b730f093a0
This appends a "virtual" (built on the fly) extension which contains
flavor ID to all boot assets of Talos.
This allows to easily identify which flavor of Talos which asset was
built with.
E.g.:
```
$ talosctl -n 172.20.0.2 get extensions -i
NODE NAMESPACE TYPE ID VERSION NAME VERSION
runtime ExtensionStatus 0 1 flavor 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba
```
```yaml
node:
metadata:
namespace: runtime
type: ExtensionStatuses.runtime.talos.dev
id: 0
version: 1
owner: runtime.ExtensionStatusController
phase: running
created: 2023-09-07T14:06:03Z
updated: 2023-09-07T14:06:03Z
spec:
image: 0.sqsh
metadata:
name: flavor
version: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba
author: Image Service
description: Virtual extension which specifies the flavor of the image built with Image Service.
compatibility:
talos:
version: '>= 1.0.0'
```
And (as an empty file):
```
$ talosctl -n 172.20.0.2 ls /usr/local/share/flavor/
NODE NAME
172.20.0.2 .
172.20.0.2 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba
```
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Image Service
Image Service provides a way to download Talos boot and install images generated with specific customizations.
The list of provided assets:
- ISO
- kernel/initramfs/kernel command line
- UKI
- disk images in various formats
installercontainer images
Supported frontends:
- HTTP
- PXE service
- Container Registry
Official Image Service is available at https://imager.talos.dev.
HTTP Frontend API
POST /flavor
Create a new image flavor.
The request body is a YAML (JSON) encoded flavor description:
customization:
extraKernelArgs: # optional
- vga=791
Output is a JSON-encoded flavor ID:
{"id":"2a63b6e7dab90ec9d44f213339b9545bd39c6499b22a14cf575c1ca4b6e39ff8"}
This ID can be used to download images with this flavor.
Well-known flavor IDs:
376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba- default flavor (without any customizations)
GET /image/:flavor/:version/:path
Download a Talos boot image with the specified flavor and Talos version.
:flavoris a flavor ID returned byPOST /flavor:versionis a Talos version, e.g.v1.5.0:pathis a specific image path, details below
Common used parameters:
<arch>image architecture:amd64orarm64<platform>Talos platform, e.g.metal,aws,gcp, etc.<board>is a board name (only forarm64metalplatform), e.g.rpi_generic-securebootidentifies a Secure Boot asset
Supported image paths:
kernel-<arch>(e.g.kernel-amd64) - raw kernel imagecmdline-<platform>[-<board>]-<arch>[-secureboot](e.g.cmdline-metal-amd64) - kernel command lineinitramfs-<arch>.xz(e.g.initramfs-amd64.xz) - initramfs image (including system extensions if configured)<platform>-<arch>[-secureboot].iso(e.g.metal-amd64.iso) - ISO image<platform>-<arch>-secureboot-uki.efi(e.g. `metal-amd64-secureboot-uki.efi) UEFI UKI image (Secure Boot compatible)installer-<arch>[-secureboot].tar(e.g.installer-amd64.tar) is a custom Talos installer image (including system extensions if configured)- disk images in different formats (see Talos documentation for a full list):
metal-<arch>[-secureboot].raw.xz(e.g.metal-amd64.raw.xz) - raw disk image for metal platformaws-<arch>.raw.xz(e.g.aws-amd64.raw.xz) - raw disk image for AWS platform, that can be imported as an AMIgcp-<arch>.raw.tar.gz(e.g.gcp-amd64.raw.tar.gz) - raw disk image for GCP platform, that can be imported as a GCE image- ... other support image types
PXE Frontend API
PXE frontend provides an iPXE script which automatically downloads and boots Talos. The bare metal machine should be configured to boot from the URL provided by this API, e.g.:
#!ipxe
chain --replace --autofree https://image.service/pxe/376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba/v1.5.0/metal-${buildarch}
GET /pxe/:flavor/:version/:path
Returns an iPXE script which downloads and boots Talos with the specified flavor and Talos version, architecture and platform.
:flavoris a flavor ID returned byPOST /flavor:versionis a Talos version, e.g.v1.5.0:pathis a<platform>-<arch>[-secureboot]path, e.g.metal-amd64
In non-SecureBoot flavor, the following iPXE script is returned:
#!ipxe
kernel https://image.service/image/:flavor/:version/kernel-<arch> <kernel-cmdline>
initrd https://image.service/image/:flavor/:version/initramfs-<arch>.xz
boot
For SecureBoot flavor, the following iPXE script is returned:
#!ipxe
kernel https://image.service/image/:flavor/:version/<platform>-<arch>-secureboot.uki.efi
boot
OCI Registry Frontend API
The Talos installer image used both for the initial install and upgrade can be pulled from the Image Service OCI registry.
If the image hasn't been created yet, it will be built on demand automatically.
docker pull <registry>/installer[-secureboot]/<flavor>:<version>
Example: docker pull imager.talos.dev/installer/376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba:v1.5.0
Pulls the Talos installer image with the specified flavor and Talos version.
The image platform (architecture) will be determined by the architecture of the Talos Linux machine.
Development
Run integration tests in local mode, with registry mirrors:
make integration TEST_FLAGS="-test.image-prefix=127.0.0.1:5004/siderolabs/ -test.flavor-service-repository=127.0.0.1:5005/image-service/flavor -test.installer-external-repository=127.0.0.1:5005/test -test.installer-internal-repository=127.0.0.1:5005/test" REGISTRY=127.0.0.1:5005