mirror of
https://github.com/siderolabs/talos.git
synced 2026-04-17 11:41:10 +02:00
192 lines
6.3 KiB
TOML
192 lines
6.3 KiB
TOML
# commit to be tagged for new release
|
|
commit = "HEAD"
|
|
|
|
project_name = "Talos"
|
|
github_repo = "siderolabs/talos"
|
|
match_deps = "^github.com/((talos-systems|siderolabs)/[a-zA-Z0-9-]+)$"
|
|
ignore_deps = ["github.com/coredns/coredns"]
|
|
|
|
# previous release
|
|
previous = "v1.8.0"
|
|
|
|
pre_release = true
|
|
|
|
preface = """
|
|
"""
|
|
|
|
[notes]
|
|
[notes.updates]
|
|
title = "Component Updates"
|
|
description = """\
|
|
* Linux: 6.12.1
|
|
* containerd: 2.0.0
|
|
* Flannel: 0.26.1
|
|
* Kubernetes: 1.32.0-rc.1
|
|
* runc: 1.2.1
|
|
* CoreDNS: 1.12.0
|
|
|
|
Talos is built with Go 1.23.4.
|
|
"""
|
|
|
|
[notes.cgroupsv1]
|
|
title = "cgroups version 1"
|
|
description = """\
|
|
Support for cgroupsv1 is deprecated, and will be removed in Talos 1.10 (for non-container mode).
|
|
"""
|
|
|
|
[notes.machineConfigKubeAPIServer]
|
|
title = "Kube APIServer Authorization Config"
|
|
description = """\
|
|
Starting with Talos 1.9, `.cluster.apiServer.authorizationConfig` field supports setting [Kubernetes API server authorization modes](https://kubernetes.io/docs/reference/access-authn-authz/authorization/#using-configuration-file-for-authorization)
|
|
using the `--authorization-config` flag.
|
|
|
|
The machine config field supports a list of `authorizers`. For eg:
|
|
|
|
```yaml
|
|
cluster:
|
|
apiServer:
|
|
authorizationConfig:
|
|
- type: Node
|
|
name: Node
|
|
- type RBAC
|
|
name: rbac
|
|
```
|
|
|
|
For new cluster if the Kubernetes API server supports the `--authorization-config` flag, it'll be used by default instead of the `--authorization-mode` flag.
|
|
By default Talos will always add the `Node` and ` RBAC` authorizers to the list.
|
|
|
|
When upgrading if either a user-provided `authorization-mode` or `authorization-webhook-*` flag is set via `.cluster.apiServer.extraArgs`, it'll be used instead of the new `AuthorizationConfig`.
|
|
|
|
Current authorization config can be viewed by running: `talosctl get authorizationconfigs.kubernetes.talos.dev -o yaml`
|
|
"""
|
|
|
|
[notes.drm]
|
|
title = "Direct Rendering Manager (DRM)"
|
|
description = """\
|
|
Starting with Talos 1.9, the `i915` and `amdgpu` DRM drivers will be dropped from the Talos squashfs.
|
|
There will be new system extensions named `i915` and `amdgpu` that would contain both the drivers and firmware packaged together.
|
|
Upgrades via Image Factory will automatically include the new extensions if previously `i915-ucode` or `amdgpu-firmware` were used.
|
|
"""
|
|
|
|
[notes.usernamespaces]
|
|
title = "User Namespaces"
|
|
description = """\
|
|
Talos Linux now supports running Kubernetes pods with user namespaces enabled.
|
|
Refer to the [documentation](https://www.talos.dev/v1.9/kubernetes-guides/configuration/usernamespace/) for more information.
|
|
"""
|
|
|
|
|
|
[notes.auditd]
|
|
title = "Auditd"
|
|
description = """\
|
|
Talos Linux now starts a auditd service by default.
|
|
Logs can be read with `talosctl logs auditd`.
|
|
"""
|
|
|
|
[notes.cgroups]
|
|
title = "`talosctl cgroups`"
|
|
description = """\
|
|
The `talosctl cgroups` command has been added to the `talosctl` tool.
|
|
This command allows you to view the cgroup resource consumption and limits for a machine, e.g.
|
|
`talosctl cgroups --preset memory`.
|
|
"""
|
|
|
|
[notes.udevd]
|
|
title = "udevd"
|
|
description = """\
|
|
Talos previously used `eudev` to provide `udevd`, now it uses `systemd-udevd` instead.
|
|
"""
|
|
|
|
[notes.registry-mirrors]
|
|
title = "Registry Mirrors"
|
|
description = """\
|
|
In versions before Talos 1.9, there was a discrepancy between the way Talos itself and CRI plugin resolves registry mirrors:
|
|
Talos will never fall back to the default registry if endpoints are configured, while CRI plugin will.
|
|
|
|
> Note: Talos Linux pulls images for the `installer`, `kubelet`, `etcd`, while all workload images are pulled by the CRI plugin.
|
|
|
|
In Talos 1.9 this was fixed, so that by default an upstream registry is used as a fallback in all cases, while new registry mirror
|
|
configuration option `.skipFallback` can be used to disable this behavior both for Talos and CRI plugin.
|
|
"""
|
|
|
|
[notes.device-selectors]
|
|
title = "Device Selectors"
|
|
description = """\
|
|
Talos now supports matching on permanent hardware (MAC) address of the network interfaces.
|
|
This is specifically useful to match bond members, as they change their hardware addresses when they become part of the bond.
|
|
"""
|
|
|
|
[notes.talosctl-disk]
|
|
title = "talosctl disks"
|
|
description = """\
|
|
The command `talosctl disks` was removed, please use `talosctl get disks`, `talosctl get systemdisk`, and `talosctl get blockdevices` instead.
|
|
"""
|
|
|
|
[notes.talosctl-wipe]
|
|
title = "talosctl wipe"
|
|
description = """\
|
|
The new command `talosctl wipe disk` allows to wipe a disk or a partition which is not used as a volume.
|
|
"""
|
|
|
|
[notes.oci-base-spec]
|
|
title = "OCI Base Runtime Spec"
|
|
description = """\
|
|
Talos now allows to [modify the OCI base runtime spec for the container runtime](https://www.talos.dev/v1.9/advanced/oci-base-spec/).
|
|
"""
|
|
|
|
[notes.custom-search-domains]
|
|
title = "Custom search domains for Talos nodes"
|
|
description = """\
|
|
Talos now allows to supports specifying custom search domains for Talos nodes using
|
|
new config field `machine.network.searchDomains`
|
|
|
|
For the host it will look something like this:
|
|
|
|
```
|
|
nameserver 127.0.0.53
|
|
|
|
search my-custom-search-name.com my-custom-search-name2.com
|
|
```
|
|
|
|
For the pods it will look something like this:
|
|
|
|
```
|
|
search default.svc.cluster.local svc.cluster.local cluster.local my-custom-search-name.com my-custom-search-name2.com
|
|
nameserver 10.96.0.10
|
|
options ndots:5
|
|
```
|
|
"""
|
|
|
|
[notes.image-cache]
|
|
title = "Image Cache"
|
|
description = """\
|
|
Talos now supports providing a local [Image Cache](https://www.talos.dev/v1.9/talos-guides/configuration/image-cache/) for container images.
|
|
"""
|
|
|
|
[notes.node-address-sort]
|
|
title = "Node Address Sort"
|
|
description = """\
|
|
Talos supports new experimental address sort algorithm for `NodeAddress` which are used to pick up default addresses for kubelet, etcd, etc.
|
|
|
|
It can be enabled with the following config patch:
|
|
|
|
```yaml
|
|
machine:
|
|
features:
|
|
nodeAddressSortAlgorithm: v2
|
|
"""
|
|
|
|
[make_deps]
|
|
|
|
[make_deps.tools]
|
|
variable = "TOOLS"
|
|
repository = "github.com/siderolabs/tools"
|
|
|
|
[make_deps.pkgs]
|
|
variable = "PKGS"
|
|
repository = "github.com/siderolabs/pkgs"
|
|
|
|
[make_deps.extras]
|
|
variable = "EXTRAS"
|
|
repository = "github.com/siderolabs/extras"
|