mirrors/talos
1
0
Fork 0
mirror of https://github.com/siderolabs/talos.git synced 2025-10-10 07:01:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

chore: bump kernel to 5.15.49

Browse Source 
Bump kernel to 5.15.49

Remove the `random.trust_cpu` kernel cmdline as it already enabled in
Kconfig

Ref:
 - https://github.com/siderolabs/pkgs/pull/520
 - https://github.com/siderolabs/pkgs/pull/522

Signed-off-by: Noel Georgi <git@frezbo.dev>
This commit is contained in:
Noel Georgi 2022-06-22 22:53:54 +05:30
parent cfb640222b
commit d4606c33ec
No known key found for this signature in database
GPG Key ID: B1F736354201D483
6 changed files with 5 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -14,7 +14,7 @@ NAME = Talos
ARTIFACTS := _out ARTIFACTS := _out
TOOLS ?= ghcr.io/siderolabs/tools:v1.2.0-alpha.0 TOOLS ?= ghcr.io/siderolabs/tools:v1.2.0-alpha.0
PKGS ?= v1.2.0-alpha.0-11-g6e1269e PKGS ?= v1.2.0-alpha.0-13-ged75c50
EXTRAS ?= v1.2.0-alpha.0 EXTRAS ?= v1.2.0-alpha.0
GO_VERSION ?= 1.18 GO_VERSION ?= 1.18
GOIMPORTS_VERSION ?= v0.1.10 GOIMPORTS_VERSION ?= v0.1.10

116
hack/release.toml
View File

@ -15,124 +15,10 @@ preface = """\
[notes] [notes]
[notes.sbc-rpi4]
title = "Raspberry Pi PoE hat fan"
description = """\
Talos now enables the Raspberry Pi PoE fan control by pulling in the poe overlay that works with upstream kernel
"""
[notes.updates] [notes.updates]
title = "Component Updates" title = "Component Updates"
description="""\ description="""\
* Linux: 5.15.48 * Linux: 5.15.49
* Containerd: v1.6.6
* Kubernetes: 1.24.2
* Flannel: 0.18.1
* runc: 1.1.3
* CoreDNS: v1.9.3
Talos is built with Go 1.18.3
"""
[notes.eudev]
title = "drop some default rules shipped by eudev"
description = """\
Drops some default eudev rules that doesn't make sense in the context of Talos OS.
Especially the ones around sound devices, cd-roms and renaming the network interfaces to be predictable
"""
[notes.sbc-rockpi4]
title = "Support RockPi 4 variants A and B"
description = """\
Talos now supports RockPi variants A and B in addition to RockPi 4C
"""
[notes.dockeripv6]
title = "IPv6 in Docker-based Talos Clusters"
description="""\
The command `talosctl cluster create` now enables IPv6 by default for the Docker containers
created for Talos nodes. This allows to use IPv6 addresses in Kubernetes networking.
If `talosctl cluster create` fails to work on Linux due to the lack of IPv6 support,
please use the flag `--disable-docker-ipv6` to revert the change.
"""
[notes.pod-security]
title = "Pod Security Admission"
description="""\
[Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) controller is enabled by default with the following policy:
```yaml
apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
- configuration:
apiVersion: pod-security.admission.config.k8s.io/v1alpha1
defaults:
audit: restricted
audit-version: latest
enforce: baseline
enforce-version: latest
warn: restricted
warn-version: latest
exemptions:
namespaces:
- kube-system
runtimeClasses: []
usernames: []
kind: PodSecurityConfiguration
name: PodSecurity
path: ""
```
The policy is part of the Talos machine configuration, and it can be modified to suite your needs.
"""
[notes.x86_64]
title = "x86-64 Architecture"
description="""\
Talos is built for x86-64 architecture with support for [x86-64-v2 microarchitecture level](https://en.wikipedia.org/wiki/X86-64#Microarchitecture_levels),
so Talos no longer runs on processors supporting only baseline `x86-64` microarchitecture (before 2009).
"""
[notes.apply-config]
title = "Apply Config `--dry-run`"
description="""\
The commands `talosctl apply-config`, `talosctl patch mc` and `talosctl edit mc` now support `--dry-run` flag.
If enabled it just prints out the selected config application mode and the configuration diff.
"""
[notes.apply-config-try]
title = "Apply Config `--mode=try`"
description="""\
The commands `talosctl apply-config`, `talosctl patch mc` and `talosctl edit mc` now support the new mode called `try`.
In this mode the config change is applied for a period of time and then reverted back to the state it was before the change.
`--timeout` parameter can be used to customize the config rollback timeout.
This new mode can be used only with the parts of the config that can be changed without a reboot and can help to check that
the new configuration doesn't break the node.
Can be especially useful to check network interfaces changes that may lead to the loss of connectivity to the node.
"""
[notes.network-device-selector]
title = "Network Device Selector"
description="""\
Talos machine configuration supports specifying network interfaces by selectors instead of interface name.
See [documentation](https://www.talos.dev/v1.1/talos-guides/network/device-selector/) for more details.
"""
[notes.anonymous]
title = "Kubernetes API Server Anonymous Auth"
description="""\
Anonymous authentication is now disabled by default for the `kube-apiserver` (CIS compliance).
To enable anonymous authentication, update the machine config with:
```yaml
cluster:
apiServer:
extraArgs:
anonymous-auth: true
```
""" """
[make_deps] [make_deps]

2
pkg/machinery/constants/constants.go
View File

@ -13,7 +13,7 @@ import (
const ( const (
// DefaultKernelVersion is the default Linux kernel version. // DefaultKernelVersion is the default Linux kernel version.
DefaultKernelVersion = "5.15.48-talos" DefaultKernelVersion = "5.15.49-talos"
// KernelParamConfig is the kernel parameter name for specifying the URL. // KernelParamConfig is the kernel parameter name for specifying the URL.
// to the config. // to the config.

2
pkg/machinery/gendata/data/pkgs
View File

@ -1 +1 @@
v1.2.0-alpha.0-11-g6e1269e v1.2.0-alpha.0-13-ged75c50

1
pkg/machinery/kernel/kernel.go
View File

@ -24,7 +24,6 @@ var DefaultArgs = []string{
// AWS recommends setting the nvme_core.io_timeout to the highest value possible. // AWS recommends setting the nvme_core.io_timeout to the highest value possible.
// See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html. // See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html.
"nvme_core.io_timeout=4294967295", "nvme_core.io_timeout=4294967295",
"random.trust_cpu=on",
// Disable rate limited printk // Disable rate limited printk
"printk.devkmsg=on", "printk.devkmsg=on",
"ima_template=ima-ng", "ima_template=ima-ng",

2
website/content/v1.2/talos-guides/configuration/logging.md
View File

@ -12,7 +12,7 @@ Kernel messages can be retrieved with `talosctl dmesg` command:
```sh ```sh
$ talosctl -n 172.20.1.2 dmesg $ talosctl -n 172.20.1.2 dmesg
172.20.1.2: kern: info: [2021-11-10T10:09:37.662764956Z]: Command line: init_on_alloc=1 slab_nomerge pti=on consoleblank=0 nvme_core.io_timeout=4294967295 random.trust_cpu=on printk.devkmsg=on ima_template=ima-ng ima_appraise=fix ima_hash=sha512 console=ttyS0 reboot=k panic=1 talos.shutdown=halt talos.platform=metal talos.config=http://172.20.1.1:40101/config.yaml 172.20.1.2: kern: info: [2021-11-10T10:09:37.662764956Z]: Command line: init_on_alloc=1 slab_nomerge pti=on consoleblank=0 nvme_core.io_timeout=4294967295 printk.devkmsg=on ima_template=ima-ng ima_appraise=fix ima_hash=sha512 console=ttyS0 reboot=k panic=1 talos.shutdown=halt talos.platform=metal talos.config=http://172.20.1.1:40101/config.yaml
[...] [...]
``` ```