IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This PR will add the bits necessary to make use of changes to our
v1alpha1 cluster api provider for CI testing. This is needed since we've
had machine config changes.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This PR will add the ability to query metadata servers in azure to fetch
external IPs. Needed to ensure certs get generated with proper cert SANs
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This package provides a consistent way for us to retry arbitrary logic.
It provides the following backoff algorithms:
- exponential
- linear
- constant
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
Since some applications read the config from disk on startup, we need to
write the config to disk just before starting them in order to relay any
data that has been added to the config during bootup.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This adds a setter for the certificate SANs and sets the hostname based
on info from the platform.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This PR will push the cluster network node configs for all nodes. This
is needed so that non-init nodes can know the service address range to
use for determining the IP of services like coredns.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
Memory usage reduced around 8-10x: now it stays stable at 1GB.
I disabled some of the new linters, and one rule which is violated a
lot.
I might make sense to go back and enable `wsl` fixing all the issues
(leaving that for another PR).
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
When creating docker based clusters, we need to use `InternalIP` for
kubelet connections. The default is
`Hostname,InternalDNS,InternalIP,ExternalDNS,ExternalIP`, but
`Hostname` doesn't work in docker because we don't depend on docker for
DNS.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
The builtin recover func is scoped to the current go routine, and since
our boot sequence is kicked off in its' own go routine, we were failing
to recover from panics.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
The goal with the docker based cluster is to provide developers with an
easy way to run Kubernetes on their local machines. Most of the time,
they won't need more than 1 master. This defaults cluster creation to 1
master.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
Because `platform.Name()` returns the capitalized name but the baremetal
platform kernel commandline option expects the lowercase 'metal', we
ignore the case of the platform when doing the platform match checking
in `ostctl install`.
Fixes#1249
Signed-off-by: Seán C McCord <ulexus@gmail.com>
This adds more methods to the Cluster interface that allows for more
granular control of the cluster network settings.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This moves from translating a config into an internal config
representation, to using an interface. The idea is that an interface
gives us stronger compile time checks, and will prevent us from having to copy
from on struct to another. As long as a concrete type implements the
Configurator interface, it can be used to provide instructions to Talos.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This introduces the functionality for discovering external addresses configured on an intance.
This allows us to automatically append these external addresses to our certificate SANs so we can
access the machines from these addresses without having to know about them ahead of time.
Signed-off-by: Brad Beam <brad.beam@talos-systems.com>
This change allows for discovery of the control plane IPs. The
motivation behind this is to remove the static IP requirement. The
endpoints are discovered by machined, and passed into OSD as arguments
in order to avoid the need to mount /var/lib/kubelet/pki.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This detangles the gRPC client code from the userdata code. The
motivation behind this is to make creating clients more simple and not
dependent on our configuration format.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This changes the controlplane logic to write the audit policy to disk
from a common template instead of using trustd to distribute it.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This change allows us to generate the EncryptionConfig on each
controlplane node. The benefit is that we no longer need to distibute
the EncryptionConfig via trustd.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
The changes we needed in the clone plugin have been merged. We should
use the official plugin to minimize what we have to maintain.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This change ensures that the installer has access to the machine config
so that it can set the extra kernel arguments when installing.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This adds a label to the installer image that indicates the version. We
can build automation around this in a number of different ways, but one
of the use cases we have immediately is to use this label to determine
which version of Talos is at a given channel. For example, if we were to
implement an "edge" channel, we could periodically check for an image
with the tag "edge" and use the version label to determine if a node is
running the current version of edge. Even if we don't use the labels for our
channel implementation, its' still useful information to have.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This makes working with the API much cleaner as a client. Using gob
doesn't give the client a well-known type to work with in the API
definition.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
In general it is better if we default to single requests, and then gate
streams behind a flag. This makes the processes subcommand work in this
way and puts the streamed data behind a `--watch` flag.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
