IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Fixes#7873
Some services which perform mounts inside the container which require
mounts to propagate back to the host (e.g. `stargz-snapshotter`) require
this configuration setting.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
With SecureBoot, kernel args are part of the UKI (and signed), so we
need to allow kernel args when building an installer, as this is the
only way to allow updating kernel args in SecureBoot mode.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Support different providers, not only static file paths.
Drop `pcr-signing-key-public.pem` file, as we generate it on the fly
now.
See https://github.com/siderolabs/image-factory/issues/19
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This PR does those things:
- It allows API calls `MetaWrite` and `MetaRead` in maintenance mode.
- SystemInformation resource now waits for available META
- SystemInformation resource now overwrites UUID from META if there is an override
- META now supports "UUID override" and "unique token" keys
- ProvisionRequest now includes unique token and Talos version
For #7694
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Previously a fix was deployed in the Talos API client, but when the
request passes through `apid`, we need to make sure that proxy doesn't
reject large responses.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
See https://github.com/siderolabs/image-factory/issues/44
Instead of using constants, use proper Talos version and kernel version
discovered from the image.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This leads to lots of unnecessary improts, as the chain from network
controllers is pretty long.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
`Input` is initialized with fields populated and at the end of the
function the fields are updated again with the same value
Signed-off-by: budimanjojo <budimanjojo@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
See https://github.com/siderolabs/image-factory/issues/43
Two fixes:
* pass path to the dtb, uboot and rpi-firmware explicitly
* include dtb, uboot and rpi-firmware into arm64 installer image when
generated via imager (regular arm64 installer was fine)
(The generation of SBC images was not broken for Talos itself, but only
when used via Image Factory).
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This was done pre-1.5, so time to drop compatibility shims to make things
less confusing.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This commit integrates the GOMEMLIMIT environment variable into shipped K8S
manifests when resources.limits.memory is defined. It is set to 95% of the
memory limit to optimize the performance of the Go garbage collector,
mitigating the risk of OOMKills in containerized environments.
When configuring the controller-manager or scheduler custom resources in
machine config, they where accepted, but ignored.
This commit adds Resources to NewControlPlaneSchedulerController and
NewControlPlaneControllerManagerController so machine config resources
Fixes#7874
Signed-off-by: Nico Berlee <nico.berlee@on2it.net>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Can possible to change boot image size.
Change the default image size for some cloud platform.
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
These tests ensure that config generation for older versions of Talos is
stable as we move forward and introduce new features in the machine
configuration.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
First of all, it breaks our backwards compatibility promises and breaks
documentation generation. Upstream `specs.Mount` might change at any
time.
The issue was that containerd 1.7.x brings in new `specs.Mount` which
contains extra fields which don't have `omitempty` for YAML, so
machinery always generates them which confuses old Talos versions.
Use a copy of the upstream struct with proper YAML tags, and also
provide a special trick to make sure if the upstream struct changes, we
have a chance to update our copy of the struct.
Also this fixes docs and JSON schema.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Move the common GRPC interceptor code for siderov1 auth into go-api-signature.
Refactor go-api-signature to attempt to read the known environment variables for service accounts.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
These cards are still relevant today at 10gbps and are cheaply available
for homelab use.
Signed-off-by: Jacob McSwain <jacob.a.mcswain@gmail.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
Also add a unit-test to prevent issues like that (I upgraded to 1.29 but
forgot to update go-kubernetes).
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
When running on the machine, the extensionTreePath is not writeable, so
create and clean up a temporary directory to host `modules.dep`
extension.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Drop loop device/mounts completely, use userspace utilities to extract
and lay over module trees in the tmpfs.
Discover kernel version automatically instead of hardcoding it to be
current one (required for Image Service).
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#7712
Instead of hardcoding a size, calculate the UKI and sd-boot size. UKI
has dynamic size, as it depends on number of system extensions
installed.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
