From 4396f09c8c82ca15b7c09dde8ff1c69a1fe32b08 Mon Sep 17 00:00:00 2001 From: Mateusz Urbanek Date: Mon, 24 Nov 2025 13:33:42 +0100 Subject: [PATCH] docs: add API Server Cipher Suites changelog Add a changelog entry for the API Server Cipher Suites. Signed-off-by: Mateusz Urbanek (cherry picked from commit 9945ceef37b13bc6e93637dcf395a8c9019e60ed) --- hack/release.toml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hack/release.toml b/hack/release.toml index e5a1fa01e..d78a9fa48 100644 --- a/hack/release.toml +++ b/hack/release.toml @@ -194,6 +194,15 @@ To avoid further issues, Talos will now only create the UEFI boot entry if it do description = """\ The network configuration under `.machine.network` (with the exception of KubeSpan) has been deprecated, but it is still supported for backwards compatibility. New configuration documents were created to replace it, they will be documented in the future. +""" + + [notes.apiserver-cipher-suites] + title = "API Server Cipher Suites" + description = """\ +The Kubernetes API server in Talos has been updated to use a more secure set of TLS cipher suites by default. +This is in line with a set of best practices documented in CIS 1.12 benchmark. + +You can still expand the list of supported cipher suites via the `cluster.apiServer.extraArgs."tls-cipher-suites"` machine configuration field if needed. """ [make_deps]