release(v0.14.0-alpha.0): prepare release

This is the official v0.14.0-alpha.0 release.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>

.conform.yaml

@@ -34,7 +34,7 @@ policies:
           - talosctl
           - kernel
           - security
-          - ^v0.13
+          - ^v0.14
   - type: license
     spec:
       skipPaths:

CHANGELOG.md

@@ -1,3 +1,225 @@
+## [Talos 0.14.0-alpha.0](https://github.com/talos-systems/talos/releases/tag/v0.14.0-alpha.0) (2021-10-25)
+
+Welcome to the v0.14.0-alpha.0 release of Talos!  
+*This is a pre-release of Talos*
+
+
+
+Please try out the release binaries and report any issues at
+https://github.com/talos-systems/talos/issues.
+
+### Kexec and capabilities
+
+When kexec support is disabled
+Talos no longer drops Linux capabilities (`CAP_SYS_BOOT` and `CAP_SYS_MODULES`) for child processes.
+That is helpful for advanced use-cases like Docker-in-Docker.
+
+If you want to permanently disable kexec and capabilities dropping, pass `kexec_load_disabled=1` argument to the kernel.
+
+For example:
+
+```yaml
+install:
+  extraKernelArgs:
+    - kexec_load_disabled=1
+```
+
+Please note that capabilities are dropped before machine configuration is loaded,
+so disabling kexec via `machine.sysctls` will not be enough.
+
+
+### Cluster Discovery
+
+Cluster Discovery is enabled by default for Talos 0.14.
+Cluster Discovery can be disabled with `talosctl gen config --with-cluster-discovery=false`.
+
+
+### Log Shipping
+
+Talos can now ship system logs to the configured destination using either JSON-over-UDP or JSON-over-TCP:
+see `.machine.logging` machine configuration option.
+
+
+### Component Updates
+
+* Linux: 5.10.75
+* etcd: 3.5.1
+* containerd: 1.5.7
+* Kubernetes: 1.23.0-alpha.0
+* CoreDNS: 1.8.6
+
+Talos is built with Go 1.17.2
+
+
+### Kubernetes Upgrade Enhancements
+
+`talosctl upgrade-k8s` now syncs all Talos manifest resources generated from templates.
+
+So there is no need to update CoreDNS, Flannel container manually after running `upgrade-k8s` anymore.
+
+
+### Contributors
+
+* Andrey Smirnov
+* Alexey Palazhchenko
+* Serge Logvinov
+* Artem Chernyshev
+* Spencer Smith
+* Andrew Rynhard
+* Branden Cash
+* Gerard de Leeuw
+
+### Changes
+<details><summary>56 commits</summary>
+<p>
+
+* [`8b620653`](https://github.com/talos-systems/talos/commit/8b6206537a30be049f74f8c4c7350028e6e56c74) fix: skip generating empty `.machine.logging`
+* [`60ad0063`](https://github.com/talos-systems/talos/commit/60ad006367e73f56fd69726e0044f1ce48f18a8b) fix: don't drop ability to use ambient capabilities
+* [`b6b78e7f`](https://github.com/talos-systems/talos/commit/b6b78e7fef3f6ef0c566e1815d1e28f16f868c93) test: add cluster discovery integration tests
+* [`97d64d16`](https://github.com/talos-systems/talos/commit/97d64d160ce7e71c3107adbd31404853f543f7cc) fix: hcloud network config changes
+* [`4c76865d`](https://github.com/talos-systems/talos/commit/4c76865d0ecec726e801a4b8f87e09476481d808) feat: multiple logging improvements
+* [`1d1e1df6`](https://github.com/talos-systems/talos/commit/1d1e1df643832478aaa715aea5f51ad2e61e2880) fix: handle skipped mounts correctly
+* [`0a964d92`](https://github.com/talos-systems/talos/commit/0a964d921922a247293e36b5fecaab466b91d924) test: fix openstack unit-test stability
+* [`72f62ac2`](https://github.com/talos-systems/talos/commit/72f62ac27b5d0a72db409fd003a7cf9c41a03d7c) chore: bump Go and Docker dependencies
+* [`9c48ebe8`](https://github.com/talos-systems/talos/commit/9c48ebe8f94afa85921ee5f1c1e9315201905a92) fix: gcp fetching externalIP
+* [`6c297268`](https://github.com/talos-systems/talos/commit/6c297268ce596c2a875b7c419c85317dc24d9f4f) test: fix e2e k8s version
+* [`ae5af9d3`](https://github.com/talos-systems/talos/commit/ae5af9d3fad399dea95c316d94e3e66b124bfb24) feat: update Kubernetes to 1.23.0-alpha.3
+* [`28d3a69e`](https://github.com/talos-systems/talos/commit/28d3a69e9d4ae7ffa231804e26af6d1f39c07afd) feat: openstack config-drive support
+* [`2258bc49`](https://github.com/talos-systems/talos/commit/2258bc4918e89b3d6fcb841b2ad677f114ddba7e) test: update GCP e2e script to work with new templates
+* [`36b6ace2`](https://github.com/talos-systems/talos/commit/36b6ace25378e8c4a607de6efb6b89a2d52f5cea) feat: update Linux to 5.10.75
+* [`38516a54`](https://github.com/talos-systems/talos/commit/38516a5499d933a8038ce6768946ff096e7c6f98) test: update Talos versions in upgrade tests
+* [`cff20ec7`](https://github.com/talos-systems/talos/commit/cff20ec78340b3855751e13f2ad0e54bd47e9989) fix: change services OOM score
+* [`666a2b62`](https://github.com/talos-systems/talos/commit/666a2b6207d257edda20c9e0411b0d4cd4112aa6) feat: azure platform ipv6 support
+* [`d32814e3`](https://github.com/talos-systems/talos/commit/d32814e302c370ec1e82aa2879186a034cd2a905) feat: extract JSON fields from log lines
+* [`e77d81ff`](https://github.com/talos-systems/talos/commit/e77d81fff31d68f762da3741846f95a6d2303903) fix: treat literal 'unknown' as a valid machine type
+* [`c8e404e3`](https://github.com/talos-systems/talos/commit/c8e404e356878f6cd819a33386b351c1c152c3f5) test: update vars for AWS cluster
+* [`ad23891b`](https://github.com/talos-systems/talos/commit/ad23891b1f6b33409721528c6771304b7ab94b2c) feat: update CoreDNS version 1.8.6
+* [`41299cae`](https://github.com/talos-systems/talos/commit/41299cae9961665c2bf2a642290f8309683f040d) feat: udev rules support
+* [`5237fdc9`](https://github.com/talos-systems/talos/commit/5237fdc957efbb018649b866bfb756f280f589a2) feat: send JSON logs over UDP
+* [`6d44587a`](https://github.com/talos-systems/talos/commit/6d44587a4d4c16defa6bb06329cdfc6e39c95188) feat: coredns service dualstack
+* [`12f7888b`](https://github.com/talos-systems/talos/commit/12f7888b75fa2498e0f8305f5d6910cecad5c65c) feat: feed control plane endpoints on workers from cluster discovery
+* [`431e4fb4`](https://github.com/talos-systems/talos/commit/431e4fb4b690fa4955c407d8dd8156bdecd9a2c5) chore: bump Go and Docker dependencies
+* [`89f3b9f8`](https://github.com/talos-systems/talos/commit/89f3b9f8d41e33c4cb736917f418ab5cfb9edd83) feat: update etcd to 3.5.1
+* [`e60469a3`](https://github.com/talos-systems/talos/commit/e60469a38cb81ace2039bae1927eb6c5f1f0ad1f) feat: initial support for JSON logging
+* [`68c420e3`](https://github.com/talos-systems/talos/commit/68c420e3c96a0fdc3b3e6cd75be24cc797c48e09) feat: enable cluster discovery by default
+* [`3e100aa9`](https://github.com/talos-systems/talos/commit/3e100aa97734ea809563e23fc36e19bdd3df1920) test: workaround EventsWatch test flakiness
+* [`9bd4838a`](https://github.com/talos-systems/talos/commit/9bd4838ac10abbd4760da4fb905d7639a1c26f9f) chore: stop using sonobuoy CLI
+* [`6ad45951`](https://github.com/talos-systems/talos/commit/6ad45951975aac48fdcc282e5a0e31344058d07e) docs: fix field names for bonding configuration
+* [`d7a3b7b5`](https://github.com/talos-systems/talos/commit/d7a3b7b5b70293884d2e19c6a59b14ebcfa24397) chore: use discovery-client and discovery-api modules
+* [`d6309eed`](https://github.com/talos-systems/talos/commit/d6309eed6618abd1b4efd0e3cd18a6c0df39378f) docs: create docs for Talos 0.14
+* [`c0fda643`](https://github.com/talos-systems/talos/commit/c0fda6436ae27d8bbc210ee74a1128968108f6a6) fix: attempt to clean up tasks in containerd runner
+* [`8cf442da`](https://github.com/talos-systems/talos/commit/8cf442daa60d911caff59d1c2c05dd77652c8b51) chore: bump tools, pkgs, extras
+* [`0dad5f4d`](https://github.com/talos-systems/talos/commit/0dad5f4d7846f3fb41ff4ba27395023d33796a61) chore: small cleanup
+* [`e3e2113a`](https://github.com/talos-systems/talos/commit/e3e2113adc058940725b1041827d7adb8895c6cf) feat: upgrade CoreDNS during `upgrade-k8s` call
+* [`d92c98e1`](https://github.com/talos-systems/talos/commit/d92c98e19a054472bff3e0d646756f16c5e65bbf) docs: fix discovery service documentation link
+* [`e44b11c5`](https://github.com/talos-systems/talos/commit/e44b11c595e4cab796128a932843b90734ff6d1d) feat: update containerd to 1.5.7, bump Go dependencies
+* [`24129307`](https://github.com/talos-systems/talos/commit/24129307a14d6e59c6bc0d3586c0c95969bde679) docs: make Talos 0.13 docs latest, update documentation
+* [`31b6e39e`](https://github.com/talos-systems/talos/commit/31b6e39e58a27e1f2c1be500fca8636971bfa5c6) fix: delete expired affiliates from the discovery service
+* [`877a2b6f`](https://github.com/talos-systems/talos/commit/877a2b6fc00eaa7574349f9086d78c04df163840) test: bump CAPI components to v1alpha4
+* [`2ba0e0ac`](https://github.com/talos-systems/talos/commit/2ba0e0ac4ad460409101f5f2374e66698adbba4c) docs: add KubeSpan documentation
+* [`997873b6`](https://github.com/talos-systems/talos/commit/997873b6d3116b59ebb46df66b8aa1cee06df92f) fix: use ECDSA-SHA512 when generating certs for Talos < 0.13
+* [`7137166d`](https://github.com/talos-systems/talos/commit/7137166d1d5817e2d44ead4a01796275f92a9d4a) fix: allow overriding `audit-policy-file` in `kube-apiserver` static pod
+* [`8fcd4219`](https://github.com/talos-systems/talos/commit/8fcd4219671a9359880ba344a2ec7fd65dfe5e2a) chore: fix integration-qemu-race
+* [`91a858b5`](https://github.com/talos-systems/talos/commit/91a858b53704ede86392fe3c155ce9ab3c2d406f) fix: sort output of the argument builder
+* [`657f7a56`](https://github.com/talos-systems/talos/commit/657f7a56b10089e0dc551e178bc85b28d8003243) fix: use ECDSA-SHA256 signature algorithm for Kubernetes certs
+* [`983d2459`](https://github.com/talos-systems/talos/commit/983d2459e2aa036774828f773bbaba5697665ae7) feat: suppress logging NTP sync to the console
+* [`022c7335`](https://github.com/talos-systems/talos/commit/022c7335f3063675ab744454a2ad4b2c0c19bfbc) fix: add interface route if DHCP4 router is not directly routeable
+* [`66a1579e`](https://github.com/talos-systems/talos/commit/66a1579ea7d2a9c4fdf15b762cd024c54b3e8ffb) fix: don't enable 'no new privs' on the system level
+* [`423861cf`](https://github.com/talos-systems/talos/commit/423861cf9f99eaf034a4f0cb243d73d1275c3f38) feat: don't drop capabilities if kexec is disabled
+* [`facc8c38`](https://github.com/talos-systems/talos/commit/facc8c38a021610da900a45f397aea8ddfc74f1c) docs: fix documentation for cluster discovery
+* [`ce65ca4e`](https://github.com/talos-systems/talos/commit/ce65ca4e4a2994f901f01ce5ca269d6df86f0de8) chore: build using only amd64 builders
+* [`e9b0f010`](https://github.com/talos-systems/talos/commit/e9b0f010d2855b968a5d8b8b5fbcd268e06ba302) chore: update docker image in the pipeline
+</p>
+</details>
+
+### Changes from talos-systems/discovery-api
+<details><summary>2 commits</summary>
+<p>
+
+* [`db279ef`](https://github.com/talos-systems/discovery-api/commit/db279ef42a1fad2e1feb4902150b4969f7082c81) feat: initial set of APIs and generated files
+* [`ac52a37`](https://github.com/talos-systems/discovery-api/commit/ac52a378211475ebd281dcbb00954eec42459778) chore: initial commit
+</p>
+</details>
+
+### Changes from talos-systems/discovery-client
+<details><summary>2 commits</summary>
+<p>
+
+* [`a9a5e9b`](https://github.com/talos-systems/discovery-client/commit/a9a5e9bfddaa670e0fb4f57510167d377cf09b07) feat: initial client code
+* [`98eb999`](https://github.com/talos-systems/discovery-client/commit/98eb9999c0c76d2f93378108b7e22de6bcae6e81) chore: initial commit
+</p>
+</details>
+
+### Changes from talos-systems/extras
+<details><summary>1 commit</summary>
+<p>
+
+* [`d6e8b3a`](https://github.com/talos-systems/extras/commit/d6e8b3a78e9a3371472753286c559627932466c3) chore: update pkgs and tools
+</p>
+</details>
+
+### Changes from talos-systems/pkgs
+<details><summary>8 commits</summary>
+<p>
+
+* [`80a63d4`](https://github.com/talos-systems/pkgs/commit/80a63d4cf2231383266f244f608a958b94872a99) feat: update Linux to 5.10.75
+* [`5c98efd`](https://github.com/talos-systems/pkgs/commit/5c98efd95d2e2e036d845c63b6268583d853d3fd) feat: add QLogic QED 25/40/100Gb Ethernet NIC driver
+* [`bfb2365`](https://github.com/talos-systems/pkgs/commit/bfb2365b04aa7f92ef87799c47ffde6bc2395785) feat: enable driver for SuperMicro raid controller
+* [`657e16b`](https://github.com/talos-systems/pkgs/commit/657e16b3976ba376401797277e85dd67c9b7e64e) feat: enable Intel VMD driver
+* [`f7d9d72`](https://github.com/talos-systems/pkgs/commit/f7d9d728d468b9e3af2552595c9fb145f9008ef3) feat: enable smarpqi driver and related options
+* [`bca3be0`](https://github.com/talos-systems/pkgs/commit/bca3be04e22367585a60afa421e78707d2c6a1de) feat: enable aqtion device driver
+* [`b88127a`](https://github.com/talos-systems/pkgs/commit/b88127afec39d3039e93dfd6bc20a62415d396f0) chore: update tools
+* [`971735f`](https://github.com/talos-systems/pkgs/commit/971735f4b1914cb1c8f2575aeda9b354ecf842f6) feat: update containerd to 1.5.7
+</p>
+</details>
+
+### Changes from talos-systems/tools
+<details><summary>1 commit</summary>
+<p>
+
+* [`fab7532`](https://github.com/talos-systems/tools/commit/fab7532fd59519d62a3985684a250273a14f1893) feat: update Go to 1.17.2
+</p>
+</details>
+
+### Dependency Changes
+
+* **github.com/AlekSi/pointer**                      v1.1.0 -> v1.2.0
+* **github.com/containerd/cgroups**                  v1.0.1 -> v1.0.2
+* **github.com/containerd/containerd**               v1.5.5 -> v1.5.7
+* **github.com/docker/docker**                       v20.10.8 -> v20.10.9
+* **github.com/hashicorp/go-getter**                 v1.5.8 -> v1.5.9
+* **github.com/insomniacslk/dhcp**                   b95caade3eac -> 509557e9f781
+* **github.com/jsimonetti/rtnetlink**                435639c8e6a8 -> e34540a94caa
+* **github.com/jxskiss/base62**                      4f11678b909b -> v1.0.0
+* **github.com/rivo/tview**                          ee97a7ab3975 -> 5508f4b00266
+* **github.com/talos-systems/discovery-api**         v0.1.0 **_new_**
+* **github.com/talos-systems/discovery-client**      v0.1.0 **_new_**
+* **github.com/talos-systems/extras**                v0.6.0 -> v0.7.0-alpha.0
+* **github.com/talos-systems/pkgs**                  v0.8.0 -> v0.9.0-alpha.0-7-g80a63d4
+* **github.com/talos-systems/talos/pkg/machinery**   v0.13.0 -> 000000000000
+* **github.com/talos-systems/tools**                 v0.8.0 -> v0.9.0-alpha.0
+* **github.com/vmware-tanzu/sonobuoy**               v0.53.2 -> v0.54.0
+* **github.com/vmware/govmomi**                      v0.26.1 -> v0.27.1
+* **github.com/vmware/vmw-guestinfo**                687661b8bd8e -> cc1fd90d572c
+* **go.etcd.io/etcd/api/v3**                         v3.5.0 -> v3.5.1
+* **go.etcd.io/etcd/client/pkg/v3**                  v3.5.0 -> v3.5.1
+* **go.etcd.io/etcd/client/v3**                      v3.5.0 -> v3.5.1
+* **go.etcd.io/etcd/etcdutl/v3**                     v3.5.0 -> v3.5.1
+* **golang.org/x/net**                               3ad01bbaa167 -> d418f374d309
+* **golang.org/x/sys**                               39ccf1dd6fa6 -> d6a326fbbf70
+* **golang.org/x/term**                              140adaaadfaf -> 03fcf44c2211
+* **golang.zx2c4.com/wireguard/wgctrl**              0a2f4901cba6 -> 5be1d6054c42
+* **k8s.io/api**                                     v0.22.2 -> v0.23.0-alpha.3
+* **k8s.io/apimachinery**                            v0.22.2 -> v0.23.0-alpha.3
+* **k8s.io/client-go**                               v0.22.2 -> v0.23.0-alpha.3
+* **k8s.io/cri-api**                                 v0.22.2 -> v0.23.0-alpha.3
+* **k8s.io/kubectl**                                 v0.22.2 -> v0.23.0-alpha.3
+* **k8s.io/kubelet**                                 v0.22.2 -> v0.23.0-alpha.3
+* **kernel.org/pub/linux/libs/security/libcap/cap**  v1.2.59 -> v1.2.60
+* **sigs.k8s.io/yaml**                               v1.3.0 **_new_**
+
+Previous release can be found at [v0.13.0](https://github.com/talos-systems/talos/releases/tag/v0.13.0)
+
 ## [Talos 0.13.0-alpha.3](https://github.com/talos-systems/talos/releases/tag/v0.13.0-alpha.3) (2021-09-29)
 
 Welcome to the v0.13.0-alpha.3 release of Talos!  

hack/release.toml

@@ -30,6 +30,45 @@ Cluster Discovery is enabled by default for Talos 0.14.
 Cluster Discovery can be disabled with `talosctl gen config --with-cluster-discovery=false`.
 """
 
+    [notes.logs]
+        title = "Log Shipping"
+        description="""\
+Talos can now ship system logs to the configured destination using either JSON-over-UDP or JSON-over-TCP:
+see `.machine.logging` machine configuration option.
+"""
+
+    [notes.updates]
+        title = "Component Updates"
+        description="""\
+* Linux: 5.10.75
+* etcd: 3.5.1
+* containerd: 1.5.7
+* Kubernetes: 1.23.0-alpha.0
+* CoreDNS: 1.8.6
+
+Talos is built with Go 1.17.2
+"""
+
+    [notes.caps]
+        title = "Kexec and capabilities"
+        description = """\
+When kexec support is disabled
+Talos no longer drops Linux capabilities (`CAP_SYS_BOOT` and `CAP_SYS_MODULES`) for child processes.
+That is helpful for advanced use-cases like Docker-in-Docker.
+
+If you want to permanently disable kexec and capabilities dropping, pass `kexec_load_disabled=1` argument to the kernel.
+
+For example:
+
+```yaml
+install:
+  extraKernelArgs:
+    - kexec_load_disabled=1
+```
+
+Please note that capabilities are dropped before machine configuration is loaded,
+so disabling kexec via `machine.sysctls` will not be enough.
+"""
 
 [make_deps]
 

website/content/docs/v0.14/Reference/cli.md

@@ -93,7 +93,7 @@ talosctl cluster create [flags]
       --bad-rtc                                 launch VM with bad RTC state (QEMU only)
       --cidr string                             CIDR of the cluster network (IPv4, ULA network for IPv6 is derived in automated way) (default "10.5.0.0/24")
       --cni-bin-path strings                    search path for CNI binaries (VM only) (default [/home/user/.talos/cni/bin])
-      --cni-bundle-url string                   URL to download CNI bundle from (VM only) (default "https://github.com/talos-systems/talos/releases/download/v0.13.0-alpha.3/talosctl-cni-bundle-${ARCH}.tar.gz")
+      --cni-bundle-url string                   URL to download CNI bundle from (VM only) (default "https://github.com/talos-systems/talos/releases/download/v0.14.0-alpha.0/talosctl-cni-bundle-${ARCH}.tar.gz")
       --cni-cache-dir string                    CNI cache directory path (VM only) (default "/home/user/.talos/cni/cache")
       --cni-conf-dir string                     CNI config directory path (VM only) (default "/home/user/.talos/cni/conf.d")
       --config-patch string                     patch generated machineconfigs (applied to all node types)