IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Use `vtprobuf` optimized Marshal/Unmarshal methods which do not depend
on reflection to reduce memory and CPU usage while using Talos API.
See https://github.com/planetscale/vtprotobuf and
https://vitess.io/blog/2021-06-03-a-new-protobuf-generator-for-go/
Co-authored-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Signed-off-by: Alexey Palazhchenko <alexey.palazhchenko@talos-systems.com>
Sparse file generation replaced with Go native calls.
Final artifact `.tar` reproducible with new tar flags and using GNU tar
instead of busybox one, but as the image itself is not reproducible,
this only helps a bit.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This pulls in a change to bump number of max CPUs in the kernel to 512
and update ca-certificates.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Preset `-0` for xz means fast compression but low compression level.
Changing this to `-6` (default) means that result is 10% smaller (tested
with RPi4 image).
Enable parallel compression with number of threads equal to number of
CPUs to make it compress even faster then with `-0`:
* `-0`: 15s
* `-6`: 60s
* `-6 -T 0`: 10s (on my machine, depends on number of cores)
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
GitHub recently introduced limit of 25000 byte for the release notes,
which breaks our release process, as our notes are over the limit.
PR https://github.com/talos-systems/talos/pull/4021 introduced support
for GFM release notes, which are at least 50% smaller.
This PR enables GFM, adds a check for release notes size and pushes
release-notes step to every build so that we known in advance if release
notes are over the limit (vs. the moment we push the release).
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This feature comes as PSP is deprecated and going to be removed in 1.25.
In preparation for that, add an option to disable PSP which was always
enabled in Talos by default.
To keep backwards compatibility, PSP is still enabled by default.
See also #3971
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Co-authored-by: Adam Szucs-Matyas <szucsitg@gmail.com>
No need to do hacks with multiple interface entries just to get multiple
addressing methods
Fixes#2804
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This allows to disable these plugins via `extraArgs` and shortens
argument list for the `kube-apiserver`.
There are no functional changes, as these plugins are enabled by default
anyways.
Based on #3971
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Co-authored-by: Adam Szucs-Matyas <szucsitg@gmail.com>
Signed-off-by: Adam Szucs-Matyas <szucsitg@gmail.com>
* correctly merge wireguard specs across multiple configuration layers
(partially stolen from #3577)
* fix erroneous wireguard reconfig when listen port in the config is
zero
* add tests for link merging (once again, partially stolen from #3577)
* fix ugly bug with LinkSpec Type merging (I believe it's a major source
of pain for you, Seán, in your PR).
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Fixes#3951
Bootkube support was removed in Talos 0.9. Talos versions 0.9-0.11
support conversion of self-hosted bootkube-based control plane to the
new style control plane running as static pods managed by Talos.
This commit removes all backwards compatibility and removes conversion
code.
For the k8s controllers, `BootstrapStatus` is removed and a dependency
on `etcd` service status is added (as it was implicitly there via
`BootstrapStatus`).
Remove control plane conversion code.
In k8s upgrade code, remove self-hosted part.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Scan all pods in `kube-system` and find `kube-proxy`, `kube-scheduler`,
`kube-controller-manager` and `kube-apiserver` ones, then check the
lowest version amongst them.
Signed-off-by: Artem Chernyshev <artem.0xD2@gmail.com>
When Talos runs in a container, `ethtool` availability depends on host
kernel support, and we don't strictly need `ethtool` to make networking
work, so make it optional instead of hard failure.
Example: https://gist.github.com/rgl/392d6e16d176f28430230b06ec80496c
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This is going to be useful in the third party code which is using
upgrade modules, to collect output logs instead of printing them to the
stdout.
Signed-off-by: Artem Chernyshev <artem.0xD2@gmail.com>
Route scope doesn't depend on destination IP type being link-local, e.g.
in Azure route to link local address is create with gateway, and that
should be global (universe) scope route.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Fixes#3847Fixes#3919
1. Looks like `::1/128` is assigned to `lo` interface by the kernel
without our help, and kernel does it properly whether IPv6 is enabled
for not (including particular interface).
2. If IPv6 is disabled completely with command line, we should ignore
failures to write ipv6 sysctls (as these are not security-related,
skipping them isn't a risk).
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
We run etcd health check every 30s, and create/destroy client every 30s.
This puts a lot of pressure on etcd itself and machined.
There's protobuf overhead, TLS connection overhead, etc.
As we don't support changing etcd PKI (yet), client created once is good
enough for the lifetime of the node.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
