lingble/archived-talos
1
0
Fork 0
mirror of https://github.com/lingble/talos.git synced 2026-03-20 04:03:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
856beb21cc3505c10d17e030d2ce0487e019c7ab
archived-talos/hack/release.toml

183 lines
5.8 KiB
TOML
Raw Blame History

# commit to be tagged for new release
commit = "HEAD"
project_name = "Talos"
github_repo = "siderolabs/talos"
match_deps = "^github.com/((talos-systems|siderolabs)/[a-zA-Z0-9-]+)$"
# previous release
previous = "v1.1.0"
pre_release = true
preface = """\
"""
[notes]
[notes.seccomp]
title = "Seccomp Profiles"
description = """\
Talos now supports creating custom seccomp profiles on the host machine which in turn can be used by Kubernetes workloads.
It can be configured in the machine config as below:
```yaml
machine:
seccompProfiles:
- name: audit.json
value:
defaultAction: SCMP_ACT_LOG
- name: deny.json
value: {"defaultAction":"SCMP_ACT_LOG"}
```
This profile data can be either configured as a YAML definition or as a JSON string.
The profiles are created on the host under `/var/lib/seccomp/profiles` and bind mounted at `/var/lib/kubelet/seccomp/profiles` so Kubelet can use it.
See [documentation](https://www.talos.dev/v1.2/kubernetes-guides/configuration/seccomp-profiles/) for more details.
"""
[notes.kubelet]
title = "Kubelet Default Runtime Seccomp Profile"
description = """\
Talos now runs Kubelet with the CRI default Seccomp Profile enabled.
This can be disabled by setting `.machine.kubelet.defaultRuntimeSeccompProfileEnabled` to `false`.
This is not enabled automatically on upgrades, so upgrading to Talos v1.2 needs this to be explicitly enabled.
"""
[notes.k8s-controlplane-components]
title = "Kubernetes ControlPlane Components"
description = """\
Talos now run all Kubernetes Control Plane Components with the CRI default Seccomp Profile and other recommendations as described in
[KEP-2568](https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/kubeadm/2568-kubeadm-non-root-control-plane).
"""
[notes.network-bridge]
title = "Network bridge support"
description = """\
Talos now supports configuring Linux bridges. It can be configured in the machine config like the following:
```yaml
machine:
network:
interfaces:
- interface: br0
bridge:
stp:
enabled: true
interfaces:
- eth0
- eth1
```
See [documentation](https://www.talos.dev/v1.2/reference/configuration/#bridge) for more details.
"""
[notes.network-vlan-cmdline]
title = "VLAN support in cmdline arguments"
description = """\
Talos now supports dracut-style `vlan` kernel argument to allow
installing Talos Linux in networks where ports are not tagged
with a default VLAN:
```
vlan=eth1.5:eth1 ip=172.20.0.2::172.20.0.1:255.255.255.0::eth1.5:::::
```
"""
[notes.updates]
title = "Component Updates"
description="""\
* Linux: 5.15.58
* Flannel 0.19.1
* containerd 1.16.7
Talos is built with Go 1.19.
"""
[notes.talos-config-kernel-param-variable-substitution]
title = "Variable substitution for URL query parameter in the talos.config kernel parameter"
description="""\
The kernel parameter talos.config can now substitute system information into placeholders inside its URL query values. This example shows all supported variables:
```http://example.com/metadata?h=${hostname}&m=${mac}&s=${serial}&u=${uuid}```
"""
[notes.strategic-merge]
title = "Strategic merge machine configuration patching"
description="""\
In addition to JSON (RFC6902) patches Talos now supports [strategic merge patching](https://www.talos.dev/v1.2/talos-guides/configuration/patching/).
For example, machine hostname can be set with the following patch:
```yaml
machine:
network:
hostname: worker1
```
Patch format is detected automatically.
"""
[notes.gen-secrets-from-pki]
title = "Generating Talos secrets from PKI directory"
description="""\
It is now possible to generate a secrets bundle from a Kubernetes PKI directory (e.g. `/etc/kubernetes/pki`).
You can also specify a bootstrap token to be used in the secrets bundle.
This secrets bundle can then be used to generate a machine config.
This facilitates migrating clusters (e.g. created using `kubeadm`) to Talos.
```
talosctl gen secrets --kubernetes-bootstrap-token znzio1.1ifu15frz7jd59pv --from-kubernetes-pki /etc/kubernetes/pki
talosctl gen config --with-secrets secrets.yaml my-cluster https://172.20.0.1:6443
```
"""
[notes.packet-capture]
title = "Packet Capture"
description="""\
Talos now supports capturing packets on a network interface with `talosctl pcap` command:
talosctl pcap --interface eth0
"""
[notes.stable-hostname]
title = "Stable Default Hostname"
description="""\
Talos now generates the default hostname (when there is no explicitly specified hostname) for the nodes based on the
node id (e.g. `talos-2gd-76y`) instead of using the DHCP assigned IP address (e.g. `talos-172-20-0-2`).
This ensures that the node hostname is not changed when DHCP assigns a new IP to a node.
"""
[notes.kubespan-kubernetes-nets]
title = "KubeSpan Kubernetes Network Advertisement"
description="""\
KubeSpan no longer by default advertises Kubernetes pod networks of the node over KubeSpan.
This means that CNI should handle encapsulation of pod-to-pod traffic into the node-to-node tunnel,
and node-to-node traffic will be handled by KubeSpan.
This provides better compatibility with popular CNIs like Calico and Cilium.
Old behavior can be restored by setting `.machine.kubespan.advertiseKubernetesNetworks = true` in the machine config.
"""
[make_deps]
[make_deps.tools]
variable = "TOOLS"
repository = "github.com/siderolabs/tools"
[make_deps.pkgs]
variable = "PKGS"
repository = "github.com/siderolabs/pkgs"
[make_deps.extras]
variable = "EXTRAS"
repository = "github.com/siderolabs/extras"
Reference in New Issue View Git Blame Copy Permalink