v0.14.0-alpha.0

[smira]

Talos 0.14.0-alpha.0 (2021-10-25)

Welcome to the v0.14.0-alpha.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/talos-systems/talos/issues.

Kexec and capabilities

When kexec support is disabled
Talos no longer drops Linux capabilities (CAP_SYS_BOOT and CAP_SYS_MODULES) for child processes.
That is helpful for advanced use-cases like Docker-in-Docker.

If you want to permanently disable kexec and capabilities dropping, pass kexec_load_disabled=1 argument to the kernel.

For example:

install:
  extraKernelArgs:
    - kexec_load_disabled=1

Please note that capabilities are dropped before machine configuration is loaded,
so disabling kexec via machine.sysctls will not be enough.

Cluster Discovery

Cluster Discovery is enabled by default for Talos 0.14.
Cluster Discovery can be disabled with talosctl gen config --with-cluster-discovery=false.

Log Shipping

Talos can now ship system logs to the configured destination using either JSON-over-UDP or JSON-over-TCP:
see .machine.logging machine configuration option.

Component Updates

• Linux: 5.10.75
• etcd: 3.5.1
• containerd: 1.5.7
• Kubernetes: 1.23.0-alpha.0
• CoreDNS: 1.8.6

Talos is built with Go 1.17.2

Kubernetes Upgrade Enhancements

talosctl upgrade-k8s now syncs all Talos manifest resources generated from templates.

So there is no need to update CoreDNS, Flannel container manually after running upgrade-k8s anymore.

Contributors

• Andrey Smirnov
• Alexey Palazhchenko
• Serge Logvinov
• Artem Chernyshev
• Spencer Smith
• Andrew Rynhard
• Branden Cash
• Gerard de Leeuw

Changes

57 commits

• 01b0f0abb release(v0.14.0-alpha.0): prepare release
• 8b6206537 fix: skip generating empty .machine.logging
• 60ad00636 fix: don't drop ability to use ambient capabilities
• b6b78e7fe test: add cluster discovery integration tests
• 97d64d160 fix: hcloud network config changes
• 4c76865d0 feat: multiple logging improvements
• 1d1e1df64 fix: handle skipped mounts correctly
• 0a964d921 test: fix openstack unit-test stability
• 72f62ac27 chore: bump Go and Docker dependencies
• 9c48ebe8f fix: gcp fetching externalIP
• 6c297268c test: fix e2e k8s version
• ae5af9d3f feat: update Kubernetes to 1.23.0-alpha.3
• 28d3a69e9 feat: openstack config-drive support
• 2258bc491 test: update GCP e2e script to work with new templates
• 36b6ace25 feat: update Linux to 5.10.75
• 38516a549 test: update Talos versions in upgrade tests
• cff20ec78 fix: change services OOM score
• 666a2b620 feat: azure platform ipv6 support
• d32814e30 feat: extract JSON fields from log lines
• e77d81fff fix: treat literal 'unknown' as a valid machine type
• c8e404e35 test: update vars for AWS cluster
• ad23891b1 feat: update CoreDNS version 1.8.6
• 41299cae9 feat: udev rules support
• 5237fdc95 feat: send JSON logs over UDP
• 6d44587a4 feat: coredns service dualstack
• 12f7888b7 feat: feed control plane endpoints on workers from cluster discovery
• 431e4fb4b chore: bump Go and Docker dependencies
• 89f3b9f8d feat: update etcd to 3.5.1
• e60469a38 feat: initial support for JSON logging
• 68c420e3c feat: enable cluster discovery by default
• 3e100aa97 test: workaround EventsWatch test flakiness
• 9bd4838ac chore: stop using sonobuoy CLI
• 6ad459519 docs: fix field names for bonding configuration
• d7a3b7b5b chore: use discovery-client and discovery-api modules
• d6309eed6 docs: create docs for Talos 0.14
• c0fda6436 fix: attempt to clean up tasks in containerd runner
• 8cf442daa chore: bump tools, pkgs, extras
• 0dad5f4d7 chore: small cleanup
• e3e2113ad feat: upgrade CoreDNS during upgrade-k8s call
• d92c98e19 docs: fix discovery service documentation link
• e44b11c59 feat: update containerd to 1.5.7, bump Go dependencies
• 24129307a docs: make Talos 0.13 docs latest, update documentation
• 31b6e39e5 fix: delete expired affiliates from the discovery service
• 877a2b6fc test: bump CAPI components to v1alpha4
• 2ba0e0ac4 docs: add KubeSpan documentation
• 997873b6d fix: use ECDSA-SHA512 when generating certs for Talos < 0.13
• 7137166d1 fix: allow overriding audit-policy-file in kube-apiserver static pod
• 8fcd42196 chore: fix integration-qemu-race
• 91a858b53 fix: sort output of the argument builder
• 657f7a56b fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs
• 983d2459e feat: suppress logging NTP sync to the console
• 022c7335f fix: add interface route if DHCP4 router is not directly routeable
• 66a1579ea fix: don't enable 'no new privs' on the system level
• 423861cf9 feat: don't drop capabilities if kexec is disabled
• facc8c38a docs: fix documentation for cluster discovery
• ce65ca4e4 chore: build using only amd64 builders
• e9b0f010d chore: update docker image in the pipeline

Changes from talos-systems/discovery-api

2 commits

• siderolabs/discovery-api@db279ef feat: initial set of APIs and generated files
• siderolabs/discovery-api@ac52a37 chore: initial commit

Changes from talos-systems/discovery-client

2 commits

• siderolabs/discovery-client@a9a5e9b feat: initial client code
• siderolabs/discovery-client@98eb999 chore: initial commit

Changes from talos-systems/extras

1 commit

• siderolabs/extras@d6e8b3a chore: update pkgs and tools

Changes from talos-systems/pkgs

8 commits

• siderolabs/pkgs@80a63d4 feat: update Linux to 5.10.75
• siderolabs/pkgs@5c98efd feat: add QLogic QED 25/40/100Gb Ethernet NIC driver
• siderolabs/pkgs@bfb2365 feat: enable driver for SuperMicro raid controller
• siderolabs/pkgs@657e16b feat: enable Intel VMD driver
• siderolabs/pkgs@f7d9d72 feat: enable smarpqi driver and related options
• siderolabs/pkgs@bca3be0 feat: enable aqtion device driver
• siderolabs/pkgs@b88127a chore: update tools
• siderolabs/pkgs@971735f feat: update containerd to 1.5.7

Changes from talos-systems/tools

1 commit

• siderolabs/tools@fab7532 feat: update Go to 1.17.2

Dependency Changes

• github.com/AlekSi/pointer v1.1.0 -> v1.2.0
• github.com/containerd/cgroups v1.0.1 -> v1.0.2
• github.com/containerd/containerd v1.5.5 -> v1.5.7
• github.com/docker/docker v20.10.8 -> v20.10.9
• github.com/hashicorp/go-getter v1.5.8 -> v1.5.9
• github.com/insomniacslk/dhcp b95caade3eac -> 509557e9f781
• github.com/jsimonetti/rtnetlink 435639c8e6a8 -> e34540a94caa
• github.com/jxskiss/base62 4f11678b909b -> v1.0.0
• github.com/rivo/tview ee97a7ab3975 -> 5508f4b00266
• github.com/talos-systems/discovery-api v0.1.0 new
• github.com/talos-systems/discovery-client v0.1.0 new
• github.com/talos-systems/extras v0.6.0 -> v0.7.0-alpha.0
• github.com/talos-systems/pkgs v0.8.0 -> v0.9.0-alpha.0-7-g80a63d4
• github.com/talos-systems/talos/pkg/machinery v0.13.0 -> 000000000000
• github.com/talos-systems/tools v0.8.0 -> v0.9.0-alpha.0
• github.com/vmware-tanzu/sonobuoy v0.53.2 -> v0.54.0
• github.com/vmware/govmomi v0.26.1 -> v0.27.1
• github.com/vmware/vmw-guestinfo 687661b8bd8e -> cc1fd90d572c
• go.etcd.io/etcd/api/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/client/pkg/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/client/v3 v3.5.0 -> v3.5.1
• go.etcd.io/etcd/etcdutl/v3 v3.5.0 -> v3.5.1
• golang.org/x/net 3ad01bbaa167 -> d418f374d309
• golang.org/x/sys 39ccf1dd6fa6 -> d6a326fbbf70
• golang.org/x/term 140adaaadfaf -> 03fcf44c2211
• golang.zx2c4.com/wireguard/wgctrl 0a2f4901cba6 -> 5be1d6054c42
• k8s.io/api v0.22.2 -> v0.23.0-alpha.3
• k8s.io/apimachinery v0.22.2 -> v0.23.0-alpha.3
• k8s.io/client-go v0.22.2 -> v0.23.0-alpha.3
• k8s.io/cri-api v0.22.2 -> v0.23.0-alpha.3
• k8s.io/kubectl v0.22.2 -> v0.23.0-alpha.3
• k8s.io/kubelet v0.22.2 -> v0.23.0-alpha.3
• kernel.org/pub/linux/libs/security/libcap/cap v1.2.59 -> v1.2.60
• sigs.k8s.io/yaml v1.3.0 new

Previous release can be found at v0.13.0

Images

quay.io/coreos/flannel:v0.13.0
ghcr.io/talos-systems/install-cni:v0.7.0-alpha.0
docker.io/coredns/coredns:1.8.6
gcr.io/etcd-development/etcd:v3.5.1
k8s.gcr.io/kube-apiserver:v1.23.0-alpha.3
k8s.gcr.io/kube-controller-manager:v1.23.0-alpha.3
k8s.gcr.io/kube-scheduler:v1.23.0-alpha.3
k8s.gcr.io/kube-proxy:v1.23.0-alpha.3
ghcr.io/talos-systems/kubelet:v1.23.0-alpha.3
ghcr.io/talos-systems/installer:v0.14.0-alpha.0
k8s.gcr.io/pause:3.2

---

This discussion was created from the release v0.14.0-alpha.0.