diff --git a/Makefile b/Makefile index f7a0320bfd..1fba507429 100644 --- a/Makefile +++ b/Makefile @@ -14,7 +14,7 @@ NAME = Talos ARTIFACTS := _out TOOLS ?= ghcr.io/siderolabs/tools:v1.3.0-1-g712379c -PKGS ?= v1.3.0-5-g6509d23 +PKGS ?= v1.3.0-7-g9931288 EXTRAS ?= v1.3.0-1-g3773d71 GO_VERSION ?= 1.19 GOIMPORTS_VERSION ?= v0.1.11 diff --git a/go.mod b/go.mod index 15778af865..30cc41836d 100644 --- a/go.mod +++ b/go.mod @@ -34,7 +34,7 @@ require ( github.com/beevik/ntp v0.3.0 github.com/cenkalti/backoff/v4 v4.2.0 github.com/containerd/cgroups v1.0.4 - github.com/containerd/containerd v1.6.12 + github.com/containerd/containerd v1.6.14 github.com/containerd/typeurl v1.0.2 github.com/containernetworking/cni v1.1.2 github.com/containernetworking/plugins v1.1.1 @@ -148,7 +148,7 @@ require ( github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect github.com/Microsoft/go-winio v0.5.2 // indirect - github.com/Microsoft/hcsshim v0.9.5 // indirect + github.com/Microsoft/hcsshim v0.9.6 // indirect github.com/ProtonMail/go-crypto v0.0.0-20220930113650-c6815a8c17ad // indirect github.com/ProtonMail/go-mime v0.0.0-20220302105931-303f85f7fe0f // indirect github.com/ProtonMail/gopenpgp/v2 v2.4.10 // indirect diff --git a/go.sum b/go.sum index 5f2d2310d6..77fe4e0fe4 100644 --- a/go.sum +++ b/go.sum @@ -82,8 +82,8 @@ github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2 github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00= github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600= github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= -github.com/Microsoft/hcsshim v0.9.5 h1:AbV+VPfTrIVffukazHcpxmz/sRiE6YaMDzHWR9BXZHo= -github.com/Microsoft/hcsshim v0.9.5/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= +github.com/Microsoft/hcsshim v0.9.6 h1:VwnDOgLeoi2du6dAznfmspNqTiwczvjv4K7NxuY9jsY= +github.com/Microsoft/hcsshim v0.9.6/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU= github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= @@ -228,8 +228,8 @@ github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09Zvgq github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s= github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g= github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c= -github.com/containerd/containerd v1.6.12 h1:kJ9b3mOFKf8yqo05Ob+tMoxvt1pbVWhnB0re9Y+k+8c= -github.com/containerd/containerd v1.6.12/go.mod h1:K4Bw7gjgh4TnkmQY+py/PYQGp4e7xgnHAeg87VeWb3A= +github.com/containerd/containerd v1.6.14 h1:W+d0AJKVG3ioTZZyQwcw1Y3vvo6ZDYzAcjDcY4tkgGI= +github.com/containerd/containerd v1.6.14/go.mod h1:U2NnBPIhzJDm59xF7xB2MMHnKtggpZ+phKg8o2TKj2c= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= diff --git a/hack/release.toml b/hack/release.toml index bc4de860c7..9482e7e3c6 100644 --- a/hack/release.toml +++ b/hack/release.toml @@ -6,7 +6,7 @@ github_repo = "siderolabs/talos" match_deps = "^github.com/((talos-systems|siderolabs)/[a-zA-Z0-9-]+)$" # previous release -previous = "v1.2.0" +previous = "v1.3.0" pre_release = false @@ -15,284 +15,11 @@ preface = """\ [notes] - [notes.kernel_modules] - title = "Kernel Modules" - description = """\ -Talos now supports settings kernel module parameters. - -Eg: - -```yaml -machine: - kernel: - modules: - - name: "br_netfilter" - parameters: - - nf_conntrack_max=131072 -``` -""" - - [notes.sbc] - title = "Nano Pi R4S" - description = """\ -Talos now supports the Nano Pi R4S SBC. -""" - - [notes.sbc1] - title = "Raspberry Generic Images" - description = """\ -The Raspberry Pi 4 specific image has been deprecated and will be removed in the v1.4 release of Talos. -Talos now ships a generic Raspberry Pi image that should support more Raspberry Pi variants. -Refer to the docs at https://www.talos.dev/v1.3/talos-guides/install/single-board-computers/rpi_generic/ to find which ones are supported. -""" - [notes.updates] title = "Component Updates" description="""\ -* Kubernetes: v1.26.0 -* Flannel: v0.20.2 -* CoreDNS: v1.10.0 -* etcd: v3.5.6 -* Linux: 5.15.83 -* containerd: v1.6.12 - -Talos is built with Go 1.19.4. -""" - - [notes.etcd] - title = "etcd Consistency Check" - description="""\ -Talos enables [--experimental-compact-hash-check-enabled](https://github.com/etcd-io/etcd/pull/14120) option by default to improve -etcd store consistency guarantees. - -This options is only available with etcd >= v3.5.5, so Talos doesn't support version of etcd before v3.5.5. -""" - - [notes.auditpolicy] - title = "kube-apiserver Audit Policy" - description="""\ -Talos now supports setting custom audit policy for `kube-apiserver` in the machine configuration. -""" - - [notes.routes] - title = "Routes" - description="""\ -Talos now supports setting MTU for a specific route. -""" - - [notes.cmdline] - title = "Kernel Command Line ip= Argument" - description="""\ -Talos now supports referencing interface name via `enxMAC` address notation: - -``` -ip=172.20.0.2::172.20.0.1:255.255.255.0::enx7085c2dfbc59 -``` -""" - - [notes.kubespan] - title = "KubeSpan" - description="""\ -KubeSpan MTU link size is now configurable via `network.kubespan.mtu` setting in the machine configuration. -""" - - [notes.static_pod_manifests] - title = "Static Pod Manifests" - description = """\ -The directory "/etc/kubernetes/manifests" is now deprecated. -Static pods should always be configured in machine.pods. -To reenable support you may set `machine.kubelet.disableManifestsDirectory`. - -Eg: - -```yaml -machine: - kubelet: - disableManifestsDirectory: no -``` -""" - - [notes.secretbox] - title = "Encryption with secretbox" - description = """\ -By default new clusters will use secretbox for encryption instead of AESCBC. -If both are configured secretbox will take precedence. -Old clusters may keep using AESCBC. -To enable secretbox you may add an encryption secret at `cluster.secretboxEncryptionSecret`. -You should keep `aescbcEncryptionSecret` however, even if secretbox is enabled older data will still be encrypted with AESCBC. - -How to generate the secret: - -```bash -dd if=/dev/random of=/dev/stdout bs=32 count=1 | base64 -``` -""" - - [notes.exoscale] - title = "Exocale Platform" - description = """\ -Talos now supports new platform: Exoscale. - -Exoscale provides a firewall, TCP load balancer and autoscale groups. -It works well with CCM and Kubernetes node autoscaler. -""" - - [notes.etcd-member-id] - title = "etcd Member ID" - description = """\ -Talos now internally handles etcd member removal by member ID instead of member name (hostname). -This resolves the case when member name is not accurate or empty (eg: when etcd hasn't fully joined yet). - -Command `talosctl etcd remove-member` now accepts member IDs instead of member names. - -New resource can be used to get member ID of the Talos node: - -```bash -talosctl get etcdmember -``` -""" - - [notes.cgroupsv1] - title = "cgroups v1" - description = """\ -Talos defaults to using cgroups v2 when Talos doesn't run in a container (when running in a container -Talos follows host cgroups mode). -Talos can now be forced to use cgroups v1 by setting boot kernel argument `talos.unified_cgroup_hierarchy=0`: - -```yaml -machine: - install: - extraKernelArgs: - - "talos.unified_cgroup_hierarchy=0" -``` - -Current cgroups mode can be checked with `talosctl ls /sys/fs/cgroup`: - -cgroups v1: - -``` -blkio -cpu -cpuacct -cpuset -devices -freezer -hugetlb -memory -net_cls -net_prio -perf_event -pids -``` - -cgroups v2: - -``` -cgroup.controllers -cgroup.max.depth -cgroup.max.descendants -cgroup.procs -cgroup.stat -cgroup.subtree_control -cgroup.threads -cpu.stat -cpuset.cpus.effective -cpuset.mems.effective -init -io.stat -kubepods -memory.numa_stat -memory.stat -podruntime -system -``` - -> Note: `cgroupsv1` is deprecated and it should be used only for compatibility with workloads which don't support `cgroupsv2` yet. -""" - - [notes.nodelabels] - title = "Node Labels" - description = """\ -Talos now supports specifying node labels in the machine configuration: - -```yaml -machine: - nodeLabels: - rack: rack1a - zone: us-east-1a -``` - -Changes to the node labels will be applied immediately without `kubelet` restart. - -Talos keeps track of the owned node labels in the `talos.dev/owned-labels` annotation. -""" - - [notes.criconfig] - title = "CRI Configuration Overrides" - description = """\ -Talos no longer supports CRI config overrides placed in `/var/cri/conf.d` directory. - -[New way](https://www.talos.dev/v1.3/talos-guides/configuration/containerd/) correctly handles merging of containerd/CRI plugin configuration. -""" - - [notes.registry_k8s_io] - title = "registry.k8s.io" - description = """\ -Talos now uses `registry.k8s.io` instead of `k8s.gcr.io` for Kubernetes container images. - -See [Kubernetes documentation](https://kubernetes.io/blog/2022/11/28/registry-k8s-io-faster-cheaper-ga/) for additional details. - -If using registry mirrors, or in air-gapped installations you may need to update your configuration. -""" - - [notes.talosctl_machineconfig_patch] - title = "talosctl machineconfig patch" - description = """\ -A new subcommand, `machineconfig patch` is added to `talosctl` to allow patching of machine configuration. - -It accepts a machineconfig file and a list of patches as input and outputs the patched machine configuration. - -Patches can be sourced from the command line or from a file. Output can be written to a file or to stdout. - -Example: - -```bash -talosctl machineconfig patch controlplane.yaml \ - --patch '[{"op":"replace","path":"/cluster/clusterName","value":"patch1"}]' \ - --patch @/path/to/patch2.json -``` - -Additionally, `talosctl machineconfig gen` subcommand is introduced as an alias to `talosctl gen config`. -""" - - [notes.registry-mirrors] - title = "Registry Mirrors" - description = """\ -Talos had an inconsistency in the way registry mirror endpoints are handled when compared with `containerd` implementation: - -```yaml -machine: - registries: - mirrors: - docker.io: - endpoints: - - "https://mirror-registry/v2/mirror.docker.io" -``` - -Talos would use endpoint `https://mirror-registry/v2/mirror.docker.io`, while `containerd` would use `https://mirror-registry/v2/mirror.docker.io/v2`. -This inconsistency is now fixed, and Talos uses same endpoint as `containerd`. - -New `overridePath` configuration is introduced to skip appending `/v2` both on Talos and containerd side: - -```yaml -machine: - registries: - mirrors: - docker.io: - endpoints: - - "https://mirror-registry/v2/mirror.docker.io" - overridePath: true -``` +* Linux: 5.15.85 +* containerd: v1.6.14 """ [make_deps] diff --git a/pkg/machinery/constants/constants.go b/pkg/machinery/constants/constants.go index c1a894641c..eab8b52570 100644 --- a/pkg/machinery/constants/constants.go +++ b/pkg/machinery/constants/constants.go @@ -13,7 +13,7 @@ import ( const ( // DefaultKernelVersion is the default Linux kernel version. - DefaultKernelVersion = "5.15.83-talos" + DefaultKernelVersion = "5.15.85-talos" // KernelParamConfig is the kernel parameter name for specifying the URL. // to the config. @@ -423,7 +423,7 @@ const ( TrustdUserID = 51 // DefaultContainerdVersion is the default container runtime version. - DefaultContainerdVersion = "1.6.12" + DefaultContainerdVersion = "1.6.14" // SystemContainerdNamespace is the Containerd namespace for Talos services. SystemContainerdNamespace = "system" diff --git a/pkg/machinery/gendata/data/pkgs b/pkg/machinery/gendata/data/pkgs index 7f4ccb1897..69ccb15dc1 100644 --- a/pkg/machinery/gendata/data/pkgs +++ b/pkg/machinery/gendata/data/pkgs @@ -1 +1 @@ -v1.3.0-5-g6509d23 \ No newline at end of file +v1.3.0-7-g9931288 \ No newline at end of file