Add a /talosctl/:version endpoint which lists all downloadable talosctl binaries fro a given version.
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
This feature is Enterprise only (requires BUSL).
Any access to the schematic requires the user to be authenticated
before access.
Moreover, any schematic stores the owner in the schematic, so each
schematic becomes private (owned by the user which created it).
Authentication is configured using a set of usernames and keys
associates with each user (API key).
Co-authored-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
Add enterprise-only checksum endpoint: appending .sha256 or .sha512
to any /image/ path returns a single-line checksum file instead of
the asset. Algorithm is selected from the suffix; the Checksummer
interface takes the suffix so no circular import is needed.
Wizard UI shows (sha256) and (sha512) links per download button;
non-enterprise builds show a localized (checksums) tooltip.
Integration tests cover both algorithms (GET, HEAD, validate,
reproducibility, error cases).
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
Rename consistently to 'Image Factory Enterprise'.
Pass Talos name down to profile.
Pass the image factory name (and url) in the schematic's extension
Author field.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Rekres to use large runners instead of generic ones, as Image Factory
tests require lots of resources.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The new verifier requires explicit insecure option for insecure
registries.
This affects configurations when the cache registry doesn't use
localhost endpoint, but some hostname.
Also rekres and bump Talos.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add support for serving talosctl-all image which will contain all
talosctls built for all platform/architecture combinations, so we can
offer a download URL for them in Image Factory.
Fixes#260
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
This is not a fix, but a bit of a workaround for issues in the upstream
library.
Use a refresh on interval strategy to ensure that both remote pushers
and pullers are refreshed.
Fixes#231Fixes#235
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Previously it was completely ignored in the Image Factory.
See https://github.com/siderolabs/talos/issues/11093
Still a question for me what _can_ be overridden, and what is the best
way to merge profiles.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add more tests for Talos 1.10.
Reduce layers of image-factory container image.
Also drop integration test for non-pull-requests.
Signed-off-by: Noel Georgi <git@frezbo.dev>
The system extensions depends on a quirk, but the cache was based only
on schematic ID. Adjust cache ID.
There was another bug which masked this bug - the schematic extension
cache wasn't used, so the bug could have only been triggered on strictly
concurrent schematic extension build for different versions of Talos.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Pull in fixes from Talos, rekres, add a test for overlay installer
generation.
Due to the nature of the fixes, the first fully working installer should
come with the next release of Talos Linux.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Get `descriptions.yaml` from the same image as we use for getting
`image-digests`.
Read it and add this data to each extension info.
Return that in the `version/:version/extensions/official` API response.
Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
Now Image Factory filters out pre-release versions for all releases but
the last one.
In the UI, now pre-release versions are shown.
Return proper 404 not found when someone requests something for
an unsupported version.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Make it const to simplify discovery of the Talos machine schematic IDs by
third party services.
Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
Fixes#4
This caches the result of the boot asset build (a call to Talos
`imager`) so that we don't rebuild the asset twice.
OCI Registry is used as a cache. An internal registry can be used for
caching, we don't need to expose it to the world.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#39
This fixes for all image pulls to be part of the Image Factory itself,
Talos `imager` now never pulls on its own.
Installer image (base) is passed as an OCI layout to the `imager`, and
same for extension images (for consistency).
Virtual `schematic` extension is passed as `.tar`, as it doesn't make a
difference actually.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This relies on Talos change to pull the image.
Probably this should be re-implemented to make Image Factory pull the
installer image, and then sotre as an OCI layout cached.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Themes the nomenclature to align with Talos Linux
Signed-off-by: Andrew Rynhard <andrew@rynhard.io>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#13
This builds on top of extensions catalog (see
https://github.com/siderolabs/extensions/pull/225), and existing support
for specifying extension in the flavor.
Image Service resolve the list of extensions requested for a specific
version of Talos into a list of container images, pulls them, and
attaches them to the image request.
Image Service also provides endpoints to get information about available
Talos versions, supported extensions for each version, etc.
I also refactored a bit flow around fetching & verifying image to re-use
it in other flows, added support for authentication to the registry.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This appends a "virtual" (built on the fly) extension which contains
flavor ID to all boot assets of Talos.
This allows to easily identify which flavor of Talos which asset was
built with.
E.g.:
```
$ talosctl -n 172.20.0.2 get extensions -i
NODE NAMESPACE TYPE ID VERSION NAME VERSION
runtime ExtensionStatus 0 1 flavor 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba
```
```yaml
node:
metadata:
namespace: runtime
type: ExtensionStatuses.runtime.talos.dev
id: 0
version: 1
owner: runtime.ExtensionStatusController
phase: running
created: 2023-09-07T14:06:03Z
updated: 2023-09-07T14:06:03Z
spec:
image: 0.sqsh
metadata:
name: flavor
version: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba
author: Image Service
description: Virtual extension which specifies the flavor of the image built with Image Service.
compatibility:
talos:
version: '>= 1.0.0'
```
And (as an empty file):
```
$ talosctl -n 172.20.0.2 ls /usr/local/share/flavor/
NODE NAME
172.20.0.2 .
172.20.0.2 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba
```
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This allows to pull an installer image for a given version of Talos and
configuration.
The actual image is served from the registry, the image service is only
a frontend that redirects to the registry.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Initial version of the image service.
Implements a basic configuration service, and HTTP frontend for assets.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
