talos

Talos 0.13.0-alpha.2 (2021-09-28)

Welcome to the v0.13.0-alpha.2 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Hetzner, Scaleway, Upcloud and Vultr

Talos now natively supports three new cloud platforms:

• Hetzner, including VIP support
• Scaleway
• Upcloud
• Vultr

Also generic cloud-init nocloud platform is supported in both networking and storage-based modes.

etcd Advertised Address

The address advertised by etcd can now be controlled with new machine configuration option machine.etcd.subnet.

Reboots via kexec

Talos now reboots by default via kexec syscall which means BIOS POST process is skipped.
On bare-metal hardware BIOS POST process might take 10-15 minutes, so Talos reboots 10-15 minutes faster on bare-metal.

Kexec support can be disabled with the following change to the machine configuration:

machine:
  sysctls:
    kernel.kexec_load_disabled: "1"

Cluster Discovery and KubeSpan

This release of Talos provides initial support for cluster membership discovery and KubeSpan.

These new features are not enabled by default, to enable them please make following changes to the machine configuration:

machine:
  network:
    kubespan:
      enabled: true
cluster:
  discovery:
    enabled: true

Windows Suport

CLI tool talosctl is now built for Windows and published as part of the release.

Contributors

• Andrey Smirnov
• Artem Chernyshev
• Seán C McCord
• Serge Logvinov
• Alexey Palazhchenko
• Andrew Rynhard
• Olli Janatuinen
• Andrey Smirnov
• Lennard Klein
• Rui Lopes
• Spencer Smith

Changes

• talos-systems/talos@9c67fde75 release(v0.13.0-alpha.2): prepare release
• talos-systems/talos@30ae71424 feat: implement integration with Discovery Service
• talos-systems/talos@353d632ae feat: add nocloud platform support
• talos-systems/talos@628fbf9b4 chore: update Linux to 5.10.69
• talos-systems/talos@62acd6251 fix: check trustd API CA on worker nodes
• talos-systems/talos@ba27bc366 feat: implement Hetzner Cloud support for virtual (shared) IP
• talos-systems/talos@95f440eaa test: add fuzz test for configloader
• talos-systems/talos@d2cf021d8 chore: remove deprecated "join" term
• talos-systems/talos@0e18e2800 chore: bump dependencies
• talos-systems/talos@b450b7cef chore: deprecate Interfaces and Routes APIs
• talos-systems/talos@cddcb9622 fix: find devices without partition table
• talos-systems/talos@b1b6d6136 fix: check for existence of dhcp6 FQDN first
• talos-systems/talos@519999b84 fix: use readonly mode when probing devices with All lookup
• talos-systems/talos@2b5204200 feat: enable resource API in the maintenance mode
• talos-systems/talos@452893c26 fix: make probe open blockdevice in readonly mode
• talos-systems/talos@96bccdd3b test: update CABPT provider to 0.3 release
• talos-systems/talos@d9eb18bfd fix: containerd log symlink
• talos-systems/talos@efa7f48e0 docs: quicklinks on landing page
• talos-systems/talos@1cb9f282b fix: don't marshal clock with SecretsBundle
• talos-systems/talos@b27c75b30 release(v0.13.0-alpha.1): prepare release
• talos-systems/talos@9d803d75b chore: bump dependencies and drop firecracker support
• talos-systems/talos@50a241048 feat: add operating system version field to discovery
• talos-systems/talos@085c61b2e chore: add a special condition to check for kubeconfig readiness
• talos-systems/talos@21cdd8540 fix: add node address to the list of allowed IPs (kubespan)
• talos-systems/talos@fdd80a123 feat: add an option to continue booting on NTP timeout
• talos-systems/talos@ef3684989 feat: add routes, routing rules and nftables rules for KubeSpan
• talos-systems/talos@ed12379f2 fix: patch multi nodes support
• talos-systems/talos@d943bb0e2 feat: update Kubernetes to 1.22.2
• talos-systems/talos@d0585fb6b feat: reboot via kexec
• talos-systems/talos@3de505c89 fix: skip bad cloud-config in OpenStack platform
• talos-systems/talos@a394d1e20 fix: tear down control plane static pods when etcd is stopped
• talos-systems/talos@1c05089bb feat: implement KubeSpan manager for Wireguard peer state
• talos-systems/talos@ec7f44efe fix: completely prevent editing resources other than mc
• talos-systems/talos@19a8ae97c feat: add vultr.com cloud support
• talos-systems/talos@0ff4c7cdb fix: write KubernetesCACert chmodded 0400 instead of 0500
• talos-systems/talos@a1c9d6490 fix: update the way results are retrieved for certified conformance
• talos-systems/talos@a05945404 chore: build using Go 1.17
• talos-systems/talos@7c5045bd9 release(v0.13.0-alpha.0): prepare release
• talos-systems/talos@ee2dce6c1 chore: bump dependencies
• talos-systems/talos@ef0229592 fix: print etcd member ID in hex
• talos-systems/talos@5ca1fb822 fix: multiple fixes for KubeSpan and Wireguard implementation
• talos-systems/talos@b1bd64250 fix: build platform images
• talos-systems/talos@3b5f4038d feat: add scaleway.com cloud support
• talos-systems/talos@f156ab184 feat: add upcloud.com cloud support
• talos-systems/talos@c3b2429ce fix: suppress spurious Kubernetes API server cert updates
• talos-systems/talos@ff90b5751 feat: implement KubeSpan peer generation controller
• talos-systems/talos@14c69df50 fix: correctly parse multiple pod/service CIDRs
• talos-systems/talos@69897dbba feat: drop some capabilities to be never available
• talos-systems/talos@51e9836b0 docs: promote 0.12 docs to be the latest
• talos-systems/talos@812d59c70 feat: add hetzner.com cloud support
• talos-systems/talos@d53e9e896 chore: use named constants
• talos-systems/talos@2dfe7f1fc chore: bump tools to the latest version
• talos-systems/talos@82b130e78 docs: document required options for extraMounts
• talos-systems/talos@af6622109 feat: implement Kubernetes cluster discovery registry
• talos-systems/talos@2c66e1b3c feat: provide building of local Affiliate structure (for the node)
• talos-systems/talos@d69bd2af3 chore: enable GPG identity check for Talos
• talos-systems/talos@8dbd851fd chore: update tools/pkgs/extras to the new version
• talos-systems/talos@0b347570a feat: use dynamic NodeAddresses/HostnameStatus in Kubernetes certs
• talos-systems/talos@bd5b9c96e fix: correctly define example for extraMounts
• talos-systems/talos@01cca099f docs: update docs for Talos 0.12 release
• talos-systems/talos@668627d5b feat: add subnet filter for etcd address
• talos-systems/talos@3c3c281bf chore: bump dependencies via dependabot
• talos-systems/talos@f8bebba2d fix: ignore error on duplicate for MountStatus
• talos-systems/talos@6956edd0b feat: add node address filters, filter out k8s addresses for Talos API
• talos-systems/talos@caee24bf6 feat: implement KubeSpan identity controller
• talos-systems/talos@da0f6e7e1 fix: allow updating diskSelector option
• talos-systems/talos@761ccaf32 feat: provide machine configuration for KubeSpan and cluster discovery
• talos-systems/talos@a81e30cb4 docs: add bootstrap command to VMware docs
• talos-systems/talos@97da354cc fix: do not panic on invalid machine configs
• talos-systems/talos@c4048e263 fix: don't extract nil IPs in the GCP platform
• talos-systems/talos@ba169c6f9 feat: provide talosctl.exe for Windows
• talos-systems/talos@6312f473e fix: properly handle omitempty fields in the validator
• talos-systems/talos@7f22879af feat: provide random node identity
• talos-systems/talos@032e7c6b8 chore: import yaml.v3 consistently
• talos-systems/talos@80b5f0e7f fix: validate IP address returned as HTTP response in platform code
• talos-systems/talos@c9af8f7ff docs: fork docs for 0.13
• talos-systems/talos@85cda1b95 feat: provide MountStatus resource for system partition mounts
• talos-systems/talos@950f122c9 chore: update versions in upgrade tests
• talos-systems/talos@83fdb7721 feat: provide first NIC hardware addr as a resource
• talos-systems/talos@5f5ac12f1 fix: properly case the VMware name
• talos-systems/talos@0a6048f46 fix: don't allow bootstrap if etcd data directory is not empty
• talos-systems/talos@e24b93b4e fix: cgroup delegate
• talos-systems/talos@751f64f9b docs: add release notes for 0.12, support matrix
• talos-systems/talos@57a77696e feat: update Kubernetes to 1.22.1
• talos-systems/talos@244b08cc1 chore: bump dependencies
• talos-systems/talos@576ba1957 fix: do not set KSPP kernel params in container mode
• talos-systems/talos@b8c92ede5 fix: don't support cgroups nesting in process runner
• talos-systems/talos@9bb0b7970 test: adapt tests to the cgroupsv2
• talos-systems/talos@1abc12be1 fix: extramount should have yaml:",inline" tag
• talos-systems/talos@2b614e430 feat: check if cluster has deprecated resources versions
• talos-systems/talos@0b86edab8 fix: don't panic if the machine config doesn't have network (EM)
• talos-systems/talos@8bef41e4b fix: make sure file mode is same (reproducibility issue)
• talos-systems/talos@fcfca55a0 chore: do not check that go mod tidy gives empty output
• talos-systems/talos@5ce92ca51 docs: ensure azure VMs are 0 indexed

Changes since v0.13.0-alpha.1

• talos-systems/talos@9c67fde75 release(v0.13.0-alpha.2): prepare release
• talos-systems/talos@30ae71424 feat: implement integration with Discovery Service
• talos-systems/talos@353d632ae feat: add nocloud platform support
• talos-systems/talos@628fbf9b4 chore: update Linux to 5.10.69
• talos-systems/talos@62acd6251 fix: check trustd API CA on worker nodes
• talos-systems/talos@ba27bc366 feat: implement Hetzner Cloud support for virtual (shared) IP
• talos-systems/talos@95f440eaa test: add fuzz test for configloader
• talos-systems/talos@d2cf021d8 chore: remove deprecated "join" term
• talos-systems/talos@0e18e2800 chore: bump dependencies
• talos-systems/talos@b450b7cef chore: deprecate Interfaces and Routes APIs
• talos-systems/talos@cddcb9622 fix: find devices without partition table
• talos-systems/talos@b1b6d6136 fix: check for existence of dhcp6 FQDN first
• talos-systems/talos@519999b84 fix: use readonly mode when probing devices with All lookup
• talos-systems/talos@2b5204200 feat: enable resource API in the maintenance mode
• talos-systems/talos@452893c26 fix: make probe open blockdevice in readonly mode
• talos-systems/talos@96bccdd3b test: update CABPT provider to 0.3 release
• talos-systems/talos@d9eb18bfd fix: containerd log symlink
• talos-systems/talos@efa7f48e0 docs: quicklinks on landing page
• talos-systems/talos@1cb9f282b fix: don't marshal clock with SecretsBundle

Changes from talos-systems/discovery-service

• talos-systems/discovery-service@e9d5dfa fix: enable connections to endpoints with public certs
• talos-systems/discovery-service@509e9b2 feat: implement client wrapper around discovery service API
• talos-systems/discovery-service@6195466 feat: enable vtprotobuf, watch batching, more limits
• talos-systems/discovery-service@7174ec1 feat: implement new discovery service
• talos-systems/discovery-service@1a43970 feat: add node and cluster validation
• talos-systems/discovery-service@6454cfc refactor: kresify, fix linter and rename to Kubespan manager
• talos-systems/discovery-service@d782452 add redis database backend
• talos-systems/discovery-service@924fed4 refactor to flexible addresses
• talos-systems/discovery-service@cd02b5a revert to string IDs
• talos-systems/discovery-service@576288f add self-reported IPs
• talos-systems/discovery-service@6ad15ca strong typing and known endpoint API
• talos-systems/discovery-service@3437ff2 fixes from testing
• talos-systems/discovery-service@d3fd1f3 add Name to Node
• talos-systems/discovery-service@eb0e8ba add simple client pkg
• talos-systems/discovery-service@5e0c1df add cluster hash grouping
• talos-systems/discovery-service@f982696 initial commit

Changes from talos-systems/extras

• talos-systems/extras@52b27da chore: update pkgs and tools to 0.8.0-alpha.0

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@70d2865 fix: try to find cdrom disks
• talos-systems/go-blockdevice@667bf53 fix: revert gpt partition not found
• talos-systems/go-blockdevice@d7d4cdd fix: gpt partition not found
• talos-systems/go-blockdevice@33afba3 fix: also open in readonly mode when running All lookup method
• talos-systems/go-blockdevice@e367f9d feat: make probe always open blockdevices in readonly mode
• talos-systems/go-blockdevice@d981156 fix: allow Build for Windows

Changes from talos-systems/pkgs

• talos-systems/pkgs@28cda67 feat: update Linux kernel to 5.10.69
• talos-systems/pkgs@db90f93 chore: update tools
• talos-systems/pkgs@ca38c59 feat: enable KEXEC_FILE_LOAD in the kernel
• talos-systems/pkgs@982bc18 chore: update tools
• talos-systems/pkgs@a243ab8 feat: add /usr/src to FHS
• talos-systems/pkgs@428abdb chore: support builds with HTTP_PROXY
• talos-systems/pkgs@13151c5 chore: update bldr version, update tools

Changes from talos-systems/tools

• talos-systems/tools@2790b55 feat: update Go to 1.17.1
• talos-systems/tools@5b9d214 fix: restore static library for ncurses
• talos-systems/tools@01104e5 chore: reproducible builds
• talos-systems/tools@53fe146 chore: update bldr with new version
• talos-systems/tools@bf4540d chore: add patch dependency

Dependency Changes

• github.com/containerd/go-cni v1.0.2 -> v1.1.0
• github.com/containernetworking/cni v0.8.1 -> v1.0.1
• github.com/containernetworking/plugins v0.9.1 -> v1.0.1
• github.com/cosi-project/runtime 25f235cd0682 -> 5cb7f5002d77
• github.com/fatih/color v1.12.0 -> v1.13.0
• github.com/fsnotify/fsnotify v1.4.9 -> v1.5.1
• github.com/gdamore/tcell/v2 v2.4.0 -> f057f0a857a1
• github.com/google/nftables 16a134723a96 new
• github.com/hashicorp/go-getter v1.5.7 -> v1.5.8
• github.com/hetznercloud/hcloud-go v1.32.0 new
• github.com/insomniacslk/dhcp 1cac67f12b1e -> b95caade3eac
• github.com/jsimonetti/rtnetlink 9c52e516c709 -> 435639c8e6a8
• github.com/jxskiss/base62 4f11678b909b new
• github.com/mattn/go-isatty v0.0.13 -> v0.0.14
• github.com/mdlayher/netx 669a06fde734 new
• github.com/packethost/packngo v0.19.0 -> v0.19.1
• github.com/prometheus/procfs v0.7.2 -> v0.7.3
• github.com/rivo/tview 29d673af0ce2 -> ee97a7ab3975
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7 new
• github.com/talos-systems/discovery-service e9d5dfa15e92 new
• github.com/talos-systems/extras v0.5.0 -> v0.6.0-alpha.0
• github.com/talos-systems/go-blockdevice v0.2.3 -> 70d28650b398
• github.com/talos-systems/pkgs v0.7.0 -> v0.8.0-alpha.0-4-g28cda67
• github.com/talos-systems/tools v0.7.0-1-ga33ccc1 -> v0.8.0-alpha.0-3-g2790b55
• github.com/vishvananda/netlink f5de75959ad5 new
• github.com/vmware-tanzu/sonobuoy v0.53.1 -> v0.53.2
• github.com/vmware/govmomi v0.26.0 -> v0.26.1
• github.com/vultr/metadata v1.0.3 new
• go.uber.org/zap v1.19.0 -> v1.19.1
• golang.org/x/net 853a461950ff -> 3ad01bbaa167
• golang.org/x/sys 0f9fa26af87c -> 39ccf1dd6fa6
• golang.org/x/term 6886f2dfbf5b -> 140adaaadfaf
• golang.zx2c4.com/wireguard/wgctrl 92e472f520a5 -> 0a2f4901cba6
• google.golang.org/grpc v1.40.0 -> v1.41.0
• inet.af/netaddr ce7a8ad02cc1 -> 85fa6c94624e
• k8s.io/api v0.22.1 -> v0.22.2
• k8s.io/apimachinery v0.22.1 -> v0.22.2
• k8s.io/client-go v0.22.1 -> v0.22.2
• k8s.io/kubectl v0.22.1 -> v0.22.2
• k8s.io/kubelet v0.22.1 -> v0.22.2
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 new

Previous release can be found at v0.12.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.6.0-alpha.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.22.2
k8s.gcr.io/kube-controller-manager:v1.22.2
k8s.gcr.io/kube-scheduler:v1.22.2
k8s.gcr.io/kube-proxy:v1.22.2
ghcr.io/talos-systems/kubelet:v1.22.2
ghcr.io/talos-systems/installer:v0.13.0-alpha.2
k8s.gcr.io/pause:3.2

Talos 0.12.3 (2021-09-28)

Welcome to the v0.12.3 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Support for Self-hosted Control Plane Dropped

Note: This item only applies to clusters bootstrapped with Talos <= 0.8.

Talos 0.12 completely removes support for self-hosted Kubernetes control plane (bootkube-based).
Talos 0.9 introduced support for Talos-managed control plane and provided migration path to convert self-hosted control plane
to Talos-managed static pods.
Automated and manual conversion process is available in Talos from 0.9.x to 0.11.x.
For clusters bootstrapped with bootkube (Talos <= 0.8), please make sure control plane is converted to Talos-managed
before upgrading to Talos 0.12.
Current control plane status can be checked with talosctl get bootstrapstatus before performing upgrade to Talos 0.12.

Cluster API v0.3.x

Cluster API v0.3.x (v1alpha3) is not compatible with Kubernetes 1.22 used by default in Talos 0.12.
Talos can be configued to use Kubernetes 1.21 or CAPI v0.4.x components can be used instead.

Machine Config Validation

Unknown keys in the machine config now make the config invalid,
so any attempt to apply/edit the configuration with the unknown keys will lead into an error.

Sysctl Configuration

Sysctl Kernel Params configuration was completely rewritten to be based on controllers and resources,
which makes it possible to apply .machine.sysctls in immediate mode (without a reboot).
talosctl get kernelparams returns merged list of KSPP, Kubernetes and user defined params along with
the default values overwritten by Talos.

Equinix Metal

Added support for Equinix Metal IPs for the Talos virtual (shared) IP (option equinixMetal under vip in the machine configuration).
Talos automatically re-assigns IP using the Equinix Metal API when leadership changes.

etcd

New etcd cluster members are now joined in learner mode, which improves cluster resiliency
to member join issues.

Join Node Type

Node type join was renamed to worker for clarity. The old value is still accepted in the machine configuration but deprecated.
talosctl gen config now generates worker.yaml instead of join.yaml.

Networking

• multiple static addresses can be specified for the interface with new .addresses field (old .cidr field is deprecated now)
• static addresses can be set on interfaces configured with DHCP

Performance

• machined uses less memory and CPU time
• more disk encryption options are exposed via the machine configuration
• disk partitions are now aligned properly with minimum I/O size
• Talos system processes are moved under proper cgroups, resource metrics are now available via the kubelet
• OOM score is set on the system processes making sure they are killed last under memory pressure

Security

• etcd PKI moved to /system/secrets
• kubelet bootstrap CSR auto-signing scoped to kubelet bootstrap tokens only
• enforce default seccomp profile on all system containers
• run system services apid, trustd, and etcd as non-root users

Component Updates

• Linux: 5.10.58
• Kubernetes: 1.22.2
• containerd: 1.5.5
• runc: 1.0.1
• GRUB: 2.06
• Talos is built with Go 1.16.7

Kubernetes Upgrade

talosctl upgrade-k8s now checks if cluster has any resources which are going to be removed or migrated to the new version after upgrade
and shows that as a warning before the upgrade.
Additionally, upgrade-k8s command now has --dry-run flag that only prints out warnings and upgrade summary.

Contributors

• Andrey Smirnov
• Andrey Smirnov
• Alexey Palazhchenko
• Serge Logvinov
• Artem Chernyshev
• Artem Chernyshev
• Spencer Smith
• Alexey Palazhchenko
• dependabot[bot]
• Andrew Rynhard
• Noel Georgi
• Rui Lopes
• Seán C McCord
• Caleb Woodbine
• Lennard Klein

Changes

• talos-systems/talos@9537663d9 release(v0.12.3): prepare release
• talos-systems/talos@07c87a1b6 fix: check trustd API CA on worker nodes
• talos-systems/talos@ce1226b2f fix: check for existence of dhcp6 FQDN first
• talos-systems/talos@ed94d504a fix: containerd log symlink
• talos-systems/talos@7e63e43eb fix: don't marshal clock with SecretsBundle
• talos-systems/talos@f195bf537 release(v0.12.2): prepare release
• talos-systems/talos@7b4a6b361 fix: patch multi nodes support
• talos-systems/talos@ccb24bc18 feat: update Kubernetes to 1.22.2
• talos-systems/talos@110551865 fix: tear down control plane static pods when etcd is stopped
• talos-systems/talos@5824f5024 fix: completely prevent editing resources other than mc
• talos-systems/talos@5700c81bf fix: write KubernetesCACert chmodded 0400 instead of 0500
• talos-systems/talos@6adaee33a release(v0.12.1): prepare release
• talos-systems/talos@a72fa2a93 fix: correctly define example for extraMounts
• talos-systems/talos@ff9681a74 release(v0.12.0): prepare release
• talos-systems/talos@75ce68d90 release(v0.12.0-beta.2): prepare release
• talos-systems/talos@87c258093 fix: allow updating diskSelector option
• talos-systems/talos@eba00723d fix: don't extract nil IPs in the GCP platform
• talos-systems/talos@3a38f0ded fix: properly handle omitempty fields in the validator
• talos-systems/talos@2e220cb65 fix: validate IP address returned as HTTP response in platform code
• talos-systems/talos@b63a2ea0e fix: don't allow bootstrap if etcd data directory is not empty
• talos-systems/talos@cd0532848 fix: cgroup delegate
• talos-systems/talos@e22301e76 chore: fix arm64 reproducibility issues
• talos-systems/talos@30e1ff614 release(v0.12.0-beta.1): prepare release
• talos-systems/talos@7630d998f chore: don't require single commit per PR
• talos-systems/talos@208ac9ac4 feat: update Kubernetes to 1.22.1
• talos-systems/talos@e84e2902c fix: don't support cgroups nesting in process runner
• talos-systems/talos@2cf53fb34 fix: do not set KSPP kernel params in container mode
• talos-systems/talos@1908f57c6 test: adapt tests to the cgroupsv2
• talos-systems/talos@4bb84ea0c fix: extramount should have yaml:",inline" tag
• talos-systems/talos@e948560be fix: don't panic if the machine config doesn't have network (EM)
• talos-systems/talos@a5726f2e6 chore: do not check that go mod tidy gives empty output
• talos-systems/talos@67494923b fix: make sure file mode is same (reproducibility issue)
• talos-systems/talos@65292880a feat: check if cluster has deprecated resources versions
• talos-systems/talos@7a0eb5fa2 release(v0.12.0-beta.0): prepare release
• talos-systems/talos@c601dc73f chore: update versions to final release tags
• talos-systems/talos@82731124b chore: run e2e-qemu test against Talos with race-detector enabled
• talos-systems/talos@37ea2c9ca feat: support for route source addresses in the configuration
• talos-systems/talos@0ef8f83ac chore: bump dependencies via dependabot
• talos-systems/talos@2108fd7b6 feat: update Linux to 5.10.58 and many pkgs updates
• talos-systems/talos@6ee690d9a release(v0.12.0-alpha.1): prepare release
• talos-systems/talos@1ed5e5453 feat: add ClusterID and ClusterSecret
• talos-systems/talos@228b37616 chore: run etcd as non-root user
• talos-systems/talos@3518219bf chore: drop deprecated --no-reboot param and KernelCurrentRoot const
• talos-systems/talos@33d1c3e42 chore: run apid and trustd services as non-root user
• talos-systems/talos@dadaa65d5 feat: print uid/gid for the files in ls -l
• talos-systems/talos@e6fa401b6 fix: enable seccomp default profile by default
• talos-systems/talos@8ddbcc964 feat: validate if extra fields present in the decoder
• talos-systems/talos@5b57a9800 chore: update Go to 1.16.7, Linux to 5.10.57
• talos-systems/talos@eefe1c21c feat: add new etcd members in learner mode
• talos-systems/talos@b1c66fbad feat: implement Equinix Metal support for virtual (shared) IP
• talos-systems/talos@62242f979 chore: require GPG signatures
• talos-systems/talos@faecae44f feat: make ISO builds reproducible
• talos-systems/talos@887c2326a release(v0.12.0-alpha.0): prepare release
• talos-systems/talos@a15f01844 fix: move etcd PKI under /system/secrets
• talos-systems/talos@eb02afe18 fix: match correctly routes on the address family
• talos-systems/talos@cb948accf feat: allow multiple addresses per interface
• talos-systems/talos@e030b2e8b chore: use k8s 1.21.3 in CAPI tests for now
• talos-systems/talos@e08b4f8f9 feat: implement sysctl controllers
• talos-systems/talos@fdf6b2433 chore: revert "improve artifacts generation reproducibility"
• talos-systems/talos@b68ed1eb8 fix: make route resources ID match closer routing table primary key
• talos-systems/talos@585f63371 fix: correctly handle nodoc for struct fields
• talos-systems/talos@f2d394dc4 docs: add AMIs for v0.11.5
• talos-systems/talos@d0970cbfd feat: bootstrap token limit
• talos-systems/talos@5285a46d7 fix: maintenance mode reason message
• talos-systems/talos@009d15e8d chore: use etcd client TryLock function on upgrade
• talos-systems/talos@4dae9ea55 chore: use vtprotobuf compiled marshaling in Talos API
• talos-systems/talos@7ca5749ad chore: bump dependencies via dependabot
• talos-systems/talos@b2507b41d chore: improve artifacts generation reproducibility
• talos-systems/talos@1f7dad234 chore: update PKGS version (512 cpus, new ca-certficates)
• talos-systems/talos@1a2e78a24 fix: update go-blockdevice
• talos-systems/talos@6d6ed1170 chore: use parallel xz with higher compression level
• talos-systems/talos@571f7db1b chore: workaround GitHub new release notes limit
• talos-systems/talos@09d70b7ea feat: update Kubernetes to v1.22.0
• talos-systems/talos@f25f10e73 feat: add an option to disable PSP
• talos-systems/talos@7c6e4cf23 feat: allow both DHCP and static addressing for the interface
• talos-systems/talos@3c566dbc3 fix: remove admission plugins enabled by default from the list
• talos-systems/talos@69ead3735 fix: preserve PMBR bootable flag correctly
• talos-systems/talos@dee630517 fix: align partitions with minimal I/O size
• talos-systems/talos@628902297 feat: update GRUB to 2.06
• talos-systems/talos@b9d04928d feat: move system processes to cgroups
• talos-systems/talos@0b8681b4b fix: resolve several issues with Wireguard link specs
• talos-systems/talos@f8f4bf3ba docs: add disk encryptions examples
• talos-systems/talos@79b8fa64b feat: update containerd to 1.5.5
• talos-systems/talos@539f42090 chore: bump dependencies via dependabot
• talos-systems/talos@0c7ce1cd8 feat: remove remnants of bootkube support
• talos-systems/talos@d4f9804f8 chore: fix typos
• talos-systems/talos@5f027615f feat: expose more encryption options to the machine config
• talos-systems/talos@585152a0b chore: bump dependencies
• talos-systems/talos@fc66ec596 feat: set oom score for main processes
• talos-systems/talos@df54584a3 fix: drop linux capabilities
• talos-systems/talos@f65d0b739 docs: add 0.11.3 AMIs
• talos-systems/talos@7332d6369 fix: bump pkgs for new kernel 5.10.52
• talos-systems/talos@70d2505b7 fix: do not require ToVersion to be set when detecting version
• talos-systems/talos@0953b1998 chore: update extras to bring a new CNI bundle
• talos-systems/talos@b6c47f866 fix: set the /etc/os-release HOME_URL parameter
• talos-systems/talos@c780821d0 feat: update containerd to 1.5.3, runc to 1.0.1
• talos-systems/talos@f8f1c83a7 feat: detect the lowest Kubernetes version in upgrade-k8s CLI command
• talos-systems/talos@55e17ccdd chore: bump dependencies
• talos-systems/talos@da6f786ca fix: kuberentes => kubernetes typo
• talos-systems/talos@2e463348b fix: pass all logs through the options.Log method
• talos-systems/talos@4e9c5afb6 fix: make ethtool optional in link status controller
• talos-systems/talos@bf61c2cc4 fix: write upgrade logs only to the LogOutput if it's defined
• talos-systems/talos@9c73257cb feat: update Go to 1.16.6
• talos-systems/talos@23ef1d40a chore: add ability to redirect talos upgrade module logs to io.Writer
• talos-systems/talos@33e9d6c98 chore: bump github.com/aws/aws-sdk-go in /hack/cloud-image-uploader
• talos-systems/talos@604434c43 chore: bump github.com/prometheus/procfs from 0.6.0 to 0.7.0
• talos-systems/talos@2ea28f62d chore: bump node from 16.3.0-alpine to 16.4.2-alpine
• talos-systems/talos@b358a189b fix: correctly pick route scope for link-local destination
• talos-systems/talos@6848d4314 feat: can change clusterdns ip lists
• talos-systems/talos@72b76abfd fix: workaround issues when IPv6 is fully or partially disabled
• talos-systems/talos@679b08f4f docs: update docs for 0.12
• talos-systems/talos@6fbec9e0c fix: cache etcd client used for healthchecks
• talos-systems/talos@eea750de2 chore: rename "join" type to "worker"
• talos-systems/talos@951493ac8 docs: update what's new for Talos 0.11
• talos-systems/talos@b47d1098b docs: promote 0.11 docs to be the latest
• talos-systems/talos@d930a2650 chore: implement DeepCopy for machine configuration
• talos-systems/talos@fe4ed3c73 chore: ignore tags which don't look like semantic version
• talos-systems/talos@b969e7720 chore: update references to old protobuf package
• talos-systems/talos@2ba8ac9ab docs: add documentation directory for 0.12
• talos-systems/talos@011e2885e fix: validate bond slaves addressing
• talos-systems/talos@10c28758a fix: ignore DeadlineExceeded error correctly on bootstrap
• talos-systems/talos@77fabacec chore: ignore future pkg/machinery/vX.Y.Z tags
• talos-systems/talos@6b661114d fix: make COSI runtime history depth smaller
• talos-systems/talos@9bf899bdd fix: make forfeit leadership connect to the right node
• talos-systems/talos@4708beaee feat: implement talosctl config info command
• talos-systems/talos@6d13d2cf9 fix: close Kubernetes API client
• talos-systems/talos@aaa36f3b4 fix: ignore 'not a leader' error on forfeit leadership
• talos-systems/talos@22a419367 fix: workaround 'Unauthorized' errors when accessing Kubernetes API
• talos-systems/talos@71c6f7004 chore: bump go.mod dependencies
• talos-systems/talos@915cd8fe2 docs: add guide for RBAC
• talos-systems/talos@f5721050d fix: controlplane keyusage
• talos-systems/talos@3d7726613 fix: fill uuid argument correctly in the config download URL
• talos-systems/talos@d8602025c chore: update containerd config version 2
• talos-systems/talos@5949ec4e6 docs: describe the new network configuration subsystem
• talos-systems/talos@444d72b4d feat: update pkgs version
• talos-systems/talos@e883c12b3 fix: make output of upgrade-k8s command less scary
• talos-systems/talos@7f8e50de4 fix: restart the merge controllers on conflict
• talos-systems/talos@60d736094 fix: ignore deadline exceeded errors on bootstrap
• talos-systems/talos@ee06dd69f fix: don't print git sha of the release twice in the dashboard
• talos-systems/talos@07fb61e5d fix: issue worker apid certs properly on renewal
• talos-systems/talos@84817f733 chore: bump Talos version in upgrade tests
• talos-systems/talos@2fa54107b chore: fix tests for disabled RBAC
• talos-systems/talos@78583ba98 fix: don't set bond delay options if miimon is not enabled
• talos-systems/talos@bbf1c091d feat: add RBAC to talosctl version output
• talos-systems/talos@5f6ec3ef6 fix: handle cases when merged resource re-appears before being destroyed
• talos-systems/talos@1e9a0e745 fix: documentation typos
• talos-systems/talos@f228af406 chore: bump go.mod dependencies
• talos-systems/talos@2060ceaa0 chore: add CAPI version to CI setup
• talos-systems/talos@ad047a7de chore: small RBAC improvements

Changes since v0.12.2

• talos-systems/talos@9537663d9 release(v0.12.3): prepare release
• talos-systems/talos@07c87a1b6 fix: check trustd API CA on worker nodes
• talos-systems/talos@ce1226b2f fix: check for existence of dhcp6 FQDN first
• talos-systems/talos@ed94d504a fix: containerd log symlink
• talos-systems/talos@7e63e43eb fix: don't marshal clock with SecretsBundle

Changes from talos-systems/crypto

• talos-systems/crypto@deec8d4 chore: implement DeepCopy methods for PEMEncoded* types

Changes from talos-systems/extras

• talos-systems/extras@bdd1767 chore: update tools and pkgs to final 0.7.0
• talos-systems/extras@8ce17e5 chore: bump tools and packages for Go 1.16.7
• talos-systems/extras@4957f3c chore: update pkgs to use CNI plugins v0.9.1
• talos-systems/extras@233716a feat: update Go to 1.16.6

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@fe24303 fix: perform correct PMBR partition calculations
• talos-systems/go-blockdevice@2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
• talos-systems/go-blockdevice@87816a8 feat: align partition to minimum I/O size
• talos-systems/go-blockdevice@c34b59f feat: expose more encryption options in the LUKS module

Changes from talos-systems/pkgs

• talos-systems/pkgs@818761f chore: update tools to 0.7.0
• talos-systems/pkgs@35b7e68 feat: bump u-boot to 2021.07
• talos-systems/pkgs@c68b090 feat: bump raspberrypi-firmware to 1.20210805
• talos-systems/pkgs@f64023c feat: bump util-linux to 2.37
• talos-systems/pkgs@c0ef725 feat: update LibreSSL to 3.2.5
• talos-systems/pkgs@0d12460 feat: update linux-firmware to 20210716
• talos-systems/pkgs@7a29722 fix: set iPXE version properly
• talos-systems/pkgs@958023c feat: update eudev to 3.2.10
• talos-systems/pkgs@dc1008d feat: update Linux to 5.10.58
• talos-systems/pkgs@da4ac04 chore: bump tools for Go 1.16.7
• talos-systems/pkgs@10275fb feat: update Linux to 5.10.57
• talos-systems/pkgs@875c7ec chore: patch grub with support for reproducible ISO builds
• talos-systems/pkgs@12856ce feat: increase number of CPUs supported by the kernel to 512
• talos-systems/pkgs@cbfabac chore: update ca-certificates to 2021-07-05
• talos-systems/pkgs@0c011c0 feat: update GRUB to 2.06
• talos-systems/pkgs@5090d14 chore: update containerd to v1.5.5
• talos-systems/pkgs@6653902 feat: add kernel drivers for fusion and scsi-isci
• talos-systems/pkgs@9b4041f chore: update containerd to v1.5.4
• talos-systems/pkgs@7b6cc05 feat: update kernel to latest 5.10.52
• talos-systems/pkgs@65159fb chore: update runc and CNI plugins
• talos-systems/pkgs@514ba34 feat: disable aufs, devmapper, zfs
• talos-systems/pkgs@6bc118f chore: update runc and containerd
• talos-systems/pkgs@b6fca88 feat: update Go to 1.16.6
• talos-systems/pkgs@fd56852 chore: update open-isns and open-iscsi
• talos-systems/pkgs@d779204 chore: update dosfstools to v4.2
• talos-systems/pkgs@bc7c0d7 feat: add support for hotplug of PCIE devices

Changes from talos-systems/tools

• talos-systems/tools@a33ccc1 chore: bump toolchain for binutils multiarch
• talos-systems/tools@2368154 feat: update Go and protoc-gen-go tools
• talos-systems/tools@7172a5d feat: update Go to 1.16.6
• talos-systems/tools@1de34d7 chore: update musl
• talos-systems/tools@76979a1 chore: update protobuf deps
• talos-systems/tools@0846c64 chore: update expat

Dependency Changes

• github.com/BurntSushi/toml v0.3.1 -> v0.4.1
• github.com/containerd/containerd v1.5.2 -> v1.5.5
• github.com/cosi-project/runtime 93ead370bf57 -> 25f235cd0682
• github.com/docker/docker v20.10.7 -> v20.10.8
• github.com/google/uuid v1.2.0 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.4 -> v1.5.7
• github.com/opencontainers/runtime-spec e6143ca7d51d -> 1c3f411f0417
• github.com/packethost/packngo v0.19.0 new
• github.com/prometheus/procfs v0.6.0 -> v0.7.2
• github.com/rivo/tview d4fb0348227b -> 29d673af0ce2
• github.com/spf13/cobra v1.1.3 -> v1.2.1
• github.com/talos-systems/crypto v0.3.1 -> v0.3.2
• github.com/talos-systems/extras v0.4.0 -> v0.5.0
• github.com/talos-systems/go-blockdevice v0.2.1 -> v0.2.3
• github.com/talos-systems/pkgs v0.6.0-1-g7b2e126 -> v0.7.0
• github.com/talos-systems/talos/pkg/machinery 000000000000 -> v0.12.3
• github.com/talos-systems/tools v0.6.0 -> v0.7.0-1-ga33ccc1
• github.com/vmware-tanzu/sonobuoy v0.52.0 -> v0.53.1
• go.uber.org/zap v1.17.0 -> v1.19.0
• golang.org/x/net 04defd469f4e -> 853a461950ff
• golang.org/x/sys 59db8d763f22 -> 0f9fa26af87c
• golang.org/x/time 38a9dc6acbc6 -> 1f47c861a9ac
• google.golang.org/grpc v1.38.0 -> v1.40.0
• google.golang.org/protobuf v1.26.0 -> v1.27.1
• inet.af/netaddr bf05d8b52dda -> ce7a8ad02cc1
• k8s.io/api v0.21.2 -> v0.22.1
• k8s.io/apimachinery v0.21.2 -> v0.22.1
• k8s.io/client-go v0.21.2 -> v0.22.1
• k8s.io/cri-api v0.21.2 -> v0.22.1
• k8s.io/kubectl v0.21.2 -> v0.22.1
• k8s.io/kubelet v0.21.2 -> v0.22.1

Previous release can be found at v0.11.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.5.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.22.2
k8s.gcr.io/kube-controller-manager:v1.22.2
k8s.gcr.io/kube-scheduler:v1.22.2
k8s.gcr.io/kube-proxy:v1.22.2
ghcr.io/talos-systems/kubelet:v1.22.2
ghcr.io/talos-systems/installer:v0.12.3
k8s.gcr.io/pause:3.2

Talos 0.13.0-alpha.1 (2021-09-20)

Welcome to the v0.13.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Hetzner, Scaleway, Upcloud and Vultr

Talos now natively supports three new cloud platforms:

• Hetzner
• Scaleway
• Upcloud
• Vultr

etcd Advertised Address

The address advertised by etcd can now be controlled with new machine configuration option machine.etcd.subnet.

Reboots via kexec

Talos now reboots by default via kexec syscall which means BIOS POST process is skipped.
On bare-metal hardware BIOS POST process might take 10-15 minutes, so Talos reboots 10-15 minutes faster on bare-metal.

Kexec support can be disabled with the following change to the machine configuration:

machine:
  sysctls:
    kernel.kexec_load_disabled: "1"

Cluster Discovery and KubeSpan

This release of Talos provides initial support for cluster membership discovery and KubeSpan.

These new features are not enabled by default, to enable them please make following changes to the machine configuration:

machine:
  network:
    kubespan:
      enabled: true
cluster:
  discovery:
    enabled: true

Windows Suport

CLI tool talosctl is now built for Windows and published as part of the release.

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Serge Logvinov
• Andrew Rynhard
• Olli Janatuinen
• Andrey Smirnov
• Lennard Klein
• Rui Lopes
• Spencer Smith

Changes

• talos-systems/talos@b27c75b30 release(v0.13.0-alpha.1): prepare release
• talos-systems/talos@9d803d75b chore: bump dependencies and drop firecracker support
• talos-systems/talos@50a241048 feat: add operating system version field to discovery
• talos-systems/talos@085c61b2e chore: add a special condition to check for kubeconfig readiness
• talos-systems/talos@21cdd8540 fix: add node address to the list of allowed IPs (kubespan)
• talos-systems/talos@fdd80a123 feat: add an option to continue booting on NTP timeout
• talos-systems/talos@ef3684989 feat: add routes, routing rules and nftables rules for KubeSpan
• talos-systems/talos@ed12379f2 fix: patch multi nodes support
• talos-systems/talos@d943bb0e2 feat: update Kubernetes to 1.22.2
• talos-systems/talos@d0585fb6b feat: reboot via kexec
• talos-systems/talos@3de505c89 fix: skip bad cloud-config in OpenStack platform
• talos-systems/talos@a394d1e20 fix: tear down control plane static pods when etcd is stopped
• talos-systems/talos@1c05089bb feat: implement KubeSpan manager for Wireguard peer state
• talos-systems/talos@ec7f44efe fix: completely prevent editing resources other than mc
• talos-systems/talos@19a8ae97c feat: add vultr.com cloud support
• talos-systems/talos@0ff4c7cdb fix: write KubernetesCACert chmodded 0400 instead of 0500
• talos-systems/talos@a1c9d6490 fix: update the way results are retrieved for certified conformance
• talos-systems/talos@a05945404 chore: build using Go 1.17
• talos-systems/talos@7c5045bd9 release(v0.13.0-alpha.0): prepare release
• talos-systems/talos@ee2dce6c1 chore: bump dependencies
• talos-systems/talos@ef0229592 fix: print etcd member ID in hex
• talos-systems/talos@5ca1fb822 fix: multiple fixes for KubeSpan and Wireguard implementation
• talos-systems/talos@b1bd64250 fix: build platform images
• talos-systems/talos@3b5f4038d feat: add scaleway.com cloud support
• talos-systems/talos@f156ab184 feat: add upcloud.com cloud support
• talos-systems/talos@c3b2429ce fix: suppress spurious Kubernetes API server cert updates
• talos-systems/talos@ff90b5751 feat: implement KubeSpan peer generation controller
• talos-systems/talos@14c69df50 fix: correctly parse multiple pod/service CIDRs
• talos-systems/talos@69897dbba feat: drop some capabilities to be never available
• talos-systems/talos@51e9836b0 docs: promote 0.12 docs to be the latest
• talos-systems/talos@812d59c70 feat: add hetzner.com cloud support
• talos-systems/talos@d53e9e896 chore: use named constants
• talos-systems/talos@2dfe7f1fc chore: bump tools to the latest version
• talos-systems/talos@82b130e78 docs: document required options for extraMounts
• talos-systems/talos@af6622109 feat: implement Kubernetes cluster discovery registry
• talos-systems/talos@2c66e1b3c feat: provide building of local Affiliate structure (for the node)
• talos-systems/talos@d69bd2af3 chore: enable GPG identity check for Talos
• talos-systems/talos@8dbd851fd chore: update tools/pkgs/extras to the new version
• talos-systems/talos@0b347570a feat: use dynamic NodeAddresses/HostnameStatus in Kubernetes certs
• talos-systems/talos@bd5b9c96e fix: correctly define example for extraMounts
• talos-systems/talos@01cca099f docs: update docs for Talos 0.12 release
• talos-systems/talos@668627d5b feat: add subnet filter for etcd address
• talos-systems/talos@3c3c281bf chore: bump dependencies via dependabot
• talos-systems/talos@f8bebba2d fix: ignore error on duplicate for MountStatus
• talos-systems/talos@6956edd0b feat: add node address filters, filter out k8s addresses for Talos API
• talos-systems/talos@caee24bf6 feat: implement KubeSpan identity controller
• talos-systems/talos@da0f6e7e1 fix: allow updating diskSelector option
• talos-systems/talos@761ccaf32 feat: provide machine configuration for KubeSpan and cluster discovery
• talos-systems/talos@a81e30cb4 docs: add bootstrap command to VMware docs
• talos-systems/talos@97da354cc fix: do not panic on invalid machine configs
• talos-systems/talos@c4048e263 fix: don't extract nil IPs in the GCP platform
• talos-systems/talos@ba169c6f9 feat: provide talosctl.exe for Windows
• talos-systems/talos@6312f473e fix: properly handle omitempty fields in the validator
• talos-systems/talos@7f22879af feat: provide random node identity
• talos-systems/talos@032e7c6b8 chore: import yaml.v3 consistently
• talos-systems/talos@80b5f0e7f fix: validate IP address returned as HTTP response in platform code
• talos-systems/talos@c9af8f7ff docs: fork docs for 0.13
• talos-systems/talos@85cda1b95 feat: provide MountStatus resource for system partition mounts
• talos-systems/talos@950f122c9 chore: update versions in upgrade tests
• talos-systems/talos@83fdb7721 feat: provide first NIC hardware addr as a resource
• talos-systems/talos@5f5ac12f1 fix: properly case the VMware name
• talos-systems/talos@0a6048f46 fix: don't allow bootstrap if etcd data directory is not empty
• talos-systems/talos@e24b93b4e fix: cgroup delegate
• talos-systems/talos@751f64f9b docs: add release notes for 0.12, support matrix
• talos-systems/talos@57a77696e feat: update Kubernetes to 1.22.1
• talos-systems/talos@244b08cc1 chore: bump dependencies
• talos-systems/talos@576ba1957 fix: do not set KSPP kernel params in container mode
• talos-systems/talos@b8c92ede5 fix: don't support cgroups nesting in process runner
• talos-systems/talos@9bb0b7970 test: adapt tests to the cgroupsv2
• talos-systems/talos@1abc12be1 fix: extramount should have yaml:",inline" tag
• talos-systems/talos@2b614e430 feat: check if cluster has deprecated resources versions
• talos-systems/talos@0b86edab8 fix: don't panic if the machine config doesn't have network (EM)
• talos-systems/talos@8bef41e4b fix: make sure file mode is same (reproducibility issue)
• talos-systems/talos@fcfca55a0 chore: do not check that go mod tidy gives empty output
• talos-systems/talos@5ce92ca51 docs: ensure azure VMs are 0 indexed

Changes since v0.13.0-alpha.0

• talos-systems/talos@b27c75b30 release(v0.13.0-alpha.1): prepare release
• talos-systems/talos@9d803d75b chore: bump dependencies and drop firecracker support
• talos-systems/talos@50a241048 feat: add operating system version field to discovery
• talos-systems/talos@085c61b2e chore: add a special condition to check for kubeconfig readiness
• talos-systems/talos@21cdd8540 fix: add node address to the list of allowed IPs (kubespan)
• talos-systems/talos@fdd80a123 feat: add an option to continue booting on NTP timeout
• talos-systems/talos@ef3684989 feat: add routes, routing rules and nftables rules for KubeSpan
• talos-systems/talos@ed12379f2 fix: patch multi nodes support
• talos-systems/talos@d943bb0e2 feat: update Kubernetes to 1.22.2
• talos-systems/talos@d0585fb6b feat: reboot via kexec
• talos-systems/talos@3de505c89 fix: skip bad cloud-config in OpenStack platform
• talos-systems/talos@a394d1e20 fix: tear down control plane static pods when etcd is stopped
• talos-systems/talos@1c05089bb feat: implement KubeSpan manager for Wireguard peer state
• talos-systems/talos@ec7f44efe fix: completely prevent editing resources other than mc
• talos-systems/talos@19a8ae97c feat: add vultr.com cloud support
• talos-systems/talos@0ff4c7cdb fix: write KubernetesCACert chmodded 0400 instead of 0500
• talos-systems/talos@a1c9d6490 fix: update the way results are retrieved for certified conformance
• talos-systems/talos@a05945404 chore: build using Go 1.17

Changes from talos-systems/extras

• talos-systems/extras@52b27da chore: update pkgs and tools to 0.8.0-alpha.0

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@d981156 fix: allow Build for Windows

Changes from talos-systems/pkgs

• talos-systems/pkgs@db90f93 chore: update tools
• talos-systems/pkgs@ca38c59 feat: enable KEXEC_FILE_LOAD in the kernel
• talos-systems/pkgs@982bc18 chore: update tools
• talos-systems/pkgs@a243ab8 feat: add /usr/src to FHS
• talos-systems/pkgs@428abdb chore: support builds with HTTP_PROXY
• talos-systems/pkgs@13151c5 chore: update bldr version, update tools

Changes from talos-systems/tools

• talos-systems/tools@2790b55 feat: update Go to 1.17.1
• talos-systems/tools@5b9d214 fix: restore static library for ncurses
• talos-systems/tools@01104e5 chore: reproducible builds
• talos-systems/tools@53fe146 chore: update bldr with new version
• talos-systems/tools@bf4540d chore: add patch dependency

Dependency Changes

• github.com/containerd/go-cni v1.0.2 -> v1.1.0
• github.com/containernetworking/cni v0.8.1 -> v1.0.1
• github.com/containernetworking/plugins v0.9.1 -> v1.0.1
• github.com/cosi-project/runtime 25f235cd0682 -> 5cb7f5002d77
• github.com/fsnotify/fsnotify v1.4.9 -> v1.5.1
• github.com/gdamore/tcell/v2 v2.4.0 -> f057f0a857a1
• github.com/google/nftables 16a134723a96 new
• github.com/hashicorp/go-getter v1.5.7 -> v1.5.8
• github.com/insomniacslk/dhcp 1cac67f12b1e -> b95caade3eac
• github.com/jsimonetti/rtnetlink 9c52e516c709 -> 4cc3c1489576
• github.com/jxskiss/base62 4f11678b909b new
• github.com/mattn/go-isatty v0.0.13 -> v0.0.14
• github.com/mdlayher/netx 669a06fde734 new
• github.com/packethost/packngo v0.19.0 -> v0.19.1
• github.com/prometheus/procfs v0.7.2 -> v0.7.3
• github.com/rivo/tview 29d673af0ce2 -> f7430b878d17
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7 new
• github.com/talos-systems/extras v0.5.0 -> v0.6.0-alpha.0
• github.com/talos-systems/go-blockdevice v0.2.3 -> d9811569588b
• github.com/talos-systems/pkgs v0.7.0 -> v0.8.0-alpha.0-3-gdb90f93
• github.com/talos-systems/tools v0.7.0-1-ga33ccc1 -> v0.8.0-alpha.0-3-g2790b55
• github.com/vishvananda/netlink f5de75959ad5 new
• github.com/vmware-tanzu/sonobuoy v0.53.1 -> v0.53.2
• github.com/vmware/govmomi v0.26.0 -> v0.26.1
• github.com/vultr/metadata v1.0.3 new
• go.uber.org/zap v1.19.0 -> v1.19.1
• golang.org/x/net 853a461950ff -> 978cfadd31cf
• golang.org/x/sys 0f9fa26af87c -> d61c044b1678
• golang.org/x/term 6886f2dfbf5b -> 140adaaadfaf
• golang.zx2c4.com/wireguard/wgctrl 92e472f520a5 -> 91d1988e44de
• inet.af/netaddr ce7a8ad02cc1 -> 85fa6c94624e
• k8s.io/api v0.22.1 -> v0.22.2
• k8s.io/apimachinery v0.22.1 -> v0.22.2
• k8s.io/client-go v0.22.1 -> v0.22.2
• k8s.io/kubectl v0.22.1 -> v0.22.2
• k8s.io/kubelet v0.22.1 -> v0.22.2
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.58 new

Previous release can be found at v0.12.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.6.0-alpha.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.22.2
k8s.gcr.io/kube-controller-manager:v1.22.2
k8s.gcr.io/kube-scheduler:v1.22.2
k8s.gcr.io/kube-proxy:v1.22.2
ghcr.io/talos-systems/kubelet:v1.22.2
ghcr.io/talos-systems/installer:v0.13.0-alpha.1
k8s.gcr.io/pause:3.2

Talos 0.12.2 (2021-09-17)

Welcome to the v0.12.2 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Support for Self-hosted Control Plane Dropped

Note: This item only applies to clusters bootstrapped with Talos <= 0.8.

Talos 0.12 completely removes support for self-hosted Kubernetes control plane (bootkube-based).
Talos 0.9 introduced support for Talos-managed control plane and provided migration path to convert self-hosted control plane
to Talos-managed static pods.
Automated and manual conversion process is available in Talos from 0.9.x to 0.11.x.
For clusters bootstrapped with bootkube (Talos <= 0.8), please make sure control plane is converted to Talos-managed
before upgrading to Talos 0.12.
Current control plane status can be checked with talosctl get bootstrapstatus before performing upgrade to Talos 0.12.

Cluster API v0.3.x

Cluster API v0.3.x (v1alpha3) is not compatible with Kubernetes 1.22 used by default in Talos 0.12.
Talos can be configued to use Kubernetes 1.21 or CAPI v0.4.x components can be used instead.

Machine Config Validation

Unknown keys in the machine config now make the config invalid,
so any attempt to apply/edit the configuration with the unknown keys will lead into an error.

Sysctl Configuration

Sysctl Kernel Params configuration was completely rewritten to be based on controllers and resources,
which makes it possible to apply .machine.sysctls in immediate mode (without a reboot).
talosctl get kernelparams returns merged list of KSPP, Kubernetes and user defined params along with
the default values overwritten by Talos.

Equinix Metal

Added support for Equinix Metal IPs for the Talos virtual (shared) IP (option equinixMetal under vip in the machine configuration).
Talos automatically re-assigns IP using the Equinix Metal API when leadership changes.

etcd

New etcd cluster members are now joined in learner mode, which improves cluster resiliency
to member join issues.

Join Node Type

Node type join was renamed to worker for clarity. The old value is still accepted in the machine configuration but deprecated.
talosctl gen config now generates worker.yaml instead of join.yaml.

Networking

• multiple static addresses can be specified for the interface with new .addresses field (old .cidr field is deprecated now)
• static addresses can be set on interfaces configured with DHCP

Performance

• machined uses less memory and CPU time
• more disk encryption options are exposed via the machine configuration
• disk partitions are now aligned properly with minimum I/O size
• Talos system processes are moved under proper cgroups, resource metrics are now available via the kubelet
• OOM score is set on the system processes making sure they are killed last under memory pressure

Security

• etcd PKI moved to /system/secrets
• kubelet bootstrap CSR auto-signing scoped to kubelet bootstrap tokens only
• enforce default seccomp profile on all system containers
• run system services apid, trustd, and etcd as non-root users

Component Updates

• Linux: 5.10.58
• Kubernetes: 1.22.2
• containerd: 1.5.5
• runc: 1.0.1
• GRUB: 2.06
• Talos is built with Go 1.16.7

Kubernetes Upgrade

talosctl upgrade-k8s now checks if cluster has any resources which are going to be removed or migrated to the new version after upgrade
and shows that as a warning before the upgrade.
Additionally, upgrade-k8s command now has --dry-run flag that only prints out warnings and upgrade summary.

Contributors

• Andrey Smirnov
• Andrey Smirnov
• Alexey Palazhchenko
• Serge Logvinov
• Artem Chernyshev
• Artem Chernyshev
• Spencer Smith
• Alexey Palazhchenko
• dependabot[bot]
• Andrew Rynhard
• Noel Georgi
• Rui Lopes
• Caleb Woodbine
• Lennard Klein
• Seán C McCord

Changes

• talos-systems/talos@f195bf537 release(v0.12.2): prepare release
• talos-systems/talos@7b4a6b361 fix: patch multi nodes support
• talos-systems/talos@ccb24bc18 feat: update Kubernetes to 1.22.2
• talos-systems/talos@110551865 fix: tear down control plane static pods when etcd is stopped
• talos-systems/talos@5824f5024 fix: completely prevent editing resources other than mc
• talos-systems/talos@5700c81bf fix: write KubernetesCACert chmodded 0400 instead of 0500
• talos-systems/talos@6adaee33a release(v0.12.1): prepare release
• talos-systems/talos@a72fa2a93 fix: correctly define example for extraMounts
• talos-systems/talos@ff9681a74 release(v0.12.0): prepare release
• talos-systems/talos@75ce68d90 release(v0.12.0-beta.2): prepare release
• talos-systems/talos@87c258093 fix: allow updating diskSelector option
• talos-systems/talos@eba00723d fix: don't extract nil IPs in the GCP platform
• talos-systems/talos@3a38f0ded fix: properly handle omitempty fields in the validator
• talos-systems/talos@2e220cb65 fix: validate IP address returned as HTTP response in platform code
• talos-systems/talos@b63a2ea0e fix: don't allow bootstrap if etcd data directory is not empty
• talos-systems/talos@cd0532848 fix: cgroup delegate
• talos-systems/talos@e22301e76 chore: fix arm64 reproducibility issues
• talos-systems/talos@30e1ff614 release(v0.12.0-beta.1): prepare release
• talos-systems/talos@7630d998f chore: don't require single commit per PR
• talos-systems/talos@208ac9ac4 feat: update Kubernetes to 1.22.1
• talos-systems/talos@e84e2902c fix: don't support cgroups nesting in process runner
• talos-systems/talos@2cf53fb34 fix: do not set KSPP kernel params in container mode
• talos-systems/talos@1908f57c6 test: adapt tests to the cgroupsv2
• talos-systems/talos@4bb84ea0c fix: extramount should have yaml:",inline" tag
• talos-systems/talos@e948560be fix: don't panic if the machine config doesn't have network (EM)
• talos-systems/talos@a5726f2e6 chore: do not check that go mod tidy gives empty output
• talos-systems/talos@67494923b fix: make sure file mode is same (reproducibility issue)
• talos-systems/talos@65292880a feat: check if cluster has deprecated resources versions
• talos-systems/talos@7a0eb5fa2 release(v0.12.0-beta.0): prepare release
• talos-systems/talos@c601dc73f chore: update versions to final release tags
• talos-systems/talos@82731124b chore: run e2e-qemu test against Talos with race-detector enabled
• talos-systems/talos@37ea2c9ca feat: support for route source addresses in the configuration
• talos-systems/talos@0ef8f83ac chore: bump dependencies via dependabot
• talos-systems/talos@2108fd7b6 feat: update Linux to 5.10.58 and many pkgs updates
• talos-systems/talos@6ee690d9a release(v0.12.0-alpha.1): prepare release
• talos-systems/talos@1ed5e5453 feat: add ClusterID and ClusterSecret
• talos-systems/talos@228b37616 chore: run etcd as non-root user
• talos-systems/talos@3518219bf chore: drop deprecated --no-reboot param and KernelCurrentRoot const
• talos-systems/talos@33d1c3e42 chore: run apid and trustd services as non-root user
• talos-systems/talos@dadaa65d5 feat: print uid/gid for the files in ls -l
• talos-systems/talos@e6fa401b6 fix: enable seccomp default profile by default
• talos-systems/talos@8ddbcc964 feat: validate if extra fields present in the decoder
• talos-systems/talos@5b57a9800 chore: update Go to 1.16.7, Linux to 5.10.57
• talos-systems/talos@eefe1c21c feat: add new etcd members in learner mode
• talos-systems/talos@b1c66fbad feat: implement Equinix Metal support for virtual (shared) IP
• talos-systems/talos@62242f979 chore: require GPG signatures
• talos-systems/talos@faecae44f feat: make ISO builds reproducible
• talos-systems/talos@887c2326a release(v0.12.0-alpha.0): prepare release
• talos-systems/talos@a15f01844 fix: move etcd PKI under /system/secrets
• talos-systems/talos@eb02afe18 fix: match correctly routes on the address family
• talos-systems/talos@cb948accf feat: allow multiple addresses per interface
• talos-systems/talos@e030b2e8b chore: use k8s 1.21.3 in CAPI tests for now
• talos-systems/talos@e08b4f8f9 feat: implement sysctl controllers
• talos-systems/talos@fdf6b2433 chore: revert "improve artifacts generation reproducibility"
• talos-systems/talos@b68ed1eb8 fix: make route resources ID match closer routing table primary key
• talos-systems/talos@585f63371 fix: correctly handle nodoc for struct fields
• talos-systems/talos@f2d394dc4 docs: add AMIs for v0.11.5
• talos-systems/talos@d0970cbfd feat: bootstrap token limit
• talos-systems/talos@5285a46d7 fix: maintenance mode reason message
• talos-systems/talos@009d15e8d chore: use etcd client TryLock function on upgrade
• talos-systems/talos@4dae9ea55 chore: use vtprotobuf compiled marshaling in Talos API
• talos-systems/talos@7ca5749ad chore: bump dependencies via dependabot
• talos-systems/talos@b2507b41d chore: improve artifacts generation reproducibility
• talos-systems/talos@1f7dad234 chore: update PKGS version (512 cpus, new ca-certficates)
• talos-systems/talos@1a2e78a24 fix: update go-blockdevice
• talos-systems/talos@6d6ed1170 chore: use parallel xz with higher compression level
• talos-systems/talos@571f7db1b chore: workaround GitHub new release notes limit
• talos-systems/talos@09d70b7ea feat: update Kubernetes to v1.22.0
• talos-systems/talos@f25f10e73 feat: add an option to disable PSP
• talos-systems/talos@7c6e4cf23 feat: allow both DHCP and static addressing for the interface
• talos-systems/talos@3c566dbc3 fix: remove admission plugins enabled by default from the list
• talos-systems/talos@69ead3735 fix: preserve PMBR bootable flag correctly
• talos-systems/talos@dee630517 fix: align partitions with minimal I/O size
• talos-systems/talos@628902297 feat: update GRUB to 2.06
• talos-systems/talos@b9d04928d feat: move system processes to cgroups
• talos-systems/talos@0b8681b4b fix: resolve several issues with Wireguard link specs
• talos-systems/talos@f8f4bf3ba docs: add disk encryptions examples
• talos-systems/talos@79b8fa64b feat: update containerd to 1.5.5
• talos-systems/talos@539f42090 chore: bump dependencies via dependabot
• talos-systems/talos@0c7ce1cd8 feat: remove remnants of bootkube support
• talos-systems/talos@d4f9804f8 chore: fix typos
• talos-systems/talos@5f027615f feat: expose more encryption options to the machine config
• talos-systems/talos@585152a0b chore: bump dependencies
• talos-systems/talos@fc66ec596 feat: set oom score for main processes
• talos-systems/talos@df54584a3 fix: drop linux capabilities
• talos-systems/talos@f65d0b739 docs: add 0.11.3 AMIs
• talos-systems/talos@7332d6369 fix: bump pkgs for new kernel 5.10.52
• talos-systems/talos@70d2505b7 fix: do not require ToVersion to be set when detecting version
• talos-systems/talos@0953b1998 chore: update extras to bring a new CNI bundle
• talos-systems/talos@b6c47f866 fix: set the /etc/os-release HOME_URL parameter
• talos-systems/talos@c780821d0 feat: update containerd to 1.5.3, runc to 1.0.1
• talos-systems/talos@f8f1c83a7 feat: detect the lowest Kubernetes version in upgrade-k8s CLI command
• talos-systems/talos@55e17ccdd chore: bump dependencies
• talos-systems/talos@da6f786ca fix: kuberentes => kubernetes typo
• talos-systems/talos@2e463348b fix: pass all logs through the options.Log method
• talos-systems/talos@4e9c5afb6 fix: make ethtool optional in link status controller
• talos-systems/talos@bf61c2cc4 fix: write upgrade logs only to the LogOutput if it's defined
• talos-systems/talos@9c73257cb feat: update Go to 1.16.6
• talos-systems/talos@23ef1d40a chore: add ability to redirect talos upgrade module logs to io.Writer
• talos-systems/talos@33e9d6c98 chore: bump github.com/aws/aws-sdk-go in /hack/cloud-image-uploader
• talos-systems/talos@604434c43 chore: bump github.com/prometheus/procfs from 0.6.0 to 0.7.0
• talos-systems/talos@2ea28f62d chore: bump node from 16.3.0-alpine to 16.4.2-alpine
• talos-systems/talos@b358a189b fix: correctly pick route scope for link-local destination
• talos-systems/talos@6848d4314 feat: can change clusterdns ip lists
• talos-systems/talos@72b76abfd fix: workaround issues when IPv6 is fully or partially disabled
• talos-systems/talos@679b08f4f docs: update docs for 0.12
• talos-systems/talos@6fbec9e0c fix: cache etcd client used for healthchecks
• talos-systems/talos@eea750de2 chore: rename "join" type to "worker"
• talos-systems/talos@951493ac8 docs: update what's new for Talos 0.11
• talos-systems/talos@b47d1098b docs: promote 0.11 docs to be the latest
• talos-systems/talos@d930a2650 chore: implement DeepCopy for machine configuration
• talos-systems/talos@fe4ed3c73 chore: ignore tags which don't look like semantic version
• talos-systems/talos@b969e7720 chore: update references to old protobuf package
• talos-systems/talos@2ba8ac9ab docs: add documentation directory for 0.12
• talos-systems/talos@011e2885e fix: validate bond slaves addressing
• talos-systems/talos@10c28758a fix: ignore DeadlineExceeded error correctly on bootstrap
• talos-systems/talos@77fabacec chore: ignore future pkg/machinery/vX.Y.Z tags
• talos-systems/talos@6b661114d fix: make COSI runtime history depth smaller
• talos-systems/talos@9bf899bdd fix: make forfeit leadership connect to the right node
• talos-systems/talos@4708beaee feat: implement talosctl config info command
• talos-systems/talos@6d13d2cf9 fix: close Kubernetes API client
• talos-systems/talos@aaa36f3b4 fix: ignore 'not a leader' error on forfeit leadership
• talos-systems/talos@22a419367 fix: workaround 'Unauthorized' errors when accessing Kubernetes API
• talos-systems/talos@71c6f7004 chore: bump go.mod dependencies
• talos-systems/talos@915cd8fe2 docs: add guide for RBAC
• talos-systems/talos@f5721050d fix: controlplane keyusage
• talos-systems/talos@3d7726613 fix: fill uuid argument correctly in the config download URL
• talos-systems/talos@d8602025c chore: update containerd config version 2
• talos-systems/talos@5949ec4e6 docs: describe the new network configuration subsystem
• talos-systems/talos@444d72b4d feat: update pkgs version
• talos-systems/talos@e883c12b3 fix: make output of upgrade-k8s command less scary
• talos-systems/talos@7f8e50de4 fix: restart the merge controllers on conflict
• talos-systems/talos@60d736094 fix: ignore deadline exceeded errors on bootstrap
• talos-systems/talos@ee06dd69f fix: don't print git sha of the release twice in the dashboard
• talos-systems/talos@07fb61e5d fix: issue worker apid certs properly on renewal
• talos-systems/talos@84817f733 chore: bump Talos version in upgrade tests
• talos-systems/talos@2fa54107b chore: fix tests for disabled RBAC
• talos-systems/talos@78583ba98 fix: don't set bond delay options if miimon is not enabled
• talos-systems/talos@bbf1c091d feat: add RBAC to talosctl version output
• talos-systems/talos@5f6ec3ef6 fix: handle cases when merged resource re-appears before being destroyed
• talos-systems/talos@1e9a0e745 fix: documentation typos
• talos-systems/talos@f228af406 chore: bump go.mod dependencies
• talos-systems/talos@2060ceaa0 chore: add CAPI version to CI setup
• talos-systems/talos@ad047a7de chore: small RBAC improvements

Changes since v0.12.1

• talos-systems/talos@f195bf537 release(v0.12.2): prepare release
• talos-systems/talos@7b4a6b361 fix: patch multi nodes support
• talos-systems/talos@ccb24bc18 feat: update Kubernetes to 1.22.2
• talos-systems/talos@110551865 fix: tear down control plane static pods when etcd is stopped
• talos-systems/talos@5824f5024 fix: completely prevent editing resources other than mc
• talos-systems/talos@5700c81bf fix: write KubernetesCACert chmodded 0400 instead of 0500

Changes from talos-systems/crypto

• talos-systems/crypto@deec8d4 chore: implement DeepCopy methods for PEMEncoded* types

Changes from talos-systems/extras

• talos-systems/extras@bdd1767 chore: update tools and pkgs to final 0.7.0
• talos-systems/extras@8ce17e5 chore: bump tools and packages for Go 1.16.7
• talos-systems/extras@4957f3c chore: update pkgs to use CNI plugins v0.9.1
• talos-systems/extras@233716a feat: update Go to 1.16.6

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@fe24303 fix: perform correct PMBR partition calculations
• talos-systems/go-blockdevice@2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
• talos-systems/go-blockdevice@87816a8 feat: align partition to minimum I/O size
• talos-systems/go-blockdevice@c34b59f feat: expose more encryption options in the LUKS module

Changes from talos-systems/pkgs

• talos-systems/pkgs@818761f chore: update tools to 0.7.0
• talos-systems/pkgs@35b7e68 feat: bump u-boot to 2021.07
• talos-systems/pkgs@c68b090 feat: bump raspberrypi-firmware to 1.20210805
• talos-systems/pkgs@f64023c feat: bump util-linux to 2.37
• talos-systems/pkgs@c0ef725 feat: update LibreSSL to 3.2.5
• talos-systems/pkgs@0d12460 feat: update linux-firmware to 20210716
• talos-systems/pkgs@7a29722 fix: set iPXE version properly
• talos-systems/pkgs@958023c feat: update eudev to 3.2.10
• talos-systems/pkgs@dc1008d feat: update Linux to 5.10.58
• talos-systems/pkgs@da4ac04 chore: bump tools for Go 1.16.7
• talos-systems/pkgs@10275fb feat: update Linux to 5.10.57
• talos-systems/pkgs@875c7ec chore: patch grub with support for reproducible ISO builds
• talos-systems/pkgs@12856ce feat: increase number of CPUs supported by the kernel to 512
• talos-systems/pkgs@cbfabac chore: update ca-certificates to 2021-07-05
• talos-systems/pkgs@0c011c0 feat: update GRUB to 2.06
• talos-systems/pkgs@5090d14 chore: update containerd to v1.5.5
• talos-systems/pkgs@6653902 feat: add kernel drivers for fusion and scsi-isci
• talos-systems/pkgs@9b4041f chore: update containerd to v1.5.4
• talos-systems/pkgs@7b6cc05 feat: update kernel to latest 5.10.52
• talos-systems/pkgs@65159fb chore: update runc and CNI plugins
• talos-systems/pkgs@514ba34 feat: disable aufs, devmapper, zfs
• talos-systems/pkgs@6bc118f chore: update runc and containerd
• talos-systems/pkgs@b6fca88 feat: update Go to 1.16.6
• talos-systems/pkgs@fd56852 chore: update open-isns and open-iscsi
• talos-systems/pkgs@d779204 chore: update dosfstools to v4.2
• talos-systems/pkgs@bc7c0d7 feat: add support for hotplug of PCIE devices

Changes from talos-systems/tools

• talos-systems/tools@a33ccc1 chore: bump toolchain for binutils multiarch
• talos-systems/tools@2368154 feat: update Go and protoc-gen-go tools
• talos-systems/tools@7172a5d feat: update Go to 1.16.6
• talos-systems/tools@1de34d7 chore: update musl
• talos-systems/tools@76979a1 chore: update protobuf deps
• talos-systems/tools@0846c64 chore: update expat

Dependency Changes

• github.com/BurntSushi/toml v0.3.1 -> v0.4.1
• github.com/containerd/containerd v1.5.2 -> v1.5.5
• github.com/cosi-project/runtime 93ead370bf57 -> 25f235cd0682
• github.com/docker/docker v20.10.7 -> v20.10.8
• github.com/google/uuid v1.2.0 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.4 -> v1.5.7
• github.com/opencontainers/runtime-spec e6143ca7d51d -> 1c3f411f0417
• github.com/packethost/packngo v0.19.0 new
• github.com/prometheus/procfs v0.6.0 -> v0.7.2
• github.com/rivo/tview d4fb0348227b -> 29d673af0ce2
• github.com/spf13/cobra v1.1.3 -> v1.2.1
• github.com/talos-systems/crypto v0.3.1 -> v0.3.2
• github.com/talos-systems/extras v0.4.0 -> v0.5.0
• github.com/talos-systems/go-blockdevice v0.2.1 -> v0.2.3
• github.com/talos-systems/pkgs v0.6.0-1-g7b2e126 -> v0.7.0
• github.com/talos-systems/tools v0.6.0 -> v0.7.0-1-ga33ccc1
• github.com/vmware-tanzu/sonobuoy v0.52.0 -> v0.53.1
• go.uber.org/zap v1.17.0 -> v1.19.0
• golang.org/x/net 04defd469f4e -> 853a461950ff
• golang.org/x/sys 59db8d763f22 -> 0f9fa26af87c
• golang.org/x/time 38a9dc6acbc6 -> 1f47c861a9ac
• google.golang.org/grpc v1.38.0 -> v1.40.0
• google.golang.org/protobuf v1.26.0 -> v1.27.1
• inet.af/netaddr bf05d8b52dda -> ce7a8ad02cc1
• k8s.io/api v0.21.2 -> v0.22.1
• k8s.io/apimachinery v0.21.2 -> v0.22.1
• k8s.io/client-go v0.21.2 -> v0.22.1
• k8s.io/cri-api v0.21.2 -> v0.22.1
• k8s.io/kubectl v0.21.2 -> v0.22.1
• k8s.io/kubelet v0.21.2 -> v0.22.1

Previous release can be found at v0.11.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.5.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.22.2
k8s.gcr.io/kube-controller-manager:v1.22.2
k8s.gcr.io/kube-scheduler:v1.22.2
k8s.gcr.io/kube-proxy:v1.22.2
ghcr.io/talos-systems/kubelet:v1.22.2
ghcr.io/talos-systems/installer:v0.12.2
k8s.gcr.io/pause:3.2

Talos 0.13.0-alpha.0 (2021-09-13)

Welcome to the v0.13.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Hetzner, Scaleway and Upcloud

Talos now natively supports three new cloud platforms:

• Hetzner
• Scaleway
• Upcloud

etcd Advertised Address

The address advertised by etcd can now be controlled with new machine configuration option machine.etcd.subnet.

Cluster Discovery and KubeSpan

This release of Talos provides some initial support for cluster membership discovery and KubeSpan.

These new features are not enabled by default.

Windows Suport

CLI tool talosctl is now built for Windows and published as part of the release.

Contributors

• Andrey Smirnov
• Artem Chernyshev
• Alexey Palazhchenko
• Serge Logvinov
• Andrew Rynhard
• Olli Janatuinen
• Andrey Smirnov
• Rui Lopes
• Spencer Smith

Changes

• talos-systems/talos@7c5045bd9 release(v0.13.0-alpha.0): prepare release
• talos-systems/talos@ee2dce6c1 chore: bump dependencies
• talos-systems/talos@ef0229592 fix: print etcd member ID in hex
• talos-systems/talos@5ca1fb822 fix: multiple fixes for KubeSpan and Wireguard implementation
• talos-systems/talos@b1bd64250 fix: build platform images
• talos-systems/talos@3b5f4038d feat: add scaleway.com cloud support
• talos-systems/talos@f156ab184 feat: add upcloud.com cloud support
• talos-systems/talos@c3b2429ce fix: suppress spurious Kubernetes API server cert updates
• talos-systems/talos@ff90b5751 feat: implement KubeSpan peer generation controller
• talos-systems/talos@14c69df50 fix: correctly parse multiple pod/service CIDRs
• talos-systems/talos@69897dbba feat: drop some capabilities to be never available
• talos-systems/talos@51e9836b0 docs: promote 0.12 docs to be the latest
• talos-systems/talos@812d59c70 feat: add hetzner.com cloud support
• talos-systems/talos@d53e9e896 chore: use named constants
• talos-systems/talos@2dfe7f1fc chore: bump tools to the latest version
• talos-systems/talos@82b130e78 docs: document required options for extraMounts
• talos-systems/talos@af6622109 feat: implement Kubernetes cluster discovery registry
• talos-systems/talos@2c66e1b3c feat: provide building of local Affiliate structure (for the node)
• talos-systems/talos@d69bd2af3 chore: enable GPG identity check for Talos
• talos-systems/talos@8dbd851fd chore: update tools/pkgs/extras to the new version
• talos-systems/talos@0b347570a feat: use dynamic NodeAddresses/HostnameStatus in Kubernetes certs
• talos-systems/talos@bd5b9c96e fix: correctly define example for extraMounts
• talos-systems/talos@01cca099f docs: update docs for Talos 0.12 release
• talos-systems/talos@668627d5b feat: add subnet filter for etcd address
• talos-systems/talos@3c3c281bf chore: bump dependencies via dependabot
• talos-systems/talos@f8bebba2d fix: ignore error on duplicate for MountStatus
• talos-systems/talos@6956edd0b feat: add node address filters, filter out k8s addresses for Talos API
• talos-systems/talos@caee24bf6 feat: implement KubeSpan identity controller
• talos-systems/talos@da0f6e7e1 fix: allow updating diskSelector option
• talos-systems/talos@761ccaf32 feat: provide machine configuration for KubeSpan and cluster discovery
• talos-systems/talos@a81e30cb4 docs: add bootstrap command to VMware docs
• talos-systems/talos@97da354cc fix: do not panic on invalid machine configs
• talos-systems/talos@c4048e263 fix: don't extract nil IPs in the GCP platform
• talos-systems/talos@ba169c6f9 feat: provide talosctl.exe for Windows
• talos-systems/talos@6312f473e fix: properly handle omitempty fields in the validator
• talos-systems/talos@7f22879af feat: provide random node identity
• talos-systems/talos@032e7c6b8 chore: import yaml.v3 consistently
• talos-systems/talos@80b5f0e7f fix: validate IP address returned as HTTP response in platform code
• talos-systems/talos@c9af8f7ff docs: fork docs for 0.13
• talos-systems/talos@85cda1b95 feat: provide MountStatus resource for system partition mounts
• talos-systems/talos@950f122c9 chore: update versions in upgrade tests
• talos-systems/talos@83fdb7721 feat: provide first NIC hardware addr as a resource
• talos-systems/talos@5f5ac12f1 fix: properly case the VMware name
• talos-systems/talos@0a6048f46 fix: don't allow bootstrap if etcd data directory is not empty
• talos-systems/talos@e24b93b4e fix: cgroup delegate
• talos-systems/talos@751f64f9b docs: add release notes for 0.12, support matrix
• talos-systems/talos@57a77696e feat: update Kubernetes to 1.22.1
• talos-systems/talos@244b08cc1 chore: bump dependencies
• talos-systems/talos@576ba1957 fix: do not set KSPP kernel params in container mode
• talos-systems/talos@b8c92ede5 fix: don't support cgroups nesting in process runner
• talos-systems/talos@9bb0b7970 test: adapt tests to the cgroupsv2
• talos-systems/talos@1abc12be1 fix: extramount should have yaml:",inline" tag
• talos-systems/talos@2b614e430 feat: check if cluster has deprecated resources versions
• talos-systems/talos@0b86edab8 fix: don't panic if the machine config doesn't have network (EM)
• talos-systems/talos@8bef41e4b fix: make sure file mode is same (reproducibility issue)
• talos-systems/talos@fcfca55a0 chore: do not check that go mod tidy gives empty output
• talos-systems/talos@5ce92ca51 docs: ensure azure VMs are 0 indexed

Changes from talos-systems/extras

• talos-systems/extras@52b27da chore: update pkgs and tools to 0.8.0-alpha.0

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@d981156 fix: allow Build for Windows

Changes from talos-systems/pkgs

• talos-systems/pkgs@a243ab8 feat: add /usr/src to FHS
• talos-systems/pkgs@428abdb chore: support builds with HTTP_PROXY
• talos-systems/pkgs@13151c5 chore: update bldr version, update tools

Changes from talos-systems/tools

• talos-systems/tools@5b9d214 fix: restore static library for ncurses
• talos-systems/tools@01104e5 chore: reproducible builds
• talos-systems/tools@53fe146 chore: update bldr with new version
• talos-systems/tools@bf4540d chore: add patch dependency

Dependency Changes

• github.com/cosi-project/runtime 25f235cd0682 -> 5cb7f5002d77
• github.com/fsnotify/fsnotify v1.4.9 -> v1.5.1
• github.com/gdamore/tcell/v2 v2.4.0 -> f057f0a857a1
• github.com/hashicorp/go-getter v1.5.7 -> v1.5.8
• github.com/insomniacslk/dhcp 1cac67f12b1e -> b95caade3eac
• github.com/jsimonetti/rtnetlink 9c52e516c709 -> 4cc3c1489576
• github.com/jxskiss/base62 4f11678b909b new
• github.com/mattn/go-isatty v0.0.13 -> v0.0.14
• github.com/mdlayher/netx 669a06fde734 new
• github.com/packethost/packngo v0.19.0 -> v0.19.1
• github.com/prometheus/procfs v0.7.2 -> v0.7.3
• github.com/rivo/tview 29d673af0ce2 -> f7430b878d17
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7 new
• github.com/talos-systems/extras v0.5.0 -> v0.6.0-alpha.0
• github.com/talos-systems/go-blockdevice v0.2.3 -> d9811569588b
• github.com/talos-systems/pkgs v0.7.0 -> v0.8.0-alpha.0
• github.com/talos-systems/tools v0.7.0-1-ga33ccc1 -> v0.8.0-alpha.0-2-g5b9d214
• github.com/vmware-tanzu/sonobuoy v0.53.1 -> v0.53.2
• github.com/vmware/govmomi v0.26.0 -> v0.26.1
• go.uber.org/zap v1.19.0 -> v1.19.1
• golang.org/x/net 853a461950ff -> a5e095526f91
• golang.org/x/sys 0f9fa26af87c -> 751e447fb3d0
• golang.zx2c4.com/wireguard/wgctrl 92e472f520a5 -> 4253848d036c
• inet.af/netaddr ce7a8ad02cc1 -> 85fa6c94624e
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.57 new

Previous release can be found at v0.12.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.6.0-alpha.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.22.1
k8s.gcr.io/kube-controller-manager:v1.22.1
k8s.gcr.io/kube-scheduler:v1.22.1
k8s.gcr.io/kube-proxy:v1.22.1
ghcr.io/talos-systems/kubelet:v1.22.1
ghcr.io/talos-systems/installer:v0.13.0-alpha.0
k8s.gcr.io/pause:3.2

Talos 0.12.1 (2021-09-06)

Welcome to the v0.12.1 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Support for Self-hosted Control Plane Dropped

Note: This item only applies to clusters bootstrapped with Talos <= 0.8.

Talos 0.12 completely removes support for self-hosted Kubernetes control plane (bootkube-based).
Talos 0.9 introduced support for Talos-managed control plane and provided migration path to convert self-hosted control plane
to Talos-managed static pods.
Automated and manual conversion process is available in Talos from 0.9.x to 0.11.x.
For clusters bootstrapped with bootkube (Talos <= 0.8), please make sure control plane is converted to Talos-managed
before upgrading to Talos 0.12.
Current control plane status can be checked with talosctl get bootstrapstatus before performing upgrade to Talos 0.12.

Cluster API v0.3.x

Cluster API v0.3.x (v1alpha3) is not compatible with Kubernetes 1.22 used by default in Talos 0.12.
Talos can be configued to use Kubernetes 1.21 or CAPI v0.4.x components can be used instead.

Machine Config Validation

Unknown keys in the machine config now make the config invalid,
so any attempt to apply/edit the configuration with the unknown keys will lead into an error.

Sysctl Configuration

Sysctl Kernel Params configuration was completely rewritten to be based on controllers and resources,
which makes it possible to apply .machine.sysctls in immediate mode (without a reboot).
talosctl get kernelparams returns merged list of KSPP, Kubernetes and user defined params along with
the default values overwritten by Talos.

Equinix Metal

Added support for Equinix Metal IPs for the Talos virtual (shared) IP (option equinixMetal under vip in the machine configuration).
Talos automatically re-assigns IP using the Equinix Metal API when leadership changes.

etcd

New etcd cluster members are now joined in learner mode, which improves cluster resiliency
to member join issues.

Join Node Type

Node type join was renamed to worker for clarity. The old value is still accepted in the machine configuration but deprecated.
talosctl gen config now generates worker.yaml instead of join.yaml.

Networking

• multiple static addresses can be specified for the interface with new .addresses field (old .cidr field is deprecated now)
• static addresses can be set on interfaces configured with DHCP

Performance

• machined uses less memory and CPU time
• more disk encryption options are exposed via the machine configuration
• disk partitions are now aligned properly with minimum I/O size
• Talos system processes are moved under proper cgroups, resource metrics are now available via the kubelet
• OOM score is set on the system processes making sure they are killed last under memory pressure

Security

• etcd PKI moved to /system/secrets
• kubelet bootstrap CSR auto-signing scoped to kubelet bootstrap tokens only
• enforce default seccomp profile on all system containers
• run system services apid, trustd, and etcd as non-root users

Component Updates

• Linux: 5.10.58
• Kubernetes: 1.22.1
• containerd: 1.5.5
• runc: 1.0.1
• GRUB: 2.06
• Talos is built with Go 1.16.7

Kubernetes Upgrade

talosctl upgrade-k8s now checks if cluster has any resources which are going to be removed or migrated to the new version after upgrade
and shows that as a warning before the upgrade.
Additionally, upgrade-k8s command now has --dry-run flag that only prints out warnings and upgrade summary.

Contributors

• Andrey Smirnov
• Andrey Smirnov
• Alexey Palazhchenko
• Serge Logvinov
• Artem Chernyshev
• Artem Chernyshev
• Spencer Smith
• Alexey Palazhchenko
• dependabot[bot]
• Andrew Rynhard
• Noel Georgi
• Rui Lopes
• Caleb Woodbine
• Seán C McCord

Changes

• talos-systems/talos@6adaee33a release(v0.12.1): prepare release
• talos-systems/talos@a72fa2a93 fix: correctly define example for extraMounts
• talos-systems/talos@ff9681a74 release(v0.12.0): prepare release
• talos-systems/talos@75ce68d90 release(v0.12.0-beta.2): prepare release
• talos-systems/talos@87c258093 fix: allow updating diskSelector option
• talos-systems/talos@eba00723d fix: don't extract nil IPs in the GCP platform
• talos-systems/talos@3a38f0ded fix: properly handle omitempty fields in the validator
• talos-systems/talos@2e220cb65 fix: validate IP address returned as HTTP response in platform code
• talos-systems/talos@b63a2ea0e fix: don't allow bootstrap if etcd data directory is not empty
• talos-systems/talos@cd0532848 fix: cgroup delegate
• talos-systems/talos@e22301e76 chore: fix arm64 reproducibility issues
• talos-systems/talos@30e1ff614 release(v0.12.0-beta.1): prepare release
• talos-systems/talos@7630d998f chore: don't require single commit per PR
• talos-systems/talos@208ac9ac4 feat: update Kubernetes to 1.22.1
• talos-systems/talos@e84e2902c fix: don't support cgroups nesting in process runner
• talos-systems/talos@2cf53fb34 fix: do not set KSPP kernel params in container mode
• talos-systems/talos@1908f57c6 test: adapt tests to the cgroupsv2
• talos-systems/talos@4bb84ea0c fix: extramount should have yaml:",inline" tag
• talos-systems/talos@e948560be fix: don't panic if the machine config doesn't have network (EM)
• talos-systems/talos@a5726f2e6 chore: do not check that go mod tidy gives empty output
• talos-systems/talos@67494923b fix: make sure file mode is same (reproducibility issue)
• talos-systems/talos@65292880a feat: check if cluster has deprecated resources versions
• talos-systems/talos@7a0eb5fa2 release(v0.12.0-beta.0): prepare release
• talos-systems/talos@c601dc73f chore: update versions to final release tags
• talos-systems/talos@82731124b chore: run e2e-qemu test against Talos with race-detector enabled
• talos-systems/talos@37ea2c9ca feat: support for route source addresses in the configuration
• talos-systems/talos@0ef8f83ac chore: bump dependencies via dependabot
• talos-systems/talos@2108fd7b6 feat: update Linux to 5.10.58 and many pkgs updates
• talos-systems/talos@6ee690d9a release(v0.12.0-alpha.1): prepare release
• talos-systems/talos@1ed5e5453 feat: add ClusterID and ClusterSecret
• talos-systems/talos@228b37616 chore: run etcd as non-root user
• talos-systems/talos@3518219bf chore: drop deprecated --no-reboot param and KernelCurrentRoot const
• talos-systems/talos@33d1c3e42 chore: run apid and trustd services as non-root user
• talos-systems/talos@dadaa65d5 feat: print uid/gid for the files in ls -l
• talos-systems/talos@e6fa401b6 fix: enable seccomp default profile by default
• talos-systems/talos@8ddbcc964 feat: validate if extra fields present in the decoder
• talos-systems/talos@5b57a9800 chore: update Go to 1.16.7, Linux to 5.10.57
• talos-systems/talos@eefe1c21c feat: add new etcd members in learner mode
• talos-systems/talos@b1c66fbad feat: implement Equinix Metal support for virtual (shared) IP
• talos-systems/talos@62242f979 chore: require GPG signatures
• talos-systems/talos@faecae44f feat: make ISO builds reproducible
• talos-systems/talos@887c2326a release(v0.12.0-alpha.0): prepare release
• talos-systems/talos@a15f01844 fix: move etcd PKI under /system/secrets
• talos-systems/talos@eb02afe18 fix: match correctly routes on the address family
• talos-systems/talos@cb948accf feat: allow multiple addresses per interface
• talos-systems/talos@e030b2e8b chore: use k8s 1.21.3 in CAPI tests for now
• talos-systems/talos@e08b4f8f9 feat: implement sysctl controllers
• talos-systems/talos@fdf6b2433 chore: revert "improve artifacts generation reproducibility"
• talos-systems/talos@b68ed1eb8 fix: make route resources ID match closer routing table primary key
• talos-systems/talos@585f63371 fix: correctly handle nodoc for struct fields
• talos-systems/talos@f2d394dc4 docs: add AMIs for v0.11.5
• talos-systems/talos@d0970cbfd feat: bootstrap token limit
• talos-systems/talos@5285a46d7 fix: maintenance mode reason message
• talos-systems/talos@009d15e8d chore: use etcd client TryLock function on upgrade
• talos-systems/talos@4dae9ea55 chore: use vtprotobuf compiled marshaling in Talos API
• talos-systems/talos@7ca5749ad chore: bump dependencies via dependabot
• talos-systems/talos@b2507b41d chore: improve artifacts generation reproducibility
• talos-systems/talos@1f7dad234 chore: update PKGS version (512 cpus, new ca-certficates)
• talos-systems/talos@1a2e78a24 fix: update go-blockdevice
• talos-systems/talos@6d6ed1170 chore: use parallel xz with higher compression level
• talos-systems/talos@571f7db1b chore: workaround GitHub new release notes limit
• talos-systems/talos@09d70b7ea feat: update Kubernetes to v1.22.0
• talos-systems/talos@f25f10e73 feat: add an option to disable PSP
• talos-systems/talos@7c6e4cf23 feat: allow both DHCP and static addressing for the interface
• talos-systems/talos@3c566dbc3 fix: remove admission plugins enabled by default from the list
• talos-systems/talos@69ead3735 fix: preserve PMBR bootable flag correctly
• talos-systems/talos@dee630517 fix: align partitions with minimal I/O size
• talos-systems/talos@628902297 feat: update GRUB to 2.06
• talos-systems/talos@b9d04928d feat: move system processes to cgroups
• talos-systems/talos@0b8681b4b fix: resolve several issues with Wireguard link specs
• talos-systems/talos@f8f4bf3ba docs: add disk encryptions examples
• talos-systems/talos@79b8fa64b feat: update containerd to 1.5.5
• talos-systems/talos@539f42090 chore: bump dependencies via dependabot
• talos-systems/talos@0c7ce1cd8 feat: remove remnants of bootkube support
• talos-systems/talos@d4f9804f8 chore: fix typos
• talos-systems/talos@5f027615f feat: expose more encryption options to the machine config
• talos-systems/talos@585152a0b chore: bump dependencies
• talos-systems/talos@fc66ec596 feat: set oom score for main processes
• talos-systems/talos@df54584a3 fix: drop linux capabilities
• talos-systems/talos@f65d0b739 docs: add 0.11.3 AMIs
• talos-systems/talos@7332d6369 fix: bump pkgs for new kernel 5.10.52
• talos-systems/talos@70d2505b7 fix: do not require ToVersion to be set when detecting version
• talos-systems/talos@0953b1998 chore: update extras to bring a new CNI bundle
• talos-systems/talos@b6c47f866 fix: set the /etc/os-release HOME_URL parameter
• talos-systems/talos@c780821d0 feat: update containerd to 1.5.3, runc to 1.0.1
• talos-systems/talos@f8f1c83a7 feat: detect the lowest Kubernetes version in upgrade-k8s CLI command
• talos-systems/talos@55e17ccdd chore: bump dependencies
• talos-systems/talos@da6f786ca fix: kuberentes => kubernetes typo
• talos-systems/talos@2e463348b fix: pass all logs through the options.Log method
• talos-systems/talos@4e9c5afb6 fix: make ethtool optional in link status controller
• talos-systems/talos@bf61c2cc4 fix: write upgrade logs only to the LogOutput if it's defined
• talos-systems/talos@9c73257cb feat: update Go to 1.16.6
• talos-systems/talos@23ef1d40a chore: add ability to redirect talos upgrade module logs to io.Writer
• talos-systems/talos@33e9d6c98 chore: bump github.com/aws/aws-sdk-go in /hack/cloud-image-uploader
• talos-systems/talos@604434c43 chore: bump github.com/prometheus/procfs from 0.6.0 to 0.7.0
• talos-systems/talos@2ea28f62d chore: bump node from 16.3.0-alpine to 16.4.2-alpine
• talos-systems/talos@b358a189b fix: correctly pick route scope for link-local destination
• talos-systems/talos@6848d4314 feat: can change clusterdns ip lists
• talos-systems/talos@72b76abfd fix: workaround issues when IPv6 is fully or partially disabled
• talos-systems/talos@679b08f4f docs: update docs for 0.12
• talos-systems/talos@6fbec9e0c fix: cache etcd client used for healthchecks
• talos-systems/talos@eea750de2 chore: rename "join" type to "worker"
• talos-systems/talos@951493ac8 docs: update what's new for Talos 0.11
• talos-systems/talos@b47d1098b docs: promote 0.11 docs to be the latest
• talos-systems/talos@d930a2650 chore: implement DeepCopy for machine configuration
• talos-systems/talos@fe4ed3c73 chore: ignore tags which don't look like semantic version
• talos-systems/talos@b969e7720 chore: update references to old protobuf package
• talos-systems/talos@2ba8ac9ab docs: add documentation directory for 0.12
• talos-systems/talos@011e2885e fix: validate bond slaves addressing
• talos-systems/talos@10c28758a fix: ignore DeadlineExceeded error correctly on bootstrap
• talos-systems/talos@77fabacec chore: ignore future pkg/machinery/vX.Y.Z tags
• talos-systems/talos@6b661114d fix: make COSI runtime history depth smaller
• talos-systems/talos@9bf899bdd fix: make forfeit leadership connect to the right node
• talos-systems/talos@4708beaee feat: implement talosctl config info command
• talos-systems/talos@6d13d2cf9 fix: close Kubernetes API client
• talos-systems/talos@aaa36f3b4 fix: ignore 'not a leader' error on forfeit leadership
• talos-systems/talos@22a419367 fix: workaround 'Unauthorized' errors when accessing Kubernetes API
• talos-systems/talos@71c6f7004 chore: bump go.mod dependencies
• talos-systems/talos@915cd8fe2 docs: add guide for RBAC
• talos-systems/talos@f5721050d fix: controlplane keyusage
• talos-systems/talos@3d7726613 fix: fill uuid argument correctly in the config download URL
• talos-systems/talos@d8602025c chore: update containerd config version 2
• talos-systems/talos@5949ec4e6 docs: describe the new network configuration subsystem
• talos-systems/talos@444d72b4d feat: update pkgs version
• talos-systems/talos@e883c12b3 fix: make output of upgrade-k8s command less scary
• talos-systems/talos@7f8e50de4 fix: restart the merge controllers on conflict
• talos-systems/talos@60d736094 fix: ignore deadline exceeded errors on bootstrap
• talos-systems/talos@ee06dd69f fix: don't print git sha of the release twice in the dashboard
• talos-systems/talos@07fb61e5d fix: issue worker apid certs properly on renewal
• talos-systems/talos@84817f733 chore: bump Talos version in upgrade tests
• talos-systems/talos@2fa54107b chore: fix tests for disabled RBAC
• talos-systems/talos@78583ba98 fix: don't set bond delay options if miimon is not enabled
• talos-systems/talos@bbf1c091d feat: add RBAC to talosctl version output
• talos-systems/talos@5f6ec3ef6 fix: handle cases when merged resource re-appears before being destroyed
• talos-systems/talos@1e9a0e745 fix: documentation typos
• talos-systems/talos@f228af406 chore: bump go.mod dependencies
• talos-systems/talos@2060ceaa0 chore: add CAPI version to CI setup
• talos-systems/talos@ad047a7de chore: small RBAC improvements

Changes since v0.12.0

• talos-systems/talos@6adaee33a release(v0.12.1): prepare release
• talos-systems/talos@a72fa2a93 fix: correctly define example for extraMounts

Changes from talos-systems/crypto

• talos-systems/crypto@deec8d4 chore: implement DeepCopy methods for PEMEncoded* types

Changes from talos-systems/extras

• talos-systems/extras@bdd1767 chore: update tools and pkgs to final 0.7.0
• talos-systems/extras@8ce17e5 chore: bump tools and packages for Go 1.16.7
• talos-systems/extras@4957f3c chore: update pkgs to use CNI plugins v0.9.1
• talos-systems/extras@233716a feat: update Go to 1.16.6

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@fe24303 fix: perform correct PMBR partition calculations
• talos-systems/go-blockdevice@2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
• talos-systems/go-blockdevice@87816a8 feat: align partition to minimum I/O size
• talos-systems/go-blockdevice@c34b59f feat: expose more encryption options in the LUKS module

Changes from talos-systems/pkgs

• talos-systems/pkgs@818761f chore: update tools to 0.7.0
• talos-systems/pkgs@35b7e68 feat: bump u-boot to 2021.07
• talos-systems/pkgs@c68b090 feat: bump raspberrypi-firmware to 1.20210805
• talos-systems/pkgs@f64023c feat: bump util-linux to 2.37
• talos-systems/pkgs@c0ef725 feat: update LibreSSL to 3.2.5
• talos-systems/pkgs@0d12460 feat: update linux-firmware to 20210716
• talos-systems/pkgs@7a29722 fix: set iPXE version properly
• talos-systems/pkgs@958023c feat: update eudev to 3.2.10
• talos-systems/pkgs@dc1008d feat: update Linux to 5.10.58
• talos-systems/pkgs@da4ac04 chore: bump tools for Go 1.16.7
• talos-systems/pkgs@10275fb feat: update Linux to 5.10.57
• talos-systems/pkgs@875c7ec chore: patch grub with support for reproducible ISO builds
• talos-systems/pkgs@12856ce feat: increase number of CPUs supported by the kernel to 512
• talos-systems/pkgs@cbfabac chore: update ca-certificates to 2021-07-05
• talos-systems/pkgs@0c011c0 feat: update GRUB to 2.06
• talos-systems/pkgs@5090d14 chore: update containerd to v1.5.5
• talos-systems/pkgs@6653902 feat: add kernel drivers for fusion and scsi-isci
• talos-systems/pkgs@9b4041f chore: update containerd to v1.5.4
• talos-systems/pkgs@7b6cc05 feat: update kernel to latest 5.10.52
• talos-systems/pkgs@65159fb chore: update runc and CNI plugins
• talos-systems/pkgs@514ba34 feat: disable aufs, devmapper, zfs
• talos-systems/pkgs@6bc118f chore: update runc and containerd
• talos-systems/pkgs@b6fca88 feat: update Go to 1.16.6
• talos-systems/pkgs@fd56852 chore: update open-isns and open-iscsi
• talos-systems/pkgs@d779204 chore: update dosfstools to v4.2
• talos-systems/pkgs@bc7c0d7 feat: add support for hotplug of PCIE devices

Changes from talos-systems/tools

• talos-systems/tools@a33ccc1 chore: bump toolchain for binutils multiarch
• talos-systems/tools@2368154 feat: update Go and protoc-gen-go tools
• talos-systems/tools@7172a5d feat: update Go to 1.16.6
• talos-systems/tools@1de34d7 chore: update musl
• talos-systems/tools@76979a1 chore: update protobuf deps
• talos-systems/tools@0846c64 chore: update expat

Dependency Changes

• github.com/BurntSushi/toml v0.3.1 -> v0.4.1
• github.com/aws/aws-sdk-go v1.38.66 -> v1.40.2
• github.com/containerd/containerd v1.5.2 -> v1.5.5
• github.com/cosi-project/runtime 93ead370bf57 -> 25f235cd0682
• github.com/docker/docker v20.10.7 -> v20.10.8
• github.com/google/uuid v1.2.0 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.4 -> v1.5.7
• github.com/opencontainers/runtime-spec e6143ca7d51d -> 1c3f411f0417
• github.com/packethost/packngo v0.19.0 new
• github.com/prometheus/procfs v0.6.0 -> v0.7.2
• github.com/rivo/tview d4fb0348227b -> 29d673af0ce2
• github.com/spf13/cobra v1.1.3 -> v1.2.1
• github.com/talos-systems/crypto v0.3.1 -> v0.3.2
• github.com/talos-systems/extras v0.4.0 -> v0.5.0
• github.com/talos-systems/go-blockdevice v0.2.1 -> v0.2.3
• github.com/talos-systems/pkgs v0.6.0-1-g7b2e126 -> v0.7.0
• github.com/talos-systems/tools v0.6.0 -> v0.7.0-1-ga33ccc1
• github.com/vmware-tanzu/sonobuoy v0.52.0 -> v0.53.1
• go.uber.org/zap v1.17.0 -> v1.19.0
• golang.org/x/net 04defd469f4e -> 853a461950ff
• golang.org/x/sys 59db8d763f22 -> 0f9fa26af87c
• golang.org/x/time 38a9dc6acbc6 -> 1f47c861a9ac
• google.golang.org/grpc v1.38.0 -> v1.40.0
• google.golang.org/protobuf v1.26.0 -> v1.27.1
• inet.af/netaddr bf05d8b52dda -> ce7a8ad02cc1
• k8s.io/api v0.21.2 -> v0.22.1
• k8s.io/apimachinery v0.21.2 -> v0.22.1
• k8s.io/apiserver v0.21.2 -> v0.22.1
• k8s.io/client-go v0.21.2 -> v0.22.1
• k8s.io/cri-api v0.21.2 -> v0.22.1
• k8s.io/kubectl v0.21.2 -> v0.22.1
• k8s.io/kubelet v0.21.2 -> v0.22.1

Previous release can be found at v0.11.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.5.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.22.1
k8s.gcr.io/kube-controller-manager:v1.22.1
k8s.gcr.io/kube-scheduler:v1.22.1
k8s.gcr.io/kube-proxy:v1.22.1
ghcr.io/talos-systems/kubelet:v1.22.1
ghcr.io/talos-systems/installer:v0.12.1
k8s.gcr.io/pause:3.2

Talos 0.12.0 (2021-08-31)

Welcome to the v0.12.0 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Support for Self-hosted Control Plane Dropped

Note: This item only applies to clusters bootstrapped with Talos <= 0.8.

Talos 0.12 completely removes support for self-hosted Kubernetes control plane (bootkube-based).
Talos 0.9 introduced support for Talos-managed control plane and provided migration path to convert self-hosted control plane
to Talos-managed static pods.
Automated and manual conversion process is available in Talos from 0.9.x to 0.11.x.
For clusters bootstrapped with bootkube (Talos <= 0.8), please make sure control plane is converted to Talos-managed
before upgrading to Talos 0.12.
Current control plane status can be checked with talosctl get bootstrapstatus before performing upgrade to Talos 0.12.

Cluster API v0.3.x

Cluster API v0.3.x (v1alpha3) is not compatible with Kubernetes 1.22 used by default in Talos 0.12.
Talos can be configued to use Kubernetes 1.21 or CAPI v0.4.x components can be used instead.

Machine Config Validation

Unknown keys in the machine config now make the config invalid,
so any attempt to apply/edit the configuration with the unknown keys will lead into an error.

Sysctl Configuration

Sysctl Kernel Params configuration was completely rewritten to be based on controllers and resources,
which makes it possible to apply .machine.sysctls in immediate mode (without a reboot).
talosctl get kernelparams returns merged list of KSPP, Kubernetes and user defined params along with
the default values overwritten by Talos.

Equinix Metal

Added support for Equinix Metal IPs for the Talos virtual (shared) IP (option equinixMetal under vip in the machine configuration).
Talos automatically re-assigns IP using the Equinix Metal API when leadership changes.

etcd

New etcd cluster members are now joined in learner mode, which improves cluster resiliency
to member join issues.

Join Node Type

Node type join was renamed to worker for clarity. The old value is still accepted in the machine configuration but deprecated.
talosctl gen config now generates worker.yaml instead of join.yaml.

Networking

• multiple static addresses can be specified for the interface with new .addresses field (old .cidr field is deprecated now)
• static addresses can be set on interfaces configured with DHCP

Performance

• machined uses less memory and CPU time
• more disk encryption options are exposed via the machine configuration
• disk partitions are now aligned properly with minimum I/O size
• Talos system processes are moved under proper cgroups, resource metrics are now available via the kubelet
• OOM score is set on the system processes making sure they are killed last under memory pressure

Security

• etcd PKI moved to /system/secrets
• kubelet bootstrap CSR auto-signing scoped to kubelet bootstrap tokens only
• enforce default seccomp profile on all system containers
• run system services apid, trustd, and etcd as non-root users

Component Updates

• Linux: 5.10.58
• Kubernetes: 1.22.1
• containerd: 1.5.5
• runc: 1.0.1
• GRUB: 2.06
• Talos is built with Go 1.16.7

Kubernetes Upgrade

talosctl upgrade-k8s now checks if cluster has any resources which are going to be removed or migrated to the new version after upgrade
and shows that as a warning before the upgrade.
Additionally, upgrade-k8s command now has --dry-run flag that only prints out warnings and upgrade summary.

Contributors

• Andrey Smirnov
• Andrey Smirnov
• Alexey Palazhchenko
• Serge Logvinov
• Artem Chernyshev
• Artem Chernyshev
• Spencer Smith
• Alexey Palazhchenko
• dependabot[bot]
• Andrew Rynhard
• Noel Georgi
• Rui Lopes
• Caleb Woodbine
• Seán C McCord

Changes

• talos-systems/talos@ff9681a74 release(v0.12.0): prepare release
• talos-systems/talos@75ce68d90 release(v0.12.0-beta.2): prepare release
• talos-systems/talos@87c258093 fix: allow updating diskSelector option
• talos-systems/talos@eba00723d fix: don't extract nil IPs in the GCP platform
• talos-systems/talos@3a38f0ded fix: properly handle omitempty fields in the validator
• talos-systems/talos@2e220cb65 fix: validate IP address returned as HTTP response in platform code
• talos-systems/talos@b63a2ea0e fix: don't allow bootstrap if etcd data directory is not empty
• talos-systems/talos@cd0532848 fix: cgroup delegate
• talos-systems/talos@e22301e76 chore: fix arm64 reproducibility issues
• talos-systems/talos@30e1ff614 release(v0.12.0-beta.1): prepare release
• talos-systems/talos@7630d998f chore: don't require single commit per PR
• talos-systems/talos@208ac9ac4 feat: update Kubernetes to 1.22.1
• talos-systems/talos@e84e2902c fix: don't support cgroups nesting in process runner
• talos-systems/talos@2cf53fb34 fix: do not set KSPP kernel params in container mode
• talos-systems/talos@1908f57c6 test: adapt tests to the cgroupsv2
• talos-systems/talos@4bb84ea0c fix: extramount should have yaml:",inline" tag
• talos-systems/talos@e948560be fix: don't panic if the machine config doesn't have network (EM)
• talos-systems/talos@a5726f2e6 chore: do not check that go mod tidy gives empty output
• talos-systems/talos@67494923b fix: make sure file mode is same (reproducibility issue)
• talos-systems/talos@65292880a feat: check if cluster has deprecated resources versions
• talos-systems/talos@7a0eb5fa2 release(v0.12.0-beta.0): prepare release
• talos-systems/talos@c601dc73f chore: update versions to final release tags
• talos-systems/talos@82731124b chore: run e2e-qemu test against Talos with race-detector enabled
• talos-systems/talos@37ea2c9ca feat: support for route source addresses in the configuration
• talos-systems/talos@0ef8f83ac chore: bump dependencies via dependabot
• talos-systems/talos@2108fd7b6 feat: update Linux to 5.10.58 and many pkgs updates
• talos-systems/talos@6ee690d9a release(v0.12.0-alpha.1): prepare release
• talos-systems/talos@1ed5e5453 feat: add ClusterID and ClusterSecret
• talos-systems/talos@228b37616 chore: run etcd as non-root user
• talos-systems/talos@3518219bf chore: drop deprecated --no-reboot param and KernelCurrentRoot const
• talos-systems/talos@33d1c3e42 chore: run apid and trustd services as non-root user
• talos-systems/talos@dadaa65d5 feat: print uid/gid for the files in ls -l
• talos-systems/talos@e6fa401b6 fix: enable seccomp default profile by default
• talos-systems/talos@8ddbcc964 feat: validate if extra fields present in the decoder
• talos-systems/talos@5b57a9800 chore: update Go to 1.16.7, Linux to 5.10.57
• talos-systems/talos@eefe1c21c feat: add new etcd members in learner mode
• talos-systems/talos@b1c66fbad feat: implement Equinix Metal support for virtual (shared) IP
• talos-systems/talos@62242f979 chore: require GPG signatures
• talos-systems/talos@faecae44f feat: make ISO builds reproducible
• talos-systems/talos@887c2326a release(v0.12.0-alpha.0): prepare release
• talos-systems/talos@a15f01844 fix: move etcd PKI under /system/secrets
• talos-systems/talos@eb02afe18 fix: match correctly routes on the address family
• talos-systems/talos@cb948accf feat: allow multiple addresses per interface
• talos-systems/talos@e030b2e8b chore: use k8s 1.21.3 in CAPI tests for now
• talos-systems/talos@e08b4f8f9 feat: implement sysctl controllers
• talos-systems/talos@fdf6b2433 chore: revert "improve artifacts generation reproducibility"
• talos-systems/talos@b68ed1eb8 fix: make route resources ID match closer routing table primary key
• talos-systems/talos@585f63371 fix: correctly handle nodoc for struct fields
• talos-systems/talos@f2d394dc4 docs: add AMIs for v0.11.5
• talos-systems/talos@d0970cbfd feat: bootstrap token limit
• talos-systems/talos@5285a46d7 fix: maintenance mode reason message
• talos-systems/talos@009d15e8d chore: use etcd client TryLock function on upgrade
• talos-systems/talos@4dae9ea55 chore: use vtprotobuf compiled marshaling in Talos API
• talos-systems/talos@7ca5749ad chore: bump dependencies via dependabot
• talos-systems/talos@b2507b41d chore: improve artifacts generation reproducibility
• talos-systems/talos@1f7dad234 chore: update PKGS version (512 cpus, new ca-certficates)
• talos-systems/talos@1a2e78a24 fix: update go-blockdevice
• talos-systems/talos@6d6ed1170 chore: use parallel xz with higher compression level
• talos-systems/talos@571f7db1b chore: workaround GitHub new release notes limit
• talos-systems/talos@09d70b7ea feat: update Kubernetes to v1.22.0
• talos-systems/talos@f25f10e73 feat: add an option to disable PSP
• talos-systems/talos@7c6e4cf23 feat: allow both DHCP and static addressing for the interface
• talos-systems/talos@3c566dbc3 fix: remove admission plugins enabled by default from the list
• talos-systems/talos@69ead3735 fix: preserve PMBR bootable flag correctly
• talos-systems/talos@dee630517 fix: align partitions with minimal I/O size
• talos-systems/talos@628902297 feat: update GRUB to 2.06
• talos-systems/talos@b9d04928d feat: move system processes to cgroups
• talos-systems/talos@0b8681b4b fix: resolve several issues with Wireguard link specs
• talos-systems/talos@f8f4bf3ba docs: add disk encryptions examples
• talos-systems/talos@79b8fa64b feat: update containerd to 1.5.5
• talos-systems/talos@539f42090 chore: bump dependencies via dependabot
• talos-systems/talos@0c7ce1cd8 feat: remove remnants of bootkube support
• talos-systems/talos@d4f9804f8 chore: fix typos
• talos-systems/talos@5f027615f feat: expose more encryption options to the machine config
• talos-systems/talos@585152a0b chore: bump dependencies
• talos-systems/talos@fc66ec596 feat: set oom score for main processes
• talos-systems/talos@df54584a3 fix: drop linux capabilities
• talos-systems/talos@f65d0b739 docs: add 0.11.3 AMIs
• talos-systems/talos@7332d6369 fix: bump pkgs for new kernel 5.10.52
• talos-systems/talos@70d2505b7 fix: do not require ToVersion to be set when detecting version
• talos-systems/talos@0953b1998 chore: update extras to bring a new CNI bundle
• talos-systems/talos@b6c47f866 fix: set the /etc/os-release HOME_URL parameter
• talos-systems/talos@c780821d0 feat: update containerd to 1.5.3, runc to 1.0.1
• talos-systems/talos@f8f1c83a7 feat: detect the lowest Kubernetes version in upgrade-k8s CLI command
• talos-systems/talos@55e17ccdd chore: bump dependencies
• talos-systems/talos@da6f786ca fix: kuberentes => kubernetes typo
• talos-systems/talos@2e463348b fix: pass all logs through the options.Log method
• talos-systems/talos@4e9c5afb6 fix: make ethtool optional in link status controller
• talos-systems/talos@bf61c2cc4 fix: write upgrade logs only to the LogOutput if it's defined
• talos-systems/talos@9c73257cb feat: update Go to 1.16.6
• talos-systems/talos@23ef1d40a chore: add ability to redirect talos upgrade module logs to io.Writer
• talos-systems/talos@33e9d6c98 chore: bump github.com/aws/aws-sdk-go in /hack/cloud-image-uploader
• talos-systems/talos@604434c43 chore: bump github.com/prometheus/procfs from 0.6.0 to 0.7.0
• talos-systems/talos@2ea28f62d chore: bump node from 16.3.0-alpine to 16.4.2-alpine
• talos-systems/talos@b358a189b fix: correctly pick route scope for link-local destination
• talos-systems/talos@6848d4314 feat: can change clusterdns ip lists
• talos-systems/talos@72b76abfd fix: workaround issues when IPv6 is fully or partially disabled
• talos-systems/talos@679b08f4f docs: update docs for 0.12
• talos-systems/talos@6fbec9e0c fix: cache etcd client used for healthchecks
• talos-systems/talos@eea750de2 chore: rename "join" type to "worker"
• talos-systems/talos@951493ac8 docs: update what's new for Talos 0.11
• talos-systems/talos@b47d1098b docs: promote 0.11 docs to be the latest
• talos-systems/talos@d930a2650 chore: implement DeepCopy for machine configuration
• talos-systems/talos@fe4ed3c73 chore: ignore tags which don't look like semantic version
• talos-systems/talos@b969e7720 chore: update references to old protobuf package
• talos-systems/talos@2ba8ac9ab docs: add documentation directory for 0.12
• talos-systems/talos@011e2885e fix: validate bond slaves addressing
• talos-systems/talos@10c28758a fix: ignore DeadlineExceeded error correctly on bootstrap
• talos-systems/talos@77fabacec chore: ignore future pkg/machinery/vX.Y.Z tags
• talos-systems/talos@6b661114d fix: make COSI runtime history depth smaller
• talos-systems/talos@9bf899bdd fix: make forfeit leadership connect to the right node
• talos-systems/talos@4708beaee feat: implement talosctl config info command
• talos-systems/talos@6d13d2cf9 fix: close Kubernetes API client
• talos-systems/talos@aaa36f3b4 fix: ignore 'not a leader' error on forfeit leadership
• talos-systems/talos@22a419367 fix: workaround 'Unauthorized' errors when accessing Kubernetes API
• talos-systems/talos@71c6f7004 chore: bump go.mod dependencies
• talos-systems/talos@915cd8fe2 docs: add guide for RBAC
• talos-systems/talos@f5721050d fix: controlplane keyusage
• talos-systems/talos@3d7726613 fix: fill uuid argument correctly in the config download URL
• talos-systems/talos@d8602025c chore: update containerd config version 2
• talos-systems/talos@5949ec4e6 docs: describe the new network configuration subsystem
• talos-systems/talos@444d72b4d feat: update pkgs version
• talos-systems/talos@e883c12b3 fix: make output of upgrade-k8s command less scary
• talos-systems/talos@7f8e50de4 fix: restart the merge controllers on conflict
• talos-systems/talos@60d736094 fix: ignore deadline exceeded errors on bootstrap
• talos-systems/talos@ee06dd69f fix: don't print git sha of the release twice in the dashboard
• talos-systems/talos@07fb61e5d fix: issue worker apid certs properly on renewal
• talos-systems/talos@84817f733 chore: bump Talos version in upgrade tests
• talos-systems/talos@2fa54107b chore: fix tests for disabled RBAC
• talos-systems/talos@78583ba98 fix: don't set bond delay options if miimon is not enabled
• talos-systems/talos@bbf1c091d feat: add RBAC to talosctl version output
• talos-systems/talos@5f6ec3ef6 fix: handle cases when merged resource re-appears before being destroyed
• talos-systems/talos@1e9a0e745 fix: documentation typos
• talos-systems/talos@f228af406 chore: bump go.mod dependencies
• talos-systems/talos@2060ceaa0 chore: add CAPI version to CI setup
• talos-systems/talos@ad047a7de chore: small RBAC improvements

Changes since v0.12.0-beta.2

• talos-systems/talos@ff9681a74 release(v0.12.0): prepare release

Changes from talos-systems/crypto

• talos-systems/crypto@deec8d4 chore: implement DeepCopy methods for PEMEncoded* types

Changes from talos-systems/extras

• talos-systems/extras@bdd1767 chore: update tools and pkgs to final 0.7.0
• talos-systems/extras@8ce17e5 chore: bump tools and packages for Go 1.16.7
• talos-systems/extras@4957f3c chore: update pkgs to use CNI plugins v0.9.1
• talos-systems/extras@233716a feat: update Go to 1.16.6

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@fe24303 fix: perform correct PMBR partition calculations
• talos-systems/go-blockdevice@2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
• talos-systems/go-blockdevice@87816a8 feat: align partition to minimum I/O size
• talos-systems/go-blockdevice@c34b59f feat: expose more encryption options in the LUKS module

Changes from talos-systems/pkgs

• talos-systems/pkgs@818761f chore: update tools to 0.7.0
• talos-systems/pkgs@35b7e68 feat: bump u-boot to 2021.07
• talos-systems/pkgs@c68b090 feat: bump raspberrypi-firmware to 1.20210805
• talos-systems/pkgs@f64023c feat: bump util-linux to 2.37
• talos-systems/pkgs@c0ef725 feat: update LibreSSL to 3.2.5
• talos-systems/pkgs@0d12460 feat: update linux-firmware to 20210716
• talos-systems/pkgs@7a29722 fix: set iPXE version properly
• talos-systems/pkgs@958023c feat: update eudev to 3.2.10
• talos-systems/pkgs@dc1008d feat: update Linux to 5.10.58
• talos-systems/pkgs@da4ac04 chore: bump tools for Go 1.16.7
• talos-systems/pkgs@10275fb feat: update Linux to 5.10.57
• talos-systems/pkgs@875c7ec chore: patch grub with support for reproducible ISO builds
• talos-systems/pkgs@12856ce feat: increase number of CPUs supported by the kernel to 512
• talos-systems/pkgs@cbfabac chore: update ca-certificates to 2021-07-05
• talos-systems/pkgs@0c011c0 feat: update GRUB to 2.06
• talos-systems/pkgs@5090d14 chore: update containerd to v1.5.5
• talos-systems/pkgs@6653902 feat: add kernel drivers for fusion and scsi-isci
• talos-systems/pkgs@9b4041f chore: update containerd to v1.5.4
• talos-systems/pkgs@7b6cc05 feat: update kernel to latest 5.10.52
• talos-systems/pkgs@65159fb chore: update runc and CNI plugins
• talos-systems/pkgs@514ba34 feat: disable aufs, devmapper, zfs
• talos-systems/pkgs@6bc118f chore: update runc and containerd
• talos-systems/pkgs@b6fca88 feat: update Go to 1.16.6
• talos-systems/pkgs@fd56852 chore: update open-isns and open-iscsi
• talos-systems/pkgs@d779204 chore: update dosfstools to v4.2
• talos-systems/pkgs@bc7c0d7 feat: add support for hotplug of PCIE devices

Changes from talos-systems/tools

• talos-systems/tools@a33ccc1 chore: bump toolchain for binutils multiarch
• talos-systems/tools@2368154 feat: update Go and protoc-gen-go tools
• talos-systems/tools@7172a5d feat: update Go to 1.16.6
• talos-systems/tools@1de34d7 chore: update musl
• talos-systems/tools@76979a1 chore: update protobuf deps
• talos-systems/tools@0846c64 chore: update expat

Dependency Changes

• github.com/BurntSushi/toml v0.3.1 -> v0.4.1
• github.com/aws/aws-sdk-go v1.38.66 -> v1.40.2
• github.com/containerd/containerd v1.5.2 -> v1.5.5
• github.com/cosi-project/runtime 93ead370bf57 -> 25f235cd0682
• github.com/docker/docker v20.10.7 -> v20.10.8
• github.com/google/uuid v1.2.0 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.4 -> v1.5.7
• github.com/opencontainers/runtime-spec e6143ca7d51d -> 1c3f411f0417
• github.com/packethost/packngo v0.19.0 new
• github.com/prometheus/procfs v0.6.0 -> v0.7.2
• github.com/rivo/tview d4fb0348227b -> 29d673af0ce2
• github.com/spf13/cobra v1.1.3 -> v1.2.1
• github.com/talos-systems/crypto v0.3.1 -> v0.3.2
• github.com/talos-systems/extras v0.4.0 -> v0.5.0
• github.com/talos-systems/go-blockdevice v0.2.1 -> v0.2.3
• github.com/talos-systems/pkgs v0.6.0-1-g7b2e126 -> v0.7.0
• github.com/talos-systems/tools v0.6.0 -> v0.7.0-1-ga33ccc1
• github.com/vmware-tanzu/sonobuoy v0.52.0 -> v0.53.1
• go.uber.org/zap v1.17.0 -> v1.19.0
• golang.org/x/net 04defd469f4e -> 853a461950ff
• golang.org/x/sys 59db8d763f22 -> 0f9fa26af87c
• golang.org/x/time 38a9dc6acbc6 -> 1f47c861a9ac
• google.golang.org/grpc v1.38.0 -> v1.40.0
• google.golang.org/protobuf v1.26.0 -> v1.27.1
• inet.af/netaddr bf05d8b52dda -> ce7a8ad02cc1
• k8s.io/api v0.21.2 -> v0.22.1
• k8s.io/apimachinery v0.21.2 -> v0.22.1
• k8s.io/apiserver v0.21.2 -> v0.22.1
• k8s.io/client-go v0.21.2 -> v0.22.1
• k8s.io/cri-api v0.21.2 -> v0.22.1
• k8s.io/kubectl v0.21.2 -> v0.22.1
• k8s.io/kubelet v0.21.2 -> v0.22.1

Previous release can be found at v0.11.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.5.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.22.1
k8s.gcr.io/kube-controller-manager:v1.22.1
k8s.gcr.io/kube-scheduler:v1.22.1
k8s.gcr.io/kube-proxy:v1.22.1
ghcr.io/talos-systems/kubelet:v1.22.1
ghcr.io/talos-systems/installer:v0.12.0
k8s.gcr.io/pause:3.2

Talos 0.12.0-beta.2 (2021-08-27)

Welcome to the v0.12.0-beta.2 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Support for Self-hosted Control Plane Dropped

Note: This item only applies to clusters bootstrapped with Talos <= 0.8.

Talos 0.12 completely removes support for self-hosted Kubernetes control plane (bootkube-based).
Talos 0.9 introduced support for Talos-managed control plane and provided migration path to convert self-hosted control plane
to Talos-managed static pods.
Automated and manual conversion process is available in Talos from 0.9.x to 0.11.x.
For clusters bootstrapped with bootkube (Talos <= 0.8), please make sure control plane is converted to Talos-managed
before upgrading to Talos 0.12.
Current control plane status can be checked with talosctl get bootstrapstatus before performing upgrade to Talos 0.12.

Cluster API v0.3.x

Cluster API v0.3.x (v1alpha3) is not compatible with Kubernetes 1.22 used by default in Talos 0.12.
Talos can be configued to use Kubernetes 1.21 or CAPI v0.4.x components can be used instead.

Machine Config Validation

Unknown keys in the machine config now make the config invalid,
so any attempt to apply/edit the configuration with the unknown keys will lead into an error.

Sysctl Configuration

Sysctl Kernel Params configuration was completely rewritten to be based on controllers and resources,
which makes it possible to apply .machine.sysctls in immediate mode (without a reboot).
talosctl get kernelparams returns merged list of KSPP, Kubernetes and user defined params along with
the default values overwritten by Talos.

Equinix Metal

Added support for Equinix Metal IPs for the Talos virtual (shared) IP (option equnixMetal under vip in the machine configuration).
Talos automatically re-assigns IP using the Equinix Metal API when leadership changes.

etcd

New etcd cluster members are now joined in learner mode, which improves cluster resiliency
to member join issues.

Join Node Type

Node type join was renamed to worker for clarity. The old value is still accepted in the machine configuration but deprecated.
talosctl gen config now generates worker.yaml instead of join.yaml.

Networking

• multiple static addresses can be specified for the interface with new .addresses field (old .cidr field is deprecated now)
• static addresses can be set on interfaces configured with DHCP

Performance

• machined uses less memory and CPU time
• more disk encryption options are exposed via the machine configuration
• disk partitions are now aligned properly with minimum I/O size
• Talos system processes are moved under proper cgroups, resource metrics are now available via the kubelet
• OOM score is set on the system processes making sure they are killed last under memory pressure

Security

• etcd PKI moved to /system/secrets
• kubelet bootstrap CSR auto-signing scoped to kubelet bootstrap tokens only
• enforce default seccomp profile on all system containers
• run system services apid, trustd, and etcd as non-root users

Component Updates

• Linux: 5.10.58
• Kubernetes: 1.22.1
• containerd: 1.5.5
• runc: 1.0.1
• GRUB: 2.06
• Talos is built with Go 1.16.7

Kubernetes Upgrade

talosctl upgrade-k8s now checks if cluster has any resources which are going to be removed or migrated to the new version after upgrade
and shows that as a warning before the upgrade.
Additionally, upgrade-k8s command now has --dry-run flag that only prints out warnings and upgrade summary.

Contributors

• Andrey Smirnov
• Andrey Smirnov
• Alexey Palazhchenko
• Serge Logvinov
• Artem Chernyshev
• Artem Chernyshev
• Spencer Smith
• Alexey Palazhchenko
• dependabot[bot]
• Andrew Rynhard
• Noel Georgi
• Rui Lopes
• Caleb Woodbine
• Seán C McCord

Changes

• talos-systems/talos@75ce68d90 release(v0.12.0-beta.2): prepare release
• talos-systems/talos@87c258093 fix: allow updating diskSelector option
• talos-systems/talos@eba00723d fix: don't extract nil IPs in the GCP platform
• talos-systems/talos@3a38f0ded fix: properly handle omitempty fields in the validator
• talos-systems/talos@2e220cb65 fix: validate IP address returned as HTTP response in platform code
• talos-systems/talos@b63a2ea0e fix: don't allow bootstrap if etcd data directory is not empty
• talos-systems/talos@cd0532848 fix: cgroup delegate
• talos-systems/talos@e22301e76 chore: fix arm64 reproducibility issues
• talos-systems/talos@30e1ff614 release(v0.12.0-beta.1): prepare release
• talos-systems/talos@7630d998f chore: don't require single commit per PR
• talos-systems/talos@208ac9ac4 feat: update Kubernetes to 1.22.1
• talos-systems/talos@e84e2902c fix: don't support cgroups nesting in process runner
• talos-systems/talos@2cf53fb34 fix: do not set KSPP kernel params in container mode
• talos-systems/talos@1908f57c6 test: adapt tests to the cgroupsv2
• talos-systems/talos@4bb84ea0c fix: extramount should have yaml:",inline" tag
• talos-systems/talos@e948560be fix: don't panic if the machine config doesn't have network (EM)
• talos-systems/talos@a5726f2e6 chore: do not check that go mod tidy gives empty output
• talos-systems/talos@67494923b fix: make sure file mode is same (reproducibility issue)
• talos-systems/talos@65292880a feat: check if cluster has deprecated resources versions
• talos-systems/talos@7a0eb5fa2 release(v0.12.0-beta.0): prepare release
• talos-systems/talos@c601dc73f chore: update versions to final release tags
• talos-systems/talos@82731124b chore: run e2e-qemu test against Talos with race-detector enabled
• talos-systems/talos@37ea2c9ca feat: support for route source addresses in the configuration
• talos-systems/talos@0ef8f83ac chore: bump dependencies via dependabot
• talos-systems/talos@2108fd7b6 feat: update Linux to 5.10.58 and many pkgs updates
• talos-systems/talos@6ee690d9a release(v0.12.0-alpha.1): prepare release
• talos-systems/talos@1ed5e5453 feat: add ClusterID and ClusterSecret
• talos-systems/talos@228b37616 chore: run etcd as non-root user
• talos-systems/talos@3518219bf chore: drop deprecated --no-reboot param and KernelCurrentRoot const
• talos-systems/talos@33d1c3e42 chore: run apid and trustd services as non-root user
• talos-systems/talos@dadaa65d5 feat: print uid/gid for the files in ls -l
• talos-systems/talos@e6fa401b6 fix: enable seccomp default profile by default
• talos-systems/talos@8ddbcc964 feat: validate if extra fields present in the decoder
• talos-systems/talos@5b57a9800 chore: update Go to 1.16.7, Linux to 5.10.57
• talos-systems/talos@eefe1c21c feat: add new etcd members in learner mode
• talos-systems/talos@b1c66fbad feat: implement Equinix Metal support for virtual (shared) IP
• talos-systems/talos@62242f979 chore: require GPG signatures
• talos-systems/talos@faecae44f feat: make ISO builds reproducible
• talos-systems/talos@887c2326a release(v0.12.0-alpha.0): prepare release
• talos-systems/talos@a15f01844 fix: move etcd PKI under /system/secrets
• talos-systems/talos@eb02afe18 fix: match correctly routes on the address family
• talos-systems/talos@cb948accf feat: allow multiple addresses per interface
• talos-systems/talos@e030b2e8b chore: use k8s 1.21.3 in CAPI tests for now
• talos-systems/talos@e08b4f8f9 feat: implement sysctl controllers
• talos-systems/talos@fdf6b2433 chore: revert "improve artifacts generation reproducibility"
• talos-systems/talos@b68ed1eb8 fix: make route resources ID match closer routing table primary key
• talos-systems/talos@585f63371 fix: correctly handle nodoc for struct fields
• talos-systems/talos@f2d394dc4 docs: add AMIs for v0.11.5
• talos-systems/talos@d0970cbfd feat: bootstrap token limit
• talos-systems/talos@5285a46d7 fix: maintenance mode reason message
• talos-systems/talos@009d15e8d chore: use etcd client TryLock function on upgrade
• talos-systems/talos@4dae9ea55 chore: use vtprotobuf compiled marshaling in Talos API
• talos-systems/talos@7ca5749ad chore: bump dependencies via dependabot
• talos-systems/talos@b2507b41d chore: improve artifacts generation reproducibility
• talos-systems/talos@1f7dad234 chore: update PKGS version (512 cpus, new ca-certficates)
• talos-systems/talos@1a2e78a24 fix: update go-blockdevice
• talos-systems/talos@6d6ed1170 chore: use parallel xz with higher compression level
• talos-systems/talos@571f7db1b chore: workaround GitHub new release notes limit
• talos-systems/talos@09d70b7ea feat: update Kubernetes to v1.22.0
• talos-systems/talos@f25f10e73 feat: add an option to disable PSP
• talos-systems/talos@7c6e4cf23 feat: allow both DHCP and static addressing for the interface
• talos-systems/talos@3c566dbc3 fix: remove admission plugins enabled by default from the list
• talos-systems/talos@69ead3735 fix: preserve PMBR bootable flag correctly
• talos-systems/talos@dee630517 fix: align partitions with minimal I/O size
• talos-systems/talos@628902297 feat: update GRUB to 2.06
• talos-systems/talos@b9d04928d feat: move system processes to cgroups
• talos-systems/talos@0b8681b4b fix: resolve several issues with Wireguard link specs
• talos-systems/talos@f8f4bf3ba docs: add disk encryptions examples
• talos-systems/talos@79b8fa64b feat: update containerd to 1.5.5
• talos-systems/talos@539f42090 chore: bump dependencies via dependabot
• talos-systems/talos@0c7ce1cd8 feat: remove remnants of bootkube support
• talos-systems/talos@d4f9804f8 chore: fix typos
• talos-systems/talos@5f027615f feat: expose more encryption options to the machine config
• talos-systems/talos@585152a0b chore: bump dependencies
• talos-systems/talos@fc66ec596 feat: set oom score for main processes
• talos-systems/talos@df54584a3 fix: drop linux capabilities
• talos-systems/talos@f65d0b739 docs: add 0.11.3 AMIs
• talos-systems/talos@7332d6369 fix: bump pkgs for new kernel 5.10.52
• talos-systems/talos@70d2505b7 fix: do not require ToVersion to be set when detecting version
• talos-systems/talos@0953b1998 chore: update extras to bring a new CNI bundle
• talos-systems/talos@b6c47f866 fix: set the /etc/os-release HOME_URL parameter
• talos-systems/talos@c780821d0 feat: update containerd to 1.5.3, runc to 1.0.1
• talos-systems/talos@f8f1c83a7 feat: detect the lowest Kubernetes version in upgrade-k8s CLI command
• talos-systems/talos@55e17ccdd chore: bump dependencies
• talos-systems/talos@da6f786ca fix: kuberentes => kubernetes typo
• talos-systems/talos@2e463348b fix: pass all logs through the options.Log method
• talos-systems/talos@4e9c5afb6 fix: make ethtool optional in link status controller
• talos-systems/talos@bf61c2cc4 fix: write upgrade logs only to the LogOutput if it's defined
• talos-systems/talos@9c73257cb feat: update Go to 1.16.6
• talos-systems/talos@23ef1d40a chore: add ability to redirect talos upgrade module logs to io.Writer
• talos-systems/talos@33e9d6c98 chore: bump github.com/aws/aws-sdk-go in /hack/cloud-image-uploader
• talos-systems/talos@604434c43 chore: bump github.com/prometheus/procfs from 0.6.0 to 0.7.0
• talos-systems/talos@2ea28f62d chore: bump node from 16.3.0-alpine to 16.4.2-alpine
• talos-systems/talos@b358a189b fix: correctly pick route scope for link-local destination
• talos-systems/talos@6848d4314 feat: can change clusterdns ip lists
• talos-systems/talos@72b76abfd fix: workaround issues when IPv6 is fully or partially disabled
• talos-systems/talos@679b08f4f docs: update docs for 0.12
• talos-systems/talos@6fbec9e0c fix: cache etcd client used for healthchecks
• talos-systems/talos@eea750de2 chore: rename "join" type to "worker"
• talos-systems/talos@951493ac8 docs: update what's new for Talos 0.11
• talos-systems/talos@b47d1098b docs: promote 0.11 docs to be the latest
• talos-systems/talos@d930a2650 chore: implement DeepCopy for machine configuration
• talos-systems/talos@fe4ed3c73 chore: ignore tags which don't look like semantic version
• talos-systems/talos@b969e7720 chore: update references to old protobuf package
• talos-systems/talos@2ba8ac9ab docs: add documentation directory for 0.12
• talos-systems/talos@011e2885e fix: validate bond slaves addressing
• talos-systems/talos@10c28758a fix: ignore DeadlineExceeded error correctly on bootstrap
• talos-systems/talos@77fabacec chore: ignore future pkg/machinery/vX.Y.Z tags
• talos-systems/talos@6b661114d fix: make COSI runtime history depth smaller
• talos-systems/talos@9bf899bdd fix: make forfeit leadership connect to the right node
• talos-systems/talos@4708beaee feat: implement talosctl config info command
• talos-systems/talos@6d13d2cf9 fix: close Kubernetes API client
• talos-systems/talos@aaa36f3b4 fix: ignore 'not a leader' error on forfeit leadership
• talos-systems/talos@22a419367 fix: workaround 'Unauthorized' errors when accessing Kubernetes API
• talos-systems/talos@71c6f7004 chore: bump go.mod dependencies
• talos-systems/talos@915cd8fe2 docs: add guide for RBAC
• talos-systems/talos@f5721050d fix: controlplane keyusage
• talos-systems/talos@3d7726613 fix: fill uuid argument correctly in the config download URL
• talos-systems/talos@d8602025c chore: update containerd config version 2
• talos-systems/talos@5949ec4e6 docs: describe the new network configuration subsystem
• talos-systems/talos@444d72b4d feat: update pkgs version
• talos-systems/talos@e883c12b3 fix: make output of upgrade-k8s command less scary
• talos-systems/talos@7f8e50de4 fix: restart the merge controllers on conflict
• talos-systems/talos@60d736094 fix: ignore deadline exceeded errors on bootstrap
• talos-systems/talos@ee06dd69f fix: don't print git sha of the release twice in the dashboard
• talos-systems/talos@07fb61e5d fix: issue worker apid certs properly on renewal
• talos-systems/talos@84817f733 chore: bump Talos version in upgrade tests
• talos-systems/talos@2fa54107b chore: fix tests for disabled RBAC
• talos-systems/talos@78583ba98 fix: don't set bond delay options if miimon is not enabled
• talos-systems/talos@bbf1c091d feat: add RBAC to talosctl version output
• talos-systems/talos@5f6ec3ef6 fix: handle cases when merged resource re-appears before being destroyed
• talos-systems/talos@1e9a0e745 fix: documentation typos
• talos-systems/talos@f228af406 chore: bump go.mod dependencies
• talos-systems/talos@2060ceaa0 chore: add CAPI version to CI setup
• talos-systems/talos@ad047a7de chore: small RBAC improvements

Changes since v0.12.0-beta.1

• talos-systems/talos@75ce68d90 release(v0.12.0-beta.2): prepare release
• talos-systems/talos@87c258093 fix: allow updating diskSelector option
• talos-systems/talos@eba00723d fix: don't extract nil IPs in the GCP platform
• talos-systems/talos@3a38f0ded fix: properly handle omitempty fields in the validator
• talos-systems/talos@2e220cb65 fix: validate IP address returned as HTTP response in platform code
• talos-systems/talos@b63a2ea0e fix: don't allow bootstrap if etcd data directory is not empty
• talos-systems/talos@cd0532848 fix: cgroup delegate
• talos-systems/talos@e22301e76 chore: fix arm64 reproducibility issues

Changes from talos-systems/crypto

• talos-systems/crypto@deec8d4 chore: implement DeepCopy methods for PEMEncoded* types

Changes from talos-systems/extras

• talos-systems/extras@bdd1767 chore: update tools and pkgs to final 0.7.0
• talos-systems/extras@8ce17e5 chore: bump tools and packages for Go 1.16.7
• talos-systems/extras@4957f3c chore: update pkgs to use CNI plugins v0.9.1
• talos-systems/extras@233716a feat: update Go to 1.16.6

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@fe24303 fix: perform correct PMBR partition calculations
• talos-systems/go-blockdevice@2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
• talos-systems/go-blockdevice@87816a8 feat: align partition to minimum I/O size
• talos-systems/go-blockdevice@c34b59f feat: expose more encryption options in the LUKS module

Changes from talos-systems/pkgs

• talos-systems/pkgs@818761f chore: update tools to 0.7.0
• talos-systems/pkgs@35b7e68 feat: bump u-boot to 2021.07
• talos-systems/pkgs@c68b090 feat: bump raspberrypi-firmware to 1.20210805
• talos-systems/pkgs@f64023c feat: bump util-linux to 2.37
• talos-systems/pkgs@c0ef725 feat: update LibreSSL to 3.2.5
• talos-systems/pkgs@0d12460 feat: update linux-firmware to 20210716
• talos-systems/pkgs@7a29722 fix: set iPXE version properly
• talos-systems/pkgs@958023c feat: update eudev to 3.2.10
• talos-systems/pkgs@dc1008d feat: update Linux to 5.10.58
• talos-systems/pkgs@da4ac04 chore: bump tools for Go 1.16.7
• talos-systems/pkgs@10275fb feat: update Linux to 5.10.57
• talos-systems/pkgs@875c7ec chore: patch grub with support for reproducible ISO builds
• talos-systems/pkgs@12856ce feat: increase number of CPUs supported by the kernel to 512
• talos-systems/pkgs@cbfabac chore: update ca-certificates to 2021-07-05
• talos-systems/pkgs@0c011c0 feat: update GRUB to 2.06
• talos-systems/pkgs@5090d14 chore: update containerd to v1.5.5
• talos-systems/pkgs@6653902 feat: add kernel drivers for fusion and scsi-isci
• talos-systems/pkgs@9b4041f chore: update containerd to v1.5.4
• talos-systems/pkgs@7b6cc05 feat: update kernel to latest 5.10.52
• talos-systems/pkgs@65159fb chore: update runc and CNI plugins
• talos-systems/pkgs@514ba34 feat: disable aufs, devmapper, zfs
• talos-systems/pkgs@6bc118f chore: update runc and containerd
• talos-systems/pkgs@b6fca88 feat: update Go to 1.16.6
• talos-systems/pkgs@fd56852 chore: update open-isns and open-iscsi
• talos-systems/pkgs@d779204 chore: update dosfstools to v4.2
• talos-systems/pkgs@bc7c0d7 feat: add support for hotplug of PCIE devices

Changes from talos-systems/tools

• talos-systems/tools@a33ccc1 chore: bump toolchain for binutils multiarch
• talos-systems/tools@2368154 feat: update Go and protoc-gen-go tools
• talos-systems/tools@7172a5d feat: update Go to 1.16.6
• talos-systems/tools@1de34d7 chore: update musl
• talos-systems/tools@76979a1 chore: update protobuf deps
• talos-systems/tools@0846c64 chore: update expat

Dependency Changes

• github.com/BurntSushi/toml v0.3.1 -> v0.4.1
• github.com/aws/aws-sdk-go v1.38.66 -> v1.40.2
• github.com/containerd/containerd v1.5.2 -> v1.5.5
• github.com/cosi-project/runtime 93ead370bf57 -> 25f235cd0682
• github.com/docker/docker v20.10.7 -> v20.10.8
• github.com/google/uuid v1.2.0 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.4 -> v1.5.7
• github.com/opencontainers/runtime-spec e6143ca7d51d -> 1c3f411f0417
• github.com/packethost/packngo v0.19.0 new
• github.com/prometheus/procfs v0.6.0 -> v0.7.2
• github.com/rivo/tview d4fb0348227b -> 29d673af0ce2
• github.com/spf13/cobra v1.1.3 -> v1.2.1
• github.com/talos-systems/crypto v0.3.1 -> v0.3.2
• github.com/talos-systems/extras v0.4.0 -> v0.5.0
• github.com/talos-systems/go-blockdevice v0.2.1 -> v0.2.3
• github.com/talos-systems/pkgs v0.6.0-1-g7b2e126 -> v0.7.0
• github.com/talos-systems/tools v0.6.0 -> v0.7.0-1-ga33ccc1
• github.com/vmware-tanzu/sonobuoy v0.52.0 -> v0.53.1
• go.uber.org/zap v1.17.0 -> v1.19.0
• golang.org/x/net 04defd469f4e -> 853a461950ff
• golang.org/x/sys 59db8d763f22 -> 0f9fa26af87c
• golang.org/x/time 38a9dc6acbc6 -> 1f47c861a9ac
• google.golang.org/grpc v1.38.0 -> v1.40.0
• google.golang.org/protobuf v1.26.0 -> v1.27.1
• inet.af/netaddr bf05d8b52dda -> ce7a8ad02cc1
• k8s.io/api v0.21.2 -> v0.22.1
• k8s.io/apimachinery v0.21.2 -> v0.22.1
• k8s.io/apiserver v0.21.2 -> v0.22.1
• k8s.io/client-go v0.21.2 -> v0.22.1
• k8s.io/cri-api v0.21.2 -> v0.22.1
• k8s.io/kubectl v0.21.2 -> v0.22.1
• k8s.io/kubelet v0.21.2 -> v0.22.1

Previous release can be found at v0.11.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.5.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.22.1
k8s.gcr.io/kube-controller-manager:v1.22.1
k8s.gcr.io/kube-scheduler:v1.22.1
k8s.gcr.io/kube-proxy:v1.22.1
ghcr.io/talos-systems/kubelet:v1.22.1
ghcr.io/talos-systems/installer:v0.12.0-beta.2
k8s.gcr.io/pause:3.2

Talos 0.12.0-beta.1 (2021-08-23)

Welcome to the v0.12.0-beta.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Support for Self-hosted Control Plane Dropped

Note: This item only applies to clusters bootstrapped with Talos <= 0.8.

Talos 0.12 completely removes support for self-hosted Kubernetes control plane (bootkube-based).
Talos 0.9 introduced support for Talos-managed control plane and provided migration path to convert self-hosted control plane
to Talos-managed static pods.
Automated and manual conversion process is available in Talos from 0.9.x to 0.11.x.
For clusters bootstrapped with bootkube (Talos <= 0.8), please make sure control plane is converted to Talos-managed
before upgrading to Talos 0.12.
Current control plane status can be checked with talosctl get bootstrapstatus before performing upgrade to Talos 0.12.

Cluster API v0.3.x

Cluster API v0.3.x (v1alpha3) is not compatible with Kubernetes 1.22 used by default in Talos 0.12.
Talos can be configued to use Kubernetes 1.21 or CAPI v0.4.x components can be used instead.

Machine Config Validation

Unknown keys in the machine config now make the config invalid,
so any attempt to apply/edit the configuration with the unknown keys will lead into an error.

Sysctl Configuration

Sysctl Kernel Params configuration was completely rewritten to be based on controllers and resources,
which makes it possible to apply .machine.sysctls in immediate mode (without a reboot).
talosctl get kernelparams returns merged list of KSPP, Kubernetes and user defined params along with
the default values overwritten by Talos.

Equinix Metal

Added support for Equinix Metal IPs for the Talos virtual (shared) IP (option equnixMetal under vip in the machine configuration).
Talos automatically re-assigns IP using the Equinix Metal API when leadership changes.

etcd

New etcd cluster members are now joined in learner mode, which improves cluster resiliency
to member join issues.

Join Node Type

Node type join was renamed to worker for clarity. The old value is still accepted in the machine configuration but deprecated.
talosctl gen config now generates worker.yaml instead of join.yaml.

Networking

• multiple static addresses can be specified for the interface with new .addresses field (old .cidr field is deprecated now)
• static addresses can be set on interfaces configured with DHCP

Performance

• machined uses less memory and CPU time
• more disk encryption options are exposed via the machine configuration
• disk partitions are now aligned properly with minimum I/O size
• Talos system processes are moved under proper cgroups, resource metrics are now available via the kubelet
• OOM score is set on the system processes making sure they are killed last under memory pressure

Security

• etcd PKI moved to /system/secrets
• kubelet bootstrap CSR auto-signing scoped to kubelet bootstrap tokens only
• enforce default seccomp profile on all system containers
• run system services apid, trustd, and etcd as non-root users

Component Updates

• Linux: 5.10.58
• Kubernetes: 1.22.1
• containerd: 1.5.5
• runc: 1.0.1
• GRUB: 2.06
• Talos is built with Go 1.16.7

Kubernetes Upgrade

talosctl upgrade-k8s now checks if cluster has any resources which are going to be removed or migrated to the new version after upgrade
and shows that as a warning before the upgrade.
Additionally, upgrade-k8s command now has --dry-run flag that only prints out warnings and upgrade summary.

Contributors

• Andrey Smirnov
• Andrey Smirnov
• Alexey Palazhchenko
• Serge Logvinov
• Artem Chernyshev
• Spencer Smith
• Artem Chernyshev
• Alexey Palazhchenko
• dependabot[bot]
• Andrew Rynhard
• Noel Georgi
• Rui Lopes
• Caleb Woodbine
• Seán C McCord

Changes

• talos-systems/talos@30e1ff614 release(v0.12.0-beta.1): prepare release
• talos-systems/talos@7630d998f chore: don't require single commit per PR
• talos-systems/talos@208ac9ac4 feat: update Kubernetes to 1.22.1
• talos-systems/talos@e84e2902c fix: don't support cgroups nesting in process runner
• talos-systems/talos@2cf53fb34 fix: do not set KSPP kernel params in container mode
• talos-systems/talos@1908f57c6 test: adapt tests to the cgroupsv2
• talos-systems/talos@4bb84ea0c fix: extramount should have yaml:",inline" tag
• talos-systems/talos@e948560be fix: don't panic if the machine config doesn't have network (EM)
• talos-systems/talos@a5726f2e6 chore: do not check that go mod tidy gives empty output
• talos-systems/talos@67494923b fix: make sure file mode is same (reproducibility issue)
• talos-systems/talos@65292880a feat: check if cluster has deprecated resources versions
• talos-systems/talos@7a0eb5fa2 release(v0.12.0-beta.0): prepare release
• talos-systems/talos@c601dc73f chore: update versions to final release tags
• talos-systems/talos@82731124b chore: run e2e-qemu test against Talos with race-detector enabled
• talos-systems/talos@37ea2c9ca feat: support for route source addresses in the configuration
• talos-systems/talos@0ef8f83ac chore: bump dependencies via dependabot
• talos-systems/talos@2108fd7b6 feat: update Linux to 5.10.58 and many pkgs updates
• talos-systems/talos@6ee690d9a release(v0.12.0-alpha.1): prepare release
• talos-systems/talos@1ed5e5453 feat: add ClusterID and ClusterSecret
• talos-systems/talos@228b37616 chore: run etcd as non-root user
• talos-systems/talos@3518219bf chore: drop deprecated --no-reboot param and KernelCurrentRoot const
• talos-systems/talos@33d1c3e42 chore: run apid and trustd services as non-root user
• talos-systems/talos@dadaa65d5 feat: print uid/gid for the files in ls -l
• talos-systems/talos@e6fa401b6 fix: enable seccomp default profile by default
• talos-systems/talos@8ddbcc964 feat: validate if extra fields present in the decoder
• talos-systems/talos@5b57a9800 chore: update Go to 1.16.7, Linux to 5.10.57
• talos-systems/talos@eefe1c21c feat: add new etcd members in learner mode
• talos-systems/talos@b1c66fbad feat: implement Equinix Metal support for virtual (shared) IP
• talos-systems/talos@62242f979 chore: require GPG signatures
• talos-systems/talos@faecae44f feat: make ISO builds reproducible
• talos-systems/talos@887c2326a release(v0.12.0-alpha.0): prepare release
• talos-systems/talos@a15f01844 fix: move etcd PKI under /system/secrets
• talos-systems/talos@eb02afe18 fix: match correctly routes on the address family
• talos-systems/talos@cb948accf feat: allow multiple addresses per interface
• talos-systems/talos@e030b2e8b chore: use k8s 1.21.3 in CAPI tests for now
• talos-systems/talos@e08b4f8f9 feat: implement sysctl controllers
• talos-systems/talos@fdf6b2433 chore: revert "improve artifacts generation reproducibility"
• talos-systems/talos@b68ed1eb8 fix: make route resources ID match closer routing table primary key
• talos-systems/talos@585f63371 fix: correctly handle nodoc for struct fields
• talos-systems/talos@f2d394dc4 docs: add AMIs for v0.11.5
• talos-systems/talos@d0970cbfd feat: bootstrap token limit
• talos-systems/talos@5285a46d7 fix: maintenance mode reason message
• talos-systems/talos@009d15e8d chore: use etcd client TryLock function on upgrade
• talos-systems/talos@4dae9ea55 chore: use vtprotobuf compiled marshaling in Talos API
• talos-systems/talos@7ca5749ad chore: bump dependencies via dependabot
• talos-systems/talos@b2507b41d chore: improve artifacts generation reproducibility
• talos-systems/talos@1f7dad234 chore: update PKGS version (512 cpus, new ca-certficates)
• talos-systems/talos@1a2e78a24 fix: update go-blockdevice
• talos-systems/talos@6d6ed1170 chore: use parallel xz with higher compression level
• talos-systems/talos@571f7db1b chore: workaround GitHub new release notes limit
• talos-systems/talos@09d70b7ea feat: update Kubernetes to v1.22.0
• talos-systems/talos@f25f10e73 feat: add an option to disable PSP
• talos-systems/talos@7c6e4cf23 feat: allow both DHCP and static addressing for the interface
• talos-systems/talos@3c566dbc3 fix: remove admission plugins enabled by default from the list
• talos-systems/talos@69ead3735 fix: preserve PMBR bootable flag correctly
• talos-systems/talos@dee630517 fix: align partitions with minimal I/O size
• talos-systems/talos@628902297 feat: update GRUB to 2.06
• talos-systems/talos@b9d04928d feat: move system processes to cgroups
• talos-systems/talos@0b8681b4b fix: resolve several issues with Wireguard link specs
• talos-systems/talos@f8f4bf3ba docs: add disk encryptions examples
• talos-systems/talos@79b8fa64b feat: update containerd to 1.5.5
• talos-systems/talos@539f42090 chore: bump dependencies via dependabot
• talos-systems/talos@0c7ce1cd8 feat: remove remnants of bootkube support
• talos-systems/talos@d4f9804f8 chore: fix typos
• talos-systems/talos@5f027615f feat: expose more encryption options to the machine config
• talos-systems/talos@585152a0b chore: bump dependencies
• talos-systems/talos@fc66ec596 feat: set oom score for main processes
• talos-systems/talos@df54584a3 fix: drop linux capabilities
• talos-systems/talos@f65d0b739 docs: add 0.11.3 AMIs
• talos-systems/talos@7332d6369 fix: bump pkgs for new kernel 5.10.52
• talos-systems/talos@70d2505b7 fix: do not require ToVersion to be set when detecting version
• talos-systems/talos@0953b1998 chore: update extras to bring a new CNI bundle
• talos-systems/talos@b6c47f866 fix: set the /etc/os-release HOME_URL parameter
• talos-systems/talos@c780821d0 feat: update containerd to 1.5.3, runc to 1.0.1
• talos-systems/talos@f8f1c83a7 feat: detect the lowest Kubernetes version in upgrade-k8s CLI command
• talos-systems/talos@55e17ccdd chore: bump dependencies
• talos-systems/talos@da6f786ca fix: kuberentes => kubernetes typo
• talos-systems/talos@2e463348b fix: pass all logs through the options.Log method
• talos-systems/talos@4e9c5afb6 fix: make ethtool optional in link status controller
• talos-systems/talos@bf61c2cc4 fix: write upgrade logs only to the LogOutput if it's defined
• talos-systems/talos@9c73257cb feat: update Go to 1.16.6
• talos-systems/talos@23ef1d40a chore: add ability to redirect talos upgrade module logs to io.Writer
• talos-systems/talos@33e9d6c98 chore: bump github.com/aws/aws-sdk-go in /hack/cloud-image-uploader
• talos-systems/talos@604434c43 chore: bump github.com/prometheus/procfs from 0.6.0 to 0.7.0
• talos-systems/talos@2ea28f62d chore: bump node from 16.3.0-alpine to 16.4.2-alpine
• talos-systems/talos@b358a189b fix: correctly pick route scope for link-local destination
• talos-systems/talos@6848d4314 feat: can change clusterdns ip lists
• talos-systems/talos@72b76abfd fix: workaround issues when IPv6 is fully or partially disabled
• talos-systems/talos@679b08f4f docs: update docs for 0.12
• talos-systems/talos@6fbec9e0c fix: cache etcd client used for healthchecks
• talos-systems/talos@eea750de2 chore: rename "join" type to "worker"
• talos-systems/talos@951493ac8 docs: update what's new for Talos 0.11
• talos-systems/talos@b47d1098b docs: promote 0.11 docs to be the latest
• talos-systems/talos@d930a2650 chore: implement DeepCopy for machine configuration
• talos-systems/talos@fe4ed3c73 chore: ignore tags which don't look like semantic version
• talos-systems/talos@b969e7720 chore: update references to old protobuf package
• talos-systems/talos@2ba8ac9ab docs: add documentation directory for 0.12
• talos-systems/talos@011e2885e fix: validate bond slaves addressing
• talos-systems/talos@10c28758a fix: ignore DeadlineExceeded error correctly on bootstrap
• talos-systems/talos@77fabacec chore: ignore future pkg/machinery/vX.Y.Z tags
• talos-systems/talos@6b661114d fix: make COSI runtime history depth smaller
• talos-systems/talos@9bf899bdd fix: make forfeit leadership connect to the right node
• talos-systems/talos@4708beaee feat: implement talosctl config info command
• talos-systems/talos@6d13d2cf9 fix: close Kubernetes API client
• talos-systems/talos@aaa36f3b4 fix: ignore 'not a leader' error on forfeit leadership
• talos-systems/talos@22a419367 fix: workaround 'Unauthorized' errors when accessing Kubernetes API
• talos-systems/talos@71c6f7004 chore: bump go.mod dependencies
• talos-systems/talos@915cd8fe2 docs: add guide for RBAC
• talos-systems/talos@f5721050d fix: controlplane keyusage
• talos-systems/talos@3d7726613 fix: fill uuid argument correctly in the config download URL
• talos-systems/talos@d8602025c chore: update containerd config version 2
• talos-systems/talos@5949ec4e6 docs: describe the new network configuration subsystem
• talos-systems/talos@444d72b4d feat: update pkgs version
• talos-systems/talos@e883c12b3 fix: make output of upgrade-k8s command less scary
• talos-systems/talos@7f8e50de4 fix: restart the merge controllers on conflict
• talos-systems/talos@60d736094 fix: ignore deadline exceeded errors on bootstrap
• talos-systems/talos@ee06dd69f fix: don't print git sha of the release twice in the dashboard
• talos-systems/talos@07fb61e5d fix: issue worker apid certs properly on renewal
• talos-systems/talos@84817f733 chore: bump Talos version in upgrade tests
• talos-systems/talos@2fa54107b chore: fix tests for disabled RBAC
• talos-systems/talos@78583ba98 fix: don't set bond delay options if miimon is not enabled
• talos-systems/talos@bbf1c091d feat: add RBAC to talosctl version output
• talos-systems/talos@5f6ec3ef6 fix: handle cases when merged resource re-appears before being destroyed
• talos-systems/talos@1e9a0e745 fix: documentation typos
• talos-systems/talos@f228af406 chore: bump go.mod dependencies
• talos-systems/talos@2060ceaa0 chore: add CAPI version to CI setup
• talos-systems/talos@ad047a7de chore: small RBAC improvements

Changes since v0.12.0-beta.0

• talos-systems/talos@30e1ff614 release(v0.12.0-beta.1): prepare release
• talos-systems/talos@7630d998f chore: don't require single commit per PR
• talos-systems/talos@208ac9ac4 feat: update Kubernetes to 1.22.1
• talos-systems/talos@e84e2902c fix: don't support cgroups nesting in process runner
• talos-systems/talos@2cf53fb34 fix: do not set KSPP kernel params in container mode
• talos-systems/talos@1908f57c6 test: adapt tests to the cgroupsv2
• talos-systems/talos@4bb84ea0c fix: extramount should have yaml:",inline" tag
• talos-systems/talos@e948560be fix: don't panic if the machine config doesn't have network (EM)
• talos-systems/talos@a5726f2e6 chore: do not check that go mod tidy gives empty output
• talos-systems/talos@67494923b fix: make sure file mode is same (reproducibility issue)
• talos-systems/talos@65292880a feat: check if cluster has deprecated resources versions

Changes from talos-systems/crypto

• talos-systems/crypto@deec8d4 chore: implement DeepCopy methods for PEMEncoded* types

Changes from talos-systems/extras

• talos-systems/extras@bdd1767 chore: update tools and pkgs to final 0.7.0
• talos-systems/extras@8ce17e5 chore: bump tools and packages for Go 1.16.7
• talos-systems/extras@4957f3c chore: update pkgs to use CNI plugins v0.9.1
• talos-systems/extras@233716a feat: update Go to 1.16.6

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@fe24303 fix: perform correct PMBR partition calculations
• talos-systems/go-blockdevice@2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
• talos-systems/go-blockdevice@87816a8 feat: align partition to minimum I/O size
• talos-systems/go-blockdevice@c34b59f feat: expose more encryption options in the LUKS module

Changes from talos-systems/pkgs

• talos-systems/pkgs@818761f chore: update tools to 0.7.0
• talos-systems/pkgs@35b7e68 feat: bump u-boot to 2021.07
• talos-systems/pkgs@c68b090 feat: bump raspberrypi-firmware to 1.20210805
• talos-systems/pkgs@f64023c feat: bump util-linux to 2.37
• talos-systems/pkgs@c0ef725 feat: update LibreSSL to 3.2.5
• talos-systems/pkgs@0d12460 feat: update linux-firmware to 20210716
• talos-systems/pkgs@7a29722 fix: set iPXE version properly
• talos-systems/pkgs@958023c feat: update eudev to 3.2.10
• talos-systems/pkgs@dc1008d feat: update Linux to 5.10.58
• talos-systems/pkgs@da4ac04 chore: bump tools for Go 1.16.7
• talos-systems/pkgs@10275fb feat: update Linux to 5.10.57
• talos-systems/pkgs@875c7ec chore: patch grub with support for reproducible ISO builds
• talos-systems/pkgs@12856ce feat: increase number of CPUs supported by the kernel to 512
• talos-systems/pkgs@cbfabac chore: update ca-certificates to 2021-07-05
• talos-systems/pkgs@0c011c0 feat: update GRUB to 2.06
• talos-systems/pkgs@5090d14 chore: update containerd to v1.5.5
• talos-systems/pkgs@6653902 feat: add kernel drivers for fusion and scsi-isci
• talos-systems/pkgs@9b4041f chore: update containerd to v1.5.4
• talos-systems/pkgs@7b6cc05 feat: update kernel to latest 5.10.52
• talos-systems/pkgs@65159fb chore: update runc and CNI plugins
• talos-systems/pkgs@514ba34 feat: disable aufs, devmapper, zfs
• talos-systems/pkgs@6bc118f chore: update runc and containerd
• talos-systems/pkgs@b6fca88 feat: update Go to 1.16.6
• talos-systems/pkgs@fd56852 chore: update open-isns and open-iscsi
• talos-systems/pkgs@d779204 chore: update dosfstools to v4.2
• talos-systems/pkgs@bc7c0d7 feat: add support for hotplug of PCIE devices

Changes from talos-systems/tools

• talos-systems/tools@2368154 feat: update Go and protoc-gen-go tools
• talos-systems/tools@7172a5d feat: update Go to 1.16.6
• talos-systems/tools@1de34d7 chore: update musl
• talos-systems/tools@76979a1 chore: update protobuf deps
• talos-systems/tools@0846c64 chore: update expat

Dependency Changes

• github.com/BurntSushi/toml v0.3.1 -> v0.4.1
• github.com/aws/aws-sdk-go v1.38.66 -> v1.40.2
• github.com/containerd/containerd v1.5.2 -> v1.5.5
• github.com/cosi-project/runtime 93ead370bf57 -> 25f235cd0682
• github.com/docker/docker v20.10.7 -> v20.10.8
• github.com/google/uuid v1.2.0 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.4 -> v1.5.7
• github.com/opencontainers/runtime-spec e6143ca7d51d -> 1c3f411f0417
• github.com/packethost/packngo v0.19.0 new
• github.com/prometheus/procfs v0.6.0 -> v0.7.2
• github.com/rivo/tview d4fb0348227b -> 29d673af0ce2
• github.com/spf13/cobra v1.1.3 -> v1.2.1
• github.com/talos-systems/crypto v0.3.1 -> v0.3.2
• github.com/talos-systems/extras v0.4.0 -> v0.5.0
• github.com/talos-systems/go-blockdevice v0.2.1 -> v0.2.3
• github.com/talos-systems/pkgs v0.6.0-1-g7b2e126 -> v0.7.0
• github.com/talos-systems/tools v0.6.0 -> v0.7.0
• github.com/vmware-tanzu/sonobuoy v0.52.0 -> v0.53.1
• go.uber.org/zap v1.17.0 -> v1.19.0
• golang.org/x/net 04defd469f4e -> 853a461950ff
• golang.org/x/sys 59db8d763f22 -> 0f9fa26af87c
• golang.org/x/time 38a9dc6acbc6 -> 1f47c861a9ac
• google.golang.org/grpc v1.38.0 -> v1.40.0
• google.golang.org/protobuf v1.26.0 -> v1.27.1
• inet.af/netaddr bf05d8b52dda -> ce7a8ad02cc1
• k8s.io/api v0.21.2 -> v0.22.1
• k8s.io/apimachinery v0.21.2 -> v0.22.1
• k8s.io/apiserver v0.21.2 -> v0.22.1
• k8s.io/client-go v0.21.2 -> v0.22.1
• k8s.io/cri-api v0.21.2 -> v0.22.1
• k8s.io/kubectl v0.21.2 -> v0.22.1
• k8s.io/kubelet v0.21.2 -> v0.22.1

Previous release can be found at v0.11.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.5.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.22.1
k8s.gcr.io/kube-controller-manager:v1.22.1
k8s.gcr.io/kube-scheduler:v1.22.1
k8s.gcr.io/kube-proxy:v1.22.1
ghcr.io/talos-systems/kubelet:v1.22.1
ghcr.io/talos-systems/installer:v0.12.0-beta.1
k8s.gcr.io/pause:3.2

Talos 0.12.0-beta.0 (2021-08-18)

Welcome to the v0.12.0-beta.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Support for Self-hosted Control Plane Dropped

Note: This item only applies to clusters bootstrapped with Talos <= 0.8.

Talos 0.12 completely removes support for self-hosted Kubernetes control plane (bootkube-based).
Talos 0.9 introduced support for Talos-managed control plane and provided migration path to convert self-hosted control plane
to Talos-managed static pods.
Automated and manual conversion process is available in Talos from 0.9.x to 0.11.x.
For clusters bootstrapped with bootkube (Talos <= 0.8), please make sure control plane is converted to Talos-managed
before upgrading to Talos 0.12.
Current control plane status can be checked with talosctl get bootstrapstatus before performing upgrade to Talos 0.12.

Cluster API v0.3.x

Cluster API v0.3.x (v1alpha3) is not compatible with Kubernetes 1.22 used by default in Talos 0.12.
Talos can be configued to use Kubernetes 1.21 or CAPI v0.4.x components can be used instead.

Machine Config Validation

Unknown keys in the machine config now make the config invalid,
so any attempt to apply/edit the configuration with the unknown keys will lead into an error.

Sysctl Configuration

Sysctl Kernel Params configuration was completely rewritten to be based on controllers and resources,
which makes it possible to apply .machine.sysctls in immediate mode (without a reboot).
talosctl get kernelparams returns merged list of KSPP, Kubernetes and user defined params along with
the default values overwritten by Talos.

Equinix Metal

Added support for Equinix Metal IPs for the Talos virtual (shared) IP (option equnixMetal under vip in the machine configuration).
Talos automatically re-assigns IP using the Equinix Metal API when leadership changes.

etcd

New etcd cluster members are now joined in learner mode, which improves cluster resiliency
to member join issues.

Join Node Type

Node type join was renamed to worker for clarity. The old value is still accepted in the machine configuration but deprecated.
talosctl gen config now generates worker.yaml instead of join.yaml.

Networking

• multiple static addresses can be specified for the interface with new .addresses field (old .cidr field is deprecated now)
• static addresses can be set on interfaces configured with DHCP

Performance

• machined uses less memory and CPU time
• more disk encryption options are exposed via the machine configuration
• disk partitions are now aligned properly with minimum I/O size
• Talos system processes are moved under proper cgroups, resource metrics are now available via the kubelet
• OOM score is set on the system processes making sure they are killed last under memory pressure

Security

• etcd PKI moved to /system/secrets
• kubelet bootstrap CSR auto-signing scoped to kubelet bootstrap tokens only
• enforce default seccomp profile on all system containers
• run system services apid, trustd, and etcd as non-root users

Component Updates

• Linux: 5.10.57
• Kubernetes: 1.22.0
• containerd: 1.5.5
• runc: 1.0.1
• GRUB: 2.06
• Talos is built with Go 1.16.7

Contributors

• Andrey Smirnov
• Andrey Smirnov
• Alexey Palazhchenko
• Serge Logvinov
• Artem Chernyshev
• Spencer Smith
• Alexey Palazhchenko
• dependabot[bot]
• Andrew Rynhard
• Artem Chernyshev
• Noel Georgi
• Rui Lopes
• Caleb Woodbine
• Seán C McCord

Changes

• talos-systems/talos@7a0eb5fa2 release(v0.12.0-beta.0): prepare release
• talos-systems/talos@c601dc73f chore: update versions to final release tags
• talos-systems/talos@82731124b chore: run e2e-qemu test against Talos with race-detector enabled
• talos-systems/talos@37ea2c9ca feat: support for route source addresses in the configuration
• talos-systems/talos@0ef8f83ac chore: bump dependencies via dependabot
• talos-systems/talos@2108fd7b6 feat: update Linux to 5.10.58 and many pkgs updates
• talos-systems/talos@6ee690d9a release(v0.12.0-alpha.1): prepare release
• talos-systems/talos@1ed5e5453 feat: add ClusterID and ClusterSecret
• talos-systems/talos@228b37616 chore: run etcd as non-root user
• talos-systems/talos@3518219bf chore: drop deprecated --no-reboot param and KernelCurrentRoot const
• talos-systems/talos@33d1c3e42 chore: run apid and trustd services as non-root user
• talos-systems/talos@dadaa65d5 feat: print uid/gid for the files in ls -l
• talos-systems/talos@e6fa401b6 fix: enable seccomp default profile by default
• talos-systems/talos@8ddbcc964 feat: validate if extra fields present in the decoder
• talos-systems/talos@5b57a9800 chore: update Go to 1.16.7, Linux to 5.10.57
• talos-systems/talos@eefe1c21c feat: add new etcd members in learner mode
• talos-systems/talos@b1c66fbad feat: implement Equinix Metal support for virtual (shared) IP
• talos-systems/talos@62242f979 chore: require GPG signatures
• talos-systems/talos@faecae44f feat: make ISO builds reproducible
• talos-systems/talos@887c2326a release(v0.12.0-alpha.0): prepare release
• talos-systems/talos@a15f01844 fix: move etcd PKI under /system/secrets
• talos-systems/talos@eb02afe18 fix: match correctly routes on the address family
• talos-systems/talos@cb948accf feat: allow multiple addresses per interface
• talos-systems/talos@e030b2e8b chore: use k8s 1.21.3 in CAPI tests for now
• talos-systems/talos@e08b4f8f9 feat: implement sysctl controllers
• talos-systems/talos@fdf6b2433 chore: revert "improve artifacts generation reproducibility"
• talos-systems/talos@b68ed1eb8 fix: make route resources ID match closer routing table primary key
• talos-systems/talos@585f63371 fix: correctly handle nodoc for struct fields
• talos-systems/talos@f2d394dc4 docs: add AMIs for v0.11.5
• talos-systems/talos@d0970cbfd feat: bootstrap token limit
• talos-systems/talos@5285a46d7 fix: maintenance mode reason message
• talos-systems/talos@009d15e8d chore: use etcd client TryLock function on upgrade
• talos-systems/talos@4dae9ea55 chore: use vtprotobuf compiled marshaling in Talos API
• talos-systems/talos@7ca5749ad chore: bump dependencies via dependabot
• talos-systems/talos@b2507b41d chore: improve artifacts generation reproducibility
• talos-systems/talos@1f7dad234 chore: update PKGS version (512 cpus, new ca-certficates)
• talos-systems/talos@1a2e78a24 fix: update go-blockdevice
• talos-systems/talos@6d6ed1170 chore: use parallel xz with higher compression level
• talos-systems/talos@571f7db1b chore: workaround GitHub new release notes limit
• talos-systems/talos@09d70b7ea feat: update Kubernetes to v1.22.0
• talos-systems/talos@f25f10e73 feat: add an option to disable PSP
• talos-systems/talos@7c6e4cf23 feat: allow both DHCP and static addressing for the interface
• talos-systems/talos@3c566dbc3 fix: remove admission plugins enabled by default from the list
• talos-systems/talos@69ead3735 fix: preserve PMBR bootable flag correctly
• talos-systems/talos@dee630517 fix: align partitions with minimal I/O size
• talos-systems/talos@628902297 feat: update GRUB to 2.06
• talos-systems/talos@b9d04928d feat: move system processes to cgroups
• talos-systems/talos@0b8681b4b fix: resolve several issues with Wireguard link specs
• talos-systems/talos@f8f4bf3ba docs: add disk encryptions examples
• talos-systems/talos@79b8fa64b feat: update containerd to 1.5.5
• talos-systems/talos@539f42090 chore: bump dependencies via dependabot
• talos-systems/talos@0c7ce1cd8 feat: remove remnants of bootkube support
• talos-systems/talos@d4f9804f8 chore: fix typos
• talos-systems/talos@5f027615f feat: expose more encryption options to the machine config
• talos-systems/talos@585152a0b chore: bump dependencies
• talos-systems/talos@fc66ec596 feat: set oom score for main processes
• talos-systems/talos@df54584a3 fix: drop linux capabilities
• talos-systems/talos@f65d0b739 docs: add 0.11.3 AMIs
• talos-systems/talos@7332d6369 fix: bump pkgs for new kernel 5.10.52
• talos-systems/talos@70d2505b7 fix: do not require ToVersion to be set when detecting version
• talos-systems/talos@0953b1998 chore: update extras to bring a new CNI bundle
• talos-systems/talos@b6c47f866 fix: set the /etc/os-release HOME_URL parameter
• talos-systems/talos@c780821d0 feat: update containerd to 1.5.3, runc to 1.0.1
• talos-systems/talos@f8f1c83a7 feat: detect the lowest Kubernetes version in upgrade-k8s CLI command
• talos-systems/talos@55e17ccdd chore: bump dependencies
• talos-systems/talos@da6f786ca fix: kuberentes => kubernetes typo
• talos-systems/talos@2e463348b fix: pass all logs through the options.Log method
• talos-systems/talos@4e9c5afb6 fix: make ethtool optional in link status controller
• talos-systems/talos@bf61c2cc4 fix: write upgrade logs only to the LogOutput if it's defined
• talos-systems/talos@9c73257cb feat: update Go to 1.16.6
• talos-systems/talos@23ef1d40a chore: add ability to redirect talos upgrade module logs to io.Writer
• talos-systems/talos@33e9d6c98 chore: bump github.com/aws/aws-sdk-go in /hack/cloud-image-uploader
• talos-systems/talos@604434c43 chore: bump github.com/prometheus/procfs from 0.6.0 to 0.7.0
• talos-systems/talos@2ea28f62d chore: bump node from 16.3.0-alpine to 16.4.2-alpine
• talos-systems/talos@b358a189b fix: correctly pick route scope for link-local destination
• talos-systems/talos@6848d4314 feat: can change clusterdns ip lists
• talos-systems/talos@72b76abfd fix: workaround issues when IPv6 is fully or partially disabled
• talos-systems/talos@679b08f4f docs: update docs for 0.12
• talos-systems/talos@6fbec9e0c fix: cache etcd client used for healthchecks
• talos-systems/talos@eea750de2 chore: rename "join" type to "worker"
• talos-systems/talos@951493ac8 docs: update what's new for Talos 0.11
• talos-systems/talos@b47d1098b docs: promote 0.11 docs to be the latest
• talos-systems/talos@d930a2650 chore: implement DeepCopy for machine configuration
• talos-systems/talos@fe4ed3c73 chore: ignore tags which don't look like semantic version
• talos-systems/talos@b969e7720 chore: update references to old protobuf package
• talos-systems/talos@2ba8ac9ab docs: add documentation directory for 0.12
• talos-systems/talos@011e2885e fix: validate bond slaves addressing
• talos-systems/talos@10c28758a fix: ignore DeadlineExceeded error correctly on bootstrap
• talos-systems/talos@77fabacec chore: ignore future pkg/machinery/vX.Y.Z tags
• talos-systems/talos@6b661114d fix: make COSI runtime history depth smaller
• talos-systems/talos@9bf899bdd fix: make forfeit leadership connect to the right node
• talos-systems/talos@4708beaee feat: implement talosctl config info command
• talos-systems/talos@6d13d2cf9 fix: close Kubernetes API client
• talos-systems/talos@aaa36f3b4 fix: ignore 'not a leader' error on forfeit leadership
• talos-systems/talos@22a419367 fix: workaround 'Unauthorized' errors when accessing Kubernetes API
• talos-systems/talos@71c6f7004 chore: bump go.mod dependencies
• talos-systems/talos@915cd8fe2 docs: add guide for RBAC
• talos-systems/talos@f5721050d fix: controlplane keyusage
• talos-systems/talos@3d7726613 fix: fill uuid argument correctly in the config download URL
• talos-systems/talos@d8602025c chore: update containerd config version 2
• talos-systems/talos@5949ec4e6 docs: describe the new network configuration subsystem
• talos-systems/talos@444d72b4d feat: update pkgs version
• talos-systems/talos@e883c12b3 fix: make output of upgrade-k8s command less scary
• talos-systems/talos@7f8e50de4 fix: restart the merge controllers on conflict
• talos-systems/talos@60d736094 fix: ignore deadline exceeded errors on bootstrap
• talos-systems/talos@ee06dd69f fix: don't print git sha of the release twice in the dashboard
• talos-systems/talos@07fb61e5d fix: issue worker apid certs properly on renewal
• talos-systems/talos@84817f733 chore: bump Talos version in upgrade tests
• talos-systems/talos@2fa54107b chore: fix tests for disabled RBAC
• talos-systems/talos@78583ba98 fix: don't set bond delay options if miimon is not enabled
• talos-systems/talos@bbf1c091d feat: add RBAC to talosctl version output
• talos-systems/talos@5f6ec3ef6 fix: handle cases when merged resource re-appears before being destroyed
• talos-systems/talos@1e9a0e745 fix: documentation typos
• talos-systems/talos@f228af406 chore: bump go.mod dependencies
• talos-systems/talos@2060ceaa0 chore: add CAPI version to CI setup
• talos-systems/talos@ad047a7de chore: small RBAC improvements

Changes since v0.12.0-alpha.1

• talos-systems/talos@7a0eb5fa2 release(v0.12.0-beta.0): prepare release
• talos-systems/talos@c601dc73f chore: update versions to final release tags
• talos-systems/talos@82731124b chore: run e2e-qemu test against Talos with race-detector enabled
• talos-systems/talos@37ea2c9ca feat: support for route source addresses in the configuration
• talos-systems/talos@0ef8f83ac chore: bump dependencies via dependabot
• talos-systems/talos@2108fd7b6 feat: update Linux to 5.10.58 and many pkgs updates

Changes from talos-systems/crypto

• talos-systems/crypto@deec8d4 chore: implement DeepCopy methods for PEMEncoded* types

Changes from talos-systems/extras

• talos-systems/extras@bdd1767 chore: update tools and pkgs to final 0.7.0
• talos-systems/extras@8ce17e5 chore: bump tools and packages for Go 1.16.7
• talos-systems/extras@4957f3c chore: update pkgs to use CNI plugins v0.9.1
• talos-systems/extras@233716a feat: update Go to 1.16.6

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@fe24303 fix: perform correct PMBR partition calculations
• talos-systems/go-blockdevice@2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
• talos-systems/go-blockdevice@87816a8 feat: align partition to minimum I/O size
• talos-systems/go-blockdevice@c34b59f feat: expose more encryption options in the LUKS module

Changes from talos-systems/pkgs

• talos-systems/pkgs@818761f chore: update tools to 0.7.0
• talos-systems/pkgs@35b7e68 feat: bump u-boot to 2021.07
• talos-systems/pkgs@c68b090 feat: bump raspberrypi-firmware to 1.20210805
• talos-systems/pkgs@f64023c feat: bump util-linux to 2.37
• talos-systems/pkgs@c0ef725 feat: update LibreSSL to 3.2.5
• talos-systems/pkgs@0d12460 feat: update linux-firmware to 20210716
• talos-systems/pkgs@7a29722 fix: set iPXE version properly
• talos-systems/pkgs@958023c feat: update eudev to 3.2.10
• talos-systems/pkgs@dc1008d feat: update Linux to 5.10.58
• talos-systems/pkgs@da4ac04 chore: bump tools for Go 1.16.7
• talos-systems/pkgs@10275fb feat: update Linux to 5.10.57
• talos-systems/pkgs@875c7ec chore: patch grub with support for reproducible ISO builds
• talos-systems/pkgs@12856ce feat: increase number of CPUs supported by the kernel to 512
• talos-systems/pkgs@cbfabac chore: update ca-certificates to 2021-07-05
• talos-systems/pkgs@0c011c0 feat: update GRUB to 2.06
• talos-systems/pkgs@5090d14 chore: update containerd to v1.5.5
• talos-systems/pkgs@6653902 feat: add kernel drivers for fusion and scsi-isci
• talos-systems/pkgs@9b4041f chore: update containerd to v1.5.4
• talos-systems/pkgs@7b6cc05 feat: update kernel to latest 5.10.52
• talos-systems/pkgs@65159fb chore: update runc and CNI plugins
• talos-systems/pkgs@514ba34 feat: disable aufs, devmapper, zfs
• talos-systems/pkgs@6bc118f chore: update runc and containerd
• talos-systems/pkgs@b6fca88 feat: update Go to 1.16.6
• talos-systems/pkgs@fd56852 chore: update open-isns and open-iscsi
• talos-systems/pkgs@d779204 chore: update dosfstools to v4.2
• talos-systems/pkgs@bc7c0d7 feat: add support for hotplug of PCIE devices

Changes from talos-systems/tools

• talos-systems/tools@2368154 feat: update Go and protoc-gen-go tools
• talos-systems/tools@7172a5d feat: update Go to 1.16.6
• talos-systems/tools@1de34d7 chore: update musl
• talos-systems/tools@76979a1 chore: update protobuf deps
• talos-systems/tools@0846c64 chore: update expat

Dependency Changes

• github.com/BurntSushi/toml v0.3.1 -> v0.4.1
• github.com/aws/aws-sdk-go v1.38.66 -> v1.40.2
• github.com/containerd/containerd v1.5.2 -> v1.5.5
• github.com/cosi-project/runtime 93ead370bf57 -> 25f235cd0682
• github.com/docker/docker v20.10.7 -> v20.10.8
• github.com/google/uuid v1.2.0 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.4 -> v1.5.7
• github.com/opencontainers/runtime-spec e6143ca7d51d -> 1c3f411f0417
• github.com/packethost/packngo v0.19.0 new
• github.com/prometheus/procfs v0.6.0 -> v0.7.2
• github.com/rivo/tview d4fb0348227b -> 29d673af0ce2
• github.com/spf13/cobra v1.1.3 -> v1.2.1
• github.com/talos-systems/crypto v0.3.1 -> v0.3.2
• github.com/talos-systems/extras v0.4.0 -> v0.5.0
• github.com/talos-systems/go-blockdevice v0.2.1 -> v0.2.3
• github.com/talos-systems/pkgs v0.6.0-1-g7b2e126 -> v0.7.0
• github.com/talos-systems/tools v0.6.0 -> v0.7.0
• github.com/vmware-tanzu/sonobuoy v0.52.0 -> v0.53.1
• go.uber.org/zap v1.17.0 -> v1.19.0
• golang.org/x/net 04defd469f4e -> 853a461950ff
• golang.org/x/sys 59db8d763f22 -> 0f9fa26af87c
• golang.org/x/time 38a9dc6acbc6 -> 1f47c861a9ac
• google.golang.org/grpc v1.38.0 -> v1.40.0
• google.golang.org/protobuf v1.26.0 -> v1.27.1
• inet.af/netaddr bf05d8b52dda -> ce7a8ad02cc1
• k8s.io/api v0.21.2 -> v0.22.0
• k8s.io/apimachinery v0.21.2 -> v0.22.0
• k8s.io/apiserver v0.21.2 -> v0.22.0
• k8s.io/client-go v0.21.2 -> v0.22.0
• k8s.io/cri-api v0.21.2 -> v0.22.0
• k8s.io/kubectl v0.21.2 -> v0.22.0
• k8s.io/kubelet v0.21.2 -> v0.22.0

Previous release can be found at v0.11.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.5.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.22.0
k8s.gcr.io/kube-controller-manager:v1.22.0
k8s.gcr.io/kube-scheduler:v1.22.0
k8s.gcr.io/kube-proxy:v1.22.0
ghcr.io/talos-systems/kubelet:v1.22.0
ghcr.io/talos-systems/installer:v0.12.0-beta.0
k8s.gcr.io/pause:3.2

Talos 0.12.0-alpha.1 (2021-08-13)

Welcome to the v0.12.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Support for Self-hosted Control Plane Dropped

Note: This item only applies to clusters bootstrapped with Talos <= 0.8.

Talos 0.12 completely removes support for self-hosted Kubernetes control plane (bootkube-based).
Talos 0.9 introduced support for Talos-managed control plane and provided migration path to convert self-hosted control plane
to Talos-managed static pods.
Automated and manual conversion process is available in Talos from 0.9.x to 0.11.x.
For clusters bootstrapped with bootkube (Talos <= 0.8), please make sure control plane is converted to Talos-managed before
before upgrading to Talos 0.12.
Current control plane status can be checked with talosctl get bootstrapstatus before performing upgrade to Talos 0.12.

Cluster API v0.3.x

Cluster API v0.3.x (v1alpha3) is not compatible with Kubernetes 1.22 used by default in Talos 0.12.
Talos can be configued to use Kubernetes 1.21 or CAPI v0.4.x components can be used instead.

Machine Config Validation

Unknown keys in the machine config now make the config invalid,
so any attempt to apply/edit the configuration with the unknown keys will lead into an error.

Sysctl Configuration

Sysctl Kernel Params configuration was completely rewritten to be based on controllers and resources,
which makes it possible to apply .machine.sysctls in immediate mode (without a reboot).
talosctl get kernelparams returns merged list of KSPP, Kubernetes and user defined params along with
the default values overwritten by Talos.

Equinix Metal

Added support for Equinix Metal IPs for the Talos virtual (shared) IP (option equnixMetal under vip in the machine configuration).
Talos automatically re-assigns IP using the Equinix Metal API when leadership changes.

etcd

New etcd cluster members are now joined in learner mode, which improves cluster resiliency
to member join issues.

Join Node Type

Node type join was renamed to worker for clarity. The old value is still accepted in the machine configuration but deprecated.
talosctl gen config now generates worker.yaml instead of join.yaml.

Networking

• multiple static addresses can be specified for the interface with new .addresses field (old .cidr field is deprecated now)
• static addresses can be set on interfaces configured with DHCP

Performance

• machined uses less memory and CPU time
• more disk encryption options are exposed via the machine configuration
• disk partitions are now aligned properly with minimum I/O size
• Talos system processes are moved under proper cgroups, resource metrics are now available via the kubelet
• OOM score is set on the system processes making sure they are killed last under memory pressure

Security

• etcd PKI moved to /system/secrets
• kubelet bootstrap CSR auto-signing scoped to kubelet bootstrap tokens only
• enforce default seccomp profile on all system containers
• run system services apid, trustd, and etcd as non-root users

Component Updates

• Linux: 5.10.57
• Kubernetes: 1.22.0
• containerd: 1.5.5
• runc: 1.0.1
• GRUB: 2.06
• Talos is built with Go 1.16.7

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Andrey Smirnov
• Serge Logvinov
• Artem Chernyshev
• Spencer Smith
• Alexey Palazhchenko
• dependabot[bot]
• Andrew Rynhard
• Artem Chernyshev
• Rui Lopes
• Caleb Woodbine
• Seán C McCord

Changes

• talos-systems/talos@6ee690d9a release(v0.12.0-alpha.1): prepare release
• talos-systems/talos@1ed5e5453 feat: add ClusterID and ClusterSecret
• talos-systems/talos@228b37616 chore: run etcd as non-root user
• talos-systems/talos@3518219bf chore: drop deprecated --no-reboot param and KernelCurrentRoot const
• talos-systems/talos@33d1c3e42 chore: run apid and trustd services as non-root user
• talos-systems/talos@dadaa65d5 feat: print uid/gid for the files in ls -l
• talos-systems/talos@e6fa401b6 fix: enable seccomp default profile by default
• talos-systems/talos@8ddbcc964 feat: validate if extra fields present in the decoder
• talos-systems/talos@5b57a9800 chore: update Go to 1.16.7, Linux to 5.10.57
• talos-systems/talos@eefe1c21c feat: add new etcd members in learner mode
• talos-systems/talos@b1c66fbad feat: implement Equinix Metal support for virtual (shared) IP
• talos-systems/talos@62242f979 chore: require GPG signatures
• talos-systems/talos@faecae44f feat: make ISO builds reproducible
• talos-systems/talos@887c2326a release(v0.12.0-alpha.0): prepare release
• talos-systems/talos@a15f01844 fix: move etcd PKI under /system/secrets
• talos-systems/talos@eb02afe18 fix: match correctly routes on the address family
• talos-systems/talos@cb948accf feat: allow multiple addresses per interface
• talos-systems/talos@e030b2e8b chore: use k8s 1.21.3 in CAPI tests for now
• talos-systems/talos@e08b4f8f9 feat: implement sysctl controllers
• talos-systems/talos@fdf6b2433 chore: revert "improve artifacts generation reproducibility"
• talos-systems/talos@b68ed1eb8 fix: make route resources ID match closer routing table primary key
• talos-systems/talos@585f63371 fix: correctly handle nodoc for struct fields
• talos-systems/talos@f2d394dc4 docs: add AMIs for v0.11.5
• talos-systems/talos@d0970cbfd feat: bootstrap token limit
• talos-systems/talos@5285a46d7 fix: maintenance mode reason message
• talos-systems/talos@009d15e8d chore: use etcd client TryLock function on upgrade
• talos-systems/talos@4dae9ea55 chore: use vtprotobuf compiled marshaling in Talos API
• talos-systems/talos@7ca5749ad chore: bump dependencies via dependabot
• talos-systems/talos@b2507b41d chore: improve artifacts generation reproducibility
• talos-systems/talos@1f7dad234 chore: update PKGS version (512 cpus, new ca-certficates)
• talos-systems/talos@1a2e78a24 fix: update go-blockdevice
• talos-systems/talos@6d6ed1170 chore: use parallel xz with higher compression level
• talos-systems/talos@571f7db1b chore: workaround GitHub new release notes limit
• talos-systems/talos@09d70b7ea feat: update Kubernetes to v1.22.0
• talos-systems/talos@f25f10e73 feat: add an option to disable PSP
• talos-systems/talos@7c6e4cf23 feat: allow both DHCP and static addressing for the interface
• talos-systems/talos@3c566dbc3 fix: remove admission plugins enabled by default from the list
• talos-systems/talos@69ead3735 fix: preserve PMBR bootable flag correctly
• talos-systems/talos@dee630517 fix: align partitions with minimal I/O size
• talos-systems/talos@628902297 feat: update GRUB to 2.06
• talos-systems/talos@b9d04928d feat: move system processes to cgroups
• talos-systems/talos@0b8681b4b fix: resolve several issues with Wireguard link specs
• talos-systems/talos@f8f4bf3ba docs: add disk encryptions examples
• talos-systems/talos@79b8fa64b feat: update containerd to 1.5.5
• talos-systems/talos@539f42090 chore: bump dependencies via dependabot
• talos-systems/talos@0c7ce1cd8 feat: remove remnants of bootkube support
• talos-systems/talos@d4f9804f8 chore: fix typos
• talos-systems/talos@5f027615f feat: expose more encryption options to the machine config
• talos-systems/talos@585152a0b chore: bump dependencies
• talos-systems/talos@fc66ec596 feat: set oom score for main processes
• talos-systems/talos@df54584a3 fix: drop linux capabilities
• talos-systems/talos@f65d0b739 docs: add 0.11.3 AMIs
• talos-systems/talos@7332d6369 fix: bump pkgs for new kernel 5.10.52
• talos-systems/talos@70d2505b7 fix: do not require ToVersion to be set when detecting version
• talos-systems/talos@0953b1998 chore: update extras to bring a new CNI bundle
• talos-systems/talos@b6c47f866 fix: set the /etc/os-release HOME_URL parameter
• talos-systems/talos@c780821d0 feat: update containerd to 1.5.3, runc to 1.0.1
• talos-systems/talos@f8f1c83a7 feat: detect the lowest Kubernetes version in upgrade-k8s CLI command
• talos-systems/talos@55e17ccdd chore: bump dependencies
• talos-systems/talos@da6f786ca fix: kuberentes => kubernetes typo
• talos-systems/talos@2e463348b fix: pass all logs through the options.Log method
• talos-systems/talos@4e9c5afb6 fix: make ethtool optional in link status controller
• talos-systems/talos@bf61c2cc4 fix: write upgrade logs only to the LogOutput if it's defined
• talos-systems/talos@9c73257cb feat: update Go to 1.16.6
• talos-systems/talos@23ef1d40a chore: add ability to redirect talos upgrade module logs to io.Writer
• talos-systems/talos@33e9d6c98 chore: bump github.com/aws/aws-sdk-go in /hack/cloud-image-uploader
• talos-systems/talos@604434c43 chore: bump github.com/prometheus/procfs from 0.6.0 to 0.7.0
• talos-systems/talos@2ea28f62d chore: bump node from 16.3.0-alpine to 16.4.2-alpine
• talos-systems/talos@b358a189b fix: correctly pick route scope for link-local destination
• talos-systems/talos@6848d4314 feat: can change clusterdns ip lists
• talos-systems/talos@72b76abfd fix: workaround issues when IPv6 is fully or partially disabled
• talos-systems/talos@679b08f4f docs: update docs for 0.12
• talos-systems/talos@6fbec9e0c fix: cache etcd client used for healthchecks
• talos-systems/talos@eea750de2 chore: rename "join" type to "worker"
• talos-systems/talos@951493ac8 docs: update what's new for Talos 0.11
• talos-systems/talos@b47d1098b docs: promote 0.11 docs to be the latest
• talos-systems/talos@d930a2650 chore: implement DeepCopy for machine configuration
• talos-systems/talos@fe4ed3c73 chore: ignore tags which don't look like semantic version
• talos-systems/talos@b969e7720 chore: update references to old protobuf package
• talos-systems/talos@2ba8ac9ab docs: add documentation directory for 0.12
• talos-systems/talos@011e2885e fix: validate bond slaves addressing
• talos-systems/talos@10c28758a fix: ignore DeadlineExceeded error correctly on bootstrap
• talos-systems/talos@77fabacec chore: ignore future pkg/machinery/vX.Y.Z tags
• talos-systems/talos@6b661114d fix: make COSI runtime history depth smaller
• talos-systems/talos@9bf899bdd fix: make forfeit leadership connect to the right node
• talos-systems/talos@4708beaee feat: implement talosctl config info command
• talos-systems/talos@6d13d2cf9 fix: close Kubernetes API client
• talos-systems/talos@aaa36f3b4 fix: ignore 'not a leader' error on forfeit leadership
• talos-systems/talos@22a419367 fix: workaround 'Unauthorized' errors when accessing Kubernetes API
• talos-systems/talos@71c6f7004 chore: bump go.mod dependencies
• talos-systems/talos@915cd8fe2 docs: add guide for RBAC
• talos-systems/talos@f5721050d fix: controlplane keyusage
• talos-systems/talos@3d7726613 fix: fill uuid argument correctly in the config download URL
• talos-systems/talos@d8602025c chore: update containerd config version 2
• talos-systems/talos@5949ec4e6 docs: describe the new network configuration subsystem
• talos-systems/talos@444d72b4d feat: update pkgs version
• talos-systems/talos@e883c12b3 fix: make output of upgrade-k8s command less scary
• talos-systems/talos@7f8e50de4 fix: restart the merge controllers on conflict
• talos-systems/talos@60d736094 fix: ignore deadline exceeded errors on bootstrap
• talos-systems/talos@ee06dd69f fix: don't print git sha of the release twice in the dashboard
• talos-systems/talos@07fb61e5d fix: issue worker apid certs properly on renewal
• talos-systems/talos@84817f733 chore: bump Talos version in upgrade tests
• talos-systems/talos@2fa54107b chore: fix tests for disabled RBAC
• talos-systems/talos@78583ba98 fix: don't set bond delay options if miimon is not enabled
• talos-systems/talos@bbf1c091d feat: add RBAC to talosctl version output
• talos-systems/talos@5f6ec3ef6 fix: handle cases when merged resource re-appears before being destroyed
• talos-systems/talos@1e9a0e745 fix: documentation typos
• talos-systems/talos@f228af406 chore: bump go.mod dependencies
• talos-systems/talos@2060ceaa0 chore: add CAPI version to CI setup
• talos-systems/talos@ad047a7de chore: small RBAC improvements

Changes since v0.12.0-alpha.0

• talos-systems/talos@6ee690d9a release(v0.12.0-alpha.1): prepare release
• talos-systems/talos@1ed5e5453 feat: add ClusterID and ClusterSecret
• talos-systems/talos@228b37616 chore: run etcd as non-root user
• talos-systems/talos@3518219bf chore: drop deprecated --no-reboot param and KernelCurrentRoot const
• talos-systems/talos@33d1c3e42 chore: run apid and trustd services as non-root user
• talos-systems/talos@dadaa65d5 feat: print uid/gid for the files in ls -l
• talos-systems/talos@e6fa401b6 fix: enable seccomp default profile by default
• talos-systems/talos@8ddbcc964 feat: validate if extra fields present in the decoder
• talos-systems/talos@5b57a9800 chore: update Go to 1.16.7, Linux to 5.10.57
• talos-systems/talos@eefe1c21c feat: add new etcd members in learner mode
• talos-systems/talos@b1c66fbad feat: implement Equinix Metal support for virtual (shared) IP
• talos-systems/talos@62242f979 chore: require GPG signatures
• talos-systems/talos@faecae44f feat: make ISO builds reproducible

Changes from talos-systems/crypto

• talos-systems/crypto@deec8d4 chore: implement DeepCopy methods for PEMEncoded* types

Changes from talos-systems/extras

• talos-systems/extras@8ce17e5 chore: bump tools and packages for Go 1.16.7
• talos-systems/extras@4957f3c chore: update pkgs to use CNI plugins v0.9.1
• talos-systems/extras@233716a feat: update Go to 1.16.6

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@fe24303 fix: perform correct PMBR partition calculations
• talos-systems/go-blockdevice@2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
• talos-systems/go-blockdevice@87816a8 feat: align partition to minimum I/O size
• talos-systems/go-blockdevice@c34b59f feat: expose more encryption options in the LUKS module

Changes from talos-systems/pkgs

• talos-systems/pkgs@da4ac04 chore: bump tools for Go 1.16.7
• talos-systems/pkgs@10275fb feat: update Linux to 5.10.57
• talos-systems/pkgs@875c7ec chore: patch grub with support for reproducible ISO builds
• talos-systems/pkgs@12856ce feat: increase number of CPUs supported by the kernel to 512
• talos-systems/pkgs@cbfabac chore: update ca-certificates to 2021-07-05
• talos-systems/pkgs@0c011c0 feat: update GRUB to 2.06
• talos-systems/pkgs@5090d14 chore: update containerd to v1.5.5
• talos-systems/pkgs@6653902 feat: add kernel drivers for fusion and scsi-isci
• talos-systems/pkgs@9b4041f chore: update containerd to v1.5.4
• talos-systems/pkgs@7b6cc05 feat: update kernel to latest 5.10.52
• talos-systems/pkgs@65159fb chore: update runc and CNI plugins
• talos-systems/pkgs@514ba34 feat: disable aufs, devmapper, zfs
• talos-systems/pkgs@6bc118f chore: update runc and containerd
• talos-systems/pkgs@b6fca88 feat: update Go to 1.16.6
• talos-systems/pkgs@fd56852 chore: update open-isns and open-iscsi
• talos-systems/pkgs@d779204 chore: update dosfstools to v4.2
• talos-systems/pkgs@bc7c0d7 feat: add support for hotplug of PCIE devices

Changes from talos-systems/tools

• talos-systems/tools@2368154 feat: update Go and protoc-gen-go tools
• talos-systems/tools@7172a5d feat: update Go to 1.16.6
• talos-systems/tools@1de34d7 chore: update musl
• talos-systems/tools@76979a1 chore: update protobuf deps
• talos-systems/tools@0846c64 chore: update expat

Dependency Changes

• github.com/BurntSushi/toml v0.3.1 -> v0.4.1
• github.com/aws/aws-sdk-go v1.38.66 -> v1.40.2
• github.com/containerd/containerd v1.5.2 -> v1.5.5
• github.com/cosi-project/runtime 93ead370bf57 -> 25f235cd0682
• github.com/docker/docker v20.10.7 -> v20.10.8
• github.com/google/uuid v1.2.0 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.4 -> v1.5.6
• github.com/opencontainers/runtime-spec e6143ca7d51d -> 1c3f411f0417
• github.com/packethost/packngo v0.19.0 new
• github.com/prometheus/procfs v0.6.0 -> v0.7.2
• github.com/rivo/tview d4fb0348227b -> 29d673af0ce2
• github.com/spf13/cobra v1.1.3 -> v1.2.1
• github.com/talos-systems/crypto v0.3.1 -> deec8d47700e
• github.com/talos-systems/extras v0.4.0 -> v0.5.0-alpha.0-2-g8ce17e5
• github.com/talos-systems/go-blockdevice v0.2.1 -> v0.2.3
• github.com/talos-systems/pkgs v0.6.0-1-g7b2e126 -> v0.7.0-alpha.0-16-gda4ac04
• github.com/talos-systems/tools v0.6.0 -> v0.7.0-alpha.0-3-g2368154
• github.com/vmware-tanzu/sonobuoy v0.52.0 -> v0.53.0
• go.uber.org/zap v1.17.0 -> v1.18.1
• golang.org/x/net 04defd469f4e -> 853a461950ff
• golang.org/x/sys 59db8d763f22 -> 0f9fa26af87c
• golang.org/x/time 38a9dc6acbc6 -> 1f47c861a9ac
• google.golang.org/grpc v1.38.0 -> v1.39.1
• google.golang.org/protobuf v1.26.0 -> v1.27.1
• inet.af/netaddr bf05d8b52dda -> ce7a8ad02cc1
• k8s.io/api v0.21.2 -> v0.22.0
• k8s.io/apimachinery v0.21.2 -> v0.22.0
• k8s.io/apiserver v0.21.2 -> v0.22.0
• k8s.io/client-go v0.21.2 -> v0.22.0
• k8s.io/cri-api v0.21.2 -> v0.22.0
• k8s.io/kubectl v0.21.2 -> v0.22.0
• k8s.io/kubelet v0.21.2 -> v0.22.0

Previous release can be found at v0.11.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.5.0-alpha.0-2-g8ce17e5
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.22.0
k8s.gcr.io/kube-controller-manager:v1.22.0
k8s.gcr.io/kube-scheduler:v1.22.0
k8s.gcr.io/kube-proxy:v1.22.0
ghcr.io/talos-systems/kubelet:v1.22.0
ghcr.io/talos-systems/installer:v0.12.0-alpha.1
k8s.gcr.io/pause:3.2

Talos 0.12.0-alpha.0 (2021-08-11)

Welcome to the v0.12.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Support for Self-hosted Control Plane Dropped

Note: This item only applies to clusters bootstrapped with Talos <= 0.8.

Talos 0.12 completely removes support for self-hosted Kubernetes control plane (bootkube-based).
Talos 0.9 introduced support for Talos-managed control plane and provided migration path to convert self-hosted control plane
to Talos-managed static pods.
Automated and manual conversion process is available in Talos from 0.9.x to 0.11.x.
For clusters bootstrapped with bootkube (Talos <= 0.8), please make sure control plane is converted to Talos-managed before
before upgrading to Talos 0.12.
Current control plane status can be checked with talosctl get bootstrapstatus before performing upgrade to Talos 0.12.

Cluster API v0.3.x

Cluster API v0.3.x (v1alpha3) is not compatible with Kubernetes 1.22 used by default in Talos 0.12.
Talos can be configued to use Kubernetes 1.21 or CAPI v0.4.x components can be used instead.

Sysctl Configuration

Sysctl Kernel Params configuration was completely rewritten to be based on controllers and resources,
which makes it possible to apply .machine.sysctls in immediate mode (without a reboot).
talosctl get kernelparams returns merged list of KSPP, Kubernetes and user defined params along with
the default values overwritten by Talos.

Join Node Type

Node type join was renamed to worker for clarity. The old value is still accepted in the machine configuration but deprecated.
talosctl gen config now generates worker.yaml instead of join.yaml.

Networking

• multiple static addresses can be specified for the interface with new .addresses field (old .cidr field is deprecated now)
• static addresses can be set on interfaces configured with DHCP

Performance

• machined uses less memory and CPU time
• more disk encryption options are exposed via the machine configuration
• disk partitions are now aligned properly with minimum I/O size
• Talos system processes are moved under proper cgroups, resource metrics are now available via the kubelet
• OOM score is set on the system processes making sure they are killed last under memory pressure

Security

• etcd PKI moved to /system/secrets
• kubelet bootstrap CSR auto-signing scoped to kubelet bootstrap tokens only

Component Updates

• Linux: 5.10.52
• Kubernetes: 1.22.0
• containerd: 1.5.5
• runc: 1.0.1
• GRUB: 2.06
• Talos is built with Go 1.16.6

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Andrey Smirnov
• Serge Logvinov
• Artem Chernyshev
• Spencer Smith
• Alexey Palazhchenko
• dependabot[bot]
• Rui Lopes
• Andrew Rynhard
• Caleb Woodbine

Changes

• talos-systems/talos@887c2326a release(v0.12.0-alpha.0): prepare release
• talos-systems/talos@a15f01844 fix: move etcd PKI under /system/secrets
• talos-systems/talos@eb02afe18 fix: match correctly routes on the address family
• talos-systems/talos@cb948accf feat: allow multiple addresses per interface
• talos-systems/talos@e030b2e8b chore: use k8s 1.21.3 in CAPI tests for now
• talos-systems/talos@e08b4f8f9 feat: implement sysctl controllers
• talos-systems/talos@fdf6b2433 chore: revert "improve artifacts generation reproducibility"
• talos-systems/talos@b68ed1eb8 fix: make route resources ID match closer routing table primary key
• talos-systems/talos@585f63371 fix: correctly handle nodoc for struct fields
• talos-systems/talos@f2d394dc4 docs: add AMIs for v0.11.5
• talos-systems/talos@d0970cbfd feat: bootstrap token limit
• talos-systems/talos@5285a46d7 fix: maintenance mode reason message
• talos-systems/talos@009d15e8d chore: use etcd client TryLock function on upgrade
• talos-systems/talos@4dae9ea55 chore: use vtprotobuf compiled marshaling in Talos API
• talos-systems/talos@7ca5749ad chore: bump dependencies via dependabot
• talos-systems/talos@b2507b41d chore: improve artifacts generation reproducibility
• talos-systems/talos@1f7dad234 chore: update PKGS version (512 cpus, new ca-certficates)
• talos-systems/talos@1a2e78a24 fix: update go-blockdevice
• talos-systems/talos@6d6ed1170 chore: use parallel xz with higher compression level
• talos-systems/talos@571f7db1b chore: workaround GitHub new release notes limit
• talos-systems/talos@09d70b7ea feat: update Kubernetes to v1.22.0
• talos-systems/talos@f25f10e73 feat: add an option to disable PSP
• talos-systems/talos@7c6e4cf23 feat: allow both DHCP and static addressing for the interface
• talos-systems/talos@3c566dbc3 fix: remove admission plugins enabled by default from the list
• talos-systems/talos@69ead3735 fix: preserve PMBR bootable flag correctly
• talos-systems/talos@dee630517 fix: align partitions with minimal I/O size
• talos-systems/talos@628902297 feat: update GRUB to 2.06
• talos-systems/talos@b9d04928d feat: move system processes to cgroups
• talos-systems/talos@0b8681b4b fix: resolve several issues with Wireguard link specs
• talos-systems/talos@f8f4bf3ba docs: add disk encryptions examples
• talos-systems/talos@79b8fa64b feat: update containerd to 1.5.5
• talos-systems/talos@539f42090 chore: bump dependencies via dependabot
• talos-systems/talos@0c7ce1cd8 feat: remove remnants of bootkube support
• talos-systems/talos@d4f9804f8 chore: fix typos
• talos-systems/talos@5f027615f feat: expose more encryption options to the machine config
• talos-systems/talos@585152a0b chore: bump dependencies
• talos-systems/talos@fc66ec596 feat: set oom score for main processes
• talos-systems/talos@df54584a3 fix: drop linux capabilities
• talos-systems/talos@f65d0b739 docs: add 0.11.3 AMIs
• talos-systems/talos@7332d6369 fix: bump pkgs for new kernel 5.10.52
• talos-systems/talos@70d2505b7 fix: do not require ToVersion to be set when detecting version
• talos-systems/talos@0953b1998 chore: update extras to bring a new CNI bundle
• talos-systems/talos@b6c47f866 fix: set the /etc/os-release HOME_URL parameter
• talos-systems/talos@c780821d0 feat: update containerd to 1.5.3, runc to 1.0.1
• talos-systems/talos@f8f1c83a7 feat: detect the lowest Kubernetes version in upgrade-k8s CLI command
• talos-systems/talos@55e17ccdd chore: bump dependencies
• talos-systems/talos@da6f786ca fix: kuberentes => kubernetes typo
• talos-systems/talos@2e463348b fix: pass all logs through the options.Log method
• talos-systems/talos@4e9c5afb6 fix: make ethtool optional in link status controller
• talos-systems/talos@bf61c2cc4 fix: write upgrade logs only to the LogOutput if it's defined
• talos-systems/talos@9c73257cb feat: update Go to 1.16.6
• talos-systems/talos@23ef1d40a chore: add ability to redirect talos upgrade module logs to io.Writer
• talos-systems/talos@33e9d6c98 chore: bump github.com/aws/aws-sdk-go in /hack/cloud-image-uploader
• talos-systems/talos@604434c43 chore: bump github.com/prometheus/procfs from 0.6.0 to 0.7.0
• talos-systems/talos@2ea28f62d chore: bump node from 16.3.0-alpine to 16.4.2-alpine
• talos-systems/talos@b358a189b fix: correctly pick route scope for link-local destination
• talos-systems/talos@6848d4314 feat: can change clusterdns ip lists
• talos-systems/talos@72b76abfd fix: workaround issues when IPv6 is fully or partially disabled
• talos-systems/talos@679b08f4f docs: update docs for 0.12
• talos-systems/talos@6fbec9e0c fix: cache etcd client used for healthchecks
• talos-systems/talos@eea750de2 chore: rename "join" type to "worker"
• talos-systems/talos@951493ac8 docs: update what's new for Talos 0.11
• talos-systems/talos@b47d1098b docs: promote 0.11 docs to be the latest
• talos-systems/talos@d930a2650 chore: implement DeepCopy for machine configuration
• talos-systems/talos@fe4ed3c73 chore: ignore tags which don't look like semantic version
• talos-systems/talos@b969e7720 chore: update references to old protobuf package
• talos-systems/talos@2ba8ac9ab docs: add documentation directory for 0.12
• talos-systems/talos@011e2885e fix: validate bond slaves addressing
• talos-systems/talos@10c28758a fix: ignore DeadlineExceeded error correctly on bootstrap
• talos-systems/talos@77fabacec chore: ignore future pkg/machinery/vX.Y.Z tags
• talos-systems/talos@6b661114d fix: make COSI runtime history depth smaller
• talos-systems/talos@9bf899bdd fix: make forfeit leadership connect to the right node
• talos-systems/talos@4708beaee feat: implement talosctl config info command
• talos-systems/talos@6d13d2cf9 fix: close Kubernetes API client
• talos-systems/talos@aaa36f3b4 fix: ignore 'not a leader' error on forfeit leadership
• talos-systems/talos@22a419367 fix: workaround 'Unauthorized' errors when accessing Kubernetes API
• talos-systems/talos@71c6f7004 chore: bump go.mod dependencies
• talos-systems/talos@915cd8fe2 docs: add guide for RBAC
• talos-systems/talos@f5721050d fix: controlplane keyusage
• talos-systems/talos@3d7726613 fix: fill uuid argument correctly in the config download URL
• talos-systems/talos@d8602025c chore: update containerd config version 2
• talos-systems/talos@5949ec4e6 docs: describe the new network configuration subsystem
• talos-systems/talos@444d72b4d feat: update pkgs version
• talos-systems/talos@e883c12b3 fix: make output of upgrade-k8s command less scary
• talos-systems/talos@7f8e50de4 fix: restart the merge controllers on conflict
• talos-systems/talos@60d736094 fix: ignore deadline exceeded errors on bootstrap
• talos-systems/talos@ee06dd69f fix: don't print git sha of the release twice in the dashboard
• talos-systems/talos@07fb61e5d fix: issue worker apid certs properly on renewal
• talos-systems/talos@84817f733 chore: bump Talos version in upgrade tests
• talos-systems/talos@2fa54107b chore: fix tests for disabled RBAC
• talos-systems/talos@78583ba98 fix: don't set bond delay options if miimon is not enabled
• talos-systems/talos@bbf1c091d feat: add RBAC to talosctl version output
• talos-systems/talos@5f6ec3ef6 fix: handle cases when merged resource re-appears before being destroyed
• talos-systems/talos@1e9a0e745 fix: documentation typos
• talos-systems/talos@f228af406 chore: bump go.mod dependencies
• talos-systems/talos@2060ceaa0 chore: add CAPI version to CI setup
• talos-systems/talos@ad047a7de chore: small RBAC improvements

Changes from talos-systems/crypto

• talos-systems/crypto@deec8d4 chore: implement DeepCopy methods for PEMEncoded* types

Changes from talos-systems/extras

• talos-systems/extras@4957f3c chore: update pkgs to use CNI plugins v0.9.1
• talos-systems/extras@233716a feat: update Go to 1.16.6

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@fe24303 fix: perform correct PMBR partition calculations
• talos-systems/go-blockdevice@2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
• talos-systems/go-blockdevice@87816a8 feat: align partition to minimum I/O size
• talos-systems/go-blockdevice@c34b59f feat: expose more encryption options in the LUKS module

Changes from talos-systems/pkgs

• talos-systems/pkgs@12856ce feat: increase number of CPUs supported by the kernel to 512
• talos-systems/pkgs@cbfabac chore: update ca-certificates to 2021-07-05
• talos-systems/pkgs@0c011c0 feat: update GRUB to 2.06
• talos-systems/pkgs@5090d14 chore: update containerd to v1.5.5
• talos-systems/pkgs@6653902 feat: add kernel drivers for fusion and scsi-isci
• talos-systems/pkgs@9b4041f chore: update containerd to v1.5.4
• talos-systems/pkgs@7b6cc05 feat: update kernel to latest 5.10.52
• talos-systems/pkgs@65159fb chore: update runc and CNI plugins
• talos-systems/pkgs@514ba34 feat: disable aufs, devmapper, zfs
• talos-systems/pkgs@6bc118f chore: update runc and containerd
• talos-systems/pkgs@b6fca88 feat: update Go to 1.16.6
• talos-systems/pkgs@fd56852 chore: update open-isns and open-iscsi
• talos-systems/pkgs@d779204 chore: update dosfstools to v4.2
• talos-systems/pkgs@bc7c0d7 feat: add support for hotplug of PCIE devices

Changes from talos-systems/tools

• talos-systems/tools@7172a5d feat: update Go to 1.16.6
• talos-systems/tools@1de34d7 chore: update musl
• talos-systems/tools@76979a1 chore: update protobuf deps
• talos-systems/tools@0846c64 chore: update expat

Dependency Changes

• github.com/BurntSushi/toml v0.3.1 -> v0.4.1
• github.com/aws/aws-sdk-go v1.38.66 -> v1.40.2
• github.com/containerd/containerd v1.5.2 -> v1.5.5
• github.com/cosi-project/runtime 93ead370bf57 -> 25f235cd0682
• github.com/docker/docker v20.10.7 -> v20.10.8
• github.com/google/uuid v1.2.0 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.4 -> v1.5.6
• github.com/opencontainers/runtime-spec e6143ca7d51d -> 1c3f411f0417
• github.com/prometheus/procfs v0.6.0 -> v0.7.2
• github.com/rivo/tview d4fb0348227b -> 29d673af0ce2
• github.com/spf13/cobra v1.1.3 -> v1.2.1
• github.com/talos-systems/crypto v0.3.1 -> deec8d47700e
• github.com/talos-systems/extras v0.4.0 -> v0.5.0-alpha.0-1-g4957f3c
• github.com/talos-systems/go-blockdevice v0.2.1 -> v0.2.3
• github.com/talos-systems/pkgs v0.6.0-1-g7b2e126 -> v0.7.0-alpha.0-13-g12856ce
• github.com/talos-systems/tools v0.6.0 -> v0.7.0-alpha.0-2-g7172a5d
• github.com/vmware-tanzu/sonobuoy v0.52.0 -> v0.53.0
• go.uber.org/zap v1.17.0 -> v1.18.1
• golang.org/x/net 04defd469f4e -> 853a461950ff
• golang.org/x/sys 59db8d763f22 -> 0f9fa26af87c
• golang.org/x/time 38a9dc6acbc6 -> 1f47c861a9ac
• google.golang.org/grpc v1.38.0 -> v1.39.1
• google.golang.org/protobuf v1.26.0 -> v1.27.1
• inet.af/netaddr bf05d8b52dda -> ce7a8ad02cc1
• k8s.io/api v0.21.2 -> v0.22.0
• k8s.io/apimachinery v0.21.2 -> v0.22.0
• k8s.io/apiserver v0.21.2 -> v0.22.0
• k8s.io/client-go v0.21.2 -> v0.22.0
• k8s.io/cri-api v0.21.2 -> v0.22.0
• k8s.io/kubectl v0.21.2 -> v0.22.0
• k8s.io/kubelet v0.21.2 -> v0.22.0

Previous release can be found at v0.11.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.5.0-alpha.0-1-g4957f3c
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.22.0
k8s.gcr.io/kube-controller-manager:v1.22.0
k8s.gcr.io/kube-scheduler:v1.22.0
k8s.gcr.io/kube-proxy:v1.22.0
ghcr.io/talos-systems/kubelet:v1.22.0
ghcr.io/talos-systems/installer:v0.12.0-alpha.0
k8s.gcr.io/pause:3.2

Talos 0.11.5 (2021-08-09)

Welcome to the v0.11.5 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

BIOS Boot

Fix issues with PMBR partition settings which affects BIOS boot on some Dell servers.

Component Updates

• GRUB was updated to 2.06

Contributors

• Andrey Smirnov
• Andrew Rynhard
• Andrey Smirnov

Changes

• talos-systems/talos@0421c476c release(v0.11.5): prepare release
• talos-systems/talos@6b64939bd feat: update grub to 2.06, bump max CPUs to 512
• talos-systems/talos@052b37515 chore: workaround GitHub new release notes limit
• talos-systems/talos@218f24a1b fix: update go-blockdevice

Changes from talos-systems/go-blockdevice

• talos-systems/go-blockdevice@fe24303 fix: perform correct PMBR partition calculations

Changes from talos-systems/pkgs

• talos-systems/pkgs@4253991 feat: update grub to 2.06, bump max CPUs to 512

Dependency Changes

• github.com/talos-systems/go-blockdevice v0.2.2 -> v0.2.3
• github.com/talos-systems/pkgs v0.6.0-4-g752c90e -> v0.6.0-5-g4253991

Previous release can be found at v0.11.4

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.4.0-1-g0f96c53
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.21.3
k8s.gcr.io/kube-controller-manager:v1.21.3
k8s.gcr.io/kube-scheduler:v1.21.3
k8s.gcr.io/kube-proxy:v1.21.3
ghcr.io/talos-systems/kubelet:v1.21.3
ghcr.io/talos-systems/installer:v0.11.5
k8s.gcr.io/pause:3.2

Talos 0.11.4 (2021-08-05)

Welcome to the v0.11.4 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Default to Bootstrap workflow

The init.yaml is no longer an output of talosctl gen config.
We now encourage using the bootstrap API, instead of init node types, as we
intend on deprecating this machine type in the future.
The init.yaml and controlplane.yaml machine configs are identical with the
exception of the machine type.
Users can use a modified controlplane.yaml with the machine type set to
init if they would like to avoid using the bootstrap API.

Component Updates

• containerd was updated to 1.5.5
• Linux kernel was updated to 5.10.52
• Kubernetes was updated to 1.21.3
• etcd was updated to 3.4.16
• CoreDNS was updated to 1.8.4

CoreDNS

Added the flag cluster.coreDNS.disabled to disable coreDNS deployment during the cluster bootstrap.

Legacy BIOS Support

Added an option to the machine.install section of the machine config that can enable marking MBR partition bootable
for the machines that have legacy BIOS which does not support GPT partitioning scheme.

Multi-arch Installer

Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture.
This means that e.g. images for arm64 SBCs can be generated on amd64 host.

Networking Configuration

Talos networking configuration was completely rewritten to be based on controllers
and resources.
There are no changes to the machine configuration, but any update to .machine.network can now
be applied in immediate mode (without a reboot).
Talos should be setting up network configuration much faster on boot now, not blocking on DHCP for unconfigured
interfaces and skipping the reset network step.

Talos API RBAC

Limited RBAC support in Talos API is now enabled by default for Talos 0.11.
Default talosconfig has os:admin role embedded in the certificate so that all the APIs are available.
Certificates with reduced set of roles can be created with talosctl config new command.

When upgrading from Talos 0.10, RBAC is not enabled by default. Before enabling RBAC, generate talosconfig with
os:admin role first to make sure that administrator still has access to the cluster when RBAC is enabled
(using talosctl config new command).

List of available roles:

• os:admin role enables every Talos API
• os:reader role limits access to read-only APIs which do not return sensitive data
• os:etcd:backup role only allows talosctl etcd snapshot API call (for etcd backup automation)

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Spencer Smith
• Serge Logvinov
• Jorik Jonker
• Andrew Rynhard
• Andrew LeCody
• Kevin Hellemun
• Seán C McCord
• Boran Car
• Brandon Nason
• Gabor Nyiri
• Gabor Nyiri
• Joost Coelingh
• Lance R. Vick
• Lennard Klein
• Sébastien Bernard
• Sébastien Bernard

Changes since v0.11.3

• 9f388bbbd release(v0.11.4): prepare release
• e61c275e5 feat: update containerd to 1.5.5, runc to 1.0.1
• 64259fd0a fix: preserve PMBR bootable, align partitions with minimal I/O size

Changes from talos-systems/crypto

• d3cb772 feat: make possible to change KeyUsage
• 6bc5bb5 chore: remove unused argument
• cd18ef6 feat: add support for several organizations
• 97c888b chore: add options to CSR
• 7776057 chore: fix typos
• 80df078 chore: remove named result parameters
• 15bdd28 chore: minor updates
• 4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/extras

• 0f96c53 feat: update Go to 1.16.6
• 918e161 chore: update deps to final release versions
• 4fe2706 feat: build with Go 1.16.5

Changes from talos-systems/go-blockdevice

• 2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
• 87816a8 feat: align partition to minimum I/O size
• c34b59f feat: expose more encryption options in the LUKS module
• 30c2bc3 feat: mark MBR bootable
• 1292574 fix: make disk type matcher parser case insensitive
• b77400e fix: properly detect nvme and sd card disk types

Changes from talos-systems/go-debug

• 3d0a6e1 feat: race build tag flag detector
• 5b292e5 feat: disable memory profiling by default
• c6d0ae2 fix: linters and CI
• d969f95 feat: initial implementation
• b2044b7 Initial commit

Changes from talos-systems/go-kmsg

• b08e4d3 feat: replace tab character with space in console output
• 2edcd3a feat: add initial version
• 53cdd8d chore: initial commit

Changes from talos-systems/go-loadbalancer

• a445702 feat: allow dial timeout and keep alive period to be configurable
• 3c8f347 feat: provide a way to configure logger for the loadbalancer
• da8e987 feat: implement Reconcile - ability to change upstream list on the fly

Changes from talos-systems/go-retry

• c78cc95 fix: implement errors.Is for all errors in the set
• 7885e16 feat: add ExpectedErrorf
• 3d83f61 feat: deprecate UnexpectedError

Changes from talos-systems/go-smbios

• d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

• 752c90e feat: update containerd and runc versions
• 5e6def3 feat: update kernel to latest 5.10.52
• f8d83b4 feat: update Go to 1.16.6
• 7b2e126 feat: add support for hotplug of PCIE devices
• f499062 chore: bump tools to final release 0.6.0
• 41d6ccc feat: enable MACVTAP support
• 96072f8 feat: enable adiantum block encryption (both amd64 arm64)
• f5eac03 feat: update Linux to 5.10.45
• d756119 feat: enable HP ILO kernel module (both amd64 arm64)
• 2d51360 feat: support NFS 4.1
• e63e4e9 feat: bump tools for Go 1.16.5
• 1f8af29 feat: update Linux to 5.10.38
• a3a6650 feat: update containerd to 1.5.2
• c70ea44 feat: update runc to 1.0.0-rc95
• db60235 feat: add support for netxen card
• f934187 feat: update containerd to 1.5.1
• e8ed5bc feat: add geneve encapsulation support for openvswitch
• 9f7903c feat: update containerd to 1.5.0, runc to -rc94
• d7c0f70 feat: add AES-NI support for amd64
• b0d9cd2 fix: build zbin utility for both amd64 and arm64
• bb39b97 feat: add IPMI support in kernel
• 1148f9a feat: add DS1307 RTC support for arm64
• 350aa6f feat: add USB serial support
• de9c582 feat: add Pine64 SBC support
• b56f36b feat: enable VMware baloon kernel module
• f87c194 feat: add iPXE build with embedded placeholder script
• a8b9e71 feat: add cpu scaling for rpi

Changes from talos-systems/tools

• 545d839 feat: update Go to 1.16.6
• c8c2a18 feat: update Go to 1.16.5

Dependency Changes

• github.com/aws/aws-sdk-go v1.38.66 new
• github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
• github.com/containerd/containerd v1.4.4 -> v1.5.5
• github.com/containerd/go-cni v1.0.1 -> v1.0.2
• github.com/containerd/typeurl v1.0.1 -> v1.0.2
• github.com/coreos/go-iptables v0.5.0 -> v0.6.0
• github.com/cosi-project/runtime 10d6103c19ab -> 93ead370bf57
• github.com/docker/docker v20.10.4 -> v20.10.7
• github.com/emicklei/dot v0.15.0 -> v0.16.0
• github.com/evanphx/json-patch v4.9.0 -> v4.11.0
• github.com/fatih/color v1.10.0 -> v1.12.0
• github.com/google/go-cmp v0.5.5 -> v0.5.6
• github.com/google/gofuzz v1.2.0 new
• github.com/googleapis/gnostic v0.5.5 new
• github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.2 -> v1.5.4
• github.com/imdario/mergo v0.3.12 new
• github.com/insomniacslk/dhcp cc9239ac6294 -> 1cac67f12b1e
• github.com/jsimonetti/rtnetlink 1b79e63a70a0 -> 9c52e516c709
• github.com/mattn/go-isatty v0.0.12 -> v0.0.13
• github.com/mdlayher/arp f72070a231fc new
• github.com/mdlayher/ethtool 2b88debcdd43 new
• github.com/mdlayher/netlink v1.4.0 -> v1.4.1
• github.com/mdlayher/raw 51b895745faf new
• github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> 1c3f411f0417
• github.com/rivo/tview 8a8f78a6dd01 -> d4fb0348227b
• github.com/rs/xid v1.2.1 -> v1.3.0
• github.com/spf13/viper v1.8.0 new
• github.com/talos-systems/crypto 39584f1b6e54 -> v0.3.1
• github.com/talos-systems/extras v0.3.0 -> v0.4.0-1-g0f96c53
• github.com/talos-systems/go-blockdevice 1d830a25f64f -> v0.2.2
• github.com/talos-systems/go-debug v0.2.1 new
• github.com/talos-systems/go-kmsg v0.1.1 new
• github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
• github.com/talos-systems/go-retry b9dc1a990133 -> v0.3.1
• github.com/talos-systems/go-smbios fb425d4727e6 -> v0.1.0
• github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-4-g752c90e
• github.com/talos-systems/talos/pkg/machinery 8ffb55943c71 -> 000000000000
• github.com/talos-systems/tools v0.5.0 -> v0.6.0-1-g545d839
• github.com/vishvananda/netns 2eb08e3e575f new
• github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.52.0
• github.com/vmware/govmomi v0.24.0 -> v0.26.0
• go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0
• go.etcd.io/etcd/client/pkg/v3 v3.5.0 new
• go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0
• go.etcd.io/etcd/etcdutl/v3 v3.5.0 new
• go.uber.org/zap v1.17.0 new
• golang.org/x/net e18ecbb05110 -> 04defd469f4e
• golang.org/x/oauth2 a8dc77f794b6 new
• golang.org/x/sys 77cc2087c03b -> 59db8d763f22
• golang.org/x/term 6a3ed077a48d -> 6886f2dfbf5b
• golang.org/x/time f8bda1e9f3ba -> 38a9dc6acbc6
• golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> 92e472f520a5
• google.golang.org/grpc v1.37.0 -> v1.38.0
• inet.af/netaddr bf05d8b52dda new
• k8s.io/api v0.21.0 -> v0.21.3
• k8s.io/apimachinery v0.21.0 -> v0.21.3
• k8s.io/apiserver v0.21.0 -> v0.21.3
• k8s.io/client-go v0.21.0 -> v0.21.3
• k8s.io/cri-api v0.21.0 -> v0.21.3
• k8s.io/kubectl v0.21.0 -> v0.21.3
• k8s.io/kubelet v0.21.0 -> v0.21.3
• k8s.io/utils 6fdb442a123b new

Previous release can be found at v0.10.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.4.0-1-g0f96c53
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.21.3
k8s.gcr.io/kube-controller-manager:v1.21.3
k8s.gcr.io/kube-scheduler:v1.21.3
k8s.gcr.io/kube-proxy:v1.21.3
ghcr.io/talos-systems/kubelet:v1.21.3
ghcr.io/talos-systems/installer:v0.11.4
k8s.gcr.io/pause:3.2

Talos 0.11.3 (2021-07-22)

Welcome to the v0.11.3 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Default to Bootstrap workflow

The init.yaml is no longer an output of talosctl gen config.
We now encourage using the bootstrap API, instead of init node types, as we
intend on deprecating this machine type in the future.
The init.yaml and controlplane.yaml machine configs are identical with the
exception of the machine type.
Users can use a modified controlplane.yaml with the machine type set to
init if they would like to avoid using the bootstrap API.

Component Updates

• containerd was updated to 1.5.2
• Linux kernel was updated to 5.10.52
• Kubernetes was updated to 1.21.3
• etcd was updated to 3.4.16
• CoreDNS was updated to 1.8.4

CoreDNS

Added the flag cluster.coreDNS.disabled to disable coreDNS deployment during the cluster bootstrap.

Legacy BIOS Support

Added an option to the machine.install section of the machine config that can enable marking MBR partition bootable
for the machines that have legacy BIOS which does not support GPT partitioning scheme.

Multi-arch Installer

Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture.
This means that e.g. images for arm64 SBCs can be generated on amd64 host.

Networking Configuration

Talos networking configuration was completely rewritten to be based on controllers
and resources.
There are no changes to the machine configuration, but any update to .machine.network can now
be applied in immediate mode (without a reboot).
Talos should be setting up network configuration much faster on boot now, not blocking on DHCP for unconfigured
interfaces and skipping the reset network step.

Talos API RBAC

Limited RBAC support in Talos API is now enabled by default for Talos 0.11.
Default talosconfig has os:admin role embedded in the certificate so that all the APIs are available.
Certificates with reduced set of roles can be created with talosctl config new command.

When upgrading from Talos 0.10, RBAC is not enabled by default. Before enabling RBAC, generate talosconfig with
os:admin role first to make sure that administrator still has access to the cluster when RBAC is enabled
(using talosctl config new command).

List of available roles:

• os:admin role enables every Talos API
• os:reader role limits access to read-only APIs which do not return sensitive data
• os:etcd:backup role only allows talosctl etcd snapshot API call (for etcd backup automation)

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Spencer Smith
• Serge Logvinov
• Jorik Jonker
• Andrew Rynhard
• Andrew LeCody
• Kevin Hellemun
• Seán C McCord
• Boran Car
• Brandon Nason
• Gabor Nyiri
• Gabor Nyiri
• Joost Coelingh
• Lance R. Vick
• Lennard Klein
• Sébastien Bernard
• Sébastien Bernard

Changes

• f0e3609c7 release(v0.11.3): prepare release
• ddf63dfda fix: bump pkgs for new kernel 5.10.52
• 29b10f9b0 release(v0.11.2): prepare release
• 671c00c41 fix: make ethtool optional in link status controller
• 965558787 feat: update Kubernetes to 1.21.3
• 239f6d8c3 release(v0.11.1): prepare release
• 27133766d fix: correctly pick route scope for link-local destination
• a7bbefe56 fix: workaround issues when IPv6 is fully or partially disabled
• 8442a289b feat: update Go to 1.16.6
• 3f6b56c68 release(v0.11.0): prepare release
• 4a54fe00d chore: ignore tags which don't look like semantic version
• 1a40f379f release(v0.11.0-beta.3): prepare release
• 673b27160 fix: validate bond slaves addressing
• f3f646fde chore: ignore future pkg/machinery/vX.Y.Z tags
• 5c640cd52 fix: ignore DeadlineExceeded error correctly on bootstrap
• 17edc883c fix: make forfeit leadership connect to the right node
• 08c9a2e58 feat: implement talosctl config info command
• f6892dba7 fix: close Kubernetes API client
• 06aa24fb9 fix: ignore 'not a leader' error on forfeit leadership
• 9075fc41c fix: workaround 'Unauthorized' errors when accessing Kubernetes API
• 1179d6baf release(v0.11.0-beta.2): prepare release
• 8aed6c2e1 fix: fill uuid argument correctly in the config download URL
• d6c5e5004 fix: make output of upgrade-k8s command less scary
• 452e096e1 fix: restart the merge controllers on conflict
• 79f4f1aa8 fix: ignore deadline exceeded errors on bootstrap
• 8904009f0 feat: update pkgs version
• 223abaab0 release(v0.11.0-beta.1): prepare release
• 7abadf726 fix: issue worker apid certs properly on renewal
• 33d73189e fix: don't set bond delay options if miimon is not enabled
• de7db38e3 release(v0.11.0-beta.0): prepare release
• 74111d7b6 feat: add RBAC to talosctl version output
• 728ad5c6f fix: handle cases when merged resource re-appears before being destroyed
• 283e9f026 chore: add CAPI version to CI setup
• 01a196ea4 chore: small RBAC improvements
• 829e54f1a fix: limit apid access to COSI runtime resources
• f9e01d027 fix: ignore EINVAL on unmount operations
• 7672435e1 feat: add a method to get gRPC connection from the client
• b5244bf18 chore: bump go.mod dependencies, fix netaddr API changes
• c7e622567 chore: update coredns to 1.8.4
• 3a34f1a51 chore: bump Talos Go modules to release versions
• 8d60abff7 chore: use tagged versions of bldr dependencies for 0.11
• 8ef68a6fb feat: remove go-runner in staticpods
• a650531fa release(v0.11.0-alpha.2): prepare release
• 71fff02ff fix: revert back resource.proto order
• d3f4e6006 fix: replace tabs with spaces in console output
• 1990ad252 feat: add created and updated timestamps to the resource metadata
• 0731be908 feat: add cloud images to releases
• b52b20666 feat: split etcd certificates to peer/client
• 33119d2b8 chore: add an option to launch cluster with bad RTC state
• d8c2bca1b feat: reimplement apid certificate generation on top of COSI
• 3c1b32199 chore: refactor CLI tests
• 0fd9ea2d6 feat: enable MACVTAP support
• 898673e8d chore: update e2e tests to use latest capi releases
• e26c5583c docs: add AMI IDs for Talos 0.10.4
• 72ef48f0e fix: assign source address to the DHCP default gateway routes
• 004885a37 feat: update Linux kernel to 5.10.45, etcd to 3.4.16
• 821f469a1 feat: skip overlay mount checks with docker
• b6e02311a feat: use COSI RD's sensitivity for RBAC
• 46751c1ad feat: improve security of Kubernetes control plane components
• 0f659622d fix: build with custom kernel/rootfs
• 5b5089ab9 fix: mark kube-proxy as system critical priority
• 42c16f67f chore: bump dependencies
• 60f78419e chore: bump etcd client libraries to final 3.5.0 release
• 2b0de9edb feat: improve security of Kubernetes control plane components
• 48a5c460a docs: provide more storage details
• e13d905c2 release(v0.11.0-alpha.1): prepare release
• 70ac771e0 fix: use localhost API server endpoint for internal communication
• a941eb7da feat: improve security of Kubernetes control plane components
• 3aae94e53 feat: provide Kubernetes nodename as a COSI resource
• 06209bba2 chore: update RBAC rules, remove old APIs
• 9f24b519d chore: remove bootkube check from cluster health check
• 4ac9bea27 fix: stop etcd client logs from going to the server console
• f63ab9dd9 feat: implement talosctl config new command
• fa15a6687 fix: don't enable RBAC feature in the config for Talos < 0.11
• 2dc27d996 fix: do not format state partition in the initialize sequence
• b609f33cd fix: update networking stack after Equnix Metal testing
• 243a3b53e fix: separate healthy and unknown flags in the service resource
• 1a1378be1 fix: update retry package with a fix for errors.Is
• cb83edd7f fix: wait for the network to be ready in mainteancne mode
• 96f89071c feat: update controller-runtime logs to console level on config.debug
• 973069b61 feat: support NFS 4.1
• 654dcad47 chore: bump dependencies via dependabot
• d7394457d fix: don't treat ethtool errors as fatal
• f2ae9cd0c feat: replace networkd with new network implementation
• caec3063c fix: do not complain about empty roles
• 11918a110 docs: update community meeting time
• aeddb9c09 feat: implement platform config controller (hostnames)
• 1ece334da feat: implement controller which runs network operators
• 744ea8a5d fix: do not add bootstrap contents option if tail events is not 0
• 5029edfb7 fix: overwrite nodes in the gRPC metadata
• 6a35c8f11 feat: implement virtual IP (shared IP) network operator
• 0f3b83803 chore: expose WatchRequest in the resources client
• 11e258b15 feat: implement operator configuration controller
• ce3815e75 feat: implement DHCP6 operator
• f010d99af feat: implement operator framework with DHCP4 as the first example
• f93c9c8fa feat: bring unconfigured links with link carrier up by default
• 02bd657b2 feat: implement network.Status resource and controller
• da329f00a feat: enable RBAC by default
• 0f168a880 feat: add configuration for enabling RBAC
• e74f789b0 feat: implement EtcFileController to render files in /etc
• 5aede1a83 fix: prefer extraConfig over OVF env, skip empty config
• 5ad314fe7 feat: implement basic RBAC interceptors
• c031be813 chore: use Go 1.16.5
• 8b0763f6a chore: bump dependencies via dependabot
• 8b8de11d9 feat: implement new controllers for hostname, resolvers and time servers
• 24859b141 docs: update Rpi4 firmware guide
• 62c702c4f fix: remove conflicting etcd member on rejoin with empty data directory
• ff62a5998 fix: drop into maintenance mode if config URL is none (metal)
• 14e696d06 feat: update COSI runtime and add support for tail in the Talos gRPC
• a71053fcd feat: default to bootstrap workflow
• 76aac4bb2 feat: implement CPU and Memory stats controller
• 8f90c6a8e feat: parse Talos-specific cmdline params
• ed10e139c feat: implement NodeAddress controller
• 33db8857a fix: use COSI runtime DestroyReady input type
• 6e7753639 refactor: rename *.Status() to *.TypedSpec() in the resources
• 97627061d docs: set static IP on ISO install mode
• 5811f4dda feat: implement link (interface) controllers
• 046b229b1 chore: skip building multi-arch installer for race-enabled build
• 73fbb4b52 fix: only fetch machine uuid if it's not set
• f112a540b fix: clean up stale snapshots on container start
• c036b9494 chore: bump dependencies
• a4d67a018 feat: add the ability to disable CoreDNS
• 76dbfb369 feat: add ability to mark MBR partition bootable
• e0f5b1e20 chore: split mgmt/gen.go into several files
• fad1b4f1f chore: fix go generate for the machinery
• 1117294ad release(v0.11.0-alpha.0): prepare release
• c09629466 chore: prepare for 0.11 release series
• 723597657 feat: enable GORACE=halt_on_panic=1 in machined binary
• 0acb04ad7 feat: implement route network controllers
• f5bf88a4c feat: create certificates with os:admin role
• 1db301edf feat: switch controller-runtime to zap.Logger
• f7cf64d42 fix: add talos.config to the vApp Properties in VMware OVA
• 209527ecc docs: add AMIs for Talos 0.10.3
• 59cfd312c chore: bump dependencies via dependabot
• 1edb20cf9 feat: extract config generation
• af77c2956 docs: update wirguard guide
• 4fe691214 test: better talosctl ls tests
• 04ddda962 feat: update containerd to 1.5.2, runc to 1.0.0-rc95
• 49c7276b1 chore: fix markdown linting
• 7270495ac docs: add mayastor quickstart
• d3d9112f2 docs: fix spelling/grammar in What's New for Talos 0.9
• 82804414f test: provide a way to force different boot order in provision library
• a1c0e99a1 docs: add guide for deploying metrics-server
• 6bc6658b5 feat: update containerd to 1.5.1
• c6567fae9 chore: dependabot updates
• 61ccbb3f5 chore: keep debug symbols in debug builds
• 1ce362e05 docs: update customizing kernel build steps
• a26174b54 fix: properly compose pattern and header in etcd members output
• 0825cf11f fix: stop networkd and pods before leaving etcd on upgrade
• bed6b15d6 fix: properly populate AllowSchedulingOnMasters option in gen config RPC
• 071f04456 feat: implement AddressSpec handling
• 76e38b7b8 feat: update Kubernetes to 1.21.1
• 9b1338d98 chore: parse "boolean" variables
• c81cfb216 chore: allow building with debug handlers
• c9651673b feat: update go-smbios library
• 95c656fb7 feat: update containerd to 1.5.0, runc to 1.0.0-rc94
• db9c35b57 feat: implement AddressStatusController
• 1cf011a80 chore: bump dependencies via dependabot
• e3f407a1d fix: properly pass disk type selector from config to matcher
• 66b2b4505 feat: add resources and use HTTPS checks in control plane pods
• 4ffd7c0ad fix: stop networkd before leaving etcd on 'reset' path
• 610d38d30 docs: add AMIs for 0.10.1, collapse list of AMIs by default
• 807497ec2 chore: make conformance pipeline depend on cron-default
• 3c1213596 feat: implement LinkStatusController
• 0e8de0469 fix: update go-blockdevice to fix disk type detection
• 4d50a4edd fix: update the way NTP sync uses adjtimex syscall
• 1a85c14a5 fix: avoid data race on CRI pod stop
• 5de8dbc06 fix: repair pine64 support
• 382390973 fix: properly parse matcher expressions
• e54b6b7a3 chore: update dependencies via dependabot
• f2caed0df chore: use extracted talos-systems/go-kmsg library
• 79d804c5b docs: fix typos
• a2bb390e1 feat: deterministic builds
• e480fedff feat: add USB serial drivers
• 79299d761 docs: add Matrix room links
• 1b3e8b09e docs: add survey to README
• 8d51c9bb1 docs: update redirects to Talos 0.10
• 1092c3a50 feat: add Pine64 SBC support
• 63e017543 feat: pull kernel with VMware balloon module enabled
• aeec99d82 chore: remove temporary fork
• 0f49722d0 feat: add --config-patch flag by node type
• a01b1d22d chore: dump dependencies via dependabot
• d540a4a47 fix: bump crypto library for the CSR verification fix
• c3a4173e1 chore: remove security API ReadFile/WriteFile
• 38037131c chore: update wgctrl dependecy
• d9ba0fd01 docs: create v0.11 docs, promote v0.10 docs, add v0.10 AMIs
• 2261d7ed0 fix: use both self-signed and Kubernetes CA to verify Kubelet cert
• a3537a691 docs: update cloud images for Talos v0.9.3
• 5b9ee8617 docs: add what's new for Talos 0.10
• f1107fa3a docs: add survey
• 93623d47f docs: update AWS instructions
• a739d1b8a feat: add support of custom registry CA certificate usage
• 7f468d350 fix: update osType in OVA other3xLinux64Guest"
• 4a184b67d docs: add etcd backup and restore guide
• 5fb38d3e5 chore: refactor Dockerfile for cross-compilation
• a8f1e526b chore: build talosctl for Darwin / Apple Silicon
• eb0b64d31 chore: list specifically for enabled regions
• 669a0cbdc fix: check if OVF env is empty
• da92049c0 chore: use codecov from the build container
• 9996d4b02 chore: use REGISTRY_MIRROR_FLAGS if defined
• 05cbe250c chore: bump dependencies via dependabot
• 9a91142a3 feat: print complete member info in etcd members
• bb40d6dd0 feat: update pkgs version
• e7a9164b1 test: implement talosctl conformance command to run e2e tests
• 6cb266e74 fix: update etcd client errors, print etcd join failures
• 0bd8b0e80 feat: provide an option to recover etcd from data directory copy
• f98185408 chore: fix conform with scopes
• 21018f28c chore: bump website node.js dependencies

Changes since v0.11.2

• f0e3609c7 release(v0.11.3): prepare release
• ddf63dfda fix: bump pkgs for new kernel 5.10.52

Changes from talos-systems/crypto

• d3cb772 feat: make possible to change KeyUsage
• 6bc5bb5 chore: remove unused argument
• cd18ef6 feat: add support for several organizations
• 97c888b chore: add options to CSR
• 7776057 chore: fix typos
• 80df078 chore: remove named result parameters
• 15bdd28 chore: minor updates
• 4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/extras

• 0f96c53 feat: update Go to 1.16.6
• 918e161 chore: update deps to final release versions
• 4fe2706 feat: build with Go 1.16.5

Changes from talos-systems/go-blockdevice

• 30c2bc3 feat: mark MBR bootable
• 1292574 fix: make disk type matcher parser case insensitive
• b77400e fix: properly detect nvme and sd card disk types

Changes from talos-systems/go-debug

• 3d0a6e1 feat: race build tag flag detector
• 5b292e5 feat: disable memory profiling by default
• c6d0ae2 fix: linters and CI
• d969f95 feat: initial implementation
• b2044b7 Initial commit

Changes from talos-systems/go-kmsg

• b08e4d3 feat: replace tab character with space in console output
• 2edcd3a feat: add initial version
• 53cdd8d chore: initial commit

Changes from talos-systems/go-loadbalancer

• a445702 feat: allow dial timeout and keep alive period to be configurable
• 3c8f347 feat: provide a way to configure logger for the loadbalancer
• da8e987 feat: implement Reconcile - ability to change upstream list on the fly

Changes from talos-systems/go-retry

• c78cc95 fix: implement errors.Is for all errors in the set
• 7885e16 feat: add ExpectedErrorf
• 3d83f61 feat: deprecate UnexpectedError

Changes from talos-systems/go-smbios

• d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

• 5e6def3 feat: update kernel to latest 5.10.52
• f8d83b4 feat: update Go to 1.16.6
• 7b2e126 feat: add support for hotplug of PCIE devices
• f499062 chore: bump tools to final release 0.6.0
• 41d6ccc feat: enable MACVTAP support
• 96072f8 feat: enable adiantum block encryption (both amd64 arm64)
• f5eac03 feat: update Linux to 5.10.45
• d756119 feat: enable HP ILO kernel module (both amd64 arm64)
• 2d51360 feat: support NFS 4.1
• e63e4e9 feat: bump tools for Go 1.16.5
• 1f8af29 feat: update Linux to 5.10.38
• a3a6650 feat: update containerd to 1.5.2
• c70ea44 feat: update runc to 1.0.0-rc95
• db60235 feat: add support for netxen card
• f934187 feat: update containerd to 1.5.1
• e8ed5bc feat: add geneve encapsulation support for openvswitch
• 9f7903c feat: update containerd to 1.5.0, runc to -rc94
• d7c0f70 feat: add AES-NI support for amd64
• b0d9cd2 fix: build zbin utility for both amd64 and arm64
• bb39b97 feat: add IPMI support in kernel
• 1148f9a feat: add DS1307 RTC support for arm64
• 350aa6f feat: add USB serial support
• de9c582 feat: add Pine64 SBC support
• b56f36b feat: enable VMware baloon kernel module
• f87c194 feat: add iPXE build with embedded placeholder script
• a8b9e71 feat: add cpu scaling for rpi

Changes from talos-systems/tools

• 545d839 feat: update Go to 1.16.6
• c8c2a18 feat: update Go to 1.16.5

Dependency Changes

• github.com/aws/aws-sdk-go v1.38.66 new
• github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
• github.com/containerd/containerd v1.4.4 -> v1.5.2
• github.com/containerd/go-cni v1.0.1 -> v1.0.2
• github.com/containerd/typeurl v1.0.1 -> v1.0.2
• github.com/coreos/go-iptables v0.5.0 -> v0.6.0
• github.com/cosi-project/runtime 10d6103c19ab -> 93ead370bf57
• github.com/docker/docker v20.10.4 -> v20.10.7
• github.com/emicklei/dot v0.15.0 -> v0.16.0
• github.com/evanphx/json-patch v4.9.0 -> v4.11.0
• github.com/fatih/color v1.10.0 -> v1.12.0
• github.com/google/go-cmp v0.5.5 -> v0.5.6
• github.com/google/gofuzz v1.2.0 new
• github.com/googleapis/gnostic v0.5.5 new
• github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.2 -> v1.5.4
• github.com/imdario/mergo v0.3.12 new
• github.com/insomniacslk/dhcp cc9239ac6294 -> 1cac67f12b1e
• github.com/jsimonetti/rtnetlink 1b79e63a70a0 -> 9c52e516c709
• github.com/mattn/go-isatty v0.0.12 -> v0.0.13
• github.com/mdlayher/arp f72070a231fc new
• github.com/mdlayher/ethtool 2b88debcdd43 new
• github.com/mdlayher/netlink v1.4.0 -> v1.4.1
• github.com/mdlayher/raw 51b895745faf new
• github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> e6143ca7d51d
• github.com/rivo/tview 8a8f78a6dd01 -> d4fb0348227b
• github.com/rs/xid v1.2.1 -> v1.3.0
• github.com/sirupsen/logrus v1.8.1 new
• github.com/spf13/viper v1.8.0 new
• github.com/talos-systems/crypto 39584f1b6e54 -> v0.3.1
• github.com/talos-systems/extras v0.3.0 -> v0.4.0-1-g0f96c53
• github.com/talos-systems/go-blockdevice 1d830a25f64f -> v0.2.1
• github.com/talos-systems/go-debug v0.2.1 new
• github.com/talos-systems/go-kmsg v0.1.1 new
• github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
• github.com/talos-systems/go-retry b9dc1a990133 -> v0.3.1
• github.com/talos-systems/go-smbios fb425d4727e6 -> v0.1.0
• github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-3-g5e6def3
• github.com/talos-systems/talos/pkg/machinery 8ffb55943c71 -> 000000000000
• github.com/talos-systems/tools v0.5.0 -> v0.6.0-1-g545d839
• github.com/vishvananda/netns 2eb08e3e575f new
• github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.52.0
• github.com/vmware/govmomi v0.24.0 -> v0.26.0
• go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0
• go.etcd.io/etcd/client/pkg/v3 v3.5.0 new
• go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0
• go.etcd.io/etcd/etcdutl/v3 v3.5.0 new
• go.uber.org/zap v1.17.0 new
• golang.org/x/net e18ecbb05110 -> 04defd469f4e
• golang.org/x/oauth2 a8dc77f794b6 new
• golang.org/x/sys 77cc2087c03b -> 59db8d763f22
• golang.org/x/term 6a3ed077a48d -> 6886f2dfbf5b
• golang.org/x/time f8bda1e9f3ba -> 38a9dc6acbc6
• golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> 92e472f520a5
• google.golang.org/grpc v1.37.0 -> v1.38.0
• inet.af/netaddr bf05d8b52dda new
• k8s.io/api v0.21.0 -> v0.21.3
• k8s.io/apimachinery v0.21.0 -> v0.21.3
• k8s.io/apiserver v0.21.0 -> v0.21.3
• k8s.io/client-go v0.21.0 -> v0.21.3
• k8s.io/cri-api v0.21.0 -> v0.21.3
• k8s.io/kubectl v0.21.0 -> v0.21.3
• k8s.io/kubelet v0.21.0 -> v0.21.3
• k8s.io/utils 6fdb442a123b new

Previous release can be found at v0.10.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.4.0-1-g0f96c53
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.21.3
k8s.gcr.io/kube-controller-manager:v1.21.3
k8s.gcr.io/kube-scheduler:v1.21.3
k8s.gcr.io/kube-proxy:v1.21.3
ghcr.io/talos-systems/kubelet:v1.21.3
ghcr.io/talos-systems/installer:v0.11.3
k8s.gcr.io/pause:3.2

Talos 0.11.2 (2021-07-16)

Welcome to the v0.11.2 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Default to Bootstrap workflow

The init.yaml is no longer an output of talosctl gen config.
We now encourage using the bootstrap API, instead of init node types, as we
intend on deprecating this machine type in the future.
The init.yaml and controlplane.yaml machine configs are identical with the
exception of the machine type.
Users can use a modified controlplane.yaml with the machine type set to
init if they would like to avoid using the bootstrap API.

Component Updates

• containerd was updated to 1.5.2
• Linux kernel was updated to 5.10.45
• Kubernetes was updated to 1.21.3
• etcd was updated to 3.4.16
• CoreDNS was updated to 1.8.4

CoreDNS

Added the flag cluster.coreDNS.disabled to disable coreDNS deployment during the cluster bootstrap.

Legacy BIOS Support

Added an option to the machine.install section of the machine config that can enable marking MBR partition bootable
for the machines that have legacy BIOS which does not support GPT partitioning scheme.

Multi-arch Installer

Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture.
This means that e.g. images for arm64 SBCs can be generated on amd64 host.

Networking Configuration

Talos networking configuration was completely rewritten to be based on controllers
and resources.
There are no changes to the machine configuration, but any update to .machine.network can now
be applied in immediate mode (without a reboot).
Talos should be setting up network configuration much faster on boot now, not blocking on DHCP for unconfigured
interfaces and skipping the reset network step.

Talos API RBAC

Limited RBAC support in Talos API is now enabled by default for Talos 0.11.
Default talosconfig has os:admin role embedded in the certificate so that all the APIs are available.
Certificates with reduced set of roles can be created with talosctl config new command.

When upgrading from Talos 0.10, RBAC is not enabled by default. Before enabling RBAC, generate talosconfig with
os:admin role first to make sure that administrator still has access to the cluster when RBAC is enabled
(using talosctl config new command).

List of available roles:

• os:admin role enables every Talos API
• os:reader role limits access to read-only APIs which do not return sensitive data
• os:etcd:backup role only allows talosctl etcd snapshot API call (for etcd backup automation)

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Serge Logvinov
• Spencer Smith
• Jorik Jonker
• Andrew Rynhard
• Andrew LeCody
• Kevin Hellemun
• Seán C McCord
• Boran Car
• Brandon Nason
• Gabor Nyiri
• Gabor Nyiri
• Joost Coelingh
• Lance R. Vick
• Lennard Klein
• Sébastien Bernard
• Sébastien Bernard

Changes

• 29b10f9b0 release(v0.11.2): prepare release
• 671c00c41 fix: make ethtool optional in link status controller
• 965558787 feat: update Kubernetes to 1.21.3
• 239f6d8c3 release(v0.11.1): prepare release
• 27133766d fix: correctly pick route scope for link-local destination
• a7bbefe56 fix: workaround issues when IPv6 is fully or partially disabled
• 8442a289b feat: update Go to 1.16.6
• 3f6b56c68 release(v0.11.0): prepare release
• 4a54fe00d chore: ignore tags which don't look like semantic version
• 1a40f379f release(v0.11.0-beta.3): prepare release
• 673b27160 fix: validate bond slaves addressing
• f3f646fde chore: ignore future pkg/machinery/vX.Y.Z tags
• 5c640cd52 fix: ignore DeadlineExceeded error correctly on bootstrap
• 17edc883c fix: make forfeit leadership connect to the right node
• 08c9a2e58 feat: implement talosctl config info command
• f6892dba7 fix: close Kubernetes API client
• 06aa24fb9 fix: ignore 'not a leader' error on forfeit leadership
• 9075fc41c fix: workaround 'Unauthorized' errors when accessing Kubernetes API
• 1179d6baf release(v0.11.0-beta.2): prepare release
• 8aed6c2e1 fix: fill uuid argument correctly in the config download URL
• d6c5e5004 fix: make output of upgrade-k8s command less scary
• 452e096e1 fix: restart the merge controllers on conflict
• 79f4f1aa8 fix: ignore deadline exceeded errors on bootstrap
• 8904009f0 feat: update pkgs version
• 223abaab0 release(v0.11.0-beta.1): prepare release
• 7abadf726 fix: issue worker apid certs properly on renewal
• 33d73189e fix: don't set bond delay options if miimon is not enabled
• de7db38e3 release(v0.11.0-beta.0): prepare release
• 74111d7b6 feat: add RBAC to talosctl version output
• 728ad5c6f fix: handle cases when merged resource re-appears before being destroyed
• 283e9f026 chore: add CAPI version to CI setup
• 01a196ea4 chore: small RBAC improvements
• 829e54f1a fix: limit apid access to COSI runtime resources
• f9e01d027 fix: ignore EINVAL on unmount operations
• 7672435e1 feat: add a method to get gRPC connection from the client
• b5244bf18 chore: bump go.mod dependencies, fix netaddr API changes
• c7e622567 chore: update coredns to 1.8.4
• 3a34f1a51 chore: bump Talos Go modules to release versions
• 8d60abff7 chore: use tagged versions of bldr dependencies for 0.11
• 8ef68a6fb feat: remove go-runner in staticpods
• a650531fa release(v0.11.0-alpha.2): prepare release
• 71fff02ff fix: revert back resource.proto order
• d3f4e6006 fix: replace tabs with spaces in console output
• 1990ad252 feat: add created and updated timestamps to the resource metadata
• 0731be908 feat: add cloud images to releases
• b52b20666 feat: split etcd certificates to peer/client
• 33119d2b8 chore: add an option to launch cluster with bad RTC state
• d8c2bca1b feat: reimplement apid certificate generation on top of COSI
• 3c1b32199 chore: refactor CLI tests
• 0fd9ea2d6 feat: enable MACVTAP support
• 898673e8d chore: update e2e tests to use latest capi releases
• e26c5583c docs: add AMI IDs for Talos 0.10.4
• 72ef48f0e fix: assign source address to the DHCP default gateway routes
• 004885a37 feat: update Linux kernel to 5.10.45, etcd to 3.4.16
• 821f469a1 feat: skip overlay mount checks with docker
• b6e02311a feat: use COSI RD's sensitivity for RBAC
• 46751c1ad feat: improve security of Kubernetes control plane components
• 0f659622d fix: build with custom kernel/rootfs
• 5b5089ab9 fix: mark kube-proxy as system critical priority
• 42c16f67f chore: bump dependencies
• 60f78419e chore: bump etcd client libraries to final 3.5.0 release
• 2b0de9edb feat: improve security of Kubernetes control plane components
• 48a5c460a docs: provide more storage details
• e13d905c2 release(v0.11.0-alpha.1): prepare release
• 70ac771e0 fix: use localhost API server endpoint for internal communication
• a941eb7da feat: improve security of Kubernetes control plane components
• 3aae94e53 feat: provide Kubernetes nodename as a COSI resource
• 06209bba2 chore: update RBAC rules, remove old APIs
• 9f24b519d chore: remove bootkube check from cluster health check
• 4ac9bea27 fix: stop etcd client logs from going to the server console
• f63ab9dd9 feat: implement talosctl config new command
• fa15a6687 fix: don't enable RBAC feature in the config for Talos < 0.11
• 2dc27d996 fix: do not format state partition in the initialize sequence
• b609f33cd fix: update networking stack after Equnix Metal testing
• 243a3b53e fix: separate healthy and unknown flags in the service resource
• 1a1378be1 fix: update retry package with a fix for errors.Is
• cb83edd7f fix: wait for the network to be ready in mainteancne mode
• 96f89071c feat: update controller-runtime logs to console level on config.debug
• 973069b61 feat: support NFS 4.1
• 654dcad47 chore: bump dependencies via dependabot
• d7394457d fix: don't treat ethtool errors as fatal
• f2ae9cd0c feat: replace networkd with new network implementation
• caec3063c fix: do not complain about empty roles
• 11918a110 docs: update community meeting time
• aeddb9c09 feat: implement platform config controller (hostnames)
• 1ece334da feat: implement controller which runs network operators
• 744ea8a5d fix: do not add bootstrap contents option if tail events is not 0
• 5029edfb7 fix: overwrite nodes in the gRPC metadata
• 6a35c8f11 feat: implement virtual IP (shared IP) network operator
• 0f3b83803 chore: expose WatchRequest in the resources client
• 11e258b15 feat: implement operator configuration controller
• ce3815e75 feat: implement DHCP6 operator
• f010d99af feat: implement operator framework with DHCP4 as the first example
• f93c9c8fa feat: bring unconfigured links with link carrier up by default
• 02bd657b2 feat: implement network.Status resource and controller
• da329f00a feat: enable RBAC by default
• 0f168a880 feat: add configuration for enabling RBAC
• e74f789b0 feat: implement EtcFileController to render files in /etc
• 5aede1a83 fix: prefer extraConfig over OVF env, skip empty config
• 5ad314fe7 feat: implement basic RBAC interceptors
• c031be813 chore: use Go 1.16.5
• 8b0763f6a chore: bump dependencies via dependabot
• 8b8de11d9 feat: implement new controllers for hostname, resolvers and time servers
• 24859b141 docs: update Rpi4 firmware guide
• 62c702c4f fix: remove conflicting etcd member on rejoin with empty data directory
• ff62a5998 fix: drop into maintenance mode if config URL is none (metal)
• 14e696d06 feat: update COSI runtime and add support for tail in the Talos gRPC
• a71053fcd feat: default to bootstrap workflow
• 76aac4bb2 feat: implement CPU and Memory stats controller
• 8f90c6a8e feat: parse Talos-specific cmdline params
• ed10e139c feat: implement NodeAddress controller
• 33db8857a fix: use COSI runtime DestroyReady input type
• 6e7753639 refactor: rename *.Status() to *.TypedSpec() in the resources
• 97627061d docs: set static IP on ISO install mode
• 5811f4dda feat: implement link (interface) controllers
• 046b229b1 chore: skip building multi-arch installer for race-enabled build
• 73fbb4b52 fix: only fetch machine uuid if it's not set
• f112a540b fix: clean up stale snapshots on container start
• c036b9494 chore: bump dependencies
• a4d67a018 feat: add the ability to disable CoreDNS
• 76dbfb369 feat: add ability to mark MBR partition bootable
• e0f5b1e20 chore: split mgmt/gen.go into several files
• fad1b4f1f chore: fix go generate for the machinery
• 1117294ad release(v0.11.0-alpha.0): prepare release
• c09629466 chore: prepare for 0.11 release series
• 723597657 feat: enable GORACE=halt_on_panic=1 in machined binary
• 0acb04ad7 feat: implement route network controllers
• f5bf88a4c feat: create certificates with os:admin role
• 1db301edf feat: switch controller-runtime to zap.Logger
• f7cf64d42 fix: add talos.config to the vApp Properties in VMware OVA
• 209527ecc docs: add AMIs for Talos 0.10.3
• 59cfd312c chore: bump dependencies via dependabot
• 1edb20cf9 feat: extract config generation
• af77c2956 docs: update wirguard guide
• 4fe691214 test: better talosctl ls tests
• 04ddda962 feat: update containerd to 1.5.2, runc to 1.0.0-rc95
• 49c7276b1 chore: fix markdown linting
• 7270495ac docs: add mayastor quickstart
• d3d9112f2 docs: fix spelling/grammar in What's New for Talos 0.9
• 82804414f test: provide a way to force different boot order in provision library
• a1c0e99a1 docs: add guide for deploying metrics-server
• 6bc6658b5 feat: update containerd to 1.5.1
• c6567fae9 chore: dependabot updates
• 61ccbb3f5 chore: keep debug symbols in debug builds
• 1ce362e05 docs: update customizing kernel build steps
• a26174b54 fix: properly compose pattern and header in etcd members output
• 0825cf11f fix: stop networkd and pods before leaving etcd on upgrade
• bed6b15d6 fix: properly populate AllowSchedulingOnMasters option in gen config RPC
• 071f04456 feat: implement AddressSpec handling
• 76e38b7b8 feat: update Kubernetes to 1.21.1
• 9b1338d98 chore: parse "boolean" variables
• c81cfb216 chore: allow building with debug handlers
• c9651673b feat: update go-smbios library
• 95c656fb7 feat: update containerd to 1.5.0, runc to 1.0.0-rc94
• db9c35b57 feat: implement AddressStatusController
• 1cf011a80 chore: bump dependencies via dependabot
• e3f407a1d fix: properly pass disk type selector from config to matcher
• 66b2b4505 feat: add resources and use HTTPS checks in control plane pods
• 4ffd7c0ad fix: stop networkd before leaving etcd on 'reset' path
• 610d38d30 docs: add AMIs for 0.10.1, collapse list of AMIs by default
• 807497ec2 chore: make conformance pipeline depend on cron-default
• 3c1213596 feat: implement LinkStatusController
• 0e8de0469 fix: update go-blockdevice to fix disk type detection
• 4d50a4edd fix: update the way NTP sync uses adjtimex syscall
• 1a85c14a5 fix: avoid data race on CRI pod stop
• 5de8dbc06 fix: repair pine64 support
• 382390973 fix: properly parse matcher expressions
• e54b6b7a3 chore: update dependencies via dependabot
• f2caed0df chore: use extracted talos-systems/go-kmsg library
• 79d804c5b docs: fix typos
• a2bb390e1 feat: deterministic builds
• e480fedff feat: add USB serial drivers
• 79299d761 docs: add Matrix room links
• 1b3e8b09e docs: add survey to README
• 8d51c9bb1 docs: update redirects to Talos 0.10
• 1092c3a50 feat: add Pine64 SBC support
• 63e017543 feat: pull kernel with VMware balloon module enabled
• aeec99d82 chore: remove temporary fork
• 0f49722d0 feat: add --config-patch flag by node type
• a01b1d22d chore: dump dependencies via dependabot
• d540a4a47 fix: bump crypto library for the CSR verification fix
• c3a4173e1 chore: remove security API ReadFile/WriteFile
• 38037131c chore: update wgctrl dependecy
• d9ba0fd01 docs: create v0.11 docs, promote v0.10 docs, add v0.10 AMIs
• 2261d7ed0 fix: use both self-signed and Kubernetes CA to verify Kubelet cert
• a3537a691 docs: update cloud images for Talos v0.9.3
• 5b9ee8617 docs: add what's new for Talos 0.10
• f1107fa3a docs: add survey
• 93623d47f docs: update AWS instructions
• a739d1b8a feat: add support of custom registry CA certificate usage
• 7f468d350 fix: update osType in OVA other3xLinux64Guest"
• 4a184b67d docs: add etcd backup and restore guide
• 5fb38d3e5 chore: refactor Dockerfile for cross-compilation
• a8f1e526b chore: build talosctl for Darwin / Apple Silicon
• eb0b64d31 chore: list specifically for enabled regions
• 669a0cbdc fix: check if OVF env is empty
• da92049c0 chore: use codecov from the build container
• 9996d4b02 chore: use REGISTRY_MIRROR_FLAGS if defined
• 05cbe250c chore: bump dependencies via dependabot
• 9a91142a3 feat: print complete member info in etcd members
• bb40d6dd0 feat: update pkgs version
• e7a9164b1 test: implement talosctl conformance command to run e2e tests
• 6cb266e74 fix: update etcd client errors, print etcd join failures
• 0bd8b0e80 feat: provide an option to recover etcd from data directory copy
• f98185408 chore: fix conform with scopes
• 21018f28c chore: bump website node.js dependencies

Changes since v0.11.1

• 29b10f9b0 release(v0.11.2): prepare release
• 671c00c41 fix: make ethtool optional in link status controller
• 965558787 feat: update Kubernetes to 1.21.3

Changes from talos-systems/crypto

• d3cb772 feat: make possible to change KeyUsage
• 6bc5bb5 chore: remove unused argument
• cd18ef6 feat: add support for several organizations
• 97c888b chore: add options to CSR
• 7776057 chore: fix typos
• 80df078 chore: remove named result parameters
• 15bdd28 chore: minor updates
• 4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/extras

• 0f96c53 feat: update Go to 1.16.6
• 918e161 chore: update deps to final release versions
• 4fe2706 feat: build with Go 1.16.5

Changes from talos-systems/go-blockdevice

• 30c2bc3 feat: mark MBR bootable
• 1292574 fix: make disk type matcher parser case insensitive
• b77400e fix: properly detect nvme and sd card disk types

Changes from talos-systems/go-debug

• 3d0a6e1 feat: race build tag flag detector
• 5b292e5 feat: disable memory profiling by default
• c6d0ae2 fix: linters and CI
• d969f95 feat: initial implementation
• b2044b7 Initial commit

Changes from talos-systems/go-kmsg

• b08e4d3 feat: replace tab character with space in console output
• 2edcd3a feat: add initial version
• 53cdd8d chore: initial commit

Changes from talos-systems/go-loadbalancer

• a445702 feat: allow dial timeout and keep alive period to be configurable
• 3c8f347 feat: provide a way to configure logger for the loadbalancer
• da8e987 feat: implement Reconcile - ability to change upstream list on the fly

Changes from talos-systems/go-retry

• c78cc95 fix: implement errors.Is for all errors in the set
• 7885e16 feat: add ExpectedErrorf
• 3d83f61 feat: deprecate UnexpectedError

Changes from talos-systems/go-smbios

• d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

• f8d83b4 feat: update Go to 1.16.6
• 7b2e126 feat: add support for hotplug of PCIE devices
• f499062 chore: bump tools to final release 0.6.0
• 41d6ccc feat: enable MACVTAP support
• 96072f8 feat: enable adiantum block encryption (both amd64 arm64)
• f5eac03 feat: update Linux to 5.10.45
• d756119 feat: enable HP ILO kernel module (both amd64 arm64)
• 2d51360 feat: support NFS 4.1
• e63e4e9 feat: bump tools for Go 1.16.5
• 1f8af29 feat: update Linux to 5.10.38
• a3a6650 feat: update containerd to 1.5.2
• c70ea44 feat: update runc to 1.0.0-rc95
• db60235 feat: add support for netxen card
• f934187 feat: update containerd to 1.5.1
• e8ed5bc feat: add geneve encapsulation support for openvswitch
• 9f7903c feat: update containerd to 1.5.0, runc to -rc94
• d7c0f70 feat: add AES-NI support for amd64
• b0d9cd2 fix: build zbin utility for both amd64 and arm64
• bb39b97 feat: add IPMI support in kernel
• 1148f9a feat: add DS1307 RTC support for arm64
• 350aa6f feat: add USB serial support
• de9c582 feat: add Pine64 SBC support
• b56f36b feat: enable VMware baloon kernel module
• f87c194 feat: add iPXE build with embedded placeholder script
• a8b9e71 feat: add cpu scaling for rpi

Changes from talos-systems/tools

• 545d839 feat: update Go to 1.16.6
• c8c2a18 feat: update Go to 1.16.5

Dependency Changes

• github.com/aws/aws-sdk-go v1.38.66 new
• github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
• github.com/containerd/containerd v1.4.4 -> v1.5.2
• github.com/containerd/go-cni v1.0.1 -> v1.0.2
• github.com/containerd/typeurl v1.0.1 -> v1.0.2
• github.com/coreos/go-iptables v0.5.0 -> v0.6.0
• github.com/cosi-project/runtime 10d6103c19ab -> 93ead370bf57
• github.com/docker/docker v20.10.4 -> v20.10.7
• github.com/emicklei/dot v0.15.0 -> v0.16.0
• github.com/evanphx/json-patch v4.9.0 -> v4.11.0
• github.com/fatih/color v1.10.0 -> v1.12.0
• github.com/google/go-cmp v0.5.5 -> v0.5.6
• github.com/google/gofuzz v1.2.0 new
• github.com/googleapis/gnostic v0.5.5 new
• github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.2 -> v1.5.4
• github.com/imdario/mergo v0.3.12 new
• github.com/insomniacslk/dhcp cc9239ac6294 -> 1cac67f12b1e
• github.com/jsimonetti/rtnetlink 1b79e63a70a0 -> 9c52e516c709
• github.com/mattn/go-isatty v0.0.12 -> v0.0.13
• github.com/mdlayher/arp f72070a231fc new
• github.com/mdlayher/ethtool 2b88debcdd43 new
• github.com/mdlayher/netlink v1.4.0 -> v1.4.1
• github.com/mdlayher/raw 51b895745faf new
• github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> e6143ca7d51d
• github.com/rivo/tview 8a8f78a6dd01 -> d4fb0348227b
• github.com/rs/xid v1.2.1 -> v1.3.0
• github.com/sirupsen/logrus v1.8.1 new
• github.com/spf13/viper v1.8.0 new
• github.com/talos-systems/crypto 39584f1b6e54 -> v0.3.1
• github.com/talos-systems/extras v0.3.0 -> v0.4.0-1-g0f96c53
• github.com/talos-systems/go-blockdevice 1d830a25f64f -> v0.2.1
• github.com/talos-systems/go-debug v0.2.1 new
• github.com/talos-systems/go-kmsg v0.1.1 new
• github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
• github.com/talos-systems/go-retry b9dc1a990133 -> v0.3.1
• github.com/talos-systems/go-smbios fb425d4727e6 -> v0.1.0
• github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-2-gf8d83b4
• github.com/talos-systems/talos/pkg/machinery 8ffb55943c71 -> 000000000000
• github.com/talos-systems/tools v0.5.0 -> v0.6.0-1-g545d839
• github.com/vishvananda/netns 2eb08e3e575f new
• github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.52.0
• github.com/vmware/govmomi v0.24.0 -> v0.26.0
• go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0
• go.etcd.io/etcd/client/pkg/v3 v3.5.0 new
• go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0
• go.etcd.io/etcd/etcdutl/v3 v3.5.0 new
• go.uber.org/zap v1.17.0 new
• golang.org/x/net e18ecbb05110 -> 04defd469f4e
• golang.org/x/oauth2 a8dc77f794b6 new
• golang.org/x/sys 77cc2087c03b -> 59db8d763f22
• golang.org/x/term 6a3ed077a48d -> 6886f2dfbf5b
• golang.org/x/time f8bda1e9f3ba -> 38a9dc6acbc6
• golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> 92e472f520a5
• google.golang.org/grpc v1.37.0 -> v1.38.0
• inet.af/netaddr bf05d8b52dda new
• k8s.io/api v0.21.0 -> v0.21.3
• k8s.io/apimachinery v0.21.0 -> v0.21.3
• k8s.io/apiserver v0.21.0 -> v0.21.3
• k8s.io/client-go v0.21.0 -> v0.21.3
• k8s.io/cri-api v0.21.0 -> v0.21.3
• k8s.io/kubectl v0.21.0 -> v0.21.3
• k8s.io/kubelet v0.21.0 -> v0.21.3
• k8s.io/utils 6fdb442a123b new

Previous release can be found at v0.10.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.4.0-1-g0f96c53
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.21.3
k8s.gcr.io/kube-controller-manager:v1.21.3
k8s.gcr.io/kube-scheduler:v1.21.3
k8s.gcr.io/kube-proxy:v1.21.3
ghcr.io/talos-systems/kubelet:v1.21.3
ghcr.io/talos-systems/installer:v0.11.2
k8s.gcr.io/pause:3.2

Talos 0.11.1 (2021-07-14)

Welcome to the v0.11.1 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Default to Bootstrap workflow

The init.yaml is no longer an output of talosctl gen config.
We now encourage using the bootstrap API, instead of init node types, as we
intend on deprecating this machine type in the future.
The init.yaml and controlplane.yaml machine configs are identical with the
exception of the machine type.
Users can use a modified controlplane.yaml with the machine type set to
init if they would like to avoid using the bootstrap API.

Component Updates

• containerd was updated to 1.5.2
• Linux kernel was updated to 5.10.45
• Kubernetes was updated to 1.21.2
• etcd was updated to 3.4.16
• CoreDNS was updated to 1.8.4

CoreDNS

Added the flag cluster.coreDNS.disabled to disable coreDNS deployment during the cluster bootstrap.

Legacy BIOS Support

Added an option to the machine.install section of the machine config that can enable marking MBR partition bootable
for the machines that have legacy BIOS which does not support GPT partitioning scheme.

Multi-arch Installer

Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture.
This means that e.g. images for arm64 SBCs can be generated on amd64 host.

Networking Configuration

Talos networking configuration was completely rewritten to be based on controllers
and resources.
There are no changes to the machine configuration, but any update to .machine.network can now
be applied in immediate mode (without a reboot).
Talos should be setting up network configuration much faster on boot now, not blocking on DHCP for unconfigured
interfaces and skipping the reset network step.

Talos API RBAC

Limited RBAC support in Talos API is now enabled by default for Talos 0.11.
Default talosconfig has os:admin role embedded in the certificate so that all the APIs are available.
Certificates with reduced set of roles can be created with talosctl config new command.

When upgrading from Talos 0.10, RBAC is not enabled by default. Before enabling RBAC, generate talosconfig with
os:admin role first to make sure that administrator still has access to the cluster when RBAC is enabled
(using talosctl config new command).

List of available roles:

• os:admin role enables every Talos API
• os:reader role limits access to read-only APIs which do not return sensitive data
• os:etcd:backup role only allows talosctl etcd snapshot API call (for etcd backup automation)

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Serge Logvinov
• Spencer Smith
• Jorik Jonker
• Andrew Rynhard
• Andrew LeCody
• Kevin Hellemun
• Seán C McCord
• Boran Car
• Brandon Nason
• Gabor Nyiri
• Gabor Nyiri
• Joost Coelingh
• Lance R. Vick
• Lennard Klein
• Sébastien Bernard
• Sébastien Bernard

Changes

• 239f6d8c3 release(v0.11.1): prepare release
• 27133766d fix: correctly pick route scope for link-local destination
• a7bbefe56 fix: workaround issues when IPv6 is fully or partially disabled
• 8442a289b feat: update Go to 1.16.6
• 3f6b56c68 release(v0.11.0): prepare release
• 4a54fe00d chore: ignore tags which don't look like semantic version
• 1a40f379f release(v0.11.0-beta.3): prepare release
• 673b27160 fix: validate bond slaves addressing
• f3f646fde chore: ignore future pkg/machinery/vX.Y.Z tags
• 5c640cd52 fix: ignore DeadlineExceeded error correctly on bootstrap
• 17edc883c fix: make forfeit leadership connect to the right node
• 08c9a2e58 feat: implement talosctl config info command
• f6892dba7 fix: close Kubernetes API client
• 06aa24fb9 fix: ignore 'not a leader' error on forfeit leadership
• 9075fc41c fix: workaround 'Unauthorized' errors when accessing Kubernetes API
• 1179d6baf release(v0.11.0-beta.2): prepare release
• 8aed6c2e1 fix: fill uuid argument correctly in the config download URL
• d6c5e5004 fix: make output of upgrade-k8s command less scary
• 452e096e1 fix: restart the merge controllers on conflict
• 79f4f1aa8 fix: ignore deadline exceeded errors on bootstrap
• 8904009f0 feat: update pkgs version
• 223abaab0 release(v0.11.0-beta.1): prepare release
• 7abadf726 fix: issue worker apid certs properly on renewal
• 33d73189e fix: don't set bond delay options if miimon is not enabled
• de7db38e3 release(v0.11.0-beta.0): prepare release
• 74111d7b6 feat: add RBAC to talosctl version output
• 728ad5c6f fix: handle cases when merged resource re-appears before being destroyed
• 283e9f026 chore: add CAPI version to CI setup
• 01a196ea4 chore: small RBAC improvements
• 829e54f1a fix: limit apid access to COSI runtime resources
• f9e01d027 fix: ignore EINVAL on unmount operations
• 7672435e1 feat: add a method to get gRPC connection from the client
• b5244bf18 chore: bump go.mod dependencies, fix netaddr API changes
• c7e622567 chore: update coredns to 1.8.4
• 3a34f1a51 chore: bump Talos Go modules to release versions
• 8d60abff7 chore: use tagged versions of bldr dependencies for 0.11
• 8ef68a6fb feat: remove go-runner in staticpods
• a650531fa release(v0.11.0-alpha.2): prepare release
• 71fff02ff fix: revert back resource.proto order
• d3f4e6006 fix: replace tabs with spaces in console output
• 1990ad252 feat: add created and updated timestamps to the resource metadata
• 0731be908 feat: add cloud images to releases
• b52b20666 feat: split etcd certificates to peer/client
• 33119d2b8 chore: add an option to launch cluster with bad RTC state
• d8c2bca1b feat: reimplement apid certificate generation on top of COSI
• 3c1b32199 chore: refactor CLI tests
• 0fd9ea2d6 feat: enable MACVTAP support
• 898673e8d chore: update e2e tests to use latest capi releases
• e26c5583c docs: add AMI IDs for Talos 0.10.4
• 72ef48f0e fix: assign source address to the DHCP default gateway routes
• 004885a37 feat: update Linux kernel to 5.10.45, etcd to 3.4.16
• 821f469a1 feat: skip overlay mount checks with docker
• b6e02311a feat: use COSI RD's sensitivity for RBAC
• 46751c1ad feat: improve security of Kubernetes control plane components
• 0f659622d fix: build with custom kernel/rootfs
• 5b5089ab9 fix: mark kube-proxy as system critical priority
• 42c16f67f chore: bump dependencies
• 60f78419e chore: bump etcd client libraries to final 3.5.0 release
• 2b0de9edb feat: improve security of Kubernetes control plane components
• 48a5c460a docs: provide more storage details
• e13d905c2 release(v0.11.0-alpha.1): prepare release
• 70ac771e0 fix: use localhost API server endpoint for internal communication
• a941eb7da feat: improve security of Kubernetes control plane components
• 3aae94e53 feat: provide Kubernetes nodename as a COSI resource
• 06209bba2 chore: update RBAC rules, remove old APIs
• 9f24b519d chore: remove bootkube check from cluster health check
• 4ac9bea27 fix: stop etcd client logs from going to the server console
• f63ab9dd9 feat: implement talosctl config new command
• fa15a6687 fix: don't enable RBAC feature in the config for Talos < 0.11
• 2dc27d996 fix: do not format state partition in the initialize sequence
• b609f33cd fix: update networking stack after Equnix Metal testing
• 243a3b53e fix: separate healthy and unknown flags in the service resource
• 1a1378be1 fix: update retry package with a fix for errors.Is
• cb83edd7f fix: wait for the network to be ready in mainteancne mode
• 96f89071c feat: update controller-runtime logs to console level on config.debug
• 973069b61 feat: support NFS 4.1
• 654dcad47 chore: bump dependencies via dependabot
• d7394457d fix: don't treat ethtool errors as fatal
• f2ae9cd0c feat: replace networkd with new network implementation
• caec3063c fix: do not complain about empty roles
• 11918a110 docs: update community meeting time
• aeddb9c09 feat: implement platform config controller (hostnames)
• 1ece334da feat: implement controller which runs network operators
• 744ea8a5d fix: do not add bootstrap contents option if tail events is not 0
• 5029edfb7 fix: overwrite nodes in the gRPC metadata
• 6a35c8f11 feat: implement virtual IP (shared IP) network operator
• 0f3b83803 chore: expose WatchRequest in the resources client
• 11e258b15 feat: implement operator configuration controller
• ce3815e75 feat: implement DHCP6 operator
• f010d99af feat: implement operator framework with DHCP4 as the first example
• f93c9c8fa feat: bring unconfigured links with link carrier up by default
• 02bd657b2 feat: implement network.Status resource and controller
• da329f00a feat: enable RBAC by default
• 0f168a880 feat: add configuration for enabling RBAC
• e74f789b0 feat: implement EtcFileController to render files in /etc
• 5aede1a83 fix: prefer extraConfig over OVF env, skip empty config
• 5ad314fe7 feat: implement basic RBAC interceptors
• c031be813 chore: use Go 1.16.5
• 8b0763f6a chore: bump dependencies via dependabot
• 8b8de11d9 feat: implement new controllers for hostname, resolvers and time servers
• 24859b141 docs: update Rpi4 firmware guide
• 62c702c4f fix: remove conflicting etcd member on rejoin with empty data directory
• ff62a5998 fix: drop into maintenance mode if config URL is none (metal)
• 14e696d06 feat: update COSI runtime and add support for tail in the Talos gRPC
• a71053fcd feat: default to bootstrap workflow
• 76aac4bb2 feat: implement CPU and Memory stats controller
• 8f90c6a8e feat: parse Talos-specific cmdline params
• ed10e139c feat: implement NodeAddress controller
• 33db8857a fix: use COSI runtime DestroyReady input type
• 6e7753639 refactor: rename *.Status() to *.TypedSpec() in the resources
• 97627061d docs: set static IP on ISO install mode
• 5811f4dda feat: implement link (interface) controllers
• 046b229b1 chore: skip building multi-arch installer for race-enabled build
• 73fbb4b52 fix: only fetch machine uuid if it's not set
• f112a540b fix: clean up stale snapshots on container start
• c036b9494 chore: bump dependencies
• a4d67a018 feat: add the ability to disable CoreDNS
• 76dbfb369 feat: add ability to mark MBR partition bootable
• e0f5b1e20 chore: split mgmt/gen.go into several files
• fad1b4f1f chore: fix go generate for the machinery
• 1117294ad release(v0.11.0-alpha.0): prepare release
• c09629466 chore: prepare for 0.11 release series
• 723597657 feat: enable GORACE=halt_on_panic=1 in machined binary
• 0acb04ad7 feat: implement route network controllers
• f5bf88a4c feat: create certificates with os:admin role
• 1db301edf feat: switch controller-runtime to zap.Logger
• f7cf64d42 fix: add talos.config to the vApp Properties in VMware OVA
• 209527ecc docs: add AMIs for Talos 0.10.3
• 59cfd312c chore: bump dependencies via dependabot
• 1edb20cf9 feat: extract config generation
• af77c2956 docs: update wirguard guide
• 4fe691214 test: better talosctl ls tests
• 04ddda962 feat: update containerd to 1.5.2, runc to 1.0.0-rc95
• 49c7276b1 chore: fix markdown linting
• 7270495ac docs: add mayastor quickstart
• d3d9112f2 docs: fix spelling/grammar in What's New for Talos 0.9
• 82804414f test: provide a way to force different boot order in provision library
• a1c0e99a1 docs: add guide for deploying metrics-server
• 6bc6658b5 feat: update containerd to 1.5.1
• c6567fae9 chore: dependabot updates
• 61ccbb3f5 chore: keep debug symbols in debug builds
• 1ce362e05 docs: update customizing kernel build steps
• a26174b54 fix: properly compose pattern and header in etcd members output
• 0825cf11f fix: stop networkd and pods before leaving etcd on upgrade
• bed6b15d6 fix: properly populate AllowSchedulingOnMasters option in gen config RPC
• 071f04456 feat: implement AddressSpec handling
• 76e38b7b8 feat: update Kubernetes to 1.21.1
• 9b1338d98 chore: parse "boolean" variables
• c81cfb216 chore: allow building with debug handlers
• c9651673b feat: update go-smbios library
• 95c656fb7 feat: update containerd to 1.5.0, runc to 1.0.0-rc94
• db9c35b57 feat: implement AddressStatusController
• 1cf011a80 chore: bump dependencies via dependabot
• e3f407a1d fix: properly pass disk type selector from config to matcher
• 66b2b4505 feat: add resources and use HTTPS checks in control plane pods
• 4ffd7c0ad fix: stop networkd before leaving etcd on 'reset' path
• 610d38d30 docs: add AMIs for 0.10.1, collapse list of AMIs by default
• 807497ec2 chore: make conformance pipeline depend on cron-default
• 3c1213596 feat: implement LinkStatusController
• 0e8de0469 fix: update go-blockdevice to fix disk type detection
• 4d50a4edd fix: update the way NTP sync uses adjtimex syscall
• 1a85c14a5 fix: avoid data race on CRI pod stop
• 5de8dbc06 fix: repair pine64 support
• 382390973 fix: properly parse matcher expressions
• e54b6b7a3 chore: update dependencies via dependabot
• f2caed0df chore: use extracted talos-systems/go-kmsg library
• 79d804c5b docs: fix typos
• a2bb390e1 feat: deterministic builds
• e480fedff feat: add USB serial drivers
• 79299d761 docs: add Matrix room links
• 1b3e8b09e docs: add survey to README
• 8d51c9bb1 docs: update redirects to Talos 0.10
• 1092c3a50 feat: add Pine64 SBC support
• 63e017543 feat: pull kernel with VMware balloon module enabled
• aeec99d82 chore: remove temporary fork
• 0f49722d0 feat: add --config-patch flag by node type
• a01b1d22d chore: dump dependencies via dependabot
• d540a4a47 fix: bump crypto library for the CSR verification fix
• c3a4173e1 chore: remove security API ReadFile/WriteFile
• 38037131c chore: update wgctrl dependecy
• d9ba0fd01 docs: create v0.11 docs, promote v0.10 docs, add v0.10 AMIs
• 2261d7ed0 fix: use both self-signed and Kubernetes CA to verify Kubelet cert
• a3537a691 docs: update cloud images for Talos v0.9.3
• 5b9ee8617 docs: add what's new for Talos 0.10
• f1107fa3a docs: add survey
• 93623d47f docs: update AWS instructions
• a739d1b8a feat: add support of custom registry CA certificate usage
• 7f468d350 fix: update osType in OVA other3xLinux64Guest"
• 4a184b67d docs: add etcd backup and restore guide
• 5fb38d3e5 chore: refactor Dockerfile for cross-compilation
• a8f1e526b chore: build talosctl for Darwin / Apple Silicon
• eb0b64d31 chore: list specifically for enabled regions
• 669a0cbdc fix: check if OVF env is empty
• da92049c0 chore: use codecov from the build container
• 9996d4b02 chore: use REGISTRY_MIRROR_FLAGS if defined
• 05cbe250c chore: bump dependencies via dependabot
• 9a91142a3 feat: print complete member info in etcd members
• bb40d6dd0 feat: update pkgs version
• e7a9164b1 test: implement talosctl conformance command to run e2e tests
• 6cb266e74 fix: update etcd client errors, print etcd join failures
• 0bd8b0e80 feat: provide an option to recover etcd from data directory copy
• f98185408 chore: fix conform with scopes
• 21018f28c chore: bump website node.js dependencies

Changes since v0.11.0

• 239f6d8c3 release(v0.11.1): prepare release
• 27133766d fix: correctly pick route scope for link-local destination
• a7bbefe56 fix: workaround issues when IPv6 is fully or partially disabled
• 8442a289b feat: update Go to 1.16.6

Changes from talos-systems/crypto

• d3cb772 feat: make possible to change KeyUsage
• 6bc5bb5 chore: remove unused argument
• cd18ef6 feat: add support for several organizations
• 97c888b chore: add options to CSR
• 7776057 chore: fix typos
• 80df078 chore: remove named result parameters
• 15bdd28 chore: minor updates
• 4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/extras

• 0f96c53 feat: update Go to 1.16.6
• 918e161 chore: update deps to final release versions
• 4fe2706 feat: build with Go 1.16.5

Changes from talos-systems/go-blockdevice

• 30c2bc3 feat: mark MBR bootable
• 1292574 fix: make disk type matcher parser case insensitive
• b77400e fix: properly detect nvme and sd card disk types

Changes from talos-systems/go-debug

• 3d0a6e1 feat: race build tag flag detector
• 5b292e5 feat: disable memory profiling by default
• c6d0ae2 fix: linters and CI
• d969f95 feat: initial implementation
• b2044b7 Initial commit

Changes from talos-systems/go-kmsg

• b08e4d3 feat: replace tab character with space in console output
• 2edcd3a feat: add initial version
• 53cdd8d chore: initial commit

Changes from talos-systems/go-loadbalancer

• a445702 feat: allow dial timeout and keep alive period to be configurable
• 3c8f347 feat: provide a way to configure logger for the loadbalancer
• da8e987 feat: implement Reconcile - ability to change upstream list on the fly

Changes from talos-systems/go-retry

• c78cc95 fix: implement errors.Is for all errors in the set
• 7885e16 feat: add ExpectedErrorf
• 3d83f61 feat: deprecate UnexpectedError

Changes from talos-systems/go-smbios

• d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

• f8d83b4 feat: update Go to 1.16.6
• 7b2e126 feat: add support for hotplug of PCIE devices
• f499062 chore: bump tools to final release 0.6.0
• 41d6ccc feat: enable MACVTAP support
• 96072f8 feat: enable adiantum block encryption (both amd64 arm64)
• f5eac03 feat: update Linux to 5.10.45
• d756119 feat: enable HP ILO kernel module (both amd64 arm64)
• 2d51360 feat: support NFS 4.1
• e63e4e9 feat: bump tools for Go 1.16.5
• 1f8af29 feat: update Linux to 5.10.38
• a3a6650 feat: update containerd to 1.5.2
• c70ea44 feat: update runc to 1.0.0-rc95
• db60235 feat: add support for netxen card
• f934187 feat: update containerd to 1.5.1
• e8ed5bc feat: add geneve encapsulation support for openvswitch
• 9f7903c feat: update containerd to 1.5.0, runc to -rc94
• d7c0f70 feat: add AES-NI support for amd64
• b0d9cd2 fix: build zbin utility for both amd64 and arm64
• bb39b97 feat: add IPMI support in kernel
• 1148f9a feat: add DS1307 RTC support for arm64
• 350aa6f feat: add USB serial support
• de9c582 feat: add Pine64 SBC support
• b56f36b feat: enable VMware baloon kernel module
• f87c194 feat: add iPXE build with embedded placeholder script
• a8b9e71 feat: add cpu scaling for rpi

Changes from talos-systems/tools

• 545d839 feat: update Go to 1.16.6
• c8c2a18 feat: update Go to 1.16.5

Dependency Changes

• github.com/aws/aws-sdk-go v1.38.66 new
• github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
• github.com/containerd/containerd v1.4.4 -> v1.5.2
• github.com/containerd/go-cni v1.0.1 -> v1.0.2
• github.com/containerd/typeurl v1.0.1 -> v1.0.2
• github.com/coreos/go-iptables v0.5.0 -> v0.6.0
• github.com/cosi-project/runtime 10d6103c19ab -> 93ead370bf57
• github.com/docker/docker v20.10.4 -> v20.10.7
• github.com/emicklei/dot v0.15.0 -> v0.16.0
• github.com/evanphx/json-patch v4.9.0 -> v4.11.0
• github.com/fatih/color v1.10.0 -> v1.12.0
• github.com/google/go-cmp v0.5.5 -> v0.5.6
• github.com/google/gofuzz v1.2.0 new
• github.com/googleapis/gnostic v0.5.5 new
• github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.2 -> v1.5.4
• github.com/imdario/mergo v0.3.12 new
• github.com/insomniacslk/dhcp cc9239ac6294 -> 1cac67f12b1e
• github.com/jsimonetti/rtnetlink 1b79e63a70a0 -> 9c52e516c709
• github.com/mattn/go-isatty v0.0.12 -> v0.0.13
• github.com/mdlayher/arp f72070a231fc new
• github.com/mdlayher/ethtool 2b88debcdd43 new
• github.com/mdlayher/netlink v1.4.0 -> v1.4.1
• github.com/mdlayher/raw 51b895745faf new
• github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> e6143ca7d51d
• github.com/rivo/tview 8a8f78a6dd01 -> d4fb0348227b
• github.com/rs/xid v1.2.1 -> v1.3.0
• github.com/sirupsen/logrus v1.8.1 new
• github.com/spf13/viper v1.8.0 new
• github.com/talos-systems/crypto 39584f1b6e54 -> v0.3.1
• github.com/talos-systems/extras v0.3.0 -> v0.4.0-1-g0f96c53
• github.com/talos-systems/go-blockdevice 1d830a25f64f -> v0.2.1
• github.com/talos-systems/go-debug v0.2.1 new
• github.com/talos-systems/go-kmsg v0.1.1 new
• github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
• github.com/talos-systems/go-retry b9dc1a990133 -> v0.3.1
• github.com/talos-systems/go-smbios fb425d4727e6 -> v0.1.0
• github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-2-gf8d83b4
• github.com/talos-systems/talos/pkg/machinery 8ffb55943c71 -> 000000000000
• github.com/talos-systems/tools v0.5.0 -> v0.6.0-1-g545d839
• github.com/vishvananda/netns 2eb08e3e575f new
• github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.52.0
• github.com/vmware/govmomi v0.24.0 -> v0.26.0
• go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0
• go.etcd.io/etcd/client/pkg/v3 v3.5.0 new
• go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0
• go.etcd.io/etcd/etcdutl/v3 v3.5.0 new
• go.uber.org/zap v1.17.0 new
• golang.org/x/net e18ecbb05110 -> 04defd469f4e
• golang.org/x/oauth2 a8dc77f794b6 new
• golang.org/x/sys 77cc2087c03b -> 59db8d763f22
• golang.org/x/term 6a3ed077a48d -> 6886f2dfbf5b
• golang.org/x/time f8bda1e9f3ba -> 38a9dc6acbc6
• golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> 92e472f520a5
• google.golang.org/grpc v1.37.0 -> v1.38.0
• inet.af/netaddr bf05d8b52dda new
• k8s.io/api v0.21.0 -> v0.21.2
• k8s.io/apimachinery v0.21.0 -> v0.21.2
• k8s.io/apiserver v0.21.0 -> v0.21.2
• k8s.io/client-go v0.21.0 -> v0.21.2
• k8s.io/cri-api v0.21.0 -> v0.21.2
• k8s.io/kubectl v0.21.0 -> v0.21.2
• k8s.io/kubelet v0.21.0 -> v0.21.2
• k8s.io/utils 6fdb442a123b new
• sigs.k8s.io/structured-merge-diff/v4 v4.1.1 new

Previous release can be found at v0.10.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.4.0-1-g0f96c53
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.21.2
k8s.gcr.io/kube-controller-manager:v1.21.2
k8s.gcr.io/kube-scheduler:v1.21.2
k8s.gcr.io/kube-proxy:v1.21.2
ghcr.io/talos-systems/kubelet:v1.21.2
ghcr.io/talos-systems/installer:v0.11.1
k8s.gcr.io/pause:3.2