diff options
author | Sandro <sandro.jaeckel@gmail.com> | 2022-03-08 12:39:37 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-03-08 12:39:37 +0100 |
commit | 1a0b8047999f117830a2c4b63362a807b49ca44e (patch) | |
tree | d8bb60a8caeb7b514b7e0867db304f3ecc1ea50d /nixos/doc | |
parent | 0ffade9012d2fd2574208cabdb7dc4030f30f33c (diff) | |
parent | e6d1c597f137ee8a4439d7d9c3d24e22b86eb03c (diff) | |
download | nixpkgs-1a0b8047999f117830a2c4b63362a807b49ca44e.tar nixpkgs-1a0b8047999f117830a2c4b63362a807b49ca44e.tar.gz nixpkgs-1a0b8047999f117830a2c4b63362a807b49ca44e.tar.bz2 nixpkgs-1a0b8047999f117830a2c4b63362a807b49ca44e.tar.lz nixpkgs-1a0b8047999f117830a2c4b63362a807b49ca44e.tar.xz nixpkgs-1a0b8047999f117830a2c4b63362a807b49ca44e.tar.zst nixpkgs-1a0b8047999f117830a2c4b63362a807b49ca44e.zip |
Merge pull request #162866 from euank/k3s-unified-cgroups
Diffstat (limited to 'nixos/doc')
-rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2205.section.xml | 14 | ||||
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2205.section.md | 4 |
2 files changed, 18 insertions, 0 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index dc7279f9d5c..28a5d12201e 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -366,6 +366,20 @@ </listitem> <listitem> <para> + <literal>services.k3s.enable</literal> no longer implies + <literal>systemd.enableUnifiedCgroupHierarchy = false</literal>, + and will default to the <quote>systemd</quote> cgroup driver + when using <literal>services.k3s.docker = true</literal>. This + change may require a reboot to take effect, and k3s may not be + able to run if the boot cgroup hierarchy does not match its + configuration. The previous behavior may be retained by + explicitly setting + <literal>systemd.enableUnifiedCgroupHierarchy = false</literal> + in your configuration. + </para> + </listitem> + <listitem> + <para> The DHCP server (<literal>services.dhcpd4</literal>, <literal>services.dhcpd6</literal>) has been hardened. The service is now using the systemd’s diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index fd812c540b9..f56bc3d1287 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -121,6 +121,10 @@ In addition to numerous new and upgraded packages, this release has the followin - `services.kubernetes.scheduler.{port,address}` now set `--secure-port` and `--bind-address` instead of `--port` and `--address`, since the former have been deprecated and are no longer functional in kubernetes>=1.23. Ensure that you are not relying on the insecure behaviour before upgrading. +- `services.k3s.enable` no longer implies `systemd.enableUnifiedCgroupHierarchy = false`, and will default to the 'systemd' cgroup driver when using `services.k3s.docker = true`. + This change may require a reboot to take effect, and k3s may not be able to run if the boot cgroup hierarchy does not match its configuration. + The previous behavior may be retained by explicitly setting `systemd.enableUnifiedCgroupHierarchy = false` in your configuration. + - The DHCP server (`services.dhcpd4`, `services.dhcpd6`) has been hardened. The service is now using the systemd's `DynamicUser` mechanism to run as an unprivileged dynamically-allocated user with limited capabilities. The dhcpd state files are now always stored in `/var/lib/dhcpd{4,6}` and the `services.dhcpd4.stateDir` and `service.dhcpd6.stateDir` options have been removed. |