IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Nothing changes from functional point of view: Talos still keeps max of
1M of logs per buffer, but the chunks after first 64k are compressed on
the fly.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This PR fixes incorrect packet TTL if `forwardKubeDNSToHost` is enabled.
Credits go to Julian Wiedmann.
Closes#8698.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Version 0.3.6 contains incorrect server implementation which breaks our integration tests.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
This PR moves the GCP tests to a new project there. I'm working on consolidating projects, names, and doing some reservations out there.
Signed-off-by: Spencer Smith <spencer.smith@talos-systems.com>
These docs are still present in the repo, but won't be an option in the talos docs site.
Signed-off-by: Spencer Smith <spencer.smith@talos-systems.com>
Update proxmox guide to show example of using qemu-guest-agent.
Signed-off-by: USBAkimbo <71508071+USBAkimbo@users.noreply.github.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
The problem is that `talosctl cluster create` tries to enable
forwardKubeDNSToHost (for 1.7+), but due to the wrong condition this
tries to enable `hostDNS` for any version of Talos, while it's only
supported since 1.7+.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Otherwise we get `nil reference` exception during maintenance mode
upgrade with partial machine configs.
Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
Retrieve the DNS names of instances from the platform metadata.
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Improve the ingress firewall docs.
Signed-off-by: Steve Francis <steve.francis@talos-systems.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This allows the kubelet to detect AppArmor.
Signed-off-by: Andrew Rynhard <andrew@rynhard.io>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
I noticed in the docs
[here](8df5b85ec7/website/content/v1.8/kubernetes-guides/network/deploying-cilium.md (L241))
it mentions enabling the KubePrism feature. However, it mentions enabling the
KubePrism feature. However,
[here](8df5b85ec7/website/content/v1.8/kubernetes-guides/configuration/kubeprism.md (L25))
the docs mention it's enabled by default since 1.6..
So I was wondering if mention of enabling KubePrism after v1.6 is a mistake?
Note it was mentioned several times in the docs v1.5.
```
❯ rg "kubePrism:" --glob "*deploying-cilium.md" -A1
website/content/v1.8/kubernetes-guides/network/deploying-cilium.md
240: kubePrism:
241- enabled: true
website/content/v1.7/kubernetes-guides/network/deploying-cilium.md
240: kubePrism:
241- enabled: true
website/content/v1.6/kubernetes-guides/network/deploying-cilium.md
240: kubePrism:
241- enabled: true
website/content/v1.5/kubernetes-guides/network/deploying-cilium.md
32: kubePrism:
33- enabled: true
--
56: kubePrism:
57- enabled: true
--
212: kubePrism:
213- enabled: true
--
240: kubePrism:
241- enabled: true
--
264: kubePrism:
265- enabled: true
```
Signed-off-by: Will Bush <git@willbush.dev>
If the `reboot/reset/shutdown/upgrade` action tracker cannot read the boot ID from the node under `/proc/sys/kernel/random/boot_id` due to insufficient permissions (e.g., when `talosctl reboot` is used over Omni), fall back to skipping boot ID check instead of hard-failing.
Closessiderolabs/talos#7197.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
grpc_tunnel is described as being enabled by using the value yes in the docs, but it should be true.
Signed-off-by: Simon-Boyer <si.boyer@hotmail.ca>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Run a health check before the test, as the test depends on CoreDNS being
healthy, and previous tests might disturb the cluster.
Also refactor by using watch instead of retries, make pods terminate
fast.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The current form of OpenStack is not capitalized correctly. Stack should
be written with a large S, like OpenStack and not Openstack.
Signed-off-by: Birger J. Nordølum <contact@mindtooth.no>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Initramfs and kernel are compressed with zstd.
Extensions are compressed with zstd for Talos 1.8+.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Delay the reboot for 10 seconds only if Talos hits an error, but
otherwise just proceed with the requested action.
This removes 10 seconds on "regular" reboot without kexec.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Provide a trace for each step of the reset sequence taken, so if one of
those fails, integration test produces a meaningful message instead of
proceeding and failing somewhere else.
More cleanup/refactor, should be functionally equivalent.
Fixes#8635
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Some of the flags passed to `talosctl cluster create` were failing the input validation due to being incorrectly marked as mutually exclusive with the `--input-dir` flag.
Clean up the check to allow passing all flags along with the `--input-dir` flag if those flags impact the provisioning process in any way (i.e., not solely used in generating machine config).
Additionally, replace the mutual exclusion checks with Cobra's built-in function for that.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
With Talos 1.7+, more storage drivers are split as modules, so the
devices might not be discovered by the time platform config is going to
be loaded. Explicitly wait for udevd to settle down before trying to
probe a CD.
Fixes#8625
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Allow skipping NAT for the given destinations from a cluster network. This option makes it possible to form an etcd cluster from clusters in different networks created by running `talosctl cluster create` command multiple times using different CIDRs: they simply should have the CIDR of the other clusters passed with `--non-masquerade-cidrs`.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Without endpoints `kube-proxy` adds an automatic reject rule for the
service if it has no endpoints which breaks host network namespace DNS
resolving with `forwardKubeDNSToHost: true`.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This will be useful for debugging process access rights once we start implementing SELinux
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
Since we are returning interfaces in config, we have to return something typed for method chaining to work. Otherwise,
it simply doesn't know what method to call because there is no type information. We also don't want to change
the default config behavior, so we don't try to check for `nil` after calling `.STP()`.
Closes#8626
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
New package arrived in Go 1.22 which provides better rand primitives and functions.
Use it instead of the old one.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
