IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Implement `Install` for imager overlays.
Also add support for generating installers.
Depends on: #8377Fixes: #8350Fixes: #8351Fixes: #8350
Signed-off-by: Noel Georgi <git@frezbo.dev>
This is a small quality of life improvement that allows `logs` subcommand to suggest all available logs.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
As `--input-dir` flag now supports partial configs, it should not fail when there is no talosconfig in the directory.
This was the missing part in siderolabs/talos#8333.
Additionally, allow the `--cidr` flag when `--input-dir` is used - it is used even when the input configs are provided.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
To be used in the `go-talos-support` module without importing the whole
Talos repo.
Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
Support overlays for imager.
The `Install` interface is not wired yet, it will be done as a different
PR.
This should be a no-op for existing imager.
Part of: #8350
Signed-off-by: Noel Georgi <git@frezbo.dev>
As we're using a mirrored image from `registry.k8s.io`, use that as a
source instead of GitHub. Mirrored image appears with some delay after
an official CoreDNS release.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
When provisioning VMs, each launch process sets up CNI network, and from
time to time CNI setup fails with something like:
```
error provisioning CNI network: plugin type="firewall" failed (add): running [/sbin/iptables -t filter -N CNI-ADMIN --wait]: exit status 4: iptables v1.8.10 (nf_tables)
```
This a race condition in the CNI plugins, and it looks like there is no
fix for it (see e.g. https://github.com/hashicorp/nomad/issues/8838).
As a workaround, take a mutex around CNI operation to serialize them.
CNI setup happens in different processes, so use a file-based mutex.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Preallocation still done by default for correct max usage estimates, but
in development environment it could be beneficial not to use up that
space, so I added a flag to disable preallocation
Signed-off-by: Dmitry Sharshakov <d3dx12.xx@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Drop the Kubernetes manifests as static files clean up (this is only
needed for upgrades from 1.2.x).
Fix Talos handling of cgroup hierarchy: if started in container in a
non-root cgroup hiearachy, use that to handle proper cgroup paths.
Add a test for a simple TinK mode (Talos-in-Kubernetes).
Update the docs.
Fixes#8274
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
SideroLink is a secure channel, so we can allow read access to the resources. This will give us more control of the node via Omni and/or other systems using SideroLink.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
This disables by default (if not specified in the machine config) the
endpoint harvesting for KubeSpan peers.
The idea was to observe Wireguard endpoints as seen by other peers in
the cluster, and add them to the list of endpoints for the node. This
might be helpful only in case of some special type of NATs which are
almost never seen in the wild today.
So disable by default, but keep an option to enable it.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Talos Linux 1.7.0 will ship with Kubernetes v1.30.0.
Drop some compatibility for Kubernetes < 1.25, as 1.25 is the minimum
supported version now.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The previous implementation used old events API, which had several
issues:
* buffer overruns, and weird checks
* big timeout even if the all nodes are booted up
Replace that with direct reading of `MachineStatus` resource which is
available since Talos 1.2.0.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#8196
Example (profile excerpt):
```yaml
output:
kind: iso
isoOptions:
sdBootEnrollKeys: force
outFormat: raw
```
Defaults are still same (`if-safe` unless explicitly overridden).
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#8270
The base bug was that the registry will return `nil` `ConfigDocument` if
the version is not registered for a kind, which would result into weird
config decoding errors.
Add more unit-tests, while at it, also add more fuzzing samples.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This is useful when the VMs are booted without machine config,
so default hostnames based on controlplanes/workers no longer make
sense.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Also:
* Linux 6.6.14 + XDP enablement
* etcd 3.5.12
Various other bumps for the tools, utilities, and Go modules.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
It was deprecated 16 months ago, time to cleanup.
(This is to prepare for the first v1.7 release)
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#8111
Starting with 1.7, use RSA instead of ECDSA.
RSA is way slower, but it has better support with other providers.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This PR adds a new controller - `DNSServerController` that starts tcp and udp dns servers locally. Just like `EtcFileController` it monitors `ResolverStatusType` and updates the list of destinations from there.
Most of the caching logic is in our "lobotomized" "`CoreDNS` fork. We need this fork because default `CoreDNS` carries
full Caddy server and various other modules that we don't need in Talos. On our side we implement
random selection of the actual dns and request forwarding.
Closes#7693
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
