v0.11.4

[smira]

Talos 0.11.4 (2021-08-05)

Welcome to the v0.11.4 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Default to Bootstrap workflow

The init.yaml is no longer an output of talosctl gen config.
We now encourage using the bootstrap API, instead of init node types, as we
intend on deprecating this machine type in the future.
The init.yaml and controlplane.yaml machine configs are identical with the
exception of the machine type.
Users can use a modified controlplane.yaml with the machine type set to
init if they would like to avoid using the bootstrap API.

Component Updates

• containerd was updated to 1.5.5
• Linux kernel was updated to 5.10.52
• Kubernetes was updated to 1.21.3
• etcd was updated to 3.4.16
• CoreDNS was updated to 1.8.4

CoreDNS

Added the flag cluster.coreDNS.disabled to disable coreDNS deployment during the cluster bootstrap.

Legacy BIOS Support

Added an option to the machine.install section of the machine config that can enable marking MBR partition bootable
for the machines that have legacy BIOS which does not support GPT partitioning scheme.

Multi-arch Installer

Talos installer image (for any arch) now contains artifacts for both amd64 and arm64 architecture.
This means that e.g. images for arm64 SBCs can be generated on amd64 host.

Networking Configuration

Talos networking configuration was completely rewritten to be based on controllers
and resources.
There are no changes to the machine configuration, but any update to .machine.network can now
be applied in immediate mode (without a reboot).
Talos should be setting up network configuration much faster on boot now, not blocking on DHCP for unconfigured
interfaces and skipping the reset network step.

Talos API RBAC

Limited RBAC support in Talos API is now enabled by default for Talos 0.11.
Default talosconfig has os:admin role embedded in the certificate so that all the APIs are available.
Certificates with reduced set of roles can be created with talosctl config new command.

When upgrading from Talos 0.10, RBAC is not enabled by default. Before enabling RBAC, generate talosconfig with
os:admin role first to make sure that administrator still has access to the cluster when RBAC is enabled
(using talosctl config new command).

List of available roles:

• os:admin role enables every Talos API
• os:reader role limits access to read-only APIs which do not return sensitive data
• os:etcd:backup role only allows talosctl etcd snapshot API call (for etcd backup automation)

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Artem Chernyshev
• Spencer Smith
• Serge Logvinov
• Jorik Jonker
• Andrew Rynhard
• Andrew LeCody
• Kevin Hellemun
• Seán C McCord
• Boran Car
• Brandon Nason
• Gabor Nyiri
• Gabor Nyiri
• Joost Coelingh
• Lance R. Vick
• Lennard Klein
• Sébastien Bernard
• Sébastien Bernard

Changes since v0.11.3

3 commits

• 9f388bbbd release(v0.11.4): prepare release
• e61c275e5 feat: update containerd to 1.5.5, runc to 1.0.1
• 64259fd0a fix: preserve PMBR bootable, align partitions with minimal I/O size

Changes from talos-systems/crypto

8 commits

• d3cb772 feat: make possible to change KeyUsage
• 6bc5bb5 chore: remove unused argument
• cd18ef6 feat: add support for several organizations
• 97c888b chore: add options to CSR
• 7776057 chore: fix typos
• 80df078 chore: remove named result parameters
• 15bdd28 chore: minor updates
• 4f80b97 fix: verify CSR signature before issuing a certificate

Changes from talos-systems/extras

3 commits

• 0f96c53 feat: update Go to 1.16.6
• 918e161 chore: update deps to final release versions
• 4fe2706 feat: build with Go 1.16.5

Changes from talos-systems/go-blockdevice

6 commits

• 2ec0c3c fix: preserve the PMBR bootable flag when opening GPT partition
• 87816a8 feat: align partition to minimum I/O size
• c34b59f feat: expose more encryption options in the LUKS module
• 30c2bc3 feat: mark MBR bootable
• 1292574 fix: make disk type matcher parser case insensitive
• b77400e fix: properly detect nvme and sd card disk types

Changes from talos-systems/go-debug

5 commits

• 3d0a6e1 feat: race build tag flag detector
• 5b292e5 feat: disable memory profiling by default
• c6d0ae2 fix: linters and CI
• d969f95 feat: initial implementation
• b2044b7 Initial commit

Changes from talos-systems/go-kmsg

3 commits

• b08e4d3 feat: replace tab character with space in console output
• 2edcd3a feat: add initial version
• 53cdd8d chore: initial commit

Changes from talos-systems/go-loadbalancer

3 commits

• a445702 feat: allow dial timeout and keep alive period to be configurable
• 3c8f347 feat: provide a way to configure logger for the loadbalancer
• da8e987 feat: implement Reconcile - ability to change upstream list on the fly

Changes from talos-systems/go-retry

3 commits

• c78cc95 fix: implement errors.Is for all errors in the set
• 7885e16 feat: add ExpectedErrorf
• 3d83f61 feat: deprecate UnexpectedError

Changes from talos-systems/go-smbios

1 commit

• d3a32be fix: return UUID in middle endian only on SMBIOS >= 2.6

Changes from talos-systems/pkgs

27 commits

• 752c90e feat: update containerd and runc versions
• 5e6def3 feat: update kernel to latest 5.10.52
• f8d83b4 feat: update Go to 1.16.6
• 7b2e126 feat: add support for hotplug of PCIE devices
• f499062 chore: bump tools to final release 0.6.0
• 41d6ccc feat: enable MACVTAP support
• 96072f8 feat: enable adiantum block encryption (both amd64 arm64)
• f5eac03 feat: update Linux to 5.10.45
• d756119 feat: enable HP ILO kernel module (both amd64 arm64)
• 2d51360 feat: support NFS 4.1
• e63e4e9 feat: bump tools for Go 1.16.5
• 1f8af29 feat: update Linux to 5.10.38
• a3a6650 feat: update containerd to 1.5.2
• c70ea44 feat: update runc to 1.0.0-rc95
• db60235 feat: add support for netxen card
• f934187 feat: update containerd to 1.5.1
• e8ed5bc feat: add geneve encapsulation support for openvswitch
• 9f7903c feat: update containerd to 1.5.0, runc to -rc94
• d7c0f70 feat: add AES-NI support for amd64
• b0d9cd2 fix: build zbin utility for both amd64 and arm64
• bb39b97 feat: add IPMI support in kernel
• 1148f9a feat: add DS1307 RTC support for arm64
• 350aa6f feat: add USB serial support
• de9c582 feat: add Pine64 SBC support
• b56f36b feat: enable VMware baloon kernel module
• f87c194 feat: add iPXE build with embedded placeholder script
• a8b9e71 feat: add cpu scaling for rpi

Changes from talos-systems/tools

2 commits

• 545d839 feat: update Go to 1.16.6
• c8c2a18 feat: update Go to 1.16.5

Dependency Changes

• github.com/aws/aws-sdk-go v1.38.66 new
• github.com/containerd/cgroups 4cbc285b3327 -> v1.0.1
• github.com/containerd/containerd v1.4.4 -> v1.5.5
• github.com/containerd/go-cni v1.0.1 -> v1.0.2
• github.com/containerd/typeurl v1.0.1 -> v1.0.2
• github.com/coreos/go-iptables v0.5.0 -> v0.6.0
• github.com/cosi-project/runtime 10d6103c19ab -> 93ead370bf57
• github.com/docker/docker v20.10.4 -> v20.10.7
• github.com/emicklei/dot v0.15.0 -> v0.16.0
• github.com/evanphx/json-patch v4.9.0 -> v4.11.0
• github.com/fatih/color v1.10.0 -> v1.12.0
• github.com/google/go-cmp v0.5.5 -> v0.5.6
• github.com/google/gofuzz v1.2.0 new
• github.com/googleapis/gnostic v0.5.5 new
• github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 -> v1.3.0
• github.com/hashicorp/go-getter v1.5.2 -> v1.5.4
• github.com/imdario/mergo v0.3.12 new
• github.com/insomniacslk/dhcp cc9239ac6294 -> 1cac67f12b1e
• github.com/jsimonetti/rtnetlink 1b79e63a70a0 -> 9c52e516c709
• github.com/mattn/go-isatty v0.0.12 -> v0.0.13
• github.com/mdlayher/arp f72070a231fc new
• github.com/mdlayher/ethtool 2b88debcdd43 new
• github.com/mdlayher/netlink v1.4.0 -> v1.4.1
• github.com/mdlayher/raw 51b895745faf new
• github.com/opencontainers/runtime-spec 4d89ac9fbff6 -> 1c3f411f0417
• github.com/rivo/tview 8a8f78a6dd01 -> d4fb0348227b
• github.com/rs/xid v1.2.1 -> v1.3.0
• github.com/spf13/viper v1.8.0 new
• github.com/talos-systems/crypto 39584f1b6e54 -> v0.3.1
• github.com/talos-systems/extras v0.3.0 -> v0.4.0-1-g0f96c53
• github.com/talos-systems/go-blockdevice 1d830a25f64f -> v0.2.2
• github.com/talos-systems/go-debug v0.2.1 new
• github.com/talos-systems/go-kmsg v0.1.1 new
• github.com/talos-systems/go-loadbalancer v0.1.0 -> v0.1.1
• github.com/talos-systems/go-retry b9dc1a990133 -> v0.3.1
• github.com/talos-systems/go-smbios fb425d4727e6 -> v0.1.0
• github.com/talos-systems/pkgs v0.5.0-1-g5dd650b -> v0.6.0-4-g752c90e
• github.com/talos-systems/talos/pkg/machinery 8ffb559 -> 000000000000
• github.com/talos-systems/tools v0.5.0 -> v0.6.0-1-g545d839
• github.com/vishvananda/netns 2eb08e3e575f new
• github.com/vmware-tanzu/sonobuoy v0.20.0 -> v0.52.0
• github.com/vmware/govmomi v0.24.0 -> v0.26.0
• go.etcd.io/etcd/api/v3 v3.5.0-alpha.0 -> v3.5.0
• go.etcd.io/etcd/client/pkg/v3 v3.5.0 new
• go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 -> v3.5.0
• go.etcd.io/etcd/etcdutl/v3 v3.5.0 new
• go.uber.org/zap v1.17.0 new
• golang.org/x/net e18ecbb05110 -> 04defd469f4e
• golang.org/x/oauth2 a8dc77f794b6 new
• golang.org/x/sys 77cc2087c03b -> 59db8d763f22
• golang.org/x/term 6a3ed077a48d -> 6886f2dfbf5b
• golang.org/x/time f8bda1e9f3ba -> 38a9dc6acbc6
• golang.zx2c4.com/wireguard/wgctrl bd2cb7843e1b -> 92e472f520a5
• google.golang.org/grpc v1.37.0 -> v1.38.0
• inet.af/netaddr bf05d8b52dda new
• k8s.io/api v0.21.0 -> v0.21.3
• k8s.io/apimachinery v0.21.0 -> v0.21.3
• k8s.io/apiserver v0.21.0 -> v0.21.3
• k8s.io/client-go v0.21.0 -> v0.21.3
• k8s.io/cri-api v0.21.0 -> v0.21.3
• k8s.io/kubectl v0.21.0 -> v0.21.3
• k8s.io/kubelet v0.21.0 -> v0.21.3
• k8s.io/utils 6fdb442a123b new

Previous release can be found at v0.10.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.4.0-1-g0f96c53
docker.io/coredns/coredns:1.8.4
gcr.io/etcd-development/etcd:v3.4.16
k8s.gcr.io/kube-apiserver:v1.21.3
k8s.gcr.io/kube-controller-manager:v1.21.3
k8s.gcr.io/kube-scheduler:v1.21.3
k8s.gcr.io/kube-proxy:v1.21.3
ghcr.io/talos-systems/kubelet:v1.21.3
ghcr.io/talos-systems/installer:v0.11.4
k8s.gcr.io/pause:3.2

---

This discussion was created from the release v0.11.4.