Skip to content

Commit

Permalink
docs: update docs for release 1.1
Browse files Browse the repository at this point in the history 
Update documentation, support matrix, current release, what's new, etc.

Signed-off-by: Andrey Smirnov <[email protected]>
  • Loading branch information
@smira
smira committed Jun 22, 2022
1 parent b816d0b commit cfb6402
Show file tree
Hide file tree
Showing 10 changed files with 175 additions and 83 deletions.
6 changes: 3 additions & 3 deletions website/config.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ version_menu = "Releases"

# A link to latest version of the docs. Used in the "version-banner" partial to
# point people to the main doc site.
url_latest_version = "/v1.0"
url_latest_version = "/v1.1"

# Repository configuration (URLs for in-page links to opening issues and suggesting changes)
# github_repo = "https://github.com/googley-example"
Expand Down Expand Up @@ -141,11 +141,11 @@ version = "v1.2 (pre-release)"

[[params.versions]]
url = "/v1.1/"
version = "v1.1 (pre-release)"
version = "v1.1 (latest)"

[[params.versions]]
url = "/v1.0/"
version = "v1.0 (latest)"
version = "v1.0"

[[params.versions]]
url = "/v0.14/"
Expand Down
1 change: 0 additions & 1 deletion website/content/v1.0/_index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ preRelease: false
lastRelease: v1.0.6
kubernetesRelease: "1.23.5"
prevKubernetesRelease: "1.23.1"
menu: main
---

## Welcome
Expand Down
2 changes: 1 addition & 1 deletion website/content/v1.0/introduction/support-matrix.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ description: "Table of supported Talos Linux versions and respective platforms."
| Talos Version | 1.0 | 0.14 |
|----------------------------------------------------------------------------------------------------------------|------------------------------------|------------------------------------|
| Release Date | 2022-03-29 | 2021-12-21 (0.14.0) |
| End of Community Support | 1.1.0 release (2022-06-01, TBD) | 1.0.0 release (2022-03-27, TBD) |
| End of Community Support | 1.1.0 release (2022-06-22) | 1.0.0 release (2022-03-29) |
| Enterprise Support | [offered by Sidero Labs Inc.](https://www.siderolabs.com/support/) | [offered by Sidero Labs Inc.](https://www.siderolabs.com/support/) |
| Kubernetes | 1.23, 1.22, 1.21 | 1.23, 1.22, 1.21 |
| Architecture | amd64, arm64 | amd64, arm64 |
Expand Down
7 changes: 4 additions & 3 deletions website/content/v1.1/_index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,12 @@ no_list: true
linkTitle: "Documentation"
cascade:
type: docs
preRelease: true
lastRelease: v1.1.0-beta.2
kubernetesRelease: "1.24.1"
preRelease: false
lastRelease: v1.1.0
kubernetesRelease: "1.24.2"
prevKubernetesRelease: "1.23.5"
iscsiToolsRelease: "v0.1.1"
menu: main
---

## Welcome
Expand Down
20 changes: 10 additions & 10 deletions website/content/v1.1/introduction/support-matrix.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,29 +6,29 @@ description: "Table of supported Talos Linux versions and respective platforms."

| Talos Version | 1.1 | 1.0 |
|----------------------------------------------------------------------------------------------------------------|------------------------------------|------------------------------------|
| Release Date | 2022-06-24, TBD | 2022-03-29 (1.0.0) |
| End of Community Support | 1.2.0 release (2022-09-01, TBD) | 1.1.0 release (2022-06-24, TBD) |
| Release Date | 2022-06-22 | 2022-03-29 (1.0.0) |
| End of Community Support | 1.2.0 release (2022-09-01, TBD) | 1.1.0 release (2022-06-22) |
| Enterprise Support | [offered by Sidero Labs Inc.](https://www.siderolabs.com/support/) | [offered by Sidero Labs Inc.](https://www.siderolabs.com/support/) |
| Kubernetes | 1.24, 1.23, 1.22 | 1.23, 1.22, 1.21 |
| Architecture | amd64, arm64 | amd64, arm64 |
| **Platforms** | | |
| - cloud | AWS, GCP, Azure, Digital Ocean, Hetzner, OpenStack, Oracle Cloud, Scaleway, Vultr, Upcloud | AWS, GCP, Azure, Digital Ocean, Hetzner, OpenStack, Scaleway, Vultr, Upcloud |
| - cloud | AWS, GCP, Azure, Digital Ocean, Hetzner, OpenStack, Oracle Cloud, Scaleway, Vultr, Upcloud | AWS, GCP, Azure, Digital Ocean, Hetzner, OpenStack, Oracle Cloud, Scaleway, Vultr, Upcloud |
| - bare metal | x86: BIOS, UEFI; arm64: UEFI; boot: ISO, PXE, disk image | x86: BIOS, UEFI; arm64: UEFI; boot: ISO, PXE, disk image |
| - virtualized | VMware, Hyper-V, KVM, Proxmox, Xen | VMware, Hyper-V, KVM, Proxmox, Xen |
| - SBCs | Banana Pi M64, Jetson Nano, Libre Computer Board ALL-H3-CC, Pine64, Pine64 Rock64, Radxa ROCK Pi 4c, Raspberry Pi 4B | Raspberry Pi4, Banana Pi M64, Pine64, and other |
| - SBCs | Banana Pi M64, Jetson Nano, Libre Computer Board ALL-H3-CC, Pine64, Pine64 Rock64, Radxa ROCK Pi 4c, Raspberry Pi 4B | Banana Pi M64, Jetson Nano, Libre Computer Board ALL-H3-CC, Pine64, Pine64 Rock64, Radxa ROCK Pi 4c, Raspberry Pi 4B |
| - local | Docker, QEMU | Docker, QEMU |
| **Cluster API** | | |
| [CAPI Bootstrap Provider Talos](https://github.com/siderolabs/cluster-api-bootstrap-provider-talos) | >= 0.5.3 | >= 0.5.3 |
| [CAPI Control Plane Provider Talos](https://github.com/siderolabs/cluster-api-control-plane-provider-talos) | >= 0.4.5 | >= 0.4.5 |
| [Sidero](https://www.sidero.dev/) | >= 0.5.0 | >= 0.5.0 |
| [CAPI Bootstrap Provider Talos](https://github.com/siderolabs/cluster-api-bootstrap-provider-talos) | >= 0.5.4 | >= 0.5.3 |
| [CAPI Control Plane Provider Talos](https://github.com/siderolabs/cluster-api-control-plane-provider-talos) | >= 0.4.6 | >= 0.4.5 |
| [Sidero](https://www.sidero.dev/) | >= 0.5.1 | >= 0.5.0 |
| **UI** | | |
| [Theila](https://github.com/siderolabs/theila) |||

## Platform Tiers

Tier 1: Automated tests, high-priority fixes.
Tier 2: Tested from time to time, medium-priority bugfixes.
Tier 3: Not tested by core Talos team, community tested.
* Tier 1: Automated tests, high-priority fixes.
* Tier 2: Tested from time to time, medium-priority bugfixes.
* Tier 3: Not tested by core Talos team, community tested.

### Tier 1

Expand Down
94 changes: 93 additions & 1 deletion website/content/v1.1/introduction/what-is-new.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,96 @@ weight: 50
description: "List of new and shiny features in Talos Linux."
---

TBD
## Kubernetes

### Pod Security Admission

[Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) controller is enabled by default with the following policy:

```yaml
apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
- configuration:
apiVersion: pod-security.admission.config.k8s.io/v1alpha1
defaults:
audit: restricted
audit-version: latest
enforce: baseline
enforce-version: latest
warn: restricted
warn-version: latest
exemptions:
namespaces:
- kube-system
runtimeClasses: []
usernames: []
kind: PodSecurityConfiguration
name: PodSecurity
path: ""
```
The policy is part of the Talos machine configuration, and it can be modified to suite your needs.
### Kubernetes API Server Anonymous Auth
Anonymous authentication is now disabled by default for the `kube-apiserver` (CIS compliance).

To enable anonymous authentication, update the machine config with:

```yaml
cluster:
apiServer:
extraArgs:
anonymous-auth: true
```

## Machine Configuration

### Apply Config `--dry-run`

The commands `talosctl apply-config`, `talosctl patch mc` and `talosctl edit mc` now support `--dry-run` flag.
If enabled it just prints out the selected config application mode and the configuration diff.

### Apply Config `--mode=try`

The commands `talosctl apply-config`, `talosctl patch mc` and `talosctl edit mc` now support the new mode called `try`.
In this mode the config change is applied for a period of time and then reverted back to the state it was before the change.
`--timeout` parameter can be used to customize the config rollback timeout.
This new mode can be used only with the parts of the config that can be changed without a reboot and can help to check that
the new configuration doesn't break the node.

Can be especially useful to check network interfaces changes that may lead to the loss of connectivity to the node.

## Networking

### Network Device Selector

Talos machine configuration supports specifying network interfaces by selectors instead of interface name.
See [documentation]({{< relref "../talos-guides/network/device-selector" >}}) for more details.

## SBCs

### RockPi 4 variants A and B

Talos now supports RockPi variants A and B in addition to RockPi 4C

### Raspberry Pi PoE Hat Fan

Talos now enables the Raspberry Pi PoE fan control by pulling in the poe overlay that works with upstream kernel

## Miscellaneous

### IPv6 in Docker-based Talos Clusters

The command `talosctl cluster create` now enables IPv6 by default for the Docker containers
created for Talos nodes.
This allows to use IPv6 addresses in Kubernetes networking.

If `talosctl cluster create` fails to work on Linux due to the lack of IPv6 support,
please use the flag `--disable-docker-ipv6` to revert the change.

### `eudev` Default Rules

Drops some default eudev rules that doesn't make sense in the context of Talos OS.
Especially the ones around sound devices, cd-roms and renaming the network interfaces to be predictable.
41 changes: 15 additions & 26 deletions website/content/v1.1/kubernetes-guides/configuration/pod-security.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,41 +14,30 @@ In this guide we are going to enable and configure Pod Security Admission in Tal

## Configuration

Prepare the following machine configuration patch and store it in the `pod-security-patch.yaml`:
Talos provides default Pod Security Admission in the machine configuration:

```yaml
- op: add
path: /cluster/apiServer/admissionControl
value:
- name: PodSecurity
configuration:
apiVersion: pod-security.admission.config.k8s.io/v1alpha1
kind: PodSecurityConfiguration
defaults:
enforce: "baseline"
enforce-version: "latest"
audit: "restricted"
audit-version: "latest"
warn: "restricted"
warn-version: "latest"
exemptions:
usernames: []
runtimeClasses: []
namespaces: [kube-system]
apiVersion: pod-security.admission.config.k8s.io/v1alpha1
kind: PodSecurityConfiguration
defaults:
enforce: "baseline"
enforce-version: "latest"
audit: "restricted"
audit-version: "latest"
warn: "restricted"
warn-version: "latest"
exemptions:
usernames: []
runtimeClasses: []
namespaces: [kube-system]
```
This is a cluster-wide configuration for the Pod Security Admission plugin:
* by default `baseline` [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/) profile is enforced
* more strict `restricted` profile is not enforced, but API server warns about found issues

Generate Talos machine configuration applying the patch above:

```shell
talosctl gen config cluster1 https://<IP>:6443/ --config-patch-control-plane @../pod-security-patch.yaml
```

Deploy Talos using the generated machine configuration.
This default policy can be modified by updating the generated machine configuration before the cluster is created or on the fly by using the `talosctl` CLI utility.

Verify current admission plugin configuration with:

Expand Down
24 changes: 23 additions & 1 deletion website/content/v1.1/talos-guides/upgrading-talos.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,29 @@ future.

## Machine Configuration Changes

TBD
Talos 1.1.0 provides a default configuration for [Pod Security Admission]({{< relref "../kubernetes-guides/configuration/pod-security" >}}):

```yaml
cluster:
apiServer:
admissionControl:
- name: PodSecurity
configuration:
apiVersion: pod-security.admission.config.k8s.io/v1alpha1
defaults:
audit: restricted
audit-version: latest
enforce: baseline
enforce-version: latest
warn: restricted
warn-version: latest
exemptions:
namespaces:
- kube-system
runtimeClasses: []
usernames: []
kind: PodSecurityConfiguration
```
## Upgrade Sequence
Expand Down
Loading

0 comments on commit cfb6402

Please sign in to comment.