hack/release.toml

# commit to be tagged for new release
commit = "HEAD"

project_name = "Talos"
github_repo = "siderolabs/talos"
match_deps = "^github.com/((talos-systems|siderolabs)/[a-zA-Z0-9-]+)$"

# previous release
previous = "v1.1.0"

pre_release = true

preface = """\
"""

[notes]

    [notes.seccomp]
        title = "Seccomp Profiles"
        description = """\
Talos now supports creating custom seccomp profiles on the host machine which in turn can be used by Kubernetes workloads.
It can be configured in the machine config as below:

```yaml
machine:
  seccompProfiles:
    - name: audit.json
      value:
        defaultAction: SCMP_ACT_LOG
    - name: deny.json
      value: {"defaultAction":"SCMP_ACT_LOG"}
```

This profile data can be either configured as a YAML definition or as a JSON string.

The profiles are created on the host under `/var/lib/seccomp/profiles` and bind mounted at `/var/lib/kubelet/seccomp/profiles` so Kubelet can use it.

See [documentation](https://www.talos.dev/v1.2/kubernetes-guides/configuration/seccomp-profiles/) for more details.
"""

    [notes.kubelet]
        title = "Kubelet Default Runtime Seccomp Profile"
        description = """\
Talos now runs Kubelet with the CRI default Seccomp Profile enabled.
This can be disabled by setting `.machine.kubelet.defaultRuntimeSeccompProfileEnabled` to `false`.

This is not enabled automatically on upgrades, so upgrading to Talos v1.2 needs this to be explicitly enabled.
"""

    [notes.k8s-controlplane-components]
        title = "Kubernetes ControlPlane Components"
        description = """\
Talos now run all Kubernetes Control Plane Components with the CRI default Seccomp Profile and other recommendations as described in
[KEP-2568](https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/kubeadm/2568-kubeadm-non-root-control-plane).
"""

    [notes.network-bridge]
        title = "Network bridge support"
        description = """\
Talos now supports configuring Linux bridges. It can be configured in the machine config like the following:

```yaml
machine:
  network:
    interfaces:
      - interface: br0
        bridge:
          stp:
            enabled: true
          interfaces:
            - eth0
            - eth1
```

See [documentation](https://www.talos.dev/v1.2/reference/configuration/#bridge) for more details.
"""

    [notes.network-vlan-cmdline]
        title = "VLAN support in cmdline arguments"
        description = """\
Talos now supports dracut-style `vlan` kernel argument to allow
installing Talos Linux in networks where ports are not tagged
with a default VLAN:

```
vlan=eth1.5:eth1 ip=172.20.0.2::172.20.0.1:255.255.255.0::eth1.5:::::
```

"""

    [notes.updates]
        title = "Component Updates"
        description="""\
* Linux: 5.15.58
* Flannel 0.19.1
* containerd 1.16.7

Talos is built with Go 1.19.
"""

    [notes.talos-config-kernel-param-variable-substitution]
        title = "Variable substitution for URL query parameter in the talos.config kernel parameter"
        description="""\
        The kernel parameter talos.config can now substitute system information into placeholders inside its URL query values. This example shows all supported variables:

```http://example.com/metadata?h=${hostname}&m=${mac}&s=${serial}&u=${uuid}```
"""

    [notes.strategic-merge]
        title = "Strategic merge machine configuration patching"
        description="""\
In addition to JSON (RFC6902) patches Talos now supports [strategic merge patching](https://www.talos.dev/v1.2/talos-guides/configuration/patching/).

For example, machine hostname can be set with the following patch:

```yaml
machine:
  network:
    hostname: worker1
```

Patch format is detected automatically.
"""

    [notes.gen-secrets-from-pki]
        title = "Generating Talos secrets from PKI directory"
        description="""\
It is now possible to generate a secrets bundle from a Kubernetes PKI directory (e.g. `/etc/kubernetes/pki`).

You can also specify a bootstrap token to be used in the secrets bundle.

This secrets bundle can then be used to generate a machine config.

This facilitates migrating clusters (e.g. created using `kubeadm`) to Talos.

```
talosctl gen secrets --kubernetes-bootstrap-token znzio1.1ifu15frz7jd59pv --from-kubernetes-pki /etc/kubernetes/pki
talosctl gen config --with-secrets secrets.yaml my-cluster https://172.20.0.1:6443
```
"""

    [notes.packet-capture]
        title = "Packet Capture"
        description="""\
Talos now supports capturing packets on a network interface with `talosctl pcap` command:

  talosctl pcap --interface eth0
"""

    [notes.stable-hostname]
        title = "Stable Default Hostname"
        description="""\
Talos now generates the default hostname (when there is no explicitly specified hostname) for the nodes based on the
node id (e.g. `talos-2gd-76y`) instead of using the DHCP assigned IP address (e.g. `talos-172-20-0-2`).

This ensures that the node hostname is not changed when DHCP assigns a new IP to a node.
"""

    [notes.kubespan-kubernetes-nets]
        title = "KubeSpan Kubernetes Network Advertisement"
        description="""\
KubeSpan no longer by default advertises Kubernetes pod networks of the node over KubeSpan.
This means that CNI should handle encapsulation of pod-to-pod traffic into the node-to-node tunnel,
and node-to-node traffic will be handled by KubeSpan.
This provides better compatibility with popular CNIs like Calico and Cilium.

Old behavior can be restored by setting `.machine.kubespan.advertiseKubernetesNetworks = true` in the machine config.
"""

[make_deps]

    [make_deps.tools]
        variable = "TOOLS"
        repository = "github.com/siderolabs/tools"

    [make_deps.pkgs]
        variable = "PKGS"
        repository = "github.com/siderolabs/pkgs"

    [make_deps.extras]
        variable = "EXTRAS"
        repository = "github.com/siderolabs/extras"