Skip to content

Commit

Permalink
docs: build what's new for 1.9
Browse files Browse the repository at this point in the history 
Also contains various small fixes to the documentation.

Fixes #9853

Fixes #9901

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
  • Loading branch information
@smira
smira committed Dec 10, 2024
1 parent d946cca commit 10da553
Show file tree
Hide file tree
Showing 14 changed files with 278 additions and 46 deletions.
3 changes: 2 additions & 1 deletion hack/release.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ preface = """
* containerd: 2.0.0
* Flannel: 0.26.1
* Kubernetes: 1.32.0-rc.1
* runc: 1.2.1
* runc: 1.2.2
* CoreDNS: 1.12.0
Talos is built with Go 1.23.4.
Expand Down Expand Up @@ -174,6 +174,7 @@ It can be enabled with the following config patch:
machine:
features:
nodeAddressSortAlgorithm: v2
```
"""

[make_deps]
Expand Down
2 changes: 1 addition & 1 deletion pkg/machinery/config/types/v1alpha1/v1alpha1_examples.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -610,7 +610,7 @@ func networkDeviceSelectorExamples() []NetworkDeviceSelector {
},
{
NetworkDeviceHardwareAddress: "*:f0:ab",
NetworkDeviceKernelDriver: "virtio",
NetworkDeviceKernelDriver: "virtio_net",
},
}
}
Expand Down
8 changes: 4 additions & 4 deletions website/content/v1.9/_index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,11 @@ linkTitle: "Documentation"
images: ["images/talos-dev-banner.png"]
cascade:
type: docs
lastRelease: v1.9.0-alpha.0
kubernetesRelease: "1.32.0-beta.0"
lastRelease: v1.9.0-beta.1
kubernetesRelease: "1.32.0-rc.1"
prevKubernetesRelease: "1.31.1"
nvidiaContainerToolkitRelease: "v1.16.1"
nvidiaDriverRelease: "535.183.06"
nvidiaContainerToolkitRelease: "v1.17.2"
nvidiaDriverRelease: "535.216.03"
preRelease: true
---

Expand Down
10 changes: 6 additions & 4 deletions website/content/v1.9/introduction/support-matrix.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ description: "Table of supported Talos Linux versions and respective platforms."
| Talos Version | 1.9 | 1.8 |
| ----------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Release Date | 2024-12-15 (TBD) | 2024-09-23 (1.8.0) |
| End of Community Support | 1.10.0 release (2025-04-15, TBD) | 1.9.0 release (2024-12-25, TBD) |
| End of Community Support | 1.10.0 release (2025-04-15, TBD) | 1.9.0 release (2024-12-15, TBD) |
| Enterprise Support | [offered by Sidero Labs Inc.](https://www.siderolabs.com/support/) | [offered by Sidero Labs Inc.](https://www.siderolabs.com/support/) |
| Kubernetes | 1.32, 1.31, 1.30, 1.29, 1.28, 1.27 | 1.31, 1.30, 1.29, 1.28, 1.27, 1.26 |
| NVIDIA Drivers | 550.x.x (PRODUCTION), 535.x.x (LTS) | 550.x.x (PRODUCTION), 535.x.x (LTS) |
Expand All @@ -16,11 +16,13 @@ description: "Table of supported Talos Linux versions and respective platforms."
| - cloud | Akamai, AWS, GCP, Azure, CloudStack, Digital Ocean, Exoscale, Hetzner, OpenNebula, OpenStack, Oracle Cloud, Scaleway, Vultr, Upcloud | Akamai, AWS, GCP, Azure, CloudStack, Digital Ocean, Exoscale, Hetzner, OpenNebula, OpenStack, Oracle Cloud, Scaleway, Vultr, Upcloud |
| - bare metal | x86: BIOS, UEFI, SecureBoot; arm64: UEFI, SecureBoot; boot: ISO, PXE, disk image | x86: BIOS, UEFI; arm64: UEFI; boot: ISO, PXE, disk image |
| - virtualized | VMware, Hyper-V, KVM, Proxmox, Xen | VMware, Hyper-V, KVM, Proxmox, Xen |
| - SBCs | Banana Pi M64, Jetson Nano, Libre Computer Board ALL-H3-CC, Nano Pi R4S, Pine64, Pine64 Rock64, Radxa ROCK Pi 4c, Radxa Rock4c+, Raspberry Pi 4B, Raspberry Pi Compute Module 4 | Banana Pi M64, Jetson Nano, Libre Computer Board ALL-H3-CC, Nano Pi R4S, Orange Pi R1 Plus LTS, Pine64, Pine64 Rock64, Radxa ROCK Pi 4c, Raspberry Pi 4B, Raspberry Pi Compute Module 4, Turing RK1 |
| - SBCs | Banana Pi M64, Jetson Nano, Libre Computer Board ALL-H3-CC, Nano Pi R4S, Pine64, Pine64 Rock64, Radxa ROCK Pi 4c, Radxa Rock4c+, Raspberry Pi 4B, Raspberry Pi Compute Module 4, Turing RK1 | Banana Pi M64, Jetson Nano, Libre Computer Board ALL-H3-CC, Nano Pi R4S, Orange Pi R1 Plus LTS, Pine64, Pine64 Rock64, Radxa ROCK Pi 4c, Raspberry Pi 4B, Raspberry Pi Compute Module 4 |
| - local | Docker, QEMU | Docker, QEMU |
| **Omni** | | |
| [Omni](https://github.com/siderolabs/omni) | >= 0.45.0 | >= 0.43.0 |
| **Cluster API** | | |
| [CAPI Bootstrap Provider Talos](https://github.com/siderolabs/cluster-api-bootstrap-provider-talos) | >= 0.6.6 | >= 0.6.6 |
| [CAPI Control Plane Provider Talos](https://github.com/siderolabs/cluster-api-control-plane-provider-talos) | >= 0.5.7 | >= 0.5.7 |
| [CAPI Bootstrap Provider Talos](https://github.com/siderolabs/cluster-api-bootstrap-provider-talos) | >= 0.6.7 | >= 0.6.6 |
| [CAPI Control Plane Provider Talos](https://github.com/siderolabs/cluster-api-control-plane-provider-talos) | >= 0.5.8 | >= 0.5.7 |
| [Sidero](https://www.sidero.dev/) | >= 0.6.5 | >= 0.6.5 |

## Platform Tiers
Expand Down
219 changes: 218 additions & 1 deletion website/content/v1.9/introduction/what-is-new/index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,221 @@ description: "List of new and shiny features in Talos Linux."

See also [upgrade notes]({{< relref "../../talos-guides/upgrading-talos/">}}) for important changes.

TBD
## Important Changes

Please read this section carefully before upgrading to Talos 1.9.0.

### Direct Rendering Manager (DRM)

Starting with Talos 1.9, the `i915` and `amdgpu` DRM drivers have been removed from the Talos base image.
These drivers, along with their firmware, are now included in two new system extensions named `i915` and `amdgpu`.
The previously available extensions `i915-ucode` and `amdgpu-firmware` have been retired.

Upgrades via Image Factory or Omni will automatically include the new extensions if the `i915-ucode` or `amdgpu-firmware` extensions were previously used.

### udevd

Talos previously used `eudev` to provide `udevd`, now it uses `systemd-udevd` instead.

The `systemd-udevd` might change the names of network interfaces with predictable names, potentially causing issues with existing configurations.

## Image Cache

Talos now supports providing a local [Image Cache]({{< relref "../../talos-guides/configuration/image-cache" >}}) for container images.

The Image Cache feature can be used to avoid downloading the required images over the network, which can be useful in air-gapped or weak connectivity environments.

## Networking

### Custom DNS Search Domains

Talos now allows to supports specifying custom search domains for Talos nodes using
new machine configuration field [`.machine.network.searchDomains`]({{< relref "../../reference/configuration/v1alpha1/config/#Config.machine.network" >}}).

For the host the `/etc/resolve.conf` would look like:

```text
nameserver 127.0.0.53
search my-custom-search-name.com my-custom-search-name2.com
```

For the pods it will look something like this:

```text
search default.svc.cluster.local svc.cluster.local cluster.local my-custom-search-name.com my-custom-search-name2.com
nameserver 10.96.0.10
options ndots:5
```

### Device Selectors

Talos now supports matching on [permanent hardware (MAC) address]({{< relref "../../reference/configuration/v1alpha1/config/#Config.machine.network.interfaces..bond.deviceSelectors." >}}) of the network interfaces.
This is specifically useful to match bond members, as they change their hardware addresses when they become part of the bond.

### Node Address Ordering

Talos supports new experimental address sort algorithm for `NodeAddress` which are used to pick up default addresses for `kubelet`, `etcd`, etc.

It can be enabled with the following config patch:

```yaml
machine:
features:
nodeAddressSortAlgorithm: v2
```
The new algorithm prefers more specific prefixes, which is specifically useful for IPv6 addresses.
## Control Groups Analysis
The `talosctl cgroups` command has been added to the `talosctl` tool.
This command allows you to view the [cgroup resource consumption and limits]({{< relref "../../advanced/cgroups-analysis" >}}) for a machine, e.g.
`talosctl cgroups --preset memory`.

## Kubernetes

### APIServer Authorization Config

Starting with Talos 1.9, `.cluster.apiServer.authorizationConfig` field supports setting [Kubernetes API server authorization modes](https://kubernetes.io/docs/reference/access-authn-authz/authorization/#using-configuration-file-for-authorization)
using the `--authorization-config` flag.

The machine config field supports a list of `authorizers`.
For instance:

```yaml
cluster:
apiServer:
authorizationConfig:
- type: Node
name: Node
- type: RBAC
name: rbac
```

For new cluster if the Kubernetes API server supports the `--authorization-config` flag, it'll be used by default instead of the `--authorization-mode` flag.
By default Talos will always add the `Node` and `RBAC` authorizers to the list.

When upgrading if either a user-provided `authorization-mode` or `authorization-webhook-*` flag is set via `.cluster.apiServer.extraArgs`, it'll be used instead of the new `AuthorizationConfig`.

Current authorization config can be viewed by running: `talosctl get authorizationconfigs.kubernetes.talos.dev -o yaml`.

### User Namespaces

Talos Linux now supports running Kubernetes pods with user namespaces enabled.
Please refer to the [documentation]({{< relref "../../kubernetes-guides/configuration/usernamespace" >}}) for more information.

## Containers

### OCI Base Runtime Spec

Talos now allows to [modify the OCI base runtime spec for the container runtime]({{< relref "../../advanced/oci-base-spec" >}}).

### Registry Mirrors

In versions before Talos 1.9, there was a discrepancy between the way Talos itself and CRI plugin resolves registry mirrors:
Talos will never fall back to the default registry if endpoints are configured, while CRI plugin will.

> Note: Talos Linux pulls images for the `installer`, `kubelet`, `etcd`, while all workload images are pulled by the CRI plugin.

In Talos 1.9 this was fixed, so that by default an upstream registry is used as a fallback in all cases, while new registry mirror
[configuration option]({{< relref "../../reference/configuration/v1alpha1/config/#Config.machine.registries.mirrors.-" >}}) `.skipFallback` can be used to disable this behavior both for Talos and CRI plugin.

## Miscellaneous

### `auditd`

Talos Linux now starts an `auditd` service by default.
Linux kernel audit logs can be fetched with `talosctl logs auditd`.

### `talosctl disks`

The command `talosctl disks` was removed, please use `talosctl get disks`, `talosctl get systemdisk`, and `talosctl get blockdevices` instead.

### `talosctl wipe`

The new command `talosctl wipe disk` allows to wipe a disk or a partition which is not used as a volume.

## New Platforms

### Turing RK1

Talos now supports the [Turning RK1]({{< relref "../../talos-guides/install/single-board-computers/turing_rk1" >}}) SOM.

### `nocloud`

On bare-metal, Talos Linux was tested to correctly parse `nocloud` configuration from the following providers:

* [phoenixNAP Bare Metal Cloud](https://phoenixnap.com/)
* [servers.com](https://www.servers.com/)

## Deprecations

### cgroups version 1

Support for `cgroupsv1` is deprecated, and will be removed in Talos 1.10 (for non-container mode).

## Component Updates

* Linux: 6.12.4
* containerd: 2.0.0
* Flannel: 0.26.1
* Kubernetes: 1.32.0
* runc: 1.2.2
* CoreDNS: 1.12.0

Talos is built with Go 1.23.4.

## Contributors

Thanks to the following contributors who made this release possible:

* adilTepe
* Adolfo Ochagavía
* Alessio Moiso
* Andrey Smirnov
* blablu
* Dan Rue
* David Backeus
* Devin Buhl
* Dmitriy Matrenichev
* Dmitry Sharshakov
* Eddie Wang
* egrosdou01
* ekarlso
* Florian Ströger
* Hexoplon
* Jakob Maležič
* Jasmin
* Jean-Francois Roy
* Joakim Nohlgård
* Justin Garrison
* KBAegis
* Mike Beaumont
* Mohammad Amin Mokhtari
* naed3r
* Nebula
* nevermarine
* Nico Berlee
* Noel Georgi
* OliviaBarrington
* Philip Schmid
* Philipp Kleber
* Rémi Paulmier
* Remko Molier
* Robby Ciliberto
* Roman Ivanov
* Ryan Borstelmann
* Sam Stelfox
* Serge Logvinov
* Sergey Melnik
* Skyler Mäntysaari
* solidDoWant
* sophia-coldren
* Spencer Smith
* SpiReCZ
* Steven Cassamajor
* Steven Kreitzer
* Tim Jones
* Utku Ozdemir
* Variant9
Loading

0 comments on commit 10da553

Please sign in to comment.