-
Notifications
You must be signed in to change notification settings - Fork 564
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: add highlights for 0.9 release
This describes high-level new features in Talos 0.9. Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
- Loading branch information
Showing
1 changed file
with
51 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| --- | ||
| title: What's New in Talos 0.9 | ||
| weight: 5 | ||
| --- | ||
|
|
||
| ## Control Plane as Static Pods | ||
|
|
||
| Talos now runs Kubernetes control plane as static pods managed via machine configuration. | ||
| This change makes bootstrap process much more stable and resilient to failures. | ||
| For single control plane node clusters it eliminates bugs with control plane being unavailable after a reboot. | ||
| As control plane configuration is managed via Talos API, even if control plane configuration was wrong and | ||
| API server is not available, change can be rolled back using `talosctl` to bring the control plane back up. | ||
| When upgrading from Talos 0.8, control plane can be [converted](../Guides/converting-control-plane/) to run as static pods. | ||
|
|
||
| ## ECDSA Certificates and Keys for Kubernetes | ||
|
|
||
| Talos now generates uses ECDSA keys for Kubernetes and etcd PKI. | ||
| ECDSA keys are much smaller and all PKI operations are much faster (for example, generating certificate from the CA) which | ||
| leads to much faster bootstrap and boot times. | ||
|
|
||
| ## Immediate Machine Configuration Updates | ||
|
|
||
| Changes to `.cluster` part of Talos machine configuration can now be applied immediately (without a reboot). | ||
| This allows for example updating versions of control plane components, adding additional arguments or modifying bootstrap manifests. | ||
| Future versions of Talos will expand on that to allow most of the machine configuration to be applied without a reboot. | ||
|
|
||
| ## Disk Encryption | ||
|
|
||
| Talos now supports encryption for `STATE` and `EPHEMERAL` partitions of the system disk. | ||
| `STATE` partition holds machine configuration and `EPHEMERAL` partition is mounted as `/var` which stores container runtime | ||
| state, configuration files laid on top of Talos read-only immutable root filesystem. | ||
| Encryption key in Talos 0.9 is derived from the Node UUID which is unique machine identifier provided by the manufacturer. | ||
| Disk encryption is not enabled by default, it needs to be [enabled](../Guides/disk-encryption/) via machine configuration. | ||
|
|
||
| ## Virtual IP for the Control Plane Endpoint | ||
|
|
||
| Talos adds support for Virtual L2 shared IP for the control plane: control plane nodes make sure only one of the nodes | ||
| adverties shared IP via ARP. | ||
| If one of the control plane nodes goes down, another node takes over shared IP. | ||
|
|
||
| ## Updated Components | ||
|
|
||
| Linux: 5.10.1 -> 5.10.19 | ||
|
|
||
| Kubernetes: 1.20.1 -> 1.20.4 | ||
|
|
||
| CoreDNS: 1.7.0 -> 1.8.0 | ||
|
|
||
| etcd: 3.4.14 -> 3.4.15 | ||
|
|
||
| containerd: 1.4.3 -> 1.4.4 |