From 11056a80349e4c8df10a9ea98b6e3d53f96b971c Mon Sep 17 00:00:00 2001 From: Andrey Smirnov Date: Wed, 10 Mar 2021 17:15:08 +0300 Subject: [PATCH] docs: add highlights for 0.9 release This describes high-level new features in Talos 0.9. Signed-off-by: Andrey Smirnov --- .../docs/v0.9/Introduction/what-is-new.md | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 website/content/docs/v0.9/Introduction/what-is-new.md diff --git a/website/content/docs/v0.9/Introduction/what-is-new.md b/website/content/docs/v0.9/Introduction/what-is-new.md new file mode 100644 index 0000000000..49b12cfe37 --- /dev/null +++ b/website/content/docs/v0.9/Introduction/what-is-new.md @@ -0,0 +1,51 @@ +--- +title: What's New in Talos 0.9 +weight: 5 +--- + +## Control Plane as Static Pods + +Talos now runs Kubernetes control plane as static pods managed via machine configuration. +This change makes bootstrap process much more stable and resilient to failures. +For single control plane node clusters it eliminates bugs with control plane being unavailable after a reboot. +As control plane configuration is managed via Talos API, even if control plane configuration was wrong and +API server is not available, change can be rolled back using `talosctl` to bring the control plane back up. +When upgrading from Talos 0.8, control plane can be [converted](../Guides/converting-control-plane/) to run as static pods. + +## ECDSA Certificates and Keys for Kubernetes + +Talos now generates uses ECDSA keys for Kubernetes and etcd PKI. +ECDSA keys are much smaller and all PKI operations are much faster (for example, generating certificate from the CA) which +leads to much faster bootstrap and boot times. + +## Immediate Machine Configuration Updates + +Changes to `.cluster` part of Talos machine configuration can now be applied immediately (without a reboot). +This allows for example updating versions of control plane components, adding additional arguments or modifying bootstrap manifests. +Future versions of Talos will expand on that to allow most of the machine configuration to be applied without a reboot. + +## Disk Encryption + +Talos now supports encryption for `STATE` and `EPHEMERAL` partitions of the system disk. +`STATE` partition holds machine configuration and `EPHEMERAL` partition is mounted as `/var` which stores container runtime +state, configuration files laid on top of Talos read-only immutable root filesystem. +Encryption key in Talos 0.9 is derived from the Node UUID which is unique machine identifier provided by the manufacturer. +Disk encryption is not enabled by default, it needs to be [enabled](../Guides/disk-encryption/) via machine configuration. + +## Virtual IP for the Control Plane Endpoint + +Talos adds support for Virtual L2 shared IP for the control plane: control plane nodes make sure only one of the nodes +adverties shared IP via ARP. +If one of the control plane nodes goes down, another node takes over shared IP. + +## Updated Components + +Linux: 5.10.1 -> 5.10.19 + +Kubernetes: 1.20.1 -> 1.20.4 + +CoreDNS: 1.7.0 -> 1.8.0 + +etcd: 3.4.14 -> 3.4.15 + +containerd: 1.4.3 -> 1.4.4