IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Retrieve the DNS names of instances from the platform metadata.
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Improve the ingress firewall docs.
Signed-off-by: Steve Francis <steve.francis@talos-systems.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This allows the kubelet to detect AppArmor.
Signed-off-by: Andrew Rynhard <andrew@rynhard.io>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
I noticed in the docs
[here](8df5b85ec7/website/content/v1.8/kubernetes-guides/network/deploying-cilium.md (L241))
it mentions enabling the KubePrism feature. However, it mentions enabling the
KubePrism feature. However,
[here](8df5b85ec7/website/content/v1.8/kubernetes-guides/configuration/kubeprism.md (L25))
the docs mention it's enabled by default since 1.6..
So I was wondering if mention of enabling KubePrism after v1.6 is a mistake?
Note it was mentioned several times in the docs v1.5.
```
❯ rg "kubePrism:" --glob "*deploying-cilium.md" -A1
website/content/v1.8/kubernetes-guides/network/deploying-cilium.md
240: kubePrism:
241- enabled: true
website/content/v1.7/kubernetes-guides/network/deploying-cilium.md
240: kubePrism:
241- enabled: true
website/content/v1.6/kubernetes-guides/network/deploying-cilium.md
240: kubePrism:
241- enabled: true
website/content/v1.5/kubernetes-guides/network/deploying-cilium.md
32: kubePrism:
33- enabled: true
--
56: kubePrism:
57- enabled: true
--
212: kubePrism:
213- enabled: true
--
240: kubePrism:
241- enabled: true
--
264: kubePrism:
265- enabled: true
```
Signed-off-by: Will Bush <git@willbush.dev>
If the `reboot/reset/shutdown/upgrade` action tracker cannot read the boot ID from the node under `/proc/sys/kernel/random/boot_id` due to insufficient permissions (e.g., when `talosctl reboot` is used over Omni), fall back to skipping boot ID check instead of hard-failing.
Closessiderolabs/talos#7197.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
grpc_tunnel is described as being enabled by using the value yes in the docs, but it should be true.
Signed-off-by: Simon-Boyer <si.boyer@hotmail.ca>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Run a health check before the test, as the test depends on CoreDNS being
healthy, and previous tests might disturb the cluster.
Also refactor by using watch instead of retries, make pods terminate
fast.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The current form of OpenStack is not capitalized correctly. Stack should
be written with a large S, like OpenStack and not Openstack.
Signed-off-by: Birger J. Nordølum <contact@mindtooth.no>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Initramfs and kernel are compressed with zstd.
Extensions are compressed with zstd for Talos 1.8+.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Delay the reboot for 10 seconds only if Talos hits an error, but
otherwise just proceed with the requested action.
This removes 10 seconds on "regular" reboot without kexec.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Provide a trace for each step of the reset sequence taken, so if one of
those fails, integration test produces a meaningful message instead of
proceeding and failing somewhere else.
More cleanup/refactor, should be functionally equivalent.
Fixes#8635
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Some of the flags passed to `talosctl cluster create` were failing the input validation due to being incorrectly marked as mutually exclusive with the `--input-dir` flag.
Clean up the check to allow passing all flags along with the `--input-dir` flag if those flags impact the provisioning process in any way (i.e., not solely used in generating machine config).
Additionally, replace the mutual exclusion checks with Cobra's built-in function for that.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
With Talos 1.7+, more storage drivers are split as modules, so the
devices might not be discovered by the time platform config is going to
be loaded. Explicitly wait for udevd to settle down before trying to
probe a CD.
Fixes#8625
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Allow skipping NAT for the given destinations from a cluster network. This option makes it possible to form an etcd cluster from clusters in different networks created by running `talosctl cluster create` command multiple times using different CIDRs: they simply should have the CIDR of the other clusters passed with `--non-masquerade-cidrs`.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Without endpoints `kube-proxy` adds an automatic reject rule for the
service if it has no endpoints which breaks host network namespace DNS
resolving with `forwardKubeDNSToHost: true`.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This will be useful for debugging process access rights once we start implementing SELinux
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
Since we are returning interfaces in config, we have to return something typed for method chaining to work. Otherwise,
it simply doesn't know what method to call because there is no type information. We also don't want to change
the default config behavior, so we don't try to check for `nil` after calling `.STP()`.
Closes#8626
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
New package arrived in Go 1.22 which provides better rand primitives and functions.
Use it instead of the old one.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
1. Use overlay installer to build the `cmdline` when running in
install/upgrade mode.
2. Pull down the overlay installer with the arch specific to the
installer being generated, vs. the arch of the `imager`.
3. Print a message when running an overlay installer.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#8603
P.S. There's one more issue with architecture mix that needs to be
resolved as well.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
More specifically, pick up `/etc/resolv.conf` contents by default when
in container mode, and use that as a base resolver for the host DNS.
Fixes#8303
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#8552
This fixes up the previous fix where `for` condition was inverted, and
also updates the idle timeout, so that the transition to idle happens
before the timeout expires.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Update install docs for the Akamai platform.
Signed-off-by: Evan Johnson <ejohnson@akamai.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
