IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Fixes#4815
This implements the following steps:
* machine configuration updates
* pulling and unpacking system extension images
* validating, listing system extensions
* re-packing system extensions
* preserving installed extensions in `/etc/extensions.yaml`
Once extension is enabled, raw information can be queried with:
```
$ talosctl -n 172.20.0.2 cat /etc/extensions.yaml
layers:
- image: 000.ghcr.io-smira-gvisor-c927b54-dirty.sqsh
metadata:
name: gvisor
version: 20220117.0-v1.0.0
author: Andrew Rynhard
description: |
This system extension provides gVisor using containerd's runtime handler.
compatibility:
talos:
version: '> v0.15.0-alpha.1'
```
This was tested with the `gvisor` system extension.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Version was never passed properly, plus the goreleaser is deprecated
now, switch to golangci-lint equivalent script.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This will fix running these scripts on distros without /bin/bash, but
where bash is in $PATH, such as NixOS.
Currently, `make fmt` otherwise fails to run:
```
make[3]: Leaving directory '/home/flokli/dev/numtide/manifoldfinance/talos'
sh: ./hack/fix-artifacts.sh: /bin/bash: bad interpreter: No such file or directory
make[2]: *** [Makefile:163: local-fmt-protobuf] Error 126
make[2]: Leaving directory '/home/flokli/dev/numtide/manifoldfinance/talos'
make[1]: *** [Makefile:274: fmt-protobuf] Error 2
make[1]: Leaving directory '/home/flokli/dev/numtide/manifoldfinance/talos'
make: *** [Makefile:277: fmt] Error 2
```
Signed-off-by: Florian Klink <flokli@flokli.de>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
The CNI is executed on the host. Even if we want to run an arm64 qemu,
we still need to execute the amd64 CNI on the host.
Signed-off-by: Florian Klink <flokli@flokli.de>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Enforces more reasonable minimum TLS versions for Kubernetes components
(1.3 for everything except apiserver; 1.2 for API server for
interoperability).
Signed-off-by: Seán C McCord <ulexus@gmail.com>
Containerd doesn't support merging plugin configuration from multiple
sources, and Talos has several pieces which configure CRI plugin:
(see https://github.com/containerd/containerd/issues/5837)
* base config
* registry mirror config
* system extensions
* ...
So we implement our own simple way of merging config parts (by simply
concatenating text files) to build a final `cri.toml`.
At the same time containerd migrated to a new format to specify registry
mirror configuration, while old way (via CRI config) is going to be
removed in 1.7.0. New way also allows to apply most of registry
configuration (except for auth) on the fly.
Also, containerd was updated to 1.6.0-rc.0 and runc to 1.1.0.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
The list of layers should come from the `/extensions.yaml` configuration
file.
Closes: https://github.com/talos-systems/talos/issues/4814
Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
Instead of patching in the machine config, provide a new interface in
the platforms to supply platform-specific network configuration.
Configuration will be cached in the `/state` across reboots, and
configuration might be even updated in real time (e.g. on GCP).
Network configuration on platform level can be overridden with
user-supplied machine configuration.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Drop the rewrite rule which seems to be causing issues for
`ingress-nginx` when Kubernetes IPv4-only cluster runs in the
IPv6-enabled environment.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Allow cluster nodes to have multiple internal IP addresses when checking
for all Kubernetes nodes.
Fixes#4807
Signed-off-by: Seán C McCord <ulexus@gmail.com>
From PRs #4798#4799
Co-authored-by: Steve Francis <steve.francis@siderolabs.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Signed-off-by: Steve Francis <steve.francis@siderolabs.com>
Adds a guide on how to create an installer with a customized kernel with
proprietary drivers.
Signed-off-by: Andrew Rynhard <andrew@rynhard.io>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This PR moves to give curl commands for the vmware assets instead of
relying on the local paths that I was using. This matches what we're
doing for gcp docs as well.
Signed-off-by: Spencer Smith <spencer.smith@talos-systems.com>
Fixes a small typo in the vmware docs
Signed-off-by: Shahar Naveh <shaharnaveh@users.noreply.github.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Filter the default list down to IPv4/IPv6 depending on the network
configuration. The problem is that the full list contains IPv6 resolvers
and these won't work on IPv4-only network (which is default for
`talosctl cluster create`).
This is not a problem for QEMU, as QEMU filters down the list for
built-in DHCP server already splitting it for DHCP4/DHCP6.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This PR updates the vmware docs to introduce a script to help with the
automation, as well as introduce the setup of talos-vmtoolsd and
reworking the format a bit.
Signed-off-by: Spencer Smith <spencer.smith@talos-systems.com>
This will be required to preserve platform network configuration in a
cache across boots. Network configuration will be marshaled to YAML and
unmarshaled back.
Changes are pretty simple and most of the code is auto-generated:
replace `stringer` codegen with `enumer` which produces also methods
which convert from string back to enum values.
Added tests to verify YAML marshaling/unmarshaling.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#4759
This uses existing features: Talos always generates 32 bytes random node
identity, we use first 16 bytes of that to generate `machine-id` in
compliant format and mount that into the `kubelet` container.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This PR updates to our latest point release for CACPPT to
ensure faster testing. It also pulls in a newer AWS provider.
Signed-off-by: Spencer Smith <spencer.smith@talos-systems.com>
Fixes: #4362.
This change is to make `talosctl cluster create` ignore a missing `init.yaml` file when given an `--input-dir` argument. The `talosctl gen config` command does not create an `init.yaml`, so this would allow running the command to generate configs and then immediately use them to create a cluster.
Signed-off-by: Eric Wohltman <eric.wohltman@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This provides a better way to access IMDS APIs (new IMDS API version,
etc.)
Using `aws-go-sdk` vs. new `aws-go-sdk-v2` as `go-getter` depends on
`v1` version.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Talos shouldn't try to re-encode the machine config it was provided
with.
So add a `ReadonlyWrapper` around `*v1alpha1.Config` which makes sure
that raw config object is not available anymore (it's a private field),
but config accessors are available for read-only access.
Another thing that `ReadonlyWrapper` does is that it preserves the
original `[]byte` encoding of the config keeping it exactly same way as
it was loaded from file or read over the network.
Improved `talosctl edit mc` to preserve the config as it was submitted,
and preserve the edits on error from Talos (previously edits were lost).
`ReadonlyWrapper` is not used on config generation path though - config
there is represented by `*v1alpha.Config` and can be freely modified.
Why almost? Some parts of Talos (platform code) patch the machine
configuration with new data. We need to fix platforms to provide
networking configuration in a different way, but this will come with
other PRs later.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Sometimes pushing/pulling to Kubernetes registry is delayed due to
backoff on failed attempts to talk to the API server when the cluster is
still bootstrapping. Workaround that by adding retries.
Also disable kernel module controller in container mode, as it will keep
always failing.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
