Any insecure `talosctl` commands now work with Omni per-instance
`talosconfig`.
User should have at least `Operator` Omni role to be able to use the
insecure `talosctl` mode.
DNS resolver was updated to react on the `MachineStatus` resource
creation, not only the `ClusterMachineConfigStatus` resource.
That makes the DNS record for UUID appear as soon as machine joins Omni,
not when the machine gets allocated into a cluster.
Machines list now has maintenance Talos version update button.
The UI will issue `talosctl upgrade` when another Talos version is
picked.
`MachineStatus` controller was updated a bit: version poller wasn't
marked as dirty after maintenance upgrades. Now we mark it as dirty
every time we get Talos `MachineStatus` resource update.
Also fixed UI issues here and there.
Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
Convert goroutine panics to errors or error logs.
Disallow usage of `golang.org/x/sync/errgroup` package in the backend by `depguard` linter. This linter configuration depends on: https://github.com/siderolabs/kres/pull/417
Rekres the project to include the feature (also bump Go to 1.22.4), but revert `PROTOBUF_GO_VERSION` and `GRPC_GATEWAY_VERSION` manually to not break the frontend.
Disallowing the named `go` statement was not possible at the moment using existing linters, raised an issue in `forbidigo` for it: https://github.com/ashanbrown/forbidigo/issues/47Closessiderolabs/omni#373.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Fixes: https://github.com/siderolabs/omni/issues/33
It is now possible to get full access `kubeconfig` and `talosconfig`
(operator role), if the Omni instance has `enable-break-glass-configs`
flag enabled.
They can be downloaded using cli commands:
`omnictl kubeconfig --admin --cluster <name>`
`omnictl talosconfig --admin --cluster <name>`
After you download the config the cluster will be marked with
`omni.sidero.dev/tainted` annotation to keep in mind that this cluster
has weaker security and might need to get secrets rotation in the
future.
Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
Fixes: https://github.com/siderolabs/omni/issues/45
Introduced new resource type `ExtensionsConfiguration` that allows
setting machine extensions list.
`SchematicConfiguration` is now readonly and is created by
`SchematicConfigurationController` from `ExtensionsConfiguration`
resource. It also ensures that schematic exists in the image factory by
calling the API.
This change is required to simplify the flow in the cluster templates
(no need to call `CreateSchematic` for each resource).
Export command support added as well.
Added cleanup hooks for the `ExtensionsConfiguration` for machine set, machine and cluster levels.
Changed the resource format to use `labels` instead of `target`. Now
it's the same as for config patches, except it doesn't merge several
resources, but gets the first one.
Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
Works the same way as `talosctl support` but also grabs some relevant
Omni resources to help with the diagnostics.
Uses `go-talos-support` common module to collect Talos data.
Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
