mirror of
https://github.com/lingble/talos.git
synced 2026-03-20 04:03:37 +00:00
30f8b5a9f7
Fixes #9613 This has two changes: * adjust Talos registry resolver to match containerd (CRI) resolver: use by default upstream as a fallback * add a machine config option to skip upstream as a fallback, and adjust CRI configuration accordingly See https://github.com/containerd/containerd/blob/main/docs/hosts.md#registry-configuration---examples for details on CRI's `hosts.toml`. Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
99 lines
2.8 KiB
TOML
99 lines
2.8 KiB
TOML
# commit to be tagged for new release
|
|
commit = "HEAD"
|
|
|
|
project_name = "Talos"
|
|
github_repo = "siderolabs/talos"
|
|
match_deps = "^github.com/((talos-systems|siderolabs)/[a-zA-Z0-9-]+)$"
|
|
ignore_deps = ["github.com/coredns/coredns"]
|
|
|
|
# previous release
|
|
previous = "v1.8.0"
|
|
|
|
pre_release = true
|
|
|
|
preface = """
|
|
"""
|
|
|
|
[notes]
|
|
[notes.updates]
|
|
title = "Component Updates"
|
|
description = """\
|
|
* Linux: 6.6.60
|
|
* containerd: 2.0.0
|
|
* Flannel: 0.26.0
|
|
* Kubernetes: 1.32.0-beta.0
|
|
* runc: 1.2.1
|
|
|
|
Talos is built with Go 1.23.3.
|
|
"""
|
|
|
|
[notes.usernamespaces]
|
|
title = "User Namespaces"
|
|
description = """\
|
|
Talos Linux now supports running Kubernetes pods with user namespaces enabled.
|
|
Refer to the [documentation](https://www.talos.dev/v1.9/kubernetes-guides/configuration/usernamespace/) for more information.
|
|
"""
|
|
|
|
[notes.apparmor]
|
|
title = "AppArmor"
|
|
description = """\
|
|
Talos Linux starting with v1.9 will ship with SELinux LSM enabled by default.
|
|
If you need to use AppArmor LSM add the following to the machine configuration:
|
|
|
|
```yaml
|
|
machine:
|
|
install:
|
|
extraKernelArgs:
|
|
- -selinux
|
|
- lsm=lockdown,capability,yama,apparmor,bpf
|
|
- apparmor=1
|
|
```
|
|
"""
|
|
|
|
[notes.auditd]
|
|
title = "Auditd"
|
|
description = """\
|
|
Talos Linux now starts a auditd service by default.
|
|
Logs can be read with `talosctl logs auditd`.
|
|
"""
|
|
|
|
[notes.cgroups]
|
|
title = "`talosctl cgroups`"
|
|
description = """\
|
|
The `talosctl cgroups` command has been added to the `talosctl` tool.
|
|
This command allows you to view the cgroup resource consumption and limits for a machine, e.g.
|
|
`talosctl cgroups --preset memory`.
|
|
"""
|
|
|
|
[notes.udevd]
|
|
title = "udevd"
|
|
description = """\
|
|
Talos previously used `eudev` to provide `udevd`, now it uses `systemd-udevd` instead.
|
|
"""
|
|
|
|
[notes.registry-mirrors]
|
|
title = "Registry Mirrors"
|
|
description = """\
|
|
In versions before Talos 1.9, there was a discrepancy between the way Talos itself and CRI plugin resolves registry mirrors:
|
|
Talos will never fall back to the default registry if endpoints are configured, while CRI plugin will.
|
|
|
|
> Note: Talos Linux pulls images for the `installer`, `kubelet`, `etcd`, while all workload images are pulled by the CRI plugin.
|
|
|
|
In Talos 1.9 this was fixed, so that by default an upstream registry is used as a fallback in all cases, while new registry mirror
|
|
configuration option `.skipFallback` can be used to disable this behavior both for Talos and CRI plugin.
|
|
"""
|
|
|
|
[make_deps]
|
|
|
|
[make_deps.tools]
|
|
variable = "TOOLS"
|
|
repository = "github.com/siderolabs/tools"
|
|
|
|
[make_deps.pkgs]
|
|
variable = "PKGS"
|
|
repository = "github.com/siderolabs/pkgs"
|
|
|
|
[make_deps.extras]
|
|
variable = "EXTRAS"
|
|
repository = "github.com/siderolabs/extras"
|