IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This PR adds two additional checks which are performed during boot sequence and in `talosctl health`. They ensure that nodes have enough memory and disk.
- Boot check will print a warning if memory / disk size is not sufficient.
- Health check will fail if memory / disk size is not sufficient.
Closes#6467
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
This fixes a potential panic which I found in the unit-tests logs.
The error 'not found' is ignored, so need an addiitonal check.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
It's only used to detect if resource is `nil` or of incorrect type. Both errors are developer errors, so we should not collect them.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Currently `.Error()` call is panicking if `watchErr` is nil. Besides - we want to wrap errors the way we can unwrap them.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
There was inconsistency in the way `/v2` was appended to registry
endpoint path between containerd (CRI) and Talos:
* Talos only appended `/v2` to empty paths
* containerd appended `/v2` if it's not the suffix already
Fix Talos to act same as containerd, and introduce a setting
`overridePath` which stops both Talos and `containerd` from appending
`/v2` (should be required with e.g. Harbor registry mirror).
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#6566
This avoid putting all node addresses which might not be routeable
across Kubernetes.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Add talosctl machineconfig patch command which accepts a machine config as input and a list of patches, applying the patches and writing the result to a file or to stdout.
Link `talosctl machineconfig gen` to `talosctl gen config`, so they work the same way.
Closessiderolabs/talos#6562.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Fixes#6553
Talos itself defaults to XFS, so IMA measurements weren't done for Talos
own filesystems. But many other solutions create by default ext4
filesystems, or it might be something mounted by other means.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Add support to specify the types of outputs to be generated by talosctl gen config.
Add support for writing a single type of output to stdout instead of a file.
Related to siderolabs/talos#6562.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
This brings many fixes, including a new Watch with support for
Bootstapped and Errored event types.
`talosctl` from before this change is still compatible, as there's gRPC
API level backwards compatibility versioning.
New client doesn't yet depend on new event types, so it will work
against Talos 1.2.x.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Host Talos mounts machined socket for API access into the installer
container (for upgrades).
Installer runs any check it might need to verify compatibility.
At the moment following checks are implemented:
* Talos version (whether upgrade from version X to Y is supported)
* Kubernetes version (whether Kubernetes version X is supported with
Talos Y).
Fixes#6149
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Enabling BTF in the kernel brakes kexec from pre-BTF kernel (e.g. when
upgrading from 1.2.x to 1.3.x).
As there's no way to detect Talos version in the installer at the
moment, use another way to detect whether BTF is enabled in the Talos
version which is running right now.
Fixes#6443
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This allows multiple `ip=` parameters, and fixes setting DHCP for any
link on the cmdline.
Fixes#6475
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
It was using value of a variable boud to another flag.
Signed-off-by: Alexandre Mclean <alexandre.mclean@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#5937
This removes external IPs from a set of addresses published by the node
(we source addresses from 'routed' now which excludes external). This is
definitely "right" thing to do, as those addresses are not on the node
itself and can't be routed to the node.
On other hand it also removes them from `talosctl get members`, but we
don't have to split this up right now.
For the KubeSpan endpoints, we still use 'all' addresses, as external
IPs are perfect as KubeSpan endpoints (Wireguard endpoints).
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This feature allows us to use only IPv4 or IPv6 stack to reach the peers.
Also, it can help to not share the node-specific IPs,
which cannot be accessible at all.
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
This is handy when the node with qemu went down, so you had to manually delete the folder after it restarted.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
This resolves a case when a node is behind NAT, but KubeSpan port is
forwarded back to the node. Discovery Service returns public IP of the
client as it sees from the incoming request. That address is now
published to the KubeSpan endpoints.
Fixes#6508
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Removed deprecated arg from the kubelet spec, as the arg is going to be
removed completely in v1.27 (kubelet defaults to remote CRI anyways).
Go modules not updated due to https://github.com/kubernetes/kubernetes/issues/113951
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
We add the `nodeLabels` key to the machine config to allow users to add
node labels to the kubernetes Node object. A controller
reads the nodeLabels from the machine config and applies them via the
kubernetes API.
Older versions of talosctl will throw an unknown keys error if `edit mc`
is called on a node with this change.
Fixes#6301
Signed-off-by: Philipp Sauter <philipp.sauter@siderolabs.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
