test: bump Talos version used in integration tests to v1.10

Test 1.10 before release.

Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>

client/pkg/constants/constants.go

@@ -14,7 +14,7 @@ const SecureBoot = "secureboot"
 // DefaultTalosVersion is pre-selected in the UI, default image and used in the integration tests.
 //
 // tsgen:DefaultTalosVersion
-const DefaultTalosVersion = "1.9.5"
+const DefaultTalosVersion = "1.10.1"
 
 const (
 	// TalosRegistry is the default Talos repository URL.

cmd/integration-test/pkg/tests/auth.go

@@ -455,7 +455,7 @@ func AssertAPIAuthz(rootCtx context.Context, rootCli *client.Client, clientConfi
 			},
 			{
 				namePrefix:    "talos-etcd-status",
-				requiredRole:  role.Operator,
+				requiredRole:  role.Reader,
 				assertSuccess: assertSuccess,
 				assertFailure: func(t *testing.T, err error) {
 					assert.Truef(t, status.Code(err) == codes.PermissionDenied, "unexpected error: %v", err)
@@ -1243,7 +1243,7 @@ func AssertResourceAuthzWithACL(ctx context.Context, rootCli *client.Client, cli
 
 		clusterUnauthorized := omni.NewCluster(resources.DefaultNamespace, "unauthorized-"+testID)
 		clusterUnauthorized.TypedSpec().Value.TalosVersion = constants.DefaultTalosVersion
-		clusterUnauthorized.TypedSpec().Value.KubernetesVersion = "1.27.3"
+		clusterUnauthorized.TypedSpec().Value.KubernetesVersion = "1.28.3"
 
 		userState := userCli.Omni().State()
 
@@ -1259,7 +1259,7 @@ func AssertResourceAuthzWithACL(ctx context.Context, rootCli *client.Client, cli
 		// create a cluster that is authorized to the user by the ACL
 		clusterAuthorized := omni.NewCluster(resources.DefaultNamespace, clusterAuthorizedID)
 		clusterAuthorized.TypedSpec().Value.TalosVersion = constants.DefaultTalosVersion
-		clusterAuthorized.TypedSpec().Value.KubernetesVersion = "1.27.3"
+		clusterAuthorized.TypedSpec().Value.KubernetesVersion = "1.28.3"
 
 		err = userState.Create(ctx, clusterAuthorized)
 		require.NoError(t, err)

cmd/integration-test/pkg/tests/template.go

@@ -21,10 +21,8 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/siderolabs/omni/client/api/omni/specs"
-	clientconsts "github.com/siderolabs/omni/client/pkg/constants"
 	"github.com/siderolabs/omni/client/pkg/omni/resources/omni"
 	"github.com/siderolabs/omni/client/pkg/template/operations"
-	"github.com/siderolabs/omni/internal/pkg/constants"
 )
 
 //go:embed testdata/cluster-1.tmpl.yaml
@@ -50,7 +48,7 @@ func renderTemplate(t *testing.T, tmpl []byte, opts tmplOptions) []byte {
 }
 
 // AssertClusterTemplateFlow verifies cluster template operations.
-func AssertClusterTemplateFlow(testCtx context.Context, st state.State) TestFunc {
+func AssertClusterTemplateFlow(testCtx context.Context, st state.State, options MachineOptions) TestFunc {
 	return func(t *testing.T) {
 		ctx, cancel := context.WithTimeout(testCtx, 20*time.Minute)
 		defer cancel()
@@ -72,8 +70,8 @@ func AssertClusterTemplateFlow(testCtx context.Context, st state.State) TestFunc
 			machineIDs = mIDs
 
 			opts = tmplOptions{
-				KubernetesVersion: "v" + constants.DefaultKubernetesVersion,
-				TalosVersion:      "v" + clientconsts.DefaultTalosVersion,
+				KubernetesVersion: "v" + options.KubernetesVersion,
+				TalosVersion:      "v" + options.TalosVersion,
 
 				CP: machineIDs[:3],
 				W:  machineIDs[3:],

cmd/integration-test/pkg/tests/tests.go

@@ -1330,7 +1330,7 @@ Test flow of cluster creation and scaling using cluster templates.`,
 			Subtests: []subTest{
 				{
 					"TestClusterTemplateFlow",
-					AssertClusterTemplateFlow(ctx, rootClient.Omni().State()),
+					AssertClusterTemplateFlow(ctx, rootClient.Omni().State(), options.MachineOptions),
 				},
 			},
 			Finalizer: DestroyCluster(ctx, rootClient.Omni().State(), "tmpl-cluster"),

frontend/src/api/resources.ts

@@ -32,7 +32,7 @@ export const ServicePrefixAnnotationKey = "omni-kube-service-exposer.sidero.dev/
 export const installDiskMinSize = 5e+09;
 export const authPublicKeyIDQueryParam = "public-key-id";
 export const SecureBoot = "secureboot";
-export const DefaultTalosVersion = "1.9.5";
+export const DefaultTalosVersion = "1.10.1";
 export const PatchWeightInstallDisk = 0;
 export const PatchBaseWeightCluster = 200;
 export const PatchBaseWeightMachineSet = 400;

hack/test/integration.sh

@@ -20,7 +20,9 @@ echo "127.0.0.1 my-instance.localhost" | tee -a /etc/hosts
 
 # Settings.
 
-TALOS_VERSION=1.9.5
+TALOS_VERSION=1.10.1
+ENABLE_TALOS_PRERELEASE_VERSIONS=false
+
 ARTIFACTS=_out
 JOIN_TOKEN=testonly
 RUN_DIR=$(pwd)
@@ -38,13 +40,24 @@ mkdir -p ${ARTIFACTS}
 
 [ -f ${ARTIFACTS}/talosctl ] || (crane export ghcr.io/siderolabs/talosctl:latest | tar x -C ${ARTIFACTS})
 
-# Your image schematic ID is: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f
-#
-# customization:
-#   systemExtensions:
-#     officialExtensions:
-#       - siderolabs/hello-world-service
-SCHEMATIC_ID="cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f"
+# Determine the local IP SideroLink API will listen on
+LOCAL_IP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src \([0-9.]\+\).*/\1/p')
+
+# Prepare schematic with kernel args
+SCHEMATIC=$(
+  cat <<EOF
+customization:
+  extraKernelArgs:
+    - siderolink.api=grpc://$LOCAL_IP:8090?jointoken=${JOIN_TOKEN}
+    - talos.events.sink=[fdae:41e4:649b:9303::1]:8090
+    - talos.logging.kernel=tcp://[fdae:41e4:649b:9303::1]:8092
+  systemExtensions:
+    officialExtensions:
+      - siderolabs/hello-world-service
+EOF
+)
+
+SCHEMATIC_ID=$(curl -X POST --data-binary "${SCHEMATIC}" https://factory.talos.dev/schematics | jq -r '.id')
 
 # Build registry mirror args.
 
@@ -79,9 +92,6 @@ function cleanup() {
 
 trap cleanup EXIT SIGINT
 
-# Determine the local IP SideroLink API will listen on
-LOCAL_IP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src \([0-9.]\+\).*/\1/p')
-
 # Start Vault.
 
 docker run --rm -d --cap-add=IPC_LOCK -p 8200:8200 -e 'VAULT_DEV_ROOT_TOKEN_ID=dev-o-token' --name vault-dev hashicorp/vault:1.18
@@ -137,6 +147,7 @@ SIDEROLINK_DEV_JOIN_TOKEN="${JOIN_TOKEN}" \
   --etcd-embedded-unsafe-fsync=true \
   --etcd-backup-s3 \
   --audit-log-dir /tmp/omni-data/audit-log \
+  --enable-talos-pre-release-versions="${ENABLE_TALOS_PRERELEASE_VERSIONS}" \
   "${REGISTRY_MIRROR_FLAGS[@]}" \
   &
 
@@ -230,22 +241,6 @@ ${ARTIFACTS}/talosctl cluster create \
   --vmlinuz-path="https://factory.talos.dev/image/${SCHEMATIC_ID}/v${TALOS_VERSION}/kernel-amd64" \
   --initrd-path="https://factory.talos.dev/image/${SCHEMATIC_ID}/v${TALOS_VERSION}/initramfs-amd64.xz"
 
-# Prepare schematic with kernel args for secure boot
-SECURE_BOOT_SCHEMATIC=$(
-  cat <<EOF
-customization:
-  extraKernelArgs:
-    - siderolink.api=grpc://$LOCAL_IP:8090?jointoken=${JOIN_TOKEN}
-    - talos.events.sink=[fdae:41e4:649b:9303::1]:8090
-    - talos.logging.kernel=tcp://[fdae:41e4:649b:9303::1]:8092
-  systemExtensions:
-    officialExtensions:
-      - siderolabs/hello-world-service
-EOF
-)
-
-SECURE_BOOT_SCHEMATIC_ID=$(curl -X POST --data-binary "${SECURE_BOOT_SCHEMATIC}" https://factory.talos.dev/schematics | jq -r '.id')
-
 if [[ "${ENABLE_SECUREBOOT}" == "true" ]]; then
   # Kernel args, secure boot
   ${ARTIFACTS}/talosctl cluster create \
@@ -266,7 +261,7 @@ if [[ "${ENABLE_SECUREBOOT}" == "true" ]]; then
     --cidr=172.22.0.0/24 \
     --no-masquerade-cidrs=172.20.0.0/24,172.21.0.0/24 \
     --with-tpm2 \
-    --iso-path="https://factory.talos.dev/image/${SECURE_BOOT_SCHEMATIC_ID}/v${TALOS_VERSION}/metal-amd64-secureboot.iso" \
+    --iso-path="https://factory.talos.dev/image/${SCHEMATIC_ID}/v${TALOS_VERSION}/metal-amd64-secureboot.iso" \
     --disk-encryption-key-types=tpm
 fi
 

internal/pkg/constants/versions.go

@@ -12,7 +12,7 @@ import (
 )
 
 // AnotherTalosVersion is used in the integration tests for Talos upgrade.
-const AnotherTalosVersion = "1.9.0"
+const AnotherTalosVersion = "1.10.0"
 
 // MinDiscoveredTalosVersion makes Omni pull the versions from this point.
 const MinDiscoveredTalosVersion = "1.3.0"
@@ -33,9 +33,8 @@ const MinKubernetesVersion = "1.24.0"
 
 // DenylistedTalosVersions is a list of versions which should never show up in the version picker.
 var DenylistedTalosVersions = Denylist{
-	"1.4.2":  {}, // issue with the number of open files limit
-	"1.4.3":  {}, // issue with the number of open files limit
-	"1.10.*": {}, // Omni is not ready for 1.10.x yet
+	"1.4.2": {}, // issue with the number of open files limit
+	"1.4.3": {}, // issue with the number of open files limit
 }
 
 // Denylist helper.