IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Drop BurntSushi one, and use /v2 of pelletier package.
There is indirect use of v1 which should hopefully go away once we move
away from sonobouy.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Try to activate/deactivate watchdogs, change timeout, run only on QEMU.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
Crons needing extensions need the `generate` step as a dependency for
the `talos-metadata` file.
TrustedBoot needs the `secureboot-installer`.
Equinix needs arm64 since we boot an arm64 box as part of integration.
Signed-off-by: Noel Georgi <git@frezbo.dev>
- By default, github.com/miekg/dns uses `dns.MinMsgSize` for UDP messages, which is 512 bytes. This is too small for some
DNS request/responses, and can cause truncation and errors. This change sets the buffer size to `dns.DefaultMsgSize`
4096 bytes, which is the maximum size of a dns packet payload per RFC 6891.
- We also retry the request if the response is truncated or previous connection was closed.
- And finally we properly handle the case where the response is larger than the client buffer size,
and we return a truncated correct response.
Closes#8763
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
When `udevd` rescans block device partitions while Talos is doing
partitions, it might be that Talos can hit the following error
while trying to open/mount a partition:
```
no such device or address
```
Previous attempts to fix that were using `ENODEV`, while the proper code
is `ENXIO`.
Also take exclusive lock while working with user disks to prevent
concurrent udevd rescan.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Talos doesn't support MLAG aggregation yet, but having the initial
testcase is a good step forward.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fix crons by setting up buildx always, also make sure `images-essential`
has `uki-certs` as dependency.
Also use platform as `linux/amd64` in CI integration tests and cron
jobs, since we don't run tests with arm64 binaries.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Updated all install instructions and added install page for future OS
specific install instructions
Signed-off-by: Justin Garrison <justin.garrison@siderolabs.com>
Note: this issue never happens with default Talos worker configuration
(generated by Omni, `talosctl gen config` or CABPT).
Before change https://github.com/siderolabs/talos/pull/4294 3 years ago,
worker nodes connected to trustd in "insecure" mode (without validating
the trustd server certificate). The change kept backwards compatibility,
so it still allowed insecure mode on upgrades.
Now it's time to break this compatibility promise, and require
accepted CAs to be always present. Adds validation for machine
configuration, so if upgrade is attempeted, it would not validate the
machine config without accepted CAs.
Now lack of accepted CAs would lead to failure to connect to trustd.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The maximum negative ttl (ttl for non-existent domain responses) was set to 1 hour, which is
too long. This PR decreases the maximum negative ttl to 10 seconds.
Also update CoreDNS module while we are at it.
Closes#8631
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Moving the loading and validation to the machinery package, so that we
can import and use that from other projects.
Co-authored-by: Noel Georgi <git@frezbo.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#8753
There seems to be a problem in the machine config anyways, as
`machine.ca.crt` is missing for the worker (this should break `apid`
connectivity), but still Talos controller shouldn't enter a panic loop.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
In containerd 2.0 source tree, this constant is under `internal`, so we
can't import it directly.
So instead re-declare it as a Talos constant.
Doing this multi-staged, as `go-talos-support` is using it as well, and
to update it to stop importing old containerd library I need first to
declare the constant in Talos source tree.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
See https://github.com/siderolabs/go-tail/pull/2
It seems to pop up more with compressed logs, but overall makes sense to
be fixed.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Short introduction into running Multus CNI.
Signed-off-by: Michael Trip <michael@alcatrash.net>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Nothing changes from functional point of view: Talos still keeps max of
1M of logs per buffer, but the chunks after first 64k are compressed on
the fly.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This PR fixes incorrect packet TTL if `forwardKubeDNSToHost` is enabled.
Credits go to Julian Wiedmann.
Closes#8698.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Version 0.3.6 contains incorrect server implementation which breaks our integration tests.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
This PR moves the GCP tests to a new project there. I'm working on consolidating projects, names, and doing some reservations out there.
Signed-off-by: Spencer Smith <spencer.smith@talos-systems.com>
These docs are still present in the repo, but won't be an option in the talos docs site.
Signed-off-by: Spencer Smith <spencer.smith@talos-systems.com>
Update proxmox guide to show example of using qemu-guest-agent.
Signed-off-by: USBAkimbo <71508071+USBAkimbo@users.noreply.github.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
The problem is that `talosctl cluster create` tries to enable
forwardKubeDNSToHost (for 1.7+), but due to the wrong condition this
tries to enable `hostDNS` for any version of Talos, while it's only
supported since 1.7+.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Otherwise we get `nil reference` exception during maintenance mode
upgrade with partial machine configs.
Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
Retrieve the DNS names of instances from the platform metadata.
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Improve the ingress firewall docs.
Signed-off-by: Steve Francis <steve.francis@talos-systems.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This allows the kubelet to detect AppArmor.
Signed-off-by: Andrew Rynhard <andrew@rynhard.io>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
I noticed in the docs
[here](8df5b85ec7/website/content/v1.8/kubernetes-guides/network/deploying-cilium.md (L241))
it mentions enabling the KubePrism feature. However, it mentions enabling the
KubePrism feature. However,
[here](8df5b85ec7/website/content/v1.8/kubernetes-guides/configuration/kubeprism.md (L25))
the docs mention it's enabled by default since 1.6..
So I was wondering if mention of enabling KubePrism after v1.6 is a mistake?
Note it was mentioned several times in the docs v1.5.
```
❯ rg "kubePrism:" --glob "*deploying-cilium.md" -A1
website/content/v1.8/kubernetes-guides/network/deploying-cilium.md
240: kubePrism:
241- enabled: true
website/content/v1.7/kubernetes-guides/network/deploying-cilium.md
240: kubePrism:
241- enabled: true
website/content/v1.6/kubernetes-guides/network/deploying-cilium.md
240: kubePrism:
241- enabled: true
website/content/v1.5/kubernetes-guides/network/deploying-cilium.md
32: kubePrism:
33- enabled: true
--
56: kubePrism:
57- enabled: true
--
212: kubePrism:
213- enabled: true
--
240: kubePrism:
241- enabled: true
--
264: kubePrism:
265- enabled: true
```
Signed-off-by: Will Bush <git@willbush.dev>
