IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Extensions are posted the following way:
`extensions.talos.dev/<name>=<version>`
The name should be valid as a label (annotation) key.
If the value is valid as a label value, use labels, otherwise use
annotations.
Also implements node annotations in the machine config as a side-effect.
Fixes#9089Fixes#8971
See #9070
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Provide `XDG_RUNTIME_DIR` environment variable, this specifically fixes
the `kubectl exec` action when `/tmp` is filled up.
Update containerd configuration to version 3 and fix it up.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
Following the most recent livestream, I'm adding in a few small fixes, specifically:
* Using `metros` instead of `facilities` as the latter is deprecated (https://deploy.equinix.com/developers/docs/metal/locations/facilities/)
Signed-off-by: Steve Martinelli <4118756+stevemar@users.noreply.github.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add `"` to handle vmware network interfaces with non-characters name
Signed-off-by: Fredrik Lundhag <f@mekk.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This patch adds a flag to `secureboot.database.Generate` to append the
Microsoft UEFI secure boot DB and KEK certificates to the appropriate
ESLs, in addition to complimentary command line flags.
This patch also includes a copy of said Microsoft certificates. The
certificates are downloaded from an official Microsoft repo.
Signed-off-by: Jean-Francois Roy <jf@devklog.net>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#8995
There is no security impact, as the actual SecureBoot
state/configuration is measured into the PCR 7 and the disk encryption
key unsealing is tied to this value.
This is more to provide a way to avoid accidentally encrypting to the
TPM while SecureBoot is not enabled.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Compute command missing backslashes for new lines
Seq in for loop used incorrect numbering
Signed-off-by: Justin Garrison <justin.garrison@siderolabs.com>
The Mayastor helm chart ships with an init container that won't mount /sys and runs lsmod.
Add a note in the guide as this is not obvious.
Signed-off-by: Syoc <Syoc@users.noreply.github.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Set the default image and explicitly set it for main pages.
Lint pre-rendered html for _index.html
Signed-off-by: Justin Garrison <justin.garrison@siderolabs.com>
Updates to reflect the changes in the latest cilium CLI, as well small fix in last example
Signed-off-by: Marco Franssen <marco.franssen@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Run e2e-aws-nvidia-oss with zfs extension enabled.
Also fix the iscsi tests to get transport info using the new disks api.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Add a new resource, `SiderolinkStatus`, which combines the following info:
- The Siderolink API endpoint without the query parameters or fragments (potentially sensitive info due to the join token)
- The status of the Siderolink connection
This resource is not set as sensitive, so it can be retrieved by the users with `os:operator` role (e.g., using `talosctl dashboard` through Omni).
Make use of this resource in the dashboard to display the status of the Siderolink connection.
Additionally, rework the status columns in the dashboard to:
- Display a Linux terminal compatible "tick" or a "cross" prefix for statuses in addition to the red/green color coding.
- Move and combine some statuses to save rows and make them more even.
Closessiderolabs/talos#8643.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Detect CD devices, and set size to 0 for CD without media.
In user disk wipe tests, skip device mapper devices and CD-ROM.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Uses go-siderolabs/go-blockdevice/v2 for all the hard parts,
provides new resource `Disk` which describes all disks in the system.
Additional resource `SystemDisk` always point to the system disk (based
on the location of `META` partition).
The `Disks` API (and `talosctl disks`) provides a view now into the
`talosctl get disks` to keep backwards compatibility.
QEMU provisioner can now create extra disks of various types: IDE, AHCI,
SCSI, NVME, this allows to test detection properly.
The new resource will be the foundation for volume provisioning (to pick
up the disk to provision the volume on).
Example:
```
talosctl -n 172.20.0.5 get disks
NODE NAMESPACE TYPE ID VERSION SIZE READ ONLY TRANSPORT ROTATIONAL WWID MODEL SERIAL
172.20.0.5 runtime Disk loop0 1 65568768 true
172.20.0.5 runtime Disk nvme0n1 1 10485760000 false nvme nvme.1b36-6465616462656566-51454d55204e564d65204374726c-00000001 QEMU NVMe Ctrl deadbeef
172.20.0.5 runtime Disk sda 1 10485760000 false virtio true QEMU HARDDISK
172.20.0.5 runtime Disk sdb 1 10485760000 false sata true t10.ATA QEMU HARDDISK QM00013 QEMU HARDDISK
172.20.0.5 runtime Disk sdc 1 10485760000 false sata true t10.ATA QEMU HARDDISK QM00001 QEMU HARDDISK
172.20.0.5 runtime Disk vda 1 12884901888 false virtio true
```
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Talos diagnostics analyzes current system state and comes up with detailed
warnings on the system misconfiguration which might be tricky to figure
out other way.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Extra method with the use of a job
Signed-off-by: leppeK <26918457+leppeK@users.noreply.github.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Updated all install instructions and added install page for future OS
specific install instructions
Signed-off-by: Justin Garrison <justin.garrison@siderolabs.com>
Short introduction into running Multus CNI.
Signed-off-by: Michael Trip <michael@alcatrash.net>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
These docs are still present in the repo, but won't be an option in the talos docs site.
Signed-off-by: Spencer Smith <spencer.smith@talos-systems.com>
Update proxmox guide to show example of using qemu-guest-agent.
Signed-off-by: USBAkimbo <71508071+USBAkimbo@users.noreply.github.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
Retrieve the DNS names of instances from the platform metadata.
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Improve the ingress firewall docs.
Signed-off-by: Steve Francis <steve.francis@talos-systems.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
I noticed in the docs
[here](8df5b85ec7/website/content/v1.8/kubernetes-guides/network/deploying-cilium.md (L241))
it mentions enabling the KubePrism feature. However, it mentions enabling the
KubePrism feature. However,
[here](8df5b85ec7/website/content/v1.8/kubernetes-guides/configuration/kubeprism.md (L25))
the docs mention it's enabled by default since 1.6..
So I was wondering if mention of enabling KubePrism after v1.6 is a mistake?
Note it was mentioned several times in the docs v1.5.
```
❯ rg "kubePrism:" --glob "*deploying-cilium.md" -A1
website/content/v1.8/kubernetes-guides/network/deploying-cilium.md
240: kubePrism:
241- enabled: true
website/content/v1.7/kubernetes-guides/network/deploying-cilium.md
240: kubePrism:
241- enabled: true
website/content/v1.6/kubernetes-guides/network/deploying-cilium.md
240: kubePrism:
241- enabled: true
website/content/v1.5/kubernetes-guides/network/deploying-cilium.md
32: kubePrism:
33- enabled: true
--
56: kubePrism:
57- enabled: true
--
212: kubePrism:
213- enabled: true
--
240: kubePrism:
241- enabled: true
--
264: kubePrism:
265- enabled: true
```
Signed-off-by: Will Bush <git@willbush.dev>
grpc_tunnel is described as being enabled by using the value yes in the docs, but it should be true.
Signed-off-by: Simon-Boyer <si.boyer@hotmail.ca>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
