860002c735
Fixes #7159 The change looks big, but it's actually pretty simple inside: the static pods had an annotation which tracks a version of the secrets which forced control plane pods to reload on a change. At the same time `kube-apiserver` can reload certificate inputs automatically from files without restart. So the inputs were split: the dynamic (for kube-apiserver) inputs don't need to be reloaded, so its version is not tracked in static pod annotation, so they don't cause a reload. The previous non-dynamic resource still causes a reload, but it doesn't get updated when e.g. node addresses change. There might be many more refactoring done, the resource chain is a bit of a mess there, but I wanted to keep number of changes minimal to keep this backportable. Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Talos Linux
A modern OS for Kubernetes.
Talos is a modern OS for running Kubernetes: secure, immutable, and minimal. Talos is fully open source, production-ready, and supported by the people at Sidero Labs All system management is done via an API - there is no shell or interactive console. Benefits include:
- Security: Talos reduces your attack surface: It's minimal, hardened, and immutable. All API access is secured with mutual TLS (mTLS) authentication.
- Predictability: Talos eliminates configuration drift, reduces unknown factors by employing immutable infrastructure ideology, and delivers atomic updates.
- Evolvability: Talos simplifies your architecture, increases your agility, and always delivers current stable Kubernetes and Linux versions.
Documentation
For instructions on deploying and managing Talos, see the Documentation.
Community
- Slack: Join our slack channel
- Support: Questions, bugs, feature requests GitHub Discussions
- Forum: community
- Twitter: @SideroLabs
- Email: info@SideroLabs.com
If you're interested in this project and would like to help in engineering efforts or have general usage questions, we are happy to have you! We hold a weekly meeting that all audiences are welcome to attend.
We would appreciate your feedback so that we can make Talos even better! To do so, you can take our survey.
Office Hours
- When: Mondays at 16:30 UTC.
- Where: Google Meet.
You can subscribe to this meeting by joining the community forum above.
Note: You can convert the meeting hours to your local time.
Contributing
Contributions are welcomed and appreciated! See Contributing for our guidelines.
License
Some software we distribute is under the General Public License family of licenses or other licenses that require we provide you with the source code. If you would like a copy of the source code for this software, please contact us via email: info at SideroLabs.com.