talos

Talos 0.11.0-beta.1 (2021-06-29)

Welcome to the v0.11.0-beta.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Default to Bootstrap workflow

The init.yaml is no longer an output of talosctl gen config.
We now encourage using the bootstrap API, instead of init node types, as we
intend on deprecating this machine type in the future.
The init.yaml and controlplane.yaml machine configs are identical with the
exception of the machine type.
Users can use a modified controlplane.yaml with the machine type set to
init if they would like to avoid using the bootstrap API.

Component Updates

• containerd was updated to 1.5.2
• Linux kernel was updated to 5.10.45
• Kubernetes was updated to 1.21.2
• etcd was updated to 3.4.16
• CoreDNS was updated to 1.8.4

CoreDNS

Added the flag cluster.coreDNS.disabled to coreDNS deployment during the cluster bootstrap.

Legacy BIOS Support

Added an option to the machine.install section of the machine config that can enable marking MBR partition bootable
for the machines that have legacy BIOS which does not support GPT partitioning scheme.

Multi-arch Installer

Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture.
This means that e.g. images for arm64 SBCs can be generated on amd64 host.

Networking Configuration

Talos networking configuration was completely rewritten to be based on controllers
and resources.
There are no changes to the machine configuration, but any update to .machine.network can now
be applied in immediate mode (without a reboot).
Talos should be setting up network configuration much faster on boot now, not blocking on DHCP for unconfigured
interfaces and skipping the reset network step.

Talos API RBAC

Limited RBAC support in Talos API is now enabled by default for Talos 0.11.
Default talosconfig has os:admin role embedded in the certificate so that all the APIs are available.
Certificates with reduced set of roles can be created with talosctl config new command.

When upgrading from Talos 0.10, RBAC is not enabled by default. Before enabling RBAC, generate talosconfig with
os:admin role first to make sure that administrator still has access to the cluster when RBAC is enabled
(using talosctl config new command).

List of available roles:

• os:admin role enables every Talos API
• os:reader role limits access to read-only APIs which do not return sensitive data
• os:etcd:backup role only allows talosctl etcd snapshot API call (for etcd backup automation)

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Serge Logvinov
• Jorik Jonker
• Spencer Smith
• Andrew Rynhard
• Andrew LeCody
• Kevin Hellemun
• Seán C McCord
• Boran Car
• Brandon Nason
• Gabor Nyiri
• Gabor Nyiri
• Joost Coelingh
• Lance R. Vick
• Lennard Klein
• Sébastien Bernard
• Sébastien Bernard

Changes

• 223abaab0 release(v0.11.0-beta.1): prepare release
• 7abadf726 fix: issue worker apid certs properly on renewal
• 33d73189e fix: don't set bond delay options if miimon is not enabled
• de7db38e3 release(v0.11.0-beta.0): prepare release
• 74111d7b6 feat: add RBAC to talosctl version output
• 728ad5c6f fix: handle cases when merged resource re-appears before being destroyed
• 283e9f026 chore: add CAPI version to CI setup
• 01a196ea4 chore: small RBAC improvements
• 829e54f1a fix: limit apid access to COSI runtime resources
• f9e01d027 fix: ignore EINVAL on unmount operations
• 7672435e1 feat: add a method to get gRPC connection from the client
• b5244bf18 chore: bump go.mod dependencies, fix netaddr API changes
• c7e622567 chore: update coredns to 1.8.4
• 3a34f1a51 chore: bump Talos Go modules to release versions
• 8d60abff7 chore: use tagged versions of bldr dependencies for 0.11
• 8ef68a6fb feat: remove go-runner in staticpods
• a650531fa release(v0.11.0-alpha.2): prepare release
• 71fff02ff fix: revert back resource.proto order
• d3f4e6006 fix: replace tabs with spaces in console output
• 1990ad252 feat: add created and updated timestamps to the resource metadata
• 0731be908 feat: add cloud images to releases
• b52b20666 feat: split etcd certificates to peer/client
• 33119d2b8 chore: add an option to launch cluster with bad RTC state
• d8c2bca1b feat: reimplement apid certificate generation on top of COSI
• 3c1b32199 chore: refactor CLI tests
• 0fd9ea2d6 feat: enable MACVTAP support
• 898673e8d chore: update e2e tests to use latest capi releases
• e26c5583c docs: add AMI IDs for Talos 0.10.4
• 72ef48f0e fix: assign source address to the DHCP default gateway routes
• 004885a37 feat: update Linux kernel to 5.10.45, etcd to 3.4.16
• 821f469a1 feat: skip overlay mount checks with docker
• b6e02311a feat: use COSI RD's sensitivity for RBAC
• 46751c1ad feat: improve security of Kubernetes control plane components
• 0f659622d fix: build with custom kernel/rootfs
• 5b5089ab9 fix: mark kube-proxy as system critical priority
• 42c16f67f chore: bump dependencies
• 60f78419e chore: bump etcd client libraries to final 3.5.0 release
• 2b0de9edb feat: improve security of Kubernetes control plane components
• 48a5c460a docs: provide more storage details
• e13d905c2 release(v0.11.0-alpha.1): prepare release
• 70ac771e0 fix: use localhost API server endpoint for internal communication
• a941eb7da feat: improve security of Kubernetes control plane components
• 3aae94e53 feat: provide Kubernetes nodename as a COSI resource
• 06209bba2 chore: update RBAC rules, remove old APIs
• 9f24b519d chore: remove bootkube check from cluster health check
• 4ac9bea27 fix: stop etcd client logs from going to the server console
• f63ab9dd9 feat: implement talosctl config new command
• fa15a6687 fix: don't enable RBAC feature in the config for Talos < 0.11
• 2dc27d996 fix: do not format state partition in the initialize sequence
• b609f33cd fix: update networking stack after Equnix Metal testing
• 243a3b53e fix: separate healthy and unknown flags in the service resource
• 1a1378be1 fix: update retry package with a fix for errors.Is
• cb83edd7f fix: wait for the network to be ready in mainteancne mode
• 96f89071c feat: update controller-runtime logs to console level on config.debug
• 973069b61 feat: support NFS 4.1
• 654dcad47 chore: bump dependencies via dependabot
• d7394457d fix: don't treat ethtool errors as fatal
• f2ae9cd0c feat: replace networkd with new network implementation
• caec3063c fix: do not complain about empty roles
• 11918a110 docs: update community meeting time
• aeddb9c09 feat: implement platform config controller (hostnames)
• 1ece334da feat: implement controller which runs network operators
• 744ea8a5d fix: do not add bootstrap contents option if tail events is not 0
• 5029edfb7 fix: overwrite nodes in the gRPC metadata
• 6a35c8f11 feat: implement virtual IP (shared IP) network operator
• 0f3b83803 chore: expose WatchRequest in the resources client
• 11e258b15 feat: implement operator configuration controller
• ce3815e75 feat: implement DHCP6 operator
• f010d99af feat: implement operator framework with DHCP4 as the first example
• f93c9c8fa feat: bring unconfigured links with link carrier up by default
• 02bd657b2 feat: implement network.Status resource and controller
• da329f00a feat: enable RBAC by default
• 0f168a880 feat: add configuration for enabling RBAC
• e74f789b0 feat: implement EtcFileController to render files in /etc
• 5aede1a83 fix: prefer extraConfig over OVF env, skip empty config
• 5ad314fe7 feat: implement basic RBAC interceptors
• c031be813 chore: use Go 1.16.5
• 8b0763f6a chore: bump dependencies via dependabot
• 8b8de11d9 feat: implement new controllers for hostname, resolvers and time servers
• 24859b141 docs: update Rpi4 firmware guide
• 62c702c4f fix: remove conflicting etcd member on rejoin with empty data directory
• ff62a5998 fix: drop into maintenance mode if config URL is none (metal)
• 14e696d06 feat: update COSI runtime and add support for tail in the Talos gRPC
• a71053fcd feat: default to bootstrap workflow
• 76aac4bb2 feat: implement CPU and Memory stats controller
• 8f90c6a8e feat: parse Talos-specific cmdline params
• ed10e139c feat: implement NodeAddress controller
• 33db8857a fix: use COSI runtime DestroyReady input type
• 6e7753639 refactor: rename *.Status() to *.TypedSpec() in the resources
• 97627061d docs: set static IP on ISO install mode
• 5811f4dda feat: implement link (interface) controllers
• 046b229b1 chore: skip building multi-arch installer for race-enabled build
• 73fbb4b52 fix: only fetch machine uuid if it's not set
• f112a540b fix: clean up stale snapshots on container start
• c036b9494 chore: bump dependencies
• a4d67a018 feat: add the ability to disable CoreDNS
• 76dbfb369 feat: add ability to mark MBR partition bootable
• e0f5b1e20 chore: split mgmt/gen.go into several files
• fad1b4f1f chore: fix go generate for the machinery
• 1117294ad release(v0.11.0-alpha.0): prepare release
• c09629466 chore: prepare for 0.11 release series
• 723597657 feat: enable GORACE=halt_on_panic=1 in machined binary
• 0acb04ad7 feat: implement route network controllers
• f5bf88a4c feat: create certificates with os:admin role
• 1db301edf feat: switch controller-runtime to zap.Logger
• f7cf64d42 fix: add talos.config to the vApp Properties in VMware OVA
• 209527ecc docs: add AMIs for Talos 0.10.3
• 59cfd312c chore: bump dependencies via dependabot
• 1edb20cf9 feat: extract config generation
• af77c2956 docs: update wirguard guide
• 4fe691214 test: better talosctl ls tests
• 04ddda962 feat: update containerd to 1.5.2, runc to 1.0.0-rc95
• 49c7276b1 chore: fix markdown linting
• 7270495ac docs: add mayastor quickstart
• d3d9112f2 docs: fix spelling/grammar in What's New for Talos 0.9
• 82804414f test: provide a way to force different boot order in provision library
• a1c0e99a1 docs: add guide for deploying metrics-server
• 6bc6658b5 feat: update containerd to 1.5.1
• c6567fae9 chore: dependabot updates
• 61ccbb3f5 chore: keep debug symbols in debug builds
• 1ce362e05 docs: update customizing kernel build steps
• a26174b54 fix: properly compose pattern and header in etcd members output
• 0825cf11f fix: stop networkd and pods before leaving etcd on upgrade
• bed6b15d6 fix: properly populate AllowSchedulingOnMasters option in gen config RPC
• 071f04456 feat: implement AddressSpec handling
• 76e38b7b8 feat: update Kubernetes to 1.21.1
• 9b1338d98 chore: parse "boolean" variables
• c81cfb216 chore: allow building with debug handlers
• c9651673b feat: update go-smbios library
• 95c656fb7 feat: update containerd to 1.5.0, runc to 1.0.0-rc94
• db9c35b57 feat: implement AddressStatusController
• 1cf011a80 chore: bump dependencies via dependabot
• e3f407a1d fix: properly pass disk type selector from config to matcher
• 66b2b4505 feat: add resources and use HTTPS checks in control plane pods
• 4ffd7c0ad fix: stop networkd before leaving etcd on 'reset' path
• 610d38d30 docs: add AMIs for 0.10.1, collapse list of AMIs by default
• 807497ec2 chore: make conformance pipeline depend on cron-default
• 3c1213596 feat: implement LinkStatusController
• 0e8de0469 fix: update go-blockdevice to fix disk type detection
• 4d50a4edd fix: update the way NTP sync uses adjtimex syscall
• 1a85c14a5 fix: avoid data race on CRI pod stop
• 5de8dbc06 fix: repair pine64 support
• 382390973 fix: properly parse matcher expressions
• e54b6b7a3 chore: update dependencies via dependabot
• f2caed0df chore: use extracted talos-systems/go-kmsg library
• 79d804c5b docs: fix typos
• a2bb390e1 feat: deterministic builds
• e480fedff feat: add USB serial drivers
• 79299d761 docs: add Matrix room links
• 1b3e8b09e docs: add survey to README
• 8d51c9bb1 docs: update redirects to Talos 0.10
• 1092c3a50 feat: add Pine64 SBC support
• 63e017543 feat: pull kernel with VMware balloon module enabled
• aeec99d82 chore: remove temporary fork
• 0f49722d0 feat: add --config-patch flag by node type
• a01b1d22d chore: dump dependencies via dependabot
• d540a4a47 fix: bump crypto library for the CSR verification fix
• c3a4173e1 chore: remove security API ReadFile/WriteFile
• 38037131c chore: update wgctrl dependecy
• d9ba0fd01 docs: create v0.11 docs, promote v0.10 docs, add v0.10 AMIs
• 2261d7ed0 fix: use both self-signed and Kubernetes CA to verify Kubelet cert
• a3537a691 docs: update cloud images for Talos v0.9.3
• 5b9ee8617 docs: add what's new for Talos 0.10
• f1107fa3a docs: add survey
• 93623d47f docs: update AWS instructions
• a739d1b8a feat: add support of custom registry CA certificate usage
• 7f468d350 fix: update osType in OVA other3xLinux64Guest"
• 4a184b67d docs: add etcd backup and restore guide
• 5fb38d3e5 chore: refactor Dockerfile for cross-compilation
• a8f1e526b chore: build talosctl for Darwin / Apple Silicon
• eb0b64d31 chore: list specifically for enabled regions
• 669a0cbdc fix: check if OVF env is empty
• da92049c0 chore: use codecov from the build container
• 9996d4b02 chore: use REGISTRY_MIRROR_FLAGS if defined
• 05cbe250c chore: bump dependencies via dependabot
• 9a91142a3 feat: print complete member info in etcd members
• bb40d6dd0 feat: update pkgs version
• e7a9164b1 test: implement talosctl conformance command to run e2e tests
• 6cb266e74 fix: update etcd client errors, print etcd join failures
• 0bd8b0e80 feat: provide an option to recover etcd from data directory copy
• f98185408 chore: fix conform with scopes
• 21018f28c chore: bump website node.js dependencies

Changes since v0.11.0-beta.0

• 223abaab0 release(v0.11.0-beta.1): prepare release
• 7abadf726 fix: issue worker apid certs properly on renewal
• 33d73189e fix: don't set bond delay options if miimon is not enabled

Changes from talos-systems/crypto

• d3cb772 feat: make possible to change KeyUsage
• 6bc5bb5 chore: remove unused argument
• cd18ef6 feat: add support for several organizations
• 97c888b chore: add options to CSR
• 7776057 chore: fix typos
• 80df078 chore: remove named result parameters
• 15bdd28 chore: minor updates
• 4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/extras

• 918e161 chore: update deps to final release versions
• 4fe2706 feat: build with Go 1.16.5

Changes from talos-systems/go-blockdevice

• 30c2bc3 feat: mark MBR bootable
• 1292574 fix: make disk type matcher parser case insensitive
• b77400e fix: properly detect nvme and sd card disk types

Changes from talos-systems/go-debug

• 3d0a6e1 feat: race build tag flag detector
• 5b292e5 feat: disable memory profiling by default
• c6d0ae2 fix: linters and CI
• d969f95 feat: initial implementation
• b2044b7 Initial commit

Changes from talos-systems/go-kmsg

• b08e4d3 feat: replace tab character with space in console output
• 2edcd3a feat: add initial version
• 53cdd8d chore: initial commit

Changes from talos-systems/go-loadbalancer

• a445702 feat: allow dial timeout and keep alive period to be configurable
• 3c8f347 feat: provide a way to configure logger for the loadbalancer
• da8e987 feat: implement Reconcile - ability to change upstream list on the fly

Changes from talos-systems/go-retry

• c78cc95 fix: implement errors.Is for all errors in the set
• 7885e16 feat: add ExpectedErrorf
• 3d83f61 feat: deprecate UnexpectedError

Changes from talos-systems/go-smbios

• d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

• f499062 chore: bump tools to final release 0.6.0
• 41d6ccc feat: enable MACVTAP support
• 96072f8 feat: enable adiantum block encryption (both amd64 arm64)
• f5eac03 feat: update Linux to 5.10.45
• d756119 feat: enable HP ILO kernel module (both amd64 arm64)
• 2d51360 feat: support NFS 4.1
• e63e4e9 feat: bump tools for Go 1.16.5
• 1f8af29 feat: update Linux to 5.10.38
• a3a6650 feat: update containerd to 1.5.2
• c70ea44 feat: update runc to 1.0.0-rc95
• db60235 feat: add support for netxen card
• f934187 feat: update containerd to 1.5.1
• e8ed5bc feat: add geneve encapsulation support for openvswitch
• 9f7903c feat: update containerd to 1.5.0, runc to -rc94
• d7c0f70 feat: add AES-NI support for amd64
• b0d9cd2 fix: build zbin utility for both amd64 and arm64
• bb39b97 feat: add IPMI support in kernel
• 1148f9a feat: add DS1307 RTC support for arm64
• 350aa6f feat: add USB serial support
• de9c582 feat: add Pine64 SBC support
• b56f36b feat: enable VMware baloon kernel module
• f87c194 feat: add iPXE build with embedded placeholder script
• a8b9e71 feat: add cpu scaling for rpi

Changes from talos-systems/tools

• c8c2a18 feat: update Go to 1.16.5

Dependency Changes

• github.com/aws/aws-sdk-go v1.38.66 new
• github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
• github.com/containerd/containerd v1.4.4 -> v1.5.2
• github.com/containerd/go-cni v1.0.1 -> v1.0.2
• github.com/containerd/typeurl v1.0.1 -> v1.0.2
• github.com/coreos/go-iptables v0.5.0 -> v0.6.0
• github.com/cosi-project/runtime 10d6103c19ab -> 93ead370bf57
• github.com/docker/docker v20.10.4 -> v20.10.7
• github.com/emicklei/dot v0.15.0 -> v0.16.0
• github.com/evanphx/json-patch v4.9.0 -> v4.11.0
• github.com/fatih/color v1.10.0 -> v1.12.0
• github.com/google/go-cmp v0.5.5 -> v0.5.6
• github.com/google/gofuzz v1.2.0 new
• github.com/googleapis/gnostic v0.5.5 new
• github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.2 -> v1.5.4
• github.com/imdario/mergo v0.3.12 new
• github.com/insomniacslk/dhcp cc9239ac6294 -> 1cac67f12b1e
• github.com/jsimonetti/rtnetlink 1b79e63a70a0 -> 9c52e516c709
• github.com/mattn/go-isatty v0.0.12 -> v0.0.13
• github.com/mdlayher/arp f72070a231fc new
• github.com/mdlayher/ethtool 2b88debcdd43 new
• github.com/mdlayher/netlink v1.4.0 -> v1.4.1
• github.com/mdlayher/raw 51b895745faf new
• github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> e6143ca7d51d
• github.com/rivo/tview 8a8f78a6dd01 -> d4fb0348227b
• github.com/rs/xid v1.2.1 -> v1.3.0
• github.com/sirupsen/logrus v1.8.1 new
• github.com/spf13/viper v1.8.0 new
• github.com/talos-systems/crypto 39584f1b6e54 -> v0.3.1
• github.com/talos-systems/extras v0.3.0 -> v0.4.0
• github.com/talos-systems/go-blockdevice 1d830a25f64f -> v0.2.1
• github.com/talos-systems/go-debug v0.2.1 new
• github.com/talos-systems/go-kmsg v0.1.1 new
• github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
• github.com/talos-systems/go-retry b9dc1a990133 -> v0.3.1
• github.com/talos-systems/go-smbios fb425d4727e6 -> v0.1.0
• github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0
• github.com/talos-systems/talos/pkg/machinery 8ffb55943c71 -> 000000000000
• github.com/talos-systems/tools v0.5.0 -> v0.6.0
• github.com/vishvananda/netns 2eb08e3e575f new
• github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.52.0
• github.com/vmware/govmomi v0.24.0 -> v0.26.0
• go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0
• go.etcd.io/etcd/client/pkg/v3 v3.5.0 new
• go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0
• go.etcd.io/etcd/etcdutl/v3 v3.5.0 new
• go.uber.org/zap v1.17.0 new
• golang.org/x/net e18ecbb05110 -> 04defd469f4e
• golang.org/x/oauth2 a8dc77f794b6 new
• golang.org/x/sys 77cc2087c03b -> 59db8d763f22
• golang.org/x/term 6a3ed077a48d -> 6886f2dfbf5b
• golang.org/x/time f8bda1e9f3ba -> 38a9dc6acbc6
• golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> 92e472f520a5
• google.golang.org/grpc v1.37.0 -> v1.38.0
• inet.af/netaddr bf05d8b52dda new
• k8s.io/api v0.21.0 -> v0.21.2
• k8s.io/apimachinery v0.21.0 -> v0.21.2
• k8s.io/apiserver v0.21.0 -> v0.21.2
• k8s.io/client-go v0.21.0 -> v0.21.2
• k8s.io/cri-api v0.21.0 -> v0.21.2
• k8s.io/kubectl v0.21.0 -> v0.21.2
• k8s.io/kubelet v0.21.0 -> v0.21.2
• k8s.io/utils 6fdb442a123b new
• sigs.k8s.io/structured-merge-diff/v4 v4.1.1 new

Previous release can be found at v0.10.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.4.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.21.2
k8s.gcr.io/kube-controller-manager:v1.21.2
k8s.gcr.io/kube-scheduler:v1.21.2
k8s.gcr.io/kube-proxy:v1.21.2
ghcr.io/talos-systems/kubelet:v1.21.2
ghcr.io/talos-systems/installer:v0.11.0-beta.1
k8s.gcr.io/pause:3.2

Talos 0.11.0-beta.0 (2021-06-28)

Welcome to the v0.11.0-beta.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Default to Bootstrap workflow

The init.yaml is no longer an output of talosctl gen config.
We now encourage using the bootstrap API, instead of init node types, as we
intend on deprecating this machine type in the future.
The init.yaml and controlplane.yaml machine configs are identical with the
exception of the machine type.
Users can use a modified controlplane.yaml with the machine type set to
init if they would like to avoid using the bootstrap API.

Component Updates

• containerd was updated to 1.5.2
• Linux kernel was updated to 5.10.45
• Kubernetes was updated to 1.21.2
• etcd was updated to 3.4.16
• CoreDNS was updated to 1.8.4

CoreDNS

Added the flag cluster.coreDNS.disabled to coreDNS deployment during the cluster bootstrap.

Legacy BIOS Support

Added an option to the machine.install section of the machine config that can enable marking MBR partition bootable
for the machines that have legacy BIOS which does not support GPT partitioning scheme.

Multi-arch Installer

Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture.
This means that e.g. images for arm64 SBCs can be generated on amd64 host.

Networking Configuration

Talos networking configuration was completely rewritten to be based on controllers
and resources.
There are no changes to the machine configuration, but any update to .machine.network can now
be applied in immediate mode (without a reboot).
Talos should be setting up network configuration much faster on boot now, not blocking on DHCP for unconfigured
interfaces and skipping the reset network step.

Talos API RBAC

Limited RBAC support in Talos API is now enabled by default for Talos 0.11.
Default talosconfig has os:admin role embedded in the certificate so that all the APIs are available.
Certificates with reduced set of roles can be created with talosctl config new command.

When upgrading from Talos 0.10, RBAC is not enabled by default. Before enabling RBAC, generate talosconfig with
os:admin role first to make sure that administrator still has access to the cluster when RBAC is enabled
(using talosctl config new command).

List of available roles:

• os:admin role enables every Talos API
• os:reader role limits access to read-only APIs which do not return sensitive data
• os:etcd:backup role only allows talosctl etcd snapshot API call (for etcd backup automation)

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Serge Logvinov
• Jorik Jonker
• Spencer Smith
• Andrew Rynhard
• Andrew LeCody
• Kevin Hellemun
• Seán C McCord
• Boran Car
• Brandon Nason
• Gabor Nyiri
• Gabor Nyiri
• Joost Coelingh
• Lance R. Vick
• Lennard Klein
• Sébastien Bernard
• Sébastien Bernard

Changes

• de7db38e3 release(v0.11.0-beta.0): prepare release
• 74111d7b6 feat: add RBAC to talosctl version output
• 728ad5c6f fix: handle cases when merged resource re-appears before being destroyed
• 283e9f026 chore: add CAPI version to CI setup
• 01a196ea4 chore: small RBAC improvements
• 829e54f1a fix: limit apid access to COSI runtime resources
• f9e01d027 fix: ignore EINVAL on unmount operations
• 7672435e1 feat: add a method to get gRPC connection from the client
• b5244bf18 chore: bump go.mod dependencies, fix netaddr API changes
• c7e622567 chore: update coredns to 1.8.4
• 3a34f1a51 chore: bump Talos Go modules to release versions
• 8d60abff7 chore: use tagged versions of bldr dependencies for 0.11
• 8ef68a6fb feat: remove go-runner in staticpods
• a650531fa release(v0.11.0-alpha.2): prepare release
• 71fff02ff fix: revert back resource.proto order
• d3f4e6006 fix: replace tabs with spaces in console output
• 1990ad252 feat: add created and updated timestamps to the resource metadata
• 0731be908 feat: add cloud images to releases
• b52b20666 feat: split etcd certificates to peer/client
• 33119d2b8 chore: add an option to launch cluster with bad RTC state
• d8c2bca1b feat: reimplement apid certificate generation on top of COSI
• 3c1b32199 chore: refactor CLI tests
• 0fd9ea2d6 feat: enable MACVTAP support
• 898673e8d chore: update e2e tests to use latest capi releases
• e26c5583c docs: add AMI IDs for Talos 0.10.4
• 72ef48f0e fix: assign source address to the DHCP default gateway routes
• 004885a37 feat: update Linux kernel to 5.10.45, etcd to 3.4.16
• 821f469a1 feat: skip overlay mount checks with docker
• b6e02311a feat: use COSI RD's sensitivity for RBAC
• 46751c1ad feat: improve security of Kubernetes control plane components
• 0f659622d fix: build with custom kernel/rootfs
• 5b5089ab9 fix: mark kube-proxy as system critical priority
• 42c16f67f chore: bump dependencies
• 60f78419e chore: bump etcd client libraries to final 3.5.0 release
• 2b0de9edb feat: improve security of Kubernetes control plane components
• 48a5c460a docs: provide more storage details
• e13d905c2 release(v0.11.0-alpha.1): prepare release
• 70ac771e0 fix: use localhost API server endpoint for internal communication
• a941eb7da feat: improve security of Kubernetes control plane components
• 3aae94e53 feat: provide Kubernetes nodename as a COSI resource
• 06209bba2 chore: update RBAC rules, remove old APIs
• 9f24b519d chore: remove bootkube check from cluster health check
• 4ac9bea27 fix: stop etcd client logs from going to the server console
• f63ab9dd9 feat: implement talosctl config new command
• fa15a6687 fix: don't enable RBAC feature in the config for Talos < 0.11
• 2dc27d996 fix: do not format state partition in the initialize sequence
• b609f33cd fix: update networking stack after Equnix Metal testing
• 243a3b53e fix: separate healthy and unknown flags in the service resource
• 1a1378be1 fix: update retry package with a fix for errors.Is
• cb83edd7f fix: wait for the network to be ready in mainteancne mode
• 96f89071c feat: update controller-runtime logs to console level on config.debug
• 973069b61 feat: support NFS 4.1
• 654dcad47 chore: bump dependencies via dependabot
• d7394457d fix: don't treat ethtool errors as fatal
• f2ae9cd0c feat: replace networkd with new network implementation
• caec3063c fix: do not complain about empty roles
• 11918a110 docs: update community meeting time
• aeddb9c09 feat: implement platform config controller (hostnames)
• 1ece334da feat: implement controller which runs network operators
• 744ea8a5d fix: do not add bootstrap contents option if tail events is not 0
• 5029edfb7 fix: overwrite nodes in the gRPC metadata
• 6a35c8f11 feat: implement virtual IP (shared IP) network operator
• 0f3b83803 chore: expose WatchRequest in the resources client
• 11e258b15 feat: implement operator configuration controller
• ce3815e75 feat: implement DHCP6 operator
• f010d99af feat: implement operator framework with DHCP4 as the first example
• f93c9c8fa feat: bring unconfigured links with link carrier up by default
• 02bd657b2 feat: implement network.Status resource and controller
• da329f00a feat: enable RBAC by default
• 0f168a880 feat: add configuration for enabling RBAC
• e74f789b0 feat: implement EtcFileController to render files in /etc
• 5aede1a83 fix: prefer extraConfig over OVF env, skip empty config
• 5ad314fe7 feat: implement basic RBAC interceptors
• c031be813 chore: use Go 1.16.5
• 8b0763f6a chore: bump dependencies via dependabot
• 8b8de11d9 feat: implement new controllers for hostname, resolvers and time servers
• 24859b141 docs: update Rpi4 firmware guide
• 62c702c4f fix: remove conflicting etcd member on rejoin with empty data directory
• ff62a5998 fix: drop into maintenance mode if config URL is none (metal)
• 14e696d06 feat: update COSI runtime and add support for tail in the Talos gRPC
• a71053fcd feat: default to bootstrap workflow
• 76aac4bb2 feat: implement CPU and Memory stats controller
• 8f90c6a8e feat: parse Talos-specific cmdline params
• ed10e139c feat: implement NodeAddress controller
• 33db8857a fix: use COSI runtime DestroyReady input type
• 6e7753639 refactor: rename *.Status() to *.TypedSpec() in the resources
• 97627061d docs: set static IP on ISO install mode
• 5811f4dda feat: implement link (interface) controllers
• 046b229b1 chore: skip building multi-arch installer for race-enabled build
• 73fbb4b52 fix: only fetch machine uuid if it's not set
• f112a540b fix: clean up stale snapshots on container start
• c036b9494 chore: bump dependencies
• a4d67a018 feat: add the ability to disable CoreDNS
• 76dbfb369 feat: add ability to mark MBR partition bootable
• e0f5b1e20 chore: split mgmt/gen.go into several files
• fad1b4f1f chore: fix go generate for the machinery
• 1117294ad release(v0.11.0-alpha.0): prepare release
• c09629466 chore: prepare for 0.11 release series
• 723597657 feat: enable GORACE=halt_on_panic=1 in machined binary
• 0acb04ad7 feat: implement route network controllers
• f5bf88a4c feat: create certificates with os:admin role
• 1db301edf feat: switch controller-runtime to zap.Logger
• f7cf64d42 fix: add talos.config to the vApp Properties in VMware OVA
• 209527ecc docs: add AMIs for Talos 0.10.3
• 59cfd312c chore: bump dependencies via dependabot
• 1edb20cf9 feat: extract config generation
• af77c2956 docs: update wirguard guide
• 4fe691214 test: better talosctl ls tests
• 04ddda962 feat: update containerd to 1.5.2, runc to 1.0.0-rc95
• 49c7276b1 chore: fix markdown linting
• 7270495ac docs: add mayastor quickstart
• d3d9112f2 docs: fix spelling/grammar in What's New for Talos 0.9
• 82804414f test: provide a way to force different boot order in provision library
• a1c0e99a1 docs: add guide for deploying metrics-server
• 6bc6658b5 feat: update containerd to 1.5.1
• c6567fae9 chore: dependabot updates
• 61ccbb3f5 chore: keep debug symbols in debug builds
• 1ce362e05 docs: update customizing kernel build steps
• a26174b54 fix: properly compose pattern and header in etcd members output
• 0825cf11f fix: stop networkd and pods before leaving etcd on upgrade
• bed6b15d6 fix: properly populate AllowSchedulingOnMasters option in gen config RPC
• 071f04456 feat: implement AddressSpec handling
• 76e38b7b8 feat: update Kubernetes to 1.21.1
• 9b1338d98 chore: parse "boolean" variables
• c81cfb216 chore: allow building with debug handlers
• c9651673b feat: update go-smbios library
• 95c656fb7 feat: update containerd to 1.5.0, runc to 1.0.0-rc94
• db9c35b57 feat: implement AddressStatusController
• 1cf011a80 chore: bump dependencies via dependabot
• e3f407a1d fix: properly pass disk type selector from config to matcher
• 66b2b4505 feat: add resources and use HTTPS checks in control plane pods
• 4ffd7c0ad fix: stop networkd before leaving etcd on 'reset' path
• 610d38d30 docs: add AMIs for 0.10.1, collapse list of AMIs by default
• 807497ec2 chore: make conformance pipeline depend on cron-default
• 3c1213596 feat: implement LinkStatusController
• 0e8de0469 fix: update go-blockdevice to fix disk type detection
• 4d50a4edd fix: update the way NTP sync uses adjtimex syscall
• 1a85c14a5 fix: avoid data race on CRI pod stop
• 5de8dbc06 fix: repair pine64 support
• 382390973 fix: properly parse matcher expressions
• e54b6b7a3 chore: update dependencies via dependabot
• f2caed0df chore: use extracted talos-systems/go-kmsg library
• 79d804c5b docs: fix typos
• a2bb390e1 feat: deterministic builds
• e480fedff feat: add USB serial drivers
• 79299d761 docs: add Matrix room links
• 1b3e8b09e docs: add survey to README
• 8d51c9bb1 docs: update redirects to Talos 0.10
• 1092c3a50 feat: add Pine64 SBC support
• 63e017543 feat: pull kernel with VMware balloon module enabled
• aeec99d82 chore: remove temporary fork
• 0f49722d0 feat: add --config-patch flag by node type
• a01b1d22d chore: dump dependencies via dependabot
• d540a4a47 fix: bump crypto library for the CSR verification fix
• c3a4173e1 chore: remove security API ReadFile/WriteFile
• 38037131c chore: update wgctrl dependecy
• d9ba0fd01 docs: create v0.11 docs, promote v0.10 docs, add v0.10 AMIs
• 2261d7ed0 fix: use both self-signed and Kubernetes CA to verify Kubelet cert
• a3537a691 docs: update cloud images for Talos v0.9.3
• 5b9ee8617 docs: add what's new for Talos 0.10
• f1107fa3a docs: add survey
• 93623d47f docs: update AWS instructions
• a739d1b8a feat: add support of custom registry CA certificate usage
• 7f468d350 fix: update osType in OVA other3xLinux64Guest"
• 4a184b67d docs: add etcd backup and restore guide
• 5fb38d3e5 chore: refactor Dockerfile for cross-compilation
• a8f1e526b chore: build talosctl for Darwin / Apple Silicon
• eb0b64d31 chore: list specifically for enabled regions
• 669a0cbdc fix: check if OVF env is empty
• da92049c0 chore: use codecov from the build container
• 9996d4b02 chore: use REGISTRY_MIRROR_FLAGS if defined
• 05cbe250c chore: bump dependencies via dependabot
• 9a91142a3 feat: print complete member info in etcd members
• bb40d6dd0 feat: update pkgs version
• e7a9164b1 test: implement talosctl conformance command to run e2e tests
• 6cb266e74 fix: update etcd client errors, print etcd join failures
• 0bd8b0e80 feat: provide an option to recover etcd from data directory copy
• f98185408 chore: fix conform with scopes
• 21018f28c chore: bump website node.js dependencies

Changes since v0.11.0-alpha.2

• de7db38e3 release(v0.11.0-beta.0): prepare release
• 74111d7b6 feat: add RBAC to talosctl version output
• 728ad5c6f fix: handle cases when merged resource re-appears before being destroyed
• 283e9f026 chore: add CAPI version to CI setup
• 01a196ea4 chore: small RBAC improvements
• 829e54f1a fix: limit apid access to COSI runtime resources
• f9e01d027 fix: ignore EINVAL on unmount operations
• 7672435e1 feat: add a method to get gRPC connection from the client
• b5244bf18 chore: bump go.mod dependencies, fix netaddr API changes
• c7e622567 chore: update coredns to 1.8.4
• 3a34f1a51 chore: bump Talos Go modules to release versions
• 8d60abff7 chore: use tagged versions of bldr dependencies for 0.11
• 8ef68a6fb feat: remove go-runner in staticpods

Changes from talos-systems/crypto

• d3cb772 feat: make possible to change KeyUsage
• 6bc5bb5 chore: remove unused argument
• cd18ef6 feat: add support for several organizations
• 97c888b chore: add options to CSR
• 7776057 chore: fix typos
• 80df078 chore: remove named result parameters
• 15bdd28 chore: minor updates
• 4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/extras

• 918e161 chore: update deps to final release versions
• 4fe2706 feat: build with Go 1.16.5

Changes from talos-systems/go-blockdevice

• 30c2bc3 feat: mark MBR bootable
• 1292574 fix: make disk type matcher parser case insensitive
• b77400e fix: properly detect nvme and sd card disk types

Changes from talos-systems/go-debug

• 3d0a6e1 feat: race build tag flag detector
• 5b292e5 feat: disable memory profiling by default
• c6d0ae2 fix: linters and CI
• d969f95 feat: initial implementation
• b2044b7 Initial commit

Changes from talos-systems/go-kmsg

• b08e4d3 feat: replace tab character with space in console output
• 2edcd3a feat: add initial version
• 53cdd8d chore: initial commit

Changes from talos-systems/go-loadbalancer

• a445702 feat: allow dial timeout and keep alive period to be configurable
• 3c8f347 feat: provide a way to configure logger for the loadbalancer
• da8e987 feat: implement Reconcile - ability to change upstream list on the fly

Changes from talos-systems/go-retry

• c78cc95 fix: implement errors.Is for all errors in the set
• 7885e16 feat: add ExpectedErrorf
• 3d83f61 feat: deprecate UnexpectedError

Changes from talos-systems/go-smbios

• d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

• f499062 chore: bump tools to final release 0.6.0
• 41d6ccc feat: enable MACVTAP support
• 96072f8 feat: enable adiantum block encryption (both amd64 arm64)
• f5eac03 feat: update Linux to 5.10.45
• d756119 feat: enable HP ILO kernel module (both amd64 arm64)
• 2d51360 feat: support NFS 4.1
• e63e4e9 feat: bump tools for Go 1.16.5
• 1f8af29 feat: update Linux to 5.10.38
• a3a6650 feat: update containerd to 1.5.2
• c70ea44 feat: update runc to 1.0.0-rc95
• db60235 feat: add support for netxen card
• f934187 feat: update containerd to 1.5.1
• e8ed5bc feat: add geneve encapsulation support for openvswitch
• 9f7903c feat: update containerd to 1.5.0, runc to -rc94
• d7c0f70 feat: add AES-NI support for amd64
• b0d9cd2 fix: build zbin utility for both amd64 and arm64
• bb39b97 feat: add IPMI support in kernel
• 1148f9a feat: add DS1307 RTC support for arm64
• 350aa6f feat: add USB serial support
• de9c582 feat: add Pine64 SBC support
• b56f36b feat: enable VMware baloon kernel module
• f87c194 feat: add iPXE build with embedded placeholder script
• a8b9e71 feat: add cpu scaling for rpi

Changes from talos-systems/tools

• c8c2a18 feat: update Go to 1.16.5

Dependency Changes

• github.com/aws/aws-sdk-go v1.38.66 new
• github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
• github.com/containerd/containerd v1.4.4 -> v1.5.2
• github.com/containerd/go-cni v1.0.1 -> v1.0.2
• github.com/containerd/typeurl v1.0.1 -> v1.0.2
• github.com/coreos/go-iptables v0.5.0 -> v0.6.0
• github.com/cosi-project/runtime 10d6103c19ab -> 93ead370bf57
• github.com/docker/docker v20.10.4 -> v20.10.7
• github.com/emicklei/dot v0.15.0 -> v0.16.0
• github.com/evanphx/json-patch v4.9.0 -> v4.11.0
• github.com/fatih/color v1.10.0 -> v1.12.0
• github.com/google/go-cmp v0.5.5 -> v0.5.6
• github.com/google/gofuzz v1.2.0 new
• github.com/googleapis/gnostic v0.5.5 new
• github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.2 -> v1.5.4
• github.com/imdario/mergo v0.3.12 new
• github.com/insomniacslk/dhcp cc9239ac6294 -> 1cac67f12b1e
• github.com/jsimonetti/rtnetlink 1b79e63a70a0 -> 9c52e516c709
• github.com/mattn/go-isatty v0.0.12 -> v0.0.13
• github.com/mdlayher/arp f72070a231fc new
• github.com/mdlayher/ethtool 2b88debcdd43 new
• github.com/mdlayher/netlink v1.4.0 -> v1.4.1
• github.com/mdlayher/raw 51b895745faf new
• github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> e6143ca7d51d
• github.com/rivo/tview 8a8f78a6dd01 -> d4fb0348227b
• github.com/rs/xid v1.2.1 -> v1.3.0
• github.com/sirupsen/logrus v1.8.1 new
• github.com/spf13/viper v1.8.0 new
• github.com/talos-systems/crypto 39584f1b6e54 -> v0.3.1
• github.com/talos-systems/extras v0.3.0 -> v0.4.0
• github.com/talos-systems/go-blockdevice 1d830a25f64f -> v0.2.1
• github.com/talos-systems/go-debug v0.2.1 new
• github.com/talos-systems/go-kmsg v0.1.1 new
• github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
• github.com/talos-systems/go-retry b9dc1a990133 -> v0.3.1
• github.com/talos-systems/go-smbios fb425d4727e6 -> v0.1.0
• github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0
• github.com/talos-systems/talos/pkg/machinery 8ffb55943c71 -> 000000000000
• github.com/talos-systems/tools v0.5.0 -> v0.6.0
• github.com/vishvananda/netns 2eb08e3e575f new
• github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.52.0
• github.com/vmware/govmomi v0.24.0 -> v0.26.0
• go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0
• go.etcd.io/etcd/client/pkg/v3 v3.5.0 new
• go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0
• go.etcd.io/etcd/etcdutl/v3 v3.5.0 new
• go.uber.org/zap v1.17.0 new
• golang.org/x/net e18ecbb05110 -> 04defd469f4e
• golang.org/x/oauth2 a8dc77f794b6 new
• golang.org/x/sys 77cc2087c03b -> 59db8d763f22
• golang.org/x/term 6a3ed077a48d -> 6886f2dfbf5b
• golang.org/x/time f8bda1e9f3ba -> 38a9dc6acbc6
• golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> 92e472f520a5
• google.golang.org/grpc v1.37.0 -> v1.38.0
• inet.af/netaddr bf05d8b52dda new
• k8s.io/api v0.21.0 -> v0.21.2
• k8s.io/apimachinery v0.21.0 -> v0.21.2
• k8s.io/apiserver v0.21.0 -> v0.21.2
• k8s.io/client-go v0.21.0 -> v0.21.2
• k8s.io/cri-api v0.21.0 -> v0.21.2
• k8s.io/kubectl v0.21.0 -> v0.21.2
• k8s.io/kubelet v0.21.0 -> v0.21.2
• k8s.io/utils 6fdb442a123b new
• sigs.k8s.io/structured-merge-diff/v4 v4.1.1 new

Previous release can be found at v0.10.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.4.0
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.21.2
k8s.gcr.io/kube-controller-manager:v1.21.2
k8s.gcr.io/kube-scheduler:v1.21.2
k8s.gcr.io/kube-proxy:v1.21.2
ghcr.io/talos-systems/kubelet:v1.21.2
ghcr.io/talos-systems/installer:v0.11.0-beta.0
k8s.gcr.io/pause:3.2

Talos 0.11.0-alpha.2 (2021-06-24)

Welcome to the v0.11.0-alpha.2 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Default to Bootstrap workflow

The init.yaml is no longer an output of talosctl gen config.
We now encourage using the bootstrap API, instead of init node types, as we
intend on deprecating this machine type in the future.
The init.yaml and controlplane.yaml machine configs are identical with the
exception of the machine type.
Users can use a modified controlplane.yaml with the machine type set to
init if they would like to avoid using the bootstrap API.

Component Updates

• containerd was updated to 1.5.2
• Linux kernel was updated to 5.10.45
• Kubernetes was updated to 1.21.2
• etcd was updated to 3.4.16

CoreDNS

Added the flag cluster.coreDNS.disabled to coreDNS deployment during the cluster bootstrap.

Legacy BIOS Support

Added an option to the machine.install section of the machine config that can enable marking MBR partition bootable
for the machines that have legacy BIOS which does not support GPT partitioning scheme.

Multi-arch Installer

Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture.
This means that e.g. images for arm64 SBCs can be generated on amd64 host.

Networking Configuration

Talos networking configuration was completely rewritten to be based on controllers
and resources.
There are no changes to the machine configuration, but any update to .machine.network can now
be applied in immediate mode (without a reboot).
Talos should be setting up network configuration much faster on boot now, not blocking on DHCP for unconfigured
interfaces and skipping the reset network step.

Talos API RBAC

Limited RBAC support in Talos API is now enabled by default for Talos 0.11.
Default talosconfig has os:admin role embedded in the certificate so that all the APIs are available.
Certificates with reduced set of roles can be created with talosctl config new command.

When upgrading from Talos 0.10, RBAC is not enabled by default. Before enabling RBAC, generate talosconfig with
os:admin role first to make sure that administrator still has access to the cluster when RBAC is enabled.

List of available roles:

• os:admin role enables every Talos API
• os:reader role limits access to read-only APIs which do not return sensitive data
• os:etcd:backup role only allows talosctl etcd snapshot API call (for etcd backup automation)

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Serge Logvinov
• Jorik Jonker
• Spencer Smith
• Andrew Rynhard
• Andrew LeCody
• Kevin Hellemun
• Seán C McCord
• Boran Car
• Brandon Nason
• Gabor Nyiri
• Gabor Nyiri
• Joost Coelingh
• Lance R. Vick
• Lennard Klein
• Sébastien Bernard
• Sébastien Bernard

Changes

• a650531fa release(v0.11.0-alpha.2): prepare release
• 71fff02ff fix: revert back resource.proto order
• d3f4e6006 fix: replace tabs with spaces in console output
• 1990ad252 feat: add created and updated timestamps to the resource metadata
• 0731be908 feat: add cloud images to releases
• b52b20666 feat: split etcd certificates to peer/client
• 33119d2b8 chore: add an option to launch cluster with bad RTC state
• d8c2bca1b feat: reimplement apid certificate generation on top of COSI
• 3c1b32199 chore: refactor CLI tests
• 0fd9ea2d6 feat: enable MACVTAP support
• 898673e8d chore: update e2e tests to use latest capi releases
• e26c5583c docs: add AMI IDs for Talos 0.10.4
• 72ef48f0e fix: assign source address to the DHCP default gateway routes
• 004885a37 feat: update Linux kernel to 5.10.45, etcd to 3.4.16
• 821f469a1 feat: skip overlay mount checks with docker
• b6e02311a feat: use COSI RD's sensitivity for RBAC
• 46751c1ad feat: improve security of Kubernetes control plane components
• 0f659622d fix: build with custom kernel/rootfs
• 5b5089ab9 fix: mark kube-proxy as system critical priority
• 42c16f67f chore: bump dependencies
• 60f78419e chore: bump etcd client libraries to final 3.5.0 release
• 2b0de9edb feat: improve security of Kubernetes control plane components
• 48a5c460a docs: provide more storage details
• e13d905c2 release(v0.11.0-alpha.1): prepare release
• 70ac771e0 fix: use localhost API server endpoint for internal communication
• a941eb7da feat: improve security of Kubernetes control plane components
• 3aae94e53 feat: provide Kubernetes nodename as a COSI resource
• 06209bba2 chore: update RBAC rules, remove old APIs
• 9f24b519d chore: remove bootkube check from cluster health check
• 4ac9bea27 fix: stop etcd client logs from going to the server console
• f63ab9dd9 feat: implement talosctl config new command
• fa15a6687 fix: don't enable RBAC feature in the config for Talos < 0.11
• 2dc27d996 fix: do not format state partition in the initialize sequence
• b609f33cd fix: update networking stack after Equnix Metal testing
• 243a3b53e fix: separate healthy and unknown flags in the service resource
• 1a1378be1 fix: update retry package with a fix for errors.Is
• cb83edd7f fix: wait for the network to be ready in mainteancne mode
• 96f89071c feat: update controller-runtime logs to console level on config.debug
• 973069b61 feat: support NFS 4.1
• 654dcad47 chore: bump dependencies via dependabot
• d7394457d fix: don't treat ethtool errors as fatal
• f2ae9cd0c feat: replace networkd with new network implementation
• caec3063c fix: do not complain about empty roles
• 11918a110 docs: update community meeting time
• aeddb9c09 feat: implement platform config controller (hostnames)
• 1ece334da feat: implement controller which runs network operators
• 744ea8a5d fix: do not add bootstrap contents option if tail events is not 0
• 5029edfb7 fix: overwrite nodes in the gRPC metadata
• 6a35c8f11 feat: implement virtual IP (shared IP) network operator
• 0f3b83803 chore: expose WatchRequest in the resources client
• 11e258b15 feat: implement operator configuration controller
• ce3815e75 feat: implement DHCP6 operator
• f010d99af feat: implement operator framework with DHCP4 as the first example
• f93c9c8fa feat: bring unconfigured links with link carrier up by default
• 02bd657b2 feat: implement network.Status resource and controller
• da329f00a feat: enable RBAC by default
• 0f168a880 feat: add configuration for enabling RBAC
• e74f789b0 feat: implement EtcFileController to render files in /etc
• 5aede1a83 fix: prefer extraConfig over OVF env, skip empty config
• 5ad314fe7 feat: implement basic RBAC interceptors
• c031be813 chore: use Go 1.16.5
• 8b0763f6a chore: bump dependencies via dependabot
• 8b8de11d9 feat: implement new controllers for hostname, resolvers and time servers
• 24859b141 docs: update Rpi4 firmware guide
• 62c702c4f fix: remove conflicting etcd member on rejoin with empty data directory
• ff62a5998 fix: drop into maintenance mode if config URL is none (metal)
• 14e696d06 feat: update COSI runtime and add support for tail in the Talos gRPC
• a71053fcd feat: default to bootstrap workflow
• 76aac4bb2 feat: implement CPU and Memory stats controller
• 8f90c6a8e feat: parse Talos-specific cmdline params
• ed10e139c feat: implement NodeAddress controller
• 33db8857a fix: use COSI runtime DestroyReady input type
• 6e7753639 refactor: rename *.Status() to *.TypedSpec() in the resources
• 97627061d docs: set static IP on ISO install mode
• 5811f4dda feat: implement link (interface) controllers
• 046b229b1 chore: skip building multi-arch installer for race-enabled build
• 73fbb4b52 fix: only fetch machine uuid if it's not set
• f112a540b fix: clean up stale snapshots on container start
• c036b9494 chore: bump dependencies
• a4d67a018 feat: add the ability to disable CoreDNS
• 76dbfb369 feat: add ability to mark MBR partition bootable
• e0f5b1e20 chore: split mgmt/gen.go into several files
• fad1b4f1f chore: fix go generate for the machinery
• 1117294ad release(v0.11.0-alpha.0): prepare release
• c09629466 chore: prepare for 0.11 release series
• 723597657 feat: enable GORACE=halt_on_panic=1 in machined binary
• 0acb04ad7 feat: implement route network controllers
• f5bf88a4c feat: create certificates with os:admin role
• 1db301edf feat: switch controller-runtime to zap.Logger
• f7cf64d42 fix: add talos.config to the vApp Properties in VMware OVA
• 209527ecc docs: add AMIs for Talos 0.10.3
• 59cfd312c chore: bump dependencies via dependabot
• 1edb20cf9 feat: extract config generation
• af77c2956 docs: update wirguard guide
• 4fe691214 test: better talosctl ls tests
• 04ddda962 feat: update containerd to 1.5.2, runc to 1.0.0-rc95
• 49c7276b1 chore: fix markdown linting
• 7270495ac docs: add mayastor quickstart
• d3d9112f2 docs: fix spelling/grammar in What's New for Talos 0.9
• 82804414f test: provide a way to force different boot order in provision library
• a1c0e99a1 docs: add guide for deploying metrics-server
• 6bc6658b5 feat: update containerd to 1.5.1
• c6567fae9 chore: dependabot updates
• 61ccbb3f5 chore: keep debug symbols in debug builds
• 1ce362e05 docs: update customizing kernel build steps
• a26174b54 fix: properly compose pattern and header in etcd members output
• 0825cf11f fix: stop networkd and pods before leaving etcd on upgrade
• bed6b15d6 fix: properly populate AllowSchedulingOnMasters option in gen config RPC
• 071f04456 feat: implement AddressSpec handling
• 76e38b7b8 feat: update Kubernetes to 1.21.1
• 9b1338d98 chore: parse "boolean" variables
• c81cfb216 chore: allow building with debug handlers
• c9651673b feat: update go-smbios library
• 95c656fb7 feat: update containerd to 1.5.0, runc to 1.0.0-rc94
• db9c35b57 feat: implement AddressStatusController
• 1cf011a80 chore: bump dependencies via dependabot
• e3f407a1d fix: properly pass disk type selector from config to matcher
• 66b2b4505 feat: add resources and use HTTPS checks in control plane pods
• 4ffd7c0ad fix: stop networkd before leaving etcd on 'reset' path
• 610d38d30 docs: add AMIs for 0.10.1, collapse list of AMIs by default
• 807497ec2 chore: make conformance pipeline depend on cron-default
• 3c1213596 feat: implement LinkStatusController
• 0e8de0469 fix: update go-blockdevice to fix disk type detection
• 4d50a4edd fix: update the way NTP sync uses adjtimex syscall
• 1a85c14a5 fix: avoid data race on CRI pod stop
• 5de8dbc06 fix: repair pine64 support
• 382390973 fix: properly parse matcher expressions
• e54b6b7a3 chore: update dependencies via dependabot
• f2caed0df chore: use extracted talos-systems/go-kmsg library
• 79d804c5b docs: fix typos
• a2bb390e1 feat: deterministic builds
• e480fedff feat: add USB serial drivers
• 79299d761 docs: add Matrix room links
• 1b3e8b09e docs: add survey to README
• 8d51c9bb1 docs: update redirects to Talos 0.10
• 1092c3a50 feat: add Pine64 SBC support
• 63e017543 feat: pull kernel with VMware balloon module enabled
• aeec99d82 chore: remove temporary fork
• 0f49722d0 feat: add --config-patch flag by node type
• a01b1d22d chore: dump dependencies via dependabot
• d540a4a47 fix: bump crypto library for the CSR verification fix
• c3a4173e1 chore: remove security API ReadFile/WriteFile
• 38037131c chore: update wgctrl dependecy
• d9ba0fd01 docs: create v0.11 docs, promote v0.10 docs, add v0.10 AMIs
• 2261d7ed0 fix: use both self-signed and Kubernetes CA to verify Kubelet cert
• a3537a691 docs: update cloud images for Talos v0.9.3
• 5b9ee8617 docs: add what's new for Talos 0.10
• f1107fa3a docs: add survey
• 93623d47f docs: update AWS instructions
• a739d1b8a feat: add support of custom registry CA certificate usage
• 7f468d350 fix: update osType in OVA other3xLinux64Guest"
• 4a184b67d docs: add etcd backup and restore guide
• 5fb38d3e5 chore: refactor Dockerfile for cross-compilation
• a8f1e526b chore: build talosctl for Darwin / Apple Silicon
• eb0b64d31 chore: list specifically for enabled regions
• 669a0cbdc fix: check if OVF env is empty
• da92049c0 chore: use codecov from the build container
• 9996d4b02 chore: use REGISTRY_MIRROR_FLAGS if defined
• 05cbe250c chore: bump dependencies via dependabot
• 9a91142a3 feat: print complete member info in etcd members
• bb40d6dd0 feat: update pkgs version
• e7a9164b1 test: implement talosctl conformance command to run e2e tests
• 6cb266e74 fix: update etcd client errors, print etcd join failures
• 0bd8b0e80 feat: provide an option to recover etcd from data directory copy
• f98185408 chore: fix conform with scopes
• 21018f28c chore: bump website node.js dependencies

Changes since v0.11.0-alpha.1

• a650531fa release(v0.11.0-alpha.2): prepare release
• 71fff02ff fix: revert back resource.proto order
• d3f4e6006 fix: replace tabs with spaces in console output
• 1990ad252 feat: add created and updated timestamps to the resource metadata
• 0731be908 feat: add cloud images to releases
• b52b20666 feat: split etcd certificates to peer/client
• 33119d2b8 chore: add an option to launch cluster with bad RTC state
• d8c2bca1b feat: reimplement apid certificate generation on top of COSI
• 3c1b32199 chore: refactor CLI tests
• 0fd9ea2d6 feat: enable MACVTAP support
• 898673e8d chore: update e2e tests to use latest capi releases
• e26c5583c docs: add AMI IDs for Talos 0.10.4
• 72ef48f0e fix: assign source address to the DHCP default gateway routes
• 004885a37 feat: update Linux kernel to 5.10.45, etcd to 3.4.16
• 821f469a1 feat: skip overlay mount checks with docker
• b6e02311a feat: use COSI RD's sensitivity for RBAC
• 46751c1ad feat: improve security of Kubernetes control plane components
• 0f659622d fix: build with custom kernel/rootfs
• 5b5089ab9 fix: mark kube-proxy as system critical priority
• 42c16f67f chore: bump dependencies
• 60f78419e chore: bump etcd client libraries to final 3.5.0 release
• 2b0de9edb feat: improve security of Kubernetes control plane components
• 48a5c460a docs: provide more storage details

Changes from talos-systems/crypto

• d3cb772 feat: make possible to change KeyUsage
• 6bc5bb5 chore: remove unused argument
• cd18ef6 feat: add support for several organizations
• 97c888b chore: add options to CSR
• 7776057 chore: fix typos
• 80df078 chore: remove named result parameters
• 15bdd28 chore: minor updates
• 4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/extras

• 4fe2706 feat: build with Go 1.16.5

Changes from talos-systems/go-blockdevice

• 30c2bc3 feat: mark MBR bootable
• 1292574 fix: make disk type matcher parser case insensitive
• b77400e fix: properly detect nvme and sd card disk types

Changes from talos-systems/go-debug

• 3d0a6e1 feat: race build tag flag detector
• 5b292e5 feat: disable memory profiling by default
• c6d0ae2 fix: linters and CI
• d969f95 feat: initial implementation
• b2044b7 Initial commit

Changes from talos-systems/go-kmsg

• b08e4d3 feat: replace tab character with space in console output
• 2edcd3a feat: add initial version
• 53cdd8d chore: initial commit

Changes from talos-systems/go-loadbalancer

• a445702 feat: allow dial timeout and keep alive period to be configurable
• 3c8f347 feat: provide a way to configure logger for the loadbalancer
• da8e987 feat: implement Reconcile - ability to change upstream list on the fly

Changes from talos-systems/go-retry

• c78cc95 fix: implement errors.Is for all errors in the set
• 7885e16 feat: add ExpectedErrorf
• 3d83f61 feat: deprecate UnexpectedError

Changes from talos-systems/go-smbios

• d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

• 41d6ccc feat: enable MACVTAP support
• 96072f8 feat: enable adiantum block encryption (both amd64 arm64)
• f5eac03 feat: update Linux to 5.10.45
• d756119 feat: enable HP ILO kernel module (both amd64 arm64)
• 2d51360 feat: support NFS 4.1
• e63e4e9 feat: bump tools for Go 1.16.5
• 1f8af29 feat: update Linux to 5.10.38
• a3a6650 feat: update containerd to 1.5.2
• c70ea44 feat: update runc to 1.0.0-rc95
• db60235 feat: add support for netxen card
• f934187 feat: update containerd to 1.5.1
• e8ed5bc feat: add geneve encapsulation support for openvswitch
• 9f7903c feat: update containerd to 1.5.0, runc to -rc94
• d7c0f70 feat: add AES-NI support for amd64
• b0d9cd2 fix: build zbin utility for both amd64 and arm64
• bb39b97 feat: add IPMI support in kernel
• 1148f9a feat: add DS1307 RTC support for arm64
• 350aa6f feat: add USB serial support
• de9c582 feat: add Pine64 SBC support
• b56f36b feat: enable VMware baloon kernel module
• f87c194 feat: add iPXE build with embedded placeholder script
• a8b9e71 feat: add cpu scaling for rpi

Changes from talos-systems/tools

• c8c2a18 feat: update Go to 1.16.5

Dependency Changes

• github.com/aws/aws-sdk-go v1.27.0 new
• github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
• github.com/containerd/containerd v1.4.4 -> v1.5.2
• github.com/containerd/go-cni v1.0.1 -> v1.0.2
• github.com/containerd/typeurl v1.0.1 -> v1.0.2
• github.com/coreos/go-iptables v0.5.0 -> v0.6.0
• github.com/cosi-project/runtime 10d6103c19ab -> 821d5c362131
• github.com/docker/docker v20.10.4 -> v20.10.7
• github.com/emicklei/dot v0.15.0 -> v0.16.0
• github.com/evanphx/json-patch v4.9.0 -> v4.11.0
• github.com/fatih/color v1.10.0 -> v1.12.0
• github.com/google/go-cmp v0.5.5 -> v0.5.6
• github.com/google/gofuzz v1.2.0 new
• github.com/googleapis/gnostic v0.5.5 new
• github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.2 -> v1.5.4
• github.com/imdario/mergo v0.3.12 new
• github.com/insomniacslk/dhcp cc9239ac6294 -> 465dd6c35f6c
• github.com/jsimonetti/rtnetlink 1b79e63a70a0 -> 9c52e516c709
• github.com/magiconair/properties v1.8.5 new
• github.com/mattn/go-isatty v0.0.12 -> v0.0.13
• github.com/mdlayher/arp f72070a231fc new
• github.com/mdlayher/ethtool 2b88debcdd43 new
• github.com/mdlayher/netlink v1.4.0 -> v1.4.1
• github.com/mdlayher/raw 51b895745faf new
• github.com/mitchellh/mapstructure v1.4.1 new
• github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> e6143ca7d51d
• github.com/pelletier/go-toml v1.9.0 new
• github.com/rivo/tview 8a8f78a6dd01 -> d4fb0348227b
• github.com/rs/xid v1.2.1 -> v1.3.0
• github.com/sirupsen/logrus v1.8.1 new
• github.com/spf13/afero v1.6.0 new
• github.com/spf13/cast v1.3.1 new
• github.com/spf13/viper v1.7.1 new
• github.com/talos-systems/crypto 39584f1b6e54 -> d3cb77220384
• github.com/talos-systems/extras v0.3.0 -> v0.3.0-1-g4fe2706
• github.com/talos-systems/go-blockdevice 1d830a25f64f -> v0.2.1
• github.com/talos-systems/go-debug 3d0a6e1bf5e3 new
• github.com/talos-systems/go-kmsg v0.1.1 new
• github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
• github.com/talos-systems/go-retry b9dc1a990133 -> c78cc953d9e9
• github.com/talos-systems/go-smbios fb425d4727e6 -> d3a32bea731a
• github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-alpha.0-12-g41d6ccc
• github.com/talos-systems/talos/pkg/machinery 8ffb55943c71 -> 000000000000
• github.com/talos-systems/tools v0.5.0 -> v0.5.0-1-gc8c2a18
• github.com/vishvananda/netns 2eb08e3e575f new
• github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.51.0
• github.com/vmware/govmomi v0.24.0 -> v0.26.0
• go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0
• go.etcd.io/etcd/client/pkg/v3 v3.5.0 new
• go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0
• go.etcd.io/etcd/etcdutl/v3 v3.5.0 new
• go.uber.org/zap v1.17.0 new
• golang.org/x/net e18ecbb05110 -> 04defd469f4e
• golang.org/x/oauth2 81ed05c6b58c new
• golang.org/x/sys 77cc2087c03b -> 59db8d763f22
• golang.org/x/term 6a3ed077a48d -> 6886f2dfbf5b
• golang.org/x/time f8bda1e9f3ba -> 38a9dc6acbc6
• golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> 92e472f520a5
• google.golang.org/appengine v1.6.7 new
• google.golang.org/grpc v1.37.0 -> v1.38.0
• gopkg.in/ini.v1 v1.62.0 new
• inet.af/netaddr 1d252cf8125e new
• k8s.io/api v0.21.0 -> v0.21.2
• k8s.io/apimachinery v0.21.0 -> v0.21.2
• k8s.io/apiserver v0.21.0 -> v0.21.2
• k8s.io/client-go v0.21.0 -> v0.21.2
• k8s.io/cri-api v0.21.0 -> v0.21.2
• k8s.io/kubectl v0.21.0 -> v0.21.2
• k8s.io/kubelet v0.21.0 -> v0.21.2
• k8s.io/utils 2afb4311ab10 new
• sigs.k8s.io/structured-merge-diff/v4 v4.1.1 new

Previous release can be found at v0.10.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.3.0-1-g4fe2706
docker.io/coredns/coredns:1.8.0
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.21.2
k8s.gcr.io/kube-controller-manager:v1.21.2
k8s.gcr.io/kube-scheduler:v1.21.2
k8s.gcr.io/kube-proxy:v1.21.2
ghcr.io/talos-systems/kubelet:v1.21.2
ghcr.io/talos-systems/installer:v0.11.0-alpha.2
k8s.gcr.io/pause:3.2

Talos 0.10.4 (2021-06-22)

Welcome to the v0.10.4 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Disaster Recovery

• support for creating etcd snapshots (backups) with talosctl etcd snapshot command.
• etcd cluster can be recovered from a snapshot using talosctl boostrap --recover-from= command.

Install Disk Selector

Install section of the machine config now has diskSelector field that allows querying install disk using the list of qualifiers:

...
  install:
    diskSelector:
      size: >= 500GB
      model: WDC*
...

talosctl disks -n <node> -i can be used to check allowed disk qualifiers when the node is running in the maintenance mode.

Inline Kubernetes Manifests

• boostrap manifests can now be submitted in the configuration body using the cluster.inlineManifests field.

Optmizations

• Talos system services now run without container images on initramfs from the single executable; this change reduces RAM usage, initramfs size and boot time..

SBCs

• u-boot version was updated to fix the boot and USB issues on Raspberry Pi 4 8GiB version.
• added support for Rock Pi 4.

Time Synchronization

• timed service was replaced with a time sync controller, no machine configuration changes.
• Talos now prefers last successful time server (by IP address) on each sync attempt (improves sync accuracy).

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Spencer Smith
• Jorik Jonker
• Seán C McCord
• Andrew Rynhard
• Branden Cash
• Brandon McNama
• Brandon Nason
• Gabor Nyiri
• Jorik Jonker
• Lennard Klein
• Matt Zahorik
• bzub

Changes

• 93cb5477f release(v0.10.4): prepare release
• ae5bbf58b feat: update Linux kernel with support for HP ILO driver
• 1e19e3720 fix: prefer extraConfig over OVF env, skip empty config
• e53dff8b9 feat: create certificates with os:admin role
• 828772cec release(v0.10.3): prepare release
• 70ee15b79 fix: stop networkd and pods before leaving etcd on upgrade
• 1e9496b80 fix: properly populate AllowSchedulingOnMasters option in gen config RPC
• 166618b21 feat: update containerd to 1.4.6, runc to 1.0.0-rc95
• 8d73bc599 release(v0.10.2): prepare release
• 20ad263b4 feat: update Kubernetes to 1.21.1
• 4941356f4 feat: update go-smbios library
• 747903a10 fix: stop networkd before leaving etcd on 'reset' path
• 6fd98d95b fix: update the way NTP sync uses adjtimex syscall
• f1298f6e3 fix: avoid data race on CRI pod stop
• 994bdb5af feat: update containerd to 1.4.5, runc to 1.0.0-rc94
• d0a3d69d5 release(v0.10.1): prepare release
• 99de689d0 feat: pull kernel with VMware balloon module enabled
• 194baa3d6 fix: properly parse matcher expressions
• c613d3e22 fix: bump crypto library for the CSR verification fix
• 25fa7a191 chore: remove security API ReadFile/WriteFile
• e415c81ad feat: add --config-patch flag by node type
• 801808c54 fix: use both self-signed and Kubernetes CA to verify Kubelet cert
• 905336940 release(v0.10.0): prepare release
• 280b5940c fix: update osType in OVA other3xLinux64Guest"
• b338628dc fix: check if OVF env is empty
• 4e664ce17 chore: list specifically for enabled regions
• c07b5152a release(v0.10.0-beta.1): prepare release
• e1475256e test: implement talosctl conformance command to run e2e tests
• 564b45ba2 fix: update etcd client errors, print etcd join failures
• 9fde88cc4 feat: provide an option to recover etcd from data directory copy
• 54f243c46 feat: update kernel config for rpi to improve performance by 3x
• 8ed75c84a release(v0.10.0-beta.0): prepare release
• e69732ed5 feat: provide Talos machine config with field placeholders and docs
• f0970ea7f fix: zero out manifest contents before setting new value
• 8b8542e3b feat: add support for reading OVF data on VMWare
• 04dbafca7 feat: update Linux to 5.10.29
• 3dc7b8a8a chore: fix import path mismerge
• 2402f20c2 feat: implement inline manifests in the machine configuration
• e26c977d8 fix: check retryable network errors by interface
• 767f3b95e chore: apply coverage analysis to all packages
• 7b0ac4682 test: extend unit-tests for config contract parsing
• d24df8f84 chore: re-import talos-systems/os-runtime as cosi-project/runtime
• cae25909f chore: use Go 1.16 global install command
• d5e2a45db feat: validate the machine configuration in the installer container
• ef24fd6a0 chore: bump dependencies via dependabot
• 94520b03f docs: fixup typo in encryption guide command
• e3585f24b chore: update Linux to 5.10.28, u-boot to final 2021.04 release
• daf220874 test: update upgrade tests to 0.10 release
• 1fcf38f9d feat: add support for "none" CNI type
• 37a5edf04 feat: update Kubernetes to 1.21.0 release
• 30f687b41 fix: document HDMI problem on RPi 4
• 29da22d06 feat: add config validation warnings
• eee7ad13a release(v0.10.0-alpha.2): prepare release
• e0650218a feat: support etcd recovery from snapshot on bootstrap
• 247bd50e0 docs: describe steps to install and boot Talos from the SSD on rockpi4
• e6b4e524f test: update CAPA to 0.6.4
• 28753f6dc fix: trim endpoints/nodes from arguments in talosctl config
• aca63b882 docs: fix "DigitalOcean" spelling
• 33035901f fix: revert mark PMBR EFI partition as bootable
• fbfd1eb2b refactor: pull new version of os-runtime, update code
• 8737ea716 feat: allow external cloud provides configration
• 3909e2d01 chore: update Go to 1.16.3
• 690eb20e9 chore: update blockdevice library for PMBR bootable fix
• a8761b8e1 fix: require leader on etcd member operations
• 3dc84625c fix: make both HDMI ports work on RPi 4
• bd5ae1e0b fix: add a check for overlay mounts in installer pre-flight checks
• df8649cbe refactor: download modules before go generate
• 39ae0415e chore: bump dependencies via dependabot
• e16d6d346 fix: publish rockpi4 image to release artifacts
• 39c6dbcc7 feat: add --config-patch parameter to talosctl gen config
• e664362ce feat: add API and command to save etcd snapshot (backup)
• 61b694b94 fix: create rootfs for system services via /system tmpfs
• abc2e17eb test: update 0.9.x version in upgrade tests to 0.9.1
• a1e641540 fix: retry Kubernetes API errors on cordon/uncordon/etc
• 063d1abe9 fix: print task failure error immediately
• e039172ed fix: ignore EOF errors from Kubernetes API when converting control plane
• 7bcb91a43 docs: fix typo for stage flag
• a43acb215 feat: bring in Linux 5.10.27, support for 32-bit time syscalls
• e2bb5973d release(v0.10.0-alpha.1): prepare release
• 8309312a3 chore: build components with race detector enabled in dev mode
• 7d9125847 test: fix data race in apply config tests
• 204caf8eb test: fix apply-config integration test, bump clusterctl version
• d812099df fix: address several issues in TUI installer
• 269c9ad09 fix: don't write to config object on access
• a9451f571 feat: update Kubernetes to 1.21.0-beta.1
• 4b42ced4c feat: add ability to disable comments in talosctl gen config
• a0dcfc3d5 fix: workaround race in containerd runner with stdin pipe
• 2ea20f598 feat: replace timed with time sync controller
• c38a161ad test: add unit-test for machine config validation
• a6106815b chore: bump dependencies via dependabot
• 35598f391 chore: refactor: extract ClusterConfig
• 032851844 fix: get rid of data race in encoder and fix concurrent map access
• 4b3580aa5 fix: prevent panic in validate config if machine.install is missing
• d7e9f6d6a chore: build integration tests with -race
• 9f7d67ac7 chore: fix typo
• 672c97073 fix: allow convert-k8s --remove-initialized-keys with K8s cp is down
• fb605a0fc chore: tweak nolintlint settings
• 1f5a0c406 fix: resolve the issue with Kubernetes upgrade
• 74b2b5578 docs: update AWS docs to ensure instances are tagged
• dc21d9b4b chore: remove old file
• 966caf7a6 chore: remove unused module replace directives
• 98b22f1e0 feat: show short options in talosctl kubeconfig
• 51139d54d chore: cache go modules in the build
• 65701aa72 fix: resolve the issue with DHCP lease not being renewed
• 711f5b23b fix: config validation: CNI should apply to cp nodes, encryption config
• 5ff491d96 fix: allow empty list for CNI URLs
• 946e74f04 docs: update path for kernel downloads in qemu docs
• ed272e604 feat: update Kubernetes to 1.21.0-beta.0
• b0209fd29 refactor: move networkd, timed APIs to machined, remove routerd
• 6ffabe516 feat: add ability to find disk by disk properties
• ac8764702 refactor: move apid, routerd, timed and trustd to single executable
• 89a4b09fe refactor: run networkd as a goroutine in machined
• f4a6a19cd chore: update sonobuoy
• dc294db16 chore: bump dependencies via dependabot
• 2b1641a3b docs: add AMIs for Talos 0.9.0
• 79ceb428d docs: make v0.9 the default docs
• a5b62f4dc docs: add documentation for Talos 0.10
• ce795f1ce fix: command etcd remove-member shouldn't remove etcd data directory
• aab49a167 fix: repair zsh completion
• fc9c416a3 fix: build rockpi4 metal image as part of CI build
• 125b86f4e fix: upgrade-k8s bug with empty config values and provision script
• 8b2d228dc chore: add script for starting registry proxies
• f7d276b85 chore: remove old osctl reference
• 5b14d6f2b chore: fix make help output
• f0512dfce feat: update Kubernetes to 1.20.5
• 24cd0a206 feat: publish talosctl container image
• 6e17102c2 chore: remove unused code
• 881044074 docs: add control plane in-depth guide
• ecf034496 chore: bump Go to 1.16.2
• cbc38418d release(v0.10.0-alpha.0): prepare release
• 3455a8e81 chore: use new release tool for changelogs and release notes
• 08271ba93 chore: use Go 1.16 language version
• 7662d033b fix: talosctl health should not check kube-proxy when it is disabled
• 0dbaeb9e6 chore: update tools, use new generators
• e31790f6f fix: properly format spec comments in the resources
• 78d384ebb test: update aws cloud provider version
• 3c5bfbb47 fix: don't touch any partitions on upgrade with --preserve
• 891f90fee chore: update Linux to 5.10.23
• d4d77882e chore: update dependencies via dependabot
• 2e22f20bd docs: minor fixes to getting started
• ca8a5596c chore: fix provision tests after changes to build-container
• 4aae924c6 refactor: provide explicit logger for networkd
• 22f375300 chore: update golanci-lint to 1.38.0
• 83b4e7f74 feat: add Rock pi 4 support
• 1362966ff docs: rewrite getting-started for ISO
• 8e57fc4f5 fix: move containerd CRI config files under /var/
• 6f7df3da1 fix: update output of convert-k8s command
• dce6118c2 docs: add guide for VIP
• ee5d9ffac chore: bump Go to 1.16.1
• 7c529e1cb docs: fix links in the documentation
• f596c7f6b docs: add video for raspberry pi install
• 47324dcae docs: add guide on editing machine configuration
• 99d5f894e chore: update website npm dependencies
• 11056a803 docs: add highlights for 0.9 release
• ae8bedb9a docs: add control plane conversion guide and 0.9 upgrade notes
• ed9673e50 docs: add troubleshooting control plane documentation
• 485cb1262 docs: update Kubernetes upgrade guide

Changes since v0.10.3

• 93cb5477f release(v0.10.4): prepare release
• ae5bbf58b feat: update Linux kernel with support for HP ILO driver
• 1e19e3720 fix: prefer extraConfig over OVF env, skip empty config
• e53dff8b9 feat: create certificates with os:admin role

Changes from talos-systems/crypto

• 4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/extras

• d39dc41 chore: use 0.5.0 tagged images of pkgs and tools
• cf3934a feat: build with Go 1.16.3
• c0fa0c0 feat: bump Go to 1.16.2
• 5f89d77 feat: bump Go to 1.16.1

Changes from talos-systems/go-blockdevice

• 1d830a2 fix: revert mark the EFI partition in PMBR as bootable
• bec914f fix: mark the EFI partition in PMBR as bootable
• 776b37d feat: add options to probe disk by various sysblock parameters

Changes from talos-systems/go-smbios

• d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

• 15654f6 feat: enable HP ILO kernel module (both amd64 arm64)
• 2f9eccf feat: update containerd to 1.4.6
• d63b9ac feat: update runc to 1.0.0-rc95
• 80ebaa7 feat: update containerd to 1.4.5, runc to 1.0.0-rc94
• 6b85f48 feat: enable VMware baloon kernel module
• 5dd650b feat: add cpu scaling for rpi
• b636cac feat: update Linux to 5.10.29
• cd77b6e chore: update tools tag to v0.5.0
• 98964cb feat: update Linux to 5.10.28
• 009ef35 feat: update uboot to 2021.04 stable
• 9a6cf6b feat: build with Go 1.16.3
• 60ce626 feat: update Linux to 5.10.27, enable 32-bit time syscalls
• fdf4866 feat: bump tools for Go 1.16.2
• 35f9b6f feat: update kernel to 5.10.23
• dbae83e fix: do not use git-lfs for rockpi4 binaries
• 1c6b9a3 feat: bump tools for Go 1.16.1
• c18073f feat: add u-boot for Rock Pi 4
• 6b85a2b feat: upgrade u-boot to 2021.04-rc3

Changes from talos-systems/tools

• 1f26def feat: update Go to 1.16.3
• 41b8073 feat: bump protobuf-related tools
• f7bce92 chore: bump Go to 1.16.2
• bcf3380 feat: bump protobuf deps, add protoc-gen-go-grpc
• b49c40e feat: bump Go to 1.16.1

Dependency Changes

• github.com/containerd/containerd v1.4.4 -> v1.4.6
• github.com/coreos/go-semver v0.3.0 new
• github.com/cosi-project/runtime 10d6103c19ab new
• github.com/golang/protobuf v1.4.3 -> v1.5.2
• github.com/google/go-cmp v0.5.4 -> v0.5.5
• github.com/hashicorp/go-multierror v1.1.0 -> v1.1.1
• github.com/talos-systems/crypto 39584f1b6e54 -> 4f80b976b640
• github.com/talos-systems/extras v0.2.0-1-g0db3328 -> v0.3.0
• github.com/talos-systems/go-blockdevice bb3ad73f6983 -> 1d830a25f64f
• github.com/talos-systems/go-smbios fb425d4727e6 -> d3a32bea731a
• github.com/talos-systems/pkgs v0.4.1-2-gd471b60 -> v0.5.0-6-g15654f6
• github.com/talos-systems/tools v0.4.0-1-g3b25a7e -> v0.5.0
• github.com/vmware/govmomi v0.24.0 new
• go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0 new
• google.golang.org/grpc v1.36.0 -> v1.37.0
• google.golang.org/protobuf v1.25.0 -> v1.26.0
• k8s.io/api v0.20.5 -> v0.21.0
• k8s.io/apimachinery v0.20.5 -> v0.21.0
• k8s.io/apiserver v0.20.5 -> v0.21.0
• k8s.io/client-go v0.20.5 -> v0.21.0
• k8s.io/cri-api v0.20.5 -> v0.21.0
• k8s.io/kubectl v0.20.5 -> v0.21.0
• k8s.io/kubelet v0.20.5 -> v0.21.0

Previous release can be found at v0.9.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.3.0
docker.io/coredns/coredns:1.8.0
gcr.io/etcd-development/etcd:v3.4.15
k8s.gcr.io/kube-apiserver:v1.21.1
k8s.gcr.io/kube-controller-manager:v1.21.1
k8s.gcr.io/kube-scheduler:v1.21.1
k8s.gcr.io/kube-proxy:v1.21.1
ghcr.io/talos-systems/kubelet:v1.21.1
ghcr.io/talos-systems/installer:v0.10.4
k8s.gcr.io/pause:3.2

Talos 0.11.0-alpha.1 (2021-06-18)

Welcome to the v0.11.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Default to Bootstrap workflow

The init.yaml is no longer an output of talosctl gen config.
We now encourage using the bootstrap API, instead of init node types, as we
intend on deprecating this machine type in the future.
The init.yaml and controlplane.yaml machine configs are identical with the
exception of the machine type.
Users can use a modified controlplane.yaml with the machine type set to
init if they would like to avoid using the bootstrap API.

Component Updates

• containerd was updated to 1.5.2
• Linux kernel was updated to 5.10.38

CoreDNS

Added the flag cluster.coreDNS.disabled to coreDNS deployment during the cluster bootstrap.

Legacy BIOS Support

Added an option to the machine.install section of the machine config that can enable marking MBR partition bootable
for the machines that have legacy BIOS which does not support GPT partitioning scheme.

Multi-arch Installer

Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture.
This means that e.g. images for arm64 SBCs can be generated on amd64 host.

Networking Configuration

Talos networking configuration was completely rewritten to be based on controllers
and resources.
There are no changes to the machine configuration, but any update to .machine.network can now
be applied in immediate mode (without a reboot).
Talos should be setting up network configuration much faster on boot now, not blocking on DHCP for unconfigured
interfaces and skipping the reset network step.

Talos API RBAC

Limited RBAC support in Talos API is now enabled by default for Talos 0.11.
Default talosconfig has os:admin role embedded in the certificate so that all the APIs are available.
Certificates with reduced set of roles can be created with talosctl config new command.

When upgrading from Talos 0.10, RBAC is not enabled by default. Before enabling RBAC, generate talosconfig with
os:admin role first to make sure that administrator still has access to the cluster when RBAC is enabled.

List of available roles:

• os:admin role enables every Talos API
• os:reader role limits access to read-only APIs which do not return sensitive data
• os:etcd:backup role only allows talosctl etcd snapshot API call (for etcd backup automation)

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Jorik Jonker
• Spencer Smith
• Andrew Rynhard
• Serge Logvinov
• Andrew LeCody
• Kevin Hellemun
• Boran Car
• Brandon Nason
• Gabor Nyiri
• Joost Coelingh
• Lance R. Vick
• Lennard Klein
• Seán C McCord
• Sébastien Bernard
• Sébastien Bernard

Changes

• e13d905c2 release(v0.11.0-alpha.1): prepare release
• 70ac771e0 fix: use localhost API server endpoint for internal communication
• a941eb7da feat: improve security of Kubernetes control plane components
• 3aae94e53 feat: provide Kubernetes nodename as a COSI resource
• 06209bba2 chore: update RBAC rules, remove old APIs
• 9f24b519d chore: remove bootkube check from cluster health check
• 4ac9bea27 fix: stop etcd client logs from going to the server console
• f63ab9dd9 feat: implement talosctl config new command
• fa15a6687 fix: don't enable RBAC feature in the config for Talos < 0.11
• 2dc27d996 fix: do not format state partition in the initialize sequence
• b609f33cd fix: update networking stack after Equnix Metal testing
• 243a3b53e fix: separate healthy and unknown flags in the service resource
• 1a1378be1 fix: update retry package with a fix for errors.Is
• cb83edd7f fix: wait for the network to be ready in mainteancne mode
• 96f89071c feat: update controller-runtime logs to console level on config.debug
• 973069b61 feat: support NFS 4.1
• 654dcad47 chore: bump dependencies via dependabot
• d7394457d fix: don't treat ethtool errors as fatal
• f2ae9cd0c feat: replace networkd with new network implementation
• caec3063c fix: do not complain about empty roles
• 11918a110 docs: update community meeting time
• aeddb9c09 feat: implement platform config controller (hostnames)
• 1ece334da feat: implement controller which runs network operators
• 744ea8a5d fix: do not add bootstrap contents option if tail events is not 0
• 5029edfb7 fix: overwrite nodes in the gRPC metadata
• 6a35c8f11 feat: implement virtual IP (shared IP) network operator
• 0f3b83803 chore: expose WatchRequest in the resources client
• 11e258b15 feat: implement operator configuration controller
• ce3815e75 feat: implement DHCP6 operator
• f010d99af feat: implement operator framework with DHCP4 as the first example
• f93c9c8fa feat: bring unconfigured links with link carrier up by default
• 02bd657b2 feat: implement network.Status resource and controller
• da329f00a feat: enable RBAC by default
• 0f168a880 feat: add configuration for enabling RBAC
• e74f789b0 feat: implement EtcFileController to render files in /etc
• 5aede1a83 fix: prefer extraConfig over OVF env, skip empty config
• 5ad314fe7 feat: implement basic RBAC interceptors
• c031be813 chore: use Go 1.16.5
• 8b0763f6a chore: bump dependencies via dependabot
• 8b8de11d9 feat: implement new controllers for hostname, resolvers and time servers
• 24859b141 docs: update Rpi4 firmware guide
• 62c702c4f fix: remove conflicting etcd member on rejoin with empty data directory
• ff62a5998 fix: drop into maintenance mode if config URL is none (metal)
• 14e696d06 feat: update COSI runtime and add support for tail in the Talos gRPC
• a71053fcd feat: default to bootstrap workflow
• 76aac4bb2 feat: implement CPU and Memory stats controller
• 8f90c6a8e feat: parse Talos-specific cmdline params
• ed10e139c feat: implement NodeAddress controller
• 33db8857a fix: use COSI runtime DestroyReady input type
• 6e7753639 refactor: rename *.Status() to *.TypedSpec() in the resources
• 97627061d docs: set static IP on ISO install mode
• 5811f4dda feat: implement link (interface) controllers
• 046b229b1 chore: skip building multi-arch installer for race-enabled build
• 73fbb4b52 fix: only fetch machine uuid if it's not set
• f112a540b fix: clean up stale snapshots on container start
• c036b9494 chore: bump dependencies
• a4d67a018 feat: add the ability to disable CoreDNS
• 76dbfb369 feat: add ability to mark MBR partition bootable
• e0f5b1e20 chore: split mgmt/gen.go into several files
• fad1b4f1f chore: fix go generate for the machinery
• 1117294ad release(v0.11.0-alpha.0): prepare release
• c09629466 chore: prepare for 0.11 release series
• 723597657 feat: enable GORACE=halt_on_panic=1 in machined binary
• 0acb04ad7 feat: implement route network controllers
• f5bf88a4c feat: create certificates with os:admin role
• 1db301edf feat: switch controller-runtime to zap.Logger
• f7cf64d42 fix: add talos.config to the vApp Properties in VMware OVA
• 209527ecc docs: add AMIs for Talos 0.10.3
• 59cfd312c chore: bump dependencies via dependabot
• 1edb20cf9 feat: extract config generation
• af77c2956 docs: update wirguard guide
• 4fe691214 test: better talosctl ls tests
• 04ddda962 feat: update containerd to 1.5.2, runc to 1.0.0-rc95
• 49c7276b1 chore: fix markdown linting
• 7270495ac docs: add mayastor quickstart
• d3d9112f2 docs: fix spelling/grammar in What's New for Talos 0.9
• 82804414f test: provide a way to force different boot order in provision library
• a1c0e99a1 docs: add guide for deploying metrics-server
• 6bc6658b5 feat: update containerd to 1.5.1
• c6567fae9 chore: dependabot updates
• 61ccbb3f5 chore: keep debug symbols in debug builds
• 1ce362e05 docs: update customizing kernel build steps
• a26174b54 fix: properly compose pattern and header in etcd members output
• 0825cf11f fix: stop networkd and pods before leaving etcd on upgrade
• bed6b15d6 fix: properly populate AllowSchedulingOnMasters option in gen config RPC
• 071f04456 feat: implement AddressSpec handling
• 76e38b7b8 feat: update Kubernetes to 1.21.1
• 9b1338d98 chore: parse "boolean" variables
• c81cfb216 chore: allow building with debug handlers
• c9651673b feat: update go-smbios library
• 95c656fb7 feat: update containerd to 1.5.0, runc to 1.0.0-rc94
• db9c35b57 feat: implement AddressStatusController
• 1cf011a80 chore: bump dependencies via dependabot
• e3f407a1d fix: properly pass disk type selector from config to matcher
• 66b2b4505 feat: add resources and use HTTPS checks in control plane pods
• 4ffd7c0ad fix: stop networkd before leaving etcd on 'reset' path
• 610d38d30 docs: add AMIs for 0.10.1, collapse list of AMIs by default
• 807497ec2 chore: make conformance pipeline depend on cron-default
• 3c1213596 feat: implement LinkStatusController
• 0e8de0469 fix: update go-blockdevice to fix disk type detection
• 4d50a4edd fix: update the way NTP sync uses adjtimex syscall
• 1a85c14a5 fix: avoid data race on CRI pod stop
• 5de8dbc06 fix: repair pine64 support
• 382390973 fix: properly parse matcher expressions
• e54b6b7a3 chore: update dependencies via dependabot
• f2caed0df chore: use extracted talos-systems/go-kmsg library
• 79d804c5b docs: fix typos
• a2bb390e1 feat: deterministic builds
• e480fedff feat: add USB serial drivers
• 79299d761 docs: add Matrix room links
• 1b3e8b09e docs: add survey to README
• 8d51c9bb1 docs: update redirects to Talos 0.10
• 1092c3a50 feat: add Pine64 SBC support
• 63e017543 feat: pull kernel with VMware balloon module enabled
• aeec99d82 chore: remove temporary fork
• 0f49722d0 feat: add --config-patch flag by node type
• a01b1d22d chore: dump dependencies via dependabot
• d540a4a47 fix: bump crypto library for the CSR verification fix
• c3a4173e1 chore: remove security API ReadFile/WriteFile
• 38037131c chore: update wgctrl dependecy
• d9ba0fd01 docs: create v0.11 docs, promote v0.10 docs, add v0.10 AMIs
• 2261d7ed0 fix: use both self-signed and Kubernetes CA to verify Kubelet cert
• a3537a691 docs: update cloud images for Talos v0.9.3
• 5b9ee8617 docs: add what's new for Talos 0.10
• f1107fa3a docs: add survey
• 93623d47f docs: update AWS instructions
• a739d1b8a feat: add support of custom registry CA certificate usage
• 7f468d350 fix: update osType in OVA other3xLinux64Guest"
• 4a184b67d docs: add etcd backup and restore guide
• 5fb38d3e5 chore: refactor Dockerfile for cross-compilation
• a8f1e526b chore: build talosctl for Darwin / Apple Silicon
• eb0b64d31 chore: list specifically for enabled regions
• 669a0cbdc fix: check if OVF env is empty
• da92049c0 chore: use codecov from the build container
• 9996d4b02 chore: use REGISTRY_MIRROR_FLAGS if defined
• 05cbe250c chore: bump dependencies via dependabot
• 9a91142a3 feat: print complete member info in etcd members
• bb40d6dd0 feat: update pkgs version
• e7a9164b1 test: implement talosctl conformance command to run e2e tests
• 6cb266e74 fix: update etcd client errors, print etcd join failures
• 0bd8b0e80 feat: provide an option to recover etcd from data directory copy
• f98185408 chore: fix conform with scopes
• 21018f28c chore: bump website node.js dependencies

Changes since v0.11.0-alpha.0

• e13d905c2 release(v0.11.0-alpha.1): prepare release
• 70ac771e0 fix: use localhost API server endpoint for internal communication
• a941eb7da feat: improve security of Kubernetes control plane components
• 3aae94e53 feat: provide Kubernetes nodename as a COSI resource
• 06209bba2 chore: update RBAC rules, remove old APIs
• 9f24b519d chore: remove bootkube check from cluster health check
• 4ac9bea27 fix: stop etcd client logs from going to the server console
• f63ab9dd9 feat: implement talosctl config new command
• fa15a6687 fix: don't enable RBAC feature in the config for Talos < 0.11
• 2dc27d996 fix: do not format state partition in the initialize sequence
• b609f33cd fix: update networking stack after Equnix Metal testing
• 243a3b53e fix: separate healthy and unknown flags in the service resource
• 1a1378be1 fix: update retry package with a fix for errors.Is
• cb83edd7f fix: wait for the network to be ready in mainteancne mode
• 96f89071c feat: update controller-runtime logs to console level on config.debug
• 973069b61 feat: support NFS 4.1
• 654dcad47 chore: bump dependencies via dependabot
• d7394457d fix: don't treat ethtool errors as fatal
• f2ae9cd0c feat: replace networkd with new network implementation
• caec3063c fix: do not complain about empty roles
• 11918a110 docs: update community meeting time
• aeddb9c09 feat: implement platform config controller (hostnames)
• 1ece334da feat: implement controller which runs network operators
• 744ea8a5d fix: do not add bootstrap contents option if tail events is not 0
• 5029edfb7 fix: overwrite nodes in the gRPC metadata
• 6a35c8f11 feat: implement virtual IP (shared IP) network operator
• 0f3b83803 chore: expose WatchRequest in the resources client
• 11e258b15 feat: implement operator configuration controller
• ce3815e75 feat: implement DHCP6 operator
• f010d99af feat: implement operator framework with DHCP4 as the first example
• f93c9c8fa feat: bring unconfigured links with link carrier up by default
• 02bd657b2 feat: implement network.Status resource and controller
• da329f00a feat: enable RBAC by default
• 0f168a880 feat: add configuration for enabling RBAC
• e74f789b0 feat: implement EtcFileController to render files in /etc
• 5aede1a83 fix: prefer extraConfig over OVF env, skip empty config
• 5ad314fe7 feat: implement basic RBAC interceptors
• c031be813 chore: use Go 1.16.5
• 8b0763f6a chore: bump dependencies via dependabot
• 8b8de11d9 feat: implement new controllers for hostname, resolvers and time servers
• 24859b141 docs: update Rpi4 firmware guide
• 62c702c4f fix: remove conflicting etcd member on rejoin with empty data directory
• ff62a5998 fix: drop into maintenance mode if config URL is none (metal)
• 14e696d06 feat: update COSI runtime and add support for tail in the Talos gRPC
• a71053fcd feat: default to bootstrap workflow
• 76aac4bb2 feat: implement CPU and Memory stats controller
• 8f90c6a8e feat: parse Talos-specific cmdline params
• ed10e139c feat: implement NodeAddress controller
• 33db8857a fix: use COSI runtime DestroyReady input type
• 6e7753639 refactor: rename *.Status() to *.TypedSpec() in the resources
• 97627061d docs: set static IP on ISO install mode
• 5811f4dda feat: implement link (interface) controllers
• 046b229b1 chore: skip building multi-arch installer for race-enabled build
• 73fbb4b52 fix: only fetch machine uuid if it's not set
• f112a540b fix: clean up stale snapshots on container start
• c036b9494 chore: bump dependencies
• a4d67a018 feat: add the ability to disable CoreDNS
• 76dbfb369 feat: add ability to mark MBR partition bootable
• e0f5b1e20 chore: split mgmt/gen.go into several files
• fad1b4f1f chore: fix go generate for the machinery

Changes from talos-systems/crypto

• 6bc5bb5 chore: remove unused argument
• cd18ef6 feat: add support for several organizations
• 97c888b chore: add options to CSR
• 7776057 chore: fix typos
• 80df078 chore: remove named result parameters
• 15bdd28 chore: minor updates
• 4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/extras

• 4fe2706 feat: build with Go 1.16.5

Changes from talos-systems/go-blockdevice

• 30c2bc3 feat: mark MBR bootable
• 1292574 fix: make disk type matcher parser case insensitive
• b77400e fix: properly detect nvme and sd card disk types

Changes from talos-systems/go-debug

• 3d0a6e1 feat: race build tag flag detector
• 5b292e5 feat: disable memory profiling by default
• c6d0ae2 fix: linters and CI
• d969f95 feat: initial implementation
• b2044b7 Initial commit

Changes from talos-systems/go-kmsg

• 2edcd3a feat: add initial version
• 53cdd8d chore: initial commit

Changes from talos-systems/go-loadbalancer

• a445702 feat: allow dial timeout and keep alive period to be configurable
• 3c8f347 feat: provide a way to configure logger for the loadbalancer
• da8e987 feat: implement Reconcile - ability to change upstream list on the fly

Changes from talos-systems/go-retry

• c78cc95 fix: implement errors.Is for all errors in the set
• 7885e16 feat: add ExpectedErrorf
• 3d83f61 feat: deprecate UnexpectedError

Changes from talos-systems/go-smbios

• d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

• 2d51360 feat: support NFS 4.1
• e63e4e9 feat: bump tools for Go 1.16.5
• 1f8af29 feat: update Linux to 5.10.38
• a3a6650 feat: update containerd to 1.5.2
• c70ea44 feat: update runc to 1.0.0-rc95
• db60235 feat: add support for netxen card
• f934187 feat: update containerd to 1.5.1
• e8ed5bc feat: add geneve encapsulation support for openvswitch
• 9f7903c feat: update containerd to 1.5.0, runc to -rc94
• d7c0f70 feat: add AES-NI support for amd64
• b0d9cd2 fix: build zbin utility for both amd64 and arm64
• bb39b97 feat: add IPMI support in kernel
• 1148f9a feat: add DS1307 RTC support for arm64
• 350aa6f feat: add USB serial support
• de9c582 feat: add Pine64 SBC support
• b56f36b feat: enable VMware baloon kernel module
• f87c194 feat: add iPXE build with embedded placeholder script
• a8b9e71 feat: add cpu scaling for rpi

Changes from talos-systems/tools

• c8c2a18 feat: update Go to 1.16.5

Dependency Changes

• github.com/aws/aws-sdk-go v1.27.0 new
• github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
• github.com/containerd/containerd v1.4.4 -> v1.5.2
• github.com/containerd/go-cni v1.0.1 -> v1.0.2
• github.com/containerd/typeurl v1.0.1 -> v1.0.2
• github.com/coreos/go-iptables v0.5.0 -> v0.6.0
• github.com/cosi-project/runtime 10d6103c19ab -> ca95c7538d17
• github.com/docker/docker v20.10.4 -> v20.10.7
• github.com/emicklei/dot v0.15.0 -> v0.16.0
• github.com/fatih/color v1.10.0 -> v1.12.0
• github.com/google/go-cmp v0.5.5 -> v0.5.6
• github.com/google/gofuzz v1.2.0 new
• github.com/googleapis/gnostic v0.5.5 new
• github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.2 -> v1.5.3
• github.com/imdario/mergo v0.3.12 new
• github.com/insomniacslk/dhcp cc9239ac6294 -> fb4eaaa00ad2
• github.com/jsimonetti/rtnetlink 1b79e63a70a0 -> b34cb89a106b
• github.com/magiconair/properties v1.8.5 new
• github.com/mattn/go-isatty v0.0.12 -> v0.0.13
• github.com/mdlayher/arp f72070a231fc new
• github.com/mdlayher/ethtool 2b88debcdd43 new
• github.com/mdlayher/netlink v1.4.0 -> v1.4.1
• github.com/mdlayher/raw 51b895745faf new
• github.com/mitchellh/mapstructure v1.4.1 new
• github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> e6143ca7d51d
• github.com/pelletier/go-toml v1.9.0 new
• github.com/rivo/tview 8a8f78a6dd01 -> 807e706f86d1
• github.com/rs/xid v1.2.1 -> v1.3.0
• github.com/sirupsen/logrus v1.8.1 new
• github.com/spf13/afero v1.6.0 new
• github.com/spf13/cast v1.3.1 new
• github.com/spf13/viper v1.7.1 new
• github.com/talos-systems/crypto 39584f1b6e54 -> 6bc5bb50c527
• github.com/talos-systems/extras v0.3.0 -> v0.3.0-1-g4fe2706
• github.com/talos-systems/go-blockdevice 1d830a25f64f -> 30c2bc3cb62a
• github.com/talos-systems/go-debug 3d0a6e1bf5e3 new
• github.com/talos-systems/go-kmsg v0.1.0 new
• github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
• github.com/talos-systems/go-retry b9dc1a990133 -> c78cc953d9e9
• github.com/talos-systems/go-smbios fb425d4727e6 -> d3a32bea731a
• github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-alpha.0-8-g2d51360
• github.com/talos-systems/talos/pkg/machinery 8ffb55943c71 -> 000000000000
• github.com/talos-systems/tools v0.5.0 -> v0.5.0-1-gc8c2a18
• github.com/vishvananda/netns 2eb08e3e575f new
• github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.51.0
• github.com/vmware/govmomi v0.24.0 -> v0.26.0
• go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0-rc.1
• go.etcd.io/etcd/client/pkg/v3 v3.5.0-rc.1 new
• go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0-rc.1
• go.etcd.io/etcd/etcdutl/v3 v3.5.0-rc.1 new
• go.uber.org/zap v1.17.0 new
• golang.org/x/net e18ecbb05110 -> abc453219eb5
• golang.org/x/oauth2 81ed05c6b58c new
• golang.org/x/sys 77cc2087c03b -> ebe580a85c40
• golang.org/x/term 6a3ed077a48d -> a79de5458b56
• golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> 92e472f520a5
• google.golang.org/appengine v1.6.7 new
• google.golang.org/grpc v1.37.0 -> v1.38.0
• gopkg.in/ini.v1 v1.62.0 new
• inet.af/netaddr 1d252cf8125e new
• k8s.io/api v0.21.0 -> v0.21.1
• k8s.io/apimachinery v0.21.0 -> v0.21.1
• k8s.io/apiserver v0.21.0 -> v0.21.1
• k8s.io/client-go v0.21.0 -> v0.21.1
• k8s.io/kubectl v0.21.0 -> v0.21.1
• k8s.io/kubelet v0.21.0 -> v0.21.1
• k8s.io/utils 2afb4311ab10 new
• sigs.k8s.io/structured-merge-diff/v4 v4.1.1 new

Previous release can be found at v0.10.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.3.0-1-g4fe2706
docker.io/coredns/coredns:1.8.0
gcr.io/etcd-development/etcd:v3.4.15
k8s.gcr.io/kube-apiserver:v1.21.1
k8s.gcr.io/kube-controller-manager:v1.21.1
k8s.gcr.io/kube-scheduler:v1.21.1
k8s.gcr.io/kube-proxy:v1.21.1
ghcr.io/talos-systems/kubelet:v1.21.1
ghcr.io/talos-systems/installer:v0.11.0-alpha.1
k8s.gcr.io/pause:3.2

Talos 0.11.0-alpha.0 (2021-05-26)

Welcome to the v0.11.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Component Updates

• containerd was updated to 1.5.2
• Linux kernel was updated to 5.10.29

Multi-arch Installer

Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture.
This means that e.g. images for arm64 SBCs can be generated on amd64 host.

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Jorik Jonker
• Spencer Smith
• Serge Logvinov
• Andrew LeCody
• Andrew Rynhard
• Boran Car
• Brandon Nason
• Gabor Nyiri
• Joost Coelingh
• Kevin Hellemun
• Lance R. Vick
• Lennard Klein
• Seán C McCord
• Sébastien Bernard
• Sébastien Bernard

Changes

• 1117294ad release(v0.11.0-alpha.0): prepare release
• c09629466 chore: prepare for 0.11 release series
• 723597657 feat: enable GORACE=halt_on_panic=1 in machined binary
• 0acb04ad7 feat: implement route network controllers
• f5bf88a4c feat: create certificates with os:admin role
• 1db301edf feat: switch controller-runtime to zap.Logger
• f7cf64d42 fix: add talos.config to the vApp Properties in VMware OVA
• 209527ecc docs: add AMIs for Talos 0.10.3
• 59cfd312c chore: bump dependencies via dependabot
• 1edb20cf9 feat: extract config generation
• af77c2956 docs: update wirguard guide
• 4fe691214 test: better talosctl ls tests
• 04ddda962 feat: update containerd to 1.5.2, runc to 1.0.0-rc95
• 49c7276b1 chore: fix markdown linting
• 7270495ac docs: add mayastor quickstart
• d3d9112f2 docs: fix spelling/grammar in What's New for Talos 0.9
• 82804414f test: provide a way to force different boot order in provision library
• a1c0e99a1 docs: add guide for deploying metrics-server
• 6bc6658b5 feat: update containerd to 1.5.1
• c6567fae9 chore: dependabot updates
• 61ccbb3f5 chore: keep debug symbols in debug builds
• 1ce362e05 docs: update customizing kernel build steps
• a26174b54 fix: properly compose pattern and header in etcd members output
• 0825cf11f fix: stop networkd and pods before leaving etcd on upgrade
• bed6b15d6 fix: properly populate AllowSchedulingOnMasters option in gen config RPC
• 071f04456 feat: implement AddressSpec handling
• 76e38b7b8 feat: update Kubernetes to 1.21.1
• 9b1338d98 chore: parse "boolean" variables
• c81cfb216 chore: allow building with debug handlers
• c9651673b feat: update go-smbios library
• 95c656fb7 feat: update containerd to 1.5.0, runc to 1.0.0-rc94
• db9c35b57 feat: implement AddressStatusController
• 1cf011a80 chore: bump dependencies via dependabot
• e3f407a1d fix: properly pass disk type selector from config to matcher
• 66b2b4505 feat: add resources and use HTTPS checks in control plane pods
• 4ffd7c0ad fix: stop networkd before leaving etcd on 'reset' path
• 610d38d30 docs: add AMIs for 0.10.1, collapse list of AMIs by default
• 807497ec2 chore: make conformance pipeline depend on cron-default
• 3c1213596 feat: implement LinkStatusController
• 0e8de0469 fix: update go-blockdevice to fix disk type detection
• 4d50a4edd fix: update the way NTP sync uses adjtimex syscall
• 1a85c14a5 fix: avoid data race on CRI pod stop
• 5de8dbc06 fix: repair pine64 support
• 382390973 fix: properly parse matcher expressions
• e54b6b7a3 chore: update dependencies via dependabot
• f2caed0df chore: use extracted talos-systems/go-kmsg library
• 79d804c5b docs: fix typos
• a2bb390e1 feat: deterministic builds
• e480fedff feat: add USB serial drivers
• 79299d761 docs: add Matrix room links
• 1b3e8b09e docs: add survey to README
• 8d51c9bb1 docs: update redirects to Talos 0.10
• 1092c3a50 feat: add Pine64 SBC support
• 63e017543 feat: pull kernel with VMware balloon module enabled
• aeec99d82 chore: remove temporary fork
• 0f49722d0 feat: add --config-patch flag by node type
• a01b1d22d chore: dump dependencies via dependabot
• d540a4a47 fix: bump crypto library for the CSR verification fix
• c3a4173e1 chore: remove security API ReadFile/WriteFile
• 38037131c chore: update wgctrl dependecy
• d9ba0fd01 docs: create v0.11 docs, promote v0.10 docs, add v0.10 AMIs
• 2261d7ed0 fix: use both self-signed and Kubernetes CA to verify Kubelet cert
• a3537a691 docs: update cloud images for Talos v0.9.3
• 5b9ee8617 docs: add what's new for Talos 0.10
• f1107fa3a docs: add survey
• 93623d47f docs: update AWS instructions
• a739d1b8a feat: add support of custom registry CA certificate usage
• 7f468d350 fix: update osType in OVA other3xLinux64Guest"
• 4a184b67d docs: add etcd backup and restore guide
• 5fb38d3e5 chore: refactor Dockerfile for cross-compilation
• a8f1e526b chore: build talosctl for Darwin / Apple Silicon
• eb0b64d31 chore: list specifically for enabled regions
• 669a0cbdc fix: check if OVF env is empty
• da92049c0 chore: use codecov from the build container
• 9996d4b02 chore: use REGISTRY_MIRROR_FLAGS if defined
• 05cbe250c chore: bump dependencies via dependabot
• 9a91142a3 feat: print complete member info in etcd members
• bb40d6dd0 feat: update pkgs version
• e7a9164b1 test: implement talosctl conformance command to run e2e tests
• 6cb266e74 fix: update etcd client errors, print etcd join failures
• 0bd8b0e80 feat: provide an option to recover etcd from data directory copy
• f98185408 chore: fix conform with scopes
• 21018f28c chore: bump website node.js dependencies

Changes from talos-systems/crypto

• 4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/go-blockdevice

• 1292574 fix: make disk type matcher parser case insensitive
• b77400e fix: properly detect nvme and sd card disk types

Changes from talos-systems/go-debug

• 3d0a6e1 feat: race build tag flag detector
• 5b292e5 feat: disable memory profiling by default
• c6d0ae2 fix: linters and CI
• d969f95 feat: initial implementation
• b2044b7 Initial commit

Changes from talos-systems/go-kmsg

• 2edcd3a feat: add initial version
• 53cdd8d chore: initial commit

Changes from talos-systems/go-loadbalancer

• a445702 feat: allow dial timeout and keep alive period to be configurable
• 3c8f347 feat: provide a way to configure logger for the loadbalancer
• da8e987 feat: implement Reconcile - ability to change upstream list on the fly

Changes from talos-systems/go-smbios

• d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

• a3a6650 feat: update containerd to 1.5.2
• c70ea44 feat: update runc to 1.0.0-rc95
• db60235 feat: add support for netxen card
• f934187 feat: update containerd to 1.5.1
• e8ed5bc feat: add geneve encapsulation support for openvswitch
• 9f7903c feat: update containerd to 1.5.0, runc to -rc94
• d7c0f70 feat: add AES-NI support for amd64
• b0d9cd2 fix: build zbin utility for both amd64 and arm64
• bb39b97 feat: add IPMI support in kernel
• 1148f9a feat: add DS1307 RTC support for arm64
• 350aa6f feat: add USB serial support
• de9c582 feat: add Pine64 SBC support
• b56f36b feat: enable VMware baloon kernel module
• f87c194 feat: add iPXE build with embedded placeholder script
• a8b9e71 feat: add cpu scaling for rpi

Dependency Changes

• github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
• github.com/containerd/containerd v1.4.4 -> v1.5.2
• github.com/containerd/go-cni v1.0.1 -> v1.0.2
• github.com/containerd/typeurl v1.0.1 -> v1.0.2
• github.com/coreos/go-iptables v0.5.0 -> v0.6.0
• github.com/cosi-project/runtime 10d6103c19ab -> 8a4533ce68e2
• github.com/docker/docker v20.10.4 -> v20.10.6
• github.com/emicklei/dot v0.15.0 -> v0.16.0
• github.com/fatih/color v1.10.0 -> v1.11.0
• github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.2 -> v1.5.3
• github.com/mdlayher/ethtool 2b88debcdd43 new
• github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> e6143ca7d51d
• github.com/plunder-app/kube-vip v0.3.2 -> v0.3.4
• github.com/rs/xid v1.2.1 -> v1.3.0
• github.com/talos-systems/crypto 39584f1b6e54 -> 4f80b976b640
• github.com/talos-systems/go-blockdevice 1d830a25f64f -> 1292574643e0
• github.com/talos-systems/go-debug 3d0a6e1bf5e3 new
• github.com/talos-systems/go-kmsg v0.1.0 new
• github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
• github.com/talos-systems/go-smbios fb425d4727e6 -> d3a32bea731a
• github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-alpha.0-5-ga3a6650
• github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.50.0
• github.com/vmware/govmomi v0.24.0 -> v0.25.0
• go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0-beta.3
• go.etcd.io/etcd/client/pkg/v3 v3.5.0-beta.3 new
• go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0-beta.3
• go.etcd.io/etcd/etcdutl/v3 v3.5.0-beta.3 new
• go.uber.org/zap c23abee72d19 new
• golang.org/x/net e18ecbb05110 -> 0714010a04ed
• golang.org/x/sys 77cc2087c03b -> 0981d6026fa6
• golang.org/x/term 6a3ed077a48d -> a79de5458b56
• golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> f9ad6d392236
• google.golang.org/grpc v1.37.0 -> v1.38.0
• inet.af/netaddr 1d252cf8125e new
• k8s.io/api v0.21.0 -> v0.21.1
• k8s.io/apimachinery v0.21.0 -> v0.21.1
• k8s.io/apiserver v0.21.0 -> v0.21.1
• k8s.io/client-go v0.21.0 -> v0.21.1
• k8s.io/kubectl v0.21.0 -> v0.21.1
• k8s.io/kubelet v0.21.0 -> v0.21.1

Previous release can be found at v0.10.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.3.0
docker.io/coredns/coredns:1.8.0
gcr.io/etcd-development/etcd:v3.4.15
k8s.gcr.io/kube-apiserver:v1.21.1
k8s.gcr.io/kube-controller-manager:v1.21.1
k8s.gcr.io/kube-scheduler:v1.21.1
k8s.gcr.io/kube-proxy:v1.21.1
ghcr.io/talos-systems/kubelet:v1.21.1
ghcr.io/talos-systems/installer:v0.11.0-alpha.0
k8s.gcr.io/pause:3.2

Talos 0.10.3 (2021-05-20)

Welcome to the v0.10.3 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Disaster Recovery

• support for creating etcd snapshots (backups) with talosctl etcd snapshot command.
• etcd cluster can be recovered from a snapshot using talosctl boostrap --recover-from= command.

Install Disk Selector

Install section of the machine config now has diskSelector field that allows querying install disk using the list of qualifiers:

...
  install:
    diskSelector:
      size: >= 500GB
      model: WDC*
...

talosctl disks -n <node> -i can be used to check allowed disk qualifiers when the node is running in the maintenance mode.

Inline Kubernetes Manifests

• boostrap manifests can now be submitted in the configuration body using the cluster.inlineManifests field.

Optmizations

• Talos system services now run without container images on initramfs from the single executable; this change reduces RAM usage, initramfs size and boot time..

SBCs

• u-boot version was updated to fix the boot and USB issues on Raspberry Pi 4 8GiB version.
• added support for Rock Pi 4.

Time Synchronization

• timed service was replaced with a time sync controller, no machine configuration changes.
• Talos now prefers last successful time server (by IP address) on each sync attempt (improves sync accuracy).

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Spencer Smith
• Seán C McCord
• Andrew Rynhard
• Jorik Jonker
• Branden Cash
• Brandon McNama
• Brandon Nason
• Jorik Jonker
• Lennard Klein
• Matt Zahorik
• bzub

Changes

• 828772cec release(v0.10.3): prepare release
• 70ee15b79 fix: stop networkd and pods before leaving etcd on upgrade
• 1e9496b80 fix: properly populate AllowSchedulingOnMasters option in gen config RPC
• 166618b21 feat: update containerd to 1.4.6, runc to 1.0.0-rc95
• 8d73bc599 release(v0.10.2): prepare release
• 20ad263b4 feat: update Kubernetes to 1.21.1
• 4941356f4 feat: update go-smbios library
• 747903a10 fix: stop networkd before leaving etcd on 'reset' path
• 6fd98d95b fix: update the way NTP sync uses adjtimex syscall
• f1298f6e3 fix: avoid data race on CRI pod stop
• 994bdb5af feat: update containerd to 1.4.5, runc to 1.0.0-rc94
• d0a3d69d5 release(v0.10.1): prepare release
• 99de689d0 feat: pull kernel with VMware balloon module enabled
• 194baa3d6 fix: properly parse matcher expressions
• c613d3e22 fix: bump crypto library for the CSR verification fix
• 25fa7a191 chore: remove security API ReadFile/WriteFile
• e415c81ad feat: add --config-patch flag by node type
• 801808c54 fix: use both self-signed and Kubernetes CA to verify Kubelet cert
• 905336940 release(v0.10.0): prepare release
• 280b5940c fix: update osType in OVA other3xLinux64Guest"
• b338628dc fix: check if OVF env is empty
• 4e664ce17 chore: list specifically for enabled regions
• c07b5152a release(v0.10.0-beta.1): prepare release
• e1475256e test: implement talosctl conformance command to run e2e tests
• 564b45ba2 fix: update etcd client errors, print etcd join failures
• 9fde88cc4 feat: provide an option to recover etcd from data directory copy
• 54f243c46 feat: update kernel config for rpi to improve performance by 3x
• 8ed75c84a release(v0.10.0-beta.0): prepare release
• e69732ed5 feat: provide Talos machine config with field placeholders and docs
• f0970ea7f fix: zero out manifest contents before setting new value
• 8b8542e3b feat: add support for reading OVF data on VMWare
• 04dbafca7 feat: update Linux to 5.10.29
• 3dc7b8a8a chore: fix import path mismerge
• 2402f20c2 feat: implement inline manifests in the machine configuration
• e26c977d8 fix: check retryable network errors by interface
• 767f3b95e chore: apply coverage analysis to all packages
• 7b0ac4682 test: extend unit-tests for config contract parsing
• d24df8f84 chore: re-import talos-systems/os-runtime as cosi-project/runtime
• cae25909f chore: use Go 1.16 global install command
• d5e2a45db feat: validate the machine configuration in the installer container
• ef24fd6a0 chore: bump dependencies via dependabot
• 94520b03f docs: fixup typo in encryption guide command
• e3585f24b chore: update Linux to 5.10.28, u-boot to final 2021.04 release
• daf220874 test: update upgrade tests to 0.10 release
• 1fcf38f9d feat: add support for "none" CNI type
• 37a5edf04 feat: update Kubernetes to 1.21.0 release
• 30f687b41 fix: document HDMI problem on RPi 4
• 29da22d06 feat: add config validation warnings
• eee7ad13a release(v0.10.0-alpha.2): prepare release
• e0650218a feat: support etcd recovery from snapshot on bootstrap
• 247bd50e0 docs: describe steps to install and boot Talos from the SSD on rockpi4
• e6b4e524f test: update CAPA to 0.6.4
• 28753f6dc fix: trim endpoints/nodes from arguments in talosctl config
• aca63b882 docs: fix "DigitalOcean" spelling
• 33035901f fix: revert mark PMBR EFI partition as bootable
• fbfd1eb2b refactor: pull new version of os-runtime, update code
• 8737ea716 feat: allow external cloud provides configration
• 3909e2d01 chore: update Go to 1.16.3
• 690eb20e9 chore: update blockdevice library for PMBR bootable fix
• a8761b8e1 fix: require leader on etcd member operations
• 3dc84625c fix: make both HDMI ports work on RPi 4
• bd5ae1e0b fix: add a check for overlay mounts in installer pre-flight checks
• df8649cbe refactor: download modules before go generate
• 39ae0415e chore: bump dependencies via dependabot
• e16d6d346 fix: publish rockpi4 image to release artifacts
• 39c6dbcc7 feat: add --config-patch parameter to talosctl gen config
• e664362ce feat: add API and command to save etcd snapshot (backup)
• 61b694b94 fix: create rootfs for system services via /system tmpfs
• abc2e17eb test: update 0.9.x version in upgrade tests to 0.9.1
• a1e641540 fix: retry Kubernetes API errors on cordon/uncordon/etc
• 063d1abe9 fix: print task failure error immediately
• e039172ed fix: ignore EOF errors from Kubernetes API when converting control plane
• 7bcb91a43 docs: fix typo for stage flag
• a43acb215 feat: bring in Linux 5.10.27, support for 32-bit time syscalls
• e2bb5973d release(v0.10.0-alpha.1): prepare release
• 8309312a3 chore: build components with race detector enabled in dev mode
• 7d9125847 test: fix data race in apply config tests
• 204caf8eb test: fix apply-config integration test, bump clusterctl version
• d812099df fix: address several issues in TUI installer
• 269c9ad09 fix: don't write to config object on access
• a9451f571 feat: update Kubernetes to 1.21.0-beta.1
• 4b42ced4c feat: add ability to disable comments in talosctl gen config
• a0dcfc3d5 fix: workaround race in containerd runner with stdin pipe
• 2ea20f598 feat: replace timed with time sync controller
• c38a161ad test: add unit-test for machine config validation
• a6106815b chore: bump dependencies via dependabot
• 35598f391 chore: refactor: extract ClusterConfig
• 032851844 fix: get rid of data race in encoder and fix concurrent map access
• 4b3580aa5 fix: prevent panic in validate config if machine.install is missing
• d7e9f6d6a chore: build integration tests with -race
• 9f7d67ac7 chore: fix typo
• 672c97073 fix: allow convert-k8s --remove-initialized-keys with K8s cp is down
• fb605a0fc chore: tweak nolintlint settings
• 1f5a0c406 fix: resolve the issue with Kubernetes upgrade
• 74b2b5578 docs: update AWS docs to ensure instances are tagged
• dc21d9b4b chore: remove old file
• 966caf7a6 chore: remove unused module replace directives
• 98b22f1e0 feat: show short options in talosctl kubeconfig
• 51139d54d chore: cache go modules in the build
• 65701aa72 fix: resolve the issue with DHCP lease not being renewed
• 711f5b23b fix: config validation: CNI should apply to cp nodes, encryption config
• 5ff491d96 fix: allow empty list for CNI URLs
• 946e74f04 docs: update path for kernel downloads in qemu docs
• ed272e604 feat: update Kubernetes to 1.21.0-beta.0
• b0209fd29 refactor: move networkd, timed APIs to machined, remove routerd
• 6ffabe516 feat: add ability to find disk by disk properties
• ac8764702 refactor: move apid, routerd, timed and trustd to single executable
• 89a4b09fe refactor: run networkd as a goroutine in machined
• f4a6a19cd chore: update sonobuoy
• dc294db16 chore: bump dependencies via dependabot
• 2b1641a3b docs: add AMIs for Talos 0.9.0
• 79ceb428d docs: make v0.9 the default docs
• a5b62f4dc docs: add documentation for Talos 0.10
• ce795f1ce fix: command etcd remove-member shouldn't remove etcd data directory
• aab49a167 fix: repair zsh completion
• fc9c416a3 fix: build rockpi4 metal image as part of CI build
• 125b86f4e fix: upgrade-k8s bug with empty config values and provision script
• 8b2d228dc chore: add script for starting registry proxies
• f7d276b85 chore: remove old osctl reference
• 5b14d6f2b chore: fix make help output
• f0512dfce feat: update Kubernetes to 1.20.5
• 24cd0a206 feat: publish talosctl container image
• 6e17102c2 chore: remove unused code
• 881044074 docs: add control plane in-depth guide
• ecf034496 chore: bump Go to 1.16.2
• cbc38418d release(v0.10.0-alpha.0): prepare release
• 3455a8e81 chore: use new release tool for changelogs and release notes
• 08271ba93 chore: use Go 1.16 language version
• 7662d033b fix: talosctl health should not check kube-proxy when it is disabled
• 0dbaeb9e6 chore: update tools, use new generators
• e31790f6f fix: properly format spec comments in the resources
• 78d384ebb test: update aws cloud provider version
• 3c5bfbb47 fix: don't touch any partitions on upgrade with --preserve
• 891f90fee chore: update Linux to 5.10.23
• d4d77882e chore: update dependencies via dependabot
• 2e22f20bd docs: minor fixes to getting started
• ca8a5596c chore: fix provision tests after changes to build-container
• 4aae924c6 refactor: provide explicit logger for networkd
• 22f375300 chore: update golanci-lint to 1.38.0
• 83b4e7f74 feat: add Rock pi 4 support
• 1362966ff docs: rewrite getting-started for ISO
• 8e57fc4f5 fix: move containerd CRI config files under /var/
• 6f7df3da1 fix: update output of convert-k8s command
• dce6118c2 docs: add guide for VIP
• ee5d9ffac chore: bump Go to 1.16.1
• 7c529e1cb docs: fix links in the documentation
• f596c7f6b docs: add video for raspberry pi install
• 47324dcae docs: add guide on editing machine configuration
• 99d5f894e chore: update website npm dependencies
• 11056a803 docs: add highlights for 0.9 release
• ae8bedb9a docs: add control plane conversion guide and 0.9 upgrade notes
• ed9673e50 docs: add troubleshooting control plane documentation
• 485cb1262 docs: update Kubernetes upgrade guide

Changes since v0.10.2

• 828772cec release(v0.10.3): prepare release
• 70ee15b79 fix: stop networkd and pods before leaving etcd on upgrade
• 1e9496b80 fix: properly populate AllowSchedulingOnMasters option in gen config RPC
• 166618b21 feat: update containerd to 1.4.6, runc to 1.0.0-rc95

Changes from talos-systems/crypto

• 4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/extras

• d39dc41 chore: use 0.5.0 tagged images of pkgs and tools
• cf3934a feat: build with Go 1.16.3
• c0fa0c0 feat: bump Go to 1.16.2
• 5f89d77 feat: bump Go to 1.16.1

Changes from talos-systems/go-blockdevice

• 1d830a2 fix: revert mark the EFI partition in PMBR as bootable
• bec914f fix: mark the EFI partition in PMBR as bootable
• 776b37d feat: add options to probe disk by various sysblock parameters

Changes from talos-systems/go-smbios

• d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

• 2f9eccf feat: update containerd to 1.4.6
• d63b9ac feat: update runc to 1.0.0-rc95
• 80ebaa7 feat: update containerd to 1.4.5, runc to 1.0.0-rc94
• 6b85f48 feat: enable VMware baloon kernel module
• 5dd650b feat: add cpu scaling for rpi
• b636cac feat: update Linux to 5.10.29
• cd77b6e chore: update tools tag to v0.5.0
• 98964cb feat: update Linux to 5.10.28
• 009ef35 feat: update uboot to 2021.04 stable
• 9a6cf6b feat: build with Go 1.16.3
• 60ce626 feat: update Linux to 5.10.27, enable 32-bit time syscalls
• fdf4866 feat: bump tools for Go 1.16.2
• 35f9b6f feat: update kernel to 5.10.23
• dbae83e fix: do not use git-lfs for rockpi4 binaries
• 1c6b9a3 feat: bump tools for Go 1.16.1
• c18073f feat: add u-boot for Rock Pi 4
• 6b85a2b feat: upgrade u-boot to 2021.04-rc3

Changes from talos-systems/tools

• 1f26def feat: update Go to 1.16.3
• 41b8073 feat: bump protobuf-related tools
• f7bce92 chore: bump Go to 1.16.2
• bcf3380 feat: bump protobuf deps, add protoc-gen-go-grpc
• b49c40e feat: bump Go to 1.16.1

Dependency Changes

• github.com/containerd/containerd v1.4.4 -> v1.4.6
• github.com/coreos/go-semver v0.3.0 new
• github.com/cosi-project/runtime 10d6103c19ab new
• github.com/golang/protobuf v1.4.3 -> v1.5.2
• github.com/google/go-cmp v0.5.4 -> v0.5.5
• github.com/hashicorp/go-multierror v1.1.0 -> v1.1.1
• github.com/talos-systems/crypto 39584f1b6e54 -> 4f80b976b640
• github.com/talos-systems/extras v0.2.0-1-g0db3328 -> v0.3.0
• github.com/talos-systems/go-blockdevice bb3ad73f6983 -> 1d830a25f64f
• github.com/talos-systems/go-smbios fb425d4727e6 -> d3a32bea731a
• github.com/talos-systems/pkgs v0.4.1-2-gd471b60 -> v0.5.0-5-g2f9eccf
• github.com/talos-systems/tools v0.4.0-1-g3b25a7e -> v0.5.0
• github.com/vmware/govmomi v0.24.0 new
• go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0 new
• google.golang.org/grpc v1.36.0 -> v1.37.0
• google.golang.org/protobuf v1.25.0 -> v1.26.0
• k8s.io/api v0.20.5 -> v0.21.0
• k8s.io/apimachinery v0.20.5 -> v0.21.0
• k8s.io/apiserver v0.20.5 -> v0.21.0
• k8s.io/client-go v0.20.5 -> v0.21.0
• k8s.io/cri-api v0.20.5 -> v0.21.0
• k8s.io/kubectl v0.20.5 -> v0.21.0
• k8s.io/kubelet v0.20.5 -> v0.21.0

Previous release can be found at v0.9.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.3.0
docker.io/coredns/coredns:1.8.0
gcr.io/etcd-development/etcd:v3.4.15
k8s.gcr.io/kube-apiserver:v1.21.1
k8s.gcr.io/kube-controller-manager:v1.21.1
k8s.gcr.io/kube-scheduler:v1.21.1
k8s.gcr.io/kube-proxy:v1.21.1
ghcr.io/talos-systems/kubelet:v1.21.1
ghcr.io/talos-systems/installer:v0.10.3
k8s.gcr.io/pause:3.2

Talos 0.10.2 (2021-05-13)

Welcome to the v0.10.2 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Disaster Recovery

• support for creating etcd snapshots (backups) with talosctl etcd snapshot command.
• etcd cluster can be recovered from a snapshot using talosctl boostrap --recover-from= command.

Install Disk Selector

Install section of the machine config now has diskSelector field that allows querying install disk using the list of qualifiers:

...
  install:
    diskSelector:
      size: >= 500GB
      model: WDC*
...

talosctl disks -n <node> -i can be used to check allowed disk qualifiers when the node is running in the maintenance mode.

Inline Kubernetes Manifests

• boostrap manifests can now be submitted in the configuration body using the cluster.inlineManifests field.

Optmizations

• Talos system services now run without container images on initramfs from the single executable; this change reduces RAM usage, initramfs size and boot time..

SBCs

• u-boot version was updated to fix the boot and USB issues on Raspberry Pi 4 8GiB version.
• added support for Rock Pi 4.

Time Synchronization

• timed service was replaced with a time sync controller, no machine configuration changes.
• Talos now prefers last successful time server (by IP address) on each sync attempt (improves sync accuracy).

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Spencer Smith
• Seán C McCord
• Andrew Rynhard
• Jorik Jonker
• Branden Cash
• Brandon McNama
• Brandon Nason
• Jorik Jonker
• Lennard Klein
• Matt Zahorik
• bzub

Changes

• 8d73bc599 release(v0.10.2): prepare release
• 20ad263b4 feat: update Kubernetes to 1.21.1
• 4941356f4 feat: update go-smbios library
• 747903a10 fix: stop networkd before leaving etcd on 'reset' path
• 6fd98d95b fix: update the way NTP sync uses adjtimex syscall
• f1298f6e3 fix: avoid data race on CRI pod stop
• 994bdb5af feat: update containerd to 1.4.5, runc to 1.0.0-rc94
• d0a3d69d5 release(v0.10.1): prepare release
• 99de689d0 feat: pull kernel with VMware balloon module enabled
• 194baa3d6 fix: properly parse matcher expressions
• c613d3e22 fix: bump crypto library for the CSR verification fix
• 25fa7a191 chore: remove security API ReadFile/WriteFile
• e415c81ad feat: add --config-patch flag by node type
• 801808c54 fix: use both self-signed and Kubernetes CA to verify Kubelet cert
• 905336940 release(v0.10.0): prepare release
• 280b5940c fix: update osType in OVA other3xLinux64Guest"
• b338628dc fix: check if OVF env is empty
• 4e664ce17 chore: list specifically for enabled regions
• c07b5152a release(v0.10.0-beta.1): prepare release
• e1475256e test: implement talosctl conformance command to run e2e tests
• 564b45ba2 fix: update etcd client errors, print etcd join failures
• 9fde88cc4 feat: provide an option to recover etcd from data directory copy
• 54f243c46 feat: update kernel config for rpi to improve performance by 3x
• 8ed75c84a release(v0.10.0-beta.0): prepare release
• e69732ed5 feat: provide Talos machine config with field placeholders and docs
• f0970ea7f fix: zero out manifest contents before setting new value
• 8b8542e3b feat: add support for reading OVF data on VMWare
• 04dbafca7 feat: update Linux to 5.10.29
• 3dc7b8a8a chore: fix import path mismerge
• 2402f20c2 feat: implement inline manifests in the machine configuration
• e26c977d8 fix: check retryable network errors by interface
• 767f3b95e chore: apply coverage analysis to all packages
• 7b0ac4682 test: extend unit-tests for config contract parsing
• d24df8f84 chore: re-import talos-systems/os-runtime as cosi-project/runtime
• cae25909f chore: use Go 1.16 global install command
• d5e2a45db feat: validate the machine configuration in the installer container
• ef24fd6a0 chore: bump dependencies via dependabot
• 94520b03f docs: fixup typo in encryption guide command
• e3585f24b chore: update Linux to 5.10.28, u-boot to final 2021.04 release
• daf220874 test: update upgrade tests to 0.10 release
• 1fcf38f9d feat: add support for "none" CNI type
• 37a5edf04 feat: update Kubernetes to 1.21.0 release
• 30f687b41 fix: document HDMI problem on RPi 4
• 29da22d06 feat: add config validation warnings
• eee7ad13a release(v0.10.0-alpha.2): prepare release
• e0650218a feat: support etcd recovery from snapshot on bootstrap
• 247bd50e0 docs: describe steps to install and boot Talos from the SSD on rockpi4
• e6b4e524f test: update CAPA to 0.6.4
• 28753f6dc fix: trim endpoints/nodes from arguments in talosctl config
• aca63b882 docs: fix "DigitalOcean" spelling
• 33035901f fix: revert mark PMBR EFI partition as bootable
• fbfd1eb2b refactor: pull new version of os-runtime, update code
• 8737ea716 feat: allow external cloud provides configration
• 3909e2d01 chore: update Go to 1.16.3
• 690eb20e9 chore: update blockdevice library for PMBR bootable fix
• a8761b8e1 fix: require leader on etcd member operations
• 3dc84625c fix: make both HDMI ports work on RPi 4
• bd5ae1e0b fix: add a check for overlay mounts in installer pre-flight checks
• df8649cbe refactor: download modules before go generate
• 39ae0415e chore: bump dependencies via dependabot
• e16d6d346 fix: publish rockpi4 image to release artifacts
• 39c6dbcc7 feat: add --config-patch parameter to talosctl gen config
• e664362ce feat: add API and command to save etcd snapshot (backup)
• 61b694b94 fix: create rootfs for system services via /system tmpfs
• abc2e17eb test: update 0.9.x version in upgrade tests to 0.9.1
• a1e641540 fix: retry Kubernetes API errors on cordon/uncordon/etc
• 063d1abe9 fix: print task failure error immediately
• e039172ed fix: ignore EOF errors from Kubernetes API when converting control plane
• 7bcb91a43 docs: fix typo for stage flag
• a43acb215 feat: bring in Linux 5.10.27, support for 32-bit time syscalls
• e2bb5973d release(v0.10.0-alpha.1): prepare release
• 8309312a3 chore: build components with race detector enabled in dev mode
• 7d9125847 test: fix data race in apply config tests
• 204caf8eb test: fix apply-config integration test, bump clusterctl version
• d812099df fix: address several issues in TUI installer
• 269c9ad09 fix: don't write to config object on access
• a9451f571 feat: update Kubernetes to 1.21.0-beta.1
• 4b42ced4c feat: add ability to disable comments in talosctl gen config
• a0dcfc3d5 fix: workaround race in containerd runner with stdin pipe
• 2ea20f598 feat: replace timed with time sync controller
• c38a161ad test: add unit-test for machine config validation
• a6106815b chore: bump dependencies via dependabot
• 35598f391 chore: refactor: extract ClusterConfig
• 032851844 fix: get rid of data race in encoder and fix concurrent map access
• 4b3580aa5 fix: prevent panic in validate config if machine.install is missing
• d7e9f6d6a chore: build integration tests with -race
• 9f7d67ac7 chore: fix typo
• 672c97073 fix: allow convert-k8s --remove-initialized-keys with K8s cp is down
• fb605a0fc chore: tweak nolintlint settings
• 1f5a0c406 fix: resolve the issue with Kubernetes upgrade
• 74b2b5578 docs: update AWS docs to ensure instances are tagged
• dc21d9b4b chore: remove old file
• 966caf7a6 chore: remove unused module replace directives
• 98b22f1e0 feat: show short options in talosctl kubeconfig
• 51139d54d chore: cache go modules in the build
• 65701aa72 fix: resolve the issue with DHCP lease not being renewed
• 711f5b23b fix: config validation: CNI should apply to cp nodes, encryption config
• 5ff491d96 fix: allow empty list for CNI URLs
• 946e74f04 docs: update path for kernel downloads in qemu docs
• ed272e604 feat: update Kubernetes to 1.21.0-beta.0
• b0209fd29 refactor: move networkd, timed APIs to machined, remove routerd
• 6ffabe516 feat: add ability to find disk by disk properties
• ac8764702 refactor: move apid, routerd, timed and trustd to single executable
• 89a4b09fe refactor: run networkd as a goroutine in machined
• f4a6a19cd chore: update sonobuoy
• dc294db16 chore: bump dependencies via dependabot
• 2b1641a3b docs: add AMIs for Talos 0.9.0
• 79ceb428d docs: make v0.9 the default docs
• a5b62f4dc docs: add documentation for Talos 0.10
• ce795f1ce fix: command etcd remove-member shouldn't remove etcd data directory
• aab49a167 fix: repair zsh completion
• fc9c416a3 fix: build rockpi4 metal image as part of CI build
• 125b86f4e fix: upgrade-k8s bug with empty config values and provision script
• 8b2d228dc chore: add script for starting registry proxies
• f7d276b85 chore: remove old osctl reference
• 5b14d6f2b chore: fix make help output
• f0512dfce feat: update Kubernetes to 1.20.5
• 24cd0a206 feat: publish talosctl container image
• 6e17102c2 chore: remove unused code
• 881044074 docs: add control plane in-depth guide
• ecf034496 chore: bump Go to 1.16.2
• cbc38418d release(v0.10.0-alpha.0): prepare release
• 3455a8e81 chore: use new release tool for changelogs and release notes
• 08271ba93 chore: use Go 1.16 language version
• 7662d033b fix: talosctl health should not check kube-proxy when it is disabled
• 0dbaeb9e6 chore: update tools, use new generators
• e31790f6f fix: properly format spec comments in the resources
• 78d384ebb test: update aws cloud provider version
• 3c5bfbb47 fix: don't touch any partitions on upgrade with --preserve
• 891f90fee chore: update Linux to 5.10.23
• d4d77882e chore: update dependencies via dependabot
• 2e22f20bd docs: minor fixes to getting started
• ca8a5596c chore: fix provision tests after changes to build-container
• 4aae924c6 refactor: provide explicit logger for networkd
• 22f375300 chore: update golanci-lint to 1.38.0
• 83b4e7f74 feat: add Rock pi 4 support
• 1362966ff docs: rewrite getting-started for ISO
• 8e57fc4f5 fix: move containerd CRI config files under /var/
• 6f7df3da1 fix: update output of convert-k8s command
• dce6118c2 docs: add guide for VIP
• ee5d9ffac chore: bump Go to 1.16.1
• 7c529e1cb docs: fix links in the documentation
• f596c7f6b docs: add video for raspberry pi install
• 47324dcae docs: add guide on editing machine configuration
• 99d5f894e chore: update website npm dependencies
• 11056a803 docs: add highlights for 0.9 release
• ae8bedb9a docs: add control plane conversion guide and 0.9 upgrade notes
• ed9673e50 docs: add troubleshooting control plane documentation
• 485cb1262 docs: update Kubernetes upgrade guide

Changes since v0.10.1

• 8d73bc599 release(v0.10.2): prepare release
• 20ad263b4 feat: update Kubernetes to 1.21.1
• 4941356f4 feat: update go-smbios library
• 747903a10 fix: stop networkd before leaving etcd on 'reset' path
• 6fd98d95b fix: update the way NTP sync uses adjtimex syscall
• f1298f6e3 fix: avoid data race on CRI pod stop
• 994bdb5af feat: update containerd to 1.4.5, runc to 1.0.0-rc94

Changes from talos-systems/crypto

• 4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/extras

• d39dc41 chore: use 0.5.0 tagged images of pkgs and tools
• cf3934a feat: build with Go 1.16.3
• c0fa0c0 feat: bump Go to 1.16.2
• 5f89d77 feat: bump Go to 1.16.1

Changes from talos-systems/go-blockdevice

• 1d830a2 fix: revert mark the EFI partition in PMBR as bootable
• bec914f fix: mark the EFI partition in PMBR as bootable
• 776b37d feat: add options to probe disk by various sysblock parameters

Changes from talos-systems/go-smbios

• d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

• 80ebaa7 feat: update containerd to 1.4.5, runc to 1.0.0-rc94
• 6b85f48 feat: enable VMware baloon kernel module
• 5dd650b feat: add cpu scaling for rpi
• b636cac feat: update Linux to 5.10.29
• cd77b6e chore: update tools tag to v0.5.0
• 98964cb feat: update Linux to 5.10.28
• 009ef35 feat: update uboot to 2021.04 stable
• 9a6cf6b feat: build with Go 1.16.3
• 60ce626 feat: update Linux to 5.10.27, enable 32-bit time syscalls
• fdf4866 feat: bump tools for Go 1.16.2
• 35f9b6f feat: update kernel to 5.10.23
• dbae83e fix: do not use git-lfs for rockpi4 binaries
• 1c6b9a3 feat: bump tools for Go 1.16.1
• c18073f feat: add u-boot for Rock Pi 4
• 6b85a2b feat: upgrade u-boot to 2021.04-rc3

Changes from talos-systems/tools

• 1f26def feat: update Go to 1.16.3
• 41b8073 feat: bump protobuf-related tools
• f7bce92 chore: bump Go to 1.16.2
• bcf3380 feat: bump protobuf deps, add protoc-gen-go-grpc
• b49c40e feat: bump Go to 1.16.1

Dependency Changes

• github.com/containerd/containerd v1.4.4 -> v1.4.5
• github.com/coreos/go-semver v0.3.0 new
• github.com/cosi-project/runtime 10d6103c19ab new
• github.com/golang/protobuf v1.4.3 -> v1.5.2
• github.com/google/go-cmp v0.5.4 -> v0.5.5
• github.com/hashicorp/go-multierror v1.1.0 -> v1.1.1
• github.com/talos-systems/crypto 39584f1b6e54 -> 4f80b976b640
• github.com/talos-systems/extras v0.2.0-1-g0db3328 -> v0.3.0
• github.com/talos-systems/go-blockdevice bb3ad73f6983 -> 1d830a25f64f
• github.com/talos-systems/go-smbios fb425d4727e6 -> d3a32bea731a
• github.com/talos-systems/pkgs v0.4.1-2-gd471b60 -> v0.5.0-3-g80ebaa7
• github.com/talos-systems/tools v0.4.0-1-g3b25a7e -> v0.5.0
• github.com/vmware/govmomi v0.24.0 new
• go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0 new
• google.golang.org/grpc v1.36.0 -> v1.37.0
• google.golang.org/protobuf v1.25.0 -> v1.26.0
• k8s.io/api v0.20.5 -> v0.21.0
• k8s.io/apimachinery v0.20.5 -> v0.21.0
• k8s.io/apiserver v0.20.5 -> v0.21.0
• k8s.io/client-go v0.20.5 -> v0.21.0
• k8s.io/cri-api v0.20.5 -> v0.21.0
• k8s.io/kubectl v0.20.5 -> v0.21.0
• k8s.io/kubelet v0.20.5 -> v0.21.0

Previous release can be found at v0.9.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.3.0
docker.io/coredns/coredns:1.8.0
gcr.io/etcd-development/etcd:v3.4.15
k8s.gcr.io/kube-apiserver:v1.21.1
k8s.gcr.io/kube-controller-manager:v1.21.1
k8s.gcr.io/kube-scheduler:v1.21.1
k8s.gcr.io/kube-proxy:v1.21.1
ghcr.io/talos-systems/kubelet:v1.21.1
ghcr.io/talos-systems/installer:v0.10.2
k8s.gcr.io/pause:3.2

Talos 0.10.1 (2021-05-06)

Welcome to the v0.10.1 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Disaster Recovery

• support for creating etcd snapshots (backups) with talosctl etcd snapshot command.
• etcd cluster can be recovered from a snapshot using talosctl boostrap --recover-from= command.

Install Disk Selector

Install section of the machine config now has diskSelector field that allows querying install disk using the list of qualifiers:

...
  install:
    diskSelector:
      size: >= 500GB
      model: WDC*
...

talosctl disks -n <node> -i can be used to check allowed disk qualifiers when the node is running in the maintenance mode.

Inline Kubernetes Manifests

• boostrap manifests can now be submitted in the configuration body using the cluster.inlineManifests field.

Optmizations

• Talos system services now run without container images on initramfs from the single executable; this change reduces RAM usage, initramfs size and boot time..

SBCs

• u-boot version was updated to fix the boot and USB issues on Raspberry Pi 4 8GiB version.
• added support for Rock Pi 4.

Time Synchronization

• timed service was replaced with a time sync controller, no machine configuration changes.
• Talos now prefers last successful time server (by IP address) on each sync attempt (improves sync accuracy).

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Spencer Smith
• Seán C McCord
• Andrew Rynhard
• Jorik Jonker
• Branden Cash
• Brandon McNama
• Jorik Jonker
• Lennard Klein
• Matt Zahorik
• bzub

Changes

• d0a3d69d5 release(v0.10.1): prepare release
• 99de689d0 feat: pull kernel with VMware balloon module enabled
• 194baa3d6 fix: properly parse matcher expressions
• c613d3e22 fix: bump crypto library for the CSR verification fix
• 25fa7a191 chore: remove security API ReadFile/WriteFile
• e415c81ad feat: add --config-patch flag by node type
• 801808c54 fix: use both self-signed and Kubernetes CA to verify Kubelet cert
• 905336940 release(v0.10.0): prepare release
• 280b5940c fix: update osType in OVA other3xLinux64Guest"
• b338628dc fix: check if OVF env is empty
• 4e664ce17 chore: list specifically for enabled regions
• c07b5152a release(v0.10.0-beta.1): prepare release
• e1475256e test: implement talosctl conformance command to run e2e tests
• 564b45ba2 fix: update etcd client errors, print etcd join failures
• 9fde88cc4 feat: provide an option to recover etcd from data directory copy
• 54f243c46 feat: update kernel config for rpi to improve performance by 3x
• 8ed75c84a release(v0.10.0-beta.0): prepare release
• e69732ed5 feat: provide Talos machine config with field placeholders and docs
• f0970ea7f fix: zero out manifest contents before setting new value
• 8b8542e3b feat: add support for reading OVF data on VMWare
• 04dbafca7 feat: update Linux to 5.10.29
• 3dc7b8a8a chore: fix import path mismerge
• 2402f20c2 feat: implement inline manifests in the machine configuration
• e26c977d8 fix: check retryable network errors by interface
• 767f3b95e chore: apply coverage analysis to all packages
• 7b0ac4682 test: extend unit-tests for config contract parsing
• d24df8f84 chore: re-import talos-systems/os-runtime as cosi-project/runtime
• cae25909f chore: use Go 1.16 global install command
• d5e2a45db feat: validate the machine configuration in the installer container
• ef24fd6a0 chore: bump dependencies via dependabot
• 94520b03f docs: fixup typo in encryption guide command
• e3585f24b chore: update Linux to 5.10.28, u-boot to final 2021.04 release
• daf220874 test: update upgrade tests to 0.10 release
• 1fcf38f9d feat: add support for "none" CNI type
• 37a5edf04 feat: update Kubernetes to 1.21.0 release
• 30f687b41 fix: document HDMI problem on RPi 4
• 29da22d06 feat: add config validation warnings
• eee7ad13a release(v0.10.0-alpha.2): prepare release
• e0650218a feat: support etcd recovery from snapshot on bootstrap
• 247bd50e0 docs: describe steps to install and boot Talos from the SSD on rockpi4
• e6b4e524f test: update CAPA to 0.6.4
• 28753f6dc fix: trim endpoints/nodes from arguments in talosctl config
• aca63b882 docs: fix "DigitalOcean" spelling
• 33035901f fix: revert mark PMBR EFI partition as bootable
• fbfd1eb2b refactor: pull new version of os-runtime, update code
• 8737ea716 feat: allow external cloud provides configration
• 3909e2d01 chore: update Go to 1.16.3
• 690eb20e9 chore: update blockdevice library for PMBR bootable fix
• a8761b8e1 fix: require leader on etcd member operations
• 3dc84625c fix: make both HDMI ports work on RPi 4
• bd5ae1e0b fix: add a check for overlay mounts in installer pre-flight checks
• df8649cbe refactor: download modules before go generate
• 39ae0415e chore: bump dependencies via dependabot
• e16d6d346 fix: publish rockpi4 image to release artifacts
• 39c6dbcc7 feat: add --config-patch parameter to talosctl gen config
• e664362ce feat: add API and command to save etcd snapshot (backup)
• 61b694b94 fix: create rootfs for system services via /system tmpfs
• abc2e17eb test: update 0.9.x version in upgrade tests to 0.9.1
• a1e641540 fix: retry Kubernetes API errors on cordon/uncordon/etc
• 063d1abe9 fix: print task failure error immediately
• e039172ed fix: ignore EOF errors from Kubernetes API when converting control plane
• 7bcb91a43 docs: fix typo for stage flag
• a43acb215 feat: bring in Linux 5.10.27, support for 32-bit time syscalls
• e2bb5973d release(v0.10.0-alpha.1): prepare release
• 8309312a3 chore: build components with race detector enabled in dev mode
• 7d9125847 test: fix data race in apply config tests
• 204caf8eb test: fix apply-config integration test, bump clusterctl version
• d812099df fix: address several issues in TUI installer
• 269c9ad09 fix: don't write to config object on access
• a9451f571 feat: update Kubernetes to 1.21.0-beta.1
• 4b42ced4c feat: add ability to disable comments in talosctl gen config
• a0dcfc3d5 fix: workaround race in containerd runner with stdin pipe
• 2ea20f598 feat: replace timed with time sync controller
• c38a161ad test: add unit-test for machine config validation
• a6106815b chore: bump dependencies via dependabot
• 35598f391 chore: refactor: extract ClusterConfig
• 032851844 fix: get rid of data race in encoder and fix concurrent map access
• 4b3580aa5 fix: prevent panic in validate config if machine.install is missing
• d7e9f6d6a chore: build integration tests with -race
• 9f7d67ac7 chore: fix typo
• 672c97073 fix: allow convert-k8s --remove-initialized-keys with K8s cp is down
• fb605a0fc chore: tweak nolintlint settings
• 1f5a0c406 fix: resolve the issue with Kubernetes upgrade
• 74b2b5578 docs: update AWS docs to ensure instances are tagged
• dc21d9b4b chore: remove old file
• 966caf7a6 chore: remove unused module replace directives
• 98b22f1e0 feat: show short options in talosctl kubeconfig
• 51139d54d chore: cache go modules in the build
• 65701aa72 fix: resolve the issue with DHCP lease not being renewed
• 711f5b23b fix: config validation: CNI should apply to cp nodes, encryption config
• 5ff491d96 fix: allow empty list for CNI URLs
• 946e74f04 docs: update path for kernel downloads in qemu docs
• ed272e604 feat: update Kubernetes to 1.21.0-beta.0
• b0209fd29 refactor: move networkd, timed APIs to machined, remove routerd
• 6ffabe516 feat: add ability to find disk by disk properties
• ac8764702 refactor: move apid, routerd, timed and trustd to single executable
• 89a4b09fe refactor: run networkd as a goroutine in machined
• f4a6a19cd chore: update sonobuoy
• dc294db16 chore: bump dependencies via dependabot
• 2b1641a3b docs: add AMIs for Talos 0.9.0
• 79ceb428d docs: make v0.9 the default docs
• a5b62f4dc docs: add documentation for Talos 0.10
• ce795f1ce fix: command etcd remove-member shouldn't remove etcd data directory
• aab49a167 fix: repair zsh completion
• fc9c416a3 fix: build rockpi4 metal image as part of CI build
• 125b86f4e fix: upgrade-k8s bug with empty config values and provision script
• 8b2d228dc chore: add script for starting registry proxies
• f7d276b85 chore: remove old osctl reference
• 5b14d6f2b chore: fix make help output
• f0512dfce feat: update Kubernetes to 1.20.5
• 24cd0a206 feat: publish talosctl container image
• 6e17102c2 chore: remove unused code
• 881044074 docs: add control plane in-depth guide
• ecf034496 chore: bump Go to 1.16.2
• cbc38418d release(v0.10.0-alpha.0): prepare release
• 3455a8e81 chore: use new release tool for changelogs and release notes
• 08271ba93 chore: use Go 1.16 language version
• 7662d033b fix: talosctl health should not check kube-proxy when it is disabled
• 0dbaeb9e6 chore: update tools, use new generators
• e31790f6f fix: properly format spec comments in the resources
• 78d384ebb test: update aws cloud provider version
• 3c5bfbb47 fix: don't touch any partitions on upgrade with --preserve
• 891f90fee chore: update Linux to 5.10.23
• d4d77882e chore: update dependencies via dependabot
• 2e22f20bd docs: minor fixes to getting started
• ca8a5596c chore: fix provision tests after changes to build-container
• 4aae924c6 refactor: provide explicit logger for networkd
• 22f375300 chore: update golanci-lint to 1.38.0
• 83b4e7f74 feat: add Rock pi 4 support
• 1362966ff docs: rewrite getting-started for ISO
• 8e57fc4f5 fix: move containerd CRI config files under /var/
• 6f7df3da1 fix: update output of convert-k8s command
• dce6118c2 docs: add guide for VIP
• ee5d9ffac chore: bump Go to 1.16.1
• 7c529e1cb docs: fix links in the documentation
• f596c7f6b docs: add video for raspberry pi install
• 47324dcae docs: add guide on editing machine configuration
• 99d5f894e chore: update website npm dependencies
• 11056a803 docs: add highlights for 0.9 release
• ae8bedb9a docs: add control plane conversion guide and 0.9 upgrade notes
• ed9673e50 docs: add troubleshooting control plane documentation
• 485cb1262 docs: update Kubernetes upgrade guide

Changes since v0.10.0

• d0a3d69d5 release(v0.10.1): prepare release
• 99de689d0 feat: pull kernel with VMware balloon module enabled
• 194baa3d6 fix: properly parse matcher expressions
• c613d3e22 fix: bump crypto library for the CSR verification fix
• 25fa7a191 chore: remove security API ReadFile/WriteFile
• e415c81ad feat: add --config-patch flag by node type
• 801808c54 fix: use both self-signed and Kubernetes CA to verify Kubelet cert

Changes from talos-systems/crypto

• 4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/extras

• d39dc41 chore: use 0.5.0 tagged images of pkgs and tools
• cf3934a feat: build with Go 1.16.3
• c0fa0c0 feat: bump Go to 1.16.2
• 5f89d77 feat: bump Go to 1.16.1

Changes from talos-systems/go-blockdevice

• 1d830a2 fix: revert mark the EFI partition in PMBR as bootable
• bec914f fix: mark the EFI partition in PMBR as bootable
• 776b37d feat: add options to probe disk by various sysblock parameters

Changes from talos-systems/pkgs

• 6b85f48 feat: enable VMware baloon kernel module
• 5dd650b feat: add cpu scaling for rpi
• b636cac feat: update Linux to 5.10.29
• cd77b6e chore: update tools tag to v0.5.0
• 98964cb feat: update Linux to 5.10.28
• 009ef35 feat: update uboot to 2021.04 stable
• 9a6cf6b feat: build with Go 1.16.3
• 60ce626 feat: update Linux to 5.10.27, enable 32-bit time syscalls
• fdf4866 feat: bump tools for Go 1.16.2
• 35f9b6f feat: update kernel to 5.10.23
• dbae83e fix: do not use git-lfs for rockpi4 binaries
• 1c6b9a3 feat: bump tools for Go 1.16.1
• c18073f feat: add u-boot for Rock Pi 4
• 6b85a2b feat: upgrade u-boot to 2021.04-rc3

Changes from talos-systems/tools

• 1f26def feat: update Go to 1.16.3
• 41b8073 feat: bump protobuf-related tools
• f7bce92 chore: bump Go to 1.16.2
• bcf3380 feat: bump protobuf deps, add protoc-gen-go-grpc
• b49c40e feat: bump Go to 1.16.1

Dependency Changes

• github.com/coreos/go-semver v0.3.0 new
• github.com/cosi-project/runtime 10d6103c19ab new
• github.com/golang/protobuf v1.4.3 -> v1.5.2
• github.com/google/go-cmp v0.5.4 -> v0.5.5
• github.com/hashicorp/go-multierror v1.1.0 -> v1.1.1
• github.com/talos-systems/crypto 39584f1b6e54 -> 4f80b976b640
• github.com/talos-systems/extras v0.2.0-1-g0db3328 -> v0.3.0
• github.com/talos-systems/go-blockdevice bb3ad73f6983 -> 1d830a25f64f
• github.com/talos-systems/pkgs v0.4.1-2-gd471b60 -> v0.5.0-2-g6b85f48
• github.com/talos-systems/tools v0.4.0-1-g3b25a7e -> v0.5.0
• github.com/vmware/govmomi v0.24.0 new
• go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0 new
• google.golang.org/grpc v1.36.0 -> v1.37.0
• google.golang.org/protobuf v1.25.0 -> v1.26.0
• k8s.io/api v0.20.5 -> v0.21.0
• k8s.io/apimachinery v0.20.5 -> v0.21.0
• k8s.io/apiserver v0.20.5 -> v0.21.0
• k8s.io/client-go v0.20.5 -> v0.21.0
• k8s.io/cri-api v0.20.5 -> v0.21.0
• k8s.io/kubectl v0.20.5 -> v0.21.0
• k8s.io/kubelet v0.20.5 -> v0.21.0

Previous release can be found at v0.9.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.3.0
docker.io/coredns/coredns:1.8.0
gcr.io/etcd-development/etcd:v3.4.15
k8s.gcr.io/kube-apiserver:v1.21.0
k8s.gcr.io/kube-controller-manager:v1.21.0
k8s.gcr.io/kube-scheduler:v1.21.0
k8s.gcr.io/kube-proxy:v1.21.0
ghcr.io/talos-systems/kubelet:v1.21.0
ghcr.io/talos-systems/installer:v0.10.1
k8s.gcr.io/pause:3.2

Talos 0.10.0 (2021-04-26)

Welcome to the v0.10.0 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Disaster Recovery

• support for creating etcd snapshots (backups) with talosctl etcd snapshot command.
• etcd cluster can be recovered from a snapshot using talosctl boostrap --recover-from= command.

Install Disk Selector

Install section of the machine config now has diskSelector field that allows querying install disk using the list of qualifiers:

...
  install:
    diskSelector:
      size: >= 500GB
      model: WDC*
...

talosctl disks -n <node> -i can be used to check allowed disk qualifiers when the node is running in the maintenance mode.

Inline Kubernetes Manifests

• boostrap manifests can now be submitted in the configuration body using the cluster.inlineManifests field.

Optmizations

• Talos system services now run without container images on initramfs from the single executable; this change reduces RAM usage, initramfs size and boot time..

SBCs

• u-boot version was updated to fix the boot and USB issues on Raspberry Pi 4 8GiB version.
• added support for Rock Pi 4.

Time Synchronization

• timed service was replaced with a time sync controller, no machine configuration changes.
• Talos now prefers last successful time server (by IP address) on each sync attempt (improves sync accuracy).

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Spencer Smith
• Seán C McCord
• Andrew Rynhard
• Jorik Jonker
• Branden Cash
• Brandon McNama
• Jorik Jonker
• Lennard Klein
• Matt Zahorik
• bzub

Changes

• 905336940 release(v0.10.0): prepare release
• 280b5940c fix: update osType in OVA other3xLinux64Guest"
• b338628dc fix: check if OVF env is empty
• 4e664ce17 chore: list specifically for enabled regions
• c07b5152a release(v0.10.0-beta.1): prepare release
• e1475256e test: implement talosctl conformance command to run e2e tests
• 564b45ba2 fix: update etcd client errors, print etcd join failures
• 9fde88cc4 feat: provide an option to recover etcd from data directory copy
• 54f243c46 feat: update kernel config for rpi to improve performance by 3x
• 8ed75c84a release(v0.10.0-beta.0): prepare release
• e69732ed5 feat: provide Talos machine config with field placeholders and docs
• f0970ea7f fix: zero out manifest contents before setting new value
• 8b8542e3b feat: add support for reading OVF data on VMWare
• 04dbafca7 feat: update Linux to 5.10.29
• 3dc7b8a8a chore: fix import path mismerge
• 2402f20c2 feat: implement inline manifests in the machine configuration
• e26c977d8 fix: check retryable network errors by interface
• 767f3b95e chore: apply coverage analysis to all packages
• 7b0ac4682 test: extend unit-tests for config contract parsing
• d24df8f84 chore: re-import talos-systems/os-runtime as cosi-project/runtime
• cae25909f chore: use Go 1.16 global install command
• d5e2a45db feat: validate the machine configuration in the installer container
• ef24fd6a0 chore: bump dependencies via dependabot
• 94520b03f docs: fixup typo in encryption guide command
• e3585f24b chore: update Linux to 5.10.28, u-boot to final 2021.04 release
• daf220874 test: update upgrade tests to 0.10 release
• 1fcf38f9d feat: add support for "none" CNI type
• 37a5edf04 feat: update Kubernetes to 1.21.0 release
• 30f687b41 fix: document HDMI problem on RPi 4
• 29da22d06 feat: add config validation warnings
• eee7ad13a release(v0.10.0-alpha.2): prepare release
• e0650218a feat: support etcd recovery from snapshot on bootstrap
• 247bd50e0 docs: describe steps to install and boot Talos from the SSD on rockpi4
• e6b4e524f test: update CAPA to 0.6.4
• 28753f6dc fix: trim endpoints/nodes from arguments in talosctl config
• aca63b882 docs: fix "DigitalOcean" spelling
• 33035901f fix: revert mark PMBR EFI partition as bootable
• fbfd1eb2b refactor: pull new version of os-runtime, update code
• 8737ea716 feat: allow external cloud provides configration
• 3909e2d01 chore: update Go to 1.16.3
• 690eb20e9 chore: update blockdevice library for PMBR bootable fix
• a8761b8e1 fix: require leader on etcd member operations
• 3dc84625c fix: make both HDMI ports work on RPi 4
• bd5ae1e0b fix: add a check for overlay mounts in installer pre-flight checks
• df8649cbe refactor: download modules before go generate
• 39ae0415e chore: bump dependencies via dependabot
• e16d6d346 fix: publish rockpi4 image to release artifacts
• 39c6dbcc7 feat: add --config-patch parameter to talosctl gen config
• e664362ce feat: add API and command to save etcd snapshot (backup)
• 61b694b94 fix: create rootfs for system services via /system tmpfs
• abc2e17eb test: update 0.9.x version in upgrade tests to 0.9.1
• a1e641540 fix: retry Kubernetes API errors on cordon/uncordon/etc
• 063d1abe9 fix: print task failure error immediately
• e039172ed fix: ignore EOF errors from Kubernetes API when converting control plane
• 7bcb91a43 docs: fix typo for stage flag
• a43acb215 feat: bring in Linux 5.10.27, support for 32-bit time syscalls
• e2bb5973d release(v0.10.0-alpha.1): prepare release
• 8309312a3 chore: build components with race detector enabled in dev mode
• 7d9125847 test: fix data race in apply config tests
• 204caf8eb test: fix apply-config integration test, bump clusterctl version
• d812099df fix: address several issues in TUI installer
• 269c9ad09 fix: don't write to config object on access
• a9451f571 feat: update Kubernetes to 1.21.0-beta.1
• 4b42ced4c feat: add ability to disable comments in talosctl gen config
• a0dcfc3d5 fix: workaround race in containerd runner with stdin pipe
• 2ea20f598 feat: replace timed with time sync controller
• c38a161ad test: add unit-test for machine config validation
• a6106815b chore: bump dependencies via dependabot
• 35598f391 chore: refactor: extract ClusterConfig
• 032851844 fix: get rid of data race in encoder and fix concurrent map access
• 4b3580aa5 fix: prevent panic in validate config if machine.install is missing
• d7e9f6d6a chore: build integration tests with -race
• 9f7d67ac7 chore: fix typo
• 672c97073 fix: allow convert-k8s --remove-initialized-keys with K8s cp is down
• fb605a0fc chore: tweak nolintlint settings
• 1f5a0c406 fix: resolve the issue with Kubernetes upgrade
• 74b2b5578 docs: update AWS docs to ensure instances are tagged
• dc21d9b4b chore: remove old file
• 966caf7a6 chore: remove unused module replace directives
• 98b22f1e0 feat: show short options in talosctl kubeconfig
• 51139d54d chore: cache go modules in the build
• 65701aa72 fix: resolve the issue with DHCP lease not being renewed
• 711f5b23b fix: config validation: CNI should apply to cp nodes, encryption config
• 5ff491d96 fix: allow empty list for CNI URLs
• 946e74f04 docs: update path for kernel downloads in qemu docs
• ed272e604 feat: update Kubernetes to 1.21.0-beta.0
• b0209fd29 refactor: move networkd, timed APIs to machined, remove routerd
• 6ffabe516 feat: add ability to find disk by disk properties
• ac8764702 refactor: move apid, routerd, timed and trustd to single executable
• 89a4b09fe refactor: run networkd as a goroutine in machined
• f4a6a19cd chore: update sonobuoy
• dc294db16 chore: bump dependencies via dependabot
• 2b1641a3b docs: add AMIs for Talos 0.9.0
• 79ceb428d docs: make v0.9 the default docs
• a5b62f4dc docs: add documentation for Talos 0.10
• ce795f1ce fix: command etcd remove-member shouldn't remove etcd data directory
• aab49a167 fix: repair zsh completion
• fc9c416a3 fix: build rockpi4 metal image as part of CI build
• 125b86f4e fix: upgrade-k8s bug with empty config values and provision script
• 8b2d228dc chore: add script for starting registry proxies
• f7d276b85 chore: remove old osctl reference
• 5b14d6f2b chore: fix make help output
• f0512dfce feat: update Kubernetes to 1.20.5
• 24cd0a206 feat: publish talosctl container image
• 6e17102c2 chore: remove unused code
• 881044074 docs: add control plane in-depth guide
• ecf034496 chore: bump Go to 1.16.2
• cbc38418d release(v0.10.0-alpha.0): prepare release
• 3455a8e81 chore: use new release tool for changelogs and release notes
• 08271ba93 chore: use Go 1.16 language version
• 7662d033b fix: talosctl health should not check kube-proxy when it is disabled
• 0dbaeb9e6 chore: update tools, use new generators
• e31790f6f fix: properly format spec comments in the resources
• 78d384ebb test: update aws cloud provider version
• 3c5bfbb47 fix: don't touch any partitions on upgrade with --preserve
• 891f90fee chore: update Linux to 5.10.23
• d4d77882e chore: update dependencies via dependabot
• 2e22f20bd docs: minor fixes to getting started
• ca8a5596c chore: fix provision tests after changes to build-container
• 4aae924c6 refactor: provide explicit logger for networkd
• 22f375300 chore: update golanci-lint to 1.38.0
• 83b4e7f74 feat: add Rock pi 4 support
• 1362966ff docs: rewrite getting-started for ISO
• 8e57fc4f5 fix: move containerd CRI config files under /var/
• 6f7df3da1 fix: update output of convert-k8s command
• dce6118c2 docs: add guide for VIP
• ee5d9ffac chore: bump Go to 1.16.1
• 7c529e1cb docs: fix links in the documentation
• f596c7f6b docs: add video for raspberry pi install
• 47324dcae docs: add guide on editing machine configuration
• 99d5f894e chore: update website npm dependencies
• 11056a803 docs: add highlights for 0.9 release
• ae8bedb9a docs: add control plane conversion guide and 0.9 upgrade notes
• ed9673e50 docs: add troubleshooting control plane documentation
• 485cb1262 docs: update Kubernetes upgrade guide

Changes since v0.10.0-beta.1

• 905336940 release(v0.10.0): prepare release
• 280b5940c fix: update osType in OVA other3xLinux64Guest"
• b338628dc fix: check if OVF env is empty
• 4e664ce17 chore: list specifically for enabled regions

Changes from talos-systems/extras

• d39dc41 chore: use 0.5.0 tagged images of pkgs and tools
• cf3934a feat: build with Go 1.16.3
• c0fa0c0 feat: bump Go to 1.16.2
• 5f89d77 feat: bump Go to 1.16.1

Changes from talos-systems/go-blockdevice

• 1d830a2 fix: revert mark the EFI partition in PMBR as bootable
• bec914f fix: mark the EFI partition in PMBR as bootable
• 776b37d feat: add options to probe disk by various sysblock parameters

Changes from talos-systems/pkgs

• 5dd650b feat: add cpu scaling for rpi
• b636cac feat: update Linux to 5.10.29
• cd77b6e chore: update tools tag to v0.5.0
• 98964cb feat: update Linux to 5.10.28
• 009ef35 feat: update uboot to 2021.04 stable
• 9a6cf6b feat: build with Go 1.16.3
• 60ce626 feat: update Linux to 5.10.27, enable 32-bit time syscalls
• fdf4866 feat: bump tools for Go 1.16.2
• 35f9b6f feat: update kernel to 5.10.23
• dbae83e fix: do not use git-lfs for rockpi4 binaries
• 1c6b9a3 feat: bump tools for Go 1.16.1
• c18073f feat: add u-boot for Rock Pi 4
• 6b85a2b feat: upgrade u-boot to 2021.04-rc3

Changes from talos-systems/tools

• 1f26def feat: update Go to 1.16.3
• 41b8073 feat: bump protobuf-related tools
• f7bce92 chore: bump Go to 1.16.2
• bcf3380 feat: bump protobuf deps, add protoc-gen-go-grpc
• b49c40e feat: bump Go to 1.16.1

Dependency Changes

• github.com/coreos/go-semver v0.3.0 new
• github.com/cosi-project/runtime 10d6103c19ab new
• github.com/golang/protobuf v1.4.3 -> v1.5.2
• github.com/google/go-cmp v0.5.4 -> v0.5.5
• github.com/hashicorp/go-multierror v1.1.0 -> v1.1.1
• github.com/talos-systems/extras v0.2.0-1-g0db3328 -> v0.3.0
• github.com/talos-systems/go-blockdevice bb3ad73f6983 -> 1d830a25f64f
• github.com/talos-systems/pkgs v0.4.1-2-gd471b60 -> v0.5.0-1-g5dd650b
• github.com/talos-systems/tools v0.4.0-1-g3b25a7e -> v0.5.0
• github.com/vmware/govmomi v0.24.0 new
• go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0 new
• google.golang.org/grpc v1.36.0 -> v1.37.0
• google.golang.org/protobuf v1.25.0 -> v1.26.0
• k8s.io/api v0.20.5 -> v0.21.0
• k8s.io/apimachinery v0.20.5 -> v0.21.0
• k8s.io/apiserver v0.20.5 -> v0.21.0
• k8s.io/client-go v0.20.5 -> v0.21.0
• k8s.io/cri-api v0.20.5 -> v0.21.0
• k8s.io/kubectl v0.20.5 -> v0.21.0
• k8s.io/kubelet v0.20.5 -> v0.21.0

Previous release can be found at v0.9.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.3.0
docker.io/coredns/coredns:1.8.0
gcr.io/etcd-development/etcd:v3.4.15
k8s.gcr.io/kube-apiserver:v1.21.0
k8s.gcr.io/kube-controller-manager:v1.21.0
k8s.gcr.io/kube-scheduler:v1.21.0
k8s.gcr.io/kube-proxy:v1.21.0
ghcr.io/talos-systems/kubelet:v1.21.0
ghcr.io/talos-systems/installer:v0.10.0
k8s.gcr.io/pause:3.2