IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We add support for encryption with secretbox. While AESCBC is still
supported secretbox will take precedence if both are configured.
Secretbox is not the default encryption for new clusters.
Fixes: #6362
Signed-off-by: Philipp Sauter <philipp.sauter@siderolabs.com>
Update docs to reflect Talos is a supported OS on Equinix Metal.
Signed-off-by: Steve Francis <steve.francis@talos-systems.com>
Signed-off-by: Tim Jones <tim.jones@siderolabs.com>
Previously static pod manifests were written to and read from a folder
on the disk. We add a controller that cleans up the default static pod
manifests on the disk and serves them as a PodList manifest via HTTP.
The to the manifest is injected into the kubelet. File based static pod
manifests are still supported and may be enabled by setting the key
kubelet -> enableManifestsDirectory in the machine config.
Fixes#5494
Signed-off-by: Philipp Sauter <philipp.sauter@siderolabs.com>
Kubespan creates package size more than MTU external interface size.
This PR adds capabilities to change MTU size through machine config.
And sets MTU of the default kubespan route.
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Containers created with `talosctl cluster create` are ran with readonly
filesystem. This more accurately mimics standard Talos.
Signed-off-by: Andrew Rynhard <andrew@rynhard.io>
Introduce new DHCP operator option to skip hostname request/response,
and use that in OpenStack platform.
OpenStack configures interface with DHCP, while providing dummy hostname
over DHCP and proper hostname over metadata. As operators override
platform settings, DHCP hostname takes over OpenStack hostname. As a
fix, ignore DHCP hostname while on OpenStack.
Fixes#6350
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Example, set interface IP address by MAC:
```cmdline: ip=172.20.0.2::172.20.0.1:255.255.255.0::enx001122aabbcc```
Interface MAC is `00:11:22:aa:bb:cc`.
Source: https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This implements a simple way to upgrade Talos node running in
maintenance mode (only if Talos is installed, i.e. if `STATE` and
`EPHEMERAL` partitions are wiped).
Upgrade is only available over SideroLink for security reasons.
Upgrade in maintenance mode doesn't support any options, and it works
without machine configuration, so proxy environment variables are not
available, registry mirrors can't be used, and extensions are not
installed.
Fixes#6224
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Add resource `AuditPolicyConfigs.kubernetes.talos.dev`.
It can be changed through machine config `cluster.apiServer.auditPolicy`
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
We add a filter to the `talosctl get` command that allows users to
specify a jsonpath filter. Now they can reduce the information that is
printed to only the parts they are interested in.
Fixes#6109
Signed-off-by: Philipp Sauter <philipp.sauter@siderolabs.com>
This commit adds support for building Talos for the
Compute Module 4 and other generic Raspberry Pi
hardware.
Fixes: #6273
Signed-off-by: Kris Reeves <kris@pressbuttonllc.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
Permanent address is only available for physical links, and it might be
different from the 'hardware address': when bonding, 'hardware address'
gets overridden from the bond master, while 'permanent address' still
shows MAC of the interface.
This part of the fix for incorrect bonding issue on Equinix Metal.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This adds metadata annotations and fixes some hanging watch loops.
There should be no functional changes for Talos.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
- Provide editable component diagram
(diagrams.net).
- Document for both 1.2 and 1.3.
Signed-off-by: Sander Maijers <3374183+sanmai-NL@users.noreply.github.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
Add new section to see how to disable admission control in control
plane.
Signed-off-by: Pau Campana <pau.campanya.soler@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This is enabled via a machine config feature/version contract, as
`talosconfig` certificate generated previously didn't have proper key
usage set, so we need to keep backwards compatibility on upgrades.
New v1.3+ clusters will include this check.
This check prevents even potential mis-use of server certificates as a
client certificate.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This commit adds structprotogen tool which is used to generate proto file from Go structs.
Closes#6078.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
This commit adds initial support for the Nano Pi
R4S from Friendlyelec. This device is a networking focused
rk3399 based SBC with two 1G ethernet interfaces,
making it perfect for edge or SOHO deployments.
Signed-off-by: Marvin Drees <marvin.drees@9elements.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
Update what's new, upgrading docs.
Fix up instances of `master` leftover in the docs.
Fix the formatting of kernel params reference.
Fixes#6150
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Track the progress of the long-running actions `reboot`, `reset`, `upgrade` and `shutdown` on the client side by default, unless `--no-wait=true` is specified.
Use the events API to follow the events using the actor ID of the action and display it using an stderr reporter with a spinner.
Closessiderolabs/talos#5499.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
