IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Add more contextual description of the discovery service
to the KubeSpan docs, and a link to the repo.
Signed-off-by: Tim Jones <tim.jones@siderolabs.com>
This allows to build a custom Talos image which comes with some system
extension bundled in. Sometimes we might need to have an extension in
the initial image, e.g. `vmtoolsd` for VMWare Talos image.
Syntax:
```
make image-aws \
IMAGER_SYSTEM_EXTENSIONS="ghcr.io/siderolabs/amd-ucode:..."
```
System extensions are not supported for now for ISO images, as they
don't go through the common installer flow (#5725).
Also it might be nice to add a simple way to generate just
`initramfs.xz` with system extensions bundled in (e.g. for PXE booting).
(#5726)
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
It wasn't used when building an endpoint to the local API server, so
Talos couldn't talk to the local API server when port was changed from
the default one.
Fixes#5706
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Version API is only available over SideroLink connection.
This is useful to find Talos version as it got booted (e.g. to generate
proper machine configuration).
There's a security concern that version API might return sensitive
information via public API. At the same time Talos version can be
guessed by looking at the output of other APIs, e.g. resource type list
(`talosctl get rd`), which changes with every minor version.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
The tag was already corrected in v1.1 of the doc but we also need to
correct it for v1.0. When we check out git tag v1.0.5 and build the
installer it will create the image with `siderolabs` in the image tag.
Signed-off-by: Philipp Sauter <philipp.sauter@siderolabs.com>
Instead of hardcoded `grub.cfg`, use common code to generate list of
kernel arguments and allow using `--extra-kernel-arg` as well.
Before the change:
```
linux /boot/vmlinuz init_on_alloc=1 slab_nomerge pti=on panic=0 consoleblank=0 printk.devkmsg=on earlyprintk=ttyS0 console=tty0 console=ttyS0 talos.platform=metal
```
New (default line):
```
linux /boot/vmlinuz talos.platform=metal earlyprintk=ttyS0 console=ttyS0 console=tty0 init_on_alloc=1 slab_nomerge pti=on consoleblank=0 nvme_core.io_timeout=4294967295 random.trust_cpu=on printk.devkmsg=on ima_template=ima-ng ima_appraise=fix ima_hash=sha512
```
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This adds the option to toggle the automatic creation of search domains.
Signed-off-by: Bᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs <me@bjw-s.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
The examples contain raw structures which will be base64-encoded on
marshaling to YAML which might be confusing if someone tries to decode
values.
At the same time we want to make sure that example certs/keys are not
useable to prevent clusters being created with fixed secrets.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Adds a example setup for sending talos logs to a vector aggregator
Signed-off-by: Nat Allan <19149206+Truxnell@users.noreply.github.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
We extend the extension service spec with three security options,
WithWriteableSysfs, WithMaskedPaths, WithReadonlyPaths
Fixes#5411
Signed-off-by: Philipp Sauter <philipp.sauter@siderolabs.com>
If the a service hangs in the boot sequence will not finish. To inform
users we poll the collection of services in the StartAllServices task
regularly and log if their status has changed.
Fixes#5449
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Signed-off-by: Philipp Sauter <philipp.sauter@siderolabs.com>
The links to the patch and script files were changed and not reflected
here. There was also a missing curl command in the first example of
downloading the patch.
Signed-off-by: Tames McTigue <tames@northwestern.edu>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
As Talos v1.0.4 now supports kubelet with graceful shutdown disabled,
update the docs.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
The problem is that these values needs to be set to zero if the kubelet
feature gate is disabled, so we can't assume that we can override zero
value with the proper config, so we have to do an extra check on the
supplied configuration.
Also creates KB article on disabling this feature gate.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Init nodes were deprecated in v1.0 so it makes sense
to remove the documentation about them and consign
them to the past!
Signed-off-by: Tim Jones <tim.jones@siderolabs.com>
The new mode allows changing the config for a period of time, which
allows trying the configuration and automatically rolling it back in case
if it doesn't work for example.
The mode can only be used with changes that can be applied without a
reboot.
When changed it doesn't write the configuration to disk, only changes it
in memory.
`--timeout` parameter can be used to customize the rollback delay.
The default timeout is 1 minute.
Any consequent configuration change will abort try mode and the last
applied configuration will be used.
Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
Since Talos moved to new registry redirect CRI plugin format, start
redirects are no longer supported in the CRI plugin (see
https://github.com/containerd/containerd/blob/main/docs/hosts.md).
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Make the latest-version banner sticky and
more noticeable, and ensure the link to the
latest version links to the current document
if possible.
Signed-off-by: Tim Jones <tim.jones@siderolabs.com>
Add a note on how machine configuration can be retrieved
from the node, after e.g. interactive setup.
Signed-off-by: Tim Jones <tim.jones@siderolabs.com>
