mirrors/talos
1
0
Fork 0
mirror of https://github.com/siderolabs/talos.git synced 2025-12-16 06:51:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

docs: update docs for release 1.1

Browse Source 
Update documentation, support matrix, current release, what's new, etc.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This commit is contained in:
Andrey Smirnov 2022-06-22 18:19:19 +04:00
parent b816d0b600
commit cfb640222b
No known key found for this signature in database
GPG Key ID: 7B26396447AB6DFD
10 changed files with 175 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
website/config.toml
View File

@ -108,7 +108,7 @@ version_menu = "Releases"
# A link to latest version of the docs. Used in the "version-banner" partial to # A link to latest version of the docs. Used in the "version-banner" partial to
# point people to the main doc site. # point people to the main doc site.
url_latest_version = "/v1.0" url_latest_version = "/v1.1"
# Repository configuration (URLs for in-page links to opening issues and suggesting changes) # Repository configuration (URLs for in-page links to opening issues and suggesting changes)
# github_repo = "https://github.com/googley-example" # github_repo = "https://github.com/googley-example"
@ -141,11 +141,11 @@ version = "v1.2 (pre-release)"
[[params.versions]] [[params.versions]]
url = "/v1.1/" url = "/v1.1/"
version = "v1.1 (pre-release)" version = "v1.1 (latest)"
[[params.versions]] [[params.versions]]
url = "/v1.0/" url = "/v1.0/"
version = "v1.0 (latest)" version = "v1.0"
[[params.versions]] [[params.versions]]
url = "/v0.14/" url = "/v0.14/"

1
website/content/v1.0/_index.md
View File

@ -8,7 +8,6 @@ preRelease: false
lastRelease: v1.0.6 lastRelease: v1.0.6
kubernetesRelease: "1.23.5" kubernetesRelease: "1.23.5"
prevKubernetesRelease: "1.23.1" prevKubernetesRelease: "1.23.1"
menu: main
--- ---
## Welcome ## Welcome

2
website/content/v1.0/introduction/support-matrix.md
View File

@ -7,7 +7,7 @@ description: "Table of supported Talos Linux versions and respective platforms."
| Talos Version | 1.0 | 0.14 | | Talos Version | 1.0 | 0.14 |
|----------------------------------------------------------------------------------------------------------------|------------------------------------|------------------------------------| |----------------------------------------------------------------------------------------------------------------|------------------------------------|------------------------------------|
| Release Date | 2022-03-29 | 2021-12-21 (0.14.0) | | Release Date | 2022-03-29 | 2021-12-21 (0.14.0) |
| End of Community Support | 1.1.0 release (2022-06-01, TBD) | 1.0.0 release (2022-03-27, TBD) | | End of Community Support | 1.1.0 release (2022-06-22) | 1.0.0 release (2022-03-29) |
| Enterprise Support | [offered by Sidero Labs Inc.](https://www.siderolabs.com/support/) | [offered by Sidero Labs Inc.](https://www.siderolabs.com/support/) | | Enterprise Support | [offered by Sidero Labs Inc.](https://www.siderolabs.com/support/) | [offered by Sidero Labs Inc.](https://www.siderolabs.com/support/) |
| Kubernetes | 1.23, 1.22, 1.21 | 1.23, 1.22, 1.21 | | Kubernetes | 1.23, 1.22, 1.21 | 1.23, 1.22, 1.21 |
| Architecture | amd64, arm64 | amd64, arm64 | | Architecture | amd64, arm64 | amd64, arm64 |

7
website/content/v1.1/_index.md
View File

@ -4,11 +4,12 @@ no_list: true
linkTitle: "Documentation" linkTitle: "Documentation"
cascade: cascade:
type: docs type: docs
preRelease: true preRelease: false
lastRelease: v1.1.0-beta.2 lastRelease: v1.1.0
kubernetesRelease: "1.24.1" kubernetesRelease: "1.24.2"
prevKubernetesRelease: "1.23.5" prevKubernetesRelease: "1.23.5"
iscsiToolsRelease: "v0.1.1" iscsiToolsRelease: "v0.1.1"
menu: main
--- ---
## Welcome ## Welcome

20
website/content/v1.1/introduction/support-matrix.md
View File

@ -6,29 +6,29 @@ description: "Table of supported Talos Linux versions and respective platforms."
| Talos Version | 1.1 | 1.0 | | Talos Version | 1.1 | 1.0 |
|----------------------------------------------------------------------------------------------------------------|------------------------------------|------------------------------------| |----------------------------------------------------------------------------------------------------------------|------------------------------------|------------------------------------|
| Release Date | 2022-06-24, TBD | 2022-03-29 (1.0.0) | | Release Date | 2022-06-22 | 2022-03-29 (1.0.0) |
| End of Community Support | 1.2.0 release (2022-09-01, TBD) | 1.1.0 release (2022-06-24, TBD) | | End of Community Support | 1.2.0 release (2022-09-01, TBD) | 1.1.0 release (2022-06-22) |
| Enterprise Support | [offered by Sidero Labs Inc.](https://www.siderolabs.com/support/) | [offered by Sidero Labs Inc.](https://www.siderolabs.com/support/) | | Enterprise Support | [offered by Sidero Labs Inc.](https://www.siderolabs.com/support/) | [offered by Sidero Labs Inc.](https://www.siderolabs.com/support/) |
| Kubernetes | 1.24, 1.23, 1.22 | 1.23, 1.22, 1.21 | | Kubernetes | 1.24, 1.23, 1.22 | 1.23, 1.22, 1.21 |
| Architecture | amd64, arm64 | amd64, arm64 | | Architecture | amd64, arm64 | amd64, arm64 |
| **Platforms** | | | | **Platforms** | | |
| - cloud | AWS, GCP, Azure, Digital Ocean, Hetzner, OpenStack, Oracle Cloud, Scaleway, Vultr, Upcloud | AWS, GCP, Azure, Digital Ocean, Hetzner, OpenStack, Scaleway, Vultr, Upcloud | | - cloud | AWS, GCP, Azure, Digital Ocean, Hetzner, OpenStack, Oracle Cloud, Scaleway, Vultr, Upcloud | AWS, GCP, Azure, Digital Ocean, Hetzner, OpenStack, Oracle Cloud, Scaleway, Vultr, Upcloud |
| - bare metal | x86: BIOS, UEFI; arm64: UEFI; boot: ISO, PXE, disk image | x86: BIOS, UEFI; arm64: UEFI; boot: ISO, PXE, disk image | | - bare metal | x86: BIOS, UEFI; arm64: UEFI; boot: ISO, PXE, disk image | x86: BIOS, UEFI; arm64: UEFI; boot: ISO, PXE, disk image |
| - virtualized | VMware, Hyper-V, KVM, Proxmox, Xen | VMware, Hyper-V, KVM, Proxmox, Xen | | - virtualized | VMware, Hyper-V, KVM, Proxmox, Xen | VMware, Hyper-V, KVM, Proxmox, Xen |
| - SBCs | Banana Pi M64, Jetson Nano, Libre Computer Board ALL-H3-CC, Pine64, Pine64 Rock64, Radxa ROCK Pi 4c, Raspberry Pi 4B | Raspberry Pi4, Banana Pi M64, Pine64, and other | | - SBCs | Banana Pi M64, Jetson Nano, Libre Computer Board ALL-H3-CC, Pine64, Pine64 Rock64, Radxa ROCK Pi 4c, Raspberry Pi 4B | Banana Pi M64, Jetson Nano, Libre Computer Board ALL-H3-CC, Pine64, Pine64 Rock64, Radxa ROCK Pi 4c, Raspberry Pi 4B |
| - local | Docker, QEMU | Docker, QEMU | | - local | Docker, QEMU | Docker, QEMU |
| **Cluster API** | | | | **Cluster API** | | |
| [CAPI Bootstrap Provider Talos](https://github.com/siderolabs/cluster-api-bootstrap-provider-talos) | >= 0.5.3 | >= 0.5.3 | | [CAPI Bootstrap Provider Talos](https://github.com/siderolabs/cluster-api-bootstrap-provider-talos) | >= 0.5.4 | >= 0.5.3 |
| [CAPI Control Plane Provider Talos](https://github.com/siderolabs/cluster-api-control-plane-provider-talos) | >= 0.4.5 | >= 0.4.5 | | [CAPI Control Plane Provider Talos](https://github.com/siderolabs/cluster-api-control-plane-provider-talos) | >= 0.4.6 | >= 0.4.5 |
| [Sidero](https://www.sidero.dev/) | >= 0.5.0 | >= 0.5.0 | | [Sidero](https://www.sidero.dev/) | >= 0.5.1 | >= 0.5.0 |
| **UI** | | | | **UI** | | |
| [Theila](https://github.com/siderolabs/theila) | ✓ | ✓ | | [Theila](https://github.com/siderolabs/theila) | ✓ | ✓ |
## Platform Tiers ## Platform Tiers
Tier 1: Automated tests, high-priority fixes. * Tier 1: Automated tests, high-priority fixes.
Tier 2: Tested from time to time, medium-priority bugfixes. * Tier 2: Tested from time to time, medium-priority bugfixes.
Tier 3: Not tested by core Talos team, community tested. * Tier 3: Not tested by core Talos team, community tested.
### Tier 1 ### Tier 1

94
website/content/v1.1/introduction/what-is-new.md
View File

@ -4,4 +4,96 @@ weight: 50
description: "List of new and shiny features in Talos Linux." description: "List of new and shiny features in Talos Linux."
--- ---
TBD ## Kubernetes
### Pod Security Admission
[Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) controller is enabled by default with the following policy:
```yaml
apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
- configuration:
apiVersion: pod-security.admission.config.k8s.io/v1alpha1
defaults:
audit: restricted
audit-version: latest
enforce: baseline
enforce-version: latest
warn: restricted
warn-version: latest
exemptions:
namespaces:
- kube-system
runtimeClasses: []
usernames: []
kind: PodSecurityConfiguration
name: PodSecurity
path: ""
```
The policy is part of the Talos machine configuration, and it can be modified to suite your needs.
### Kubernetes API Server Anonymous Auth
Anonymous authentication is now disabled by default for the `kube-apiserver` (CIS compliance).
To enable anonymous authentication, update the machine config with:
```yaml
cluster:
apiServer:
extraArgs:
anonymous-auth: true
```
## Machine Configuration
### Apply Config `--dry-run`
The commands `talosctl apply-config`, `talosctl patch mc` and `talosctl edit mc` now support `--dry-run` flag.
If enabled it just prints out the selected config application mode and the configuration diff.
### Apply Config `--mode=try`
The commands `talosctl apply-config`, `talosctl patch mc` and `talosctl edit mc` now support the new mode called `try`.
In this mode the config change is applied for a period of time and then reverted back to the state it was before the change.
`--timeout` parameter can be used to customize the config rollback timeout.
This new mode can be used only with the parts of the config that can be changed without a reboot and can help to check that
the new configuration doesn't break the node.
Can be especially useful to check network interfaces changes that may lead to the loss of connectivity to the node.
## Networking
### Network Device Selector
Talos machine configuration supports specifying network interfaces by selectors instead of interface name.
See [documentation]({{< relref "../talos-guides/network/device-selector" >}}) for more details.
## SBCs
### RockPi 4 variants A and B
Talos now supports RockPi variants A and B in addition to RockPi 4C
### Raspberry Pi PoE Hat Fan
Talos now enables the Raspberry Pi PoE fan control by pulling in the poe overlay that works with upstream kernel
## Miscellaneous
### IPv6 in Docker-based Talos Clusters
The command `talosctl cluster create` now enables IPv6 by default for the Docker containers
created for Talos nodes.
This allows to use IPv6 addresses in Kubernetes networking.
If `talosctl cluster create` fails to work on Linux due to the lack of IPv6 support,
please use the flag `--disable-docker-ipv6` to revert the change.
### `eudev` Default Rules
Drops some default eudev rules that doesn't make sense in the context of Talos OS.
Especially the ones around sound devices, cd-roms and renaming the network interfaces to be predictable.

41
website/content/v1.1/kubernetes-guides/configuration/pod-security.md
View File

@ -14,27 +14,22 @@ In this guide we are going to enable and configure Pod Security Admission in Tal
## Configuration ## Configuration
Prepare the following machine configuration patch and store it in the `pod-security-patch.yaml`: Talos provides default Pod Security Admission in the machine configuration:
```yaml ```yaml
- op: add apiVersion: pod-security.admission.config.k8s.io/v1alpha1
path: /cluster/apiServer/admissionControl kind: PodSecurityConfiguration
value: defaults:
- name: PodSecurity enforce: "baseline"
configuration: enforce-version: "latest"
apiVersion: pod-security.admission.config.k8s.io/v1alpha1 audit: "restricted"
kind: PodSecurityConfiguration audit-version: "latest"
defaults: warn: "restricted"
enforce: "baseline" warn-version: "latest"
enforce-version: "latest" exemptions:
audit: "restricted" usernames: []
audit-version: "latest" runtimeClasses: []
warn: "restricted" namespaces: [kube-system]
warn-version: "latest"
exemptions:
usernames: []
runtimeClasses: []
namespaces: [kube-system]
``` ```
This is a cluster-wide configuration for the Pod Security Admission plugin: This is a cluster-wide configuration for the Pod Security Admission plugin:
@ -42,13 +37,7 @@ This is a cluster-wide configuration for the Pod Security Admission plugin:
* by default `baseline` [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/) profile is enforced * by default `baseline` [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/) profile is enforced
* more strict `restricted` profile is not enforced, but API server warns about found issues * more strict `restricted` profile is not enforced, but API server warns about found issues
Generate Talos machine configuration applying the patch above: This default policy can be modified by updating the generated machine configuration before the cluster is created or on the fly by using the `talosctl` CLI utility.
```shell
talosctl gen config cluster1 https://<IP>:6443/ --config-patch-control-plane @../pod-security-patch.yaml
```
Deploy Talos using the generated machine configuration.
Verify current admission plugin configuration with: Verify current admission plugin configuration with:

24
website/content/v1.1/talos-guides/upgrading-talos.md
View File

@ -79,7 +79,29 @@ future.
## Machine Configuration Changes ## Machine Configuration Changes
TBD Talos 1.1.0 provides a default configuration for [Pod Security Admission]({{< relref "../kubernetes-guides/configuration/pod-security" >}}):
```yaml
cluster:
apiServer:
admissionControl:
- name: PodSecurity
configuration:
apiVersion: pod-security.admission.config.k8s.io/v1alpha1
defaults:
audit: restricted
audit-version: latest
enforce: baseline
enforce-version: latest
warn: restricted
warn-version: latest
exemptions:
namespaces:
- kube-system
runtimeClasses: []
usernames: []
kind: PodSecurityConfiguration
```
## Upgrade Sequence ## Upgrade Sequence

22
website/content/v1.2/introduction/support-matrix.md
View File

@ -6,29 +6,29 @@ description: "Table of supported Talos Linux versions and respective platforms."
| Talos Version | 1.2 | 1.1 | | Talos Version | 1.2 | 1.1 |
|----------------------------------------------------------------------------------------------------------------|------------------------------------|------------------------------------| |----------------------------------------------------------------------------------------------------------------|------------------------------------|------------------------------------|
| Release Date | 2022-09-01, TBD | 2022-06-24 (1.1.0) | | Release Date | 2022-09-01, TBD | 2022-06-22 (1.1.0) |
| End of Community Support | 1.3.0 release (2022-12-01, TBD) | 1.2.0 release (2022-06-24, TBD) | | End of Community Support | 1.3.0 release (2022-12-01, TBD) | 1.2.0 release (2022-09-01, TBD) |
| Enterprise Support | [offered by Sidero Labs Inc.](https://www.siderolabs.com/support/) | [offered by Sidero Labs Inc.](https://www.siderolabs.com/support/) | | Enterprise Support | [offered by Sidero Labs Inc.](https://www.siderolabs.com/support/) | [offered by Sidero Labs Inc.](https://www.siderolabs.com/support/) |
| Kubernetes | 1.24, 1.23, 1.22 | | Kubernetes | 1.25, 1.24, 1.23 | 1.24, 1.23, 1.22 |
| Architecture | amd64, arm64 | amd64, arm64 | | Architecture | amd64, arm64 | amd64, arm64 |
| **Platforms** | | | | **Platforms** | | |
| - cloud | AWS, GCP, Azure, Digital Ocean, Hetzner, OpenStack, Oracle Cloud, Scaleway, Vultr, Upcloud | AWS, GCP, Azure, Digital Ocean, Hetzner, OpenStack, Scaleway, Vultr, Upcloud | | - cloud | AWS, GCP, Azure, Digital Ocean, Hetzner, OpenStack, Oracle Cloud, Scaleway, Vultr, Upcloud | AWS, GCP, Azure, Digital Ocean, Hetzner, OpenStack, Oracle Cloud, Scaleway, Vultr, Upcloud |
| - bare metal | x86: BIOS, UEFI; arm64: UEFI; boot: ISO, PXE, disk image | x86: BIOS, UEFI; arm64: UEFI; boot: ISO, PXE, disk image | | - bare metal | x86: BIOS, UEFI; arm64: UEFI; boot: ISO, PXE, disk image | x86: BIOS, UEFI; arm64: UEFI; boot: ISO, PXE, disk image |
| - virtualized | VMware, Hyper-V, KVM, Proxmox, Xen | VMware, Hyper-V, KVM, Proxmox, Xen | | - virtualized | VMware, Hyper-V, KVM, Proxmox, Xen | VMware, Hyper-V, KVM, Proxmox, Xen |
| - SBCs | Banana Pi M64, Jetson Nano, Libre Computer Board ALL-H3-CC, Pine64, Pine64 Rock64, Radxa ROCK Pi 4c, Raspberry Pi 4B | Raspberry Pi4, Banana Pi M64, Pine64, and other | | - SBCs | Banana Pi M64, Jetson Nano, Libre Computer Board ALL-H3-CC, Pine64, Pine64 Rock64, Radxa ROCK Pi 4c, Raspberry Pi 4B | Banana Pi M64, Jetson Nano, Libre Computer Board ALL-H3-CC, Pine64, Pine64 Rock64, Radxa ROCK Pi 4c, Raspberry Pi 4B |
| - local | Docker, QEMU | Docker, QEMU | | - local | Docker, QEMU | Docker, QEMU |
| **Cluster API** | | | | **Cluster API** | | |
| [CAPI Bootstrap Provider Talos](https://github.com/siderolabs/cluster-api-bootstrap-provider-talos) | >= 0.5.3 | >= 0.5.3 | | [CAPI Bootstrap Provider Talos](https://github.com/siderolabs/cluster-api-bootstrap-provider-talos) | >= 0.5.4 | >= 0.5.3 |
| [CAPI Control Plane Provider Talos](https://github.com/siderolabs/cluster-api-control-plane-provider-talos) | >= 0.4.5 | >= 0.4.5 | | [CAPI Control Plane Provider Talos](https://github.com/siderolabs/cluster-api-control-plane-provider-talos) | >= 0.4.6 | >= 0.4.6 |
| [Sidero](https://www.sidero.dev/) | >= 0.5.0 | >= 0.5.0 | | [Sidero](https://www.sidero.dev/) | >= 0.5.1 | >= 0.5.1 |
| **UI** | | | | **UI** | | |
| [Theila](https://github.com/siderolabs/theila) | ✓ | ✓ | | [Theila](https://github.com/siderolabs/theila) | ✓ | ✓ |
## Platform Tiers ## Platform Tiers
Tier 1: Automated tests, high-priority fixes. * Tier 1: Automated tests, high-priority fixes.
Tier 2: Tested from time to time, medium-priority bugfixes. * Tier 2: Tested from time to time, medium-priority bugfixes.
Tier 3: Not tested by core Talos team, community tested. * Tier 3: Not tested by core Talos team, community tested.
### Tier 1 ### Tier 1

41
website/content/v1.2/kubernetes-guides/configuration/pod-security.md
View File

@ -14,27 +14,22 @@ In this guide we are going to enable and configure Pod Security Admission in Tal
## Configuration ## Configuration
Prepare the following machine configuration patch and store it in the `pod-security-patch.yaml`: Talos provides default Pod Security Admission in the machine configuration:
```yaml ```yaml
- op: add apiVersion: pod-security.admission.config.k8s.io/v1alpha1
path: /cluster/apiServer/admissionControl kind: PodSecurityConfiguration
value: defaults:
- name: PodSecurity enforce: "baseline"
configuration: enforce-version: "latest"
apiVersion: pod-security.admission.config.k8s.io/v1alpha1 audit: "restricted"
kind: PodSecurityConfiguration audit-version: "latest"
defaults: warn: "restricted"
enforce: "baseline" warn-version: "latest"
enforce-version: "latest" exemptions:
audit: "restricted" usernames: []
audit-version: "latest" runtimeClasses: []
warn: "restricted" namespaces: [kube-system]
warn-version: "latest"
exemptions:
usernames: []
runtimeClasses: []
namespaces: [kube-system]
``` ```
This is a cluster-wide configuration for the Pod Security Admission plugin: This is a cluster-wide configuration for the Pod Security Admission plugin:
@ -42,13 +37,7 @@ This is a cluster-wide configuration for the Pod Security Admission plugin:
* by default `baseline` [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/) profile is enforced * by default `baseline` [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/) profile is enforced
* more strict `restricted` profile is not enforced, but API server warns about found issues * more strict `restricted` profile is not enforced, but API server warns about found issues
Generate Talos machine configuration applying the patch above: This default policy can be modified by updating the generated machine configuration before the cluster is created or on the fly by using the `talosctl` CLI utility.
```shell
talosctl gen config cluster1 https://<IP>:6443/ --config-patch-control-plane @../pod-security-patch.yaml
```
Deploy Talos using the generated machine configuration.
Verify current admission plugin configuration with: Verify current admission plugin configuration with: