IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Implement `Install` for imager overlays.
Also add support for generating installers.
Depends on: #8377Fixes: #8350Fixes: #8351Fixes: #8350
Signed-off-by: Noel Georgi <git@frezbo.dev>
Drop the Kubernetes manifests as static files clean up (this is only
needed for upgrades from 1.2.x).
Fix Talos handling of cgroup hierarchy: if started in container in a
non-root cgroup hiearachy, use that to handle proper cgroup paths.
Add a test for a simple TinK mode (Talos-in-Kubernetes).
Update the docs.
Fixes#8274
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
SideroLink is a secure channel, so we can allow read access to the resources. This will give us more control of the node via Omni and/or other systems using SideroLink.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
This disables by default (if not specified in the machine config) the
endpoint harvesting for KubeSpan peers.
The idea was to observe Wireguard endpoints as seen by other peers in
the cluster, and add them to the list of endpoints for the node. This
might be helpful only in case of some special type of NATs which are
almost never seen in the wild today.
So disable by default, but keep an option to enable it.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Update extensions test to use strategic patches and use
`ExtensionServiceConfig` document.
Depends on: https://github.com/siderolabs/extensions/pull/320
Signed-off-by: Noel Georgi <git@frezbo.dev>
Talos Linux 1.7.0 will ship with Kubernetes v1.30.0.
Drop some compatibility for Kubernetes < 1.25, as 1.25 is the minimum
supported version now.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#8196
Example (profile excerpt):
```yaml
output:
kind: iso
isoOptions:
sdBootEnrollKeys: force
outFormat: raw
```
Defaults are still same (`if-safe` unless explicitly overridden).
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Also:
* Linux 6.6.14 + XDP enablement
* etcd 3.5.12
Various other bumps for the tools, utilities, and Go modules.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#8111
Starting with 1.7, use RSA instead of ECDSA.
RSA is way slower, but it has better support with other providers.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This PR adds a new controller - `DNSServerController` that starts tcp and udp dns servers locally. Just like `EtcFileController` it monitors `ResolverStatusType` and updates the list of destinations from there.
Most of the caching logic is in our "lobotomized" "`CoreDNS` fork. We need this fork because default `CoreDNS` carries
full Caddy server and various other modules that we don't need in Talos. On our side we implement
random selection of the actual dns and request forwarding.
Closes#7693
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Rework docgen to scan a whole directory for multidoc config types recursively and generate a single schema for all of them.
Annotate the files which need to be scanned by docgen while generating a schema by `//docgen:jsonschema`.
Move and rename the schema.
Bring back schema tests.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
This allows to pass direct URLs to Image Factory assets for disk
image/ISO/vmlinuz/initramfs, so that we can test Image Factory with
Talos.
Also add an integration test for Image Factory.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Generate a structured table of contents following the structure of the
config.
Make high-level examples follow the full structure of the config.
Document new multi-doc machine config.
Fixes#8023
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The core blockdevice library already supported resolving symlinks, we
just need to get the raw block device name from it, and use it
afterwards.
In QEMU provisioner, leave the first (system) disk as virtio (for
performance), and mount user disks as 'ata', which allows `udevd` to
pick up the disk IDs (not available for `virtio`), and use the symlink
path in the tests.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
It was using `note` instead of `notes`, so some entries got dropped.
I blame CodePilot for that ;)
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
