IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This introduces a new role for Talos API which fills the gap between
`os:reader` and `os:admin` roles.
Fixes#6898
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes: https://github.com/siderolabs/talos/issues/6815
Additionally, make it possible to run reset in maintenance mode: to
enable a way for resetting system disk and remove all traces of Talos
from it.
The new reset flow works in a separate sequence, changed disk probe
lookup to check the boot partition instead of the ephemeral one.
Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
Move dashboard package into a common location where both Talos and talosctl can use it.
Add support for overriding stdin, stdout, stderr and ctt in process runner.
Create a dashboard service which runs the dashboard on /dev/tty2.
Redirect kernel messages to tty1 and switch to tty2 after starting the dashboard on it.
Related to siderolabs/talos#6841, siderolabs/talos#4791.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
- github.com/aws/aws-sdk-go to v1.44.209
- github.com/stretchr/testify to v1.8.2
- github.com/jsimonetti/rtnetlink to v1.3.1
- google.golang.org/genproto to v0.0.0-20230223222841-637eb2293923
- github.com/emicklei/dot to v1.3.1
- github.com/gdamore/tcell/v2 to v2.6.0
- github.com/insomniacslk/dhcp to v0.0.0-20230220063916-5369909a5de7
- github.com/jsimonetti/rtnetlink to v1.3.1
- github.com/opencontainers/runtime-spec to v1.1.0-rc.1.0.20230215090456-58ec43f9fc39
- github.com/rivo/tview to v0.0.0-20230226195229-47e7db7885b4
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Talos always supported that, but CRI config lacked support for it.
Now with recent containerd the new `_default` host is used as a
fallback, so this re-enables the support and updates the docs.
See https://github.com/containerd/containerd/pull/8065
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Bump Go to 1.20.1
Bump containerd to 1.6.18
Bump kernel to 6.1.12
Bump go deps and enable renovate updates for markdown lint tools.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Go modules, container images.
Fixup for new COSI version: `ResourceDefinition` signature.
Update for new gRPC version: endpoints interface.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes: #6802
Automatically load kernel modules based on hardware info and modules
alias info. udevd would automatically load modules based on HW
information present.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Set the additional description fields for vscode/monaco/jetbrains editors.
Strip the markdown formatting from the plain description.
Additionally, fix the description of the field `aescbcEncryptionSecret`.
Related to siderolabs/talos#6705.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Extend `docgen` tool to generate a JSON schema for `v1alpha1.Config` if a new optional cli arg is provided.
Extend the YAML-structured code comments on config fields to allow overriding the generated schema.
Add custom schemas for complex types.
Related to siderolabs/talos#6705.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
For some reason `go-mod-outdated` didn't work for me, so I had to do
this manually.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Run `depmod` during install/upgrades when extensions provide kernel
modules and `modules.dep` needs to be re-generated. This also allows
modules of same name from kernel to co-exist. Modules in `extras`
folder takes precedence over `in-built` ones.
Signed-off-by: Noel Georgi <git@frezbo.dev>
`structprotogen` now supports generating enums directly instead of using predeclared file and hardcoded types. To use this functionality, simply put `structprotogen:gen_enum` in the comment above const block, you want to have the proto definitions for.
Closes#6215
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
This allows to safely recover out of space quota issues, and perform
degragmentation as needed.
`talosctl etcd status` command provides lots of information about the
cluster health.
See docs for more details.
Fixes#4889
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Bumps tools/pkgs/extras to the latest.
Bumps Go modules.
Enables adaptive capacity for COSI state.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This provides What's New, updates documentation with new features,
clarifications and fixes.
I added also simple bare-metal stubs for ISO and PXE methods.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
There was inconsistency in the way `/v2` was appended to registry
endpoint path between containerd (CRI) and Talos:
* Talos only appended `/v2` to empty paths
* containerd appended `/v2` if it's not the suffix already
Fix Talos to act same as containerd, and introduce a setting
`overridePath` which stops both Talos and `containerd` from appending
`/v2` (should be required with e.g. Harbor registry mirror).
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Add talosctl machineconfig patch command which accepts a machine config as input and a list of patches, applying the patches and writing the result to a file or to stdout.
Link `talosctl machineconfig gen` to `talosctl gen config`, so they work the same way.
Closessiderolabs/talos#6562.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
This resolves a case when a node is behind NAT, but KubeSpan port is
forwarded back to the node. Discovery Service returns public IP of the
client as it sees from the incoming request. That address is now
published to the KubeSpan endpoints.
Fixes#6508
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Removed deprecated arg from the kubelet spec, as the arg is going to be
removed completely in v1.27 (kubelet defaults to remote CRI anyways).
Go modules not updated due to https://github.com/kubernetes/kubernetes/issues/113951
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
We add the `nodeLabels` key to the machine config to allow users to add
node labels to the kubernetes Node object. A controller
reads the nodeLabels from the machine config and applies them via the
kubernetes API.
Older versions of talosctl will throw an unknown keys error if `edit mc`
is called on a node with this change.
Fixes#6301
Signed-off-by: Philipp Sauter <philipp.sauter@siderolabs.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Use boot kernel arg `talos.unified_cgroup_hierarchy=0` to force Talos to
use cgroups v1. Talos still defaults to cgroupsv2.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Add a timeout of 15 minutes to the trackable CLI actions reboot, reset, shutdown and upgrade and refactor the action tracking.
Make waiting for these operations the default behavior (set `--wait` to `true` by default).
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
We add a controller that provides the etcd member id as a resource
and change the etcd related commands to support member ids next to
hostnames.
Fixes: #6223
Signed-off-by: Philipp Sauter <philipp.sauter@siderolabs.com>
There's a cyclic dependency on siderolink library which imports talos
machinery back. We will fix that after we get talos pushed under a new
name.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This the first step towards replacing all import paths to be based on
`siderolabs/` instead of `talos-systems/`.
All updates contain no functional changes, just refactorings to adapt to
the new path structure.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
We add support for encryption with secretbox. While AESCBC is still
supported secretbox will take precedence if both are configured.
Secretbox is not the default encryption for new clusters.
Fixes: #6362
Signed-off-by: Philipp Sauter <philipp.sauter@siderolabs.com>
