mirrors/talos
1
0
Fork 0
mirror of https://github.com/siderolabs/talos.git synced 2025-11-28 14:11:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

refactor: implement directory and overlay mounts

Browse Source 
This complements the previous PRs to implement more volume features:
directory volumes control their permissions, SELinux labels, etc.

Overlay mounts support additional parent relationship.

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This commit is contained in:
Andrey Smirnov 2025-03-20 21:50:37 +04:00
parent 190d34af45
commit 203e02df49
No known key found for this signature in database
GPG Key ID: FE042E3D4085A811
82 changed files with 2259 additions and 1060 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

165
.github/workflows/ci.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-03-24T14:29:42Z by kres 921213e.
# Generated on 2025-04-01T10:44:44Z by kres d903dae.
name: default
concurrency:
@ -441,7 +441,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -453,7 +453,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: e2e-aws-prepare
@ -576,7 +576,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -588,7 +588,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: checkout extensions
@ -731,7 +731,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -743,7 +743,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: checkout extensions
@ -870,7 +870,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -998,7 +998,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -1080,7 +1080,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -1175,10 +1175,8 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX: -enforcing
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: talosctl-cni-bundle
@ -1191,9 +1189,9 @@ jobs:
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_OUT: -enforcing
run: |
make imager installer-base installer images-essential
make images-essential
- name: conformance-qemu
env:
EXTRA_TEST_ARGS: -talos.enforcing
@ -1201,7 +1199,7 @@ jobs:
IMAGE_REGISTRY: registry.dev.siderolabs.io
QEMU_CPUS_WORKERS: "6"
QEMU_MEMORY_WORKERS: "4096"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
TEST_MODE: fast-conformance
run: |
sudo -E make e2e-qemu
@ -1287,7 +1285,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -1421,7 +1419,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -1433,7 +1431,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: e2e-gcp-prepare
@ -1661,21 +1659,6 @@ jobs:
if: github.event_name == 'schedule'
run: |
make talosctl-cni-bundle
- name: iso
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0
run: |
make iso secureboot-iso
- name: images-essential
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0
PLATFORM: linux/amd64
run: |
make images-essential
- name: factory-1.7-iso
env:
FACTORY_BOOT_METHOD: iso
@ -1835,7 +1818,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -1918,7 +1901,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -1930,7 +1913,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
run: |
make image-metal-uki
- name: e2e-firewall
@ -2045,7 +2028,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -2167,10 +2150,8 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX: -enforcing
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: talosctl-cni-bundle
@ -2183,16 +2164,16 @@ jobs:
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_OUT: -enforcing
run: |
make imager installer-base installer images-essential
make images-essential
- name: e2e-no-cluster-discovery
env:
EXTRA_TEST_ARGS: -talos.enforcing
GITHUB_STEP_NAME: ${{ github.job}}-e2e-no-cluster-discovery
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
WITH_CLUSTER_DISCOVERY: "false"
run: |
sudo -E make e2e-qemu
@ -2202,7 +2183,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-kubespan
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
WITH_CLUSTER_DISCOVERY: "true"
WITH_KUBESPAN: "true"
run: |
@ -2214,7 +2195,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-default-hostname
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
run: |
sudo -E make e2e-qemu
@ -2227,7 +2208,7 @@ jobs:
QEMU_MEMORY_WORKERS: "1024"
QEMU_SYSTEM_DISK_SIZE: "10240"
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
run: |
sudo -E make e2e-qemu
- name: save artifacts
@ -2314,7 +2295,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -2333,7 +2314,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: e2e-bios
@ -2462,7 +2443,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -2572,10 +2553,8 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX: -enforcing
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: talosctl-cni-bundle
@ -2588,16 +2567,16 @@ jobs:
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_OUT: -enforcing
run: |
make imager installer-base installer images-essential
make images-essential
- name: e2e-network-chaos
env:
EXTRA_TEST_ARGS: -talos.enforcing
GITHUB_STEP_NAME: ${{ github.job}}-e2e-network-chaos
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
WITH_NETWORK_CHAOS: "yes"
run: |
sudo -E make e2e-qemu
@ -2607,7 +2586,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-metal-iso
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
WITH_CONFIG_INJECTION_METHOD: metal-iso
run: |
sudo -E make e2e-qemu
@ -2617,7 +2596,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-iommu-pcidriverrebind
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
WITH_IOMMU: "yes"
run: |
sudo -E make e2e-qemu
@ -2699,7 +2678,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -2828,10 +2807,8 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX: -enforcing
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: talosctl-cni-bundle
@ -2844,16 +2821,16 @@ jobs:
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_OUT: -enforcing
run: |
make imager installer-base installer images-essential
make images-essential
- name: e2e-siderolink
env:
EXTRA_TEST_ARGS: -talos.enforcing
GITHUB_STEP_NAME: ${{ github.job}}-e2e-siderolink
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_SIDEROLINK_AGENT: "true"
run: |
@ -2864,7 +2841,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-siderolink-tunnel
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_SIDEROLINK_AGENT: tunnel
run: |
@ -2875,7 +2852,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-siderolink-tls
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_SIDEROLINK_AGENT: wireguard+tls
run: |
@ -2894,7 +2871,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-k8s-user-namespace
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
WITH_CONFIG_PATCH: '@hack/test/patches/usernamespace.yaml'
run: |
sudo -E make e2e-qemu
@ -2976,7 +2953,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -3071,7 +3048,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -3166,7 +3143,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -3261,7 +3238,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -3362,7 +3339,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -3496,7 +3473,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -3604,7 +3581,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -3711,7 +3688,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -3809,25 +3786,23 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX: -enforcing
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: talosctl-cni-bundle
if: github.event_name == 'schedule'
run: |
make talosctl-cni-bundle
- name: images-essential-enforcing
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_OUT: -enforcing
run: |
make images-essential
- name: talosctl-cni-bundle
if: github.event_name == 'schedule'
run: |
make talosctl-cni-bundle
- name: e2e-qemu
env:
EXTRA_TEST_ARGS: -talos.enforcing
@ -3835,7 +3810,7 @@ jobs:
QEMU_EXTRA_DISKS: "3"
QEMU_EXTRA_DISKS_DRIVERS: ide,nvme
QEMU_EXTRA_DISKS_SIZE: "10240"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
USER_DISKS_MOUNTS: /var/lib/extra,/var/lib/p1,/var/lib/p2
WITH_CONFIG_PATCH_WORKER: '@hack/test/patches/ephemeral-nvme.yaml:@hack/test/patches/dm-raid-module.yaml'
WITH_USER_DISK: "true"
@ -3919,7 +3894,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -4103,7 +4078,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -4116,7 +4091,7 @@ jobs:
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: secureboot-iso
@ -4124,7 +4099,7 @@ jobs:
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
run: |
make secureboot-iso
- name: integration-trusted-boot
@ -4220,7 +4195,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -4234,15 +4209,15 @@ jobs:
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_OUT: -enforcing
run: |
make imager installer-base installer images-essential
make images-essential
- name: secureboot-iso
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0
PLATFORM: linux/amd64
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
run: |
make secureboot-iso
- name: integration-trusted-boot
@ -4250,7 +4225,7 @@ jobs:
EXTRA_TEST_ARGS: -talos.trustedboot -talos.enforcing
GITHUB_STEP_NAME: ${{ github.job}}-integration-trusted-boot
IMAGE_REGISTRY: registry.dev.siderolabs.io
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_TRUSTED_BOOT_ISO: "true"
run: |

6
.github/workflows/integration-aws-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-03-11T14:06:53Z by kres ec5ec04.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-aws-cron
concurrency:
@ -82,7 +82,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -94,7 +94,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: e2e-aws-prepare

6
.github/workflows/integration-aws-nvidia-nonfree-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-03-11T14:06:53Z by kres ec5ec04.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-aws-nvidia-nonfree-cron
concurrency:
@ -86,7 +86,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -98,7 +98,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: checkout extensions

6
.github/workflows/integration-aws-nvidia-oss-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-03-11T14:06:53Z by kres ec5ec04.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-aws-nvidia-oss-cron
concurrency:
@ -86,7 +86,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -98,7 +98,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: checkout extensions

4
.github/workflows/integration-cilium-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-02-26T15:23:43Z by kres 1281806.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-cilium-cron
concurrency:
@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64

4
.github/workflows/integration-conformance-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-03-21T15:51:32Z by kres ec5ec04.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-conformance-cron
concurrency:
@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64

12
.github/workflows/integration-conformance-enforcing-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-03-24T09:55:56Z by kres ec5ec04.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-conformance-enforcing-cron
concurrency:
@ -70,10 +70,8 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX: -enforcing
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: talosctl-cni-bundle
@ -86,9 +84,9 @@ jobs:
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_OUT: -enforcing
run: |
make imager installer-base installer images-essential
make images-essential
- name: conformance-qemu
env:
EXTRA_TEST_ARGS: -talos.enforcing
@ -96,7 +94,7 @@ jobs:
IMAGE_REGISTRY: registry.dev.siderolabs.io
QEMU_CPUS_WORKERS: "6"
QEMU_MEMORY_WORKERS: "4096"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
TEST_MODE: fast-conformance
run: |
sudo -E make e2e-qemu

4
.github/workflows/integration-extensions-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-02-26T15:23:43Z by kres 1281806.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-extensions-cron
concurrency:
@ -74,7 +74,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64

6
.github/workflows/integration-gcp-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-03-11T14:06:53Z by kres ec5ec04.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-gcp-cron
concurrency:
@ -82,7 +82,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -94,7 +94,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: e2e-gcp-prepare

17
.github/workflows/integration-image-factory-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-02-26T15:23:43Z by kres 1281806.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-image-factory-cron
concurrency:
@ -84,21 +84,6 @@ jobs:
if: github.event_name == 'schedule'
run: |
make talosctl-cni-bundle
- name: iso
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0
run: |
make iso secureboot-iso
- name: images-essential
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0
PLATFORM: linux/amd64
run: |
make images-essential
- name: factory-1.7-iso
env:
FACTORY_BOOT_METHOD: iso

4
.github/workflows/integration-images-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-02-26T15:23:43Z by kres 1281806.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-images-cron
concurrency:
@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64

6
.github/workflows/integration-misc-0-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-03-21T15:51:32Z by kres ec5ec04.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-misc-0-cron
concurrency:
@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -82,7 +82,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
run: |
make image-metal-uki
- name: e2e-firewall

4
.github/workflows/integration-misc-1-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-03-21T16:23:54Z by kres ec5ec04.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-misc-1-cron
concurrency:
@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64

18
.github/workflows/integration-misc-1-enforcing-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-03-24T09:55:56Z by kres ec5ec04.
# Generated on 2025-04-01T10:44:44Z by kres d903dae.
name: integration-misc-1-enforcing-cron
concurrency:
@ -70,10 +70,8 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX: -enforcing
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: talosctl-cni-bundle
@ -86,16 +84,16 @@ jobs:
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_OUT: -enforcing
run: |
make imager installer-base installer images-essential
make images-essential
- name: e2e-no-cluster-discovery
env:
EXTRA_TEST_ARGS: -talos.enforcing
GITHUB_STEP_NAME: ${{ github.job}}-e2e-no-cluster-discovery
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
WITH_CLUSTER_DISCOVERY: "false"
run: |
sudo -E make e2e-qemu
@ -105,7 +103,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-kubespan
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
WITH_CLUSTER_DISCOVERY: "true"
WITH_KUBESPAN: "true"
run: |
@ -117,7 +115,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-default-hostname
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
run: |
sudo -E make e2e-qemu
@ -130,7 +128,7 @@ jobs:
QEMU_MEMORY_WORKERS: "1024"
QEMU_SYSTEM_DISK_SIZE: "10240"
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
run: |
sudo -E make e2e-qemu
- name: save artifacts

6
.github/workflows/integration-misc-2-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-03-14T10:24:50Z by kres ec5ec04.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-misc-2-cron
concurrency:
@ -76,7 +76,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -95,7 +95,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: e2e-bios

4
.github/workflows/integration-misc-3-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-03-21T15:51:32Z by kres ec5ec04.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-misc-3-cron
concurrency:
@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64

16
.github/workflows/integration-misc-3-enforcing-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-03-24T09:55:56Z by kres ec5ec04.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-misc-3-enforcing-cron
concurrency:
@ -70,10 +70,8 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX: -enforcing
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: talosctl-cni-bundle
@ -86,16 +84,16 @@ jobs:
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_OUT: -enforcing
run: |
make imager installer-base installer images-essential
make images-essential
- name: e2e-network-chaos
env:
EXTRA_TEST_ARGS: -talos.enforcing
GITHUB_STEP_NAME: ${{ github.job}}-e2e-network-chaos
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
WITH_NETWORK_CHAOS: "yes"
run: |
sudo -E make e2e-qemu
@ -105,7 +103,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-metal-iso
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
WITH_CONFIG_INJECTION_METHOD: metal-iso
run: |
sudo -E make e2e-qemu
@ -115,7 +113,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-iommu-pcidriverrebind
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
WITH_IOMMU: "yes"
run: |
sudo -E make e2e-qemu

4
.github/workflows/integration-misc-4-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-03-21T15:51:32Z by kres ec5ec04.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-misc-4-cron
concurrency:
@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64

18
.github/workflows/integration-misc-4-enforcing-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-03-24T09:55:56Z by kres ec5ec04.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-misc-4-enforcing-cron
concurrency:
@ -70,10 +70,8 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX: -enforcing
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: talosctl-cni-bundle
@ -86,16 +84,16 @@ jobs:
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_OUT: -enforcing
run: |
make imager installer-base installer images-essential
make images-essential
- name: e2e-siderolink
env:
EXTRA_TEST_ARGS: -talos.enforcing
GITHUB_STEP_NAME: ${{ github.job}}-e2e-siderolink
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_SIDEROLINK_AGENT: "true"
run: |
@ -106,7 +104,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-siderolink-tunnel
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_SIDEROLINK_AGENT: tunnel
run: |
@ -117,7 +115,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-siderolink-tls
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_SIDEROLINK_AGENT: wireguard+tls
run: |
@ -136,7 +134,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-k8s-user-namespace
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
WITH_CONFIG_PATCH: '@hack/test/patches/usernamespace.yaml'
run: |
sudo -E make e2e-qemu

4
.github/workflows/integration-provision-0-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-02-26T15:23:43Z by kres 1281806.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-provision-0-cron
concurrency:
@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64

4
.github/workflows/integration-provision-1-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-02-26T15:23:43Z by kres 1281806.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-provision-1-cron
concurrency:
@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64

4
.github/workflows/integration-provision-2-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-02-26T15:23:43Z by kres 1281806.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-provision-2-cron
concurrency:
@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64

4
.github/workflows/integration-qemu-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-02-26T15:23:43Z by kres 1281806.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-qemu-cron
concurrency:
@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64

4
.github/workflows/integration-qemu-csi-longhorn-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-03-04T16:42:28Z by kres 1281806.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-qemu-csi-longhorn-cron
concurrency:
@ -74,7 +74,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64

4
.github/workflows/integration-qemu-csi-openebs-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-02-26T15:23:43Z by kres 1281806.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-qemu-csi-openebs-cron
concurrency:
@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64

4
.github/workflows/integration-qemu-csi-rook-ceph-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-02-26T15:23:43Z by kres 1281806.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-qemu-csi-rook-ceph-cron
concurrency:
@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64

4
.github/workflows/integration-qemu-encrypted-vip-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-03-21T15:51:32Z by kres ec5ec04.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-qemu-encrypted-vip-cron
concurrency:
@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64

18
.github/workflows/integration-qemu-enforcing-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-03-24T09:55:56Z by kres ec5ec04.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-qemu-enforcing-cron
concurrency:
@ -70,25 +70,23 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX: -enforcing
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: talosctl-cni-bundle
if: github.event_name == 'schedule'
run: |
make talosctl-cni-bundle
- name: images-essential-enforcing
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_OUT: -enforcing
run: |
make images-essential
- name: talosctl-cni-bundle
if: github.event_name == 'schedule'
run: |
make talosctl-cni-bundle
- name: e2e-qemu
env:
EXTRA_TEST_ARGS: -talos.enforcing
@ -96,7 +94,7 @@ jobs:
QEMU_EXTRA_DISKS: "3"
QEMU_EXTRA_DISKS_DRIVERS: ide,nvme
QEMU_EXTRA_DISKS_SIZE: "10240"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
USER_DISKS_MOUNTS: /var/lib/extra,/var/lib/p1,/var/lib/p2
WITH_CONFIG_PATCH_WORKER: '@hack/test/patches/ephemeral-nvme.yaml:@hack/test/patches/dm-raid-module.yaml'
WITH_USER_DISK: "true"

4
.github/workflows/integration-qemu-race-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-03-04T13:59:07Z by kres 1281806.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-qemu-race-cron
concurrency:
@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64

8
.github/workflows/integration-trusted-boot-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-03-21T15:51:32Z by kres ec5ec04.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-trusted-boot-cron
concurrency:
@ -76,7 +76,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -89,7 +89,7 @@ jobs:
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: secureboot-iso
@ -97,7 +97,7 @@ jobs:
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
run: |
make secureboot-iso
- name: integration-trusted-boot

14
.github/workflows/integration-trusted-boot-enforcing-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-03-24T09:55:56Z by kres ec5ec04.
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-trusted-boot-enforcing-cron
concurrency:
@ -76,7 +76,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@ -90,15 +90,15 @@ jobs:
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_OUT: -enforcing
run: |
make imager installer-base installer images-essential
make images-essential
- name: secureboot-iso
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0
PLATFORM: linux/amd64
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
run: |
make secureboot-iso
- name: integration-trusted-boot
@ -106,7 +106,7 @@ jobs:
EXTRA_TEST_ARGS: -talos.trustedboot -talos.enforcing
GITHUB_STEP_NAME: ${{ github.job}}-integration-trusted-boot
IMAGE_REGISTRY: registry.dev.siderolabs.io
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_TRUSTED_BOOT_ISO: "true"
run: |

166
.kres.yaml
View File

@ -331,7 +331,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@ -384,27 +384,25 @@ spec:
conditions:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
IMAGER_ARGS: "--extra-kernel-arg=enforcing=1"
TAG_SUFFIX: -enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: images-essential-enforcing
command: images-essential
environment:
PLATFORM: linux/amd64,linux/arm64
IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1"
TAG_SUFFIX: -enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
conditions:
- only-on-schedule
- name: images-essential-enforcing
command: images-essential
environment:
PLATFORM: linux/amd64,linux/arm64
IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1"
TAG_SUFFIX_OUT: -enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: e2e-qemu
withSudo: true
environment:
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
QEMU_EXTRA_DISKS: "3"
@ -451,7 +449,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@ -504,20 +502,18 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
IMAGER_ARGS: "--extra-kernel-arg=enforcing=1"
TAG_SUFFIX: -enforcing
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
conditions:
- only-on-schedule
- name: images-essential-enforcing
command: imager installer-base installer images-essential
command: images-essential
environment:
PLATFORM: linux/amd64,linux/arm64
IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_OUT: -enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: conformance-qemu
@ -528,7 +524,7 @@ spec:
QEMU_CPUS_WORKERS: 6
QEMU_MEMORY_WORKERS: 4096
TEST_MODE: fast-conformance
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: save-talos-logs
@ -574,7 +570,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@ -584,14 +580,14 @@ spec:
conditions:
- only-on-schedule
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0"
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: secureboot-iso
conditions:
- only-on-schedule
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0"
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: integration-trusted-boot
@ -646,26 +642,26 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
conditions:
- only-on-schedule
- name: images-essential-enforcing
command: imager installer-base installer images-essential
command: images-essential
environment:
PLATFORM: linux/amd64,linux/arm64
IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_OUT: -enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: secureboot-iso
conditions:
- only-on-schedule
environment:
PLATFORM: linux/amd64
IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0"
PLATFORM: linux/amd64,linux/arm64
IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1"
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: integration-trusted-boot
command: e2e-qemu
@ -674,7 +670,7 @@ spec:
GITHUB_STEP_NAME: ${{ github.job}}-integration-trusted-boot
VIA_MAINTENANCE_MODE: true
WITH_TRUSTED_BOOT_ISO: true
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: "-talos.trustedboot -talos.enforcing"
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: save-talos-logs
@ -716,7 +712,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@ -767,7 +763,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@ -818,7 +814,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@ -869,7 +865,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@ -879,7 +875,7 @@ spec:
conditions:
- only-on-schedule
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-firewall
command: e2e-qemu
@ -954,7 +950,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@ -1035,20 +1031,18 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
IMAGER_ARGS: "--extra-kernel-arg=enforcing=1"
TAG_SUFFIX: -enforcing
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
conditions:
- only-on-schedule
- name: images-essential-enforcing
command: imager installer-base installer images-essential
command: images-essential
environment:
PLATFORM: linux/amd64,linux/arm64
IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_OUT: -enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: e2e-no-cluster-discovery
@ -1058,7 +1052,7 @@ spec:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-no-cluster-discovery
SHORT_INTEGRATION_TEST: yes
WITH_CLUSTER_DISCOVERY: false
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-kubespan
@ -1069,7 +1063,7 @@ spec:
SHORT_INTEGRATION_TEST: yes
WITH_CLUSTER_DISCOVERY: true
WITH_KUBESPAN: true
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-default-hostname
@ -1080,7 +1074,7 @@ spec:
SHORT_INTEGRATION_TEST: yes
VIA_MAINTENANCE_MODE: true
DISABLE_DHCP_HOSTNAME: true
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-min-requirements
@ -1092,7 +1086,7 @@ spec:
QEMU_MEMORY_WORKERS: 1024
QEMU_MEMORY_CONTROLPLANES: 2048
QEMU_SYSTEM_DISK_SIZE: 10240
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: save-talos-logs
@ -1139,7 +1133,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@ -1156,7 +1150,7 @@ spec:
conditions:
- only-on-schedule
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-bios
command: e2e-qemu
@ -1245,7 +1239,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@ -1314,20 +1308,18 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
IMAGER_ARGS: "--extra-kernel-arg=enforcing=1"
TAG_SUFFIX: -enforcing
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
conditions:
- only-on-schedule
- name: images-essential-enforcing
command: imager installer-base installer images-essential
command: images-essential
environment:
PLATFORM: linux/amd64,linux/arm64
IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_OUT: -enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: e2e-network-chaos
@ -1337,7 +1329,7 @@ spec:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-network-chaos
SHORT_INTEGRATION_TEST: yes
WITH_NETWORK_CHAOS: yes
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-metal-iso
@ -1347,7 +1339,7 @@ spec:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-metal-iso
SHORT_INTEGRATION_TEST: yes
WITH_CONFIG_INJECTION_METHOD: "metal-iso"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-iommu-pcidriverrebind
@ -1357,7 +1349,7 @@ spec:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-iommu-pcidriverrebind
SHORT_INTEGRATION_TEST: yes
WITH_IOMMU: yes
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: save-talos-logs
@ -1399,7 +1391,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@ -1487,20 +1479,18 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
IMAGER_ARGS: "--extra-kernel-arg=enforcing=1"
TAG_SUFFIX: -enforcing
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
conditions:
- only-on-schedule
- name: images-essential-enforcing
command: imager installer-base installer images-essential
command: images-essential
environment:
PLATFORM: linux/amd64,linux/arm64
IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_OUT: -enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: e2e-siderolink
@ -1511,7 +1501,7 @@ spec:
SHORT_INTEGRATION_TEST: yes
WITH_SIDEROLINK_AGENT: true
VIA_MAINTENANCE_MODE: true
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-siderolink-tunnel
@ -1522,7 +1512,7 @@ spec:
SHORT_INTEGRATION_TEST: yes
WITH_SIDEROLINK_AGENT: tunnel
VIA_MAINTENANCE_MODE: true
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-siderolink-tls
@ -1533,7 +1523,7 @@ spec:
SHORT_INTEGRATION_TEST: yes
WITH_SIDEROLINK_AGENT: wireguard+tls
VIA_MAINTENANCE_MODE: true
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-apparmor
@ -1551,7 +1541,7 @@ spec:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-k8s-user-namespace
SHORT_INTEGRATION_TEST: yes
WITH_CONFIG_PATCH: "@hack/test/patches/usernamespace.yaml"
TAG_SUFFIX: -enforcing
TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: save-talos-logs
@ -1595,7 +1585,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@ -1675,7 +1665,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@ -1755,7 +1745,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@ -1810,7 +1800,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@ -1876,7 +1866,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@ -1946,7 +1936,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@ -2037,7 +2027,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@ -2103,7 +2093,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@ -2166,7 +2156,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: images
@ -2279,20 +2269,6 @@ spec:
- name: talosctl-cni-bundle
conditions:
- only-on-schedule
- name: iso
conditions:
- only-on-schedule
command: iso secureboot-iso
environment:
IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0"
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: images-essential
conditions:
- only-on-schedule
environment:
PLATFORM: linux/amd64
IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0"
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: factory-1.7-iso
command: e2e-image-factory
withSudo: true
@ -2418,7 +2394,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@ -2428,7 +2404,7 @@ spec:
conditions:
- only-on-schedule
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-aws-prepare
environment:
@ -2494,7 +2470,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@ -2504,7 +2480,7 @@ spec:
conditions:
- only-on-schedule
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: checkout extensions
checkoutStep:
@ -2592,7 +2568,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@ -2602,7 +2578,7 @@ spec:
conditions:
- only-on-schedule
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: checkout extensions
checkoutStep:
@ -2687,7 +2663,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@ -2697,7 +2673,7 @@ spec:
conditions:
- only-on-schedule
environment:
PLATFORM: linux/amd64
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-gcp-prepare
- name: checkout contrib

47
Makefile
View File

@ -4,9 +4,12 @@ SHA ?= $(shell git describe --match=none --always --abbrev=8 --dirty)
TAG ?= $(shell git describe --tag --always --dirty --match v[0-9]\*)
ABBREV_TAG ?= $(shell git describe --tag --always --match v[0-9]\* --abbrev=0 )
TAG_SUFFIX ?=
TAG_SUFFIX_IN ?= $(TAG_SUFFIX)
TAG_SUFFIX_OUT ?= $(TAG_SUFFIX)
SOURCE_DATE_EPOCH ?= $(shell git log -1 --pretty=%ct)
IMAGE_REGISTRY ?= $(REGISTRY)
IMAGE_TAG ?= $(TAG)$(TAG_SUFFIX)
IMAGE_TAG_IN ?= $(TAG)$(TAG_SUFFIX_IN)
IMAGE_TAG_OUT ?= $(TAG)$(TAG_SUFFIX_OUT)
BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD)
REGISTRY_AND_USERNAME := $(IMAGE_REGISTRY)/$(USERNAME)
NAME = Talos
@ -24,7 +27,7 @@ EMBED_TARGET ?= embed
TOOLS_PREFIX ?= ghcr.io/siderolabs/tools
TOOLS ?= v1.10.0-alpha.0-23-g6d456ca
PKGS_PREFIX ?= ghcr.io/siderolabs
PKGS ?= v1.10.0-alpha.0-69-g665f782
PKGS ?= v1.10.0-alpha.0-72-g7d7323b
EXTRAS ?= v1.10.0-alpha.0-4-gc201b87
KRES_IMAGE ?= ghcr.io/siderolabs/kres:latest
@ -355,10 +358,10 @@ local-%: ## Builds the specified target defined in the Dockerfile using the loca
docker-%: ## Builds the specified target defined in the Dockerfile using the docker output type. The build result will be output to the specified local destination.
@mkdir -p $(DEST)
@$(MAKE) target-$* TARGET_ARGS="--output type=docker,dest=$(DEST)/$*.tar,name=$(REGISTRY_AND_USERNAME)/$*:$(IMAGE_TAG) $(TARGET_ARGS)"
@$(MAKE) target-$* TARGET_ARGS="--output type=docker,dest=$(DEST)/$*.tar,name=$(REGISTRY_AND_USERNAME)/$*:$(IMAGE_TAG_OUT) $(TARGET_ARGS)"
registry-%: ## Builds the specified target defined in the Dockerfile using the image/registry output type. The build result will be pushed to the registry if PUSH=true.
@$(MAKE) target-$* TARGET_ARGS="--output type=image,name=$(REGISTRY_AND_USERNAME)/$*:$(IMAGE_TAG) $(TARGET_ARGS)"
@$(MAKE) target-$* TARGET_ARGS="--output type=image,name=$(REGISTRY_AND_USERNAME)/$*:$(IMAGE_TAG_OUT) $(TARGET_ARGS)"
hack-test-%: ## Runs the specified script in ./hack/test with well known environment variables.
@./hack/test/$*.sh
@ -450,10 +453,10 @@ talosctl:
@$(MAKE) local-talosctl-targetarch DEST=$(ARTIFACTS)
image-%: ## Builds the specified image. Valid options are aws, azure, digital-ocean, gcp, and vmware (e.g. image-aws)
@docker pull $(REGISTRY_AND_USERNAME)/imager:$(IMAGE_TAG)
@docker pull $(REGISTRY_AND_USERNAME)/imager:$(IMAGE_TAG_IN)
@for platform in $(subst $(,),$(space),$(PLATFORM)); do \
arch=$$(basename "$${platform}") && \
docker run --rm -t -v /dev:/dev -v $(PWD)/$(ARTIFACTS):/secureboot:ro -v $(PWD)/$(ARTIFACTS):/out -e SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) --network=host --privileged $(REGISTRY_AND_USERNAME)/imager:$(IMAGE_TAG) $* --arch $$arch $(IMAGER_ARGS) ; \
docker run --rm -t -v /dev:/dev -v $(PWD)/$(ARTIFACTS):/secureboot:ro -v $(PWD)/$(ARTIFACTS):/out -e SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) --network=host --privileged $(REGISTRY_AND_USERNAME)/imager:$(IMAGE_TAG_IN) $* --arch $$arch $(IMAGER_ARGS) ; \
done
.PHONY: images-essential
@ -472,23 +475,23 @@ IMAGES_LIST :=
.PHONY: installer
installer: ## Builds the installer and outputs it to the artifact directory.
@$(MAKE) image-installer IMAGER_ARGS="--base-installer-image $(REGISTRY_AND_USERNAME)/installer-base:$(IMAGE_TAG) $(IMAGER_ARGS)"
@$(MAKE) image-installer IMAGER_ARGS="--base-installer-image $(REGISTRY_AND_USERNAME)/installer-base:$(IMAGE_TAG_IN) $(IMAGER_ARGS)"
@crane_args=""
@for platform in $(subst $(,),$(space),$(PLATFORM)); do \
arch=$$(basename "$${platform}") && \
image=$$(crane push $(ARTIFACTS)/installer-$${arch}.tar $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG)-$${arch}) && \
image=$$(crane push $(ARTIFACTS)/installer-$${arch}.tar $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG_OUT)-$${arch}) && \
crane_args="$${crane_args} -m $${image}" ; \
done; \
crane index append -t "${REGISTRY_AND_USERNAME}/installer:${IMAGE_TAG}" $${crane_args}
crane index append -t "${REGISTRY_AND_USERNAME}/installer:${IMAGE_TAG_OUT}" $${crane_args}
.PHONY: secureboot-installer
secureboot-installer: ## Builds UEFI only installer which uses UKI and push it to the registry.
@$(MAKE) image-secureboot-installer IMAGER_ARGS="--base-installer-image $(REGISTRY_AND_USERNAME)/installer-base:$(IMAGE_TAG) $(IMAGER_ARGS)"
@$(MAKE) image-secureboot-installer IMAGER_ARGS="--base-installer-image $(REGISTRY_AND_USERNAME)/installer-base:$(IMAGE_TAG_IN) $(IMAGER_ARGS)"
@for platform in $(subst $(,),$(space),$(PLATFORM)); do \
arch=$$(basename "$${platform}") && \
crane push $(ARTIFACTS)/installer-$${arch}-secureboot.tar $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG)-$${arch}-secureboot ; \
crane push $(ARTIFACTS)/installer-$${arch}-secureboot.tar $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG_OUT)-$${arch}-secureboot ; \
done
.PHONY: talosctl-cni-bundle
@ -519,10 +522,10 @@ uki-certs: talosctl ## Generate test certificates for SecureBoot/PCR Signing
.PHONY: cache-create
cache-create: installer imager ## Generate image cache.
@docker run --entrypoint /usr/local/bin/e2e.test registry.k8s.io/conformance:$(KUBECTL_VERSION) --list-images | \
$(TALOSCTL_EXECUTABLE) images integration --installer-tag=$(IMAGE_TAG) --registry-and-user=$(REGISTRY_AND_USERNAME) | \
$(TALOSCTL_EXECUTABLE) images integration --installer-tag=$(IMAGE_TAG_IN) --registry-and-user=$(REGISTRY_AND_USERNAME) | \
$(TALOSCTL_EXECUTABLE) images cache-create --image-cache-path=/tmp/cache.tar --images=- --force
@crane push /tmp/cache.tar $(REGISTRY_AND_USERNAME)/image-cache:$(IMAGE_TAG)
@$(MAKE) image-iso IMAGER_ARGS="--image-cache=$(REGISTRY_AND_USERNAME)/image-cache:$(IMAGE_TAG) --extra-kernel-arg='console=ttyS0'"
@crane push /tmp/cache.tar $(REGISTRY_AND_USERNAME)/image-cache:$(IMAGE_TAG_OUT)
@$(MAKE) image-iso IMAGER_ARGS="--image-cache=$(REGISTRY_AND_USERNAME)/image-cache:$(IMAGE_TAG_OUT) --extra-kernel-arg='console=ttyS0'"
# Code Quality
@ -600,8 +603,8 @@ e2e-%: $(ARTIFACTS)/$(INTEGRATION_TEST_DEFAULT_TARGET)-amd64 external-artifacts
TAG=$(TAG) \
SHA=$(SHA) \
REGISTRY=$(IMAGE_REGISTRY) \
IMAGE=$(REGISTRY_AND_USERNAME)/talos:$(IMAGE_TAG) \
INSTALLER_IMAGE=$(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG) \
IMAGE=$(REGISTRY_AND_USERNAME)/talos:$(IMAGE_TAG_IN) \
INSTALLER_IMAGE=$(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG_IN) \
ARTIFACTS=$(ARTIFACTS) \
TALOSCTL=$(PWD)/$(ARTIFACTS)/$(TALOSCTL_DEFAULT_TARGET)-amd64 \
INTEGRATION_TEST=$(PWD)/$(ARTIFACTS)/$(INTEGRATION_TEST_DEFAULT_TARGET)-amd64 \
@ -633,9 +636,9 @@ provision-tests-track-%:
installer-with-extensions: $(ARTIFACTS)/extensions/_out/extensions-metadata
$(MAKE) image-installer \
IMAGER_ARGS="--base-installer-image=$(REGISTRY_AND_USERNAME)/installer-base:$(IMAGE_TAG) $(shell cat $(ARTIFACTS)/extensions/_out/extensions-metadata | $(EXTENSIONS_FILTER_COMMAND) | xargs -n 1 echo --system-extension-image)"
crane push $(ARTIFACTS)/installer-amd64.tar $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG)-amd64-extensions
INSTALLER_IMAGE_EXTENSIONS="$(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG)-amd64-extensions" yq eval -n '.machine.install.image = strenv(INSTALLER_IMAGE_EXTENSIONS)' > $(ARTIFACTS)/installer-extensions-patch.yaml
IMAGER_ARGS="--base-installer-image=$(REGISTRY_AND_USERNAME)/installer-base:$(IMAGE_TAG_IN) $(shell cat $(ARTIFACTS)/extensions/_out/extensions-metadata | $(EXTENSIONS_FILTER_COMMAND) | xargs -n 1 echo --system-extension-image)"
crane push $(ARTIFACTS)/installer-amd64.tar $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG_OUT)-amd64-extensions
INSTALLER_IMAGE_EXTENSIONS="$(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG_OUT)-amd64-extensions" yq eval -n '.machine.install.image = strenv(INSTALLER_IMAGE_EXTENSIONS)' > $(ARTIFACTS)/installer-extensions-patch.yaml
kubelet-fat-patch:
K8S_VERSION=$(KUBECTL_VERSION) yq eval -n '.machine.kubelet.image = "ghcr.io/siderolabs/kubelet:" + strenv(K8S_VERSION) + "-fat"' > $(ARTIFACTS)/kubelet-fat-patch.yaml
@ -687,7 +690,7 @@ push: ## Pushes the installer, imager, talos and talosctl images to the configur
@$(MAKE) talosctl-image PUSH=true
push-%: ## Pushes the installer, imager, talos and talosctl images to the configured container registry with the specified tag (e.g. push-latest).
@$(MAKE) push IMAGE_TAG=$*
@$(MAKE) push IMAGE_TAG_OUT=$*
.PHONY: clean
clean: ## Cleans up all artifacts.
@ -695,11 +698,11 @@ clean: ## Cleans up all artifacts.
.PHONY: image-list
image-list: ## Prints a list of all images built by this Makefile with digests.
@echo -n installer installer-base talos imager talosctl | xargs -d ' ' -I{} sh -c 'echo $(REGISTRY_AND_USERNAME)/{}:$(IMAGE_TAG)' | xargs -I{} sh -c 'echo {}@$$(crane digest {})'
@echo -n installer installer-base talos imager talosctl | xargs -d ' ' -I{} sh -c 'echo $(REGISTRY_AND_USERNAME)/{}:$(IMAGE_TAG_IN)' | xargs -I{} sh -c 'echo {}@$$(crane digest {})'
.PHONY: sign-images
sign-images: ## Run cosign to sign all images built by this Makefile.
@for image in $(shell $(MAKE) --quiet image-list REGISTRY_AND_USERNAME=$(REGISTRY_AND_USERNAME) IMAGE_TAG=$(IMAGE_TAG)); do \
@for image in $(shell $(MAKE) --quiet image-list REGISTRY_AND_USERNAME=$(REGISTRY_AND_USERNAME) IMAGE_TAG_IN=$(IMAGE_TAG_IN)); do \
echo '==>' $$image; \
cosign verify $$image --certificate-identity-regexp '@siderolabs\.com$$' --certificate-oidc-issuer https://accounts.google.com || \
cosign sign --yes $$image; \

13
api/resource/definitions/block/block.proto
View File

@ -126,6 +126,10 @@ message MountSpec {
string selinux_label = 2;
bool project_quota_support = 3;
string parent_id = 4;
uint32 file_mode = 5;
int64 uid = 6;
int64 gid = 7;
bool recursive_relabel = 8;
}
// MountStatusSpec is the spec for MountStatus.
@ -156,6 +160,12 @@ message ProvisioningSpec {
FilesystemSpec filesystem_spec = 4;
}
// SymlinkProvisioningSpec is the spec for volume symlink.
message SymlinkProvisioningSpec {
string symlink_target_path = 1;
bool force = 2;
}
// SymlinkSpec is the spec for Symlinks resource.
message SymlinkSpec {
repeated string paths = 1;
@ -181,6 +191,7 @@ message VolumeConfigSpec {
LocatorSpec locator = 4;
MountSpec mount = 5;
EncryptionSpec encryption = 6;
SymlinkProvisioningSpec symlink = 7;
}
// VolumeMountRequestSpec is the spec for VolumeMountRequest.
@ -217,5 +228,7 @@ message VolumeStatusSpec {
MountSpec mount_spec = 15;
talos.resource.definitions.enums.BlockVolumeType type = 16;
repeated string configured_encryption_keys = 17;
SymlinkProvisioningSpec symlink_spec = 18;
string parent_id = 19;
}

2
api/resource/definitions/enums/enums.proto
View File

@ -401,6 +401,8 @@ enum BlockVolumeType {
VOLUME_TYPE_DISK = 1;
VOLUME_TYPE_TMPFS = 2;
VOLUME_TYPE_DIRECTORY = 3;
VOLUME_TYPE_SYMLINK = 4;
VOLUME_TYPE_OVERLAY = 5;
}
// CriImageCacheStatus describes image cache status type.

4
internal/app/machined/pkg/controllers/block/internal/volumes/close.go
View File

@ -19,8 +19,8 @@ import (
// Close the encrypted volumes.
func Close(ctx context.Context, logger *zap.Logger, volumeContext ManagerContext) error {
switch volumeContext.Cfg.TypedSpec().Type {
case block.VolumeTypeTmpfs, block.VolumeTypeDirectory:
// tmpfs & directory volumes can be always closed
case block.VolumeTypeTmpfs, block.VolumeTypeDirectory, block.VolumeTypeSymlink, block.VolumeTypeOverlay:
// tmpfs, directory, symlink and overlay volumes can be always closed
volumeContext.Status.Phase = block.VolumePhaseClosed
return nil

5
internal/app/machined/pkg/controllers/block/internal/volumes/locate.go
View File

@ -25,11 +25,12 @@ import (
//nolint:gocyclo,cyclop
func LocateAndProvision(ctx context.Context, logger *zap.Logger, volumeContext ManagerContext) error {
volumeContext.Status.MountSpec = volumeContext.Cfg.TypedSpec().Mount
volumeContext.Status.SymlinkSpec = volumeContext.Cfg.TypedSpec().Symlink
volumeType := volumeContext.Cfg.TypedSpec().Type
switch volumeType {
case block.VolumeTypeTmpfs, block.VolumeTypeDirectory:
// tmpfs & directory volumes are always ready
case block.VolumeTypeTmpfs, block.VolumeTypeDirectory, block.VolumeTypeSymlink, block.VolumeTypeOverlay:
// tmpfs, directory, symlink and overlays volumes are always ready
volumeContext.Status.Phase = block.VolumePhaseReady
return nil

2
internal/app/machined/pkg/controllers/block/internal/volumes/volumes.go
View File

@ -82,6 +82,8 @@ func (d *DiskContext) ToCELContext() map[string]any {
type ManagerContext struct {
Cfg *block.VolumeConfig
Status *block.VolumeStatusSpec
ParentStatus *block.VolumeStatus
ParentFinalizer string
DiscoveredVolumes []*blockpb.DiscoveredVolumeSpec
Disks []DiskContext

256
internal/app/machined/pkg/controllers/block/mount.go
View File

@ -7,7 +7,9 @@ package block
import (
"context"
"fmt"
"os"
"path/filepath"
"syscall"
"github.com/cosi-project/runtime/pkg/controller"
"github.com/cosi-project/runtime/pkg/resource"
@ -15,8 +17,12 @@ import (
"github.com/cosi-project/runtime/pkg/state"
"github.com/siderolabs/gen/xslices"
"go.uber.org/zap"
"golang.org/x/sys/unix"
"github.com/siderolabs/talos/internal/pkg/mount/v2"
"github.com/siderolabs/talos/internal/pkg/selinux"
"github.com/siderolabs/talos/pkg/filetree"
"github.com/siderolabs/talos/pkg/machinery/constants"
"github.com/siderolabs/talos/pkg/machinery/resources/block"
)
@ -203,12 +209,13 @@ func (ctrl *MountController) Run(ctx context.Context, r controller.Runtime, logg
mountTarget := volumeStatus.TypedSpec().MountSpec.TargetPath
mountFilesystem := volumeStatus.TypedSpec().Filesystem
rootPath := "/"
if mountHasParent {
// mount target is a path within the parent mount
mountTarget = filepath.Join(mountParentStatus.TypedSpec().Target, mountTarget)
rootPath = mountParentStatus.TypedSpec().Target
}
if err = ctrl.handleMountOperation(logger, mountSource, mountTarget, mountFilesystem, mountRequest, volumeStatus); err != nil {
if err = ctrl.handleMountOperation(logger, rootPath, mountSource, mountTarget, mountFilesystem, mountRequest, volumeStatus); err != nil {
return err
}
@ -217,7 +224,7 @@ func (ctrl *MountController) Run(ctx context.Context, r controller.Runtime, logg
func(mountStatus *block.MountStatus) error {
mountStatus.TypedSpec().Spec = *mountRequest.TypedSpec()
mountStatus.TypedSpec().Source = mountSource
mountStatus.TypedSpec().Target = mountTarget
mountStatus.TypedSpec().Target = filepath.Join(rootPath, mountTarget)
mountStatus.TypedSpec().Filesystem = mountFilesystem
mountStatus.TypedSpec().EncryptionProvider = volumeStatus.TypedSpec().EncryptionProvider
mountStatus.TypedSpec().ReadOnly = mountRequest.TypedSpec().ReadOnly
@ -264,6 +271,7 @@ func (ctrl *MountController) tearDownMountStatus(ctx context.Context, r controll
func (ctrl *MountController) handleMountOperation(
logger *zap.Logger,
rootPath string,
mountSource, mountTarget string,
mountFilesystem block.FilesystemType,
mountRequest *block.MountRequest,
@ -271,24 +279,173 @@ func (ctrl *MountController) handleMountOperation(
) error {
switch volumeStatus.TypedSpec().Type {
case block.VolumeTypeDirectory:
return ctrl.handleDirectoryMountOperation(mountTarget, volumeStatus)
return ctrl.handleDirectoryMountOperation(rootPath, mountTarget, volumeStatus)
case block.VolumeTypeOverlay:
return ctrl.handleOverlayMountOperation(logger, filepath.Join(rootPath, mountTarget), mountRequest, volumeStatus)
case block.VolumeTypeSymlink:
return ctrl.handleSymlinkMountOperation(logger, rootPath, mountTarget, mountRequest, volumeStatus)
case block.VolumeTypeTmpfs:
return fmt.Errorf("not implemented yet")
case block.VolumeTypeDisk, block.VolumeTypePartition:
return ctrl.handleDiskMountOperation(logger, mountSource, mountTarget, mountFilesystem, mountRequest, volumeStatus)
return ctrl.handleDiskMountOperation(logger, mountSource, filepath.Join(rootPath, mountTarget), mountFilesystem, mountRequest, volumeStatus)
default:
return fmt.Errorf("unsupported volume type %q", volumeStatus.TypedSpec().Type)
}
}
func (ctrl *MountController) handleDirectoryMountOperation(
_ string,
_ *block.VolumeStatus,
rootPath string,
target string,
volumeStatus *block.VolumeStatus,
) error {
// [TODO]: implement me
// - create directory if missing
// - set SELinux label if needed
// - set uid:gid if needed
targetPath := filepath.Join(rootPath, target)
if err := os.Mkdir(targetPath, volumeStatus.TypedSpec().MountSpec.FileMode); err != nil {
if !os.IsExist(err) {
return fmt.Errorf("failed to create target path: %w", err)
}
st, err := os.Stat(targetPath)
if err != nil {
return fmt.Errorf("failed to stat target path: %w", err)
}
if !st.IsDir() {
return fmt.Errorf("target path %q is not a directory", targetPath)
}
}
return ctrl.updateTargetSettings(targetPath, volumeStatus.TypedSpec().MountSpec)
}
//nolint:gocyclo
func (ctrl *MountController) handleSymlinkMountOperation(
logger *zap.Logger,
rootPath string,
target string,
mountRequest *block.MountRequest,
volumeStatus *block.VolumeStatus,
) error {
_, ok := ctrl.activeMounts[mountRequest.Metadata().ID()]
if ok {
return nil
}
targetPath := filepath.Join(rootPath, target)
st, err := os.Lstat(targetPath)
if err != nil && !os.IsNotExist(err) {
return fmt.Errorf("failed to stat target path: %w", err)
}
if st == nil {
// create the symlink
if err := os.Symlink(volumeStatus.TypedSpec().SymlinkSpec.SymlinkTargetPath, targetPath); err != nil {
return fmt.Errorf("failed to create symlink %q: %w", targetPath, err)
}
ctrl.activeMounts[mountRequest.Metadata().ID()] = &mountContext{}
return nil
}
if st.Mode()&os.ModeSymlink != 0 {
// if it's already a symlink, check if it points to the right target
symlinkTarget, err := os.Readlink(targetPath)
if err != nil {
return fmt.Errorf("failed to read symlink target: %w", err)
}
if symlinkTarget == volumeStatus.TypedSpec().SymlinkSpec.SymlinkTargetPath {
return nil
}
}
if !volumeStatus.TypedSpec().SymlinkSpec.Force {
return fmt.Errorf("target path %q is not a symlink to %q", targetPath, volumeStatus.TypedSpec().SymlinkSpec.SymlinkTargetPath)
}
// try to remove forcefully
if err := os.RemoveAll(targetPath); err != nil {
if !st.Mode().IsDir() {
return fmt.Errorf("failed to remove target path, and target is not a directory %s: %w", st.Mode(), err)
}
// try to remove all entries if it's a directory
entries, err := os.ReadDir(targetPath)
if err != nil {
return fmt.Errorf("failed to read target path: %w", err)
}
for _, entry := range entries {
if err := os.RemoveAll(filepath.Join(targetPath, entry.Name())); err != nil {
logger.Warn("failed to remove target path entry", zap.String("entry", entry.Name()), zap.Error(err))
}
}
ctrl.activeMounts[mountRequest.Metadata().ID()] = &mountContext{}
// return early, i.e. keep this as a directory
return nil
}
if err := os.Symlink(volumeStatus.TypedSpec().SymlinkSpec.SymlinkTargetPath, targetPath); err != nil {
return fmt.Errorf("failed to create symlink %q: %w", targetPath, err)
}
ctrl.activeMounts[mountRequest.Metadata().ID()] = &mountContext{}
return nil
}
//nolint:gocyclo
func (ctrl *MountController) updateTargetSettings(
targetPath string,
mountSpec block.MountSpec,
) error {
if err := os.Chmod(targetPath, mountSpec.FileMode); err != nil {
return fmt.Errorf("failed to chmod %q: %w", targetPath, err)
}
st, err := os.Stat(targetPath)
if err != nil {
return fmt.Errorf("failed to stat %q: %w", targetPath, err)
}
sysStat := st.Sys().(*syscall.Stat_t)
if sysStat.Uid != uint32(mountSpec.UID) || sysStat.Gid != uint32(mountSpec.GID) {
if mountSpec.RecursiveRelabel {
err = filetree.ChownRecursive(targetPath, uint32(mountSpec.UID), uint32(mountSpec.GID))
} else {
err = os.Chown(targetPath, mountSpec.UID, mountSpec.GID)
}
if err != nil {
return fmt.Errorf("failed to chown %q: %w", targetPath, err)
}
}
currentLabel, err := selinux.GetLabel(targetPath)
if err != nil {
return fmt.Errorf("failed to get current label %q: %w", targetPath, err)
}
if currentLabel == mountSpec.SelinuxLabel {
// nothing to do
return nil
}
if mountSpec.RecursiveRelabel {
err = selinux.SetLabelRecursive(targetPath, mountSpec.SelinuxLabel)
} else {
err = selinux.SetLabel(targetPath, mountSpec.SelinuxLabel)
}
if err != nil {
return fmt.Errorf("error setting label %q: %w", targetPath, err)
}
return nil
}
@ -326,6 +483,14 @@ func (ctrl *MountController) handleDiskMountOperation(
return fmt.Errorf("failed to mount %q: %w", mountRequest.Metadata().ID(), err)
}
if !mountRequest.TypedSpec().ReadOnly {
if err = ctrl.updateTargetSettings(mountTarget, volumeStatus.TypedSpec().MountSpec); err != nil {
unmounter() //nolint:errcheck
return fmt.Errorf("failed to update target settings %q: %w", mountRequest.Metadata().ID(), err)
}
}
logger.Info("volume mount",
zap.String("volume", volumeStatus.Metadata().ID()),
zap.String("source", mountSource),
@ -364,6 +529,52 @@ func (ctrl *MountController) handleDiskMountOperation(
return nil
}
func (ctrl *MountController) handleOverlayMountOperation(
logger *zap.Logger,
mountTarget string,
mountRequest *block.MountRequest,
volumeStatus *block.VolumeStatus,
) error {
if _, ok := ctrl.activeMounts[mountRequest.Metadata().ID()]; ok {
return nil
}
if volumeStatus.TypedSpec().ParentID != constants.EphemeralPartitionLabel {
return fmt.Errorf("overlay mount is not supported for %q", volumeStatus.TypedSpec().ParentID)
}
mountpoint := mount.NewVarOverlay(
[]string{mountTarget},
mountTarget,
mount.WithFlags(unix.MS_I_VERSION),
mount.WithSelinuxLabel(volumeStatus.TypedSpec().MountSpec.SelinuxLabel),
)
unmounter, err := mountpoint.Mount(mount.WithMountPrinter(logger.Sugar().Infof))
if err != nil {
return fmt.Errorf("failed to mount %q: %w", mountRequest.Metadata().ID(), err)
}
if err = ctrl.updateTargetSettings(mountTarget, volumeStatus.TypedSpec().MountSpec); err != nil {
unmounter() //nolint:errcheck
return fmt.Errorf("failed to update target settings %q: %w", mountRequest.Metadata().ID(), err)
}
logger.Info("overlay mount",
zap.String("volume", volumeStatus.Metadata().ID()),
zap.String("target", mountTarget),
zap.String("parent", volumeStatus.TypedSpec().ParentID),
)
ctrl.activeMounts[mountRequest.Metadata().ID()] = &mountContext{
point: mountpoint,
unmounter: unmounter,
}
return nil
}
func (ctrl *MountController) handleUnmountOperation(
logger *zap.Logger,
mountRequest *block.MountRequest,
@ -371,23 +582,18 @@ func (ctrl *MountController) handleUnmountOperation(
) error {
switch volumeStatus.TypedSpec().Type {
case block.VolumeTypeDirectory:
return ctrl.handleDirectoryUnmountOperation(mountRequest, volumeStatus)
return nil
case block.VolumeTypeTmpfs:
return fmt.Errorf("not implemented yet")
case block.VolumeTypeDisk, block.VolumeTypePartition:
case block.VolumeTypeDisk, block.VolumeTypePartition, block.VolumeTypeOverlay:
return ctrl.handleDiskUnmountOperation(logger, mountRequest, volumeStatus)
case block.VolumeTypeSymlink:
return ctrl.handleSymlinkUmountOperation(mountRequest)
default:
return fmt.Errorf("unsupported volume type %q", volumeStatus.TypedSpec().Type)
}
}
func (ctrl *MountController) handleDirectoryUnmountOperation(
_ *block.MountRequest,
_ *block.VolumeStatus,
) error {
return nil
}
func (ctrl *MountController) handleDiskUnmountOperation(
logger *zap.Logger,
mountRequest *block.MountRequest,
@ -413,3 +619,11 @@ func (ctrl *MountController) handleDiskUnmountOperation(
return nil
}
func (ctrl *MountController) handleSymlinkUmountOperation(
mountRequest *block.MountRequest,
) error {
delete(ctrl.activeMounts, mountRequest.Metadata().ID())
return nil
}

90
internal/app/machined/pkg/controllers/block/mount_status_test.go Normal file
View File

@ -0,0 +1,90 @@
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
package block_test
import (
"testing"
"time"
"github.com/cosi-project/runtime/pkg/resource"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/suite"
blockctrls "github.com/siderolabs/talos/internal/app/machined/pkg/controllers/block"
"github.com/siderolabs/talos/internal/app/machined/pkg/controllers/ctest"
"github.com/siderolabs/talos/pkg/machinery/resources/block"
)
type MountStatusSuite struct {
ctest.DefaultSuite
}
func TestMountStatusSuite(t *testing.T) {
t.Parallel()
suite.Run(t, &MountStatusSuite{
DefaultSuite: ctest.DefaultSuite{
Timeout: 3 * time.Second,
AfterSetup: func(suite *ctest.DefaultSuite) {
suite.Require().NoError(suite.Runtime().RegisterController(&blockctrls.MountStatusController{}))
},
},
})
}
func (suite *MountStatusSuite) TestReconcile() {
mountStatus1 := block.NewMountStatus(block.NamespaceName, "volume1")
mountStatus1.TypedSpec().Spec = block.MountRequestSpec{
VolumeID: "volume1",
Requesters: []string{"requester1", "requester2"},
RequesterIDs: []string{"requester1/volume1", "requester2/volume1"},
}
mountStatus1.TypedSpec().Target = "/target"
suite.Create(mountStatus1)
// mount status is exploded into volume mount statuses
ctest.AssertResources(suite,
[]resource.ID{"requester1/volume1", "requester2/volume1"},
func(vms *block.VolumeMountStatus, asrt *assert.Assertions) {
asrt.Equal("volume1", vms.Metadata().Labels().Raw()["mount-status-id"])
asrt.Equal("volume1", vms.TypedSpec().VolumeID)
asrt.Equal("/target", vms.TypedSpec().Target)
},
)
// mount status should now have a finalizer
ctest.AssertResource(suite, "volume1", func(ms *block.MountStatus, asrt *assert.Assertions) {
asrt.True(ms.Metadata().Finalizers().Has((&blockctrls.MountStatusController{}).Name()))
})
// add a finalizer for volume mount status
suite.AddFinalizer(block.NewVolumeMountStatus(block.NamespaceName, "requester1/volume1").Metadata(), "test-finalizer")
// now, teardown the mount status
ready, err := suite.State().Teardown(suite.Ctx(), mountStatus1.Metadata())
suite.Require().NoError(err)
suite.Assert().False(ready)
// volume mount status without finalizer should be removed
ctest.AssertNoResource[*block.VolumeMountStatus](suite, "requester2/volume1")
// volume mount status with finalizer should be tearing down
ctest.AssertResource(suite, "requester1/volume1", func(vms *block.VolumeMountStatus, asrt *assert.Assertions) {
asrt.Equal(resource.PhaseTearingDown, vms.Metadata().Phase())
})
// remove finalizer from volume mount status
suite.RemoveFinalizer(block.NewVolumeMountStatus(block.NamespaceName, "requester1/volume1").Metadata(), "test-finalizer")
// volume mount status should be destroyed
ctest.AssertNoResource[*block.VolumeMountStatus](suite, "requester1/volume1")
// now the mount status finalizers should be empty as well
ctest.AssertResource(suite, "volume1", func(ms *block.MountStatus, asrt *assert.Assertions) {
asrt.True(ms.Metadata().Finalizers().Empty())
})
suite.Destroy(mountStatus1)
}

152
internal/app/machined/pkg/controllers/block/mount_test.go Normal file
View File

@ -0,0 +1,152 @@
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
package block_test
import (
"os"
"path/filepath"
"testing"
"time"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/suite"
blockctrls "github.com/siderolabs/talos/internal/app/machined/pkg/controllers/block"
"github.com/siderolabs/talos/internal/app/machined/pkg/controllers/ctest"
"github.com/siderolabs/talos/pkg/machinery/resources/block"
)
type MountSuite struct {
ctest.DefaultSuite
}
func TestMountSuite(t *testing.T) {
t.Parallel()
suite.Run(t, &MountSuite{
DefaultSuite: ctest.DefaultSuite{
Timeout: 3 * time.Second,
AfterSetup: func(suite *ctest.DefaultSuite) {
suite.Require().NoError(suite.Runtime().RegisterController(&blockctrls.MountController{}))
},
},
})
}
func (suite *MountSuite) mountVolume(volumeID string) { //nolint:unparam
mountRequest := block.NewMountRequest(block.NamespaceName, volumeID)
mountRequest.TypedSpec().RequesterIDs = []string{"requester1/" + volumeID}
mountRequest.TypedSpec().Requesters = []string{"requester1"}
mountRequest.TypedSpec().VolumeID = volumeID
suite.Create(mountRequest)
// wait for the mount status to be created
ctest.AssertResource(suite, volumeID, func(*block.MountStatus, *assert.Assertions) {})
}
func (suite *MountSuite) TestSymlinkNew() {
dir := suite.T().TempDir()
targetPath := filepath.Join(dir, "target")
volumeStatus := block.NewVolumeStatus(block.NamespaceName, "volume1")
volumeStatus.TypedSpec().Type = block.VolumeTypeSymlink
volumeStatus.TypedSpec().SymlinkSpec = block.SymlinkProvisioningSpec{
SymlinkTargetPath: "/run",
Force: true,
}
volumeStatus.TypedSpec().MountSpec = block.MountSpec{
TargetPath: targetPath,
}
volumeStatus.TypedSpec().Phase = block.VolumePhaseReady
suite.Create(volumeStatus)
suite.mountVolume("volume1")
// verify symlink
path, err := os.Readlink(targetPath)
suite.Require().NoError(err)
suite.Assert().Equal("/run", path)
}
func (suite *MountSuite) TestSymlinkExists() {
dir := suite.T().TempDir()
targetPath := filepath.Join(dir, "target")
// symlink already exists
suite.Require().NoError(os.Symlink("/run", targetPath))
volumeStatus := block.NewVolumeStatus(block.NamespaceName, "volume1")
volumeStatus.TypedSpec().Type = block.VolumeTypeSymlink
volumeStatus.TypedSpec().SymlinkSpec = block.SymlinkProvisioningSpec{
SymlinkTargetPath: "/run",
}
volumeStatus.TypedSpec().MountSpec = block.MountSpec{
TargetPath: targetPath,
}
volumeStatus.TypedSpec().Phase = block.VolumePhaseReady
suite.Create(volumeStatus)
suite.mountVolume("volume1")
// verify symlink
path, err := os.Readlink(targetPath)
suite.Require().NoError(err)
suite.Assert().Equal("/run", path)
}
func (suite *MountSuite) TestSymlinkWrong() {
dir := suite.T().TempDir()
targetPath := filepath.Join(dir, "target")
// wrong symlink target
suite.Require().NoError(os.Symlink("/foo", targetPath))
volumeStatus := block.NewVolumeStatus(block.NamespaceName, "volume1")
volumeStatus.TypedSpec().Type = block.VolumeTypeSymlink
volumeStatus.TypedSpec().SymlinkSpec = block.SymlinkProvisioningSpec{
SymlinkTargetPath: "/run",
Force: true,
}
volumeStatus.TypedSpec().MountSpec = block.MountSpec{
TargetPath: targetPath,
}
volumeStatus.TypedSpec().Phase = block.VolumePhaseReady
suite.Create(volumeStatus)
suite.mountVolume("volume1")
// verify symlink
path, err := os.Readlink(targetPath)
suite.Require().NoError(err)
suite.Assert().Equal("/run", path)
}
func (suite *MountSuite) TestSymlinkDirectory() {
dir := suite.T().TempDir()
targetPath := filepath.Join(dir, "target")
// non-empty directory structure
suite.Require().NoError(os.Mkdir(targetPath, 0o755))
suite.Require().NoError(os.Mkdir(filepath.Join(targetPath, "foo"), 0o755))
volumeStatus := block.NewVolumeStatus(block.NamespaceName, "volume1")
volumeStatus.TypedSpec().Type = block.VolumeTypeSymlink
volumeStatus.TypedSpec().SymlinkSpec = block.SymlinkProvisioningSpec{
SymlinkTargetPath: "/run",
Force: true,
}
volumeStatus.TypedSpec().MountSpec = block.MountSpec{
TargetPath: targetPath,
}
volumeStatus.TypedSpec().Phase = block.VolumePhaseReady
suite.Create(volumeStatus)
suite.mountVolume("volume1")
// verify symlink
path, err := os.Readlink(targetPath)
suite.Require().NoError(err)
suite.Assert().Equal("/run", path)
}

9
internal/app/machined/pkg/controllers/block/user_disk_config.go
View File

@ -216,10 +216,13 @@ func (ctrl *UserDiskConfigController) processUserDiskPartition(
targetPath = strings.TrimPrefix(targetPath, "/var/")
}
// TODO: label user disks
vc.TypedSpec().Mount = block.MountSpec{
TargetPath: targetPath,
ParentID: parentID,
TargetPath: targetPath,
ParentID: parentID,
SelinuxLabel: constants.EphemeralSelinuxLabel,
FileMode: 0o755,
UID: 0,
GID: 0,
}
return nil

212
internal/app/machined/pkg/controllers/block/volume_config.go
View File

@ -8,6 +8,8 @@ import (
"context"
"encoding/json"
"fmt"
"os"
"path/filepath"
"github.com/cosi-project/runtime/pkg/controller"
"github.com/cosi-project/runtime/pkg/safe"
@ -198,6 +200,14 @@ func (ctrl *VolumeConfigController) Run(ctx context.Context, r controller.Runtim
); err != nil {
return fmt.Errorf("error creating ephemeral volume configuration: %w", err)
}
if err = ctrl.manageStandardVolumes(ctx, r); err != nil {
return fmt.Errorf("error creating standard volume configuration: %w", err)
}
if err = ctrl.manageOverlayVolumes(ctx, r); err != nil {
return fmt.Errorf("error creating overlay volume configuration: %w", err)
}
}
// [TODO]: this would fail as it doesn't handle finalizers properly
@ -210,7 +220,11 @@ func (ctrl *VolumeConfigController) Run(ctx context.Context, r controller.Runtim
func (ctrl *VolumeConfigController) manageEphemeralInContainer(vc *block.VolumeConfig) error {
vc.TypedSpec().Type = block.VolumeTypeDirectory
vc.TypedSpec().Mount = block.MountSpec{
TargetPath: constants.EphemeralMountPoint,
TargetPath: constants.EphemeralMountPoint,
SelinuxLabel: constants.EphemeralSelinuxLabel,
FileMode: 0o755,
UID: 0,
GID: 0,
}
return nil
@ -247,6 +261,9 @@ func (ctrl *VolumeConfigController) manageEphemeral(config cfg.Config) func(vc *
vc.TypedSpec().Mount = block.MountSpec{
TargetPath: constants.EphemeralMountPoint,
SelinuxLabel: constants.EphemeralSelinuxLabel,
FileMode: 0o755,
UID: 0,
GID: 0,
ProjectQuotaSupport: config.Machine().Features().DiskQuotaSupportEnabled(),
}
@ -268,7 +285,11 @@ func (ctrl *VolumeConfigController) manageEphemeral(config cfg.Config) func(vc *
func (ctrl *VolumeConfigController) manageStateInContainer(vc *block.VolumeConfig) error {
vc.TypedSpec().Type = block.VolumeTypeDirectory
vc.TypedSpec().Mount = block.MountSpec{
TargetPath: constants.StateMountPoint,
TargetPath: constants.StateMountPoint,
SelinuxLabel: constants.StateSelinuxLabel,
FileMode: 0o700,
UID: 0,
GID: 0,
}
return nil
@ -284,6 +305,9 @@ func (ctrl *VolumeConfigController) manageStateConfigPresent(config cfg.Config)
vc.TypedSpec().Mount = block.MountSpec{
TargetPath: constants.StateMountPoint,
SelinuxLabel: constants.StateSelinuxLabel,
FileMode: 0o700,
UID: 0,
GID: 0,
}
vc.TypedSpec().Provisioning = block.ProvisioningSpec{
@ -328,6 +352,9 @@ func (ctrl *VolumeConfigController) manageStateNoConfig(encryptionMeta *runtime.
vc.TypedSpec().Mount = block.MountSpec{
TargetPath: constants.StateMountPoint,
SelinuxLabel: constants.StateSelinuxLabel,
FileMode: 0o700,
UID: 0,
GID: 0,
}
match := labelVolumeMatchAndNonEmpty(constants.StatePartitionLabel)
@ -360,3 +387,184 @@ func (ctrl *VolumeConfigController) manageStateNoConfig(encryptionMeta *runtime.
return nil
}
}
func (ctrl *VolumeConfigController) manageStandardVolumes(ctx context.Context, r controller.Runtime) error {
if err := safe.WriterModify(ctx, r,
block.NewVolumeConfig(block.NamespaceName, "/var/run"),
func(vc *block.VolumeConfig) error {
vc.TypedSpec().Type = block.VolumeTypeSymlink
vc.TypedSpec().Symlink = block.SymlinkProvisioningSpec{
SymlinkTargetPath: "/run",
Force: true,
}
vc.TypedSpec().Mount = block.MountSpec{
TargetPath: "/var/run",
}
return nil
},
); err != nil {
return fmt.Errorf("error creating symlink volume configuration for /var/run: %w", err)
}
parentIDs := map[string]string{
"/var": constants.EphemeralPartitionLabel,
"/var/run": "/var/run",
}
for _, volume := range []struct {
ID string
Path string
Mode os.FileMode
UID int
GID int
Recursive bool
SELinuxLabel string
}{
// /var/log
{
Path: "/var/log",
Mode: 0o755,
SELinuxLabel: "system_u:object_r:var_log_t:s0",
},
{
Path: "/var/log/audit",
Mode: 0o700,
SELinuxLabel: "system_u:object_r:audit_log_t:s0",
},
{
Path: constants.KubernetesAuditLogDir,
Mode: 0o700,
UID: constants.KubernetesAPIServerRunUser,
GID: constants.KubernetesAPIServerRunGroup,
Recursive: true,
SELinuxLabel: "system_u:object_r:kube_log_t:s0",
},
{
Path: "/var/log/containers",
Mode: 0o755,
SELinuxLabel: "system_u:object_r:containers_log_t:s0",
},
{
Path: "/var/log/pods",
Mode: 0o755,
SELinuxLabel: "system_u:object_r:pods_log_t:s0",
},
// /var/lib
{
Path: "/var/lib",
Mode: 0o700,
SELinuxLabel: constants.EphemeralSelinuxLabel,
},
{
ID: constants.EtcdDataVolumeID,
Path: constants.EtcdDataPath,
SELinuxLabel: constants.EtcdDataSELinuxLabel,
Mode: 0o700,
UID: constants.EtcdUserID,
GID: constants.EtcdUserID,
Recursive: true,
},
{
Path: "/var/lib/containerd",
Mode: 0o000,
SELinuxLabel: "system_u:object_r:containerd_state_t:s0",
},
{
Path: "/var/lib/kubelet",
Mode: 0o700,
SELinuxLabel: "system_u:object_r:kubelet_state_t:s0",
},
{
Path: "/var/lib/cni",
Mode: 0o700,
Recursive: true,
SELinuxLabel: "system_u:object_r:cni_state_t:s0",
},
{
Path: "/var/lib/kubelet/seccomp",
Mode: 0o700,
SELinuxLabel: "system_u:object_r:seccomp_profile_t:s0",
},
{
Path: constants.SeccompProfilesDirectory,
Mode: 0o700,
Recursive: true,
SELinuxLabel: "system_u:object_r:seccomp_profile_t:s0",
},
// /var/run
{
Path: "/var/run/lock",
Mode: 0o755,
SELinuxLabel: "system_u:object_r:var_lock_t:s0",
},
} {
parentDir := filepath.Dir(volume.Path)
targetDir := filepath.Base(volume.Path)
parentID, ok := parentIDs[parentDir]
if !ok {
return fmt.Errorf("unknown parent directory volume %q for %q", parentDir, volume.Path)
}
volumeID := volume.Path
if volume.ID != "" {
volumeID = volume.ID
}
if err := safe.WriterModify(ctx, r,
block.NewVolumeConfig(block.NamespaceName, volumeID),
func(vc *block.VolumeConfig) error {
vc.TypedSpec().Type = block.VolumeTypeDirectory
vc.TypedSpec().Mount = block.MountSpec{
TargetPath: targetDir,
ParentID: parentID,
SelinuxLabel: volume.SELinuxLabel,
FileMode: volume.Mode,
UID: volume.UID,
GID: volume.GID,
RecursiveRelabel: volume.Recursive,
}
return nil
},
); err != nil {
return fmt.Errorf("error creating volume configuration for %q: %w", volume.Path, err)
}
parentIDs[volume.Path] = volumeID
}
return nil
}
func (ctrl *VolumeConfigController) manageOverlayVolumes(ctx context.Context, r controller.Runtime) error {
if ctrl.V1Alpha1Mode.InContainer() {
return nil
}
for _, overlay := range constants.Overlays {
if err := safe.WriterModify(ctx, r,
block.NewVolumeConfig(block.NamespaceName, overlay.Path),
func(vc *block.VolumeConfig) error {
vc.TypedSpec().Type = block.VolumeTypeOverlay
vc.TypedSpec().ParentID = constants.EphemeralPartitionLabel
vc.TypedSpec().Mount = block.MountSpec{
TargetPath: overlay.Path,
SelinuxLabel: overlay.Label,
FileMode: 0o755,
UID: 0,
GID: 0,
}
return nil
},
); err != nil {
return fmt.Errorf("error creating volume configuration for %q: %w", overlay.Path, err)
}
}
return nil
}

26
internal/app/machined/pkg/controllers/block/volume_config_test.go
View File

@ -10,6 +10,8 @@ import (
"testing"
"time"
"github.com/cosi-project/runtime/pkg/resource"
"github.com/siderolabs/gen/xslices"
"github.com/siderolabs/go-pointer"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/suite"
@ -120,6 +122,30 @@ func (suite *VolumeConfigSuite) TestReconcileDefaults() {
asrt.Equal(constants.EphemeralMountPoint, r.TypedSpec().Mount.TargetPath)
})
ctest.AssertResources(suite, []resource.ID{
"/var/log",
"/var/log/audit",
"/var/log/containers",
"/var/log/pods",
constants.EtcdDataVolumeID,
"/var/lib/containerd",
"/var/lib/kubelet",
"/var/lib/cni",
constants.SeccompProfilesDirectory,
constants.KubernetesAuditLogDir,
"/var/run/lock",
}, func(r *block.VolumeConfig, asrt *assert.Assertions) {
asrt.Equal(block.VolumeTypeDirectory, r.TypedSpec().Type)
})
ctest.AssertResources(suite,
xslices.Map(constants.Overlays, func(target constants.SELinuxLabeledPath) resource.ID {
return target.Path
}),
func(r *block.VolumeConfig, asrt *assert.Assertions) {
asrt.Equal(block.VolumeTypeOverlay, r.TypedSpec().Type)
})
}
func (suite *VolumeConfigSuite) TestReconcileEncryptedSTATE() {

97
internal/app/machined/pkg/controllers/block/volume_manager.go
View File

@ -49,7 +49,7 @@ func (ctrl *VolumeManagerController) Inputs() []controller.Input {
{
Namespace: block.NamespaceName,
Type: block.VolumeStatusType,
Kind: controller.InputDestroyReady,
Kind: controller.InputStrong,
},
{
Namespace: block.NamespaceName,
@ -294,14 +294,31 @@ func (ctrl *VolumeManagerController) Run(ctx context.Context, r controller.Runti
volumeStatus := volumeStatuses[vc.Metadata().ID()]
volumeLogger := logger.With(zap.String("volume", vc.Metadata().ID()))
var volumeParentStatus *block.VolumeStatus
if vc.TypedSpec().ParentID != "" {
volumeParentStatus = volumeStatuses[vc.TypedSpec().ParentID]
}
parentFinalizer := ctrl.Name() + "-" + vc.Metadata().ID()
// figure out if we are tearing down this volume or building it
tearingDown := (volumeStatus != nil && volumeStatus.Metadata().Phase() == resource.PhaseTearingDown) || // we started tearing down the volume, so finish doing so
vc.Metadata().Phase() == resource.PhaseTearingDown || // volume config is being torn down
volumeParentStatus != nil && volumeParentStatus.Metadata().Phase() == resource.PhaseTearingDown || // parent volume is being torn down
volumeLifecycleTearingDown // global volume lifecycle requires all volumes to be torn down
// volume status doesn't exist yet, figure out what to do
if volumeStatus == nil {
if tearingDown {
if volumeParentStatus != nil {
if volumeParentStatus.Metadata().Finalizers().Has(parentFinalizer) {
if err = r.RemoveFinalizer(ctx, volumeParentStatus.Metadata(), parentFinalizer); err != nil {
return fmt.Errorf("error removing finalizer from parent volume configuration: %w", err)
}
}
}
// happy case, we don't need to progress this volume
if vc.Metadata().Finalizers().Has(ctrl.Name()) {
if err = r.RemoveFinalizer(ctx, vc.Metadata(), ctrl.Name()); err != nil {
@ -316,6 +333,7 @@ func (ctrl *VolumeManagerController) Run(ctx context.Context, r controller.Runti
volumeStatus = block.NewVolumeStatus(block.NamespaceName, vc.Metadata().ID())
volumeStatus.TypedSpec().Phase = block.VolumePhaseWaiting
volumeStatus.TypedSpec().Type = vc.TypedSpec().Type
volumeStatus.TypedSpec().ParentID = vc.TypedSpec().ParentID
volumeStatuses[vc.Metadata().ID()] = volumeStatus
}
@ -331,12 +349,15 @@ func (ctrl *VolumeManagerController) Run(ctx context.Context, r controller.Runti
prevPhase := volumeStatus.TypedSpec().Phase
if err = ctrl.processVolumeConfig(
if err = ctrl.progressVolumeConfig(
ctx,
volumeLogger,
r,
volumes.ManagerContext{
Cfg: vc,
Status: volumeStatus.TypedSpec(),
ParentStatus: volumeParentStatus,
ParentFinalizer: parentFinalizer,
DiscoveredVolumes: discoveredVolumesSpecs,
Disks: diskSpecs,
DevicesReady: devicesReady,
@ -373,34 +394,53 @@ func (ctrl *VolumeManagerController) Run(ctx context.Context, r controller.Runti
}
if prevPhase != volumeStatus.TypedSpec().Phase || err != nil {
fields := []zap.Field{
zap.String("phase", fmt.Sprintf("%s -> %s", prevPhase, volumeStatus.TypedSpec().Phase)),
zap.Error(err),
}
suppressVolumeLogs := slices.Contains(
[]block.VolumeType{
block.VolumeTypeDirectory,
block.VolumeTypeOverlay,
block.VolumeTypeSymlink,
},
volumeStatus.TypedSpec().Type,
)
if volumeStatus.TypedSpec().Location != "" {
fields = append(fields, zap.String("location", volumeStatus.TypedSpec().Location))
}
if !suppressVolumeLogs {
fields := []zap.Field{
zap.String("phase", fmt.Sprintf("%s -> %s", prevPhase, volumeStatus.TypedSpec().Phase)),
zap.Error(err),
}
if volumeStatus.TypedSpec().MountLocation != "" && volumeStatus.TypedSpec().MountLocation != volumeStatus.TypedSpec().Location {
fields = append(fields, zap.String("mountLocation", volumeStatus.TypedSpec().MountLocation))
}
if volumeStatus.TypedSpec().Location != "" {
fields = append(fields, zap.String("location", volumeStatus.TypedSpec().Location))
}
if volumeStatus.TypedSpec().ParentLocation != "" {
fields = append(fields, zap.String("parentLocation", volumeStatus.TypedSpec().ParentLocation))
}
if volumeStatus.TypedSpec().MountLocation != "" && volumeStatus.TypedSpec().MountLocation != volumeStatus.TypedSpec().Location {
fields = append(fields, zap.String("mountLocation", volumeStatus.TypedSpec().MountLocation))
}
if len(volumeStatus.TypedSpec().EncryptionFailedSyncs) > 0 {
fields = append(fields, zap.Strings("encryptionFailedSyncs", volumeStatus.TypedSpec().EncryptionFailedSyncs))
}
if volumeStatus.TypedSpec().ParentLocation != "" {
fields = append(fields, zap.String("parentLocation", volumeStatus.TypedSpec().ParentLocation))
}
volumeLogger.Info("volume status", fields...)
if len(volumeStatus.TypedSpec().EncryptionFailedSyncs) > 0 {
fields = append(fields, zap.Strings("encryptionFailedSyncs", volumeStatus.TypedSpec().EncryptionFailedSyncs))
}
volumeLogger.Info("volume status", fields...)
}
}
// when closing, ignore META volume, we want it to stay longer, so no problem if is not closed yet
allClosed = allClosed && (volumeStatus.TypedSpec().Phase == block.VolumePhaseClosed || vc.Metadata().ID() == constants.MetaPartitionLabel)
if shouldCloseVolume && volumeStatus.TypedSpec().Phase == block.VolumePhaseClosed {
if volumeParentStatus != nil {
if volumeParentStatus.Metadata().Finalizers().Has(parentFinalizer) {
if err = r.RemoveFinalizer(ctx, volumeParentStatus.Metadata(), parentFinalizer); err != nil {
return fmt.Errorf("error removing finalizer from parent volume configuration: %w", err)
}
}
}
// we can destroy the volume status now
if err = r.Destroy(ctx, volumeStatus.Metadata()); err != nil {
return fmt.Errorf("error destroying volume status: %w", err)
@ -430,6 +470,25 @@ func (ctrl *VolumeManagerController) Run(ctx context.Context, r controller.Runti
}
}
func (ctrl *VolumeManagerController) progressVolumeConfig(ctx context.Context, logger *zap.Logger, r controller.Runtime, volumeContext volumes.ManagerContext) error {
if !volumeContext.ShouldCloseVolume {
if volumeContext.Cfg.TypedSpec().ParentID != "" {
if volumeContext.ParentStatus == nil {
// not ready yet
return nil
}
if !volumeContext.ParentStatus.Metadata().Finalizers().Has(volumeContext.ParentFinalizer) {
if err := r.AddFinalizer(ctx, volumeContext.ParentStatus.Metadata(), volumeContext.ParentFinalizer); err != nil {
return fmt.Errorf("error adding finalizer to parent volume configuration: %w", err)
}
}
}
}
return ctrl.processVolumeConfig(ctx, logger, volumeContext)
}
// processVolumeConfig implements the volume configuration automata.
//
// Initial -> { Waiting } ----> { Missing } // volume is not found (by locator)

19
internal/app/machined/pkg/controllers/cri/image_cache_config.go
View File

@ -82,6 +82,11 @@ func (ctrl *ImageCacheConfigController) Inputs() []controller.Input {
Type: block.VolumeMountStatusType,
Kind: controller.InputStrong,
},
{
Namespace: block.NamespaceName,
Type: block.VolumeMountRequestType,
Kind: controller.InputDestroyReady,
},
}
}
@ -252,7 +257,12 @@ func (ctrl *ImageCacheConfigController) createVolumeConfigISO(ctx context.Contex
volumeCfg.TypedSpec().Locator = block.LocatorSpec{
Match: *boolExpr,
}
volumeCfg.TypedSpec().Mount.TargetPath = constants.ImageCacheISOMountPoint
volumeCfg.TypedSpec().Mount = block.MountSpec{
TargetPath: constants.ImageCacheISOMountPoint,
FileMode: 0o700,
UID: 0,
GID: 0,
}
return nil
})
@ -305,7 +315,12 @@ func (ctrl *ImageCacheConfigController) createVolumeConfigDisk(ctx context.Conte
volumeCfg.TypedSpec().Provisioning.FilesystemSpec.Type = block.FilesystemTypeEXT4
}
volumeCfg.TypedSpec().Mount.TargetPath = constants.ImageCacheDiskMountPoint
volumeCfg.TypedSpec().Mount = block.MountSpec{
TargetPath: constants.ImageCacheDiskMountPoint,
FileMode: 0o700,
UID: 0,
GID: 0,
}
return nil
})

12
internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer.go
View File

@ -217,17 +217,9 @@ func (*Sequencer) Boot(r runtime.Runtime) []runtime.Phase {
r.State().Platform().Mode() == runtime.ModeContainer,
"sharedFilesystems",
SetupSharedFilesystems,
).AppendWhen(
r.State().Platform().Mode() != runtime.ModeContainer,
).Append(
"ephemeral",
MountEphemeralPartition,
).Append(
"var",
SetupVarDirectory,
).AppendWhen(
r.State().Platform().Mode() != runtime.ModeContainer,
"overlay",
MountOverlayFilesystems,
).AppendWhen(
r.State().Platform().Mode() != runtime.ModeContainer,
"udevSetup",
@ -455,7 +447,6 @@ func (*Sequencer) Upgrade(r runtime.Runtime, in *machineapi.UpgradeRequest) []ru
StopServicesEphemeral,
).Append(
"unmount",
UnmountOverlayFilesystems,
UnmountPodMounts,
).Append(
"unmountBind",
@ -503,7 +494,6 @@ func stopAllPhaselist(r runtime.Runtime, enableKexec bool) PhaseList {
StopServicesEphemeral,
).Append(
"umount",
UnmountOverlayFilesystems,
UnmountPodMounts,
).Append(
"unmountBind",

188
internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go
View File

@ -509,15 +509,6 @@ func StopAllServices(runtime.Sequence, any) (runtime.TaskExecutionFunc, string)
}, "stopAllServices"
}
// MountOverlayFilesystems represents the MountOverlayFilesystems task.
func MountOverlayFilesystems(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) {
return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) (err error) {
_, err = mountv2.OverlayMountPoints().Mount()
return err
}, "mountOverlayFilesystems"
}
// SetupSharedFilesystems represents the SetupSharedFilesystems task.
func SetupSharedFilesystems(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) {
return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) (err error) {
@ -532,132 +523,6 @@ func SetupSharedFilesystems(runtime.Sequence, any) (runtime.TaskExecutionFunc, s
}, "setupSharedFilesystems"
}
// CreateDirectory is a structure describing properties of a directory to be initialized.
type CreateDirectory struct {
Path string
Mode os.FileMode
UID, GID int
SELinuxLabel string
ExcludeLabels []string
}
// InitializeDirectoryStructure creates directories and sets security options on them.
func InitializeDirectoryStructure(directories []CreateDirectory) error {
for _, dir := range directories {
if err := os.MkdirAll(dir.Path, dir.Mode); err != nil {
return err
}
if err := os.Chmod(dir.Path, dir.Mode); err != nil {
return err
}
if err := selinux.SetLabelRecursive(dir.Path, dir.SELinuxLabel, dir.ExcludeLabels...); err != nil {
return err
}
if dir.UID != 0 || dir.GID != 0 {
if err := os.Chown(dir.Path, dir.UID, dir.GID); err != nil {
return err
}
}
}
return nil
}
// SetupVarDirectory represents the SetupVarDirectory task.
func SetupVarDirectory(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) {
return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) error {
if err := setupVarRun(logger); err != nil {
return err
}
directoryConfigurations := []CreateDirectory{
{
Path: "/var/log",
Mode: 0o755,
SELinuxLabel: "system_u:object_r:var_log_t:s0",
},
{
Path: "/var/log/audit",
Mode: 0o700,
SELinuxLabel: "system_u:object_r:audit_log_t:s0",
},
{
Path: "/var/log/containers",
Mode: 0o755,
SELinuxLabel: "system_u:object_r:containers_log_t:s0",
},
{
Path: "/var/log/pods",
Mode: 0o755,
SELinuxLabel: "system_u:object_r:pods_log_t:s0",
},
{
Path: "/var/lib/containerd",
Mode: 0o000,
SELinuxLabel: "system_u:object_r:containerd_state_t:s0",
},
{
Path: "/var/lib/kubelet",
Mode: 0o700,
SELinuxLabel: "system_u:object_r:kubelet_state_t:s0",
},
{
Path: "/var/lib/cni",
Mode: 0o700,
SELinuxLabel: "system_u:object_r:cni_state_t:s0",
},
{
Path: "/var/run/lock",
Mode: 0o755,
SELinuxLabel: "system_u:object_r:var_lock_t:s0",
},
{
Path: constants.SeccompProfilesDirectory,
Mode: 0o700,
SELinuxLabel: "system_u:object_r:seccomp_profile_t:s0",
},
{
Path: constants.KubernetesAuditLogDir,
Mode: 0o700,
UID: constants.KubernetesAPIServerRunUser,
GID: constants.KubernetesAPIServerRunGroup,
SELinuxLabel: "system_u:object_r:kube_log_t:s0",
},
}
return InitializeDirectoryStructure(directoryConfigurations)
}, "setupVarDirectory"
}
func setupVarRun(logger *log.Logger) error {
// handle '/var/run' - if that exists after an upgrade, and is a directory, clean it up
// if it doesn't exist, create as a symlink to '/run'
runSt, err := os.Lstat("/var/run")
if err == nil && runSt.IsDir() {
// old Talos versions had '/var/run' as a directory, clean it up on boot
entries, err := os.ReadDir("/var/run")
if err != nil {
return fmt.Errorf("failed to read /var/run: %w", err)
}
for _, e := range entries {
if err = os.RemoveAll(filepath.Join("/var/run", e.Name())); err != nil {
logger.Printf("failed to remove %s: %s", e.Name(), err)
}
}
} else if err != nil && os.IsNotExist(err) {
// '/var/run' doesn't exist, create as a symlink to '/run'
if err = os.Symlink("/run", "/var/run"); err != nil {
return fmt.Errorf("failed to create /var/run symlink: %w", err)
}
}
return nil
}
// MountUserDisks represents the MountUserDisks task.
func MountUserDisks(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) {
return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) error {
@ -865,13 +730,6 @@ func existsAndIsFile(p string) (err error) {
return nil
}
// UnmountOverlayFilesystems represents the UnmountOverlayFilesystems task.
func UnmountOverlayFilesystems(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) {
return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) (err error) {
return mountv2.OverlayMountPoints().Unmount()
}, "unmountOverlayFilesystems"
}
// UnmountPodMounts represents the UnmountPodMounts task.
func UnmountPodMounts(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) {
return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) (err error) {
@ -910,18 +768,24 @@ func UnmountPodMounts(runtime.Sequence, any) (runtime.TaskExecutionFunc, string)
}
// UnmountSystemDiskBindMounts represents the UnmountSystemDiskBindMounts task.
//
//nolint:gocyclo
func UnmountSystemDiskBindMounts(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) {
return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) (err error) {
systemDisk, err := blockres.GetSystemDisk(ctx, r.State().V1Alpha2().Resources())
if err != nil {
ephemeralStatus, err := safe.StateGetByID[*blockres.VolumeStatus](ctx, r.State().V1Alpha2().Resources(), constants.EphemeralPartitionLabel)
if err != nil && !state.IsNotFoundError(err) {
return err
}
if systemDisk == nil {
if ephemeralStatus == nil {
return nil
}
devname := systemDisk.DevPath
devname := ephemeralStatus.TypedSpec().MountLocation
if devname == "" {
return nil
}
f, err := os.Open("/proc/mounts")
if err != nil {
@ -938,18 +802,19 @@ func UnmountSystemDiskBindMounts(runtime.Sequence, any) (runtime.TaskExecutionFu
continue
}
device := strings.ReplaceAll(fields[0], "/dev/mapper", "/dev")
mountpoint := fields[1]
device, mountpoint := fields[0], fields[1]
if strings.HasPrefix(device, devname) && device != devname {
logger.Printf("unmounting %s\n", mountpoint)
if device != devname || mountpoint == constants.EphemeralMountPoint {
continue
}
if err = mountv2.SafeUnmount(ctx, logger.Printf, mountpoint); err != nil {
if errors.Is(err, syscall.EINVAL) {
log.Printf("ignoring unmount error %s: %v", mountpoint, err)
} else {
return fmt.Errorf("error unmounting %s: %w", mountpoint, err)
}
logger.Printf("unmounting %s\n", mountpoint)
if err = mountv2.SafeUnmount(ctx, logger.Printf, mountpoint); err != nil {
if errors.Is(err, syscall.EINVAL) {
log.Printf("ignoring unmount error %s: %v", mountpoint, err)
} else {
return fmt.Errorf("error unmounting %s: %w", mountpoint, err)
}
}
}
@ -1617,21 +1482,16 @@ func UnmountEphemeralPartition(runtime.Sequence, any) (runtime.TaskExecutionFunc
return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) error {
mountRequest := blockres.NewVolumeMountRequest(blockres.NamespaceName, constants.EphemeralPartitionLabel).Metadata()
_, err := r.State().V1Alpha2().Resources().Teardown(ctx, mountRequest)
err := r.State().V1Alpha2().Resources().Destroy(ctx, mountRequest)
if err != nil {
if state.IsNotFoundError(err) {
return nil
}
return fmt.Errorf("failed to teardown EPHEMERAL mount request: %w", err)
return fmt.Errorf("failed to destroy EPHEMERAL mount request: %w", err)
}
_, err = r.State().V1Alpha2().Resources().WatchFor(ctx, mountRequest, state.WithFinalizerEmpty())
if err != nil {
return fmt.Errorf("failed to wait for EPHEMERAL teardown: %w", err)
}
return r.State().V1Alpha2().Resources().Destroy(ctx, mountRequest)
return nil
}, "unmountEphemeralPartition"
}

1
internal/app/machined/pkg/startup/startup.go
View File

@ -40,7 +40,6 @@ func DefaultTasks() []Task {
LogMode,
MountPseudoLate,
SetupSystemDirectories,
SetupSystemSubdirectories,
InitVolumeLifecycle,
MountCgroups,
SetRLimit,

69
internal/app/machined/pkg/startup/tasks.go
View File

@ -17,7 +17,6 @@ import (
"golang.org/x/sys/unix"
"github.com/siderolabs/talos/internal/app/machined/pkg/runtime"
"github.com/siderolabs/talos/internal/app/machined/pkg/runtime/v1alpha1"
"github.com/siderolabs/talos/internal/pkg/environment"
"github.com/siderolabs/talos/internal/pkg/mount/v2"
"github.com/siderolabs/talos/internal/pkg/selinux"
@ -34,61 +33,27 @@ func LogMode(ctx context.Context, log *zap.Logger, rt runtime.Runtime, next Next
// SetupSystemDirectories creates system default directories.
func SetupSystemDirectories(ctx context.Context, log *zap.Logger, rt runtime.Runtime, next NextTaskFunc) error {
for _, path := range []string{constants.SystemEtcPath, constants.SystemVarPath, constants.StateMountPoint} {
if err := os.MkdirAll(path, 0o700); err != nil {
for _, dir := range []struct {
path string
perm os.FileMode
label string
}{
{constants.SystemEtcPath, 0o700, constants.EtcSelinuxLabel},
{constants.SystemVarPath, 0o700, constants.SystemVarSelinuxLabel},
{constants.StateMountPoint, 0o700, ""},
{constants.SystemRunPath, 0o751, "system_u:object_r:system_run_t:s0"},
{"/system/run/containerd", 0o711, "system_u:object_r:sys_containerd_run_t:s0"},
{"/run/containerd", 0o711, "system_u:object_r:pod_containerd_run_t:s0"},
} {
if err := os.MkdirAll(dir.path, dir.perm); err != nil {
return fmt.Errorf("setupSystemDirectories: %w", err)
}
var label string
switch path {
case constants.SystemEtcPath:
label = constants.EtcSelinuxLabel
case constants.SystemVarPath:
label = constants.SystemVarSelinuxLabel
default: // /system/state is another mount
label = ""
if dir.label != "" {
if err := selinux.SetLabel(dir.path, dir.label); err != nil {
return fmt.Errorf("setupSystemDirectories: %w", err)
}
}
if err := selinux.SetLabel(path, label); err != nil {
return err
}
}
for _, path := range []string{constants.SystemRunPath} {
if err := os.MkdirAll(path, 0o751); err != nil {
return fmt.Errorf("setupSystemDirectories: %w", err)
}
}
return next()(ctx, log, rt, next)
}
// SetupSystemSubdirectories creates and configures subdirectories under /system.
func SetupSystemSubdirectories(ctx context.Context, log *zap.Logger, rt runtime.Runtime, next NextTaskFunc) error {
directoryConfigurations := []v1alpha1.CreateDirectory{
{
Path: "/system/run",
Mode: 0o751,
SELinuxLabel: "system_u:object_r:system_run_t:s0",
},
{
Path: "/system/run/containerd",
Mode: 0o711,
SELinuxLabel: "system_u:object_r:sys_containerd_run_t:s0",
ExcludeLabels: []string{"system_u:object_r:sys_containerd_socket_t:s0"},
},
{
Path: "/run/containerd",
Mode: 0o711,
SELinuxLabel: "system_u:object_r:pod_containerd_run_t:s0",
ExcludeLabels: []string{"system_u:object_r:pod_containerd_socket_t:s0"},
},
}
err := v1alpha1.InitializeDirectoryStructure(directoryConfigurations)
if err != nil {
return err
}
return next()(ctx, log, rt, next)

2
internal/app/machined/pkg/system/integration_test.go
View File

@ -70,7 +70,7 @@ func (TestService) DependsOn(runtime.Runtime) []string {
return nil
}
func (TestService) Volumes() []string {
func (TestService) Volumes(runtime.Runtime) []string {
return nil
}

2
internal/app/machined/pkg/system/mocks_test.go
View File

@ -64,7 +64,7 @@ func (m *MockService) DependsOn(runtime.Runtime) []string {
return m.dependencies
}
func (m *MockService) Volumes() []string {
func (m *MockService) Volumes(runtime.Runtime) []string {
return nil
}

2
internal/app/machined/pkg/system/service.go
View File

@ -30,7 +30,7 @@ type Service interface {
// DependsOn returns list of service IDs this service depends on.
DependsOn(runtime.Runtime) []string
// Volumes returns a list of volume IDs the service needs.
Volumes() []string
Volumes(runtime.Runtime) []string
}
// HealthcheckedService is a service which provides health check.

9
internal/app/machined/pkg/system/service_runner.go
View File

@ -219,7 +219,7 @@ func (svcrunner *ServiceRunner) Run(notifyChannels ...chan<- struct{}) error {
condition = conditions.WaitForAll(serviceDependencies, condition)
}
if volumeIDs := svcrunner.service.Volumes(); len(volumeIDs) > 0 && !svcrunner.runtime.State().Platform().Mode().InContainer() {
if volumeIDs := svcrunner.service.Volumes(svcrunner.runtime); len(volumeIDs) > 0 {
// create volume mount request for each volume requested
volumeRequestIDs := make([]string, 0, len(volumeIDs))
@ -241,8 +241,11 @@ func (svcrunner *ServiceRunner) Run(notifyChannels ...chan<- struct{}) error {
// cleanup volume mounts
defer func() {
if err := svcrunner.deleteVolumeMountRequest(ctx, volumeRequestIDs); err != nil {
svcrunner.UpdateState(ctx, events.StateFailed, "Failed to clean up volumes: %v", err)
cleanupCtx, cleanupCancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cleanupCancel()
if err := svcrunner.deleteVolumeMountRequest(cleanupCtx, volumeRequestIDs); err != nil {
svcrunner.UpdateState(cleanupCtx, events.StateFailed, "Failed to clean up volumes: %v", err)
}
}()
}

2
internal/app/machined/pkg/system/services/apid.go
View File

@ -135,7 +135,7 @@ func (o *APID) DependsOn(runtime.Runtime) []string {
}
// Volumes implements the Service interface.
func (o *APID) Volumes() []string {
func (o *APID) Volumes(runtime.Runtime) []string {
return nil
}

2
internal/app/machined/pkg/system/services/auditd.go
View File

@ -51,7 +51,7 @@ func (s *Auditd) DependsOn(runtime.Runtime) []string {
}
// Volumes implements the Service interface.
func (s *Auditd) Volumes() []string {
func (s *Auditd) Volumes(runtime.Runtime) []string {
return nil
}

2
internal/app/machined/pkg/system/services/containerd.go
View File

@ -79,7 +79,7 @@ func (c *Containerd) DependsOn(runtime.Runtime) []string {
}
// Volumes implements the Service interface.
func (c *Containerd) Volumes() []string {
func (c *Containerd) Volumes(runtime.Runtime) []string {
return nil
}

21
internal/app/machined/pkg/system/services/cri.go
View File

@ -11,6 +11,7 @@ import (
containerd "github.com/containerd/containerd/v2/client"
"github.com/containerd/containerd/v2/defaults"
"github.com/siderolabs/gen/xslices"
"google.golang.org/grpc/health/grpc_health_v1"
"github.com/siderolabs/talos/internal/app/machined/pkg/runtime"
@ -81,8 +82,24 @@ func (c *CRI) DependsOn(runtime.Runtime) []string {
}
// Volumes implements the Service interface.
func (c *CRI) Volumes() []string {
return []string{constants.EphemeralPartitionLabel}
func (c *CRI) Volumes(r runtime.Runtime) []string {
volumes := []string{
"/var/lib",
"/var/lib/cni",
"/var/lib/containerd",
"/var/run",
"/var/run/lock",
}
if !r.State().Platform().Mode().InContainer() {
volumes = append(volumes,
xslices.Map(constants.Overlays, func(target constants.SELinuxLabeledPath) string {
return target.Path
})...,
)
}
return volumes
}
// Runner implements the Service interface.

2
internal/app/machined/pkg/system/services/dashboard.go
View File

@ -51,7 +51,7 @@ func (d *Dashboard) DependsOn(_ runtime.Runtime) []string {
}
// Volumes implements the Service interface.
func (d *Dashboard) Volumes() []string {
func (d *Dashboard) Volumes(runtime.Runtime) []string {
return nil
}

27
internal/app/machined/pkg/system/services/etcd.go
View File

@ -40,7 +40,6 @@ import (
"github.com/siderolabs/talos/internal/pkg/containers/image"
"github.com/siderolabs/talos/internal/pkg/environment"
"github.com/siderolabs/talos/internal/pkg/etcd"
"github.com/siderolabs/talos/internal/pkg/selinux"
"github.com/siderolabs/talos/pkg/argsbuilder"
"github.com/siderolabs/talos/pkg/conditions"
"github.com/siderolabs/talos/pkg/filetree"
@ -86,25 +85,6 @@ func (e *Etcd) ID(runtime.Runtime) string {
//
//nolint:gocyclo
func (e *Etcd) PreFunc(ctx context.Context, r runtime.Runtime) error {
if err := os.MkdirAll(constants.EtcdDataPath, 0o700); err != nil {
return err
}
// Data path might exist after upgrade from previous version of Talos.
if err := os.Chmod(constants.EtcdDataPath, 0o700); err != nil {
return err
}
// Relabel in case of upgrade from older version or SELinux being disabled and then enabled.
if err := selinux.SetLabel(constants.EtcdDataPath, constants.EtcdDataSELinuxLabel); err != nil {
return err
}
// Make sure etcd user can access files in the data directory.
if err := filetree.ChownRecursive(constants.EtcdDataPath, constants.EtcdUserID, constants.EtcdUserID); err != nil {
return err
}
client, err := containerdapi.New(constants.CRIContainerdAddress)
if err != nil {
return err
@ -185,8 +165,11 @@ func (e *Etcd) DependsOn(runtime.Runtime) []string {
}
// Volumes implements the Service interface.
func (e *Etcd) Volumes() []string {
return nil
func (e *Etcd) Volumes(runtime.Runtime) []string {
return []string{
"/var/lib",
constants.EtcdDataVolumeID,
}
}
// Runner implements the Service interface.

2
internal/app/machined/pkg/system/services/extension.go
View File

@ -113,7 +113,7 @@ func (svc *Extension) DependsOn(r runtime.Runtime) []string {
}
// Volumes implements the Service interface.
func (svc *Extension) Volumes() []string {
func (svc *Extension) Volumes(runtime.Runtime) []string {
return nil
}

18
internal/app/machined/pkg/system/services/kubelet.go
View File

@ -106,8 +106,18 @@ func (k *Kubelet) DependsOn(runtime.Runtime) []string {
}
// Volumes implements the Service interface.
func (k *Kubelet) Volumes() []string {
return nil
func (k *Kubelet) Volumes(runtime.Runtime) []string {
return []string{
"/var/lib",
"/var/lib/kubelet",
"/var/log",
"/var/log/audit",
"/var/log/containers",
"/var/log/pods",
"/var/lib/kubelet/seccomp",
constants.SeccompProfilesDirectory,
constants.KubernetesAuditLogDir,
}
}
// Runner implements the Service interface.
@ -236,13 +246,11 @@ func kubeletSeccomp(seccomp *specs.LinuxSeccomp) {
}
func simpleHealthCheck(ctx context.Context, url string) error {
req, err := http.NewRequest(http.MethodGet, url, nil)
req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
if err != nil {
return err
}
req = req.WithContext(ctx)
resp, err := http.DefaultClient.Do(req) //nolint:bodyclose
if err != nil {
return err

2
internal/app/machined/pkg/system/services/machined.go
View File

@ -228,7 +228,7 @@ func (m *Machined) DependsOn(runtime.Runtime) []string {
}
// Volumes implements the Service interface.
func (m *Machined) Volumes() []string {
func (m *Machined) Volumes(runtime.Runtime) []string {
return nil
}

2
internal/app/machined/pkg/system/services/registryd.go
View File

@ -39,7 +39,7 @@ func (r *registryD) PreFunc(context.Context, runtime.Runtime) error { retur
func (r *registryD) PostFunc(runtime.Runtime, events.ServiceState) error { return nil }
func (r *registryD) Condition(runtime.Runtime) conditions.Condition { return nil }
func (r *registryD) DependsOn(runtime.Runtime) []string { return nil }
func (r *registryD) Volumes() []string { return nil }
func (r *registryD) Volumes(runtime.Runtime) []string { return nil }
func (r *registryD) HealthFunc(runtime.Runtime) health.Check {
return func(ctx context.Context) error {

2
internal/app/machined/pkg/system/services/syslogd.go
View File

@ -51,7 +51,7 @@ func (s *Syslogd) DependsOn(runtime.Runtime) []string {
}
// Volumes implements the Service interface.
func (s *Syslogd) Volumes() []string {
func (s *Syslogd) Volumes(runtime.Runtime) []string {
return nil
}

2
internal/app/machined/pkg/system/services/trustd.go
View File

@ -136,7 +136,7 @@ func (t *Trustd) DependsOn(runtime.Runtime) []string {
}
// Volumes implements the Service interface.
func (t *Trustd) Volumes() []string {
func (t *Trustd) Volumes(runtime.Runtime) []string {
return nil
}

2
internal/app/machined/pkg/system/services/udevd.go
View File

@ -67,7 +67,7 @@ func (c *Udevd) DependsOn(runtime.Runtime) []string {
}
// Volumes implements the Service interface.
func (c *Udevd) Volumes() []string {
func (c *Udevd) Volumes(runtime.Runtime) []string {
return nil
}

15
internal/app/machined/pkg/system/volumes.go
View File

@ -44,20 +44,9 @@ func (svcrunner *ServiceRunner) deleteVolumeMountRequest(ctx context.Context, re
}
for _, requestID := range requestIDs {
_, err := st.Teardown(ctx, block.NewVolumeMountRequest(block.NamespaceName, requestID).Metadata())
err := st.Destroy(ctx, block.NewVolumeMountRequest(block.NamespaceName, requestID).Metadata())
if err != nil {
return fmt.Errorf("failed to teardown mount request %q: %w", requestID, err)
}
}
for _, requestID := range requestIDs {
_, err := st.WatchFor(ctx, block.NewVolumeMountRequest(block.NamespaceName, requestID).Metadata(), state.WithFinalizerEmpty())
if err != nil {
return fmt.Errorf("failed to wait for teardown of mount request %q: %w", requestID, err)
}
if err = st.Destroy(ctx, block.NewVolumeMountRequest(block.NamespaceName, requestID).Metadata()); err != nil {
return fmt.Errorf("failed to destroy mount request %q: %w", requestID, err)
return fmt.Errorf("failed to destroy volume mount request %q: %w", requestID, err)
}
}

117
internal/integration/api/selinux.go
View File

@ -18,6 +18,7 @@ import (
"time"
"github.com/cosi-project/runtime/pkg/resource/rtestutils"
"github.com/cosi-project/runtime/pkg/safe"
"github.com/siderolabs/go-pointer"
"github.com/siderolabs/go-procfs/procfs"
"github.com/stretchr/testify/assert"
@ -76,8 +77,6 @@ func (suite *SELinuxSuite) getLabel(nodeCtx context.Context, pid int32) string {
// to ensure SELinux labels for files are set when they are created and FS's are mounted with correct labels.
// FIXME: cancel the test in case system was upgraded.
func (suite *SELinuxSuite) TestFileMountLabels() {
suite.T().Skip("skipping this test until it becomes stable enough")
workers := suite.DiscoverNodeInternalIPsByType(suite.ctx, machine.TypeWorker)
controlplanes := suite.DiscoverNodeInternalIPsByType(suite.ctx, machine.TypeControlPlane)
@ -85,9 +84,12 @@ func (suite *SELinuxSuite) TestFileMountLabels() {
// Mounts
constants.SystemPath: constants.SystemSelinuxLabel,
constants.EphemeralMountPoint: constants.EphemeralSelinuxLabel,
constants.StateMountPoint: constants.StateSelinuxLabel,
constants.StateMountPoint: constants.SystemSelinuxLabel,
constants.SystemVarPath: constants.SystemVarSelinuxLabel,
constants.RunPath: constants.RunSelinuxLabel,
"/run/containerd": "system_u:object_r:pod_containerd_run_t:s0",
"/run/lock": "system_u:object_r:var_lock_t:s0",
constants.SystemRunPath: "system_u:object_r:system_run_t:s0",
"/var/run": constants.RunSelinuxLabel,
// Runtime files
constants.APIRuntimeSocketPath: constants.APIRuntimeSocketLabel,
@ -104,8 +106,15 @@ func (suite *SELinuxSuite) TestFileMountLabels() {
"/opt/cni": "system_u:object_r:cni_plugin_t:s0",
"/opt/containerd": "system_u:object_r:containerd_plugin_t:s0",
// Directories
"/var/lib/containerd": "system_u:object_r:containerd_state_t:s0",
"/var/lib/kubelet": "system_u:object_r:kubelet_state_t:s0",
"/var/lib/containerd": "system_u:object_r:containerd_state_t:s0",
"/var/lib/cni": "system_u:object_r:cni_state_t:s0",
"/var/lib/kubelet": "system_u:object_r:kubelet_state_t:s0",
"/var/lib/kubelet/seccomp": "system_u:object_r:seccomp_profile_t:s0",
"/var/log": "system_u:object_r:var_log_t:s0",
"/var/log/audit": "system_u:object_r:audit_log_t:s0",
constants.KubernetesAuditLogDir: "system_u:object_r:kube_log_t:s0",
"/var/log/containers": "system_u:object_r:containers_log_t:s0",
"/var/log/pods": "system_u:object_r:pods_log_t:s0",
// Mounts and runtime-generated files
constants.SystemEtcPath: constants.EtcSelinuxLabel,
"/etc": constants.EtcSelinuxLabel,
@ -157,55 +166,69 @@ func (suite *SELinuxSuite) checkFileLabels(nodes []string, expectedLabels map[st
suite.T().Skip("skipping SELinux test since SELinux is disabled")
}
// We should check both folders and their contents for proper labels
for _, dir := range []bool{true, false} {
for path, label := range expectedLabels {
req := &machineapi.ListRequest{
Root: path,
ReportXattrs: true,
}
if dir {
req.Types = []machineapi.ListRequest_Type{machineapi.ListRequest_DIRECTORY}
}
extensions, err := safe.StateListAll[*runtimeres.ExtensionStatus](nodeCtx, suite.Client.COSI)
suite.Require().NoError(err)
stream, err := suite.Client.LS(nodeCtx, req)
if extensions.Len() > 0 {
suite.T().Skip("skipping SELinux test since extensions are running")
}
suite.Require().NoError(err)
for path, label := range expectedLabels {
req := &machineapi.ListRequest{
Root: path,
ReportXattrs: true,
}
err = helpers.ReadGRPCStream(stream, func(info *machineapi.FileInfo, node string, multipleNodes bool) error {
// E.g. /var/lib should inherit /var label, while /var/run is a new mountpoint
if slices.Contains(paths, info.Name) && info.Name != path {
return nil
}
stream, err := suite.Client.LS(nodeCtx, req)
suite.Require().NotNil(info.Xattrs)
found := false
for _, l := range info.Xattrs {
if l.Name == "security.selinux" {
got := string(bytes.Trim(l.Data, "\x00\n"))
suite.Require().Contains(got, label, "expected %s to have label %s, got %s", path, label, got)
found = true
break
}
}
suite.Require().True(found)
suite.Require().NoError(err)
err = helpers.ReadGRPCStream(stream, func(info *machineapi.FileInfo, node string, multipleNodes bool) error {
// E.g. /var/lib should inherit /var label, while /var/run is a new mountpoint
if slices.Contains(paths, info.Name) && info.Name != path {
return nil
})
if allowMissing {
if err != nil {
suite.Require().Contains(err.Error(), "lstat")
suite.Require().Contains(err.Error(), "no such file or directory")
}
} else {
suite.Require().NoError(err)
}
if slices.Contains(
[]string{
constants.RunPath,
constants.SystemRunPath,
"/run/containerd",
"/var/run",
"/var/log/containers",
},
path,
) && info.Name != path {
return nil
}
suite.Require().NotNil(info.Xattrs)
found := false
for _, l := range info.Xattrs {
if l.Name == "security.selinux" {
got := string(bytes.Trim(l.Data, "\x00\n"))
suite.Require().Contains(got, label, "expected %s to have label %s, got %s (checking %s)", info.Name, label, got, path)
found = true
break
}
}
suite.Require().True(found)
return nil
})
if allowMissing {
if err != nil {
suite.Require().Contains(err.Error(), "lstat")
suite.Require().Contains(err.Error(), "no such file or directory")
}
} else {
suite.Require().NoError(err)
}
}
}

7
internal/integration/k8s/tink.go
View File

@ -22,6 +22,7 @@ import (
"github.com/siderolabs/gen/xslices"
"github.com/siderolabs/go-pointer"
"github.com/siderolabs/go-retry/retry"
"github.com/stretchr/testify/assert"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
@ -203,7 +204,11 @@ func (suite *TinkSuite) TestDeploy() {
suite.T().Log("bootstrapping")
suite.Require().NoError(talosClient.Bootstrap(ctx, &machineapi.BootstrapRequest{}))
suite.Require().EventuallyWithT(func(collect *assert.CollectT) {
asrt := assert.New(collect)
asrt.NoError(talosClient.Bootstrap(ctx, &machineapi.BootstrapRequest{}))
}, time.Minute, 100*time.Millisecond)
clusterAccess := &tinkClusterAccess{
KubernetesClient: cluster.KubernetesClient{

20
internal/pkg/mount/v2/overlay.go
View File

@ -1,20 +0,0 @@
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
package mount
import (
"github.com/siderolabs/gen/xslices"
"golang.org/x/sys/unix"
"github.com/siderolabs/talos/pkg/machinery/constants"
)
// OverlayMountPoints returns the mountpoints required to boot the system.
// These mountpoints are used as overlays on top of the read only rootfs.
func OverlayMountPoints() Points {
return xslices.Map(constants.Overlays, func(target constants.SELinuxLabeledPath) *Point {
return NewVarOverlay([]string{target.Path}, target.Path, WithFlags(unix.MS_I_VERSION), WithSelinuxLabel(target.Label))
})
}

27
internal/pkg/selinux/selinux.go
View File

@ -49,6 +49,25 @@ var IsEnforcing = sync.OnceValue(func() bool {
return val != nil && *val == "1"
})
// GetLabel gets label for file, directory or symlink (not following symlinks)
// It does not perform the operation in case SELinux is disabled.
func GetLabel(filename string) (string, error) {
if !IsEnabled() {
return "", nil
}
label, err := xattr.LGet(filename, "security.selinux")
if err != nil {
return "", err
}
if label == nil {
return "", nil
}
return string(bytes.Trim(label, "\x00\n")), nil
}
// SetLabel sets label for file, directory or symlink (not following symlinks)
// It does not perform the operation in case SELinux is disabled, provided label is empty or already set.
func SetLabel(filename string, label string, excludeLabels ...string) error {
@ -56,22 +75,22 @@ func SetLabel(filename string, label string, excludeLabels ...string) error {
return nil
}
// We use LGet/LSet so that we manipulate label on the exact path, not the symlink target.
currentLabel, err := xattr.LGet(filename, "security.selinux")
currentLabel, err := GetLabel(filename)
if err != nil {
return err
}
// Skip extra FS transactions when labels are okay.
if string(bytes.Trim(currentLabel, "\x00\n")) == label {
if currentLabel == label {
return nil
}
// Skip setting label if it's in excludeLabels.
if currentLabel != nil && slices.Contains(excludeLabels, string(bytes.Trim(currentLabel, "\x00\n"))) {
if currentLabel != "" && slices.Contains(excludeLabels, currentLabel) {
return nil
}
// We use LGet/LSet so that we manipulate label on the exact path, not the symlink target.
if err := xattr.LSet(filename, "security.selinux", []byte(label)); err != nil {
return err
}

600
pkg/machinery/api/resource/definitions/block/block.pb.go
View File

@ -983,6 +983,10 @@ type MountSpec struct {
SelinuxLabel string `protobuf:"bytes,2,opt,name=selinux_label,json=selinuxLabel,proto3" json:"selinux_label,omitempty"`
ProjectQuotaSupport bool `protobuf:"varint,3,opt,name=project_quota_support,json=projectQuotaSupport,proto3" json:"project_quota_support,omitempty"`
ParentId string `protobuf:"bytes,4,opt,name=parent_id,json=parentId,proto3" json:"parent_id,omitempty"`
FileMode uint32 `protobuf:"varint,5,opt,name=file_mode,json=fileMode,proto3" json:"file_mode,omitempty"`
Uid int64 `protobuf:"varint,6,opt,name=uid,proto3" json:"uid,omitempty"`
Gid int64 `protobuf:"varint,7,opt,name=gid,proto3" json:"gid,omitempty"`
RecursiveRelabel bool `protobuf:"varint,8,opt,name=recursive_relabel,json=recursiveRelabel,proto3" json:"recursive_relabel,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
@ -1045,6 +1049,34 @@ func (x *MountSpec) GetParentId() string {
return ""
}
func (x *MountSpec) GetFileMode() uint32 {
if x != nil {
return x.FileMode
}
return 0
}
func (x *MountSpec) GetUid() int64 {
if x != nil {
return x.Uid
}
return 0
}
func (x *MountSpec) GetGid() int64 {
if x != nil {
return x.Gid
}
return 0
}
func (x *MountSpec) GetRecursiveRelabel() bool {
if x != nil {
return x.RecursiveRelabel
}
return false
}
// MountStatusSpec is the spec for MountStatus.
type MountStatusSpec struct {
state protoimpl.MessageState `protogen:"open.v1"`
@ -1284,6 +1316,59 @@ func (x *ProvisioningSpec) GetFilesystemSpec() *FilesystemSpec {
return nil
}
// SymlinkProvisioningSpec is the spec for volume symlink.
type SymlinkProvisioningSpec struct {
state protoimpl.MessageState `protogen:"open.v1"`
SymlinkTargetPath string `protobuf:"bytes,1,opt,name=symlink_target_path,json=symlinkTargetPath,proto3" json:"symlink_target_path,omitempty"`
Force bool `protobuf:"varint,2,opt,name=force,proto3" json:"force,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *SymlinkProvisioningSpec) Reset() {
*x = SymlinkProvisioningSpec{}
mi := &file_resource_definitions_block_block_proto_msgTypes[15]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *SymlinkProvisioningSpec) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*SymlinkProvisioningSpec) ProtoMessage() {}
func (x *SymlinkProvisioningSpec) ProtoReflect() protoreflect.Message {
mi := &file_resource_definitions_block_block_proto_msgTypes[15]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use SymlinkProvisioningSpec.ProtoReflect.Descriptor instead.
func (*SymlinkProvisioningSpec) Descriptor() ([]byte, []int) {
return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{15}
}
func (x *SymlinkProvisioningSpec) GetSymlinkTargetPath() string {
if x != nil {
return x.SymlinkTargetPath
}
return ""
}
func (x *SymlinkProvisioningSpec) GetForce() bool {
if x != nil {
return x.Force
}
return false
}
// SymlinkSpec is the spec for Symlinks resource.
type SymlinkSpec struct {
state protoimpl.MessageState `protogen:"open.v1"`
@ -1294,7 +1379,7 @@ type SymlinkSpec struct {
func (x *SymlinkSpec) Reset() {
*x = SymlinkSpec{}
mi := &file_resource_definitions_block_block_proto_msgTypes[15]
mi := &file_resource_definitions_block_block_proto_msgTypes[16]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -1306,7 +1391,7 @@ func (x *SymlinkSpec) String() string {
func (*SymlinkSpec) ProtoMessage() {}
func (x *SymlinkSpec) ProtoReflect() protoreflect.Message {
mi := &file_resource_definitions_block_block_proto_msgTypes[15]
mi := &file_resource_definitions_block_block_proto_msgTypes[16]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -1319,7 +1404,7 @@ func (x *SymlinkSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use SymlinkSpec.ProtoReflect.Descriptor instead.
func (*SymlinkSpec) Descriptor() ([]byte, []int) {
return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{15}
return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{16}
}
func (x *SymlinkSpec) GetPaths() []string {
@ -1340,7 +1425,7 @@ type SystemDiskSpec struct {
func (x *SystemDiskSpec) Reset() {
*x = SystemDiskSpec{}
mi := &file_resource_definitions_block_block_proto_msgTypes[16]
mi := &file_resource_definitions_block_block_proto_msgTypes[17]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -1352,7 +1437,7 @@ func (x *SystemDiskSpec) String() string {
func (*SystemDiskSpec) ProtoMessage() {}
func (x *SystemDiskSpec) ProtoReflect() protoreflect.Message {
mi := &file_resource_definitions_block_block_proto_msgTypes[16]
mi := &file_resource_definitions_block_block_proto_msgTypes[17]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -1365,7 +1450,7 @@ func (x *SystemDiskSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use SystemDiskSpec.ProtoReflect.Descriptor instead.
func (*SystemDiskSpec) Descriptor() ([]byte, []int) {
return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{16}
return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{17}
}
func (x *SystemDiskSpec) GetDiskId() string {
@ -1393,7 +1478,7 @@ type UserDiskConfigStatusSpec struct {
func (x *UserDiskConfigStatusSpec) Reset() {
*x = UserDiskConfigStatusSpec{}
mi := &file_resource_definitions_block_block_proto_msgTypes[17]
mi := &file_resource_definitions_block_block_proto_msgTypes[18]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -1405,7 +1490,7 @@ func (x *UserDiskConfigStatusSpec) String() string {
func (*UserDiskConfigStatusSpec) ProtoMessage() {}
func (x *UserDiskConfigStatusSpec) ProtoReflect() protoreflect.Message {
mi := &file_resource_definitions_block_block_proto_msgTypes[17]
mi := &file_resource_definitions_block_block_proto_msgTypes[18]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -1418,7 +1503,7 @@ func (x *UserDiskConfigStatusSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use UserDiskConfigStatusSpec.ProtoReflect.Descriptor instead.
func (*UserDiskConfigStatusSpec) Descriptor() ([]byte, []int) {
return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{17}
return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{18}
}
func (x *UserDiskConfigStatusSpec) GetReady() bool {
@ -1437,20 +1522,21 @@ func (x *UserDiskConfigStatusSpec) GetTornDown() bool {
// VolumeConfigSpec is the spec for VolumeConfig resource.
type VolumeConfigSpec struct {
state protoimpl.MessageState `protogen:"open.v1"`
ParentId string `protobuf:"bytes,1,opt,name=parent_id,json=parentId,proto3" json:"parent_id,omitempty"`
Type enums.BlockVolumeType `protobuf:"varint,2,opt,name=type,proto3,enum=talos.resource.definitions.enums.BlockVolumeType" json:"type,omitempty"`
Provisioning *ProvisioningSpec `protobuf:"bytes,3,opt,name=provisioning,proto3" json:"provisioning,omitempty"`
Locator *LocatorSpec `protobuf:"bytes,4,opt,name=locator,proto3" json:"locator,omitempty"`
Mount *MountSpec `protobuf:"bytes,5,opt,name=mount,proto3" json:"mount,omitempty"`
Encryption *EncryptionSpec `protobuf:"bytes,6,opt,name=encryption,proto3" json:"encryption,omitempty"`
state protoimpl.MessageState `protogen:"open.v1"`
ParentId string `protobuf:"bytes,1,opt,name=parent_id,json=parentId,proto3" json:"parent_id,omitempty"`
Type enums.BlockVolumeType `protobuf:"varint,2,opt,name=type,proto3,enum=talos.resource.definitions.enums.BlockVolumeType" json:"type,omitempty"`
Provisioning *ProvisioningSpec `protobuf:"bytes,3,opt,name=provisioning,proto3" json:"provisioning,omitempty"`
Locator *LocatorSpec `protobuf:"bytes,4,opt,name=locator,proto3" json:"locator,omitempty"`
Mount *MountSpec `protobuf:"bytes,5,opt,name=mount,proto3" json:"mount,omitempty"`
Encryption *EncryptionSpec `protobuf:"bytes,6,opt,name=encryption,proto3" json:"encryption,omitempty"`
Symlink *SymlinkProvisioningSpec `protobuf:"bytes,7,opt,name=symlink,proto3" json:"symlink,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *VolumeConfigSpec) Reset() {
*x = VolumeConfigSpec{}
mi := &file_resource_definitions_block_block_proto_msgTypes[18]
mi := &file_resource_definitions_block_block_proto_msgTypes[19]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -1462,7 +1548,7 @@ func (x *VolumeConfigSpec) String() string {
func (*VolumeConfigSpec) ProtoMessage() {}
func (x *VolumeConfigSpec) ProtoReflect() protoreflect.Message {
mi := &file_resource_definitions_block_block_proto_msgTypes[18]
mi := &file_resource_definitions_block_block_proto_msgTypes[19]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -1475,7 +1561,7 @@ func (x *VolumeConfigSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use VolumeConfigSpec.ProtoReflect.Descriptor instead.
func (*VolumeConfigSpec) Descriptor() ([]byte, []int) {
return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{18}
return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{19}
}
func (x *VolumeConfigSpec) GetParentId() string {
@ -1520,6 +1606,13 @@ func (x *VolumeConfigSpec) GetEncryption() *EncryptionSpec {
return nil
}
func (x *VolumeConfigSpec) GetSymlink() *SymlinkProvisioningSpec {
if x != nil {
return x.Symlink
}
return nil
}
// VolumeMountRequestSpec is the spec for VolumeMountRequest.
type VolumeMountRequestSpec struct {
state protoimpl.MessageState `protogen:"open.v1"`
@ -1532,7 +1625,7 @@ type VolumeMountRequestSpec struct {
func (x *VolumeMountRequestSpec) Reset() {
*x = VolumeMountRequestSpec{}
mi := &file_resource_definitions_block_block_proto_msgTypes[19]
mi := &file_resource_definitions_block_block_proto_msgTypes[20]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -1544,7 +1637,7 @@ func (x *VolumeMountRequestSpec) String() string {
func (*VolumeMountRequestSpec) ProtoMessage() {}
func (x *VolumeMountRequestSpec) ProtoReflect() protoreflect.Message {
mi := &file_resource_definitions_block_block_proto_msgTypes[19]
mi := &file_resource_definitions_block_block_proto_msgTypes[20]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -1557,7 +1650,7 @@ func (x *VolumeMountRequestSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use VolumeMountRequestSpec.ProtoReflect.Descriptor instead.
func (*VolumeMountRequestSpec) Descriptor() ([]byte, []int) {
return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{19}
return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{20}
}
func (x *VolumeMountRequestSpec) GetVolumeId() string {
@ -1594,7 +1687,7 @@ type VolumeMountStatusSpec struct {
func (x *VolumeMountStatusSpec) Reset() {
*x = VolumeMountStatusSpec{}
mi := &file_resource_definitions_block_block_proto_msgTypes[20]
mi := &file_resource_definitions_block_block_proto_msgTypes[21]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -1606,7 +1699,7 @@ func (x *VolumeMountStatusSpec) String() string {
func (*VolumeMountStatusSpec) ProtoMessage() {}
func (x *VolumeMountStatusSpec) ProtoReflect() protoreflect.Message {
mi := &file_resource_definitions_block_block_proto_msgTypes[20]
mi := &file_resource_definitions_block_block_proto_msgTypes[21]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -1619,7 +1712,7 @@ func (x *VolumeMountStatusSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use VolumeMountStatusSpec.ProtoReflect.Descriptor instead.
func (*VolumeMountStatusSpec) Descriptor() ([]byte, []int) {
return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{20}
return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{21}
}
func (x *VolumeMountStatusSpec) GetVolumeId() string {
@ -1670,13 +1763,15 @@ type VolumeStatusSpec struct {
MountSpec *MountSpec `protobuf:"bytes,15,opt,name=mount_spec,json=mountSpec,proto3" json:"mount_spec,omitempty"`
Type enums.BlockVolumeType `protobuf:"varint,16,opt,name=type,proto3,enum=talos.resource.definitions.enums.BlockVolumeType" json:"type,omitempty"`
ConfiguredEncryptionKeys []string `protobuf:"bytes,17,rep,name=configured_encryption_keys,json=configuredEncryptionKeys,proto3" json:"configured_encryption_keys,omitempty"`
SymlinkSpec *SymlinkProvisioningSpec `protobuf:"bytes,18,opt,name=symlink_spec,json=symlinkSpec,proto3" json:"symlink_spec,omitempty"`
ParentId string `protobuf:"bytes,19,opt,name=parent_id,json=parentId,proto3" json:"parent_id,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *VolumeStatusSpec) Reset() {
*x = VolumeStatusSpec{}
mi := &file_resource_definitions_block_block_proto_msgTypes[21]
mi := &file_resource_definitions_block_block_proto_msgTypes[22]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -1688,7 +1783,7 @@ func (x *VolumeStatusSpec) String() string {
func (*VolumeStatusSpec) ProtoMessage() {}
func (x *VolumeStatusSpec) ProtoReflect() protoreflect.Message {
mi := &file_resource_definitions_block_block_proto_msgTypes[21]
mi := &file_resource_definitions_block_block_proto_msgTypes[22]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -1701,7 +1796,7 @@ func (x *VolumeStatusSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use VolumeStatusSpec.ProtoReflect.Descriptor instead.
func (*VolumeStatusSpec) Descriptor() ([]byte, []int) {
return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{21}
return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{22}
}
func (x *VolumeStatusSpec) GetPhase() enums.BlockVolumePhase {
@ -1823,6 +1918,20 @@ func (x *VolumeStatusSpec) GetConfiguredEncryptionKeys() []string {
return nil
}
func (x *VolumeStatusSpec) GetSymlinkSpec() *SymlinkProvisioningSpec {
if x != nil {
return x.SymlinkSpec
}
return nil
}
func (x *VolumeStatusSpec) GetParentId() string {
if x != nil {
return x.ParentId
}
return ""
}
var File_resource_definitions_block_block_proto protoreflect.FileDescriptor
var file_resource_definitions_block_block_proto_rawDesc = string([]byte{
@ -1995,7 +2104,7 @@ var file_resource_definitions_block_block_proto_rawDesc = string([]byte{
0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x49,
0x44, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x6f, 0x6e, 0x6c, 0x79, 0x18,
0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x22,
0xa2, 0x01, 0x0a, 0x09, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x70, 0x65, 0x63, 0x12, 0x1f, 0x0a,
0x90, 0x02, 0x0a, 0x09, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x70, 0x65, 0x63, 0x12, 0x1f, 0x0a,
0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01,
0x28, 0x09, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x12, 0x23,
0x0a, 0x0d, 0x73, 0x65, 0x6c, 0x69, 0x6e, 0x75, 0x78, 0x5f, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18,
@ -2005,182 +2114,208 @@ var file_resource_definitions_block_block_proto_rawDesc = string([]byte{
0x28, 0x08, 0x52, 0x13, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x51, 0x75, 0x6f, 0x74, 0x61,
0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e,
0x74, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x72, 0x65,
0x6e, 0x74, 0x49, 0x64, 0x22, 0xa1, 0x03, 0x0a, 0x0f, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x74,
0x61, 0x74, 0x75, 0x73, 0x53, 0x70, 0x65, 0x63, 0x12, 0x46, 0x0a, 0x04, 0x73, 0x70, 0x65, 0x63,
0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72,
0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69,
0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x52,
0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x53, 0x70, 0x65, 0x63, 0x52, 0x04, 0x73, 0x70, 0x65, 0x63,
0x12, 0x16, 0x0a, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
0x52, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72,
0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
0x12, 0x55, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x18, 0x04,
0x20, 0x01, 0x28, 0x0e, 0x32, 0x35, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73,
0x6e, 0x74, 0x49, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x6d, 0x6f, 0x64,
0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x66, 0x69, 0x6c, 0x65, 0x4d, 0x6f, 0x64,
0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x03,
0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x03,
0x52, 0x03, 0x67, 0x69, 0x64, 0x12, 0x2b, 0x0a, 0x11, 0x72, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69,
0x76, 0x65, 0x5f, 0x72, 0x65, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08,
0x52, 0x10, 0x72, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x62,
0x65, 0x6c, 0x22, 0xa1, 0x03, 0x0a, 0x0f, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74,
0x75, 0x73, 0x53, 0x70, 0x65, 0x63, 0x12, 0x46, 0x0a, 0x04, 0x73, 0x70, 0x65, 0x63, 0x18, 0x01,
0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73,
0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e,
0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x46, 0x69, 0x6c,
0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0a, 0x66, 0x69, 0x6c,
0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x61, 0x64, 0x5f,
0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64,
0x4f, 0x6e, 0x6c, 0x79, 0x12, 0x32, 0x0a, 0x15, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x5f,
0x71, 0x75, 0x6f, 0x74, 0x61, 0x5f, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x06, 0x20,
0x01, 0x28, 0x08, 0x52, 0x13, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x51, 0x75, 0x6f, 0x74,
0x61, 0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x6e, 0x0a, 0x13, 0x65, 0x6e, 0x63, 0x72,
0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18,
0x07, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3d, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65,
0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f,
0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x45, 0x6e,
0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72,
0x54, 0x79, 0x70, 0x65, 0x52, 0x12, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e,
0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x22, 0x8c, 0x01, 0x0a, 0x0d, 0x50, 0x61, 0x72,
0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x70, 0x65, 0x63, 0x12, 0x19, 0x0a, 0x08, 0x6d, 0x69,
0x6e, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x6d, 0x69,
0x6e, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x6d, 0x61, 0x78, 0x5f, 0x73, 0x69, 0x7a,
0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x6d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65,
0x12, 0x12, 0x0a, 0x04, 0x67, 0x72, 0x6f, 0x77, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04,
0x67, 0x72, 0x6f, 0x77, 0x12, 0x14, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x04, 0x20,
0x01, 0x28, 0x09, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x79,
0x70, 0x65, 0x5f, 0x75, 0x75, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74,
0x79, 0x70, 0x65, 0x55, 0x75, 0x69, 0x64, 0x22, 0xae, 0x02, 0x0a, 0x10, 0x50, 0x72, 0x6f, 0x76,
0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x53, 0x70, 0x65, 0x63, 0x12, 0x53, 0x0a, 0x0d,
0x64, 0x69, 0x73, 0x6b, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20,
0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f,
0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73,
0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x44, 0x69, 0x73, 0x6b, 0x53, 0x65, 0x6c, 0x65, 0x63,
0x74, 0x6f, 0x72, 0x52, 0x0c, 0x64, 0x69, 0x73, 0x6b, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f,
0x72, 0x12, 0x56, 0x0a, 0x0e, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73,
0x70, 0x65, 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x74, 0x61, 0x6c, 0x6f,
0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e,
0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x50, 0x61, 0x72,
0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x70, 0x65, 0x63, 0x52, 0x0d, 0x70, 0x61, 0x72, 0x74,
0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x70, 0x65, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x77, 0x61, 0x76,
0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x77, 0x61, 0x76, 0x65, 0x12, 0x59, 0x0a,
0x0f, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x73, 0x70, 0x65, 0x63,
0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72,
0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69,
0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79,
0x73, 0x74, 0x65, 0x6d, 0x53, 0x70, 0x65, 0x63, 0x52, 0x0e, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79,
0x73, 0x74, 0x65, 0x6d, 0x53, 0x70, 0x65, 0x63, 0x22, 0x23, 0x0a, 0x0b, 0x53, 0x79, 0x6d, 0x6c,
0x69, 0x6e, 0x6b, 0x53, 0x70, 0x65, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x61, 0x74, 0x68, 0x73,
0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x70, 0x61, 0x74, 0x68, 0x73, 0x22, 0x44, 0x0a,
0x0e, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x44, 0x69, 0x73, 0x6b, 0x53, 0x70, 0x65, 0x63, 0x12,
0x17, 0x0a, 0x07, 0x64, 0x69, 0x73, 0x6b, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
0x52, 0x06, 0x64, 0x69, 0x73, 0x6b, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x64, 0x65, 0x76, 0x5f,
0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x64, 0x65, 0x76, 0x50,
0x61, 0x74, 0x68, 0x22, 0x4d, 0x0a, 0x18, 0x55, 0x73, 0x65, 0x72, 0x44, 0x69, 0x73, 0x6b, 0x43,
0x6f, 0x6e, 0x66, 0x69, 0x67, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x53, 0x70, 0x65, 0x63, 0x12,
0x14, 0x0a, 0x05, 0x72, 0x65, 0x61, 0x64, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x05,
0x72, 0x65, 0x61, 0x64, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x6f, 0x72, 0x6e, 0x5f, 0x64, 0x6f,
0x77, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x6f, 0x72, 0x6e, 0x44, 0x6f,
0x77, 0x6e, 0x22, 0xac, 0x03, 0x0a, 0x10, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x43, 0x6f, 0x6e,
0x66, 0x69, 0x67, 0x53, 0x70, 0x65, 0x63, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e,
0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x72, 0x65,
0x6e, 0x74, 0x49, 0x64, 0x12, 0x45, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01,
0x28, 0x0e, 0x32, 0x31, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75,
0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x71,
0x75, 0x65, 0x73, 0x74, 0x53, 0x70, 0x65, 0x63, 0x52, 0x04, 0x73, 0x70, 0x65, 0x63, 0x12, 0x16,
0x0a, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06,
0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x55,
0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x18, 0x04, 0x20, 0x01,
0x28, 0x0e, 0x32, 0x35, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75,
0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e,
0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d,
0x65, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x56, 0x0a, 0x0c, 0x70,
0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28,
0x0b, 0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72,
0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62,
0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e,
0x67, 0x53, 0x70, 0x65, 0x63, 0x52, 0x0c, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e,
0x69, 0x6e, 0x67, 0x12, 0x47, 0x0a, 0x07, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, 0x18, 0x04,
0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73,
0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e,
0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, 0x53,
0x70, 0x65, 0x63, 0x52, 0x07, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, 0x12, 0x41, 0x0a, 0x05,
0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x74, 0x61,
0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66,
0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4d,
0x6f, 0x75, 0x6e, 0x74, 0x53, 0x70, 0x65, 0x63, 0x52, 0x05, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x12,
0x50, 0x0a, 0x0a, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x06, 0x20,
0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f,
0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73,
0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f,
0x6e, 0x53, 0x70, 0x65, 0x63, 0x52, 0x0a, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f,
0x6e, 0x22, 0x70, 0x0a, 0x16, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f, 0x75, 0x6e, 0x74,
0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x53, 0x70, 0x65, 0x63, 0x12, 0x1b, 0x0a, 0x09, 0x76,
0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x49, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x72, 0x65, 0x71, 0x75,
0x65, 0x73, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x72, 0x65, 0x71,
0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x6f,
0x6e, 0x6c, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f,
0x6e, 0x6c, 0x79, 0x22, 0x87, 0x01, 0x0a, 0x15, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f,
0x75, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x53, 0x70, 0x65, 0x63, 0x12, 0x1b, 0x0a,
0x09, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
0x52, 0x08, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x49, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x72, 0x65,
0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x72,
0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x74, 0x61, 0x72, 0x67,
0x65, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74,
0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x04, 0x20,
0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x22, 0xb0, 0x07,
0x0a, 0x10, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x53, 0x70,
0x65, 0x63, 0x12, 0x48, 0x0a, 0x05, 0x70, 0x68, 0x61, 0x73, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
0x0e, 0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72,
0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65,
0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65,
0x50, 0x68, 0x61, 0x73, 0x65, 0x52, 0x05, 0x70, 0x68, 0x61, 0x73, 0x65, 0x12, 0x1a, 0x0a, 0x08,
0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x65, 0x72, 0x72, 0x6f,
0x72, 0x5f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
0x0c, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x12, 0x0a,
0x04, 0x75, 0x75, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x75, 0x75, 0x69,
0x64, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x75,
0x75, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x70, 0x61, 0x72, 0x74, 0x69,
0x74, 0x69, 0x6f, 0x6e, 0x55, 0x75, 0x69, 0x64, 0x12, 0x58, 0x0a, 0x0e, 0x70, 0x72, 0x65, 0x5f,
0x66, 0x61, 0x69, 0x6c, 0x5f, 0x70, 0x68, 0x61, 0x73, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e,
0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e,
0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x50,
0x68, 0x61, 0x73, 0x65, 0x52, 0x0c, 0x70, 0x72, 0x65, 0x46, 0x61, 0x69, 0x6c, 0x50, 0x68, 0x61,
0x73, 0x65, 0x12, 0x27, 0x0a, 0x0f, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x6c, 0x6f, 0x63,
0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x70, 0x61, 0x72,
0x65, 0x6e, 0x74, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x27, 0x0a, 0x0f, 0x70,
0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x08,
0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x49,
0x6e, 0x64, 0x65, 0x78, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x09, 0x20, 0x01,
0x28, 0x04, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x12, 0x55, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65,
0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x35, 0x2e, 0x74,
0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65,
0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e,
0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x54,
0x79, 0x70, 0x65, 0x52, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x12,
0x25, 0x0a, 0x0e, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x4c, 0x6f,
0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x6e, 0x0a, 0x13, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70,
0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 0x0c, 0x20,
0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x46, 0x69, 0x6c, 0x65, 0x73,
0x79, 0x73, 0x74, 0x65, 0x6d, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x73,
0x79, 0x73, 0x74, 0x65, 0x6d, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x6f, 0x6e,
0x6c, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e,
0x6c, 0x79, 0x12, 0x32, 0x0a, 0x15, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x71, 0x75,
0x6f, 0x74, 0x61, 0x5f, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28,
0x08, 0x52, 0x13, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x51, 0x75, 0x6f, 0x74, 0x61, 0x53,
0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x6e, 0x0a, 0x13, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70,
0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 0x07, 0x20,
0x01, 0x28, 0x0e, 0x32, 0x3d, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f,
0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73,
0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x45, 0x6e, 0x63, 0x72,
0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x54, 0x79,
0x70, 0x65, 0x52, 0x12, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72,
0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x72, 0x65, 0x74, 0x74, 0x79,
0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x72, 0x65,
0x74, 0x74, 0x79, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x36, 0x0a, 0x17, 0x65, 0x6e, 0x63, 0x72, 0x79,
0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x65, 0x64, 0x5f, 0x73, 0x79, 0x6e,
0x63, 0x73, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x09, 0x52, 0x15, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70,
0x74, 0x69, 0x6f, 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x65, 0x64, 0x53, 0x79, 0x6e, 0x63, 0x73, 0x12,
0x4a, 0x0a, 0x0a, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x73, 0x70, 0x65, 0x63, 0x18, 0x0f, 0x20,
0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f,
0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x22, 0x8c, 0x01, 0x0a, 0x0d, 0x50, 0x61, 0x72, 0x74, 0x69,
0x74, 0x69, 0x6f, 0x6e, 0x53, 0x70, 0x65, 0x63, 0x12, 0x19, 0x0a, 0x08, 0x6d, 0x69, 0x6e, 0x5f,
0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x6d, 0x69, 0x6e, 0x53,
0x69, 0x7a, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x6d, 0x61, 0x78, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18,
0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x6d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x12,
0x0a, 0x04, 0x67, 0x72, 0x6f, 0x77, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x67, 0x72,
0x6f, 0x77, 0x12, 0x14, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28,
0x09, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x79, 0x70, 0x65,
0x5f, 0x75, 0x75, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, 0x79, 0x70,
0x65, 0x55, 0x75, 0x69, 0x64, 0x22, 0xae, 0x02, 0x0a, 0x10, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73,
0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x53, 0x70, 0x65, 0x63, 0x12, 0x53, 0x0a, 0x0d, 0x64, 0x69,
0x73, 0x6b, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28,
0x0b, 0x32, 0x2e, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72,
0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62,
0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x44, 0x69, 0x73, 0x6b, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f,
0x72, 0x52, 0x0c, 0x64, 0x69, 0x73, 0x6b, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12,
0x56, 0x0a, 0x0e, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x70, 0x65,
0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e,
0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74,
0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x50, 0x61, 0x72, 0x74, 0x69,
0x74, 0x69, 0x6f, 0x6e, 0x53, 0x70, 0x65, 0x63, 0x52, 0x0d, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74,
0x69, 0x6f, 0x6e, 0x53, 0x70, 0x65, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x77, 0x61, 0x76, 0x65, 0x18,
0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x77, 0x61, 0x76, 0x65, 0x12, 0x59, 0x0a, 0x0f, 0x66,
0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x73, 0x70, 0x65, 0x63, 0x18, 0x04,
0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73,
0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e,
0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74,
0x65, 0x6d, 0x53, 0x70, 0x65, 0x63, 0x52, 0x0e, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74,
0x65, 0x6d, 0x53, 0x70, 0x65, 0x63, 0x22, 0x5f, 0x0a, 0x17, 0x53, 0x79, 0x6d, 0x6c, 0x69, 0x6e,
0x6b, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x53, 0x70, 0x65,
0x63, 0x12, 0x2e, 0x0a, 0x13, 0x73, 0x79, 0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x74, 0x61, 0x72,
0x67, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11,
0x73, 0x79, 0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x61, 0x74,
0x68, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08,
0x52, 0x05, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x22, 0x23, 0x0a, 0x0b, 0x53, 0x79, 0x6d, 0x6c, 0x69,
0x6e, 0x6b, 0x53, 0x70, 0x65, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x61, 0x74, 0x68, 0x73, 0x18,
0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x70, 0x61, 0x74, 0x68, 0x73, 0x22, 0x44, 0x0a, 0x0e,
0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x44, 0x69, 0x73, 0x6b, 0x53, 0x70, 0x65, 0x63, 0x12, 0x17,
0x0a, 0x07, 0x64, 0x69, 0x73, 0x6b, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
0x06, 0x64, 0x69, 0x73, 0x6b, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x64, 0x65, 0x76, 0x5f, 0x70,
0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x64, 0x65, 0x76, 0x50, 0x61,
0x74, 0x68, 0x22, 0x4d, 0x0a, 0x18, 0x55, 0x73, 0x65, 0x72, 0x44, 0x69, 0x73, 0x6b, 0x43, 0x6f,
0x6e, 0x66, 0x69, 0x67, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x53, 0x70, 0x65, 0x63, 0x12, 0x14,
0x0a, 0x05, 0x72, 0x65, 0x61, 0x64, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x05, 0x72,
0x65, 0x61, 0x64, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x6f, 0x72, 0x6e, 0x5f, 0x64, 0x6f, 0x77,
0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x6f, 0x72, 0x6e, 0x44, 0x6f, 0x77,
0x6e, 0x22, 0x81, 0x04, 0x0a, 0x10, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x43, 0x6f, 0x6e, 0x66,
0x69, 0x67, 0x53, 0x70, 0x65, 0x63, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74,
0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x72, 0x65, 0x6e,
0x74, 0x49, 0x64, 0x12, 0x45, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
0x0e, 0x32, 0x31, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72,
0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65,
0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65,
0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x56, 0x0a, 0x0c, 0x70, 0x72,
0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b,
0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c,
0x6f, 0x63, 0x6b, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67,
0x53, 0x70, 0x65, 0x63, 0x52, 0x0c, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69,
0x6e, 0x67, 0x12, 0x47, 0x0a, 0x07, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, 0x18, 0x04, 0x20,
0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f,
0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73,
0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x70, 0x65, 0x63,
0x52, 0x09, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x70, 0x65, 0x63, 0x12, 0x45, 0x0a, 0x04, 0x74,
0x79, 0x70, 0x65, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x31, 0x2e, 0x74, 0x61, 0x6c, 0x6f,
0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e,
0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f,
0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79,
0x70, 0x65, 0x12, 0x3c, 0x0a, 0x1a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x65, 0x64,
0x5f, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6b, 0x65, 0x79, 0x73,
0x18, 0x11, 0x20, 0x03, 0x28, 0x09, 0x52, 0x18, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72,
0x65, 0x64, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x73,
0x42, 0x74, 0x0a, 0x28, 0x64, 0x65, 0x76, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x61, 0x70,
0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e,
0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x5a, 0x48, 0x67, 0x69,
0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x64, 0x65, 0x72, 0x6f, 0x6c,
0x61, 0x62, 0x73, 0x2f, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x6d, 0x61,
0x63, 0x68, 0x69, 0x6e, 0x65, 0x72, 0x79, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f,
0x75, 0x72, 0x63, 0x65, 0x2f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73,
0x2f, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, 0x53, 0x70,
0x65, 0x63, 0x52, 0x07, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, 0x12, 0x41, 0x0a, 0x05, 0x6d,
0x6f, 0x75, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x74, 0x61, 0x6c,
0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69,
0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4d, 0x6f,
0x75, 0x6e, 0x74, 0x53, 0x70, 0x65, 0x63, 0x52, 0x05, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x50,
0x0a, 0x0a, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x01,
0x28, 0x0b, 0x32, 0x30, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75,
0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e,
0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e,
0x53, 0x70, 0x65, 0x63, 0x52, 0x0a, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e,
0x12, 0x53, 0x0a, 0x07, 0x73, 0x79, 0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x18, 0x07, 0x20, 0x01, 0x28,
0x0b, 0x32, 0x39, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72,
0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62,
0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x53, 0x79, 0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x50, 0x72, 0x6f, 0x76,
0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x53, 0x70, 0x65, 0x63, 0x52, 0x07, 0x73, 0x79,
0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x22, 0x70, 0x0a, 0x16, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d,
0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x53, 0x70, 0x65, 0x63, 0x12,
0x1b, 0x0a, 0x09, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01,
0x28, 0x09, 0x52, 0x08, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x49, 0x64, 0x12, 0x1c, 0x0a, 0x09,
0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
0x09, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65,
0x61, 0x64, 0x5f, 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72,
0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x22, 0x87, 0x01, 0x0a, 0x15, 0x56, 0x6f, 0x6c, 0x75,
0x6d, 0x65, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x53, 0x70, 0x65,
0x63, 0x12, 0x1b, 0x0a, 0x09, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01,
0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x49, 0x64, 0x12, 0x1c,
0x0a, 0x09, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28,
0x09, 0x52, 0x09, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06,
0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x74, 0x61,
0x72, 0x67, 0x65, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x6f, 0x6e, 0x6c,
0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c,
0x79, 0x22, 0xab, 0x08, 0x0a, 0x10, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x53, 0x74, 0x61, 0x74,
0x75, 0x73, 0x53, 0x70, 0x65, 0x63, 0x12, 0x48, 0x0a, 0x05, 0x70, 0x68, 0x61, 0x73, 0x65, 0x18,
0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65,
0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f,
0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f,
0x6c, 0x75, 0x6d, 0x65, 0x50, 0x68, 0x61, 0x73, 0x65, 0x52, 0x05, 0x70, 0x68, 0x61, 0x73, 0x65,
0x12, 0x1a, 0x0a, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01,
0x28, 0x09, 0x52, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d,
0x65, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x03, 0x20,
0x01, 0x28, 0x09, 0x52, 0x0c, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67,
0x65, 0x12, 0x12, 0x0a, 0x04, 0x75, 0x75, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
0x04, 0x75, 0x75, 0x69, 0x64, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69,
0x6f, 0x6e, 0x5f, 0x75, 0x75, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x70,
0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x75, 0x69, 0x64, 0x12, 0x58, 0x0a, 0x0e,
0x70, 0x72, 0x65, 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x5f, 0x70, 0x68, 0x61, 0x73, 0x65, 0x18, 0x06,
0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73,
0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e,
0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c,
0x75, 0x6d, 0x65, 0x50, 0x68, 0x61, 0x73, 0x65, 0x52, 0x0c, 0x70, 0x72, 0x65, 0x46, 0x61, 0x69,
0x6c, 0x50, 0x68, 0x61, 0x73, 0x65, 0x12, 0x27, 0x0a, 0x0f, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74,
0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52,
0x0e, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12,
0x27, 0x0a, 0x0f, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x6e, 0x64,
0x65, 0x78, 0x18, 0x08, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74,
0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65,
0x18, 0x09, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x12, 0x55, 0x0a, 0x0a,
0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0e,
0x32, 0x35, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e,
0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73,
0x74, 0x65, 0x6d, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73,
0x74, 0x65, 0x6d, 0x12, 0x25, 0x0a, 0x0e, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x6c, 0x6f, 0x63,
0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6d, 0x6f, 0x75,
0x6e, 0x74, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x6e, 0x0a, 0x13, 0x65, 0x6e,
0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65,
0x72, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3d, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e,
0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74,
0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b,
0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64,
0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x52, 0x12, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69,
0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x72,
0x65, 0x74, 0x74, 0x79, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52,
0x0a, 0x70, 0x72, 0x65, 0x74, 0x74, 0x79, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x36, 0x0a, 0x17, 0x65,
0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x65, 0x64,
0x5f, 0x73, 0x79, 0x6e, 0x63, 0x73, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x09, 0x52, 0x15, 0x65, 0x6e,
0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x65, 0x64, 0x53, 0x79,
0x6e, 0x63, 0x73, 0x12, 0x4a, 0x0a, 0x0a, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x73, 0x70, 0x65,
0x63, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e,
0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74,
0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4d, 0x6f, 0x75, 0x6e, 0x74,
0x53, 0x70, 0x65, 0x63, 0x52, 0x09, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x70, 0x65, 0x63, 0x12,
0x45, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x31, 0x2e,
0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64,
0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73,
0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65,
0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x3c, 0x0a, 0x1a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
0x75, 0x72, 0x65, 0x64, 0x5f, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f,
0x6b, 0x65, 0x79, 0x73, 0x18, 0x11, 0x20, 0x03, 0x28, 0x09, 0x52, 0x18, 0x63, 0x6f, 0x6e, 0x66,
0x69, 0x67, 0x75, 0x72, 0x65, 0x64, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e,
0x4b, 0x65, 0x79, 0x73, 0x12, 0x5c, 0x0a, 0x0c, 0x73, 0x79, 0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x5f,
0x73, 0x70, 0x65, 0x63, 0x18, 0x12, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x74, 0x61, 0x6c,
0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69,
0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x53, 0x79,
0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e,
0x67, 0x53, 0x70, 0x65, 0x63, 0x52, 0x0b, 0x73, 0x79, 0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x53, 0x70,
0x65, 0x63, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18,
0x13, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x42,
0x74, 0x0a, 0x28, 0x64, 0x65, 0x76, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x61, 0x70, 0x69,
0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69,
0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x5a, 0x48, 0x67, 0x69, 0x74,
0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x64, 0x65, 0x72, 0x6f, 0x6c, 0x61,
0x62, 0x73, 0x2f, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x6d, 0x61, 0x63,
0x68, 0x69, 0x6e, 0x65, 0x72, 0x79, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75,
0x72, 0x63, 0x65, 0x2f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f,
0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
})
var (
@ -2195,7 +2330,7 @@ func file_resource_definitions_block_block_proto_rawDescGZIP() []byte {
return file_resource_definitions_block_block_proto_rawDescData
}
var file_resource_definitions_block_block_proto_msgTypes = make([]protoimpl.MessageInfo, 22)
var file_resource_definitions_block_block_proto_msgTypes = make([]protoimpl.MessageInfo, 23)
var file_resource_definitions_block_block_proto_goTypes = []any{
(*DeviceSpec)(nil), // 0: talos.resource.definitions.block.DeviceSpec
(*DiscoveredVolumeSpec)(nil), // 1: talos.resource.definitions.block.DiscoveredVolumeSpec
@ -2212,49 +2347,52 @@ var file_resource_definitions_block_block_proto_goTypes = []any{
(*MountStatusSpec)(nil), // 12: talos.resource.definitions.block.MountStatusSpec
(*PartitionSpec)(nil), // 13: talos.resource.definitions.block.PartitionSpec
(*ProvisioningSpec)(nil), // 14: talos.resource.definitions.block.ProvisioningSpec
(*SymlinkSpec)(nil), // 15: talos.resource.definitions.block.SymlinkSpec
(*SystemDiskSpec)(nil), // 16: talos.resource.definitions.block.SystemDiskSpec
(*UserDiskConfigStatusSpec)(nil), // 17: talos.resource.definitions.block.UserDiskConfigStatusSpec
(*VolumeConfigSpec)(nil), // 18: talos.resource.definitions.block.VolumeConfigSpec
(*VolumeMountRequestSpec)(nil), // 19: talos.resource.definitions.block.VolumeMountRequestSpec
(*VolumeMountStatusSpec)(nil), // 20: talos.resource.definitions.block.VolumeMountStatusSpec
(*VolumeStatusSpec)(nil), // 21: talos.resource.definitions.block.VolumeStatusSpec
(*v1alpha1.CheckedExpr)(nil), // 22: google.api.expr.v1alpha1.CheckedExpr
(enums.BlockEncryptionKeyType)(0), // 23: talos.resource.definitions.enums.BlockEncryptionKeyType
(enums.BlockEncryptionProviderType)(0), // 24: talos.resource.definitions.enums.BlockEncryptionProviderType
(enums.BlockFilesystemType)(0), // 25: talos.resource.definitions.enums.BlockFilesystemType
(enums.BlockVolumeType)(0), // 26: talos.resource.definitions.enums.BlockVolumeType
(enums.BlockVolumePhase)(0), // 27: talos.resource.definitions.enums.BlockVolumePhase
(*SymlinkProvisioningSpec)(nil), // 15: talos.resource.definitions.block.SymlinkProvisioningSpec
(*SymlinkSpec)(nil), // 16: talos.resource.definitions.block.SymlinkSpec
(*SystemDiskSpec)(nil), // 17: talos.resource.definitions.block.SystemDiskSpec
(*UserDiskConfigStatusSpec)(nil), // 18: talos.resource.definitions.block.UserDiskConfigStatusSpec
(*VolumeConfigSpec)(nil), // 19: talos.resource.definitions.block.VolumeConfigSpec
(*VolumeMountRequestSpec)(nil), // 20: talos.resource.definitions.block.VolumeMountRequestSpec
(*VolumeMountStatusSpec)(nil), // 21: talos.resource.definitions.block.VolumeMountStatusSpec
(*VolumeStatusSpec)(nil), // 22: talos.resource.definitions.block.VolumeStatusSpec
(*v1alpha1.CheckedExpr)(nil), // 23: google.api.expr.v1alpha1.CheckedExpr
(enums.BlockEncryptionKeyType)(0), // 24: talos.resource.definitions.enums.BlockEncryptionKeyType
(enums.BlockEncryptionProviderType)(0), // 25: talos.resource.definitions.enums.BlockEncryptionProviderType
(enums.BlockFilesystemType)(0), // 26: talos.resource.definitions.enums.BlockFilesystemType
(enums.BlockVolumeType)(0), // 27: talos.resource.definitions.enums.BlockVolumeType
(enums.BlockVolumePhase)(0), // 28: talos.resource.definitions.enums.BlockVolumePhase
}
var file_resource_definitions_block_block_proto_depIdxs = []int32{
22, // 0: talos.resource.definitions.block.DiskSelector.match:type_name -> google.api.expr.v1alpha1.CheckedExpr
23, // 1: talos.resource.definitions.block.EncryptionKey.type:type_name -> talos.resource.definitions.enums.BlockEncryptionKeyType
24, // 2: talos.resource.definitions.block.EncryptionSpec.provider:type_name -> talos.resource.definitions.enums.BlockEncryptionProviderType
23, // 0: talos.resource.definitions.block.DiskSelector.match:type_name -> google.api.expr.v1alpha1.CheckedExpr
24, // 1: talos.resource.definitions.block.EncryptionKey.type:type_name -> talos.resource.definitions.enums.BlockEncryptionKeyType
25, // 2: talos.resource.definitions.block.EncryptionSpec.provider:type_name -> talos.resource.definitions.enums.BlockEncryptionProviderType
6, // 3: talos.resource.definitions.block.EncryptionSpec.keys:type_name -> talos.resource.definitions.block.EncryptionKey
25, // 4: talos.resource.definitions.block.FilesystemSpec.type:type_name -> talos.resource.definitions.enums.BlockFilesystemType
22, // 5: talos.resource.definitions.block.LocatorSpec.match:type_name -> google.api.expr.v1alpha1.CheckedExpr
26, // 4: talos.resource.definitions.block.FilesystemSpec.type:type_name -> talos.resource.definitions.enums.BlockFilesystemType
23, // 5: talos.resource.definitions.block.LocatorSpec.match:type_name -> google.api.expr.v1alpha1.CheckedExpr
10, // 6: talos.resource.definitions.block.MountStatusSpec.spec:type_name -> talos.resource.definitions.block.MountRequestSpec
25, // 7: talos.resource.definitions.block.MountStatusSpec.filesystem:type_name -> talos.resource.definitions.enums.BlockFilesystemType
24, // 8: talos.resource.definitions.block.MountStatusSpec.encryption_provider:type_name -> talos.resource.definitions.enums.BlockEncryptionProviderType
26, // 7: talos.resource.definitions.block.MountStatusSpec.filesystem:type_name -> talos.resource.definitions.enums.BlockFilesystemType
25, // 8: talos.resource.definitions.block.MountStatusSpec.encryption_provider:type_name -> talos.resource.definitions.enums.BlockEncryptionProviderType
4, // 9: talos.resource.definitions.block.ProvisioningSpec.disk_selector:type_name -> talos.resource.definitions.block.DiskSelector
13, // 10: talos.resource.definitions.block.ProvisioningSpec.partition_spec:type_name -> talos.resource.definitions.block.PartitionSpec
8, // 11: talos.resource.definitions.block.ProvisioningSpec.filesystem_spec:type_name -> talos.resource.definitions.block.FilesystemSpec
26, // 12: talos.resource.definitions.block.VolumeConfigSpec.type:type_name -> talos.resource.definitions.enums.BlockVolumeType
27, // 12: talos.resource.definitions.block.VolumeConfigSpec.type:type_name -> talos.resource.definitions.enums.BlockVolumeType
14, // 13: talos.resource.definitions.block.VolumeConfigSpec.provisioning:type_name -> talos.resource.definitions.block.ProvisioningSpec
9, // 14: talos.resource.definitions.block.VolumeConfigSpec.locator:type_name -> talos.resource.definitions.block.LocatorSpec
11, // 15: talos.resource.definitions.block.VolumeConfigSpec.mount:type_name -> talos.resource.definitions.block.MountSpec
7, // 16: talos.resource.definitions.block.VolumeConfigSpec.encryption:type_name -> talos.resource.definitions.block.EncryptionSpec
27, // 17: talos.resource.definitions.block.VolumeStatusSpec.phase:type_name -> talos.resource.definitions.enums.BlockVolumePhase
27, // 18: talos.resource.definitions.block.VolumeStatusSpec.pre_fail_phase:type_name -> talos.resource.definitions.enums.BlockVolumePhase
25, // 19: talos.resource.definitions.block.VolumeStatusSpec.filesystem:type_name -> talos.resource.definitions.enums.BlockFilesystemType
24, // 20: talos.resource.definitions.block.VolumeStatusSpec.encryption_provider:type_name -> talos.resource.definitions.enums.BlockEncryptionProviderType
11, // 21: talos.resource.definitions.block.VolumeStatusSpec.mount_spec:type_name -> talos.resource.definitions.block.MountSpec
26, // 22: talos.resource.definitions.block.VolumeStatusSpec.type:type_name -> talos.resource.definitions.enums.BlockVolumeType
23, // [23:23] is the sub-list for method output_type
23, // [23:23] is the sub-list for method input_type
23, // [23:23] is the sub-list for extension type_name
23, // [23:23] is the sub-list for extension extendee
0, // [0:23] is the sub-list for field type_name
15, // 17: talos.resource.definitions.block.VolumeConfigSpec.symlink:type_name -> talos.resource.definitions.block.SymlinkProvisioningSpec
28, // 18: talos.resource.definitions.block.VolumeStatusSpec.phase:type_name -> talos.resource.definitions.enums.BlockVolumePhase
28, // 19: talos.resource.definitions.block.VolumeStatusSpec.pre_fail_phase:type_name -> talos.resource.definitions.enums.BlockVolumePhase
26, // 20: talos.resource.definitions.block.VolumeStatusSpec.filesystem:type_name -> talos.resource.definitions.enums.BlockFilesystemType
25, // 21: talos.resource.definitions.block.VolumeStatusSpec.encryption_provider:type_name -> talos.resource.definitions.enums.BlockEncryptionProviderType
11, // 22: talos.resource.definitions.block.VolumeStatusSpec.mount_spec:type_name -> talos.resource.definitions.block.MountSpec
27, // 23: talos.resource.definitions.block.VolumeStatusSpec.type:type_name -> talos.resource.definitions.enums.BlockVolumeType
15, // 24: talos.resource.definitions.block.VolumeStatusSpec.symlink_spec:type_name -> talos.resource.definitions.block.SymlinkProvisioningSpec
25, // [25:25] is the sub-list for method output_type
25, // [25:25] is the sub-list for method input_type
25, // [25:25] is the sub-list for extension type_name
25, // [25:25] is the sub-list for extension extendee
0, // [0:25] is the sub-list for field type_name
}
func init() { file_resource_definitions_block_block_proto_init() }
@ -2268,7 +2406,7 @@ func file_resource_definitions_block_block_proto_init() {
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: unsafe.Slice(unsafe.StringData(file_resource_definitions_block_block_proto_rawDesc), len(file_resource_definitions_block_block_proto_rawDesc)),
NumEnums: 0,
NumMessages: 22,
NumMessages: 23,
NumExtensions: 0,
NumServices: 0,
},

431
pkg/machinery/api/resource/definitions/block/block_vtproto.pb.go
View File

@ -924,6 +924,31 @@ func (m *MountSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) {
i -= len(m.unknownFields)
copy(dAtA[i:], m.unknownFields)
}
if m.RecursiveRelabel {
i--
if m.RecursiveRelabel {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x40
}
if m.Gid != 0 {
i = protohelpers.EncodeVarint(dAtA, i, uint64(m.Gid))
i--
dAtA[i] = 0x38
}
if m.Uid != 0 {
i = protohelpers.EncodeVarint(dAtA, i, uint64(m.Uid))
i--
dAtA[i] = 0x30
}
if m.FileMode != 0 {
i = protohelpers.EncodeVarint(dAtA, i, uint64(m.FileMode))
i--
dAtA[i] = 0x28
}
if len(m.ParentId) > 0 {
i -= len(m.ParentId)
copy(dAtA[i:], m.ParentId)
@ -1180,6 +1205,56 @@ func (m *ProvisioningSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) {
return len(dAtA) - i, nil
}
func (m *SymlinkProvisioningSpec) MarshalVT() (dAtA []byte, err error) {
if m == nil {
return nil, nil
}
size := m.SizeVT()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBufferVT(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SymlinkProvisioningSpec) MarshalToVT(dAtA []byte) (int, error) {
size := m.SizeVT()
return m.MarshalToSizedBufferVT(dAtA[:size])
}
func (m *SymlinkProvisioningSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) {
if m == nil {
return 0, nil
}
i := len(dAtA)
_ = i
var l int
_ = l
if m.unknownFields != nil {
i -= len(m.unknownFields)
copy(dAtA[i:], m.unknownFields)
}
if m.Force {
i--
if m.Force {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x10
}
if len(m.SymlinkTargetPath) > 0 {
i -= len(m.SymlinkTargetPath)
copy(dAtA[i:], m.SymlinkTargetPath)
i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.SymlinkTargetPath)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SymlinkSpec) MarshalVT() (dAtA []byte, err error) {
if m == nil {
return nil, nil
@ -1352,6 +1427,16 @@ func (m *VolumeConfigSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) {
i -= len(m.unknownFields)
copy(dAtA[i:], m.unknownFields)
}
if m.Symlink != nil {
size, err := m.Symlink.MarshalToSizedBufferVT(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = protohelpers.EncodeVarint(dAtA, i, uint64(size))
i--
dAtA[i] = 0x3a
}
if m.Encryption != nil {
size, err := m.Encryption.MarshalToSizedBufferVT(dAtA[:i])
if err != nil {
@ -1558,6 +1643,27 @@ func (m *VolumeStatusSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) {
i -= len(m.unknownFields)
copy(dAtA[i:], m.unknownFields)
}
if len(m.ParentId) > 0 {
i -= len(m.ParentId)
copy(dAtA[i:], m.ParentId)
i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.ParentId)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x9a
}
if m.SymlinkSpec != nil {
size, err := m.SymlinkSpec.MarshalToSizedBufferVT(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = protohelpers.EncodeVarint(dAtA, i, uint64(size))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x92
}
if len(m.ConfiguredEncryptionKeys) > 0 {
for iNdEx := len(m.ConfiguredEncryptionKeys) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.ConfiguredEncryptionKeys[iNdEx])
@ -2079,6 +2185,18 @@ func (m *MountSpec) SizeVT() (n int) {
if l > 0 {
n += 1 + l + protohelpers.SizeOfVarint(uint64(l))
}
if m.FileMode != 0 {
n += 1 + protohelpers.SizeOfVarint(uint64(m.FileMode))
}
if m.Uid != 0 {
n += 1 + protohelpers.SizeOfVarint(uint64(m.Uid))
}
if m.Gid != 0 {
n += 1 + protohelpers.SizeOfVarint(uint64(m.Gid))
}
if m.RecursiveRelabel {
n += 2
}
n += len(m.unknownFields)
return n
}
@ -2169,6 +2287,23 @@ func (m *ProvisioningSpec) SizeVT() (n int) {
return n
}
func (m *SymlinkProvisioningSpec) SizeVT() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.SymlinkTargetPath)
if l > 0 {
n += 1 + l + protohelpers.SizeOfVarint(uint64(l))
}
if m.Force {
n += 2
}
n += len(m.unknownFields)
return n
}
func (m *SymlinkSpec) SizeVT() (n int) {
if m == nil {
return 0
@ -2248,6 +2383,10 @@ func (m *VolumeConfigSpec) SizeVT() (n int) {
l = m.Encryption.SizeVT()
n += 1 + l + protohelpers.SizeOfVarint(uint64(l))
}
if m.Symlink != nil {
l = m.Symlink.SizeVT()
n += 1 + l + protohelpers.SizeOfVarint(uint64(l))
}
n += len(m.unknownFields)
return n
}
@ -2369,6 +2508,14 @@ func (m *VolumeStatusSpec) SizeVT() (n int) {
n += 2 + l + protohelpers.SizeOfVarint(uint64(l))
}
}
if m.SymlinkSpec != nil {
l = m.SymlinkSpec.SizeVT()
n += 2 + l + protohelpers.SizeOfVarint(uint64(l))
}
l = len(m.ParentId)
if l > 0 {
n += 2 + l + protohelpers.SizeOfVarint(uint64(l))
}
n += len(m.unknownFields)
return n
}
@ -4937,6 +5084,83 @@ func (m *MountSpec) UnmarshalVT(dAtA []byte) error {
}
m.ParentId = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 5:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field FileMode", wireType)
}
m.FileMode = 0
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return protohelpers.ErrIntOverflow
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
m.FileMode |= uint32(b&0x7F) << shift
if b < 0x80 {
break
}
}
case 6:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field Uid", wireType)
}
m.Uid = 0
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return protohelpers.ErrIntOverflow
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
m.Uid |= int64(b&0x7F) << shift
if b < 0x80 {
break
}
}
case 7:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field Gid", wireType)
}
m.Gid = 0
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return protohelpers.ErrIntOverflow
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
m.Gid |= int64(b&0x7F) << shift
if b < 0x80 {
break
}
}
case 8:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field RecursiveRelabel", wireType)
}
var v int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return protohelpers.ErrIntOverflow
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
v |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
m.RecursiveRelabel = bool(v != 0)
default:
iNdEx = preIndex
skippy, err := protohelpers.Skip(dAtA[iNdEx:])
@ -5539,6 +5763,109 @@ func (m *ProvisioningSpec) UnmarshalVT(dAtA []byte) error {
}
return nil
}
func (m *SymlinkProvisioningSpec) UnmarshalVT(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return protohelpers.ErrIntOverflow
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: SymlinkProvisioningSpec: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: SymlinkProvisioningSpec: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field SymlinkTargetPath", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return protohelpers.ErrIntOverflow
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return protohelpers.ErrInvalidLength
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return protohelpers.ErrInvalidLength
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.SymlinkTargetPath = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 2:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field Force", wireType)
}
var v int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return protohelpers.ErrIntOverflow
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
v |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
m.Force = bool(v != 0)
default:
iNdEx = preIndex
skippy, err := protohelpers.Skip(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return protohelpers.ErrInvalidLength
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.unknownFields = append(m.unknownFields, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *SymlinkSpec) UnmarshalVT(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
@ -6052,6 +6379,42 @@ func (m *VolumeConfigSpec) UnmarshalVT(dAtA []byte) error {
return err
}
iNdEx = postIndex
case 7:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Symlink", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return protohelpers.ErrIntOverflow
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return protohelpers.ErrInvalidLength
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return protohelpers.ErrInvalidLength
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.Symlink == nil {
m.Symlink = &SymlinkProvisioningSpec{}
}
if err := m.Symlink.UnmarshalVT(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := protohelpers.Skip(dAtA[iNdEx:])
@ -6862,6 +7225,74 @@ func (m *VolumeStatusSpec) UnmarshalVT(dAtA []byte) error {
}
m.ConfiguredEncryptionKeys = append(m.ConfiguredEncryptionKeys, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
case 18:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field SymlinkSpec", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return protohelpers.ErrIntOverflow
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return protohelpers.ErrInvalidLength
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return protohelpers.ErrInvalidLength
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.SymlinkSpec == nil {
m.SymlinkSpec = &SymlinkProvisioningSpec{}
}
if err := m.SymlinkSpec.UnmarshalVT(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 19:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field ParentId", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return protohelpers.ErrIntOverflow
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return protohelpers.ErrInvalidLength
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return protohelpers.ErrInvalidLength
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.ParentId = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := protohelpers.Skip(dAtA[iNdEx:])

167
pkg/machinery/api/resource/definitions/enums/enums.pb.go
View File

@ -2108,6 +2108,8 @@ const (
BlockVolumeType_VOLUME_TYPE_DISK BlockVolumeType = 1
BlockVolumeType_VOLUME_TYPE_TMPFS BlockVolumeType = 2
BlockVolumeType_VOLUME_TYPE_DIRECTORY BlockVolumeType = 3
BlockVolumeType_VOLUME_TYPE_SYMLINK BlockVolumeType = 4
BlockVolumeType_VOLUME_TYPE_OVERLAY BlockVolumeType = 5
)
// Enum value maps for BlockVolumeType.
@ -2117,12 +2119,16 @@ var (
1: "VOLUME_TYPE_DISK",
2: "VOLUME_TYPE_TMPFS",
3: "VOLUME_TYPE_DIRECTORY",
4: "VOLUME_TYPE_SYMLINK",
5: "VOLUME_TYPE_OVERLAY",
}
BlockVolumeType_value = map[string]int32{
"VOLUME_TYPE_PARTITION": 0,
"VOLUME_TYPE_DISK": 1,
"VOLUME_TYPE_TMPFS": 2,
"VOLUME_TYPE_DIRECTORY": 3,
"VOLUME_TYPE_SYMLINK": 4,
"VOLUME_TYPE_OVERLAY": 5,
}
)
@ -2941,87 +2947,90 @@ var file_resource_definitions_enums_enums_proto_rawDesc = string([]byte{
0x50, 0x52, 0x45, 0x50, 0x41, 0x52, 0x45, 0x44, 0x10, 0x05, 0x12, 0x16, 0x0a, 0x12, 0x56, 0x4f,
0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x50, 0x48, 0x41, 0x53, 0x45, 0x5f, 0x52, 0x45, 0x41, 0x44, 0x59,
0x10, 0x06, 0x12, 0x17, 0x0a, 0x13, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x50, 0x48, 0x41,
0x53, 0x45, 0x5f, 0x43, 0x4c, 0x4f, 0x53, 0x45, 0x44, 0x10, 0x07, 0x2a, 0x74, 0x0a, 0x0f, 0x42,
0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x19,
0x0a, 0x15, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x50, 0x41,
0x52, 0x54, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x56, 0x4f, 0x4c,
0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x49, 0x53, 0x4b, 0x10, 0x01, 0x12,
0x15, 0x0a, 0x11, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x54,
0x4d, 0x50, 0x46, 0x53, 0x10, 0x02, 0x12, 0x19, 0x0a, 0x15, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45,
0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x4f, 0x52, 0x59, 0x10,
0x03, 0x2a, 0x96, 0x01, 0x0a, 0x13, 0x43, 0x72, 0x69, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x43, 0x61,
0x63, 0x68, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x1e, 0x0a, 0x1a, 0x49, 0x4d, 0x41,
0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f,
0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x1f, 0x0a, 0x1b, 0x49, 0x4d, 0x41,
0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f,
0x44, 0x49, 0x53, 0x41, 0x42, 0x4c, 0x45, 0x44, 0x10, 0x01, 0x12, 0x20, 0x0a, 0x1c, 0x49, 0x4d,
0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53,
0x5f, 0x50, 0x52, 0x45, 0x50, 0x41, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, 0x1c, 0x0a, 0x18,
0x53, 0x45, 0x5f, 0x43, 0x4c, 0x4f, 0x53, 0x45, 0x44, 0x10, 0x07, 0x2a, 0xa6, 0x01, 0x0a, 0x0f,
0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12,
0x19, 0x0a, 0x15, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x50,
0x41, 0x52, 0x54, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x56, 0x4f,
0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x49, 0x53, 0x4b, 0x10, 0x01,
0x12, 0x15, 0x0a, 0x11, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f,
0x54, 0x4d, 0x50, 0x46, 0x53, 0x10, 0x02, 0x12, 0x19, 0x0a, 0x15, 0x56, 0x4f, 0x4c, 0x55, 0x4d,
0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x4f, 0x52, 0x59,
0x10, 0x03, 0x12, 0x17, 0x0a, 0x13, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50,
0x45, 0x5f, 0x53, 0x59, 0x4d, 0x4c, 0x49, 0x4e, 0x4b, 0x10, 0x04, 0x12, 0x17, 0x0a, 0x13, 0x56,
0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4f, 0x56, 0x45, 0x52, 0x4c,
0x41, 0x59, 0x10, 0x05, 0x2a, 0x96, 0x01, 0x0a, 0x13, 0x43, 0x72, 0x69, 0x49, 0x6d, 0x61, 0x67,
0x65, 0x43, 0x61, 0x63, 0x68, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x1e, 0x0a, 0x1a,
0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54,
0x55, 0x53, 0x5f, 0x52, 0x45, 0x41, 0x44, 0x59, 0x10, 0x03, 0x2a, 0xab, 0x01, 0x0a, 0x17, 0x43,
0x72, 0x69, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x70, 0x79,
0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x23, 0x0a, 0x1f, 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f,
0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x43, 0x4f, 0x50, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55,
0x53, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x23, 0x0a, 0x1f, 0x49,
0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x43, 0x4f, 0x50, 0x59, 0x5f,
0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x53, 0x4b, 0x49, 0x50, 0x50, 0x45, 0x44, 0x10, 0x01,
0x12, 0x23, 0x0a, 0x1f, 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f,
0x43, 0x4f, 0x50, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x50, 0x45, 0x4e, 0x44,
0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, 0x21, 0x0a, 0x1d, 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43,
0x41, 0x43, 0x48, 0x45, 0x5f, 0x43, 0x4f, 0x50, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53,
0x5f, 0x52, 0x45, 0x41, 0x44, 0x59, 0x10, 0x03, 0x2a, 0x53, 0x0a, 0x11, 0x4b, 0x75, 0x62, 0x65,
0x73, 0x70, 0x61, 0x6e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x16, 0x0a,
0x12, 0x50, 0x45, 0x45, 0x52, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x55, 0x4e, 0x4b, 0x4e,
0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x50, 0x45, 0x45, 0x52, 0x5f, 0x53, 0x54,
0x41, 0x54, 0x45, 0x5f, 0x55, 0x50, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x45, 0x45, 0x52,
0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x44, 0x4f, 0x57, 0x4e, 0x10, 0x02, 0x2a, 0x88, 0x01,
0x0a, 0x12, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4c,
0x61, 0x79, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x0e, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x44,
0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x43, 0x4f, 0x4e, 0x46,
0x49, 0x47, 0x5f, 0x43, 0x4d, 0x44, 0x4c, 0x49, 0x4e, 0x45, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f,
0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x50, 0x4c, 0x41, 0x54, 0x46, 0x4f, 0x52, 0x4d, 0x10,
0x02, 0x12, 0x13, 0x0a, 0x0f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x4f, 0x50, 0x45, 0x52,
0x41, 0x54, 0x4f, 0x52, 0x10, 0x03, 0x12, 0x20, 0x0a, 0x1c, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47,
0x5f, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x55,
0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x04, 0x2a, 0x4b, 0x0a, 0x0f, 0x4e, 0x65, 0x74, 0x77,
0x6f, 0x72, 0x6b, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x12, 0x12, 0x0a, 0x0e, 0x4f,
0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x44, 0x48, 0x43, 0x50, 0x34, 0x10, 0x00, 0x12,
0x12, 0x0a, 0x0e, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x44, 0x48, 0x43, 0x50,
0x36, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f,
0x56, 0x49, 0x50, 0x10, 0x02, 0x2a, 0x9b, 0x02, 0x0a, 0x13, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d,
0x65, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x53, 0x74, 0x61, 0x67, 0x65, 0x12, 0x19, 0x0a,
0x15, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x55,
0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x4d, 0x41, 0x43, 0x48,
0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x42, 0x4f, 0x4f, 0x54, 0x49, 0x4e,
0x47, 0x10, 0x01, 0x12, 0x1c, 0x0a, 0x18, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53,
0x54, 0x41, 0x47, 0x45, 0x5f, 0x49, 0x4e, 0x53, 0x54, 0x41, 0x4c, 0x4c, 0x49, 0x4e, 0x47, 0x10,
0x02, 0x12, 0x1d, 0x0a, 0x19, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41,
0x47, 0x45, 0x5f, 0x4d, 0x41, 0x49, 0x4e, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x43, 0x45, 0x10, 0x03,
0x55, 0x53, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x1f, 0x0a, 0x1b,
0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54,
0x55, 0x53, 0x5f, 0x44, 0x49, 0x53, 0x41, 0x42, 0x4c, 0x45, 0x44, 0x10, 0x01, 0x12, 0x20, 0x0a,
0x1c, 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x53, 0x54, 0x41,
0x54, 0x55, 0x53, 0x5f, 0x50, 0x52, 0x45, 0x50, 0x41, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12,
0x1c, 0x0a, 0x18, 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x53,
0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x52, 0x45, 0x41, 0x44, 0x59, 0x10, 0x03, 0x2a, 0xab, 0x01,
0x0a, 0x17, 0x43, 0x72, 0x69, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43,
0x6f, 0x70, 0x79, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x23, 0x0a, 0x1f, 0x49, 0x4d, 0x41,
0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x43, 0x4f, 0x50, 0x59, 0x5f, 0x53, 0x54,
0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x23,
0x0a, 0x1f, 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x43, 0x4f,
0x50, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x53, 0x4b, 0x49, 0x50, 0x50, 0x45,
0x44, 0x10, 0x01, 0x12, 0x23, 0x0a, 0x1f, 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43,
0x48, 0x45, 0x5f, 0x43, 0x4f, 0x50, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x50,
0x45, 0x4e, 0x44, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, 0x21, 0x0a, 0x1d, 0x49, 0x4d, 0x41, 0x47,
0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x43, 0x4f, 0x50, 0x59, 0x5f, 0x53, 0x54, 0x41,
0x54, 0x55, 0x53, 0x5f, 0x52, 0x45, 0x41, 0x44, 0x59, 0x10, 0x03, 0x2a, 0x53, 0x0a, 0x11, 0x4b,
0x75, 0x62, 0x65, 0x73, 0x70, 0x61, 0x6e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65,
0x12, 0x16, 0x0a, 0x12, 0x50, 0x45, 0x45, 0x52, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x55,
0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x50, 0x45, 0x45, 0x52,
0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x55, 0x50, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50,
0x45, 0x45, 0x52, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x44, 0x4f, 0x57, 0x4e, 0x10, 0x02,
0x2a, 0x88, 0x01, 0x0a, 0x12, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x43, 0x6f, 0x6e, 0x66,
0x69, 0x67, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x0e, 0x43, 0x4f, 0x4e, 0x46, 0x49,
0x47, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x43,
0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x43, 0x4d, 0x44, 0x4c, 0x49, 0x4e, 0x45, 0x10, 0x01, 0x12,
0x13, 0x0a, 0x0f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x50, 0x4c, 0x41, 0x54, 0x46, 0x4f,
0x52, 0x4d, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x4f,
0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x10, 0x03, 0x12, 0x20, 0x0a, 0x1c, 0x43, 0x4f, 0x4e,
0x46, 0x49, 0x47, 0x5f, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x43, 0x4f, 0x4e, 0x46,
0x49, 0x47, 0x55, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x04, 0x2a, 0x4b, 0x0a, 0x0f, 0x4e,
0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x12, 0x12,
0x0a, 0x0e, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x44, 0x48, 0x43, 0x50, 0x34,
0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x44,
0x48, 0x43, 0x50, 0x36, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54,
0x4f, 0x52, 0x5f, 0x56, 0x49, 0x50, 0x10, 0x02, 0x2a, 0x9b, 0x02, 0x0a, 0x13, 0x52, 0x75, 0x6e,
0x74, 0x69, 0x6d, 0x65, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x53, 0x74, 0x61, 0x67, 0x65,
0x12, 0x19, 0x0a, 0x15, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47,
0x45, 0x5f, 0x52, 0x55, 0x4e, 0x4e, 0x49, 0x4e, 0x47, 0x10, 0x04, 0x12, 0x1b, 0x0a, 0x17, 0x4d,
0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x52, 0x45, 0x42,
0x4f, 0x4f, 0x54, 0x49, 0x4e, 0x47, 0x10, 0x05, 0x12, 0x1f, 0x0a, 0x1b, 0x4d, 0x41, 0x43, 0x48,
0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x53, 0x48, 0x55, 0x54, 0x54, 0x49,
0x4e, 0x47, 0x5f, 0x44, 0x4f, 0x57, 0x4e, 0x10, 0x06, 0x12, 0x1b, 0x0a, 0x17, 0x4d, 0x41, 0x43,
0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x52, 0x45, 0x53, 0x45, 0x54,
0x54, 0x49, 0x4e, 0x47, 0x10, 0x07, 0x12, 0x1b, 0x0a, 0x17, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e,
0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x55, 0x50, 0x47, 0x52, 0x41, 0x44, 0x49, 0x4e,
0x47, 0x10, 0x08, 0x2a, 0x6f, 0x0a, 0x13, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x53, 0x45,
0x4c, 0x69, 0x6e, 0x75, 0x78, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x1b, 0x0a, 0x17, 0x53, 0x45,
0x5f, 0x4c, 0x49, 0x4e, 0x55, 0x58, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x44, 0x49, 0x53,
0x41, 0x42, 0x4c, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x53, 0x45, 0x5f, 0x4c, 0x49,
0x4e, 0x55, 0x58, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x50, 0x45, 0x52, 0x4d, 0x49, 0x53,
0x53, 0x49, 0x56, 0x45, 0x10, 0x01, 0x12, 0x1c, 0x0a, 0x18, 0x53, 0x45, 0x5f, 0x4c, 0x49, 0x4e,
0x55, 0x58, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x45, 0x4e, 0x46, 0x4f, 0x52, 0x43, 0x49,
0x4e, 0x47, 0x10, 0x02, 0x42, 0x74, 0x0a, 0x28, 0x64, 0x65, 0x76, 0x2e, 0x74, 0x61, 0x6c, 0x6f,
0x73, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64,
0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73,
0x5a, 0x48, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x64,
0x65, 0x72, 0x6f, 0x6c, 0x61, 0x62, 0x73, 0x2f, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2f, 0x70, 0x6b,
0x67, 0x2f, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x72, 0x79, 0x2f, 0x61, 0x70, 0x69, 0x2f,
0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74,
0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
0x6f, 0x33,
0x45, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x4d,
0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x42, 0x4f, 0x4f,
0x54, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x1c, 0x0a, 0x18, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e,
0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x49, 0x4e, 0x53, 0x54, 0x41, 0x4c, 0x4c, 0x49,
0x4e, 0x47, 0x10, 0x02, 0x12, 0x1d, 0x0a, 0x19, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f,
0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x4d, 0x41, 0x49, 0x4e, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x43,
0x45, 0x10, 0x03, 0x12, 0x19, 0x0a, 0x15, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53,
0x54, 0x41, 0x47, 0x45, 0x5f, 0x52, 0x55, 0x4e, 0x4e, 0x49, 0x4e, 0x47, 0x10, 0x04, 0x12, 0x1b,
0x0a, 0x17, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f,
0x52, 0x45, 0x42, 0x4f, 0x4f, 0x54, 0x49, 0x4e, 0x47, 0x10, 0x05, 0x12, 0x1f, 0x0a, 0x1b, 0x4d,
0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x53, 0x48, 0x55,
0x54, 0x54, 0x49, 0x4e, 0x47, 0x5f, 0x44, 0x4f, 0x57, 0x4e, 0x10, 0x06, 0x12, 0x1b, 0x0a, 0x17,
0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x52, 0x45,
0x53, 0x45, 0x54, 0x54, 0x49, 0x4e, 0x47, 0x10, 0x07, 0x12, 0x1b, 0x0a, 0x17, 0x4d, 0x41, 0x43,
0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x55, 0x50, 0x47, 0x52, 0x41,
0x44, 0x49, 0x4e, 0x47, 0x10, 0x08, 0x2a, 0x6f, 0x0a, 0x13, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d,
0x65, 0x53, 0x45, 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x1b, 0x0a,
0x17, 0x53, 0x45, 0x5f, 0x4c, 0x49, 0x4e, 0x55, 0x58, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f,
0x44, 0x49, 0x53, 0x41, 0x42, 0x4c, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x53, 0x45,
0x5f, 0x4c, 0x49, 0x4e, 0x55, 0x58, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x50, 0x45, 0x52,
0x4d, 0x49, 0x53, 0x53, 0x49, 0x56, 0x45, 0x10, 0x01, 0x12, 0x1c, 0x0a, 0x18, 0x53, 0x45, 0x5f,
0x4c, 0x49, 0x4e, 0x55, 0x58, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x45, 0x4e, 0x46, 0x4f,
0x52, 0x43, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x42, 0x74, 0x0a, 0x28, 0x64, 0x65, 0x76, 0x2e, 0x74,
0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e,
0x75, 0x6d, 0x73, 0x5a, 0x48, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
0x73, 0x69, 0x64, 0x65, 0x72, 0x6f, 0x6c, 0x61, 0x62, 0x73, 0x2f, 0x74, 0x61, 0x6c, 0x6f, 0x73,
0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x72, 0x79, 0x2f, 0x61,
0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x64, 0x65, 0x66, 0x69,
0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x62, 0x06, 0x70,
0x72, 0x6f, 0x74, 0x6f, 0x33,
})
var (

3
pkg/machinery/constants/constants.go
View File

@ -477,6 +477,9 @@ const (
// EtcdDataPath is the path where etcd stores its' data.
EtcdDataPath = "/var/lib/etcd"
// EtcdDataVolumeID is the ID of the etcd data volume.
EtcdDataVolumeID = "ETCD"
// EtcdDataSELinuxLabel is the SELinux label for the etcd data directory.
EtcdDataSELinuxLabel = "system_u:object_r:etcd_data_t:s0"

2
pkg/machinery/gendata/data/pkgs
View File

@ -1 +1 @@
v1.10.0-alpha.0-69-g665f782
v1.10.0-alpha.0-72-g7d7323b

23
pkg/machinery/resources/block/volume_config.go
View File

@ -5,6 +5,8 @@
package block
import (
"os"
"github.com/cosi-project/runtime/pkg/resource"
"github.com/cosi-project/runtime/pkg/resource/meta"
"github.com/cosi-project/runtime/pkg/resource/protobuf"
@ -41,6 +43,9 @@ type VolumeConfigSpec struct {
// Mount options for the volume.
Mount MountSpec `yaml:"mount,omitempty" protobuf:"5"`
// Symlink options for the volume.
Symlink SymlinkProvisioningSpec `yaml:"symlink,omitempty" protobuf:"7"`
}
// Wave constants.
@ -154,6 +159,24 @@ type MountSpec struct {
ProjectQuotaSupport bool `yaml:"projectQuotaSupport" protobuf:"3"`
// Parent mount request ID.
ParentID string `yaml:"parentId,omitempty" protobuf:"4"`
// FileMode is the file mode for the mount target.
FileMode os.FileMode `yaml:"fileMode,omitempty" protobuf:"5"`
// UID is the user ID for the mount target.
UID int `yaml:"uid,omitempty" protobuf:"6"`
// GID is the group ID for the mount target.
GID int `yaml:"gid,omitempty" protobuf:"7"`
// RecursiveRelabel is the recursive relabel/chown flag for the mount target.
RecursiveRelabel bool `yaml:"recursiveRelabel,omitempty" protobuf:"8"`
}
// SymlinkProvisioningSpec is the spec for volume symlink.
//
//gotagsrewrite:gen
type SymlinkProvisioningSpec struct {
// Symlink target path for the volume.
SymlinkTargetPath string `yaml:"symlinkTargetPath" protobuf:"1"`
// Force symlink creation.
Force bool `yaml:"force" protobuf:"2"`
}
// NewVolumeConfig initializes a BlockVolumeConfig resource.

6
pkg/machinery/resources/block/volume_status.go
View File

@ -27,7 +27,8 @@ type VolumeStatusSpec struct {
Phase VolumePhase `yaml:"phase" protobuf:"1"`
PreFailPhase VolumePhase `yaml:"preFailPhase,omitempty" protobuf:"6"`
Type VolumeType `yaml:"type" protobuf:"16"`
Type VolumeType `yaml:"type" protobuf:"16"`
ParentID string `yaml:"parentID,omitempty" protobuf:"19"`
// Location is the path to the block device (raw).
Location string `yaml:"location,omitempty" protobuf:"2"`
@ -56,6 +57,9 @@ type VolumeStatusSpec struct {
// MountSpec is the mount specification.
MountSpec MountSpec `yaml:"mountSpec,omitempty" protobuf:"15"`
// Symlink is the symlink specification.
SymlinkSpec SymlinkProvisioningSpec `yaml:"symlink,omitempty" protobuf:"18"`
ErrorMessage string `yaml:"errorMessage,omitempty" protobuf:"3"`
}

2
pkg/machinery/resources/block/volumetype.go
View File

@ -15,4 +15,6 @@ const (
VolumeTypeDisk // disk
VolumeTypeTmpfs // tmpfs
VolumeTypeDirectory // directory
VolumeTypeSymlink // symlink
VolumeTypeOverlay // overlay
)

16
pkg/machinery/resources/block/volumetype_enumer.go
View File

@ -7,11 +7,11 @@ import (
"strings"
)
const _VolumeTypeName = "partitiondisktmpfsdirectory"
const _VolumeTypeName = "partitiondisktmpfsdirectorysymlinkoverlay"
var _VolumeTypeIndex = [...]uint8{0, 9, 13, 18, 27}
var _VolumeTypeIndex = [...]uint8{0, 9, 13, 18, 27, 34, 41}
const _VolumeTypeLowerName = "partitiondisktmpfsdirectory"
const _VolumeTypeLowerName = "partitiondisktmpfsdirectorysymlinkoverlay"
func (i VolumeType) String() string {
if i < 0 || i >= VolumeType(len(_VolumeTypeIndex)-1) {
@ -28,9 +28,11 @@ func _VolumeTypeNoOp() {
_ = x[VolumeTypeDisk-(1)]
_ = x[VolumeTypeTmpfs-(2)]
_ = x[VolumeTypeDirectory-(3)]
_ = x[VolumeTypeSymlink-(4)]
_ = x[VolumeTypeOverlay-(5)]
}
var _VolumeTypeValues = []VolumeType{VolumeTypePartition, VolumeTypeDisk, VolumeTypeTmpfs, VolumeTypeDirectory}
var _VolumeTypeValues = []VolumeType{VolumeTypePartition, VolumeTypeDisk, VolumeTypeTmpfs, VolumeTypeDirectory, VolumeTypeSymlink, VolumeTypeOverlay}
var _VolumeTypeNameToValueMap = map[string]VolumeType{
_VolumeTypeName[0:9]: VolumeTypePartition,
@ -41,6 +43,10 @@ var _VolumeTypeNameToValueMap = map[string]VolumeType{
_VolumeTypeLowerName[13:18]: VolumeTypeTmpfs,
_VolumeTypeName[18:27]: VolumeTypeDirectory,
_VolumeTypeLowerName[18:27]: VolumeTypeDirectory,
_VolumeTypeName[27:34]: VolumeTypeSymlink,
_VolumeTypeLowerName[27:34]: VolumeTypeSymlink,
_VolumeTypeName[34:41]: VolumeTypeOverlay,
_VolumeTypeLowerName[34:41]: VolumeTypeOverlay,
}
var _VolumeTypeNames = []string{
@ -48,6 +54,8 @@ var _VolumeTypeNames = []string{
_VolumeTypeName[9:13],
_VolumeTypeName[13:18],
_VolumeTypeName[18:27],
_VolumeTypeName[27:34],
_VolumeTypeName[34:41],
}
// VolumeTypeString retrieves an enum value from the enum constants string name.

26
website/content/v1.10/reference/api.md
View File

@ -42,6 +42,7 @@ description: Talos gRPC API reference.
- [MountStatusSpec](#talos.resource.definitions.block.MountStatusSpec)
- [PartitionSpec](#talos.resource.definitions.block.PartitionSpec)
- [ProvisioningSpec](#talos.resource.definitions.block.ProvisioningSpec)
- [SymlinkProvisioningSpec](#talos.resource.definitions.block.SymlinkProvisioningSpec)
- [SymlinkSpec](#talos.resource.definitions.block.SymlinkSpec)
- [SystemDiskSpec](#talos.resource.definitions.block.SystemDiskSpec)
- [UserDiskConfigStatusSpec](#talos.resource.definitions.block.UserDiskConfigStatusSpec)
@ -1058,6 +1059,10 @@ MountSpec is the spec for volume mount.
| selinux_label | [string](#string) | | |
| project_quota_support | [bool](#bool) | | |
| parent_id | [string](#string) | | |
| file_mode | [uint32](#uint32) | | |
| uid | [int64](#int64) | | |
| gid | [int64](#int64) | | |
| recursive_relabel | [bool](#bool) | | |
@ -1122,6 +1127,22 @@ ProvisioningSpec is the spec for volume provisioning.
<a name="talos.resource.definitions.block.SymlinkProvisioningSpec"></a>
### SymlinkProvisioningSpec
SymlinkProvisioningSpec is the spec for volume symlink.
| Field | Type | Label | Description |
| ----- | ---- | ----- | ----------- |
| symlink_target_path | [string](#string) | | |
| force | [bool](#bool) | | |
<a name="talos.resource.definitions.block.SymlinkSpec"></a>
### SymlinkSpec
@ -1183,6 +1204,7 @@ VolumeConfigSpec is the spec for VolumeConfig resource.
| locator | [LocatorSpec](#talos.resource.definitions.block.LocatorSpec) | | |
| mount | [MountSpec](#talos.resource.definitions.block.MountSpec) | | |
| encryption | [EncryptionSpec](#talos.resource.definitions.block.EncryptionSpec) | | |
| symlink | [SymlinkProvisioningSpec](#talos.resource.definitions.block.SymlinkProvisioningSpec) | | |
@ -1249,6 +1271,8 @@ VolumeStatusSpec is the spec for VolumeStatus resource.
| mount_spec | [MountSpec](#talos.resource.definitions.block.MountSpec) | | |
| type | [talos.resource.definitions.enums.BlockVolumeType](#talos.resource.definitions.enums.BlockVolumeType) | | |
| configured_encryption_keys | [string](#string) | repeated | |
| symlink_spec | [SymlinkProvisioningSpec](#talos.resource.definitions.block.SymlinkProvisioningSpec) | | |
| parent_id | [string](#string) | | |
@ -1654,6 +1678,8 @@ BlockVolumeType describes volume type.
| VOLUME_TYPE_DISK | 1 | |
| VOLUME_TYPE_TMPFS | 2 | |
| VOLUME_TYPE_DIRECTORY | 3 | |
| VOLUME_TYPE_SYMLINK | 4 | |
| VOLUME_TYPE_OVERLAY | 5 | |