feat: linux 5.15.85, containerd 1.6.14

Import latest packages. Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
siderolabs · Dec 27, 2022 · 0dbaf01 · 0dbaf01
1 parent 323e3cc
commit 0dbaf01
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 286 deletions.
diff --git a/Makefile b/Makefile
@@ -14,7 +14,7 @@ NAME = Talos
 
 ARTIFACTS := _out
 TOOLS ?= ghcr.io/siderolabs/tools:v1.3.0-1-g712379c
-PKGS ?= v1.3.0-5-g6509d23
+PKGS ?= v1.3.0-7-g9931288
 EXTRAS ?= v1.3.0-1-g3773d71
 GO_VERSION ?= 1.19
 GOIMPORTS_VERSION ?= v0.1.11

diff --git a/go.mod b/go.mod
@@ -34,7 +34,7 @@ require (
 	github.com/beevik/ntp v0.3.0
 	github.com/cenkalti/backoff/v4 v4.2.0
 	github.com/containerd/cgroups v1.0.4
-	github.com/containerd/containerd v1.6.12
+	github.com/containerd/containerd v1.6.14
 	github.com/containerd/typeurl v1.0.2
 	github.com/containernetworking/cni v1.1.2
 	github.com/containernetworking/plugins v1.1.1
@@ -148,7 +148,7 @@ require (
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Microsoft/go-winio v0.5.2 // indirect
-	github.com/Microsoft/hcsshim v0.9.5 // indirect
+	github.com/Microsoft/hcsshim v0.9.6 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20220930113650-c6815a8c17ad // indirect
 	github.com/ProtonMail/go-mime v0.0.0-20220302105931-303f85f7fe0f // indirect
 	github.com/ProtonMail/gopenpgp/v2 v2.4.10 // indirect

diff --git a/go.sum b/go.sum
@@ -82,8 +82,8 @@ github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2
 github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00=
 github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600=
 github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4=
-github.com/Microsoft/hcsshim v0.9.5 h1:AbV+VPfTrIVffukazHcpxmz/sRiE6YaMDzHWR9BXZHo=
-github.com/Microsoft/hcsshim v0.9.5/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc=
+github.com/Microsoft/hcsshim v0.9.6 h1:VwnDOgLeoi2du6dAznfmspNqTiwczvjv4K7NxuY9jsY=
+github.com/Microsoft/hcsshim v0.9.6/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc=
 github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU=
 github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
@@ -228,8 +228,8 @@ github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09Zvgq
 github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s=
 github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
 github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c=
-github.com/containerd/containerd v1.6.12 h1:kJ9b3mOFKf8yqo05Ob+tMoxvt1pbVWhnB0re9Y+k+8c=
-github.com/containerd/containerd v1.6.12/go.mod h1:K4Bw7gjgh4TnkmQY+py/PYQGp4e7xgnHAeg87VeWb3A=
+github.com/containerd/containerd v1.6.14 h1:W+d0AJKVG3ioTZZyQwcw1Y3vvo6ZDYzAcjDcY4tkgGI=
+github.com/containerd/containerd v1.6.14/go.mod h1:U2NnBPIhzJDm59xF7xB2MMHnKtggpZ+phKg8o2TKj2c=
 github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
 github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
 github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=

diff --git a/hack/release.toml b/hack/release.toml
@@ -6,7 +6,7 @@ github_repo = "siderolabs/talos"
 match_deps = "^github.com/((talos-systems|siderolabs)/[a-zA-Z0-9-]+)$"
 
 # previous release
-previous = "v1.2.0"
+previous = "v1.3.0"
 
 pre_release = false
 
@@ -15,284 +15,11 @@ preface = """\
 
 [notes]
 
-    [notes.kernel_modules]
-        title = "Kernel Modules"
-        description = """\
-Talos now supports settings kernel module parameters.
-
-Eg:
-
-```yaml
-machine:
-  kernel:
-    modules:
-      - name: "br_netfilter"
-        parameters:
-          - nf_conntrack_max=131072
-```
-"""
-
-    [notes.sbc]
-        title = "Nano Pi R4S"
-        description = """\
-Talos now supports the Nano Pi R4S SBC.
-"""
-
-    [notes.sbc1]
-        title = "Raspberry Generic Images"
-        description = """\
-The Raspberry Pi 4 specific image has been deprecated and will be removed in the v1.4 release of Talos.
-Talos now ships a generic Raspberry Pi image that should support more Raspberry Pi variants.
-Refer to the docs at https://www.talos.dev/v1.3/talos-guides/install/single-board-computers/rpi_generic/ to find which ones are supported.
-"""
-
     [notes.updates]
         title = "Component Updates"
         description="""\
-* Kubernetes: v1.26.0
-* Flannel: v0.20.2
-* CoreDNS: v1.10.0
-* etcd: v3.5.6
-* Linux: 5.15.83
-* containerd: v1.6.12
-
-Talos is built with Go 1.19.4.
-"""
-
-    [notes.etcd]
-        title = "etcd Consistency Check"
-        description="""\
-Talos enables [--experimental-compact-hash-check-enabled](https://github.com/etcd-io/etcd/pull/14120) option by default to improve
-etcd store consistency guarantees.
-
-This options is only available with etcd >= v3.5.5, so Talos doesn't support version of etcd before v3.5.5.
-"""
-
-    [notes.auditpolicy]
-        title = "kube-apiserver Audit Policy"
-        description="""\
-Talos now supports setting custom audit policy for `kube-apiserver` in the machine configuration.
-"""
-
-    [notes.routes]
-        title = "Routes"
-        description="""\
-Talos now supports setting MTU for a specific route.
-"""
-
-    [notes.cmdline]
-        title = "Kernel Command Line ip= Argument"
-        description="""\
-Talos now supports referencing interface name via `enxMAC` address notation:
-
-```
-ip=172.20.0.2::172.20.0.1:255.255.255.0::enx7085c2dfbc59
-```
-"""
-
-    [notes.kubespan]
-        title = "KubeSpan"
-        description="""\
-KubeSpan MTU link size is now configurable via `network.kubespan.mtu` setting in the machine configuration.
-"""
-
-    [notes.static_pod_manifests]
-        title = "Static Pod Manifests"
-        description = """\
-The directory "/etc/kubernetes/manifests" is now deprecated.
-Static pods should always be configured in machine.pods.
-To reenable support you may set `machine.kubelet.disableManifestsDirectory`.
-
-Eg:
-
-```yaml
-machine:
-  kubelet:
-    disableManifestsDirectory: no
-```
-"""
-
-    [notes.secretbox]
-        title = "Encryption with secretbox"
-        description = """\
-By default new clusters will use secretbox for encryption instead of AESCBC.
-If both are configured secretbox will take precedence.
-Old clusters may keep using AESCBC.
-To enable secretbox you may add an encryption secret at `cluster.secretboxEncryptionSecret`.
-You should keep `aescbcEncryptionSecret` however, even if secretbox is enabled older data will still be encrypted with AESCBC.
-
-How to generate the secret:
-
-```bash
-dd if=/dev/random of=/dev/stdout bs=32 count=1 | base64
-```
-"""
-
-    [notes.exoscale]
-        title = "Exocale Platform"
-        description = """\
-Talos now supports new platform: Exoscale.
-
-Exoscale provides a firewall, TCP load balancer and autoscale groups.
-It works well with CCM and Kubernetes node autoscaler.
-"""
-
-    [notes.etcd-member-id]
-        title = "etcd Member ID"
-        description = """\
-Talos now internally handles etcd member removal by member ID instead of member name (hostname).
-This resolves the case when member name is not accurate or empty (eg: when etcd hasn't fully joined yet).
-
-Command `talosctl etcd remove-member` now accepts member IDs instead of member names.
-
-New resource can be used to get member ID of the Talos node:
-
-```bash
-talosctl get etcdmember
-```
-"""
-
-    [notes.cgroupsv1]
-        title = "cgroups v1"
-        description = """\
-Talos defaults to using cgroups v2 when Talos doesn't run in a container (when running in a container
-Talos follows host cgroups mode).
-Talos can now be forced to use cgroups v1 by setting boot kernel argument `talos.unified_cgroup_hierarchy=0`:
-
-```yaml
-machine:
-  install:
-    extraKernelArgs:
-      - "talos.unified_cgroup_hierarchy=0"
-```
-
-Current cgroups mode can be checked with `talosctl ls /sys/fs/cgroup`:
-
-cgroups v1:
-
-```
-blkio
-cpu
-cpuacct
-cpuset
-devices
-freezer
-hugetlb
-memory
-net_cls
-net_prio
-perf_event
-pids
-```
-
-cgroups v2:
-
-```
-cgroup.controllers
-cgroup.max.depth
-cgroup.max.descendants
-cgroup.procs
-cgroup.stat
-cgroup.subtree_control
-cgroup.threads
-cpu.stat
-cpuset.cpus.effective
-cpuset.mems.effective
-init
-io.stat
-kubepods
-memory.numa_stat
-memory.stat
-podruntime
-system
-```
-
-> Note: `cgroupsv1` is deprecated and it should be used only for compatibility with workloads which don't support `cgroupsv2` yet.
-"""
-
-    [notes.nodelabels]
-        title = "Node Labels"
-        description = """\
-Talos now supports specifying node labels in the machine configuration:
-
-```yaml
-machine:
-  nodeLabels:
-    rack: rack1a
-    zone: us-east-1a
-```
-
-Changes to the node labels will be applied immediately without `kubelet` restart.
-
-Talos keeps track of the owned node labels in the `talos.dev/owned-labels` annotation.
-"""
-
-    [notes.criconfig]
-        title = "CRI Configuration Overrides"
-        description = """\
-Talos no longer supports CRI config overrides placed in `/var/cri/conf.d` directory.
-
-[New way](https://www.talos.dev/v1.3/talos-guides/configuration/containerd/) correctly handles merging of containerd/CRI plugin configuration.
-"""
-
-    [notes.registry_k8s_io]
-        title = "registry.k8s.io"
-        description = """\
-Talos now uses `registry.k8s.io` instead of `k8s.gcr.io` for Kubernetes container images.
-
-See [Kubernetes documentation](https://kubernetes.io/blog/2022/11/28/registry-k8s-io-faster-cheaper-ga/) for additional details.
-
-If using registry mirrors, or in air-gapped installations you may need to update your configuration.
-"""
-
-    [notes.talosctl_machineconfig_patch]
-        title = "talosctl machineconfig patch"
-        description = """\
-A new subcommand, `machineconfig patch` is added to `talosctl` to allow patching of machine configuration.
-
-It accepts a machineconfig file and a list of patches as input and outputs the patched machine configuration.
-
-Patches can be sourced from the command line or from a file. Output can be written to a file or to stdout.
-
-Example:
-
-```bash
-talosctl machineconfig patch controlplane.yaml \
-  --patch '[{"op":"replace","path":"/cluster/clusterName","value":"patch1"}]' \
-  --patch @/path/to/patch2.json
-```
-
-Additionally, `talosctl machineconfig gen` subcommand is introduced as an alias to `talosctl gen config`.
-"""
-
-    [notes.registry-mirrors]
-        title = "Registry Mirrors"
-        description = """\
-Talos had an inconsistency in the way registry mirror endpoints are handled when compared with `containerd` implementation:
-
-```yaml
-machine:
-    registries:
-        mirrors:
-            docker.io:
-                endpoints:
-                    - "https://mirror-registry/v2/mirror.docker.io"
-```
-
-Talos would use endpoint `https://mirror-registry/v2/mirror.docker.io`, while `containerd` would use `https://mirror-registry/v2/mirror.docker.io/v2`.
-This inconsistency is now fixed, and Talos uses same endpoint as `containerd`.
-
-New `overridePath` configuration is introduced to skip appending `/v2` both on Talos and containerd side:
-
-```yaml
-machine:
-    registries:
-        mirrors:
-            docker.io:
-                endpoints:
-                    - "https://mirror-registry/v2/mirror.docker.io"
-                overridePath: true
-```
+* Linux: 5.15.85
+* containerd: v1.6.14
 """
 
 [make_deps]

diff --git a/pkg/machinery/constants/constants.go b/pkg/machinery/constants/constants.go
@@ -13,7 +13,7 @@ import (
 
 const (
 	// DefaultKernelVersion is the default Linux kernel version.
-	DefaultKernelVersion = "5.15.83-talos"
+	DefaultKernelVersion = "5.15.85-talos"
 
 	// KernelParamConfig is the kernel parameter name for specifying the URL.
 	// to the config.
@@ -423,7 +423,7 @@ const (
 	TrustdUserID = 51
 
 	// DefaultContainerdVersion is the default container runtime version.
-	DefaultContainerdVersion = "1.6.12"
+	DefaultContainerdVersion = "1.6.14"
 
 	// SystemContainerdNamespace is the Containerd namespace for Talos services.
 	SystemContainerdNamespace = "system"

diff --git a/pkg/machinery/gendata/data/pkgs b/pkg/machinery/gendata/data/pkgs
@@ -1 +1 @@
-v1.3.0-5-g6509d23
+v1.3.0-7-g9931288