexec on RPi4
• talos-systems/talos@3257751bc fix: initialize Drainer properly
• talos-systems/talos@e4bc68bf0 fix: leave only a single IPv4/IPv6 address as kubelet's node IP
• talos-systems/talos@e6d007418 feat: update pkgs - Linux 5.15.4, LibreSSL 3.2.7
• talos-systems/talos@d5cbc3640 feat: add GCP ccm
• talos-systems/talos@7433150fd feat: implement events sink controller
• talos-systems/talos@b4a406ae7 test: pin cluster API templates version to tag v1alpha4
• talos-systems/talos@9427e78dc fix: catch panics in network operator runs
• talos-systems/talos@d1f55f901 fix: update blockdevice library to properly handle absent GPT
• talos-systems/talos@5ac64b2d9 chore: set version in unit-tests
• talos-systems/talos@20d39c0b4 chore: format .proto files
• talos-systems/talos@852bf4a7d feat: talosctl fish completion support
• talos-systems/talos@6bb75150a fix: allow add_key and request_key in kubelet seccomp profile
• talos-systems/talos@6487b21fe feat: update pkgs for u-boot, containerd, etc
• talos-systems/talos@f7d1e7776 feat: provide SideroLink client implementation
• talos-systems/talos@58892cd69 fix: unblock events watch on context cancel
• talos-systems/talos@caa76be2c fix: containerd failed to load plugin
• talos-systems/talos@1ffa8e048 feat: add ULA prefix for SideroLink
• talos-systems/talos@c6a67b866 fix: ignore not existing nodes on cordoning
• talos-systems/talos@f73025257 feat: add new event types
• talos-systems/talos@7c9b082f7 feat: update Kubernetes to 1.23.0-beta.0
• talos-systems/talos@750e31c4a fix: ignore EBUSY from kexec_file_load
• talos-systems/talos@2d11b5955 fix: ignore virtual IP as kubelet node IPs
• talos-systems/talos@030fd349b fix: don't run kexec prepare on shutdown and reset
• talos-systems/talos@6dcce20e6 test: set proper pod CIDR for Cilium tests
• talos-systems/talos@695300dac release(v0.14.0-alpha.1): prepare release
• talos-systems/talos@753a82188 refactor: move pkg/resources to machinery
• talos-systems/talos@0102a64a5 refactor: remove pkg/resources dependencies on wgtypes, netx
• talos-systems/talos@7462733bc chore: update golangci-lint
• talos-systems/talos@032c99a03 refactor: remove pkg/resources dependencies on k8s and base62
• talos-systems/talos@4a5cff45f perf: raspberry PIs clockspeed as fast as firmware allows
• talos-systems/talos@a76f6d69d feat: allow kubelet to be restarted and provide negative nodeIP subnets
• talos-systems/talos@189221d58 chore: update dependencies
• talos-systems/talos@41f0aecc1 docs: update partition info
• talos-systems/talos@95105071d chore: fix simple issues found by golangci-lint
• talos-systems/talos@d4b0ca21a test: retry upgrade mutex lock failures
• talos-systems/talos@4357e9a84 docs: add Talos partions info
• talos-systems/talos@8e8687d75 fix: use temporary sonobuoy version
• talos-systems/talos@e4e8e8737 test: disable e2e-misc test with Canal CNI
• talos-systems/talos@897da2f6e docs: common typos
• talos-systems/talos@a50483ddd feat: update Linux to 5.15.1
• talos-systems/talos@a2233bfe4 fix: improve NTP sync process
• talos-systems/talos@7efc1238e fix: parse partition size correctly
• talos-systems/talos@d6147eb17 chore: update sonobuoy
• talos-systems/talos@efbae7857 fix: use etc folder for du cli tests
• talos-systems/talos@198eea51a fix: wait for follow reader to start before writing to the file
• talos-systems/talos@e7f715eb0 chore: log KubeSpan IPs overlaps
• talos-systems/talos@82a1ad168 chore: bump dependencies
• talos-systems/talos@e8fccbf53 fix: clear time adjustment error when setting time to specific value
• talos-systems/talos@e6f90bb41 chore: remove unused parameters
• talos-systems/talos@785161d19 feat: update k8s to 1.23.0-alpha.4
• talos-systems/talos@fe228d7c8 fix: do not use yaml.v2 in the support cmd
• talos-systems/talos@9b48ca217 fix: endpoints and nodes in generated talosconfig
• talos-systems/talos@6e16fd2fe chore: update tools, pkgs, and extras
• talos-systems/talos@261c497c7 feat: implement talosctl support command
• talos-systems/talos@fc7dc4548 chore: check our API idiosyncrasies
• talos-systems/talos@b15844298 feat: use GCP deployment manager
• talos-systems/talos@3e7d4df99 chore: bump dependencies
• talos-systems/talos@88f242295 refactor: get rid of prometheus/procfs dependency in pkg/resources
• talos-systems/talos@dd196d300 refactor: prepare for move of pkg/resources to machinery
• talos-systems/talos@f6110f803 fix: remove listening socket to fix Talos in a container restart
• talos-systems/talos@53bbb13ed docs: update docs with emmc boot guide
• talos-systems/talos@8329d2111 chore: split polymorphic RootSecret resource into specific types
• talos-systems/talos@c97becdd9 chore: remove interfaces and routes APIs
• talos-systems/talos@d798635d9 feat: automatically limit kubelet node IP family based on service CIDRs
• talos-systems/talos@205a8d6dc chore: make nethelpers build on all OSes
• talos-systems/talos@5b5dd49f6 feat: extract JSON fields from more log messages
• talos-systems/talos@eb4f11822 docs: create cluster in hetzner cloud
• talos-systems/talos@728164e25 docs: fix kexec_load_disabled param name in release notes
• talos-systems/talos@f6328f09a fix: fix filename typo
• talos-systems/talos@01b0f0abb release(v0.14.0-alpha.0): prepare release
• talos-systems/talos@8b6206537 fix: skip generating empty .machine.logging
• talos-systems/talos@60ad00636 fix: don't drop ability to use ambient capabilities
• talos-systems/talos@b6b78e7fe test: add cluster discovery integration tests
• talos-systems/talos@97d64d160 fix: hcloud network config changes
• talos-systems/talos@4c76865d0 feat: multiple logging improvements
• talos-systems/talos@1d1e1df64 fix: handle skipped mounts correctly
• talos-systems/talos@0a964d921 test: fix openstack unit-test stability
• talos-systems/talos@72f62ac27 chore: bump Go and Docker dependencies
• talos-systems/talos@9c48ebe8f fix: gcp fetching externalIP
• talos-systems/talos@6c297268c test: fix e2e k8s version
• talos-systems/talos@ae5af9d3f feat: update Kubernetes to 1.23.0-alpha.3
• talos-systems/talos@28d3a69e9 feat: openstack config-drive support
• talos-systems/talos@2258bc491 test: update GCP e2e script to work with new templates
• talos-systems/talos@36b6ace25 feat: update Linux to 5.10.75
• talos-systems/talos@38516a549 test: update Talos versions in upgrade tests
• talos-systems/talos@cff20ec78 fix: change services OOM score
• talos-systems/talos@666a2b620 feat: azure platform ipv6 support
• talos-systems/talos@d32814e30 feat: extract JSON fields from log lines
• talos-systems/talos@e77d81fff fix: treat literal 'unknown' as a valid machine type
• talos-systems/talos@c8e404e35 test: update vars for AWS cluster
• talos-systems/talos@ad23891b1 feat: update CoreDNS version 1.8.6
• talos-systems/talos@41299cae9 feat: udev rules support
• talos-systems/talos@5237fdc95 feat: send JSON logs over UDP
• talos-systems/talos@6d44587a4 feat: coredns service dualstack
• talos-systems/talos@12f7888b7 feat: feed control plane endpoints on workers from cluster discovery
• talos-systems/talos@431e4fb4b chore: bump Go and Docker dependencies
• talos-systems/talos@89f3b9f8d feat: update etcd to 3.5.1
• talos-systems/talos@e60469a38 feat: initial support for JSON logging
• talos-systems/talos@68c420e3c feat: enable cluster discovery by default
• talos-systems/talos@3e100aa97 test: workaround EventsWatch test flakiness
• talos-systems/talos@9bd4838ac chore: stop using sonobuoy CLI
• talos-systems/talos@6ad459519 docs: fix field names for bonding configuration
• talos-systems/talos@d7a3b7b5b chore: use discovery-client and discovery-api modules
• talos-systems/talos@d6309eed6 docs: create docs for Talos 0.14
• talos-systems/talos@c0fda6436 fix: attempt to clean up tasks in containerd runner
• talos-systems/talos@8cf442daa chore: bump tools, pkgs, extras
• talos-systems/talos@0dad5f4d7 chore: small cleanup
• talos-systems/talos@e3e2113ad feat: upgrade CoreDNS during upgrade-k8s call
• talos-systems/talos@d92c98e19 docs: fix discovery service documentation link
• talos-systems/talos@e44b11c59 feat: update containerd to 1.5.7, bump Go dependencies
• talos-systems/talos@24129307a docs: make Talos 0.13 docs latest, update documentation
• talos-systems/talos@31b6e39e5 fix: delete expired affiliates from the discovery service
• talos-systems/talos@877a2b6fc test: bump CAPI components to v1alpha4
• talos-systems/talos@2ba0e0ac4 docs: add KubeSpan documentation
• talos-systems/talos@997873b6d fix: use ECDSA-SHA512 when generating certs for Talos < 0.13
• talos-systems/talos@7137166d1 fix: allow overriding audit-policy-file in kube-apiserver static pod
• talos-systems/talos@8fcd42196 chore: fix integration-qemu-race
• talos-systems/talos@91a858b53 fix: sort output of the argument builder
• talos-systems/talos@657f7a56b fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs
• talos-systems/talos@983d2459e feat: suppress logging NTP sync to the console
• talos-systems/talos@022c7335f fix: add interface route if DHCP4 router is not directly routeable
• talos-systems/talos@66a1579ea fix: don't enable 'no new privs' on the system level
• talos-systems/talos@423861cf9 feat: don't drop capabilities if kexec is disabled
• talos-systems/talos@facc8c38a docs: fix documentation for cluster discovery
• talos-systems/talos@ce65ca4e4 chore: build using only amd64 builders
• talos-systems/talos@e9b0f010d chore: update docker image in the pipeline

Changes since v0.14.0-alpha.2

• talos-systems/talos@35cb34bd5 release(v0.14.0-beta.0): prepare release
• talos-systems/talos@1d6f140d7 fix: make apply-config work reliably in any Talos state
• talos-systems/talos@a5a6c720e chore: remove boot-{arch}.tar.gz artifact
• talos-systems/talos@fc5ec5007 fix: relax validation for wireguard endpoints
• talos-systems/talos@cdbd5cff4 docs: vlan VIP
• talos-systems/talos@149ffa977 fix: increase boot and etcd join timeouts
• talos-systems/talos@dc9db2141 feat: autocomplete nodes, context and resource definitions
• talos-systems/talos@b4b3e2133 chore: bump tools/pkgs/extra to final released versions
• talos-systems/talos@d225cf91e fix: tmpfs default permissions
• talos-systems/talos@8f3e1a4ad fix: drop unpacked layers from containerd image store
• talos-systems/talos@1fc43619d docs: improve clarity for users
• talos-systems/talos@36c9a65ac feat: update deps and Kubernetes to 1.23.0-rc.1
• talos-systems/talos@64a4f6e77 test: bump Talos versions in upgrade tests
• talos-systems/talos@d2ebda78c feat: update runc to 1.0.3
• talos-systems/talos@adf05072a chore: drop unused package
• talos-systems/talos@961d1567d chore: update Go to 1.17.4
• talos-systems/talos@d2fd7c217 feat: make kubelet service apply changes immediately
• talos-systems/talos@4f5d9da92 feat: allow overriding KSPP kernel parameters
• talos-systems/talos@6377f3df7 test: uplift capi versions and templates
• talos-systems/talos@2a0da0624 feat: split installer and imager images
• talos-systems/talos@1a13aaa23 feat: update Linux to 5.15.6
• talos-systems/talos@73293bc2a feat: can disable controlmanager and scheduler
• talos-systems/talos@7f9922296 feat: add powercycle mode in reboot
• talos-systems/talos@bc69f6ec8 feat: vip for VLANs
• talos-systems/talos@99338e5ff feat: update Flannel to 0.15.1
• talos-systems/talos@8370dde1f docs: fix typos
• talos-systems/talos@a5646db29 feat: support MTU for VLAN's
• talos-systems/talos@4aad0ebf9 docs: expand logging documentation
• talos-systems/talos@400225c88 docs: fix GCP docs

Changes from talos-systems/discovery-api

• talos-systems/discovery-api@db279ef feat: initial set of APIs and generated files
• talos-systems/discovery-api@ac52a37 chore: initial commit

Changes from talos-systems/discovery-client

• talos-systems/discovery-client@a9a5e9b feat: initial client code
• talos-systems/discovery-client@98eb999 chore: initial commit

Changes from talos-systems/extras

• talos-systems/extras@bc66403 chore: update pkgs and tools to 0.9.0
• talos-systems/extras@d5ffdd8 feat: update Go to 1.17.4
• talos-systems/extras@50fc401 feat: include flannel CNI plugin into install-cni package
• talos-systems/extras@2bb2efc chore: update pkgs and tools
• talos-systems/extras@d6e8b3a chore: update pkgs and tools

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@15b182d fix: return partition table not exist when trying to read an empty dev
• talos-systems/go-blockdevice@b9517d5 fix: resize partition

Changes from talos-systems/go-smbios

• talos-systems/go-smbios@fd5ec8c fix: remove useless (?) goroutines leading to data race error

Changes from talos-systems/net

• talos-systems/net@b4b7181 feat: add a way to filter list of IPs for the machine
• talos-systems/net@0abe5bd feat: implement FilterIPs function

Changes from talos-systems/pkgs

• talos-systems/pkgs@4534074 feat: update tools to 0.9.0
• talos-systems/pkgs@4112eed feat: update runc to 1.0.3
• talos-systems/pkgs@49f3c17 feat: enable additional support for RPi hardware
• talos-systems/pkgs@7c066d0 feat: update Go to 1.17.4
• talos-systems/pkgs@4b55a29 feat: update Linux to 5.15.6
• talos-systems/pkgs@80a5f97 feat: update CNI to 1.0.1, separate package for flannel
• talos-systems/pkgs@422276d feat: update Linux to 5.15.5
• talos-systems/pkgs@d385e24 chore: update LibreSSL to 3.2.7
• talos-systems/pkgs@39a3b76 feat: update Linux to 5.15.4
• talos-systems/pkgs@ca30b50 feat: update u-boot to 2021.10
• talos-systems/pkgs@cea93f1 chore: add conformance
• talos-systems/pkgs@79d16b8 feat: update containerd to 1.5.8
• talos-systems/pkgs@1c76107 feat: add mdraid 1/0/10
• talos-systems/pkgs@740da24 feat: bump raspberrypi-firmware to 1.20211029
• talos-systems/pkgs@832dae4 fix: enable CONFIG_DM_SNAPSHOT
• talos-systems/pkgs@f307e64 feat: update Linux to 5.15.1
• talos-systems/pkgs@4f0f238 chore: update tools
• talos-systems/pkgs@932c3cf feat: update libseccomp to 2.5.3
• talos-systems/pkgs@7f3311e feat: update cpu governor to schedutil
• talos-systems/pkgs@b4cdb99 fix: update containerd shas
• talos-systems/pkgs@80a63d4 feat: update Linux to 5.10.75
• talos-systems/pkgs@5c98efd feat: add QLogic QED 25/40/100Gb Ethernet NIC driver
• talos-systems/pkgs@bfb2365 feat: enable driver for SuperMicro raid controller
• talos-systems/pkgs@657e16b feat: enable Intel VMD driver
• talos-systems/pkgs@f7d9d72 feat: enable smarpqi driver and related options
• talos-systems/pkgs@bca3be0 feat: enable aqtion device driver
• talos-systems/pkgs@b88127a chore: update tools
• talos-systems/pkgs@971735f feat: update containerd to 1.5.7

Changes from talos-systems/siderolink

• talos-systems/siderolink@d0612a7 refactor: pass in listener to the log receiver
• talos-systems/siderolink@d86cdd5 feat: implement logreceiver for kernel logs
• talos-systems/siderolink@f7cadbc fix: handle duplicate peer updates
• talos-systems/siderolink@0755b24 feat: initial implementation of SideroLink
• talos-systems/siderolink@ee73ea9 feat: add Talos events sink proto files and the reference implementation
• talos-systems/siderolink@1e2cd9d Initial commit

Changes from talos-systems/tools

• talos-systems/tools@86ce921 chore: bump toolchain to the final 0.4.0 version
• talos-systems/tools@cc8426b feat: update Go to 1.17.4
• talos-systems/tools@aacbc5b feat: update toolchain with Linux headers 5.15
• talos-systems/tools@96e0231 feat: update squashfs-tools to 4.5
• talos-systems/tools@2c9c826 feat: update libseccomp to 2.5.3
• talos-systems/tools@f713a7c feat: update protobuf to 3.19.1, grpc-go to 1.42.0
• talos-systems/tools@972c5ef feat: update Go to 1.17.3
• talos-systems/tools@f63848c feat: update PCRE version and source host
• talos-systems/tools@fab7532 feat: update Go to 1.17.2

Dependency Changes

• github.com/AlekSi/pointer v1.1.0 -> v1.2.0
• github.com/cenkalti/backoff/v4 v4.1.2 new
• github.com/containerd/cgroups v1.0.1 -> v1.0.2
• github.com/containerd/containerd v1.5.5 -> v1.5.8
• github.com/docker/docker v20.10.8 -> v20.10.11
• github.com/evanphx/json-patch v4.11.0 -> v5.6.0
• github.com/gosuri/uiprogress v0.0.1 new
• github.com/hashicorp/go-getter v1.5.8 -> v1.5.9
• github.com/hetznercloud/hcloud-go v1.32.0 -> v1.33.1
• github.com/insomniacslk/dhcp b95caade3eac -> ad197bcd36fd
• github.com/jsimonetti/rtnetlink 435639c8e6a8 -> fd9a11f42291
• github.com/jxskiss/base62 4f11678b909b -> v1.0.0
• github.com/mdlayher/ethtool 2b88debcdd43 -> 288d040e9d60
• github.com/mdlayher/netlink v1.4.1 -> v1.4.2
• github.com/packethost/packngo v0.19.1 -> v0.20.0
• github.com/rivo/tview ee97a7ab3975 -> 2a6de950f73b
• github.com/talos-systems/discovery-api v0.1.0 new
• github.com/talos-systems/discovery-client v0.1.0 new
• github.com/talos-systems/extras v0.6.0 -> v0.7.0
• github.com/talos-systems/go-blockdevice v0.2.4 -> v0.2.5
• github.com/talos-systems/go-smbios v0.1.0 -> v0.1.1
• github.com/talos-systems/net v0.3.0 -> v0.3.1
• github.com/talos-systems/pkgs v0.8.0 -> v0.9.0
• github.com/talos-systems/siderolink v0.1.0 new
• github.com/talos-systems/tools v0.8.0 -> v0.9.0
• github.com/vmware-tanzu/sonobuoy v0.53.2 -> v0.55.1
• github.com/vmware/govmomi v0.26.1 -> v0.27.2
• github.com/vmware/vmw-guestinfo 687661b8bd8e -> cc1fd90d572c
• go.etcd.io/etcd/api/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/client/pkg/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/client/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/etcdutl/v3 v3.5.0 -> v3.5.1
• go.uber.org/atomic v1.9.0 new
• golang.org/x/net 3ad01bbaa167 -> 012df41ee64c
• golang.org/x/sys 39ccf1dd6fa6 -> 97ca703d548d
• golang.org/x/term 140adaaadfaf -> 03fcf44c2211
• golang.org/x/time 1f47c861a9ac -> f0f3c7e86c11
• golang.zx2c4.com/wireguard/wgctrl 0a2f4901cba6 -> dd7407c86d22
• google.golang.org/grpc v1.41.0 -> v1.42.0
• inet.af/netaddr 85fa6c94624e -> c74959edd3b6
• k8s.io/api v0.22.2 -> v0.23.0-rc.1
• k8s.io/apimachinery v0.22.2 -> v0.23.0-rc.1
• k8s.io/client-go v0.22.2 -> v0.23.0-rc.1
• k8s.io/component-base v0.23.0-rc.1 new
• k8s.io/cri-api v0.22.2 -> v0.23.0-rc.1
• k8s.io/kubectl v0.22.2 -> v0.23.0-rc.1
• k8s.io/kubelet v0.22.2 -> v0.23.0-rc.1
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 -> v1.2.61
• sigs.k8s.io/yaml v1.3.0 new

Previous release can be found at v0.13.0

Images

quay.io/coreos/flannel:v0.15.1
ghcr.io/talos-systems/install-cni:v0.7.0
docker.io/coredns/coredns:1.8.6
gcr.io/etcd-development/etcd:v3.5.1
k8s.gcr.io/kube-apiserver:v1.23.0-rc.1
k8s.gcr.io/kube-controller-manager:v1.23.0-rc.1
k8s.gcr.io/kube-scheduler:v1.23.0-rc.1
k8s.gcr.io/kube-proxy:v1.23.0-rc.1
ghcr.io/talos-systems/kubelet:v1.23.0-rc.1
ghcr.io/talos-systems/installer:v0.14.0-beta.0
k8s.gcr.io/pause:3.2

Talos 0.14.0-alpha.2 (2021-11-30)

Welcome to the v0.14.0-alpha.2 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Kexec and capabilities

When kexec support is disabled
Talos no longer drops Linux capabilities (CAP_SYS_BOOT and CAP_SYS_MODULES) for child processes.
That is helpful for advanced use-cases like Docker-in-Docker.

If you want to permanently disable kexec and capabilities dropping, pass kexec_load_disabled=1 argument to the kernel.

For example:

install:
  extraKernelArgs:
    - sysctl.kernel.kexec_load_disabled=1

Please note that capabilities are dropped before machine configuration is loaded,
so disabling kexec via machine.sysctls will not be enough.

Cluster Discovery

Cluster Discovery is enabled by default for Talos 0.14.
Cluster Discovery can be disabled with talosctl gen config --with-cluster-discovery=false.

Kubelet

Kubelet service can now be restarted with talosctl service kubelet restart.

Kubelet node IP configuration (.machine.kubelet.nodeIP.validSubnets) can now include negative subnet matches (prefixed with !).

Log Shipping

Talos can now ship system logs
to the configured destination using either JSON-over-UDP or JSON-over-TCP:
see .machine.logging machine configuration option.

NTP Sync

Talos NTP sync process was improved to align better with kernel time adjustment periods and to filter out spikes.

SideroLink

A set of Talos ehancements is going to unlock a number of exciting features in the upcoming release of Sidero:

• SideroLink: a point-to-point Wireguard tunnel connecting Talos node back to the provisioning platform (Sidero).
• event sink (kernel arg talos.event.sink=http://10.0.0.1:4000) delivers Talos internal events to the specified destination.
• kmsg log delivery (kernel arg talos.logging.kernel=tcp://10.0.0.1:4001) sends kernel logs as JSON lines over TCP or UDP.

talosctl support

talosctl CLI tool now has a new subcommand called support, that can gather all
cluster information that could help with future debugging in a single run.

Output of the command is a zip archive with all talos service logs, kubernetes pod logs and manifests,
talos resources manifests and so on.
Generated archive does not contain any secret information so it is safe to send it for analysis to a third party.

Component Updates

• Linux: 5.15.5
• etcd: 3.5.1
• containerd: 1.5.8
• Kubernetes: 1.23.0-rc.0
• CoreDNS: 1.8.6

Talos is built with Go 1.17.3

Kubernetes Upgrade Enhancements

talosctl upgrade-k8s now syncs all Talos manifest resources generated from templates.

So there is no need to update CoreDNS, Flannel container manually after running upgrade-k8s anymore.

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Serge Logvinov
• Noel Georgi
• Nico Berlee
• Spencer Smith
• Alex Zero
• Andrew Rynhard
• Branden Cash
• David Haines
• Gerard de Leeuw
• Michael Fornaro
• Rui Lopes

Changes

• talos-systems/talos@f7c87d1d9 release(v0.14.0-alpha.2): prepare release
• talos-systems/talos@e9f4b7b20 feat: update Linux to 5.15.5
• talos-systems/talos@4d0a75a3f docs: add documentation about logging
• talos-systems/talos@8d1cbeef9 chore: add API breaking changes detector
• talos-systems/talos@ed7fb9db1 feat: move kubelet proccesses to /podruntime cgroup
• talos-systems/talos@2cd3f9be1 feat: filter out SideroLink addresses by default
• talos-systems/talos@0f169bf9b chore: add API deprecations mechanism
• talos-systems/talos@eaf6d4720 refactor: use random port listener in kernel log delivery tests
• talos-systems/talos@bf4c81e7d feat: kernel log (kmsg) delivery controller
• talos-systems/talos@f3149780e feat: update Kubernetes to 1.23.0-rc.0
• talos-systems/talos@b824909d6 fix: disable kexec on RPi4
• talos-systems/talos@3257751bc fix: initialize Drainer properly
• talos-systems/talos@e4bc68bf0 fix: leave only a single IPv4/IPv6 address as kubelet's node IP
• talos-systems/talos@e6d007418 feat: update pkgs - Linux 5.15.4, LibreSSL 3.2.7
• talos-systems/talos@d5cbc3640 feat: add GCP ccm
• talos-systems/talos@7433150fd feat: implement events sink controller
• talos-systems/talos@b4a406ae7 test: pin cluster API templates version to tag v1alpha4
• talos-systems/talos@9427e78dc fix: catch panics in network operator runs
• talos-systems/talos@d1f55f901 fix: update blockdevice library to properly handle absent GPT
• talos-systems/talos@5ac64b2d9 chore: set version in unit-tests
• talos-systems/talos@20d39c0b4 chore: format .proto files
• talos-systems/talos@852bf4a7d feat: talosctl fish completion support
• talos-systems/talos@6bb75150a fix: allow add_key and request_key in kubelet seccomp profile
• talos-systems/talos@6487b21fe feat: update pkgs for u-boot, containerd, etc
• talos-systems/talos@f7d1e7776 feat: provide SideroLink client implementation
• talos-systems/talos@58892cd69 fix: unblock events watch on context cancel
• talos-systems/talos@caa76be2c fix: containerd failed to load plugin
• talos-systems/talos@1ffa8e048 feat: add ULA prefix for SideroLink
• talos-systems/talos@c6a67b866 fix: ignore not existing nodes on cordoning
• talos-systems/talos@f73025257 feat: add new event types
• talos-systems/talos@7c9b082f7 feat: update Kubernetes to 1.23.0-beta.0
• talos-systems/talos@750e31c4a fix: ignore EBUSY from kexec_file_load
• talos-systems/talos@2d11b5955 fix: ignore virtual IP as kubelet node IPs
• talos-systems/talos@030fd349b fix: don't run kexec prepare on shutdown and reset
• talos-systems/talos@6dcce20e6 test: set proper pod CIDR for Cilium tests
• talos-systems/talos@695300dac release(v0.14.0-alpha.1): prepare release
• talos-systems/talos@753a82188 refactor: move pkg/resources to machinery
• talos-systems/talos@0102a64a5 refactor: remove pkg/resources dependencies on wgtypes, netx
• talos-systems/talos@7462733bc chore: update golangci-lint
• talos-systems/talos@032c99a03 refactor: remove pkg/resources dependencies on k8s and base62
• talos-systems/talos@4a5cff45f perf: raspberry PIs clockspeed as fast as firmware allows
• talos-systems/talos@a76f6d69d feat: allow kubelet to be restarted and provide negative nodeIP subnets
• talos-systems/talos@189221d58 chore: update dependencies
• talos-systems/talos@41f0aecc1 docs: update partition info
• talos-systems/talos@95105071d chore: fix simple issues found by golangci-lint
• talos-systems/talos@d4b0ca21a test: retry upgrade mutex lock failures
• talos-systems/talos@4357e9a84 docs: add Talos partions info
• talos-systems/talos@8e8687d75 fix: use temporary sonobuoy version
• talos-systems/talos@e4e8e8737 test: disable e2e-misc test with Canal CNI
• talos-systems/talos@897da2f6e docs: common typos
• talos-systems/talos@a50483ddd feat: update Linux to 5.15.1
• talos-systems/talos@a2233bfe4 fix: improve NTP sync process
• talos-systems/talos@7efc1238e fix: parse partition size correctly
• talos-systems/talos@d6147eb17 chore: update sonobuoy
• talos-systems/talos@efbae7857 fix: use etc folder for du cli tests
• talos-systems/talos@198eea51a fix: wait for follow reader to start before writing to the file
• talos-systems/talos@e7f715eb0 chore: log KubeSpan IPs overlaps
• talos-systems/talos@82a1ad168 chore: bump dependencies
• talos-systems/talos@e8fccbf53 fix: clear time adjustment error when setting time to specific value
• talos-systems/talos@e6f90bb41 chore: remove unused parameters
• talos-systems/talos@785161d19 feat: update k8s to 1.23.0-alpha.4
• talos-systems/talos@fe228d7c8 fix: do not use yaml.v2 in the support cmd
• talos-systems/talos@9b48ca217 fix: endpoints and nodes in generated talosconfig
• talos-systems/talos@6e16fd2fe chore: update tools, pkgs, and extras
• talos-systems/talos@261c497c7 feat: implement talosctl support command
• talos-systems/talos@fc7dc4548 chore: check our API idiosyncrasies
• talos-systems/talos@b15844298 feat: use GCP deployment manager
• talos-systems/talos@3e7d4df99 chore: bump dependencies
• talos-systems/talos@88f242295 refactor: get rid of prometheus/procfs dependency in pkg/resources
• talos-systems/talos@dd196d300 refactor: prepare for move of pkg/resources to machinery
• talos-systems/talos@f6110f803 fix: remove listening socket to fix Talos in a container restart
• talos-systems/talos@53bbb13ed docs: update docs with emmc boot guide
• talos-systems/talos@8329d2111 chore: split polymorphic RootSecret resource into specific types
• talos-systems/talos@c97becdd9 chore: remove interfaces and routes APIs
• talos-systems/talos@d798635d9 feat: automatically limit kubelet node IP family based on service CIDRs
• talos-systems/talos@205a8d6dc chore: make nethelpers build on all OSes
• talos-systems/talos@5b5dd49f6 feat: extract JSON fields from more log messages
• talos-systems/talos@eb4f11822 docs: create cluster in hetzner cloud
• talos-systems/talos@728164e25 docs: fix kexec_load_disabled param name in release notes
• talos-systems/talos@f6328f09a fix: fix filename typo
• talos-systems/talos@01b0f0abb release(v0.14.0-alpha.0): prepare release
• talos-systems/talos@8b6206537 fix: skip generating empty .machine.logging
• talos-systems/talos@60ad00636 fix: don't drop ability to use ambient capabilities
• talos-systems/talos@b6b78e7fe test: add cluster discovery integration tests
• talos-systems/talos@97d64d160 fix: hcloud network config changes
• talos-systems/talos@4c76865d0 feat: multiple logging improvements
• talos-systems/talos@1d1e1df64 fix: handle skipped mounts correctly
• talos-systems/talos@0a964d921 test: fix openstack unit-test stability
• talos-systems/talos@72f62ac27 chore: bump Go and Docker dependencies
• talos-systems/talos@9c48ebe8f fix: gcp fetching externalIP
• talos-systems/talos@6c297268c test: fix e2e k8s version
• talos-systems/talos@ae5af9d3f feat: update Kubernetes to 1.23.0-alpha.3
• talos-systems/talos@28d3a69e9 feat: openstack config-drive support
• talos-systems/talos@2258bc491 test: update GCP e2e script to work with new templates
• talos-systems/talos@36b6ace25 feat: update Linux to 5.10.75
• talos-systems/talos@38516a549 test: update Talos versions in upgrade tests
• talos-systems/talos@cff20ec78 fix: change services OOM score
• talos-systems/talos@666a2b620 feat: azure platform ipv6 support
• talos-systems/talos@d32814e30 feat: extract JSON fields from log lines
• talos-systems/talos@e77d81fff fix: treat literal 'unknown' as a valid machine type
• talos-systems/talos@c8e404e35 test: update vars for AWS cluster
• talos-systems/talos@ad23891b1 feat: update CoreDNS version 1.8.6
• talos-systems/talos@41299cae9 feat: udev rules support
• talos-systems/talos@5237fdc95 feat: send JSON logs over UDP
• talos-systems/talos@6d44587a4 feat: coredns service dualstack
• talos-systems/talos@12f7888b7 feat: feed control plane endpoints on workers from cluster discovery
• talos-systems/talos@431e4fb4b chore: bump Go and Docker dependencies
• talos-systems/talos@89f3b9f8d feat: update etcd to 3.5.1
• talos-systems/talos@e60469a38 feat: initial support for JSON logging
• talos-systems/talos@68c420e3c feat: enable cluster discovery by default
• talos-systems/talos@3e100aa97 test: workaround EventsWatch test flakiness
• talos-systems/talos@9bd4838ac chore: stop using sonobuoy CLI
• talos-systems/talos@6ad459519 docs: fix field names for bonding configuration
• talos-systems/talos@d7a3b7b5b chore: use discovery-client and discovery-api modules
• talos-systems/talos@d6309eed6 docs: create docs for Talos 0.14
• talos-systems/talos@c0fda6436 fix: attempt to clean up tasks in containerd runner
• talos-systems/talos@8cf442daa chore: bump tools, pkgs, extras
• talos-systems/talos@0dad5f4d7 chore: small cleanup
• talos-systems/talos@e3e2113ad feat: upgrade CoreDNS during upgrade-k8s call
• talos-systems/talos@d92c98e19 docs: fix discovery service documentation link
• talos-systems/talos@e44b11c59 feat: update containerd to 1.5.7, bump Go dependencies
• talos-systems/talos@24129307a docs: make Talos 0.13 docs latest, update documentation
• talos-systems/talos@31b6e39e5 fix: delete expired affiliates from the discovery service
• talos-systems/talos@877a2b6fc test: bump CAPI components to v1alpha4
• talos-systems/talos@2ba0e0ac4 docs: add KubeSpan documentation
• talos-systems/talos@997873b6d fix: use ECDSA-SHA512 when generating certs for Talos < 0.13
• talos-systems/talos@7137166d1 fix: allow overriding audit-policy-file in kube-apiserver static pod
• talos-systems/talos@8fcd42196 chore: fix integration-qemu-race
• talos-systems/talos@91a858b53 fix: sort output of the argument builder
• talos-systems/talos@657f7a56b fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs
• talos-systems/talos@983d2459e feat: suppress logging NTP sync to the console
• talos-systems/talos@022c7335f fix: add interface route if DHCP4 router is not directly routeable
• talos-systems/talos@66a1579ea fix: don't enable 'no new privs' on the system level
• talos-systems/talos@423861cf9 feat: don't drop capabilities if kexec is disabled
• talos-systems/talos@facc8c38a docs: fix documentation for cluster discovery
• talos-systems/talos@ce65ca4e4 chore: build using only amd64 builders
• talos-systems/talos@e9b0f010d chore: update docker image in the pipeline

Changes since v0.14.0-alpha.1

• talos-systems/talos@f7c87d1d9 release(v0.14.0-alpha.2): prepare release
• talos-systems/talos@e9f4b7b20 feat: update Linux to 5.15.5
• talos-systems/talos@4d0a75a3f docs: add documentation about logging
• talos-systems/talos@8d1cbeef9 chore: add API breaking changes detector
• talos-systems/talos@ed7fb9db1 feat: move kubelet proccesses to /podruntime cgroup
• talos-systems/talos@2cd3f9be1 feat: filter out SideroLink addresses by default
• talos-systems/talos@0f169bf9b chore: add API deprecations mechanism
• talos-systems/talos@eaf6d4720 refactor: use random port listener in kernel log delivery tests
• talos-systems/talos@bf4c81e7d feat: kernel log (kmsg) delivery controller
• talos-systems/talos@f3149780e feat: update Kubernetes to 1.23.0-rc.0
• talos-systems/talos@b824909d6 fix: disable kexec on RPi4
• talos-systems/talos@3257751bc fix: initialize Drainer properly
• talos-systems/talos@e4bc68bf0 fix: leave only a single IPv4/IPv6 address as kubelet's node IP
• talos-systems/talos@e6d007418 feat: update pkgs - Linux 5.15.4, LibreSSL 3.2.7
• talos-systems/talos@d5cbc3640 feat: add GCP ccm
• talos-systems/talos@7433150fd feat: implement events sink controller
• talos-systems/talos@b4a406ae7 test: pin cluster API templates version to tag v1alpha4
• talos-systems/talos@9427e78dc fix: catch panics in network operator runs
• talos-systems/talos@d1f55f901 fix: update blockdevice library to properly handle absent GPT
• talos-systems/talos@5ac64b2d9 chore: set version in unit-tests
• talos-systems/talos@20d39c0b4 chore: format .proto files
• talos-systems/talos@852bf4a7d feat: talosctl fish completion support
• talos-systems/talos@6bb75150a fix: allow add_key and request_key in kubelet seccomp profile
• talos-systems/talos@6487b21fe feat: update pkgs for u-boot, containerd, etc
• talos-systems/talos@f7d1e7776 feat: provide SideroLink client implementation
• talos-systems/talos@58892cd69 fix: unblock events watch on context cancel
• talos-systems/talos@caa76be2c fix: containerd failed to load plugin
• talos-systems/talos@1ffa8e048 feat: add ULA prefix for SideroLink
• talos-systems/talos@c6a67b866 fix: ignore not existing nodes on cordoning
• talos-systems/talos@f73025257 feat: add new event types
• talos-systems/talos@7c9b082f7 feat: update Kubernetes to 1.23.0-beta.0
• talos-systems/talos@750e31c4a fix: ignore EBUSY from kexec_file_load
• talos-systems/talos@2d11b5955 fix: ignore virtual IP as kubelet node IPs
• talos-systems/talos@030fd349b fix: don't run kexec prepare on shutdown and reset
• talos-systems/talos@6dcce20e6 test: set proper pod CIDR for Cilium tests

Changes from talos-systems/discovery-api

• talos-systems/discovery-api@db279ef feat: initial set of APIs and generated files
• talos-systems/discovery-api@ac52a37 chore: initial commit

Changes from talos-systems/discovery-client

• talos-systems/discovery-client@a9a5e9b feat: initial client code
• talos-systems/discovery-client@98eb999 chore: initial commit

Changes from talos-systems/extras

• talos-systems/extras@2bb2efc chore: update pkgs and tools
• talos-systems/extras@d6e8b3a chore: update pkgs and tools

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@15b182d fix: return partition table not exist when trying to read an empty dev
• talos-systems/go-blockdevice@b9517d5 fix: resize partition

Changes from talos-systems/go-smbios

• talos-systems/go-smbios@fd5ec8c fix: remove useless (?) goroutines leading to data race error

Changes from talos-systems/net

• talos-systems/net@b4b7181 feat: add a way to filter list of IPs for the machine
• talos-systems/net@0abe5bd feat: implement FilterIPs function

Changes from talos-systems/pkgs

• talos-systems/pkgs@422276d feat: update Linux to 5.15.5
• talos-systems/pkgs@d385e24 chore: update LibreSSL to 3.2.7
• talos-systems/pkgs@39a3b76 feat: update Linux to 5.15.4
• talos-systems/pkgs@ca30b50 feat: update u-boot to 2021.10
• talos-systems/pkgs@cea93f1 chore: add conformance
• talos-systems/pkgs@79d16b8 feat: update containerd to 1.5.8
• talos-systems/pkgs@1c76107 feat: add mdraid 1/0/10
• talos-systems/pkgs@740da24 feat: bump raspberrypi-firmware to 1.20211029
• talos-systems/pkgs@832dae4 fix: enable CONFIG_DM_SNAPSHOT
• talos-systems/pkgs@f307e64 feat: update Linux to 5.15.1
• talos-systems/pkgs@4f0f238 chore: update tools
• talos-systems/pkgs@932c3cf feat: update libseccomp to 2.5.3
• talos-systems/pkgs@7f3311e feat: update cpu governor to schedutil
• talos-systems/pkgs@b4cdb99 fix: update containerd shas
• talos-systems/pkgs@80a63d4 feat: update Linux to 5.10.75
• talos-systems/pkgs@5c98efd feat: add QLogic QED 25/40/100Gb Ethernet NIC driver
• talos-systems/pkgs@bfb2365 feat: enable driver for SuperMicro raid controller
• talos-systems/pkgs@657e16b feat: enable Intel VMD driver
• talos-systems/pkgs@f7d9d72 feat: enable smarpqi driver and related options
• talos-systems/pkgs@bca3be0 feat: enable aqtion device driver
• talos-systems/pkgs@b88127a chore: update tools
• talos-systems/pkgs@971735f feat: update containerd to 1.5.7

Changes from talos-systems/siderolink

• talos-systems/siderolink@d0612a7 refactor: pass in listener to the log receiver
• talos-systems/siderolink@d86cdd5 feat: implement logreceiver for kernel logs
• talos-systems/siderolink@f7cadbc fix: handle duplicate peer updates
• talos-systems/siderolink@0755b24 feat: initial implementation of SideroLink
• talos-systems/siderolink@ee73ea9 feat: add Talos events sink proto files and the reference implementation
• talos-systems/siderolink@1e2cd9d Initial commit

Changes from talos-systems/tools

• talos-systems/tools@96e0231 feat: update squashfs-tools to 4.5
• talos-systems/tools@2c9c826 feat: update libseccomp to 2.5.3
• talos-systems/tools@f713a7c feat: update protobuf to 3.19.1, grpc-go to 1.42.0
• talos-systems/tools@972c5ef feat: update Go to 1.17.3
• talos-systems/tools@f63848c feat: update PCRE version and source host
• talos-systems/tools@fab7532 feat: update Go to 1.17.2

Dependency Changes

• github.com/AlekSi/pointer v1.1.0 -> v1.2.0
• github.com/cenkalti/backoff/v4 v4.1.2 new
• github.com/containerd/cgroups v1.0.1 -> v1.0.2
• github.com/containerd/containerd v1.5.5 -> v1.5.8
• github.com/docker/docker v20.10.8 -> v20.10.11
• github.com/evanphx/json-patch v4.11.0 -> v5.6.0
• github.com/gosuri/uiprogress v0.0.1 new
• github.com/hashicorp/go-getter v1.5.8 -> v1.5.9
• github.com/hetznercloud/hcloud-go v1.32.0 -> v1.33.1
• github.com/insomniacslk/dhcp b95caade3eac -> ad197bcd36fd
• github.com/jsimonetti/rtnetlink 435639c8e6a8 -> 93da33804786
• github.com/jxskiss/base62 4f11678b909b -> v1.0.0
• github.com/mdlayher/ethtool 2b88debcdd43 -> 288d040e9d60
• github.com/rivo/tview ee97a7ab3975 -> badfa0f0b301
• github.com/talos-systems/discovery-api v0.1.0 new
• github.com/talos-systems/discovery-client v0.1.0 new
• github.com/talos-systems/extras v0.6.0 -> v0.7.0-alpha.0-1-g2bb2efc
• github.com/talos-systems/go-blockdevice v0.2.4 -> 15b182db0cd2
• github.com/talos-systems/go-smbios v0.1.0 -> fd5ec8ce4873
• github.com/talos-systems/net v0.3.0 -> b4b718179a1a
• github.com/talos-systems/pkgs v0.8.0 -> v0.9.0-alpha.0-21-g422276d
• github.com/talos-systems/siderolink v0.1.0 new
• github.com/talos-systems/tools v0.8.0 -> v0.9.0-alpha.0-5-g96e0231
• github.com/vmware-tanzu/sonobuoy v0.53.2 -> v0.55.1
• github.com/vmware/govmomi v0.26.1 -> v0.27.2
• github.com/vmware/vmw-guestinfo 687661b8bd8e -> cc1fd90d572c
• go.etcd.io/etcd/api/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/client/pkg/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/client/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/etcdutl/v3 v3.5.0 -> v3.5.1
• go.uber.org/atomic v1.7.0 new
• golang.org/x/net 3ad01bbaa167 -> d83791d6bcd9
• golang.org/x/sys 39ccf1dd6fa6 -> fe61309f8881
• golang.org/x/term 140adaaadfaf -> 03fcf44c2211
• golang.org/x/time 1f47c861a9ac -> f0f3c7e86c11
• golang.zx2c4.com/wireguard/wgctrl 0a2f4901cba6 -> dd7407c86d22
• google.golang.org/grpc v1.41.0 -> v1.42.0
• inet.af/netaddr 85fa6c94624e -> c74959edd3b6
• k8s.io/api v0.22.2 -> v0.23.0-alpha.4
• k8s.io/apimachinery v0.22.2 -> v0.23.0-alpha.4
• k8s.io/client-go v0.22.2 -> v0.23.0-alpha.4
• k8s.io/cri-api v0.22.2 -> v0.23.0-alpha.4
• k8s.io/kubectl v0.22.2 -> v0.23.0-alpha.4
• k8s.io/kubelet v0.22.2 -> v0.23.0-alpha.4
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 -> v1.2.61
• sigs.k8s.io/yaml v1.3.0 new

Previous release can be found at v0.13.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.7.0-alpha.0-1-g2bb2efc
docker.io/coredns/coredns:1.8.6
gcr.io/etcd-development/etcd:v3.5.1
k8s.gcr.io/kube-apiserver:v1.23.0-rc.0
k8s.gcr.io/kube-controller-manager:v1.23.0-rc.0
k8s.gcr.io/kube-scheduler:v1.23.0-rc.0
k8s.gcr.io/kube-proxy:v1.23.0-rc.0
ghcr.io/talos-systems/kubelet:v1.23.0-rc.0
ghcr.io/talos-systems/installer:v0.14.0-alpha.2
k8s.gcr.io/pause:3.2

Talos 0.13.4 (2021-11-29)

Welcome to the v0.13.4 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Contributors

• Andrey Smirnov

Changes

• talos-systems/talos@02424e0d7 release(v0.13.4): prepare release
• talos-systems/talos@58560a02d fix: leave only a single IPv4/IPv6 address as kubelet's node IP
• talos-systems/talos@de4aeaf4e fix: catch panics in network operator runs
• talos-systems/talos@774d3a92c fix: ignore EBUSY from kexec_file_load
• talos-systems/talos@7d6334982 fix: allow add_key and request_key in kubelet seccomp profile

Dependency Changes

• github.com/cenkalti/backoff/v4 v4.1.1 new

Previous release can be found at v0.13.3

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.6.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.22.3
k8s.gcr.io/kube-controller-manager:v1.22.3
k8s.gcr.io/kube-scheduler:v1.22.3
k8s.gcr.io/kube-proxy:v1.22.3
ghcr.io/talos-systems/kubelet:v1.22.3
ghcr.io/talos-systems/installer:v0.13.4
k8s.gcr.io/pause:3.2

Talos 0.13.3 (2021-11-22)

Welcome to the v0.13.3 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Kubelet

Kubelet service can now be restarted with talosctl service kubelet restart.

Kubelet node IP configuration (.machine.kubelet.nodeIP.validSubnets) can now include negative subnet matches (prefixed with !).

Contributors

• Andrey Smirnov

Changes

• talos-systems/talos@193599d7d release(v0.13.3): prepare release
• talos-systems/talos@f375ba1d3 fix: unblock events watch on context cancel
• talos-systems/talos@8b5fcb1cc fix: ignore not existing nodes on cordoning
• talos-systems/talos@f303a8c3f fix: ignore virtual IP as kubelet node IPs
• talos-systems/talos@980cbc68a feat: allow kubelet to be restarted and provide negative nodeIP subnets
• talos-systems/talos@0018fbf66 fix: don't run kexec prepare on shutdown and reset

Changes from talos-systems/net

• talos-systems/net@0abe5bd feat: implement FilterIPs function

Dependency Changes

• github.com/talos-systems/net v0.3.0 -> 0abe5bdae8f8

Previous release can be found at v0.13.2

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.6.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.22.3
k8s.gcr.io/kube-controller-manager:v1.22.3
k8s.gcr.io/kube-scheduler:v1.22.3
k8s.gcr.io/kube-proxy:v1.22.3
ghcr.io/talos-systems/kubelet:v1.22.3
ghcr.io/talos-systems/installer:v0.13.3
k8s.gcr.io/pause:3.2

Talos 0.14.0-alpha.1 (2021-11-15)

Welcome to the v0.14.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Kexec and capabilities

When kexec support is disabled
Talos no longer drops Linux capabilities (CAP_SYS_BOOT and CAP_SYS_MODULES) for child processes.
That is helpful for advanced use-cases like Docker-in-Docker.

If you want to permanently disable kexec and capabilities dropping, pass kexec_load_disabled=1 argument to the kernel.

For example:

install:
  extraKernelArgs:
    - sysctl.kernel.kexec_load_disabled=1

Please note that capabilities are dropped before machine configuration is loaded,
so disabling kexec via machine.sysctls will not be enough.

Cluster Discovery

Cluster Discovery is enabled by default for Talos 0.14.
Cluster Discovery can be disabled with talosctl gen config --with-cluster-discovery=false.

Kubelet

Kubelet service can now be restarted with talosctl service kubelet restart.

Kubelet node IP configuration (.machine.kubelet.nodeIP.validSubnets) can now include negative subnet matches (prefixed with !).

Log Shipping

Talos can now ship system logs to the configured destination using either JSON-over-UDP or JSON-over-TCP:
see .machine.logging machine configuration option.

talosctl support

talosctl CLI tool now has a new subcommand called support, that can gather all
cluster information that could help with future debugging in a single run.

Output of the command is a zip archive with all talos service logs, kubernetes pod logs and manifests,
talos resources manifests and so on.
Generated archive does not contain any secret information so it is safe to send it for analysis to a third party.

Component Updates

• Linux: 5.15.1
• etcd: 3.5.1
• containerd: 1.5.7
• Kubernetes: 1.23.0-alpha.4
• CoreDNS: 1.8.6

Talos is built with Go 1.17.2

Kubernetes Upgrade Enhancements

talosctl upgrade-k8s now syncs all Talos manifest resources generated from templates.

So there is no need to update CoreDNS, Flannel container manually after running upgrade-k8s anymore.

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Serge Logvinov
• Noel Georgi
• Spencer Smith
• Nico Berlee
• Alex Zero
• Andrew Rynhard
• Branden Cash
• David Haines
• Gerard de Leeuw
• Michael Fornaro
• Rui Lopes

Changes

• talos-systems/talos@695300dac release(v0.14.0-alpha.1): prepare release
• talos-systems/talos@753a82188 refactor: move pkg/resources to machinery
• talos-systems/talos@0102a64a5 refactor: remove pkg/resources dependencies on wgtypes, netx
• talos-systems/talos@7462733bc chore: update golangci-lint
• talos-systems/talos@032c99a03 refactor: remove pkg/resources dependencies on k8s and base62
• talos-systems/talos@4a5cff45f perf: raspberry PIs clockspeed as fast as firmware allows
• talos-systems/talos@a76f6d69d feat: allow kubelet to be restarted and provide negative nodeIP subnets
• talos-systems/talos@189221d58 chore: update dependencies
• talos-systems/talos@41f0aecc1 docs: update partition info
• talos-systems/talos@95105071d chore: fix simple issues found by golangci-lint
• talos-systems/talos@d4b0ca21a test: retry upgrade mutex lock failures
• talos-systems/talos@4357e9a84 docs: add Talos partions info
• talos-systems/talos@8e8687d75 fix: use temporary sonobuoy version
• talos-systems/talos@e4e8e8737 test: disable e2e-misc test with Canal CNI
• talos-systems/talos@897da2f6e docs: common typos
• talos-systems/talos@a50483ddd feat: update Linux to 5.15.1
• talos-systems/talos@a2233bfe4 fix: improve NTP sync process
• talos-systems/talos@7efc1238e fix: parse partition size correctly
• talos-systems/talos@d6147eb17 chore: update sonobuoy
• talos-systems/talos@efbae7857 fix: use etc folder for du cli tests
• talos-systems/talos@198eea51a fix: wait for follow reader to start before writing to the file
• talos-systems/talos@e7f715eb0 chore: log KubeSpan IPs overlaps
• talos-systems/talos@82a1ad168 chore: bump dependencies
• talos-systems/talos@e8fccbf53 fix: clear time adjustment error when setting time to specific value
• talos-systems/talos@e6f90bb41 chore: remove unused parameters
• talos-systems/talos@785161d19 feat: update k8s to 1.23.0-alpha.4
• talos-systems/talos@fe228d7c8 fix: do not use yaml.v2 in the support cmd
• talos-systems/talos@9b48ca217 fix: endpoints and nodes in generated talosconfig
• talos-systems/talos@6e16fd2fe chore: update tools, pkgs, and extras
• talos-systems/talos@261c497c7 feat: implement talosctl support command
• talos-systems/talos@fc7dc4548 chore: check our API idiosyncrasies
• talos-systems/talos@b15844298 feat: use GCP deployment manager
• talos-systems/talos@3e7d4df99 chore: bump dependencies
• talos-systems/talos@88f242295 refactor: get rid of prometheus/procfs dependency in pkg/resources
• talos-systems/talos@dd196d300 refactor: prepare for move of pkg/resources to machinery
• talos-systems/talos@f6110f803 fix: remove listening socket to fix Talos in a container restart
• talos-systems/talos@53bbb13ed docs: update docs with emmc boot guide
• talos-systems/talos@8329d2111 chore: split polymorphic RootSecret resource into specific types
• talos-systems/talos@c97becdd9 chore: remove interfaces and routes APIs
• talos-systems/talos@d798635d9 feat: automatically limit kubelet node IP family based on service CIDRs
• talos-systems/talos@205a8d6dc chore: make nethelpers build on all OSes
• talos-systems/talos@5b5dd49f6 feat: extract JSON fields from more log messages
• talos-systems/talos@eb4f11822 docs: create cluster in hetzner cloud
• talos-systems/talos@728164e25 docs: fix kexec_load_disabled param name in release notes
• talos-systems/talos@f6328f09a fix: fix filename typo
• talos-systems/talos@01b0f0abb release(v0.14.0-alpha.0): prepare release
• talos-systems/talos@8b6206537 fix: skip generating empty .machine.logging
• talos-systems/talos@60ad00636 fix: don't drop ability to use ambient capabilities
• talos-systems/talos@b6b78e7fe test: add cluster discovery integration tests
• talos-systems/talos@97d64d160 fix: hcloud network config changes
• talos-systems/talos@4c76865d0 feat: multiple logging improvements
• talos-systems/talos@1d1e1df64 fix: handle skipped mounts correctly
• talos-systems/talos@0a964d921 test: fix openstack unit-test stability
• talos-systems/talos@72f62ac27 chore: bump Go and Docker dependencies
• talos-systems/talos@9c48ebe8f fix: gcp fetching externalIP
• talos-systems/talos@6c297268c test: fix e2e k8s version
• talos-systems/talos@ae5af9d3f feat: update Kubernetes to 1.23.0-alpha.3
• talos-systems/talos@28d3a69e9 feat: openstack config-drive support
• talos-systems/talos@2258bc491 test: update GCP e2e script to work with new templates
• talos-systems/talos@36b6ace25 feat: update Linux to 5.10.75
• talos-systems/talos@38516a549 test: update Talos versions in upgrade tests
• talos-systems/talos@cff20ec78 fix: change services OOM score
• talos-systems/talos@666a2b620 feat: azure platform ipv6 support
• talos-systems/talos@d32814e30 feat: extract JSON fields from log lines
• talos-systems/talos@e77d81fff fix: treat literal 'unknown' as a valid machine type
• talos-systems/talos@c8e404e35 test: update vars for AWS cluster
• talos-systems/talos@ad23891b1 feat: update CoreDNS version 1.8.6
• talos-systems/talos@41299cae9 feat: udev rules support
• talos-systems/talos@5237fdc95 feat: send JSON logs over UDP
• talos-systems/talos@6d44587a4 feat: coredns service dualstack
• talos-systems/talos@12f7888b7 feat: feed control plane endpoints on workers from cluster discovery
• talos-systems/talos@431e4fb4b chore: bump Go and Docker dependencies
• talos-systems/talos@89f3b9f8d feat: update etcd to 3.5.1
• talos-systems/talos@e60469a38 feat: initial support for JSON logging
• talos-systems/talos@68c420e3c feat: enable cluster discovery by default
• talos-systems/talos@3e100aa97 test: workaround EventsWatch test flakiness
• talos-systems/talos@9bd4838ac chore: stop using sonobuoy CLI
• talos-systems/talos@6ad459519 docs: fix field names for bonding configuration
• talos-systems/talos@d7a3b7b5b chore: use discovery-client and discovery-api modules
• talos-systems/talos@d6309eed6 docs: create docs for Talos 0.14
• talos-systems/talos@c0fda6436 fix: attempt to clean up tasks in containerd runner
• talos-systems/talos@8cf442daa chore: bump tools, pkgs, extras
• talos-systems/talos@0dad5f4d7 chore: small cleanup
• talos-systems/talos@e3e2113ad feat: upgrade CoreDNS during upgrade-k8s call
• talos-systems/talos@d92c98e19 docs: fix discovery service documentation link
• talos-systems/talos@e44b11c59 feat: update containerd to 1.5.7, bump Go dependencies
• talos-systems/talos@24129307a docs: make Talos 0.13 docs latest, update documentation
• talos-systems/talos@31b6e39e5 fix: delete expired affiliates from the discovery service
• talos-systems/talos@877a2b6fc test: bump CAPI components to v1alpha4
• talos-systems/talos@2ba0e0ac4 docs: add KubeSpan documentation
• talos-systems/talos@997873b6d fix: use ECDSA-SHA512 when generating certs for Talos < 0.13
• talos-systems/talos@7137166d1 fix: allow overriding audit-policy-file in kube-apiserver static pod
• talos-systems/talos@8fcd42196 chore: fix integration-qemu-race
• talos-systems/talos@91a858b53 fix: sort output of the argument builder
• talos-systems/talos@657f7a56b fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs
• talos-systems/talos@983d2459e feat: suppress logging NTP sync to the console
• talos-systems/talos@022c7335f fix: add interface route if DHCP4 router is not directly routeable
• talos-systems/talos@66a1579ea fix: don't enable 'no new privs' on the system level
• talos-systems/talos@423861cf9 feat: don't drop capabilities if kexec is disabled
• talos-systems/talos@facc8c38a docs: fix documentation for cluster discovery
• talos-systems/talos@ce65ca4e4 chore: build using only amd64 builders
• talos-systems/talos@e9b0f010d chore: update docker image in the pipeline

Changes since v0.14.0-alpha.0

• talos-systems/talos@695300dac release(v0.14.0-alpha.1): prepare release
• talos-systems/talos@753a82188 refactor: move pkg/resources to machinery
• talos-systems/talos@0102a64a5 refactor: remove pkg/resources dependencies on wgtypes, netx
• talos-systems/talos@7462733bc chore: update golangci-lint
• talos-systems/talos@032c99a03 refactor: remove pkg/resources dependencies on k8s and base62
• talos-systems/talos@4a5cff45f perf: raspberry PIs clockspeed as fast as firmware allows
• talos-systems/talos@a76f6d69d feat: allow kubelet to be restarted and provide negative nodeIP subnets
• talos-systems/talos@189221d58 chore: update dependencies
• talos-systems/talos@41f0aecc1 docs: update partition info
• talos-systems/talos@95105071d chore: fix simple issues found by golangci-lint
• talos-systems/talos@d4b0ca21a test: retry upgrade mutex lock failures
• talos-systems/talos@4357e9a84 docs: add Talos partions info
• talos-systems/talos@8e8687d75 fix: use temporary sonobuoy version
• talos-systems/talos@e4e8e8737 test: disable e2e-misc test with Canal CNI
• talos-systems/talos@897da2f6e docs: common typos
• talos-systems/talos@a50483ddd feat: update Linux to 5.15.1
• talos-systems/talos@a2233bfe4 fix: improve NTP sync process
• talos-systems/talos@7efc1238e fix: parse partition size correctly
• talos-systems/talos@d6147eb17 chore: update sonobuoy
• talos-systems/talos@efbae7857 fix: use etc folder for du cli tests
• talos-systems/talos@198eea51a fix: wait for follow reader to start before writing to the file
• talos-systems/talos@e7f715eb0 chore: log KubeSpan IPs overlaps
• talos-systems/talos@82a1ad168 chore: bump dependencies
• talos-systems/talos@e8fccbf53 fix: clear time adjustment error when setting time to specific value
• talos-systems/talos@e6f90bb41 chore: remove unused parameters
• talos-systems/talos@785161d19 feat: update k8s to 1.23.0-alpha.4
• talos-systems/talos@fe228d7c8 fix: do not use yaml.v2 in the support cmd
• talos-systems/talos@9b48ca217 fix: endpoints and nodes in generated talosconfig
• talos-systems/talos@6e16fd2fe chore: update tools, pkgs, and extras
• talos-systems/talos@261c497c7 feat: implement talosctl support command
• talos-systems/talos@fc7dc4548 chore: check our API idiosyncrasies
• talos-systems/talos@b15844298 feat: use GCP deployment manager
• talos-systems/talos@3e7d4df99 chore: bump dependencies
• talos-systems/talos@88f242295 refactor: get rid of prometheus/procfs dependency in pkg/resources
• talos-systems/talos@dd196d300 refactor: prepare for move of pkg/resources to machinery
• talos-systems/talos@f6110f803 fix: remove listening socket to fix Talos in a container restart
• talos-systems/talos@53bbb13ed docs: update docs with emmc boot guide
• talos-systems/talos@8329d2111 chore: split polymorphic RootSecret resource into specific types
• talos-systems/talos@c97becdd9 chore: remove interfaces and routes APIs
• talos-systems/talos@d798635d9 feat: automatically limit kubelet node IP family based on service CIDRs
• talos-systems/talos@205a8d6dc chore: make nethelpers build on all OSes
• talos-systems/talos@5b5dd49f6 feat: extract JSON fields from more log messages
• talos-systems/talos@eb4f11822 docs: create cluster in hetzner cloud
• talos-systems/talos@728164e25 docs: fix kexec_load_disabled param name in release notes
• talos-systems/talos@f6328f09a fix: fix filename typo

Changes from talos-systems/discovery-api

• talos-systems/discovery-api@db279ef feat: initial set of APIs and generated files
• talos-systems/discovery-api@ac52a37 chore: initial commit

Changes from talos-systems/discovery-client

• talos-systems/discovery-client@a9a5e9b feat: initial client code
• talos-systems/discovery-client@98eb999 chore: initial commit

Changes from talos-systems/extras

• talos-systems/extras@2bb2efc chore: update pkgs and tools
• talos-systems/extras@d6e8b3a chore: update pkgs and tools

Changes from talos-systems/net

• talos-systems/net@0abe5bd feat: implement FilterIPs function

Changes from talos-systems/pkgs

• talos-systems/pkgs@740da24 feat: bump raspberrypi-firmware to 1.20211029
• talos-systems/pkgs@832dae4 fix: enable CONFIG_DM_SNAPSHOT
• talos-systems/pkgs@f307e64 feat: update Linux to 5.15.1
• talos-systems/pkgs@4f0f238 chore: update tools
• talos-systems/pkgs@932c3cf feat: update libseccomp to 2.5.3
• talos-systems/pkgs@7f3311e feat: update cpu governor to schedutil
• talos-systems/pkgs@b4cdb99 fix: update containerd shas
• talos-systems/pkgs@80a63d4 feat: update Linux to 5.10.75
• talos-systems/pkgs@5c98efd feat: add QLogic QED 25/40/100Gb Ethernet NIC driver
• talos-systems/pkgs@bfb2365 feat: enable driver for SuperMicro raid controller
• talos-systems/pkgs@657e16b feat: enable Intel VMD driver
• talos-systems/pkgs@f7d9d72 feat: enable smarpqi driver and related options
• talos-systems/pkgs@bca3be0 feat: enable aqtion device driver
• talos-systems/pkgs@b88127a chore: update tools
• talos-systems/pkgs@971735f feat: update containerd to 1.5.7

Changes from talos-systems/tools

• talos-systems/tools@96e0231 feat: update squashfs-tools to 4.5
• talos-systems/tools@2c9c826 feat: update libseccomp to 2.5.3
• talos-systems/tools@f713a7c feat: update protobuf to 3.19.1, grpc-go to 1.42.0
• talos-systems/tools@972c5ef feat: update Go to 1.17.3
• talos-systems/tools@f63848c feat: update PCRE version and source host
• talos-systems/tools@fab7532 feat: update Go to 1.17.2

Dependency Changes

• github.com/AlekSi/pointer v1.1.0 -> v1.2.0
• github.com/containerd/cgroups v1.0.1 -> v1.0.2
• github.com/containerd/containerd v1.5.5 -> v1.5.7
• github.com/docker/docker v20.10.8 -> v20.10.10
• github.com/evanphx/json-patch v4.11.0 -> v4.12.0
• github.com/gosuri/uiprogress v0.0.1 new
• github.com/hashicorp/go-getter v1.5.8 -> v1.5.9
• github.com/hetznercloud/hcloud-go v1.32.0 -> v1.33.1
• github.com/insomniacslk/dhcp b95caade3eac -> ad197bcd36fd
• github.com/jsimonetti/rtnetlink 435639c8e6a8 -> 93da33804786
• github.com/jxskiss/base62 4f11678b909b -> v1.0.0
• github.com/mdlayher/ethtool 2b88debcdd43 -> 288d040e9d60
• github.com/rivo/tview ee97a7ab3975 -> badfa0f0b301
• github.com/talos-systems/discovery-api v0.1.0 new
• github.com/talos-systems/discovery-client v0.1.0 new
• github.com/talos-systems/extras v0.6.0 -> v0.7.0-alpha.0-1-g2bb2efc
• github.com/talos-systems/net v0.3.0 -> 0abe5bdae8f8
• github.com/talos-systems/pkgs v0.8.0 -> v0.9.0-alpha.0-14-g740da24
• github.com/talos-systems/talos/pkg/machinery v0.13.0 -> 000000000000
• github.com/talos-systems/tools v0.8.0 -> v0.9.0-alpha.0-5-g96e0231
• github.com/vmware-tanzu/sonobuoy v0.53.2 -> v0.55.0
• github.com/vmware/govmomi v0.26.1 -> v0.27.1
• github.com/vmware/vmw-guestinfo 687661b8bd8e -> cc1fd90d572c
• go.etcd.io/etcd/api/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/client/pkg/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/client/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/etcdutl/v3 v3.5.0 -> v3.5.1
• golang.org/x/net 3ad01bbaa167 -> 69e39bad7dc2
• golang.org/x/sys 39ccf1dd6fa6 -> 0c823b97ae02
• golang.org/x/term 140adaaadfaf -> 03fcf44c2211
• golang.zx2c4.com/wireguard/wgctrl 0a2f4901cba6 -> 0073765f69ba
• google.golang.org/grpc v1.41.0 -> v1.42.0
• inet.af/netaddr 85fa6c94624e -> c74959edd3b6
• k8s.io/api v0.22.2 -> v0.23.0-alpha.4
• k8s.io/apimachinery v0.22.2 -> v0.23.0-alpha.4
• k8s.io/client-go v0.22.2 -> v0.23.0-alpha.4
• k8s.io/cri-api v0.22.2 -> v0.23.0-alpha.4
• k8s.io/kubectl v0.22.2 -> v0.23.0-alpha.4
• k8s.io/kubelet v0.22.2 -> v0.23.0-alpha.4
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 -> v1.2.60
• sigs.k8s.io/yaml v1.3.0 new

Previous release can be found at v0.13.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.7.0-alpha.0-1-g2bb2efc
docker.io/coredns/coredns:1.8.6
gcr.io/etcd-development/etcd:v3.5.1
k8s.gcr.io/kube-apiserver:v1.23.0-alpha.4
k8s.gcr.io/kube-controller-manager:v1.23.0-alpha.4
k8s.gcr.io/kube-scheduler:v1.23.0-alpha.4
k8s.gcr.io/kube-proxy:v1.23.0-alpha.4
ghcr.io/talos-systems/kubelet:v1.23.0-alpha.4
ghcr.io/talos-systems/installer:v0.14.0-alpha.1
k8s.gcr.io/pause:3.2

Talos 0.13.2 (2021-11-02)

Welcome to the v0.13.2 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Kexec and capabilities

When kexec support is disabled Talos no longer drops Linux capabilities (CAP_SYS_BOOT and CAP_SYS_MODULES) for child processes.
That is helpful for advanced use-cases like Docker-in-Docker.

If you want to permanently disable kexec and capabilities dropping, pass kexec_load_disabled=1 argument to the kernel.
For example:

install:
  extraKernelArgs:
    - kexec_load_disabled=1

Please note that capabilities are dropped before machine configuration is loaded,
so disabling kexec via machine.sysctls (like in the section Reboots via kexec) will not be enough.

Contributors

• Andrey Smirnov
• Artem Chernyshev
• Serge Logvinov

Changes

• talos-systems/talos@b7fc1a69b release(v0.13.2): prepare release
• talos-systems/talos@a937e6f7d fix: remove listening socket to fix Talos in a container restart
• talos-systems/talos@269867916 feat: automatically limit kubelet node IP family based on service CIDRs
• talos-systems/talos@c873dc5d0 fix: don't drop ability to use ambient capabilities
• talos-systems/talos@2226a9924 fix: hcloud network config changes
• talos-systems/talos@7cb9813b6 feat: update Kubernetes to 1.22.3

Dependency Changes

• k8s.io/api v0.22.2 -> v0.22.3
• k8s.io/client-go v0.22.2 -> v0.22.3
• k8s.io/kubectl v0.22.2 -> v0.22.3
• k8s.io/kubelet v0.22.2 -> v0.22.3

Previous release can be found at v0.13.1

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.6.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.22.3
k8s.gcr.io/kube-controller-manager:v1.22.3
k8s.gcr.io/kube-scheduler:v1.22.3
k8s.gcr.io/kube-proxy:v1.22.3
ghcr.io/talos-systems/kubelet:v1.22.3
ghcr.io/talos-systems/installer:v0.13.2
k8s.gcr.io/pause:3.2

Talos 0.14.0-alpha.0 (2021-10-25)

Welcome to the v0.14.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Kexec and capabilities

When kexec support is disabled
Talos no longer drops Linux capabilities (CAP_SYS_BOOT and CAP_SYS_MODULES) for child processes.
That is helpful for advanced use-cases like Docker-in-Docker.

If you want to permanently disable kexec and capabilities dropping, pass kexec_load_disabled=1 argument to the kernel.

For example:

install:
  extraKernelArgs:
    - sysctl.kernel.kexec_load_disabled=1

Please note that capabilities are dropped before machine configuration is loaded,
so disabling kexec via machine.sysctls will not be enough.

Cluster Discovery

Cluster Discovery is enabled by default for Talos 0.14.
Cluster Discovery can be disabled with talosctl gen config --with-cluster-discovery=false.

Log Shipping

Talos can now ship system logs to the configured destination using either JSON-over-UDP or JSON-over-TCP:
see .machine.logging machine configuration option.

Component Updates

• Linux: 5.10.75
• etcd: 3.5.1
• containerd: 1.5.7
• Kubernetes: 1.23.0-alpha.0
• CoreDNS: 1.8.6

Talos is built with Go 1.17.2

Kubernetes Upgrade Enhancements

talosctl upgrade-k8s now syncs all Talos manifest resources generated from templates.

So there is no need to update CoreDNS, Flannel container manually after running upgrade-k8s anymore.

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Serge Logvinov
• Artem Chernyshev
• Spencer Smith
• Andrew Rynhard
• Branden Cash
• Gerard de Leeuw

Changes

• talos-systems/talos@01b0f0abb release(v0.14.0-alpha.0): prepare release
• talos-systems/talos@8b6206537 fix: skip generating empty .machine.logging
• talos-systems/talos@60ad00636 fix: don't drop ability to use ambient capabilities
• talos-systems/talos@b6b78e7fe test: add cluster discovery integration tests
• talos-systems/talos@97d64d160 fix: hcloud network config changes
• talos-systems/talos@4c76865d0 feat: multiple logging improvements
• talos-systems/talos@1d1e1df64 fix: handle skipped mounts correctly
• talos-systems/talos@0a964d921 test: fix openstack unit-test stability
• talos-systems/talos@72f62ac27 chore: bump Go and Docker dependencies
• talos-systems/talos@9c48ebe8f fix: gcp fetching externalIP
• talos-systems/talos@6c297268c test: fix e2e k8s version
• talos-systems/talos@ae5af9d3f feat: update Kubernetes to 1.23.0-alpha.3
• talos-systems/talos@28d3a69e9 feat: openstack config-drive support
• talos-systems/talos@2258bc491 test: update GCP e2e script to work with new templates
• talos-systems/talos@36b6ace25 feat: update Linux to 5.10.75
• talos-systems/talos@38516a549 test: update Talos versions in upgrade tests
• talos-systems/talos@cff20ec78 fix: change services OOM score
• talos-systems/talos@666a2b620 feat: azure platform ipv6 support
• talos-systems/talos@d32814e30 feat: extract JSON fields from log lines
• talos-systems/talos@e77d81fff fix: treat literal 'unknown' as a valid machine type
• talos-systems/talos@c8e404e35 test: update vars for AWS cluster
• talos-systems/talos@ad23891b1 feat: update CoreDNS version 1.8.6
• talos-systems/talos@41299cae9 feat: udev rules support
• talos-systems/talos@5237fdc95 feat: send JSON logs over UDP
• talos-systems/talos@6d44587a4 feat: coredns service dualstack
• talos-systems/talos@12f7888b7 feat: feed control plane endpoints on workers from cluster discovery
• talos-systems/talos@431e4fb4b chore: bump Go and Docker dependencies
• talos-systems/talos@89f3b9f8d feat: update etcd to 3.5.1
• talos-systems/talos@e60469a38 feat: initial support for JSON logging
• talos-systems/talos@68c420e3c feat: enable cluster discovery by default
• talos-systems/talos@3e100aa97 test: workaround EventsWatch test flakiness
• talos-systems/talos@9bd4838ac chore: stop using sonobuoy CLI
• talos-systems/talos@6ad459519 docs: fix field names for bonding configuration
• talos-systems/talos@d7a3b7b5b chore: use discovery-client and discovery-api modules
• talos-systems/talos@d6309eed6 docs: create docs for Talos 0.14
• talos-systems/talos@c0fda6436 fix: attempt to clean up tasks in containerd runner
• talos-systems/talos@8cf442daa chore: bump tools, pkgs, extras
• talos-systems/talos@0dad5f4d7 chore: small cleanup
• talos-systems/talos@e3e2113ad feat: upgrade CoreDNS during upgrade-k8s call
• talos-systems/talos@d92c98e19 docs: fix discovery service documentation link
• talos-systems/talos@e44b11c59 feat: update containerd to 1.5.7, bump Go dependencies
• talos-systems/talos@24129307a docs: make Talos 0.13 docs latest, update documentation
• talos-systems/talos@31b6e39e5 fix: delete expired affiliates from the discovery service
• talos-systems/talos@877a2b6fc test: bump CAPI components to v1alpha4
• talos-systems/talos@2ba0e0ac4 docs: add KubeSpan documentation
• talos-systems/talos@997873b6d fix: use ECDSA-SHA512 when generating certs for Talos < 0.13
• talos-systems/talos@7137166d1 fix: allow overriding audit-policy-file in kube-apiserver static pod
• talos-systems/talos@8fcd42196 chore: fix integration-qemu-race
• talos-systems/talos@91a858b53 fix: sort output of the argument builder
• talos-systems/talos@657f7a56b fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs
• talos-systems/talos@983d2459e feat: suppress logging NTP sync to the console
• talos-systems/talos@022c7335f fix: add interface route if DHCP4 router is not directly routeable
• talos-systems/talos@66a1579ea fix: don't enable 'no new privs' on the system level
• talos-systems/talos@423861cf9 feat: don't drop capabilities if kexec is disabled
• talos-systems/talos@facc8c38a docs: fix documentation for cluster discovery
• talos-systems/talos@ce65ca4e4 chore: build using only amd64 builders
• talos-systems/talos@e9b0f010d chore: update docker image in the pipeline

Changes from talos-systems/discovery-api

• talos-systems/discovery-api@db279ef feat: initial set of APIs and generated files
• talos-systems/discovery-api@ac52a37 chore: initial commit

Changes from talos-systems/discovery-client

• talos-systems/discovery-client@a9a5e9b feat: initial client code
• talos-systems/discovery-client@98eb999 chore: initial commit

Changes from talos-systems/extras

• talos-systems/extras@d6e8b3a chore: update pkgs and tools

Changes from talos-systems/pkgs

• talos-systems/pkgs@80a63d4 feat: update Linux to 5.10.75
• talos-systems/pkgs@5c98efd feat: add QLogic QED 25/40/100Gb Ethernet NIC driver
• talos-systems/pkgs@bfb2365 feat: enable driver for SuperMicro raid controller
• talos-systems/pkgs@657e16b feat: enable Intel VMD driver
• talos-systems/pkgs@f7d9d72 feat: enable smarpqi driver and related options
• talos-systems/pkgs@bca3be0 feat: enable aqtion device driver
• talos-systems/pkgs@b88127a chore: update tools
• talos-systems/pkgs@971735f feat: update containerd to 1.5.7

Changes from talos-systems/tools

• talos-systems/tools@fab7532 feat: update Go to 1.17.2

Dependency Changes

• github.com/AlekSi/pointer v1.1.0 -> v1.2.0
• github.com/containerd/cgroups v1.0.1 -> v1.0.2
• github.com/containerd/containerd v1.5.5 -> v1.5.7
• github.com/docker/docker v20.10.8 -> v20.10.9
• github.com/hashicorp/go-getter v1.5.8 -> v1.5.9
• github.com/insomniacslk/dhcp b95caade3eac -> 509557e9f781
• github.com/jsimonetti/rtnetlink 435639c8e6a8 -> e34540a94caa
• github.com/jxskiss/base62 4f11678b909b -> v1.0.0
• github.com/rivo/tview ee97a7ab3975 -> 5508f4b00266
• github.com/talos-systems/discovery-api v0.1.0 new
• github.com/talos-systems/discovery-client v0.1.0 new
• github.com/talos-systems/extras v0.6.0 -> v0.7.0-alpha.0
• github.com/talos-systems/pkgs v0.8.0 -> v0.9.0-alpha.0-7-g80a63d4
• github.com/talos-systems/talos/pkg/machinery v0.13.0 -> 000000000000
• github.com/talos-systems/tools v0.8.0 -> v0.9.0-alpha.0
• github.com/vmware-tanzu/sonobuoy v0.53.2 -> v0.54.0
• github.com/vmware/govmomi v0.26.1 -> v0.27.1
• github.com/vmware/vmw-guestinfo 687661b8bd8e -> cc1fd90d572c
• go.etcd.io/etcd/api/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/client/pkg/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/client/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/etcdutl/v3 v3.5.0 -> v3.5.1
• golang.org/x/net 3ad01bbaa167 -> d418f374d309
• golang.org/x/sys 39ccf1dd6fa6 -> d6a326fbbf70
• golang.org/x/term 140adaaadfaf -> 03fcf44c2211
• golang.zx2c4.com/wireguard/wgctrl 0a2f4901cba6 -> 5be1d6054c42
• k8s.io/api v0.22.2 -> v0.23.0-alpha.3
• k8s.io/apimachinery v0.22.2 -> v0.23.0-alpha.3
• k8s.io/client-go v0.22.2 -> v0.23.0-alpha.3
• k8s.io/cri-api v0.22.2 -> v0.23.0-alpha.3
• k8s.io/kubectl v0.22.2 -> v0.23.0-alpha.3
• k8s.io/kubelet v0.22.2 -> v0.23.0-alpha.3
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 -> v1.2.60
• sigs.k8s.io/yaml v1.3.0 new

Previous release can be found at v0.13.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.7.0-alpha.0
docker.io/coredns/coredns:1.8.6
gcr.io/etcd-development/etcd:v3.5.1
k8s.gcr.io/kube-apiserver:v1.23.0-alpha.3
k8s.gcr.io/kube-controller-manager:v1.23.0-alpha.3
k8s.gcr.io/kube-scheduler:v1.23.0-alpha.3
k8s.gcr.io/kube-proxy:v1.23.0-alpha.3
ghcr.io/talos-systems/kubelet:v1.23.0-alpha.3
ghcr.io/talos-systems/installer:v0.14.0-alpha.0
k8s.gcr.io/pause:3.2

Talos 0.13.1 (2021-10-25)

Welcome to the v0.13.1 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Kexec and capabilities

When kexec support is disabled Talos no longer drops Linux capabilities (CAP_SYS_BOOT and CAP_SYS_MODULES) for child processes.
That is helpful for advanced use-cases like Docker-in-Docker.

If you want to permanently disable kexec and capabilities dropping, pass kexec_load_disabled=1 argument to the kernel.
For example:

install:
  extraKernelArgs:
    - sysctl.kernel.kexec_load_disabled=1

Please note that capabilities are dropped before machine configuration is loaded,
so disabling kexec via machine.sysctls (like in the section Reboots via kexec) will not be enough.

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Spencer Smith

Changes

• talos-systems/talos@de843ecdf release(v0.13.1): prepare release
• talos-systems/talos@39e9a6ab4 test: update GCP e2e script to work with new templates
• talos-systems/talos@0a51dcb79 test: update vars for AWS cluster
• talos-systems/talos@a770bbef7 fix: handle skipped mounts correctly
• talos-systems/talos@cdf9a5ee6 fix: treat literal 'unknown' as a valid machine type
• talos-systems/talos@fc35c82f6 feat: don't drop capabilities if kexec is disabled
• talos-systems/talos@4aa988507 fix: delete expired affiliates from the discovery service

Changes from talos-systems/discovery-service

• talos-systems/discovery-service@95593b8 feat: implement landing page for the discovery service
• talos-systems/discovery-service@b579076 fix: update affiliate state correctly when they get deleted
• talos-systems/discovery-service@49e53b1 fix: cluster with some subscriptions isn't empty
• talos-systems/discovery-service@9b5eeae chore: add go-debug
• talos-systems/discovery-service@1655040 chore: improve state logging

Dependency Changes

• github.com/talos-systems/discovery-service v0.1.0 -> v0.1.1

Previous release can be found at v0.13.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.6.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.22.2
k8s.gcr.io/kube-controller-manager:v1.22.2
k8s.gcr.io/kube-scheduler:v1.22.2
k8s.gcr.io/kube-proxy:v1.22.2
ghcr.io/talos-systems/kubelet:v1.22.2
ghcr.io/talos-systems/installer:v0.13.1
k8s.gcr.io/pause:3.2

Talos 0.13.0 (2021-10-12)

Welcome to the v0.13.0 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Cluster Discovery and KubeSpan

This release of Talos provides initial support for cluster membership discovery and KubeSpan.

These new features are not enabled by default, to enable them please make following changes to the machine configuration:

machine:
  network:
    kubespan:
      enabled: true
cluster:
  discovery:
    enabled: true

Reboots via kexec

Talos now reboots by default via kexec syscall which means BIOS POST process is skipped.
On bare-metal hardware BIOS POST process might take 10-15 minutes, so Talos reboots 10-15 minutes faster on bare-metal.

Kexec support can be disabled with the following change to the machine configuration:

machine:
  sysctls:
    kernel.kexec_load_disabled: "1"

Hetzner, Scaleway, Upcloud and Vultr

Talos now natively supports four new cloud platforms:

• Hetzner, including VIP support
• Scaleway
• Upcloud
• Vultr

Also generic cloud-init nocloud platform is supported in both networking and storage-based modes.

etcd Advertised Address

The address advertised by etcd can now be controlled with new machine configuration option machine.etcd.subnet.

kubelet Node IP

The addresses picked by kubelet can now be controlled with new machine configuration option machine.kubelet.nodeIP.validSubnets.

Windows Suport

CLI tool talosctl is now built for Windows and published as part of the release.

Component Updates

Linux: 5.10.69
Kubernetes: 1.22.2
containerd: 1.5.6
runc: 1.0.2

Talos is built with Go 1.17.1.

Contributors

• Andrey Smirnov
• Artem Chernyshev
• Alexey Palazhchenko
• Seán C McCord
• Serge Logvinov
• Andrew Rynhard
• Olli Janatuinen
• Spencer Smith
• Andrey Smirnov
• Lennard Klein
• Rui Lopes

Changes

• talos-systems/talos@04ebab93c release(v0.13.0): prepare release
• talos-systems/talos@d50728580 fix: allow overriding audit-policy-file in kube-apiserver static pod
• talos-systems/talos@98759512e fix: use ECDSA-SHA512 when generating certs for Talos < 0.13
• talos-systems/talos@fd5c47771 fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs
• talos-systems/talos@ccc210ead chore: fix integration-qemu-race
• talos-systems/talos@7457d7939 release(v0.13.0-beta.1): prepare release
• talos-systems/talos@250529e19 fix: revert use ECDSA-SHA256 signature algorithm for Kubernetes certs
• talos-systems/talos@a3ac9bfd8 fix: sort output of the argument builder
• talos-systems/talos@81c389926 fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs
• talos-systems/talos@bc3e07f68 feat: suppress logging NTP sync to the console
• talos-systems/talos@27a695be5 fix: add interface route if DHCP4 router is not directly routeable
• talos-systems/talos@c55b4a5ee fix: don't enable 'no new privs' on the system level
• talos-systems/talos@3ecec6ecc chore: build using only amd64 builders
• talos-systems/talos@d2c7e855c chore: update docker image in the pipeline
• talos-systems/talos@e82a443e8 release(v0.13.0-beta.0): prepare release
• talos-systems/talos@5f277713f chore: prepare for 0.13-beta release
• talos-systems/talos@5e41dd4a6 feat: add an option to configure kubelet node IP based on subnets
• talos-systems/talos@72e49029e chore: allow insecure discovery in debug builds
• talos-systems/talos@d52befd1a fix: ignore 404 for AWS external IPs
• talos-systems/talos@44a63e9a4 feat: update containerd to 1.5.6
• talos-systems/talos@0e0fb6847 release(v0.13.0-alpha.3): prepare release
• talos-systems/talos@4044372e1 feat: harvest discovered endpoints and push them via discovery svc
• talos-systems/talos@9a51aa835 feat: add an option to skip downed peers in KubeSpan
• talos-systems/talos@cbbd7c682 feat: publish node's ExternalIPs as node addresses
• talos-systems/talos@0f60ef6d3 fix: reset inputs back to initial state in secrets.APIController
• talos-systems/talos@64cb873ec feat: override static pods default args by extra Args
• talos-systems/talos@ecdd7757f test: workaround race in the tests with zaptest package
• talos-systems/talos@9c67fde75 release(v0.13.0-alpha.2): prepare release
• talos-systems/talos@30ae71424 feat: implement integration with Discovery Service
• talos-systems/talos@353d632ae feat: add nocloud platform support
• talos-systems/talos@628fbf9b4 chore: update Linux to 5.10.69
• talos-systems/talos@62acd6251 fix: check trustd API CA on worker nodes
• talos-systems/talos@ba27bc366 feat: implement Hetzner Cloud support for virtual (shared) IP
• talos-systems/talos@95f440eaa test: add fuzz test for configloader
• talos-systems/talos@d2cf021d8 chore: remove deprecated "join" term
• talos-systems/talos@0e18e2800 chore: bump dependencies
• talos-systems/talos@b450b7cef chore: deprecate Interfaces and Routes APIs
• talos-systems/talos@cddcb9622 fix: find devices without partition table
• talos-systems/talos@b1b6d6136 fix: check for existence of dhcp6 FQDN first
• talos-systems/talos@519999b84 fix: use readonly mode when probing devices with All lookup
• talos-systems/talos@2b5204200 feat: enable resource API in the maintenance mode
• talos-systems/talos@452893c26 fix: make probe open blockdevice in readonly mode
• talos-systems/talos@96bccdd3b test: update CABPT provider to 0.3 release
• talos-systems/talos@d9eb18bfd fix: containerd log symlink
• talos-systems/talos@efa7f48e0 docs: quicklinks on landing page
• talos-systems/talos@1cb9f282b fix: don't marshal clock with SecretsBundle
• talos-systems/talos@b27c75b30 release(v0.13.0-alpha.1): prepare release
• talos-systems/talos@9d803d75b chore: bump dependencies and drop firecracker support
• talos-systems/talos@50a241048 feat: add operating system version field to discovery
• talos-systems/talos@085c61b2e chore: add a special condition to check for kubeconfig readiness
• talos-systems/talos@21cdd8540 fix: add node address to the list of allowed IPs (kubespan)
• talos-systems/talos@fdd80a123 feat: add an option to continue booting on NTP timeout
• talos-systems/talos@ef3684989 feat: add routes, routing rules and nftables rules for KubeSpan
• talos-systems/talos@ed12379f2 fix: patch multi nodes support
• talos-systems/talos@d943bb0e2 feat: update Kubernetes to 1.22.2
• talos-systems/talos@d0585fb6b feat: reboot via kexec
• talos-systems/talos@3de505c89 fix: skip bad cloud-config in OpenStack platform
• talos-systems/talos@a394d1e20 fix: tear down control plane static pods when etcd is stopped
• talos-systems/talos@1c05089bb feat: implement KubeSpan manager for Wireguard peer state
• talos-systems/talos@ec7f44efe fix: completely prevent editing resources other than mc
• talos-systems/talos@19a8ae97c feat: add vultr.com cloud support
• talos-systems/talos@0ff4c7cdb fix: write KubernetesCACert chmodded 0400 instead of 0500
• talos-systems/talos@a1c9d6490 fix: update the way results are retrieved for certified conformance
• talos-systems/talos@a05945404 chore: build using Go 1.17
• talos-systems/talos@7c5045bd9 release(v0.13.0-alpha.0): prepare release
• talos-systems/talos@ee2dce6c1 chore: bump dependencies
• talos-systems/talos@ef0229592 fix: print etcd member ID in hex
• talos-systems/talos@5ca1fb822 fix: multiple fixes for KubeSpan and Wireguard implementation
• talos-systems/talos@b1bd64250 fix: build platform images
• talos-systems/talos@3b5f4038d feat: add scaleway.com cloud support
• talos-systems/talos@f156ab184 feat: add upcloud.com cloud support
• talos-systems/talos@c3b2429ce fix: suppress spurious Kubernetes API server cert updates
• talos-systems/talos@ff90b5751 feat: implement KubeSpan peer generation controller
• talos-systems/talos@14c69df50 fix: correctly parse multiple pod/service CIDRs
• talos-systems/talos@69897dbba feat: drop some capabilities to be never available
• talos-systems/talos@51e9836b0 docs: promote 0.12 docs to be the latest
• talos-systems/talos@812d59c70 feat: add hetzner.com cloud support
• talos-systems/talos@d53e9e896 chore: use named constants
• talos-systems/talos@2dfe7f1fc chore: bump tools to the latest version
• talos-systems/talos@82b130e78 docs: document required options for extraMounts
• talos-systems/talos@af6622109 feat: implement Kubernetes cluster discovery registry
• talos-systems/talos@2c66e1b3c feat: provide building of local Affiliate structure (for the node)
• talos-systems/talos@d69bd2af3 chore: enable GPG identity check for Talos
• talos-systems/talos@8dbd851fd chore: update tools/pkgs/extras to the new version
• talos-systems/talos@0b347570a feat: use dynamic NodeAddresses/HostnameStatus in Kubernetes certs
• talos-systems/talos@bd5b9c96e fix: correctly define example for extraMounts
• talos-systems/talos@01cca099f docs: update docs for Talos 0.12 release
• talos-systems/talos@668627d5b feat: add subnet filter for etcd address
• talos-systems/talos@3c3c281bf chore: bump dependencies via dependabot
• talos-systems/talos@f8bebba2d fix: ignore error on duplicate for MountStatus
• talos-systems/talos@6956edd0b feat: add node address filters, filter out k8s addresses for Talos API
• talos-systems/talos@caee24bf6 feat: implement KubeSpan identity controller
• talos-systems/talos@da0f6e7e1 fix: allow updating diskSelector option
• talos-systems/talos@761ccaf32 feat: provide machine configuration for KubeSpan and cluster discovery
• talos-systems/talos@a81e30cb4 docs: add bootstrap command to VMware docs
• talos-systems/talos@97da354cc fix: do not panic on invalid machine configs
• talos-systems/talos@c4048e263 fix: don't extract nil IPs in the GCP platform
• talos-systems/talos@ba169c6f9 feat: provide talosctl.exe for Windows
• talos-systems/talos@6312f473e fix: properly handle omitempty fields in the validator
• talos-systems/talos@7f22879af feat: provide random node identity
• talos-systems/talos@032e7c6b8 chore: import yaml.v3 consistently
• talos-systems/talos@80b5f0e7f fix: validate IP address returned as HTTP response in platform code
• talos-systems/talos@c9af8f7ff docs: fork docs for 0.13
• talos-systems/talos@85cda1b95 feat: provide MountStatus resource for system partition mounts
• talos-systems/talos@950f122c9 chore: update versions in upgrade tests
• talos-systems/talos@83fdb7721 feat: provide first NIC hardware addr as a resource
• talos-systems/talos@5f5ac12f1 fix: properly case the VMware name
• talos-systems/talos@0a6048f46 fix: don't allow bootstrap if etcd data directory is not empty
• talos-systems/talos@e24b93b4e fix: cgroup delegate
• talos-systems/talos@751f64f9b docs: add release notes for 0.12, support matrix
• talos-systems/talos@57a77696e feat: update Kubernetes to 1.22.1
• talos-systems/talos@244b08cc1 chore: bump dependencies
• talos-systems/talos@576ba1957 fix: do not set KSPP kernel params in container mode
• talos-systems/talos@b8c92ede5 fix: don't support cgroups nesting in process runner
• talos-systems/talos@9bb0b7970 test: adapt tests to the cgroupsv2
• talos-systems/talos@1abc12be1 fix: extramount should have yaml:",inline" tag
• talos-systems/talos@2b614e430 feat: check if cluster has deprecated resources versions
• talos-systems/talos@0b86edab8 fix: don't panic if the machine config doesn't have network (EM)
• talos-systems/talos@8bef41e4b fix: make sure file mode is same (reproducibility issue)
• talos-systems/talos@fcfca55a0 chore: do not check that go mod tidy gives empty output
• talos-systems/talos@5ce92ca51 docs: ensure azure VMs are 0 indexed

Changes since v0.13.0-beta.1

• talos-systems/talos@04ebab93c release(v0.13.0): prepare release
• talos-systems/talos@d50728580 fix: allow overriding audit-policy-file in kube-apiserver static pod
• talos-systems/talos@98759512e fix: use ECDSA-SHA512 when generating certs for Talos < 0.13
• talos-systems/talos@fd5c47771 fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs
• talos-systems/talos@ccc210ead chore: fix integration-qemu-race

Changes from talos-systems/crypto

• talos-systems/crypto@9a63cba fix: add back support for generating ECDSA keys with P-256 and SHA512
• talos-systems/crypto@893bc66 fix: use SHA256 for ECDSA-P256

Changes from talos-systems/discovery-service

• talos-systems/discovery-service@ee4b2a4 fix: retry on Hello failures
• talos-systems/discovery-service@ab9c7c9 chore: add Prometheus metrics
• talos-systems/discovery-service@b2e2079 fix: properly encrypt IPv6 endpoints
• talos-systems/discovery-service@e9d5dfa fix: enable connections to endpoints with public certs
• talos-systems/discovery-service@509e9b2 feat: implement client wrapper around discovery service API
• talos-systems/discovery-service@6195466 feat: enable vtprotobuf, watch batching, more limits
• talos-systems/discovery-service@7174ec1 feat: implement new discovery service
• talos-systems/discovery-service@1a43970 feat: add node and cluster validation
• talos-systems/discovery-service@6454cfc refactor: kresify, fix linter and rename to Kubespan manager
• talos-systems/discovery-service@d782452 add redis database backend
• talos-systems/discovery-service@924fed4 refactor to flexible addresses
• talos-systems/discovery-service@cd02b5a revert to string IDs
• talos-systems/discovery-service@576288f add self-reported IPs
• talos-systems/discovery-service@6ad15ca strong typing and known endpoint API
• talos-systems/discovery-service@3437ff2 fixes from testing
• talos-systems/discovery-service@d3fd1f3 add Name to Node
• talos-systems/discovery-service@eb0e8ba add simple client pkg
• talos-systems/discovery-service@5e0c1df add cluster hash grouping
• talos-systems/discovery-service@f982696 initial commit

Changes from talos-systems/extras

• talos-systems/extras@9706baf chore: use tagged versions tools and pkgs 0.8.0
• talos-systems/extras@8738709 chore: update pkgs and tools
• talos-systems/extras@52b27da chore: update pkgs and tools to 0.8.0-alpha.0

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@70d2865 fix: try to find cdrom disks
• talos-systems/go-blockdevice@667bf53 fix: revert gpt partition not found
• talos-systems/go-blockdevice@d7d4cdd fix: gpt partition not found
• talos-systems/go-blockdevice@33afba3 fix: also open in readonly mode when running All lookup method
• talos-systems/go-blockdevice@e367f9d feat: make probe always open blockdevices in readonly mode
• talos-systems/go-blockdevice@d981156 fix: allow Build for Windows

Changes from talos-systems/pkgs

• talos-systems/pkgs@3148f01 chore: update tools to tagged version 0.8.0
• talos-systems/pkgs@f22ce18 feat: update containerd to 1.5.6, runc to 1.0.2, libseccomp to 2.5.2
• talos-systems/pkgs@28cda67 feat: update Linux kernel to 5.10.69
• talos-systems/pkgs@db90f93 chore: update tools
• talos-systems/pkgs@ca38c59 feat: enable KEXEC_FILE_LOAD in the kernel
• talos-systems/pkgs@982bc18 chore: update tools
• talos-systems/pkgs@a243ab8 feat: add /usr/src to FHS
• talos-systems/pkgs@428abdb chore: support builds with HTTP_PROXY
• talos-systems/pkgs@13151c5 chore: update bldr version, update tools

Changes from talos-systems/tools

• talos-systems/tools@835b297 chore: use tagged toolchain 0.3.0
• talos-systems/tools@2790b55 feat: update Go to 1.17.1
• talos-systems/tools@5b9d214 fix: restore static library for ncurses
• talos-systems/tools@01104e5 chore: reproducible builds
• talos-systems/tools@53fe146 chore: update bldr with new version
• talos-systems/tools@bf4540d chore: add patch dependency

Dependency Changes

• github.com/containerd/go-cni v1.0.2 -> v1.1.0
• github.com/containernetworking/cni v0.8.1 -> v1.0.1
• github.com/containernetworking/plugins v0.9.1 -> v1.0.1
• github.com/cosi-project/runtime 25f235cd0682 -> 5cb7f5002d77
• github.com/fatih/color v1.12.0 -> v1.13.0
• github.com/fsnotify/fsnotify v1.4.9 -> v1.5.1
• github.com/gdamore/tcell/v2 v2.4.0 -> f057f0a857a1
• github.com/google/nftables 16a134723a96 new
• github.com/hashicorp/go-getter v1.5.7 -> v1.5.8
• github.com/hetznercloud/hcloud-go v1.32.0 new
• github.com/insomniacslk/dhcp 1cac67f12b1e -> b95caade3eac
• github.com/jsimonetti/rtnetlink 9c52e516c709 -> 435639c8e6a8
• github.com/jxskiss/base62 4f11678b909b new
• github.com/mattn/go-isatty v0.0.13 -> v0.0.14
• github.com/mdlayher/netx 669a06fde734 new
• github.com/packethost/packngo v0.19.0 -> v0.19.1
• github.com/prometheus/procfs v0.7.2 -> v0.7.3
• github.com/rivo/tview 29d673af0ce2 -> ee97a7ab3975
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7 new
• github.com/talos-systems/crypto v0.3.2 -> v0.3.4
• github.com/talos-systems/discovery-service v0.1.0 new
• github.com/talos-systems/extras v0.5.0 -> v0.6.0
• github.com/talos-systems/go-blockdevice v0.2.3 -> v0.2.4
• github.com/talos-systems/pkgs v0.7.0 -> v0.8.0
• github.com/talos-systems/talos/pkg/machinery 000000000000 -> v0.13.0
• github.com/talos-systems/tools v0.7.0-1-ga33ccc1 -> v0.8.0
• github.com/vishvananda/netlink f5de75959ad5 new
• github.com/vmware-tanzu/sonobuoy v0.53.1 -> v0.53.2
• github.com/vmware/govmomi v0.26.0 -> v0.26.1
• github.com/vultr/metadata v1.0.3 new
• go.uber.org/zap v1.19.0 -> v1.19.1
• golang.org/x/net 853a461950ff -> 3ad01bbaa167
• golang.org/x/sys 0f9fa26af87c -> 39ccf1dd6fa6
• golang.org/x/term 6886f2dfbf5b -> 140adaaadfaf
• golang.zx2c4.com/wireguard/wgctrl 92e472f520a5 -> 0a2f4901cba6
• google.golang.org/grpc v1.40.0 -> v1.41.0
• inet.af/netaddr ce7a8ad02cc1 -> 85fa6c94624e
• k8s.io/api v0.22.1 -> v0.22.2
• k8s.io/apimachinery v0.22.1 -> v0.22.2
• k8s.io/client-go v0.22.1 -> v0.22.2
• k8s.io/kubectl v0.22.1 -> v0.22.2
• k8s.io/kubelet v0.22.1 -> v0.22.2
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 new

Previous release can be found at v0.12.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.6.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.22.2
k8s.gcr.io/kube-controller-manager:v1.22.2
k8s.gcr.io/kube-scheduler:v1.22.2
k8s.gcr.io/kube-proxy:v1.22.2
ghcr.io/talos-systems/kubelet:v1.22.2
ghcr.io/talos-systems/installer:v0.13.0
k8s.gcr.io/pause:3.2

Talos 0.13.0-beta.1 (2021-10-08)

Welcome to the v0.13.0-beta.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Hetzner, Scaleway, Upcloud and Vultr

Talos now natively supports four new cloud platforms:

• Hetzner, including VIP support
• Scaleway
• Upcloud
• Vultr

Also generic cloud-init nocloud platform is supported in both networking and storage-based modes.

Component Updates

Linux: 5.10.69
Kubernetes: 1.22.2
containerd: 1.5.6
runc: 1.0.2

Talos is built with Go 1.17.1.

etcd Advertised Address

The address advertised by etcd can now be controlled with new machine configuration option machine.etcd.subnet.

Reboots via kexec

Talos now reboots by default via kexec syscall which means BIOS POST process is skipped.
On bare-metal hardware BIOS POST process might take 10-15 minutes, so Talos reboots 10-15 minutes faster on bare-metal.

Kexec support can be disabled with the following change to the machine configuration:

machine:
  sysctls:
    kernel.kexec_load_disabled: "1"

kubelet Node IP

The addresses picked by kubelet can now be controlled with new machine configuration option machine.kubelet.nodeIP.validSubnets.

Cluster Discovery and KubeSpan

This release of Talos provides initial support for cluster membership discovery and KubeSpan.

These new features are not enabled by default, to enable them please make following changes to the machine configuration:

machine:
  network:
    kubespan:
      enabled: true
cluster:
  discovery:
    enabled: true

Windows Suport

CLI tool talosctl is now built for Windows and published as part of the release.

Contributors

• Andrey Smirnov
• Artem Chernyshev
• Alexey Palazhchenko
• Seán C McCord
• Serge Logvinov
• Andrew Rynhard
• Olli Janatuinen
• Spencer Smith
• Andrey Smirnov
• Lennard Klein
• Rui Lopes

Changes

• talos-systems/talos@7457d7939 release(v0.13.0-beta.1): prepare release
• talos-systems/talos@250529e19 fix: revert use ECDSA-SHA256 signature algorithm for Kubernetes certs
• talos-systems/talos@a3ac9bfd8 fix: sort output of the argument builder
• talos-systems/talos@81c389926 fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs
• talos-systems/talos@bc3e07f68 feat: suppress logging NTP sync to the console
• talos-systems/talos@27a695be5 fix: add interface route if DHCP4 router is not directly routeable
• talos-systems/talos@c55b4a5ee fix: don't enable 'no new privs' on the system level
• talos-systems/talos@3ecec6ecc chore: build using only amd64 builders
• talos-systems/talos@d2c7e855c chore: update docker image in the pipeline
• talos-systems/talos@e82a443e8 release(v0.13.0-beta.0): prepare release
• talos-systems/talos@5f277713f chore: prepare for 0.13-beta release
• talos-systems/talos@5e41dd4a6 feat: add an option to configure kubelet node IP based on subnets
• talos-systems/talos@72e49029e chore: allow insecure discovery in debug builds
• talos-systems/talos@d52befd1a fix: ignore 404 for AWS external IPs
• talos-systems/talos@44a63e9a4 feat: update containerd to 1.5.6
• talos-systems/talos@0e0fb6847 release(v0.13.0-alpha.3): prepare release
• talos-systems/talos@4044372e1 feat: harvest discovered endpoints and push them via discovery svc
• talos-systems/talos@9a51aa835 feat: add an option to skip downed peers in KubeSpan
• talos-systems/talos@cbbd7c682 feat: publish node's ExternalIPs as node addresses
• talos-systems/talos@0f60ef6d3 fix: reset inputs back to initial state in secrets.APIController
• talos-systems/talos@64cb873ec feat: override static pods default args by extra Args
• talos-systems/talos@ecdd7757f test: workaround race in the tests with zaptest package
• talos-systems/talos@9c67fde75 release(v0.13.0-alpha.2): prepare release
• talos-systems/talos@30ae71424 feat: implement integration with Discovery Service
• talos-systems/talos@353d632ae feat: add nocloud platform support
• talos-systems/talos@628fbf9b4 chore: update Linux to 5.10.69
• talos-systems/talos@62acd6251 fix: check trustd API CA on worker nodes
• talos-systems/talos@ba27bc366 feat: implement Hetzner Cloud support for virtual (shared) IP
• talos-systems/talos@95f440eaa test: add fuzz test for configloader
• talos-systems/talos@d2cf021d8 chore: remove deprecated "join" term
• talos-systems/talos@0e18e2800 chore: bump dependencies
• talos-systems/talos@b450b7cef chore: deprecate Interfaces and Routes APIs
• talos-systems/talos@cddcb9622 fix: find devices without partition table
• talos-systems/talos@b1b6d6136 fix: check for existence of dhcp6 FQDN first
• talos-systems/talos@519999b84 fix: use readonly mode when probing devices with All lookup
• talos-systems/talos@2b5204200 feat: enable resource API in the maintenance mode
• talos-systems/talos@452893c26 fix: make probe open blockdevice in readonly mode
• talos-systems/talos@96bccdd3b test: update CABPT provider to 0.3 release
• talos-systems/talos@d9eb18bfd fix: containerd log symlink
• talos-systems/talos@efa7f48e0 docs: quicklinks on landing page
• talos-systems/talos@1cb9f282b fix: don't marshal clock with SecretsBundle
• talos-systems/talos@b27c75b30 release(v0.13.0-alpha.1): prepare release
• talos-systems/talos@9d803d75b chore: bump dependencies and drop firecracker support
• talos-systems/talos@50a241048 feat: add operating system version field to discovery
• talos-systems/talos@085c61b2e chore: add a special condition to check for kubeconfig readiness
• talos-systems/talos@21cdd8540 fix: add node address to the list of allowed IPs (kubespan)
• talos-systems/talos@fdd80a123 feat: add an option to continue booting on NTP timeout
• talos-systems/talos@ef3684989 feat: add routes, routing rules and nftables rules for KubeSpan
• talos-systems/talos@ed12379f2 fix: patch multi nodes support
• talos-systems/talos@d943bb0e2 feat: update Kubernetes to 1.22.2
• talos-systems/talos@d0585fb6b feat: reboot via kexec
• talos-systems/talos@3de505c89 fix: skip bad cloud-config in OpenStack platform
• talos-systems/talos@a394d1e20 fix: tear down control plane static pods when etcd is stopped
• talos-systems/talos@1c05089bb feat: implement KubeSpan manager for Wireguard peer state
• talos-systems/talos@ec7f44efe fix: completely prevent editing resources other than mc
• talos-systems/talos@19a8ae97c feat: add vultr.com cloud support
• talos-systems/talos@0ff4c7cdb fix: write KubernetesCACert chmodded 0400 instead of 0500
• talos-systems/talos@a1c9d6490 fix: update the way results are retrieved for certified conformance
• talos-systems/talos@a05945404 chore: build using Go 1.17
• talos-systems/talos@7c5045bd9 release(v0.13.0-alpha.0): prepare release
• talos-systems/talos@ee2dce6c1 chore: bump dependencies
• talos-systems/talos@ef0229592 fix: print etcd member ID in hex
• talos-systems/talos@5ca1fb822 fix: multiple fixes for KubeSpan and Wireguard implementation
• talos-systems/talos@b1bd64250 fix: build platform images
• talos-systems/talos@3b5f4038d feat: add scaleway.com cloud support
• talos-systems/talos@f156ab184 feat: add upcloud.com cloud support
• talos-systems/talos@c3b2429ce fix: suppress spurious Kubernetes API server cert updates
• talos-systems/talos@ff90b5751 feat: implement KubeSpan peer generation controller
• talos-systems/talos@14c69df50 fix: correctly parse multiple pod/service CIDRs
• talos-systems/talos@69897dbba feat: drop some capabilities to be never available
• talos-systems/talos@51e9836b0 docs: promote 0.12 docs to be the latest
• talos-systems/talos@812d59c70 feat: add hetzner.com cloud support
• talos-systems/talos@d53e9e896 chore: use named constants
• talos-systems/talos@2dfe7f1fc chore: bump tools to the latest version
• talos-systems/talos@82b130e78 docs: document required options for extraMounts
• talos-systems/talos@af6622109 feat: implement Kubernetes cluster discovery registry
• talos-systems/talos@2c66e1b3c feat: provide building of local Affiliate structure (for the node)
• talos-systems/talos@d69bd2af3 chore: enable GPG identity check for Talos
• talos-systems/talos@8dbd851fd chore: update tools/pkgs/extras to the new version
• talos-systems/talos@0b347570a feat: use dynamic NodeAddresses/HostnameStatus in Kubernetes certs
• talos-systems/talos@bd5b9c96e fix: correctly define example for extraMounts
• talos-systems/talos@01cca099f docs: update docs for Talos 0.12 release
• talos-systems/talos@668627d5b feat: add subnet filter for etcd address
• talos-systems/talos@3c3c281bf chore: bump dependencies via dependabot
• talos-systems/talos@f8bebba2d fix: ignore error on duplicate for MountStatus
• talos-systems/talos@6956edd0b feat: add node address filters, filter out k8s addresses for Talos API
• talos-systems/talos@caee24bf6 feat: implement KubeSpan identity controller
• talos-systems/talos@da0f6e7e1 fix: allow updating diskSelector option
• talos-systems/talos@761ccaf32 feat: provide machine configuration for KubeSpan and cluster discovery
• talos-systems/talos@a81e30cb4 docs: add bootstrap command to VMware docs
• talos-systems/talos@97da354cc fix: do not panic on invalid machine configs
• talos-systems/talos@c4048e263 fix: don't extract nil IPs in the GCP platform
• talos-systems/talos@ba169c6f9 feat: provide talosctl.exe for Windows
• talos-systems/talos@6312f473e fix: properly handle omitempty fields in the validator
• talos-systems/talos@7f22879af feat: provide random node identity
• talos-systems/talos@032e7c6b8 chore: import yaml.v3 consistently
• talos-systems/talos@80b5f0e7f fix: validate IP address returned as HTTP response in platform code
• talos-systems/talos@c9af8f7ff docs: fork docs for 0.13
• talos-systems/talos@85cda1b95 feat: provide MountStatus resource for system partition mounts
• talos-systems/talos@950f122c9 chore: update versions in upgrade tests
• talos-systems/talos@83fdb7721 feat: provide first NIC hardware addr as a resource
• talos-systems/talos@5f5ac12f1 fix: properly case the VMware name
• talos-systems/talos@0a6048f46 fix: don't allow bootstrap if etcd data directory is not empty
• talos-systems/talos@e24b93b4e fix: cgroup delegate
• talos-systems/talos@751f64f9b docs: add release notes for 0.12, support matrix
• talos-systems/talos@57a77696e feat: update Kubernetes to 1.22.1
• talos-systems/talos@244b08cc1 chore: bump dependencies
• talos-systems/talos@576ba1957 fix: do not set KSPP kernel params in container mode
• talos-systems/talos@b8c92ede5 fix: don't support cgroups nesting in process runner
• talos-systems/talos@9bb0b7970 test: adapt tests to the cgroupsv2
• talos-systems/talos@1abc12be1 fix: extramount should have yaml:",inline" tag
• talos-systems/talos@2b614e430 feat: check if cluster has deprecated resources versions
• talos-systems/talos@0b86edab8 fix: don't panic if the machine config doesn't have network (EM)
• talos-systems/talos@8bef41e4b fix: make sure file mode is same (reproducibility issue)
• talos-systems/talos@fcfca55a0 chore: do not check that go mod tidy gives empty output
• talos-systems/talos@5ce92ca51 docs: ensure azure VMs are 0 indexed

Changes since v0.13.0-beta.0

• talos-systems/talos@7457d7939 release(v0.13.0-beta.1): prepare release
• talos-systems/talos@250529e19 fix: revert use ECDSA-SHA256 signature algorithm for Kubernetes certs
• talos-systems/talos@a3ac9bfd8 fix: sort output of the argument builder
• talos-systems/talos@81c389926 fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs
• talos-systems/talos@bc3e07f68 feat: suppress logging NTP sync to the console
• talos-systems/talos@27a695be5 fix: add interface route if DHCP4 router is not directly routeable
• talos-systems/talos@c55b4a5ee fix: don't enable 'no new privs' on the system level
• talos-systems/talos@3ecec6ecc chore: build using only amd64 builders
• talos-systems/talos@d2c7e855c chore: update docker image in the pipeline

Changes from talos-systems/discovery-service

• talos-systems/discovery-service@ee4b2a4 fix: retry on Hello failures
• talos-systems/discovery-service@ab9c7c9 chore: add Prometheus metrics
• talos-systems/discovery-service@b2e2079 fix: properly encrypt IPv6 endpoints
• talos-systems/discovery-service@e9d5dfa fix: enable connections to endpoints with public certs
• talos-systems/discovery-service@509e9b2 feat: implement client wrapper around discovery service API
• talos-systems/discovery-service@6195466 feat: enable vtprotobuf, watch batching, more limits
• talos-systems/discovery-service@7174ec1 feat: implement new discovery service
• talos-systems/discovery-service@1a43970 feat: add node and cluster validation
• talos-systems/discovery-service@6454cfc refactor: kresify, fix linter and rename to Kubespan manager
• talos-systems/discovery-service@d782452 add redis database backend
• talos-systems/discovery-service@924fed4 refactor to flexible addresses
• talos-systems/discovery-service@cd02b5a revert to string IDs
• talos-systems/discovery-service@576288f add self-reported IPs
• talos-systems/discovery-service@6ad15ca strong typing and known endpoint API
• talos-systems/discovery-service@3437ff2 fixes from testing
• talos-systems/discovery-service@d3fd1f3 add Name to Node
• talos-systems/discovery-service@eb0e8ba add simple client pkg
• talos-systems/discovery-service@5e0c1df add cluster hash grouping
• talos-systems/discovery-service@f982696 initial commit

Changes from talos-systems/extras

• talos-systems/extras@9706baf chore: use tagged versions tools and pkgs 0.8.0
• talos-systems/extras@8738709 chore: update pkgs and tools
• talos-systems/extras@52b27da chore: update pkgs and tools to 0.8.0-alpha.0

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@70d2865 fix: try to find cdrom disks
• talos-systems/go-blockdevice@667bf53 fix: revert gpt partition not found
• talos-systems/go-blockdevice@d7d4cdd fix: gpt partition not found
• talos-systems/go-blockdevice@33afba3 fix: also open in readonly mode when running All lookup method
• talos-systems/go-blockdevice@e367f9d feat: make probe always open blockdevices in readonly mode
• talos-systems/go-blockdevice@d981156 fix: allow Build for Windows

Changes from talos-systems/pkgs

• talos-systems/pkgs@3148f01 chore: update tools to tagged version 0.8.0
• talos-systems/pkgs@f22ce18 feat: update containerd to 1.5.6, runc to 1.0.2, libseccomp to 2.5.2
• talos-systems/pkgs@28cda67 feat: update Linux kernel to 5.10.69
• talos-systems/pkgs@db90f93 chore: update tools
• talos-systems/pkgs@ca38c59 feat: enable KEXEC_FILE_LOAD in the kernel
• talos-systems/pkgs@982bc18 chore: update tools
• talos-systems/pkgs@a243ab8 feat: add /usr/src to FHS
• talos-systems/pkgs@428abdb chore: support builds with HTTP_PROXY
• talos-systems/pkgs@13151c5 chore: update bldr version, update tools

Changes from talos-systems/tools

• talos-systems/tools@835b297 chore: use tagged toolchain 0.3.0
• talos-systems/tools@2790b55 feat: update Go to 1.17.1
• talos-systems/tools@5b9d214 fix: restore static library for ncurses
• talos-systems/tools@01104e5 chore: reproducible builds
• talos-systems/tools@53fe146 chore: update bldr with new version
• talos-systems/tools@bf4540d chore: add patch dependency

Dependency Changes

• github.com/containerd/go-cni v1.0.2 -> v1.1.0
• github.com/containernetworking/cni v0.8.1 -> v1.0.1
• github.com/containernetworking/plugins v0.9.1 -> v1.0.1
• github.com/cosi-project/runtime 25f235cd0682 -> 5cb7f5002d77
• github.com/fatih/color v1.12.0 -> v1.13.0
• github.com/fsnotify/fsnotify v1.4.9 -> v1.5.1
• github.com/gdamore/tcell/v2 v2.4.0 -> f057f0a857a1
• github.com/google/nftables 16a134723a96 new
• github.com/hashicorp/go-getter v1.5.7 -> v1.5.8
• github.com/hetznercloud/hcloud-go v1.32.0 new
• github.com/insomniacslk/dhcp 1cac67f12b1e -> b95caade3eac
• github.com/jsimonetti/rtnetlink 9c52e516c709 -> 435639c8e6a8
• github.com/jxskiss/base62 4f11678b909b new
• github.com/mattn/go-isatty v0.0.13 -> v0.0.14
• github.com/mdlayher/netx 669a06fde734 new
• github.com/packethost/packngo v0.19.0 -> v0.19.1
• github.com/prometheus/procfs v0.7.2 -> v0.7.3
• github.com/rivo/tview 29d673af0ce2 -> ee97a7ab3975
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7 new
• github.com/talos-systems/discovery-service v0.1.0 new
• github.com/talos-systems/extras v0.5.0 -> v0.6.0
• github.com/talos-systems/go-blockdevice v0.2.3 -> v0.2.4
• github.com/talos-systems/pkgs v0.7.0 -> v0.8.0
• github.com/talos-systems/tools v0.7.0-1-ga33ccc1 -> v0.8.0
• github.com/vishvananda/netlink f5de75959ad5 new
• github.com/vmware-tanzu/sonobuoy v0.53.1 -> v0.53.2
• github.com/vmware/govmomi v0.26.0 -> v0.26.1
• github.com/vultr/metadata v1.0.3 new
• go.uber.org/zap v1.19.0 -> v1.19.1
• golang.org/x/net 853a461950ff -> 3ad01bbaa167
• golang.org/x/sys 0f9fa26af87c -> 39ccf1dd6fa6
• golang.org/x/term 6886f2dfbf5b -> 140adaaadfaf
• golang.zx2c4.com/wireguard/wgctrl 92e472f520a5 -> 0a2f4901cba6
• google.golang.org/grpc v1.40.0 -> v1.41.0
• inet.af/netaddr ce7a8ad02cc1 -> 85fa6c94624e
• k8s.io/api v0.22.1 -> v0.22.2
• k8s.io/apimachinery v0.22.1 -> v0.22.2
• k8s.io/client-go v0.22.1 -> v0.22.2
• k8s.io/kubectl v0.22.1 -> v0.22.2
• k8s.io/kubelet v0.22.1 -> v0.22.2
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 new

Previous release can be found at v0.12.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.6.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.22.2
k8s.gcr.io/kube-controller-manager:v1.22.2
k8s.gcr.io/kube-scheduler:v1.22.2
k8s.gcr.io/kube-proxy:v1.22.2
ghcr.io/talos-systems/kubelet:v1.22.2
ghcr.io/talos-systems/installer:v0.13.0-beta.1
k8s.gcr.io/pause:3.2

Talos 0.13.0-beta.0 (2021-10-01)

Welcome to the v0.13.0-beta.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Hetzner, Scaleway, Upcloud and Vultr

Talos now natively supports four new cloud platforms:

• Hetzner, including VIP support
• Scaleway
• Upcloud
• Vultr

Also generic cloud-init nocloud platform is supported in both networking and storage-based modes.

Component Updates

Linux: 5.10.69
Kubernetes: 1.22.2
containerd: 1.5.6
runc: 1.0.2

Talos is built with Go 1.17.1.

etcd Advertised Address

The address advertised by etcd can now be controlled with new machine configuration option machine.etcd.subnet.

Reboots via kexec

Talos now reboots by default via kexec syscall which means BIOS POST process is skipped.
On bare-metal hardware BIOS POST process might take 10-15 minutes, so Talos reboots 10-15 minutes faster on bare-metal.

Kexec support can be disabled with the following change to the machine configuration:

machine:
  sysctls:
    kernel.kexec_load_disabled: "1"

kubelet Node IP

The addresses picked by kubelet can now be controlled with new machine configuration option machine.kubelet.nodeIP.validSubnets.

Cluster Discovery and KubeSpan

This release of Talos provides initial support for cluster membership discovery and KubeSpan.

These new features are not enabled by default, to enable them please make following changes to the machine configuration:

machine:
  network:
    kubespan:
      enabled: true
cluster:
  discovery:
    enabled: true

Windows Suport

CLI tool talosctl is now built for Windows and published as part of the release.

Contributors

• Andrey Smirnov
• Artem Chernyshev
• Alexey Palazhchenko
• Seán C McCord
• Serge Logvinov
• Andrew Rynhard
• Olli Janatuinen
• Spencer Smith
• Andrey Smirnov
• Lennard Klein
• Rui Lopes

Changes

• talos-systems/talos@e82a443e8 release(v0.13.0-beta.0): prepare release
• talos-systems/talos@5f277713f chore: prepare for 0.13-beta release
• talos-systems/talos@5e41dd4a6 feat: add an option to configure kubelet node IP based on subnets
• talos-systems/talos@72e49029e chore: allow insecure discovery in debug builds
• talos-systems/talos@d52befd1a fix: ignore 404 for AWS external IPs
• talos-systems/talos@44a63e9a4 feat: update containerd to 1.5.6
• talos-systems/talos@0e0fb6847 release(v0.13.0-alpha.3): prepare release
• talos-systems/talos@4044372e1 feat: harvest discovered endpoints and push them via discovery svc
• talos-systems/talos@9a51aa835 feat: add an option to skip downed peers in KubeSpan
• talos-systems/talos@cbbd7c682 feat: publish node's ExternalIPs as node addresses
• talos-systems/talos@0f60ef6d3 fix: reset inputs back to initial state in secrets.APIController
• talos-systems/talos@64cb873ec feat: override static pods default args by extra Args
• talos-systems/talos@ecdd7757f test: workaround race in the tests with zaptest package
• talos-systems/talos@9c67fde75 release(v0.13.0-alpha.2): prepare release
• talos-systems/talos@30ae71424 feat: implement integration with Discovery Service
• talos-systems/talos@353d632ae feat: add nocloud platform support
• talos-systems/talos@628fbf9b4 chore: update Linux to 5.10.69
• talos-systems/talos@62acd6251 fix: check trustd API CA on worker nodes
• talos-systems/talos@ba27bc366 feat: implement Hetzner Cloud support for virtual (shared) IP
• talos-systems/talos@95f440eaa test: add fuzz test for configloader
• talos-systems/talos@d2cf021d8 chore: remove deprecated "join" term
• talos-systems/talos@0e18e2800 chore: bump dependencies
• talos-systems/talos@b450b7cef chore: deprecate Interfaces and Routes APIs
• talos-systems/talos@cddcb9622 fix: find devices without partition table
• talos-systems/talos@b1b6d6136 fix: check for existence of dhcp6 FQDN first
• talos-systems/talos@519999b84 fix: use readonly mode when probing devices with All lookup
• talos-systems/talos@2b5204200 feat: enable resource API in the maintenance mode
• talos-systems/talos@452893c26 fix: make probe open blockdevice in readonly mode
• talos-systems/talos@96bccdd3b test: update CABPT provider to 0.3 release
• talos-systems/talos@d9eb18bfd fix: containerd log symlink
• talos-systems/talos@efa7f48e0 docs: quicklinks on landing page
• talos-systems/talos@1cb9f282b fix: don't marshal clock with SecretsBundle
• talos-systems/talos@b27c75b30 release(v0.13.0-alpha.1): prepare release
• talos-systems/talos@9d803d75b chore: bump dependencies and drop firecracker support
• talos-systems/talos@50a241048 feat: add operating system version field to discovery
• talos-systems/talos@085c61b2e chore: add a special condition to check for kubeconfig readiness
• talos-systems/talos@21cdd8540 fix: add node address to the list of allowed IPs (kubespan)
• talos-systems/talos@fdd80a123 feat: add an option to continue booting on NTP timeout
• talos-systems/talos@ef3684989 feat: add routes, routing rules and nftables rules for KubeSpan
• talos-systems/talos@ed12379f2 fix: patch multi nodes support
• talos-systems/talos@d943bb0e2 feat: update Kubernetes to 1.22.2
• talos-systems/talos@d0585fb6b feat: reboot via kexec
• talos-systems/talos@3de505c89 fix: skip bad cloud-config in OpenStack platform
• talos-systems/talos@a394d1e20 fix: tear down control plane static pods when etcd is stopped
• talos-systems/talos@1c05089bb feat: implement KubeSpan manager for Wireguard peer state
• talos-systems/talos@ec7f44efe fix: completely prevent editing resources other than mc
• talos-systems/talos@19a8ae97c feat: add vultr.com cloud support
• talos-systems/talos@0ff4c7cdb fix: write KubernetesCACert chmodded 0400 instead of 0500
• talos-systems/talos@a1c9d6490 fix: update the way results are retrieved for certified conformance
• talos-systems/talos@a05945404 chore: build using Go 1.17
• talos-systems/talos@7c5045bd9 release(v0.13.0-alpha.0): prepare release
• talos-systems/talos@ee2dce6c1 chore: bump dependencies
• talos-systems/talos@ef0229592 fix: print etcd member ID in hex
• talos-systems/talos@5ca1fb822 fix: multiple fixes for KubeSpan and Wireguard implementation
• talos-systems/talos@b1bd64250 fix: build platform images
• talos-systems/talos@3b5f4038d feat: add scaleway.com cloud support
• talos-systems/talos@f156ab184 feat: add upcloud.com cloud support
• talos-systems/talos@c3b2429ce fix: suppress spurious Kubernetes API server cert updates
• talos-systems/talos@ff90b5751 feat: implement KubeSpan peer generation controller
• talos-systems/talos@14c69df50 fix: correctly parse multiple pod/service CIDRs
• talos-systems/talos@69897dbba feat: drop some capabilities to be never available
• talos-systems/talos@51e9836b0 docs: promote 0.12 docs to be the latest
• talos-systems/talos@812d59c70 feat: add hetzner.com cloud support
• talos-systems/talos@d53e9e896 chore: use named constants
• talos-systems/talos@2dfe7f1fc chore: bump tools to the latest version
• talos-systems/talos@82b130e78 docs: document required options for extraMounts
• talos-systems/talos@af6622109 feat: implement Kubernetes cluster discovery registry
• talos-systems/talos@2c66e1b3c feat: provide building of local Affiliate structure (for the node)
• talos-systems/talos@d69bd2af3 chore: enable GPG identity check for Talos
• talos-systems/talos@8dbd851fd chore: update tools/pkgs/extras to the new version
• talos-systems/talos@0b347570a feat: use dynamic NodeAddresses/HostnameStatus in Kubernetes certs
• talos-systems/talos@bd5b9c96e fix: correctly define example for extraMounts
• talos-systems/talos@01cca099f docs: update docs for Talos 0.12 release
• talos-systems/talos@668627d5b feat: add subnet filter for etcd address
• talos-systems/talos@3c3c281bf chore: bump dependencies via dependabot
• talos-systems/talos@f8bebba2d fix: ignore error on duplicate for MountStatus
• talos-systems/talos@6956edd0b feat: add node address filters, filter out k8s addresses for Talos API
• talos-systems/talos@caee24bf6 feat: implement KubeSpan identity controller
• talos-systems/talos@da0f6e7e1 fix: allow updating diskSelector option
• talos-systems/talos@761ccaf32 feat: provide machine configuration for KubeSpan and cluster discovery
• talos-systems/talos@a81e30cb4 docs: add bootstrap command to VMware docs
• talos-systems/talos@97da354cc fix: do not panic on invalid machine configs
• talos-systems/talos@c4048e263 fix: don't extract nil IPs in the GCP platform
• talos-systems/talos@ba169c6f9 feat: provide talosctl.exe for Windows
• talos-systems/talos@6312f473e fix: properly handle omitempty fields in the validator
• talos-systems/talos@7f22879af feat: provide random node identity
• talos-systems/talos@032e7c6b8 chore: import yaml.v3 consistently
• talos-systems/talos@80b5f0e7f fix: validate IP address returned as HTTP response in platform code
• talos-systems/talos@c9af8f7ff docs: fork docs for 0.13
• talos-systems/talos@85cda1b95 feat: provide MountStatus resource for system partition mounts
• talos-systems/talos@950f122c9 chore: update versions in upgrade tests
• talos-systems/talos@83fdb7721 feat: provide first NIC hardware addr as a resource
• talos-systems/talos@5f5ac12f1 fix: properly case the VMware name
• talos-systems/talos@0a6048f46 fix: don't allow bootstrap if etcd data directory is not empty
• talos-systems/talos@e24b93b4e fix: cgroup delegate
• talos-systems/talos@751f64f9b docs: add release notes for 0.12, support matrix
• talos-systems/talos@57a77696e feat: update Kubernetes to 1.22.1
• talos-systems/talos@244b08cc1 chore: bump dependencies
• talos-systems/talos@576ba1957 fix: do not set KSPP kernel params in container mode
• talos-systems/talos@b8c92ede5 fix: don't support cgroups nesting in process runner
• talos-systems/talos@9bb0b7970 test: adapt tests to the cgroupsv2
• talos-systems/talos@1abc12be1 fix: extramount should have yaml:",inline" tag
• talos-systems/talos@2b614e430 feat: check if cluster has deprecated resources versions
• talos-systems/talos@0b86edab8 fix: don't panic if the machine config doesn't have network (EM)
• talos-systems/talos@8bef41e4b fix: make sure file mode is same (reproducibility issue)
• talos-systems/talos@fcfca55a0 chore: do not check that go mod tidy gives empty output
• talos-systems/talos@5ce92ca51 docs: ensure azure VMs are 0 indexed

Changes since v0.13.0-alpha.3

• talos-systems/talos@e82a443e8 release(v0.13.0-beta.0): prepare release
• talos-systems/talos@5f277713f chore: prepare for 0.13-beta release
• talos-systems/talos@5e41dd4a6 feat: add an option to configure kubelet node IP based on subnets
• talos-systems/talos@72e49029e chore: allow insecure discovery in debug builds
• talos-systems/talos@d52befd1a fix: ignore 404 for AWS external IPs
• talos-systems/talos@44a63e9a4 feat: update containerd to 1.5.6

Changes from talos-systems/discovery-service

• talos-systems/discovery-service@ee4b2a4 fix: retry on Hello failures
• talos-systems/discovery-service@ab9c7c9 chore: add Prometheus metrics
• talos-systems/discovery-service@b2e2079 fix: properly encrypt IPv6 endpoints
• talos-systems/discovery-service@e9d5dfa fix: enable connections to endpoints with public certs
• talos-systems/discovery-service@509e9b2 feat: implement client wrapper around discovery service API
• talos-systems/discovery-service@6195466 feat: enable vtprotobuf, watch batching, more limits
• talos-systems/discovery-service@7174ec1 feat: implement new discovery service
• talos-systems/discovery-service@1a43970 feat: add node and cluster validation
• talos-systems/discovery-service@6454cfc refactor: kresify, fix linter and rename to Kubespan manager
• talos-systems/discovery-service@d782452 add redis database backend
• talos-systems/discovery-service@924fed4 refactor to flexible addresses
• talos-systems/discovery-service@cd02b5a revert to string IDs
• talos-systems/discovery-service@576288f add self-reported IPs
• talos-systems/discovery-service@6ad15ca strong typing and known endpoint API
• talos-systems/discovery-service@3437ff2 fixes from testing
• talos-systems/discovery-service@d3fd1f3 add Name to Node
• talos-systems/discovery-service@eb0e8ba add simple client pkg
• talos-systems/discovery-service@5e0c1df add cluster hash grouping
• talos-systems/discovery-service@f982696 initial commit

Changes from talos-systems/extras

• talos-systems/extras@9706baf chore: use tagged versions tools and pkgs 0.8.0
• talos-systems/extras@8738709 chore: update pkgs and tools
• talos-systems/extras@52b27da chore: update pkgs and tools to 0.8.0-alpha.0

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@70d2865 fix: try to find cdrom disks
• talos-systems/go-blockdevice@667bf53 fix: revert gpt partition not found
• talos-systems/go-blockdevice@d7d4cdd fix: gpt partition not found
• talos-systems/go-blockdevice@33afba3 fix: also open in readonly mode when running All lookup method
• talos-systems/go-blockdevice@e367f9d feat: make probe always open blockdevices in readonly mode
• talos-systems/go-blockdevice@d981156 fix: allow Build for Windows

Changes from talos-systems/pkgs

• talos-systems/pkgs@3148f01 chore: update tools to tagged version 0.8.0
• talos-systems/pkgs@f22ce18 feat: update containerd to 1.5.6, runc to 1.0.2, libseccomp to 2.5.2
• talos-systems/pkgs@28cda67 feat: update Linux kernel to 5.10.69
• talos-systems/pkgs@db90f93 chore: update tools
• talos-systems/pkgs@ca38c59 feat: enable KEXEC_FILE_LOAD in the kernel
• talos-systems/pkgs@982bc18 chore: update tools
• talos-systems/pkgs@a243ab8 feat: add /usr/src to FHS
• talos-systems/pkgs@428abdb chore: support builds with HTTP_PROXY
• talos-systems/pkgs@13151c5 chore: update bldr version, update tools

Changes from talos-systems/tools

• talos-systems/tools@835b297 chore: use tagged toolchain 0.3.0
• talos-systems/tools@2790b55 feat: update Go to 1.17.1
• talos-systems/tools@5b9d214 fix: restore static library for ncurses
• talos-systems/tools@01104e5 chore: reproducible builds
• talos-systems/tools@53fe146 chore: update bldr with new version
• talos-systems/tools@bf4540d chore: add patch dependency

Dependency Changes

• github.com/containerd/go-cni v1.0.2 -> v1.1.0
• github.com/containernetworking/cni v0.8.1 -> v1.0.1
• github.com/containernetworking/plugins v0.9.1 -> v1.0.1
• github.com/cosi-project/runtime 25f235cd0682 -> 5cb7f5002d77
• github.com/fatih/color v1.12.0 -> v1.13.0
• github.com/fsnotify/fsnotify v1.4.9 -> v1.5.1
• github.com/gdamore/tcell/v2 v2.4.0 -> f057f0a857a1
• github.com/google/nftables 16a134723a96 new
• github.com/hashicorp/go-getter v1.5.7 -> v1.5.8
• github.com/hetznercloud/hcloud-go v1.32.0 new
• github.com/insomniacslk/dhcp 1cac67f12b1e -> b95caade3eac
• github.com/jsimonetti/rtnetlink 9c52e516c709 -> 435639c8e6a8
• github.com/jxskiss/base62 4f11678b909b new
• github.com/mattn/go-isatty v0.0.13 -> v0.0.14
• github.com/mdlayher/netx 669a06fde734 new
• github.com/packethost/packngo v0.19.0 -> v0.19.1
• github.com/prometheus/procfs v0.7.2 -> v0.7.3
• github.com/rivo/tview 29d673af0ce2 -> ee97a7ab3975
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7 new
• github.com/talos-systems/discovery-service v0.1.0 new
• github.com/talos-systems/extras v0.5.0 -> v0.6.0
• github.com/talos-systems/go-blockdevice v0.2.3 -> v0.2.4
• github.com/talos-systems/pkgs v0.7.0 -> v0.8.0
• github.com/talos-systems/tools v0.7.0-1-ga33ccc1 -> v0.8.0
• github.com/vishvananda/netlink f5de75959ad5 new
• github.com/vmware-tanzu/sonobuoy v0.53.1 -> v0.53.2
• github.com/vmware/govmomi v0.26.0 -> v0.26.1
• github.com/vultr/metadata v1.0.3 new
• go.uber.org/zap v1.19.0 -> v1.19.1
• golang.org/x/net 853a461950ff -> 3ad01bbaa167
• golang.org/x/sys 0f9fa26af87c -> 39ccf1dd6fa6
• golang.org/x/term 6886f2dfbf5b -> 140adaaadfaf
• golang.zx2c4.com/wireguard/wgctrl 92e472f520a5 -> 0a2f4901cba6
• google.golang.org/grpc v1.40.0 -> v1.41.0
• inet.af/netaddr ce7a8ad02cc1 -> 85fa6c94624e
• k8s.io/api v0.22.1 -> v0.22.2
• k8s.io/apimachinery v0.22.1 -> v0.22.2
• k8s.io/client-go v0.22.1 -> v0.22.2
• k8s.io/kubectl v0.22.1 -> v0.22.2
• k8s.io/kubelet v0.22.1 -> v0.22.2
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 new

Previous release can be found at v0.12.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.6.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.22.2
k8s.gcr.io/kube-controller-manager:v1.22.2
k8s.gcr.io/kube-scheduler:v1.22.2
k8s.gcr.io/kube-proxy:v1.22.2
ghcr.io/talos-systems/kubelet:v1.22.2
ghcr.io/talos-systems/installer:v0.13.0-beta.0
k8s.gcr.io/pause:3.2

Talos 0.13.0-alpha.3 (2021-09-30)

Welcome to the v0.13.0-alpha.3 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Hetzner, Scaleway, Upcloud and Vultr

Talos now natively supports three new cloud platforms:

• Hetzner, including VIP support
• Scaleway
• Upcloud
• Vultr

Also generic cloud-init nocloud platform is supported in both networking and storage-based modes.

etcd Advertised Address

The address advertised by etcd can now be controlled with new machine configuration option machine.etcd.subnet.

Reboots via kexec

Talos now reboots by default via kexec syscall which means BIOS POST process is skipped.
On bare-metal hardware BIOS POST process might take 10-15 minutes, so Talos reboots 10-15 minutes faster on bare-metal.

Kexec support can be disabled with the following change to the machine configuration:

machine:
  sysctls:
    kernel.kexec_load_disabled: "1"

Cluster Discovery and KubeSpan

This release of Talos provides initial support for cluster membership discovery and KubeSpan.

These new features are not enabled by default, to enable them please make following changes to the machine configuration:

machine:
  network:
    kubespan:
      enabled: true
cluster:
  discovery:
    enabled: true

Windows Suport

CLI tool talosctl is now built for Windows and published as part of the release.

Contributors

• Andrey Smirnov
• Artem Chernyshev
• Seán C McCord
• Serge Logvinov
• Alexey Palazhchenko
• Andrew Rynhard
• Olli Janatuinen
• Spencer Smith
• Andrey Smirnov
• Lennard Klein
• Rui Lopes

Changes

• talos-systems/talos@0e0fb6847 release(v0.13.0-alpha.3): prepare release
• talos-systems/talos@4044372e1 feat: harvest discovered endpoints and push them via discovery svc
• talos-systems/talos@9a51aa835 feat: add an option to skip downed peers in KubeSpan
• talos-systems/talos@cbbd7c682 feat: publish node's ExternalIPs as node addresses
• talos-systems/talos@0f60ef6d3 fix: reset inputs back to initial state in secrets.APIController
• talos-systems/talos@64cb873ec feat: override static pods default args by extra Args
• talos-systems/talos@ecdd7757f test: workaround race in the tests with zaptest package
• talos-systems/talos@9c67fde75 release(v0.13.0-alpha.2): prepare release
• talos-systems/talos@30ae71424 feat: implement integration with Discovery Service
• talos-systems/talos@353d632ae feat: add nocloud platform support
• talos-systems/talos@628fbf9b4 chore: update Linux to 5.10.69
• talos-systems/talos@62acd6251 fix: check trustd API CA on worker nodes
• talos-systems/talos@ba27bc366 feat: implement Hetzner Cloud support for virtual (shared) IP
• talos-systems/talos@95f440eaa test: add fuzz test for configloader
• talos-systems/talos@d2cf021d8 chore: remove deprecated "join" term
• talos-systems/talos@0e18e2800 chore: bump dependencies
• talos-systems/talos@b450b7cef chore: deprecate Interfaces and Routes APIs
• talos-systems/talos@cddcb9622 fix: find devices without partition table
• talos-systems/talos@b1b6d6136 fix: check for existence of dhcp6 FQDN first
• talos-systems/talos@519999b84 fix: use readonly mode when probing devices with All lookup
• talos-systems/talos@2b5204200 feat: enable resource API in the maintenance mode
• talos-systems/talos@452893c26 fix: make probe open blockdevice in readonly mode
• talos-systems/talos@96bccdd3b test: update CABPT provider to 0.3 release
• talos-systems/talos@d9eb18bfd fix: containerd log symlink
• talos-systems/talos@efa7f48e0 docs: quicklinks on landing page
• talos-systems/talos@1cb9f282b fix: don't marshal clock with SecretsBundle
• talos-systems/talos@b27c75b30 release(v0.13.0-alpha.1): prepare release
• talos-systems/talos@9d803d75b chore: bump dependencies and drop firecracker support
• talos-systems/talos@50a241048 feat: add operating system version field to discovery
• talos-systems/talos@085c61b2e chore: add a special condition to check for kubeconfig readiness
• talos-systems/talos@21cdd8540 fix: add node address to the list of allowed IPs (kubespan)
• talos-systems/talos@fdd80a123 feat: add an option to continue booting on NTP timeout
• talos-systems/talos@ef3684989 feat: add routes, routing rules and nftables rules for KubeSpan
• talos-systems/talos@ed12379f2 fix: patch multi nodes support
• talos-systems/talos@d943bb0e2 feat: update Kubernetes to 1.22.2
• talos-systems/talos@d0585fb6b feat: reboot via kexec
• talos-systems/talos@3de505c89 fix: skip bad cloud-config in OpenStack platform
• talos-systems/talos@a394d1e20 fix: tear down control plane static pods when etcd is stopped
• talos-systems/talos@1c05089bb feat: implement KubeSpan manager for Wireguard peer state
• talos-systems/talos@ec7f44efe fix: completely prevent editing resources other than mc
• talos-systems/talos@19a8ae97c feat: add vultr.com cloud support
• talos-systems/talos@0ff4c7cdb fix: write KubernetesCACert chmodded 0400 instead of 0500
• talos-systems/talos@a1c9d6490 fix: update the way results are retrieved for certified conformance
• talos-systems/talos@a05945404 chore: build using Go 1.17
• talos-systems/talos@7c5045bd9 release(v0.13.0-alpha.0): prepare release
• talos-systems/talos@ee2dce6c1 chore: bump dependencies
• talos-systems/talos@ef0229592 fix: print etcd member ID in hex
• talos-systems/talos@5ca1fb822 fix: multiple fixes for KubeSpan and Wireguard implementation
• talos-systems/talos@b1bd64250 fix: build platform images
• talos-systems/talos@3b5f4038d feat: add scaleway.com cloud support
• talos-systems/talos@f156ab184 feat: add upcloud.com cloud support
• talos-systems/talos@c3b2429ce fix: suppress spurious Kubernetes API server cert updates
• talos-systems/talos@ff90b5751 feat: implement KubeSpan peer generation controller
• talos-systems/talos@14c69df50 fix: correctly parse multiple pod/service CIDRs
• talos-systems/talos@69897dbba feat: drop some capabilities to be never available
• talos-systems/talos@51e9836b0 docs: promote 0.12 docs to be the latest
• talos-systems/talos@812d59c70 feat: add hetzner.com cloud support
• talos-systems/talos@d53e9e896 chore: use named constants
• talos-systems/talos@2dfe7f1fc chore: bump tools to the latest version
• talos-systems/talos@82b130e78 docs: document required options for extraMounts
• talos-systems/talos@af6622109 feat: implement Kubernetes cluster discovery registry
• talos-systems/talos@2c66e1b3c feat: provide building of local Affiliate structure (for the node)
• talos-systems/talos@d69bd2af3 chore: enable GPG identity check for Talos
• talos-systems/talos@8dbd851fd chore: update tools/pkgs/extras to the new version
• talos-systems/talos@0b347570a feat: use dynamic NodeAddresses/HostnameStatus in Kubernetes certs
• talos-systems/talos@bd5b9c96e fix: correctly define example for extraMounts
• talos-systems/talos@01cca099f docs: update docs for Talos 0.12 release
• talos-systems/talos@668627d5b feat: add subnet filter for etcd address
• talos-systems/talos@3c3c281bf chore: bump dependencies via dependabot
• talos-systems/talos@f8bebba2d fix: ignore error on duplicate for MountStatus
• talos-systems/talos@6956edd0b feat: add node address filters, filter out k8s addresses for Talos API
• talos-systems/talos@caee24bf6 feat: implement KubeSpan identity controller
• talos-systems/talos@da0f6e7e1 fix: allow updating diskSelector option
• talos-systems/talos@761ccaf32 feat: provide machine configuration for KubeSpan and cluster discovery
• talos-systems/talos@a81e30cb4 docs: add bootstrap command to VMware docs
• talos-systems/talos@97da354cc fix: do not panic on invalid machine configs
• talos-systems/talos@c4048e263 fix: don't extract nil IPs in the GCP platform
• talos-systems/talos@ba169c6f9 feat: provide talosctl.exe for Windows
• talos-systems/talos@6312f473e fix: properly handle omitempty fields in the validator
• talos-systems/talos@7f22879af feat: provide random node identity
• talos-systems/talos@032e7c6b8 chore: import yaml.v3 consistently
• talos-systems/talos@80b5f0e7f fix: validate IP address returned as HTTP response in platform code
• talos-systems/talos@c9af8f7ff docs: fork docs for 0.13
• talos-systems/talos@85cda1b95 feat: provide MountStatus resource for system partition mounts
• talos-systems/talos@950f122c9 chore: update versions in upgrade tests
• talos-systems/talos@83fdb7721 feat: provide first NIC hardware addr as a resource
• talos-systems/talos@5f5ac12f1 fix: properly case the VMware name
• talos-systems/talos@0a6048f46 fix: don't allow bootstrap if etcd data directory is not empty
• talos-systems/talos@e24b93b4e fix: cgroup delegate
• talos-systems/talos@751f64f9b docs: add release notes for 0.12, support matrix
• talos-systems/talos@57a77696e feat: update Kubernetes to 1.22.1
• talos-systems/talos@244b08cc1 chore: bump dependencies
• talos-systems/talos@576ba1957 fix: do not set KSPP kernel params in container mode
• talos-systems/talos@b8c92ede5 fix: don't support cgroups nesting in process runner
• talos-systems/talos@9bb0b7970 test: adapt tests to the cgroupsv2
• talos-systems/talos@1abc12be1 fix: extramount should have yaml:",inline" tag
• talos-systems/talos@2b614e430 feat: check if cluster has deprecated resources versions
• talos-systems/talos@0b86edab8 fix: don't panic if the machine config doesn't have network (EM)
• talos-systems/talos@8bef41e4b fix: make sure file mode is same (reproducibility issue)
• talos-systems/talos@fcfca55a0 chore: do not check that go mod tidy gives empty output
• talos-systems/talos@5ce92ca51 docs: ensure azure VMs are 0 indexed

Changes since v0.13.0-alpha.2

• talos-systems/talos@0e0fb6847 release(v0.13.0-alpha.3): prepare release
• talos-systems/talos@4044372e1 feat: harvest discovered endpoints and push them via discovery svc
• talos-systems/talos@9a51aa835 feat: add an option to skip downed peers in KubeSpan
• talos-systems/talos@cbbd7c682 feat: publish node's ExternalIPs as node addresses
• talos-systems/talos@0f60ef6d3 fix: reset inputs back to initial state in secrets.APIController
• talos-systems/talos@64cb873ec feat: override static pods default args by extra Args
• talos-systems/talos@ecdd7757f test: workaround race in the tests with zaptest package

Changes from talos-systems/discovery-service

• talos-systems/discovery-service@b2e2079 fix: properly encrypt IPv6 endpoints
• talos-systems/discovery-service@e9d5dfa fix: enable connections to endpoints with public certs
• talos-systems/discovery-service@509e9b2 feat: implement client wrapper around discovery service API
• talos-systems/discovery-service@6195466 feat: enable vtprotobuf, watch batching, more limits
• talos-systems/discovery-service@7174ec1 feat: implement new discovery service
• talos-systems/discovery-service@1a43970 feat: add node and cluster validation
• talos-systems/discovery-service@6454cfc refactor: kresify, fix linter and rename to Kubespan manager
• talos-systems/discovery-service@d782452 add redis database backend
• talos-systems/discovery-service@924fed4 refactor to flexible addresses
• talos-systems/discovery-service@cd02b5a revert to string IDs
• talos-systems/discovery-service@576288f add self-reported IPs
• talos-systems/discovery-service@6ad15ca strong typing and known endpoint API
• talos-systems/discovery-service@3437ff2 fixes from testing
• talos-systems/discovery-service@d3fd1f3 add Name to Node
• talos-systems/discovery-service@eb0e8ba add simple client pkg
• talos-systems/discovery-service@5e0c1df add cluster hash grouping
• talos-systems/discovery-service@f982696 initial commit

Changes from talos-systems/extras

• talos-systems/extras@52b27da chore: update pkgs and tools to 0.8.0-alpha.0

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@70d2865 fix: try to find cdrom disks
• talos-systems/go-blockdevice@667bf53 fix: revert gpt partition not found
• talos-systems/go-blockdevice@d7d4cdd fix: gpt partition not found
• talos-systems/go-blockdevice@33afba3 fix: also open in readonly mode when running All lookup method
• talos-systems/go-blockdevice@e367f9d feat: make probe always open blockdevices in readonly mode
• talos-systems/go-blockdevice@d981156 fix: allow Build for Windows

Changes from talos-systems/pkgs

• talos-systems/pkgs@28cda67 feat: update Linux kernel to 5.10.69
• talos-systems/pkgs@db90f93 chore: update tools
• talos-systems/pkgs@ca38c59 feat: enable KEXEC_FILE_LOAD in the kernel
• talos-systems/pkgs@982bc18 chore: update tools
• talos-systems/pkgs@a243ab8 feat: add /usr/src to FHS
• talos-systems/pkgs@428abdb chore: support builds with HTTP_PROXY
• talos-systems/pkgs@13151c5 chore: update bldr version, update tools

Changes from talos-systems/tools

• talos-systems/tools@2790b55 feat: update Go to 1.17.1
• talos-systems/tools@5b9d214 fix: restore static library for ncurses
• talos-systems/tools@01104e5 chore: reproducible builds
• talos-systems/tools@53fe146 chore: update bldr with new version
• talos-systems/tools@bf4540d chore: add patch dependency

Dependency Changes

• github.com/containerd/go-cni v1.0.2 -> v1.1.0
• github.com/containernetworking/cni v0.8.1 -> v1.0.1
• github.com/containernetworking/plugins v0.9.1 -> v1.0.1
• github.com/cosi-project/runtime 25f235cd0682 -> 5cb7f5002d77
• github.com/fatih/color v1.12.0 -> v1.13.0
• github.com/fsnotify/fsnotify v1.4.9 -> v1.5.1
• github.com/gdamore/tcell/v2 v2.4.0 -> f057f0a857a1
• github.com/google/nftables 16a134723a96 new
• github.com/hashicorp/go-getter v1.5.7 -> v1.5.8
• github.com/hetznercloud/hcloud-go v1.32.0 new
• github.com/insomniacslk/dhcp 1cac67f12b1e -> b95caade3eac
• github.com/jsimonetti/rtnetlink 9c52e516c709 -> 435639c8e6a8
• github.com/jxskiss/base62 4f11678b909b new
• github.com/mattn/go-isatty v0.0.13 -> v0.0.14
• github.com/mdlayher/netx 669a06fde734 new
• github.com/packethost/packngo v0.19.0 -> v0.19.1
• github.com/prometheus/procfs v0.7.2 -> v0.7.3
• github.com/rivo/tview 29d673af0ce2 -> ee97a7ab3975
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7 new
• github.com/talos-systems/discovery-service b2e2079088a5 new
• github.com/talos-systems/extras v0.5.0 -> v0.6.0-alpha.0
• github.com/talos-systems/go-blockdevice v0.2.3 -> 70d28650b398
• github.com/talos-systems/pkgs v0.7.0 -> v0.8.0-alpha.0-4-g28cda67
• github.com/talos-systems/tools v0.7.0-1-ga33ccc1 -> v0.8.0-alpha.0-3-g2790b55
• github.com/vishvananda/netlink f5de75959ad5 new
• github.com/vmware-tanzu/sonobuoy v0.53.1 -> v0.53.2
• github.com/vmware/govmomi v0.26.0 -> v0.26.1
• github.com/vultr/metadata v1.0.3 new
• go.uber.org/zap v1.19.0 -> v1.19.1
• golang.org/x/net 853a461950ff -> 3ad01bbaa167
• golang.org/x/sys 0f9fa26af87c -> 39ccf1dd6fa6
• golang.org/x/term 6886f2dfbf5b -> 140adaaadfaf
• golang.zx2c4.com/wireguard/wgctrl 92e472f520a5 -> 0a2f4901cba6
• google.golang.org/grpc v1.40.0 -> v1.41.0
• inet.af/netaddr ce7a8ad02cc1 -> 85fa6c94624e
• k8s.io/api v0.22.1 -> v0.22.2
• k8s.io/apimachinery v0.22.1 -> v0.22.2
• k8s.io/client-go v0.22.1 -> v0.22.2
• k8s.io/kubectl v0.22.1 -> v0.22.2
• k8s.io/kubelet v0.22.1 -> v0.22.2
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 new

Previous release can be found at v0.12.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.6.0-alpha.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.22.2
k8s.gcr.io/kube-controller-manager:v1.22.2
k8s.gcr.io/kube-scheduler:v1.22.2
k8s.gcr.io/kube-proxy:v1.22.2
ghcr.io/talos-systems/kubelet:v1.22.2
ghcr.io/talos-systems/installer:v0.13.0-alpha.3
k8s.gcr.io/pause:3.2