IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Fixes#7615
This extends the previous handling when Talos did `ToLower()` on the
hostname to do the full filtering as expected.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This is a follow-up fix for #7640
I noticed that image cleanup controller cleans up the images if
specified with both tag and digest.
The problem was incorrectly building image references in the expected
set of images, so they were incorrectly marked as unused.
Refactor the code to make the core part testable.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#7636
This support a `List`-type manifests by unwrapping them into individual
objects.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
First of all, it seems to be "right way", as it makes sure the image is
looked up by the digest.
Second, it fixes the case when image is specified with both tag and
digest (which is not supposed to be the correct ref, but it is used
frequently).
Talos since 1.5.0 stores images with the following aliases:
```
gcr.io/etcd-development/etcd:v3.5.9
gcr.io/etcd-development/etcd@sha256:8c956d9b0d39745fa574bb4dbacd362ffdc1109479432f54094859d4cf984b17
ghcr.io/siderolabs/kubelet:v1.28.0
ghcr.io/siderolabs/kubelet@sha256:50710f2cd3328c23f57dfc7fb00940d8cfd402315e33fc7cb8184fc660650a5c
sha256:50710f2cd3328c23f57dfc7fb00940d8cfd402315e33fc7cb8184fc660650a5c
sha256:8c956d9b0d39745fa574bb4dbacd362ffdc1109479432f54094859d4cf984b17
```
This change pulls the digest format (the last in this list) and uses it
to start a container.
Fixes#7640
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
With the refactoring to 1.5, the confusion between bytes and megabytes
introduced this bug.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This will be backported to 1.5, so that Talos 1.5 machinery will still
provide compatibility for (future) Talos 1.6.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Partial rollback of 76fa45a.
The cilium helm chart requires an fix to handle the hostPath
at /sys/fs/bpf when bpf.autoMount.enabled=false. The earlier commit
disabled bpf automount, removing the init container's mount. Helm
missed adding the hostPath, and neither /sys nor /sys/fs got added.
This made cilium wrongly mount /sys/fs/bpf.
Fixes error message at: https://github.com/siderolabs/talos/pull/7565#issuecomment-1671063014
Signed-off-by: Nico Berlee <nico.berlee@on2it.net>
Signed-off-by: Noel Georgi <git@frezbo.dev>
Short version is: move from global variables/`init()` function into
explicit functions.
`docgen` was updated to skip creating any top-level global variables,
now `Doc` information is generated on the fly when it is accessed.
Talos itself doesn't marshal the configuration often, so in general it
should never be accessed for Talos (but will be accessed e.g. for
`talosctl`).
Machine config examples were changed manually from variables to
functions returning a value and moved to a separate file.
There are no changes to the output of `talosctl gen config`.
There is a small change to the generated documentation, which I believe
is a correct one, as previously due to value reuse it was clobbered with
other data.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#7592
The problem was a mismatch between a "primary key" (ID) of the
`RouteSpec` and the way routes are looked up in the kernel - with two
idential routes but different priority Talos would end up in an infinite
loop fighting to remove and re-add back same route, as priority never
matches.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Use `Progress`, and options to pass around the way messages are written.
Fixed some tiny issues in the code, but otherwise no functional changes.
To make colored output work with `docker run`, switched back image
generation to use volume mount for output (old mode is still
functioning, but it's not the default, and it works when docker is not
running on the same host).
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
There are two changes here:
* build `machined` binary with `tcell_minimal` tag (which disables
loading some parts of the terminfo database), which also affects
`apid`, `trustd` and `dashboard` processes, as they run from the same
executable; in `dashboard` explicitly import `linux` terminal we're
using when the `dashboard` runs on the machine
* pass `TCELL_MINIMIZE=1` environment variable to each Talos process
which removes 0.5MiB of runewdith allocation for a lookup table
See #7578
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Currently, we use `github.com/coreos/go-semver/semver` and `github.com/hashicorp/go-version`
for version parsing. As we use `github.com/blang/semver/v4` in our other projects, and it
has more features, it makes sense to use it across the projects. It also doesn't allocate
like crazy in `KubernetesVersion.SupportedWith`.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Fixes#7080
The real bug was off-by-one in `log2i` implementation, other changes are
cleanups as `x/sys/unix` package now contains all the constants we need.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This PR updates the ProviderID format for aws resources. There seems to
be a bug when using Talos CCM (which consumes this value from Talos)
because the format is `aws://x/y` (two slashes) vs. the expected
`aws:///x/y` (three slashes) that is set with the AWS CCM code
[here](d055109367/pkg/providers/v1/instances.go (L47-L53)).
Setting only two slashes causes important software in the workload
cluster to fail, specifically cluster-autoscaler. The regex they use for
pulling providerID is [here](702e9685d6/cluster-autoscaler/cloudprovider/aws/aws_cloud_provider.go (L195)).
Signed-off-by: Spencer Smith <spencer.smith@talos-systems.com>
Correctly propagate errors back. Drop ARM templates and use native APIs.
Correctly handle restarted runs for creating image versions. fixes#7512.
Signed-off-by: Christian Rolland <christian.rolland@siderolabs.com>
Fixes#7558
I see no reason to keep old behavior (removing all partitions on the
disk), as it's only compatible with Talos itself.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Support full configuration for image generation, including image
outputs, support most features (where applicable) for all image output
types, unify image generation process.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
* support for bonding
* added interface selection by MAC address
* added routes management
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
After we closed `kubelet`, remove `/var/lib/kubelet/cpu_manager_state` if there are any changes in `cpuManagerPolicy`.
We do not add any other safeguards, so it's user responsibility to cordon/drain the node in advance.
Also minor fixes in other files.
Closes#7504
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Linux: 6.1.42
containerd: 1.6.22
Flannel: 0.22.1
And some other Go module bumps, new pkgs/tools/extras.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Add security state resource that describes the state of Talos SecureBoot
and PCR signing key fingerprints.
The UKI fingerprint is currently not populated.
Fixes: #7514
Signed-off-by: Noel Georgi <git@frezbo.dev>
The code picks up firmware files in the order it's defined. The
secureboot QEMU firmware files are defined first, so this flag is a
no-op. This was leftover from when `ovmfctl` was used.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Same note for Kubernetes API.
Signed-off-by: Steve Francis <steve.francis@talos-systems.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
The step was disabled for the latest alpha release to workaround AWS
issues which have been resolved.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
There are no functional changes, but SDK got updated to handle int ->
int64 changes. v1 version is only supported to Sep 2023.
See https://github.com/hetznercloud/hcloud-go#support
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
