Текущие доработки talos/alt-orchestra Fork от https://git.altlinux.org/people/shaba/packages/?p=talos.git;a=summary
Go to file
Andrey Smirnov 2e64e9e4e0
fix: require accepted CAs on worker nodes
Note: this issue never happens with default Talos worker configuration
(generated by Omni, `talosctl gen config` or CABPT).

Before change https://github.com/siderolabs/talos/pull/4294 3 years ago,
worker nodes connected to trustd in "insecure" mode (without validating
the trustd server certificate). The change kept backwards compatibility,
so it still allowed insecure mode on upgrades.

Now it's time to break this compatibility promise, and require
accepted CAs to be always present. Adds validation for machine
configuration, so if upgrade is attempeted, it would not validate the
machine config without accepted CAs.

Now lack of accepted CAs would lead to failure to connect to trustd.

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
2024-05-23 17:48:16 +04:00
.github fix(ci): fix crons fby rekres 2024-05-23 15:51:48 +05:30
api feat: gather plaform dns names 2024-05-08 00:11:24 +04:00
cmd chore: stop using containerd package for cri namespace 2024-05-21 17:45:52 +04:00
docs docs: add docs for installing azure ccm and csi 2023-07-21 12:30:26 -04:00
hack feat: update containerd to 2.0.0-rc.2, runc to 1.2.0-rc.1 2024-05-22 19:18:34 +04:00
internal fix: require accepted CAs on worker nodes 2024-05-23 17:48:16 +04:00
pkg fix: require accepted CAs on worker nodes 2024-05-23 17:48:16 +04:00
website docs: add documentation on using Multus with Talos 2024-05-20 17:12:08 +04:00
.codecov.yml chore: apply coverage analysis to all packages 2021-04-12 09:29:07 -07:00
.conform.yaml chore(ci): kresify gh actions 2024-05-22 00:17:09 +05:30
.dockerignore chore: add ukify Go script 2023-05-30 23:33:26 +05:30
.gitignore chore: remove go.work.sum 2022-09-15 18:43:35 +04:00
.golangci.yml chore: update Go to 1.22.3 2024-05-08 14:59:41 +04:00
.kres.yaml chore(ci): fix github action crons 2024-05-22 18:39:37 +05:30
.markdownlint.json docs: use variables and templates in the docs 2022-03-25 18:58:50 +03:00
.secrets.yaml chore(ci): kresify gh actions 2024-05-22 00:17:09 +05:30
.sops.yaml chore(ci): kresify gh actions 2024-05-22 00:17:09 +05:30
.textlintrc.json chore: fix markdown linting 2021-05-19 06:08:14 -07:00
ADOPTERS.md docs: add DreeBot to ADOPTERS.md 2024-03-08 09:20:18 -05:00
CHANGELOG.md release(v1.8.0-alpha.0): prepare release 2024-05-01 22:40:04 +04:00
CODE_OF_CONDUCT.md chore: add CONTRIBUTING.md (#337) 2019-02-14 20:55:47 -08:00
CONTRIBUTING.md docs: add missing dev tools 2022-08-08 16:27:55 +05:30
Dockerfile chore: update Go to 1.22.3 2024-05-08 14:59:41 +04:00
go.mod fix: decrease maximum negative ttl for dns responses 2024-05-21 23:20:42 +03:00
go.sum fix: decrease maximum negative ttl for dns responses 2024-05-21 23:20:42 +03:00
go.work chore: update Go to 1.22.3 2024-05-08 14:59:41 +04:00
LICENSE Initial commit 2017-11-03 16:19:12 -07:00
Makefile feat: update containerd to 2.0.0-rc.2, runc to 1.2.0-rc.1 2024-05-22 19:18:34 +04:00
netlify.toml docs: fix analytics and sitemap 2022-04-23 23:00:16 +02:00
package.json chore: bump dependencies 2024-04-03 12:25:10 +05:30
README.md chore: update office hours in talos repo 2024-05-14 09:26:26 -04:00

Talos Linux

A modern OS for Kubernetes.

Release Pre-release


Talos is a modern OS for running Kubernetes: secure, immutable, and minimal. Talos is fully open source, production-ready, and supported by the people at Sidero Labs All system management is done via an API - there is no shell or interactive console. Benefits include:

  • Security: Talos reduces your attack surface: It's minimal, hardened, and immutable. All API access is secured with mutual TLS (mTLS) authentication.
  • Predictability: Talos eliminates configuration drift, reduces unknown factors by employing immutable infrastructure ideology, and delivers atomic updates.
  • Evolvability: Talos simplifies your architecture, increases your agility, and always delivers current stable Kubernetes and Linux versions.

Documentation

For instructions on deploying and managing Talos, see the Documentation.

Community

If you're interested in this project and would like to help in engineering efforts or have general usage questions, we are happy to have you! We hold a weekly meeting that all audiences are welcome to attend.

We would appreciate your feedback so that we can make Talos even better! To do so, you can take our survey.

Office Hours

  • When: Second Monday of every month at 16:30 UTC.
  • Where: Google Meet.

You can subscribe to this meeting by joining the community forum above.

Note: You can convert the meeting hours to your local time.

Contributing

Contributions are welcomed and appreciated! See Contributing for our guidelines.

License

GitHub

Some software we distribute is under the General Public License family of licenses or other licenses that require we provide you with the source code. If you would like a copy of the source code for this software, please contact us via email: info at SideroLabs.com.