You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is now possible to generate a secrets bundle from a Kubernetes PKI directory (e.g. /etc/kubernetes/pki).
You can also specify a bootstrap token to be used in the secrets bundle.
This secrets bundle can then be used to generate a machine config.
This facilitates migrating clusters (e.g. created using kubeadm) to Talos.
talosctl gen secrets --kubernetes-bootstrap-token znzio1.1ifu15frz7jd59pv --from-kubernetes-pki /etc/kubernetes/pki
talosctl gen config --with-secrets secrets.yaml my-cluster https://172.20.0.1:6443
Kubernetes ControlPlane Components
Talos now run all Kubernetes Control Plane Components with the CRI default Seccomp Profile and other recommendations as described in KEP-2568.
Kubelet Default Runtime Seccomp Profile
Talos now runs Kubelet with the CRI default Seccomp Profile enabled.
This can be disabled by setting .machine.kubelet.defaultRuntimeSeccompProfileEnabled to false.
This is not enabled automatically on upgrades, so upgrading to Talos v1.2 needs this to be explicitly enabled.
Network bridge support
Talos now supports configuring Linux bridges. It can be configured in the machine config like the following:
Talos now supports capturing packets on a network interface with talosctl pcap command:
talosctl pcap --interface eth0
Seccomp Profiles
Talos now supports creating custom seccomp profiles on the host machine which in turn can be used by Kubernetes workloads.
It can be configured in the machine config as below:
Talos now generates the default hostname (when there is no explicitly specified hostname) for the nodes based on the
node id (e.g. talos-2gd-76y) instead of using the DHCP assigned IP address (e.g. talos-172-20-0-2).
This ensures that the node hostname is not changed when DHCP assigns a new IP to a node.
For example, machine hostname can be set with the following patch:
machine:
network:
hostname: worker1
Patch format is detected automatically.
Variable substitution for URL query parameter in the talos.config kernel parameter
The kernel parameter talos.config can now substitute system information into placeholders inside its URL query values. This example shows all supported variables:
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Talos 1.2.0-alpha.1 (2022-07-28)
Welcome to the v1.2.0-alpha.1 release of Talos!
This is a pre-release of Talos
Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.
Generating Talos secrets from PKI directory
It is now possible to generate a secrets bundle from a Kubernetes PKI directory (e.g.
/etc/kubernetes/pki
).You can also specify a bootstrap token to be used in the secrets bundle.
This secrets bundle can then be used to generate a machine config.
This facilitates migrating clusters (e.g. created using
kubeadm
) to Talos.Kubernetes ControlPlane Components
Talos now run all Kubernetes Control Plane Components with the CRI default Seccomp Profile and other recommendations as described in
KEP-2568.
Kubelet Default Runtime Seccomp Profile
Talos now runs Kubelet with the CRI default Seccomp Profile enabled.
This can be disabled by setting
.machine.kubelet.defaultRuntimeSeccompProfileEnabled
tofalse
.This is not enabled automatically on upgrades, so upgrading to Talos v1.2 needs this to be explicitly enabled.
Network bridge support
Talos now supports configuring Linux bridges. It can be configured in the machine config like the following:
See documentation for more details.
VLAN support in cmdline arguments
Talos now supports dracut-style
vlan
kernel argument to allowinstalling Talos Linux in networks where ports are not tagged
with a default VLAN:
Packet Capture
Talos now supports capturing packets on a network interface with
talosctl pcap
command:talosctl pcap --interface eth0
Seccomp Profiles
Talos now supports creating custom seccomp profiles on the host machine which in turn can be used by Kubernetes workloads.
It can be configured in the machine config as below:
This profile data can be either configured as a YAML definition or as a JSON string.
The profiles are created on the host under
/var/lib/seccomp/profiles
and bind mounted at/var/lib/kubelet/seccomp/profiles
so Kubelet can use it.See documentation for more details.
Stable Default Hostname
Talos now generates the default hostname (when there is no explicitly specified hostname) for the nodes based on the
node id (e.g.
talos-2gd-76y
) instead of using the DHCP assigned IP address (e.g.talos-172-20-0-2
).This ensures that the node hostname is not changed when DHCP assigns a new IP to a node.
Strategic merge machine configuration patching
In addition to JSON (RFC6902) patches Talos now supports strategic merge patching.
For example, machine hostname can be set with the following patch:
Patch format is detected automatically.
Variable substitution for URL query parameter in the talos.config kernel parameter
The kernel parameter talos.config can now substitute system information into placeholders inside its URL query values. This example shows all supported variables:
http://example.com/metadata?h=${hostname}&m=${mac}&s=${serial}&u=${uuid}
Component Updates
Talos is built with Go 1.18.4.
Contributors
Changes
129 commits
ResetDuringBoot
test if theCluster
config is unknownpowercycle
talos.platform
kernel argumentkvm64
note/etc/ssl/certs/ca-certificates.crt
talosctl bootstrap
accept only single nodexfs_repair
on xfs filesystem returingEUCLEAN
/var
to be mounted in kubelet service controllerChanges since v1.2.0-alpha.0
67 commits
ResetDuringBoot
test if theCluster
config is unknownpowercycle
talos.platform
kernel argumentkvm64
noteChanges from siderolabs/extras
2 commits
Changes from siderolabs/pkgs
24 commits
RANDOM_TRUST_BOOTLOADER
by defaultChanges from siderolabs/tools
5 commits
Changes from talos-systems/crypto
1 commit
Changes from talos-systems/go-blockdevice
2 commits
Changes from talos-systems/grpc-proxy
1 commit
SetHeader
callsDependency Changes
Previous release can be found at v1.1.0
Images
This discussion was created from the release v1.2.0-alpha.1.
Beta Was this translation helpful? Give feedback.
All reactions