v1.8.0-alpha.2
#9259
Replies: 1 comment 4 replies
-
Is there a simple way to modify the bundled Flannel? For instance, what if I need to use the |
Beta Was this translation helpful? Give feedback.
4 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Talos 1.8.0-alpha.2 (2024-09-02)
Welcome to the v1.8.0-alpha.2 release of Talos!
This is a pre-release of Talos
Starting with Talos v1.8.0, only standard assets would be published as github release assets. These include:
cloud-images.json
talosctl
binarieskernel
initramfs
metal
iso and disk imagestalosctl-cni-bundle
All other release assets can be downloaded from Image Factory.
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Node Annotations
Talos Linux now supports configuring Kubernetes node annotations via machine configuration (
.machine.nodeAnnotations
) in a way similar to node labels.Workload Apparmor Profile
Talos Linux can now apply the default AppArmor profiles to all workloads started via containerd, if the machine is installed with the AppArmor LSM enforced via the extraKernelArgs.
Eg:
Bridge Interface
Talos Linux now support configuring 'vlan_filtering' for bridge interfaces.
CNI Plugins
Talos Linux now bundles by default the following standard CNI plugins:
bridge
firewall
flannel
host-local
loopback
portmap
The Talos bundled Flannel manifest was simplified to remove the
install-cni
step.Diagnostics
Talos Linux now shows diagnostics information for common problems related to misconfiguration via
talosctl health
and Talos dashboard.Extensions in Kubernetes Nodes
Talos Linux now publishes list of installed extensions as Kubernetes node labels/annotations.
The key format is
extensions.talos.dev/<name>
and the value is the extension version.If the extension name is not valid as a label key, it will be skipped.
If the extension version is a valid label value, it will be put to the label; otherwise it will be put to the annotation.
For Talos machines booted of the Image Factory artifacts, this means that the schematic ID will be published as the annotation
extensions.talos.dev/schematic
(as it is longer than 63 characters).DNS Forwarding for CoreDNS pods
Usage of the host DNS resolver as upstream for Kubernetes CoreDNS pods is now enabled by default. You can disable it
with:
Please note that on running cluster you will have to kill CoreDNS pods for this change to apply.
The IP address used to forward DNS queries has changed to the fixed
169.254.116.108
address.For those upgrading from Talos 1.7 with
forwardKubeDNSToHost
enabled, the old Kubernetes servicecan be cleaned up with
kubectl delete -n kube-system service host-dns
.Installer
Talos Linux installer now never wipes the system disk on upgrades, which means that the flag
--preserve
is always set fortalosctl upgrade
.talos.halt_if_installed
kernel argumentStarting with Talos 1.8, ISO's generated from Boot Assets would have a new kernel argument
talos.halt_if_installed
which would pause the boot sequence until boot timeout if Talos is already installed on the disk.ISO generated for pre 1.8 versions would not have this kernel argument.
This can be also explicitly enabled by setting
talos.halt_if_installed=1
in kernel argument.Slim Kubelet Image
Kubelet container image includes various utilities that kubelet might use to perform various tasks.
Starting with Kubernetes 1.31.0,
kubelet
image now includes less utilities, as the in-tree CSI plugins wereremoved in Kubernetes 1.31.0. This reduces
kubelet
image size and potential attack surface.For Kubernetes < 1.31.0, there will be two images built:
v1.x.y
(default, fat)v1.x.y-slim
(slim)For Kubernetes >= 1.31.0, there will be same two images built, but the
default tag would point to slim image:
v1.x.y
(default, slim)v1.x.y-fat
(fat)Default Node Labels
Talos Linux on config generation now adds a label
node.kubernetes.io/exclude-from-external-load-balancers
by default for the control plane nodes.PCI Devices
A list of PCI devices can now be obtained via
PCIDevices
resource, e.g.talosctl get pcidevices
.Metal images
Starting with Talos 1.8,
console=ttyS0
kernel argument is removed from the metal images and installer. If running virtualized in QEMU (For eg: Proxmox), this can be added as an extra kernel argument if needed via Image Factory or using Imager.This should fix slow boot or no console output issues on most bare metal hardware.
NVIDIA GPU Support
Starting with Talos 1.8.0, SideroLabs would ships extensions for both LTS and Production versions of NVIDIA extensions.
For more details see the CHANGELOG of extensions.
Upgrades with an exisiting schematic id from Image Factory would keep the existing LTS version of the NVIDIA extension.
Platform Support
Talos Linux now supports Apache CloudStack platform.
kube-proxy
Talos Linux configures kube-proxy >= v1.31.0 to use 'nftables' backend by default.
Secure Boot
Talos Linux now can optionally include well-known UEFI (Microsoft) SecureBoot keys into the auto-enrollment UEFI database.
Custom Trusted Roots
Talos Linux now supports adding custom trusted roots (CA certificates) via
TrustedRootsConfig
configuration documents.Device Extra Settle Timeout
Talos Linux now supports a kernel command line argument
talos.device.settle_time=3m
to set the device extra settle timeout to workaround issues with broken drivers.Component Updates
Kubernetes: 1.31.0
Linux: 6.6.47
containerd: 2.0.0-rc.4
runc: 1.2.0-rc.2
etcd: 3.5.15
Flannel: 0.25.6
Flannel CNI plugin: 1.5.1
CoreDNS: 1.1.13
Talos is built with Go 1.22.6.
ZSTD Compression
Talos Linux now compresses kernel and initramfs using ZSTD.
Linux arm64 kernel is now compressed (previously it was uncompressed).
Contributors
Changes
280 commits
uio
modulesttyS0
argumentmountPath
PermissionDenied
in dashboard resource watchescluster create
UX on aarch64if
blocks withmin
/max
functionsunsupported
flag for mkfs/tmp
for trustdget mc
v
prefixapply-config
dry runmessure
->measure
ExecuteCommandInPod
failstime.SyncController
nslookup
withdig
in integration teststracefs
filesystemnil
machine config during installationtalosctl cluster create --input-dir
--non-masquerade-cidrs
flag totalosctl cluster create
host-dns
servicepkg/imager/quirks
topkg/machinery
Changes since v1.8.0-alpha.1
114 commits
uio
modulesttyS0
argumentmountPath
PermissionDenied
in dashboard resource watchescluster create
UX on aarch64if
blocks withmin
/max
functionsunsupported
flag for mkfs/tmp
for trustdget mc
Changes from siderolabs/discovery-client
2 commits
Changes from siderolabs/extras
7 commits
Changes from siderolabs/gen
2 commits
Changes from siderolabs/go-api-signature
3 commits
Changes from siderolabs/go-circular
3 commits
Changes from siderolabs/go-debug
1 commit
Changes from siderolabs/go-kubernetes
2 commits
Changes from siderolabs/go-loadbalancer
1 commit
Changes from siderolabs/go-pcidb
1 commit
Changes from siderolabs/go-smbios
2 commits
Changes from siderolabs/go-tail
1 commit
Changes from siderolabs/go-talos-support
3 commits
dns-resolve-cache
to the list of logs gatheredChanges from siderolabs/grpc-proxy
5 commits
Changes from siderolabs/pkgs
56 commits
uinput
kernel moduleChanges from siderolabs/protoenc
19 commits
map[string]interface{}
Changes from siderolabs/siderolink
4 commits
Changes from siderolabs/tools
14 commits
Dependency Changes
Previous release can be found at v1.7.0
Images
This discussion was created from the release v1.8.0-alpha.2.
Beta Was this translation helpful? Give feedback.
All reactions