IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This will be useful for debugging SELinux implementation. Make API report other xattrs for further development like IMA/EVM
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
The `/opt/cni/bin` in the rootfs contains CNI binaries, which get
overwritten by the volume mount.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Restructure code as per changes from #9198.
This makes the flag name to be in sync with what it actually does.
Signed-off-by: Noel Georgi <git@frezbo.dev>
This is an attempt to fix many issues related with trying to use Service
IP for host DNS.
Fixes#9196
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add docs to correctly prepare an image for usage in Oracle Cloud.
Signed-off-by: Caleb Woodbine <calebwoodbine.public@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This provides rough step-by-step instructions on developing
an overlay and using the imager. It also provides some basic
information about different file types and their purpose.
Signed-off-by: Nicklas Frahm <nicklas.frahm@gmail.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
Fixes#9092
This is a workaround for broken hardware drivers (e.g. RAID
controllers), which report settled event too early.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes https://github.com/siderolabs/extensions/issues/448
Bundle some CNI standard plugins plus Flannel CNI plugin (as Flannel is
the default CNI in Talos) in the Talos `initramfs`.
With this change, no plugin install is required, so the `install-cni`
step is dropped from the Flannel default manifest.
The bundled plugins:
```
$ talosctl -n 172.20.0.2 ls -lH /opt/cni/bin/
NODE MODE UID GID SIZE(B) LASTMOD NAME
172.20.0.2 drwxr-xr-x 0 0 109 B 7 hours ago .
172.20.0.2 -rwxr-xr-x 0 0 3.2 MB 7 hours ago bridge
172.20.0.2 -rwxr-xr-x 0 0 3.3 MB 7 hours ago firewall
172.20.0.2 -rwxr-xr-x 0 0 2.4 MB 7 hours ago flannel
172.20.0.2 -rwxr-xr-x 0 0 2.4 MB 7 hours ago host-local
172.20.0.2 -rwxr-xr-x 0 0 2.4 MB 7 hours ago loopback
172.20.0.2 -rwxr-xr-x 0 0 2.8 MB 7 hours ago portmap
```
The `initramfs` for amd64 grows 67 -> 73 MiB with this change.
The path `/opt/cni/bin` is still an overlay mount, so extra plugins can
be dropped to this directory (no change here).
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Update vmware.sh, use `talos-vmtoolsd` as a system extension.
Signed-off-by: Dean <22192242+saintdle@users.noreply.github.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
There was incorrect word kuberenetes breaking the search through docs
Signed-off-by: George Gaál <gb12335@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Updated with autoscaling group for workers, better copy/paste ability, and not using default VPC
Signed-off-by: Justin Garrison <justin.garrison@siderolabs.com>
`disabled` was removed in https://github.com/cilium/cilium/pull/31286
Signed-off-by: Daniel Höxtermann <daniel@hxtm.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Extensions are posted the following way:
`extensions.talos.dev/<name>=<version>`
The name should be valid as a label (annotation) key.
If the value is valid as a label value, use labels, otherwise use
annotations.
Also implements node annotations in the machine config as a side-effect.
Fixes#9089Fixes#8971
See #9070
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Provide `XDG_RUNTIME_DIR` environment variable, this specifically fixes
the `kubectl exec` action when `/tmp` is filled up.
Update containerd configuration to version 3 and fix it up.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
Following the most recent livestream, I'm adding in a few small fixes, specifically:
* Using `metros` instead of `facilities` as the latter is deprecated (https://deploy.equinix.com/developers/docs/metal/locations/facilities/)
Signed-off-by: Steve Martinelli <4118756+stevemar@users.noreply.github.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add `"` to handle vmware network interfaces with non-characters name
Signed-off-by: Fredrik Lundhag <f@mekk.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This patch adds a flag to `secureboot.database.Generate` to append the
Microsoft UEFI secure boot DB and KEK certificates to the appropriate
ESLs, in addition to complimentary command line flags.
This patch also includes a copy of said Microsoft certificates. The
certificates are downloaded from an official Microsoft repo.
Signed-off-by: Jean-Francois Roy <jf@devklog.net>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#8995
There is no security impact, as the actual SecureBoot
state/configuration is measured into the PCR 7 and the disk encryption
key unsealing is tied to this value.
This is more to provide a way to avoid accidentally encrypting to the
TPM while SecureBoot is not enabled.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Compute command missing backslashes for new lines
Seq in for loop used incorrect numbering
Signed-off-by: Justin Garrison <justin.garrison@siderolabs.com>
The Mayastor helm chart ships with an init container that won't mount /sys and runs lsmod.
Add a note in the guide as this is not obvious.
Signed-off-by: Syoc <Syoc@users.noreply.github.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Set the default image and explicitly set it for main pages.
Lint pre-rendered html for _index.html
Signed-off-by: Justin Garrison <justin.garrison@siderolabs.com>
Updates to reflect the changes in the latest cilium CLI, as well small fix in last example
Signed-off-by: Marco Franssen <marco.franssen@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
