IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Run SideroLink API server via TLS with self-signed certificate, inject
that certificate into Talos via `talos.config.inline=`.
Fix a couple of place where our special TLS root CA provider supporting
reloading on the fly was not used.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 8d6884a8e28e1bfa29f9a479e0f7179819cf70cd)
The fix in #9233 wasn't correct, as it was looking for number of
replicas in a "random" ReplicaSet. If the deployment has multiple
replica sets, it leads to unexpected results.
Instead, read the Deployment resource directly.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 780a1f198a5eedd33a27060bdf116bd3a3b26426)
`List` returns a sorted (by id) list of resources. This doesn't work when the order of dns upstreams is important. Because of that
add an `Idx` field to the "DNSUpstreams.net.talos.dev" resource, so we can preserve order.
Fixes#9274
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
(cherry picked from commit 79cd031588a0710b865414f919742ee3ffb998ed)
Move META constants out to machinery, and fix up imports. The internal
`pkg/meta` package shold not be consumed in public-facing commands.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The previous code didn't work, as it was manipulating args before they
were reset by the platform.
Also it was producing wrong order of console args.
Both fixed, plus a unit-test.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This implements the first round of changes, replacing the volume backend
with the new implementation, while keeping most of the external
interfaces intact.
See #8367
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Pause sequencer till the boot timeout if talos is booted from ISO/PXE, but
an existing talos is installed to disk and
`talos.iso.boot.halt_if_installed` kernel argument is set.
Fixes: #9232
Signed-off-by: Noel Georgi <git@frezbo.dev>
Kaniko adds an entry for the root folder `/` in its tarballs.
Processing the file causes the process to hang when trying to
recreate the destination directory.
The root directory already exists, so it triggers an error, but as the
errors were not correctly propagated, the process hangs forever.
Fix both issues.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Update tools, pkgs, extras, Go dependencies, Go tools, etc.
Linux 6.6.47 and containerd 2.0.0-rc.4.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Explicitly enable access to host DNS from pod/service IPs.
Also fix the Kubernetes health checks to assert number of ready pods to
match expectation, otherwise the check might skip a pod (e.g.
`kube-proxy` one) which is not ready, allowing the test to proceed too
early.
Update DNS test to print more logs on error.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This will be useful for debugging SELinux implementation. Make API report other xattrs for further development like IMA/EVM
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
This option must be defined at the proto level in order to have an
import path that is reasonably usable
Signed-off-by: Eddie Zaneski <eddiezane@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This is an attempt to fix many issues related with trying to use Service
IP for host DNS.
Fixes#9196
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Re-structure k8s components health checks so that K8s health can be
independently checked without auxiliary components being up.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Fixes#9092
This is a workaround for broken hardware drivers (e.g. RAID
controllers), which report settled event too early.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes https://github.com/siderolabs/extensions/issues/448
Bundle some CNI standard plugins plus Flannel CNI plugin (as Flannel is
the default CNI in Talos) in the Talos `initramfs`.
With this change, no plugin install is required, so the `install-cni`
step is dropped from the Flannel default manifest.
The bundled plugins:
```
$ talosctl -n 172.20.0.2 ls -lH /opt/cni/bin/
NODE MODE UID GID SIZE(B) LASTMOD NAME
172.20.0.2 drwxr-xr-x 0 0 109 B 7 hours ago .
172.20.0.2 -rwxr-xr-x 0 0 3.2 MB 7 hours ago bridge
172.20.0.2 -rwxr-xr-x 0 0 3.3 MB 7 hours ago firewall
172.20.0.2 -rwxr-xr-x 0 0 2.4 MB 7 hours ago flannel
172.20.0.2 -rwxr-xr-x 0 0 2.4 MB 7 hours ago host-local
172.20.0.2 -rwxr-xr-x 0 0 2.4 MB 7 hours ago loopback
172.20.0.2 -rwxr-xr-x 0 0 2.8 MB 7 hours ago portmap
```
The `initramfs` for amd64 grows 67 -> 73 MiB with this change.
The path `/opt/cni/bin` is still an overlay mount, so extra plugins can
be dropped to this directory (no change here).
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Put Talos version in the ISO volume ID and volumeset ID.
Volume ID is restricted on valid characters, while volumeset ID is not
restricted (Unicode).
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Support `unsupported` flag for mkfs, so that `STATE` partition with size
less than 300M can be created by `mkfs.xfs`.
This allows to bring in newer `xfsprogs` that can repair corrupted FS
better.
Signed-off-by: Noel Georgi <git@frezbo.dev>
This is required in Image Factory to manipulate properly the imager
profile when enabling an option for well-known UEFI certificates.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The main etcd tag is now multiarch so the special case isn't needed.
Signed-off-by: Steven Fackler <sfackler@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Extensions are posted the following way:
`extensions.talos.dev/<name>=<version>`
The name should be valid as a label (annotation) key.
If the value is valid as a label value, use labels, otherwise use
annotations.
Also implements node annotations in the machine config as a side-effect.
Fixes#9089Fixes#8971
See #9070
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
