From e373069912c550b721c8caac7e0a4b255d61abaf Mon Sep 17 00:00:00 2001 From: Orzelius Date: Mon, 12 Jan 2026 22:19:33 +0900 Subject: [PATCH] docs: add documentation about ssa behaviour in talos v1.13 * clean up inline/extra manifests documentation * add documentation about the pruning process Signed-off-by: Orzelius <33936483+Orzelius@users.noreply.github.com> --- .../advanced-guides/inlinemanifests.mdx | 15 +++++---------- .../advanced-guides/upgrading-kubernetes.mdx | 12 ++++++++++-- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/public/kubernetes-guides/advanced-guides/inlinemanifests.mdx b/public/kubernetes-guides/advanced-guides/inlinemanifests.mdx index f32befb0..eda9f8d5 100644 --- a/public/kubernetes-guides/advanced-guides/inlinemanifests.mdx +++ b/public/kubernetes-guides/advanced-guides/inlinemanifests.mdx @@ -124,16 +124,11 @@ Here’s a quick overview of the key differences between `inlineManifests` and ` ## How Talos Handles Manifest Resources -Talos continuously reconciles manifests on every boot, on every failure to apply, and on every change to the manifests in the machine config. +Talos reconciles manifests on every boot, on every failure to apply, and on every change to the manifests in the machine config. When processing your `inlineManifests` and `extraManifests`, Talos follows a conservative, additive-only approach. -Here's what that means in practice: +This means that Talos automatically only creates new resources. +Once created Talos never edits or deletes resources even if they are modified or removed from the machine configuration. -* **Creates missing resources**: If a resource defined in your manifests doesn't exist in the cluster, Talos will create it. - -* **Preserves existing resources**: Resources that already exist in the cluster are left completely unchanged, regardless of any differences between the current state and the manifest definition. - -* **Never deletes resources**: Talos will not remove resources from the cluster, even if they're no longer present in your manifest configuration. - -If you need to reapply or update these manifests after the cluster has been created, use the [Kubernetes upgrade](./upgrading-kubernetes) process. -Specify the same Kubernetes version that’s currently running in your cluster to ensure that only the manifests are reapplied, without performing a version upgrade. +If you need to prune unwanted resources (supported from Talos v1.13 onward) or update the resources, use the [Kubernetes upgrade](./upgrading-kubernetes) process. +Specify the same Kubernetes version that’s currently running in your cluster to skip performing a kubernetes version upgrade and only synchronize manifests. diff --git a/public/kubernetes-guides/advanced-guides/upgrading-kubernetes.mdx b/public/kubernetes-guides/advanced-guides/upgrading-kubernetes.mdx index a5468308..13328065 100644 --- a/public/kubernetes-guides/advanced-guides/upgrading-kubernetes.mdx +++ b/public/kubernetes-guides/advanced-guides/upgrading-kubernetes.mdx @@ -107,13 +107,21 @@ This command runs in several phases: The update is verified by checking the `Node` resource state. 5. Kubernetes bootstrap manifests are re-applied to the cluster. Updated bootstrap manifests might come with a new Talos version (e.g. CoreDNS version update), or might be the result of machine configuration change. - -> Note: The `upgrade-k8s` command never deletes any resources from the cluster: they should be deleted manually. +6. Unneeded resources are pruned from the cluster (Talos v1.13+). If the command fails for any reason, it can be safely restarted to continue the upgrade process from the moment of the failure. > Note: When using custom/overridden Kubernetes component images, use flags `--*-image` to override the default image names. +### Pruning + +> Note: Pruning is supported from Talos and talosctl v1.13 onwards. + +Pruning of resources from the cluster occurs when any services were deleted or disabled. +For example if [kube-proxy](https://docs.siderolabs.com/talos/latest/reference/configuration/v1alpha1/config#proxy) was disabled in the machine configuration the resources associated with it would be deleted at this stage. + +Pruning can be disabled by passing the `--manifests-no-prune` flag. + ### Synchronize Declared and Deployed Configurations When Kubernetes is upgraded with `talosctl upgrade-k8s`, the live machine configuration on your nodes is updated with new component image versions (API server, controller manager, scheduler, kube-proxy, etc.).