diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index eb3138ddd..475a44b64 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2026-05-07T05:09:26Z by kres 1762ab2.
+# Generated on 2026-05-07T16:29:03Z by kres 1762ab2.
concurrency:
group: ${{ github.head_ref || github.run_id }}
@@ -3303,6 +3303,8 @@ jobs:
withConfigPatch: '@hack/test/patches/node-address-v2.yaml'
- test: e2e-tpm1_2
withTpm12: "true"
+ - test: e2e-dns-over-tls
+ withConfigPatch: '@hack/test/patches/dns-over-tls.yaml'
fail-fast: false
max-parallel: 2
needs:
diff --git a/.github/workflows/integration-misc-2-triggered.yaml b/.github/workflows/integration-misc-2-triggered.yaml
index a073489cf..5238ccee0 100644
--- a/.github/workflows/integration-misc-2-triggered.yaml
+++ b/.github/workflows/integration-misc-2-triggered.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2026-04-27T17:59:00Z by kres e4dc583.
+# Generated on 2026-05-07T16:29:03Z by kres 1762ab2.
concurrency:
group: ${{ github.head_ref || github.run_id }}
@@ -46,6 +46,8 @@ jobs:
withConfigPatch: '@hack/test/patches/node-address-v2.yaml'
- test: e2e-tpm1_2
withTpm12: "true"
+ - test: e2e-dns-over-tls
+ withConfigPatch: '@hack/test/patches/dns-over-tls.yaml'
fail-fast: false
max-parallel: 2
steps:
diff --git a/.kres.yaml b/.kres.yaml
index 183eb696c..b51b203d7 100644
--- a/.kres.yaml
+++ b/.kres.yaml
@@ -1066,6 +1066,8 @@ spec:
withConfigPatch: "@hack/test/patches/node-address-v2.yaml"
- test: e2e-tpm1_2
withTpm12: "true"
+ - test: e2e-dns-over-tls
+ withConfigPatch: "@hack/test/patches/dns-over-tls.yaml"
steps:
- name: download-artifacts
artifactStep:
diff --git a/api/resource/definitions/enums/enums.proto b/api/resource/definitions/enums/enums.proto
index af73bf243..f6723b3d8 100755
--- a/api/resource/definitions/enums/enums.proto
+++ b/api/resource/definitions/enums/enums.proto
@@ -143,6 +143,12 @@ enum NethelpersConntrackState {
CONNTRACK_STATE_INVALID = 1;
}
+// NethelpersDNSProtocol is a kind of DNS protocol.
+enum NethelpersDNSProtocol {
+ DNS_PROTOCOL_DEFAULT = 0;
+ DNS_PROTOCOL_DNS_OVER_TLS = 1;
+}
+
// NethelpersDuplex wraps ethtool.Duplex for YAML marshaling.
enum NethelpersDuplex {
HALF = 0;
diff --git a/api/resource/definitions/network/network.proto b/api/resource/definitions/network/network.proto
index c06808858..2b450b1ae 100755
--- a/api/resource/definitions/network/network.proto
+++ b/api/resource/definitions/network/network.proto
@@ -362,6 +362,13 @@ message LinkStatusSpec {
VRFMasterSpec vrf_master = 33;
}
+// NameServerSpec describes a single DNS nameserver with additional configuration.
+message NameServerSpec {
+ common.NetIP addr = 1;
+ talos.resource.definitions.enums.NethelpersDNSProtocol protocol = 2;
+ string tls_server_name = 3;
+}
+
// NfTablesAddressMatch describes the match on the IP address.
message NfTablesAddressMatch {
repeated common.NetIPPrefix include_subnets = 1;
@@ -529,15 +536,25 @@ message ProbeStatusSpec {
// ResolverSpecSpec describes DNS resolvers.
message ResolverSpecSpec {
+ // DNSServers is a flat list of DNS server IP addresses.
+ //
+ // Deprecated: This field is deprecated in favor of NameServers which contain more information.
repeated common.NetIP dns_servers = 1;
talos.resource.definitions.enums.NetworkConfigLayer config_layer = 2;
repeated string search_domains = 3;
+ // NameServers is a list of DNS servers with additional configuration.
+ repeated NameServerSpec name_servers = 4;
}
// ResolverStatusSpec describes DNS resolvers.
message ResolverStatusSpec {
+ // DNSServers is a flat list of DNS server IP addresses.
+ //
+ // Deprecated: This field is deprecated in favor of NameServers which contain more information.
repeated common.NetIP dns_servers = 1;
repeated string search_domains = 2;
+ // NameServers is a list of DNS servers with additional configuration.
+ repeated NameServerSpec name_servers = 4;
}
// RouteSpecSpec describes the route.
diff --git a/hack/release.toml b/hack/release.toml
index d08590699..f3323e5e9 100644
--- a/hack/release.toml
+++ b/hack/release.toml
@@ -99,6 +99,14 @@ mount:
> NOTE: Setting `secure: false` will also disable `nosuid` and `nodev`, which may have security implications. Use with caution.
Upgrade note: apply this `VolumeConfig` patch *before* upgrading, otherwise affected workloads will fail after the next reboot. Longhorn v2 (SPDK data engine) runs the data plane inside the instance manager process and is not affected.
+"""
+
+ [notes.DoT]
+ title = "DNS over TLS (DoT) Support"
+ description = """\
+Talos now supports DNS over TLS (DoT) for secure DNS resolution.
+This feature allows Talos to encrypt DNS queries and responses, enhancing privacy and security for DNS traffic.
+The DNS protocol can be configured on a per-name server basis in the `ResolverConfig` document, allowing for flexible configuration of DNS resolution.
"""
[make_deps]
diff --git a/hack/test/patches/dns-over-tls.yaml b/hack/test/patches/dns-over-tls.yaml
new file mode 100644
index 000000000..33daed7d6
--- /dev/null
+++ b/hack/test/patches/dns-over-tls.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1alpha1
+kind: ResolverConfig
+nameservers:
+ - address: 1.1.1.1
+ protocol: DoT
+ tlsServerName: cloudflare-dns.com
+ - address: 8.8.8.8
+ protocol: DoT
+ tlsServerName: dns.google
diff --git a/internal/app/machined/pkg/controllers/network/dns_resolve_cache_test.go b/internal/app/machined/pkg/controllers/network/dns_resolve_cache_test.go
index 61677a17a..812c474d5 100644
--- a/internal/app/machined/pkg/controllers/network/dns_resolve_cache_test.go
+++ b/internal/app/machined/pkg/controllers/network/dns_resolve_cache_test.go
@@ -27,6 +27,7 @@ import (
"github.com/siderolabs/talos/internal/app/machined/pkg/controllers/ctest"
netctrl "github.com/siderolabs/talos/internal/app/machined/pkg/controllers/network"
"github.com/siderolabs/talos/pkg/machinery/config/machine"
+ "github.com/siderolabs/talos/pkg/machinery/nethelpers"
"github.com/siderolabs/talos/pkg/machinery/resources/cluster"
"github.com/siderolabs/talos/pkg/machinery/resources/network"
)
@@ -43,8 +44,29 @@ func expectedDNSRunners(port string) []resource.ID {
}
}
-func (suite *DNSServer) TestResolving() {
- dnsSlice := []string{"8.8.8.8", "1.1.1.1"}
+func (suite *DNSServer) TestResolvingDo53() {
+ suite.testResolving([]network.NameServerSpec{
+ {Addr: netip.MustParseAddr("8.8.8.8")},
+ {Addr: netip.MustParseAddr("1.1.1.1")},
+ })
+}
+
+func (suite *DNSServer) TestResolvingDoT() {
+ suite.testResolving([]network.NameServerSpec{
+ {
+ Addr: netip.MustParseAddr("8.8.8.8"),
+ Protocol: nethelpers.DNSProtocolDNSOverTLS,
+ TLSServerName: "dns.google",
+ },
+ {
+ Addr: netip.MustParseAddr("1.1.1.1"),
+ Protocol: nethelpers.DNSProtocolDNSOverTLS,
+ TLSServerName: "cloudflare-dns.com",
+ },
+ })
+}
+
+func (suite *DNSServer) testResolving(nameservers []network.NameServerSpec) {
port := getDynamicPort(suite.T())
cfg := network.NewHostDNSConfig(network.HostDNSConfigID)
@@ -54,7 +76,7 @@ func (suite *DNSServer) TestResolving() {
suite.Require().NoError(suite.State().Create(suite.Ctx(), cfg))
resolverSpec := network.NewResolverStatus(network.NamespaceName, network.ResolverID)
- resolverSpec.TypedSpec().DNSServers = xslices.Map(dnsSlice, netip.MustParseAddr)
+ resolverSpec.TypedSpec().NameServers = nameservers
suite.Require().NoError(suite.State().Create(suite.Ctx(), resolverSpec))
@@ -66,7 +88,7 @@ func (suite *DNSServer) TestResolving() {
},
)
- rtestutils.AssertLength[*network.DNSUpstream](suite.Ctx(), suite.T(), suite.State(), len(dnsSlice))
+ rtestutils.AssertLength[*network.DNSUpstream](suite.Ctx(), suite.T(), suite.State(), len(nameservers))
msg := &dns.Msg{
MsgHdr: dns.MsgHdr{
@@ -107,7 +129,9 @@ func (suite *DNSServer) TestSetupStartStop() {
port := getDynamicPort(suite.T())
resolverSpec := network.NewResolverStatus(network.NamespaceName, network.ResolverID)
- resolverSpec.TypedSpec().DNSServers = xslices.Map(dnsSlice, netip.MustParseAddr)
+ resolverSpec.TypedSpec().NameServers = xslices.Map(dnsSlice, func(addr string) network.NameServerSpec {
+ return network.NameServerSpec{Addr: netip.MustParseAddr(addr)}
+ })
suite.Require().NoError(suite.State().Create(suite.Ctx(), resolverSpec))
@@ -311,7 +335,9 @@ func (suite *DNSUpstreams) TestOrder() {
{"192.168.0.1"},
} {
if !suite.Run(strings.Join(addrs, ","), func() {
- resolverSpec.TypedSpec().DNSServers = xslices.Map(addrs, netip.MustParseAddr)
+ resolverSpec.TypedSpec().NameServers = xslices.Map(addrs, func(addr string) network.NameServerSpec {
+ return network.NameServerSpec{Addr: netip.MustParseAddr(addr)}
+ })
switch i {
case 0:
diff --git a/internal/app/machined/pkg/controllers/network/dns_upstream.go b/internal/app/machined/pkg/controllers/network/dns_upstream.go
index e992a6f9c..57baf051f 100644
--- a/internal/app/machined/pkg/controllers/network/dns_upstream.go
+++ b/internal/app/machined/pkg/controllers/network/dns_upstream.go
@@ -6,10 +6,12 @@ package network
import (
"context"
+ "crypto/tls"
"fmt"
"net"
"github.com/coredns/coredns/plugin/pkg/proxy"
+ "github.com/coredns/coredns/plugin/pkg/transport"
"github.com/cosi-project/runtime/pkg/controller"
"github.com/cosi-project/runtime/pkg/resource"
"github.com/cosi-project/runtime/pkg/safe"
@@ -17,6 +19,7 @@ import (
"github.com/siderolabs/gen/optional"
"go.uber.org/zap"
+ "github.com/siderolabs/talos/pkg/machinery/nethelpers"
"github.com/siderolabs/talos/pkg/machinery/resources/network"
)
@@ -108,17 +111,15 @@ func (ctrl *DNSUpstreamController) run(ctx context.Context, r controller.Runtime
return err
}
- for i, srv := range rs.TypedSpec().DNSServers {
- remoteHost := srv.String()
-
+ for i, srv := range rs.TypedSpec().NameServers {
if err = safe.WriterModify[*network.DNSUpstream](
ctx,
r,
- network.NewDNSUpstream(fmt.Sprintf("#%03d %s", i, remoteHost)),
+ network.NewDNSUpstream(fmt.Sprintf("#%03d %s %s", i, srv.Protocol, srv.Addr)),
func(u *network.DNSUpstream) error {
touchedIDs[u.Metadata().ID()] = struct{}{}
- initConn(&u.TypedSpec().Value, remoteHost, l)
+ initConn(&u.TypedSpec().Value, srv.Protocol, srv.Addr.String(), srv.TLSServerName, l)
return nil
},
@@ -130,7 +131,7 @@ func (ctrl *DNSUpstreamController) run(ctx context.Context, r controller.Runtime
return nil
}
-func existingConnections(ctx context.Context, r controller.Runtime) (func(*network.DNSUpstreamSpecSpec, string, *zap.Logger), error) {
+func existingConnections(ctx context.Context, r controller.Runtime) (func(*network.DNSUpstreamSpecSpec, nethelpers.DNSProtocol, string, string, *zap.Logger), error) {
upstream, err := safe.ReaderListAll[*network.DNSUpstream](ctx, r)
if err != nil {
return nil, err
@@ -142,8 +143,23 @@ func existingConnections(ctx context.Context, r controller.Runtime) (func(*netwo
existingConn[u.TypedSpec().Value.Conn.Addr()] = u.TypedSpec().Value.Conn
}
- return func(spec *network.DNSUpstreamSpecSpec, remoteHost string, l *zap.Logger) {
- remoteAddr := net.JoinHostPort(remoteHost, "53")
+ return func(spec *network.DNSUpstreamSpecSpec, protocol nethelpers.DNSProtocol, remoteHost, tlsServerName string, l *zap.Logger) {
+ var port string
+
+ switch protocol {
+ case nethelpers.DNSProtocolDefault:
+ port = transport.Port
+ case nethelpers.DNSProtocolDNSOverTLS:
+ port = transport.TLSPort
+ default:
+ panic(fmt.Sprintf("unsupported DNS protocol: %s", protocol))
+ }
+
+ if tlsServerName != "" {
+ port = transport.TLSPort
+ }
+
+ remoteAddr := net.JoinHostPort(remoteHost, port)
if spec.Conn != nil && spec.Conn.Addr() == remoteAddr {
l.Debug("reusing existing upstream spec", zap.String("addr", remoteAddr))
@@ -164,14 +180,36 @@ func existingConnections(ctx context.Context, r controller.Runtime) (func(*netwo
return
}
- spec.Conn = network.NewDNSConn(proxy.NewProxy(remoteHost, remoteAddr, "dns"))
+ spec.Conn = network.NewDNSConn(newUpstreamProxy(protocol, remoteHost, remoteAddr, tlsServerName))
- l.Debug("created new upstream connection", zap.String("addr", remoteAddr))
+ l.Debug(
+ "created new upstream connection",
+ zap.String("addr", remoteAddr),
+ zap.Stringer("protocol", protocol),
+ zap.String("tls_server_name", tlsServerName),
+ )
existingConn[remoteAddr] = spec.Conn
}, nil
}
+func newUpstreamProxy(protocol nethelpers.DNSProtocol, remoteHost, remoteAddr, tlsServerName string) *proxy.Proxy {
+ switch protocol {
+ case nethelpers.DNSProtocolDefault:
+ return proxy.NewProxy(remoteHost, remoteAddr, transport.DNS)
+ case nethelpers.DNSProtocolDNSOverTLS:
+ p := proxy.NewProxy(remoteHost, remoteAddr, transport.TLS)
+ p.SetTLSConfig(&tls.Config{
+ ServerName: tlsServerName,
+ MinVersion: tls.VersionTLS13,
+ })
+
+ return p
+ default:
+ panic(fmt.Sprintf("unsupported DNS protocol: %s", protocol))
+ }
+}
+
func cleanupUpstream(ctx context.Context, r controller.Runtime, touchedIDs map[resource.ID]struct{}, l *zap.Logger) {
list, err := safe.ReaderListAll[*network.DNSUpstream](ctx, r)
if err != nil {
diff --git a/internal/app/machined/pkg/controllers/network/etcfile.go b/internal/app/machined/pkg/controllers/network/etcfile.go
index 4085fd3cc..5af28dff5 100644
--- a/internal/app/machined/pkg/controllers/network/etcfile.go
+++ b/internal/app/machined/pkg/controllers/network/etcfile.go
@@ -30,6 +30,7 @@ import (
"github.com/siderolabs/talos/internal/pkg/mount/v3"
talosconfig "github.com/siderolabs/talos/pkg/machinery/config"
"github.com/siderolabs/talos/pkg/machinery/constants"
+ "github.com/siderolabs/talos/pkg/machinery/nethelpers"
"github.com/siderolabs/talos/pkg/machinery/resources/config"
"github.com/siderolabs/talos/pkg/machinery/resources/files"
"github.com/siderolabs/talos/pkg/machinery/resources/network"
@@ -170,7 +171,16 @@ func (ctrl *EtcFileController) Run(ctx context.Context, r controller.Runtime, lo
)
if len(dnsServers) == 0 {
- dnsServers = resolverStatus.TypedSpec().DNSServers
+ dnsServers = xslices.Map(
+ xslices.Filter(
+ resolverStatus.TypedSpec().NameServers,
+ func(ns network.NameServerSpec) bool {
+ // without HostDNS support only plain DNS protocol
+ return ns.Protocol == nethelpers.DNSProtocolDefault
+ },
+ ),
+ func(ns network.NameServerSpec) netip.Addr { return ns.Addr },
+ )
}
src := "resolv.conf"
@@ -216,7 +226,19 @@ func pickNameservers(hostDNSCfg *network.HostDNSConfig, resolverStatus *network.
return localDNS
}
- return slices.All(resolverStatus.TypedSpec().DNSServers)
+ return slices.All(
+ xslices.Map(
+ xslices.Filter(
+ resolverStatus.TypedSpec().NameServers,
+ func(ns network.NameServerSpec) bool {
+ return ns.Protocol == nethelpers.DNSProtocolDefault
+ },
+ ),
+ func(ns network.NameServerSpec) netip.Addr {
+ return ns.Addr
+ },
+ ),
+ )
}
func renderResolvConf(nameservers iter.Seq2[int, netip.Addr], searchDomains []string) []byte {
diff --git a/internal/app/machined/pkg/controllers/network/etcfile_test.go b/internal/app/machined/pkg/controllers/network/etcfile_test.go
index 326c81bff..c07e156c0 100644
--- a/internal/app/machined/pkg/controllers/network/etcfile_test.go
+++ b/internal/app/machined/pkg/controllers/network/etcfile_test.go
@@ -26,6 +26,7 @@ import (
"github.com/siderolabs/talos/pkg/machinery/config/container"
networkcfg "github.com/siderolabs/talos/pkg/machinery/config/types/network"
"github.com/siderolabs/talos/pkg/machinery/config/types/v1alpha1"
+ "github.com/siderolabs/talos/pkg/machinery/nethelpers"
"github.com/siderolabs/talos/pkg/machinery/resources/config"
"github.com/siderolabs/talos/pkg/machinery/resources/files"
"github.com/siderolabs/talos/pkg/machinery/resources/network"
@@ -36,11 +37,12 @@ import (
type EtcFileConfigSuite struct {
ctest.DefaultSuite
- cfg *config.MachineConfig
- defaultAddress *network.NodeAddress
- hostnameStatus *network.HostnameStatus
- resolverStatus *network.ResolverStatus
- hostDNSConfig *network.HostDNSConfig
+ cfg *config.MachineConfig
+ defaultAddress *network.NodeAddress
+ hostnameStatus *network.HostnameStatus
+ resolverStatus *network.ResolverStatus
+ hostDNSConfig *network.HostDNSConfig
+ hostDNSConfigDisabled *network.HostDNSConfig
bindMountTarget string
podResolvConfPath string
@@ -109,11 +111,27 @@ func (suite *EtcFileConfigSuite) ExtraSetup() {
suite.hostnameStatus.TypedSpec().Domainname = "example.com"
suite.resolverStatus = network.NewResolverStatus(network.NamespaceName, network.ResolverID)
- suite.resolverStatus.TypedSpec().DNSServers = []netip.Addr{
- netip.MustParseAddr("1.1.1.1"),
- netip.MustParseAddr("2.2.2.2"),
- netip.MustParseAddr("3.3.3.3"),
- netip.MustParseAddr("4.4.4.4"),
+ suite.resolverStatus.TypedSpec().NameServers = []network.NameServerSpec{
+ {
+ Addr: netip.MustParseAddr("1.1.1.1"),
+ Protocol: nethelpers.DNSProtocolDefault,
+ },
+ {
+ Addr: netip.MustParseAddr("2.2.2.2"),
+ Protocol: nethelpers.DNSProtocolDefault,
+ },
+ {
+ Addr: netip.MustParseAddr("3.3.3.3"),
+ Protocol: nethelpers.DNSProtocolDNSOverTLS,
+ },
+ {
+ Addr: netip.MustParseAddr("4.4.4.4"),
+ Protocol: nethelpers.DNSProtocolDefault,
+ },
+ {
+ Addr: netip.MustParseAddr("5.5.5.5"),
+ Protocol: nethelpers.DNSProtocolDefault,
+ },
}
suite.hostDNSConfig = network.NewHostDNSConfig(network.HostDNSConfigID)
@@ -125,6 +143,9 @@ func (suite *EtcFileConfigSuite) ExtraSetup() {
}
suite.hostDNSConfig.TypedSpec().ServiceHostDNSAddress = netip.MustParseAddr("169.254.116.108")
suite.hostDNSConfig.TypedSpec().ServiceHostDNSAddressV6 = netip.MustParseAddr("fd54:616c:6f73::204f:5320:444e:531")
+
+ suite.hostDNSConfigDisabled = network.NewHostDNSConfig(network.HostDNSConfigID)
+ suite.hostDNSConfigDisabled.TypedSpec().Enabled = false
}
type etcFileContents struct {
@@ -313,6 +334,17 @@ func (suite *EtcFileConfigSuite) TestOnlyResolvers() {
)
}
+func (suite *EtcFileConfigSuite) TestNoHostDNS() {
+ suite.testFiles(
+ []resource.Resource{suite.resolverStatus, suite.hostDNSConfigDisabled},
+ etcFileContents{
+ hosts: "127.0.0.1 localhost\n::1 localhost ip6-localhost ip6-loopback\nff02::1 ip6-allnodes\nff02::2 ip6-allrouters\n",
+ resolvConf: "nameserver 1.1.1.1\nnameserver 2.2.2.2\nnameserver 4.4.4.4\n",
+ resolvGlobalConf: "nameserver 1.1.1.1\nnameserver 2.2.2.2\nnameserver 4.4.4.4\n",
+ },
+ )
+}
+
func (suite *EtcFileConfigSuite) TestOnlyHostname() {
suite.testFiles(
[]resource.Resource{suite.defaultAddress, suite.hostnameStatus},
diff --git a/internal/app/machined/pkg/controllers/network/operator/dhcp6.go b/internal/app/machined/pkg/controllers/network/operator/dhcp6.go
index 7b412a76d..3ae780f1b 100644
--- a/internal/app/machined/pkg/controllers/network/operator/dhcp6.go
+++ b/internal/app/machined/pkg/controllers/network/operator/dhcp6.go
@@ -182,7 +182,9 @@ func (d *DHCP6) parseReply(reply *dhcpv6.Message) (leaseTime time.Duration) {
d.resolvers = []network.ResolverSpecSpec{
{
- DNSServers: xslices.Map(reply.Options.DNS(), convertIP),
+ NameServers: xslices.Map(reply.Options.DNS(), func(ip net.IP) network.NameServerSpec {
+ return network.NameServerSpec{Addr: convertIP(ip)}
+ }),
ConfigLayer: network.ConfigOperator,
},
}
diff --git a/internal/app/machined/pkg/controllers/network/operator/internal/dhcpparse/dhcp4.go b/internal/app/machined/pkg/controllers/network/operator/internal/dhcpparse/dhcp4.go
index 09fb08827..56ba0e4f0 100644
--- a/internal/app/machined/pkg/controllers/network/operator/internal/dhcpparse/dhcp4.go
+++ b/internal/app/machined/pkg/controllers/network/operator/internal/dhcpparse/dhcp4.go
@@ -195,7 +195,9 @@ func ParseDHCP4Ack(ack *dhcpv4.DHCPv4, linkName string, routeMetric uint32, useH
specs.Resolvers = []network.ResolverSpecSpec{
{
- DNSServers: xslices.Map(ack.DNS(), convertIP),
+ NameServers: xslices.Map(ack.DNS(), func(ip net.IP) network.NameServerSpec {
+ return network.NameServerSpec{Addr: convertIP(ip)}
+ }),
SearchDomains: searchDomains,
ConfigLayer: network.ConfigOperator,
},
diff --git a/internal/app/machined/pkg/controllers/network/operator/internal/dhcpparse/dhcp4_test.go b/internal/app/machined/pkg/controllers/network/operator/internal/dhcpparse/dhcp4_test.go
index 673a01a14..38bfe2d59 100644
--- a/internal/app/machined/pkg/controllers/network/operator/internal/dhcpparse/dhcp4_test.go
+++ b/internal/app/machined/pkg/controllers/network/operator/internal/dhcpparse/dhcp4_test.go
@@ -16,6 +16,7 @@ import (
"github.com/siderolabs/talos/internal/app/machined/pkg/controllers/network/operator/internal/dhcpparse"
"github.com/siderolabs/talos/pkg/machinery/nethelpers"
+ "github.com/siderolabs/talos/pkg/machinery/resources/network"
)
func TestParseDHCP4Ack(t *testing.T) {
@@ -179,11 +180,11 @@ func TestParseDHCP4Ack(t *testing.T) {
require.Len(t, specs.Resolvers, 1)
assert.Equal(
t,
- []netip.Addr{
- must.Value(netip.ParseAddr("8.8.8.8"))(t),
- must.Value(netip.ParseAddr("8.8.4.4"))(t),
+ []network.NameServerSpec{
+ {Addr: must.Value(netip.ParseAddr("8.8.8.8"))(t)},
+ {Addr: must.Value(netip.ParseAddr("8.8.4.4"))(t)},
},
- specs.Resolvers[0].DNSServers,
+ specs.Resolvers[0].NameServers,
)
assert.Equal(t, []string{"example.com"}, specs.Resolvers[0].SearchDomains,
"DomainName feeds the search list when DomainSearch is absent")
@@ -255,7 +256,7 @@ func TestParseDHCP4Ack(t *testing.T) {
specs := dhcpparse.ParseDHCP4Ack(ack, linkName, routeMetric, false)
require.Len(t, specs.Resolvers, 1)
- assert.Empty(t, specs.Resolvers[0].DNSServers)
+ assert.Empty(t, specs.Resolvers[0].NameServers)
assert.Equal(t, []string{"example.com"}, specs.Resolvers[0].SearchDomains)
})
diff --git a/internal/app/machined/pkg/controllers/network/operator_spec.go b/internal/app/machined/pkg/controllers/network/operator_spec.go
index 6459adef5..12faff5cc 100644
--- a/internal/app/machined/pkg/controllers/network/operator_spec.go
+++ b/internal/app/machined/pkg/controllers/network/operator_spec.go
@@ -344,6 +344,7 @@ func (ctrl *OperatorSpecController) reconcileOperatorOutputs(ctx context.Context
),
func(r *network.ResolverSpec) error {
*r.TypedSpec() = resolverSpec
+ r.TypedSpec().Convert() // convert deprecated fields for backward compatibility
return nil
},
diff --git a/internal/app/machined/pkg/controllers/network/platform_config.go b/internal/app/machined/pkg/controllers/network/platform_config.go
index 5ee983f79..11caff6e5 100644
--- a/internal/app/machined/pkg/controllers/network/platform_config.go
+++ b/internal/app/machined/pkg/controllers/network/platform_config.go
@@ -92,7 +92,12 @@ func (ctrl *PlatformConfigController) Run(ctx context.Context, r controller.Runt
ctx, r,
network.NewPlatformConfig(network.NamespaceName, network.PlatformConfigActiveID),
func(out *network.PlatformConfig) error {
- *out.TypedSpec() = *networkConfig
+ *out.TypedSpec() = networkConfig.DeepCopy()
+
+ // fix up resolvers as a defensive measure
+ for i := range out.TypedSpec().Resolvers {
+ out.TypedSpec().Resolvers[i].Convert()
+ }
return nil
},
diff --git a/internal/app/machined/pkg/controllers/network/platform_config_apply.go b/internal/app/machined/pkg/controllers/network/platform_config_apply.go
index c7caf7d81..62d15f79c 100644
--- a/internal/app/machined/pkg/controllers/network/platform_config_apply.go
+++ b/internal/app/machined/pkg/controllers/network/platform_config_apply.go
@@ -279,6 +279,7 @@ func (ctrl *PlatformConfigApplyController) apply(ctx context.Context, r controll
*spec = newSpec.(network.ResolverSpecSpec) //nolint:forcetypeassert
spec.ConfigLayer = network.ConfigPlatform
+ spec.Convert() // convert deprecated fields for backward compatibility
return nil
}
diff --git a/internal/app/machined/pkg/controllers/network/platform_config_apply_test.go b/internal/app/machined/pkg/controllers/network/platform_config_apply_test.go
index 3478bc120..8f629520b 100644
--- a/internal/app/machined/pkg/controllers/network/platform_config_apply_test.go
+++ b/internal/app/machined/pkg/controllers/network/platform_config_apply_test.go
@@ -190,6 +190,7 @@ func (suite *PlatformConfigApplySuite) TestResolvers() {
platformConfig.TypedSpec().Resolvers = []network.ResolverSpecSpec{
{
DNSServers: []netip.Addr{netip.MustParseAddr("1.1.1.1")},
+ NameServers: []network.NameServerSpec{{Addr: netip.MustParseAddr("1.1.1.1")}},
ConfigLayer: network.ConfigPlatform,
},
}
@@ -200,7 +201,8 @@ func (suite *PlatformConfigApplySuite) TestResolvers() {
}, func(r *network.ResolverSpec, asrt *assert.Assertions) {
spec := r.TypedSpec()
- asrt.Equal("[1.1.1.1]", fmt.Sprintf("%s", spec.DNSServers))
+ asrt.Equal("[1.1.1.1]", fmt.Sprintf("%s", spec.DNSServers)) //nolint:staticcheck
+ asrt.Equal([]network.NameServerSpec{{Addr: netip.MustParseAddr("1.1.1.1")}}, spec.NameServers)
asrt.Equal(network.ConfigPlatform, spec.ConfigLayer)
}, rtestutils.WithNamespace(network.ConfigNamespaceName))
}
diff --git a/internal/app/machined/pkg/controllers/network/platform_config_test.go b/internal/app/machined/pkg/controllers/network/platform_config_test.go
index 1d09c5e42..607e7bcc6 100644
--- a/internal/app/machined/pkg/controllers/network/platform_config_test.go
+++ b/internal/app/machined/pkg/controllers/network/platform_config_test.go
@@ -102,7 +102,15 @@ func (suite *PlatformConfigSuite) TestPlatform() {
asrt.Equal(
[]string{"1.1.1.1"},
xslices.Map(spec.Resolvers, func(r network.ResolverSpecSpec) string {
- return strings.Join(xslices.Map(r.DNSServers, netip.Addr.String), ", ")
+ return strings.Join(xslices.Map(r.DNSServers, netip.Addr.String), ", ") //nolint:staticcheck
+ }),
+ )
+ asrt.Equal(
+ []string{"1.1.1.1"},
+ xslices.Map(spec.Resolvers, func(r network.ResolverSpecSpec) string {
+ return strings.Join(xslices.Map(r.NameServers, func(ns network.NameServerSpec) string {
+ return ns.Addr.String()
+ }), ", ")
}),
)
asrt.Equal(
@@ -256,7 +264,9 @@ func (mock *platformMock) NetworkConfiguration(
networkConfig.Resolvers = append(
networkConfig.Resolvers, network.ResolverSpecSpec{
ConfigLayer: network.ConfigPlatform,
- DNSServers: mock.resolvers,
+ NameServers: xslices.Map(mock.resolvers, func(addr netip.Addr) network.NameServerSpec {
+ return network.NameServerSpec{Addr: addr}
+ }),
},
)
}
diff --git a/internal/app/machined/pkg/controllers/network/resolver_config.go b/internal/app/machined/pkg/controllers/network/resolver_config.go
index 1c6e77a54..291a0b858 100644
--- a/internal/app/machined/pkg/controllers/network/resolver_config.go
+++ b/internal/app/machined/pkg/controllers/network/resolver_config.go
@@ -15,10 +15,11 @@ import (
"github.com/cosi-project/runtime/pkg/safe"
"github.com/cosi-project/runtime/pkg/state"
"github.com/siderolabs/gen/optional"
+ "github.com/siderolabs/gen/xslices"
"github.com/siderolabs/go-procfs/procfs"
"go.uber.org/zap"
- talosconfig "github.com/siderolabs/talos/pkg/machinery/config"
+ talosconfig "github.com/siderolabs/talos/pkg/machinery/config/config"
"github.com/siderolabs/talos/pkg/machinery/constants"
"github.com/siderolabs/talos/pkg/machinery/resources/config"
"github.com/siderolabs/talos/pkg/machinery/resources/network"
@@ -105,7 +106,7 @@ func (ctrl *ResolverConfigController) Run(ctx context.Context, r controller.Runt
// parse kernel cmdline for the default gateway
cmdlineServers := ctrl.parseCmdline(logger)
- if cmdlineServers.DNSServers != nil {
+ if cmdlineServers.NameServers != nil {
specs = append(specs, cmdlineServers)
}
@@ -177,7 +178,10 @@ func (ctrl *ResolverConfigController) apply(ctx context.Context, r controller.Ru
}
func (ctrl *ResolverConfigController) getDefault(cfg talosconfig.Config, hostnameStatus *network.HostnameStatusSpec) (spec network.ResolverSpecSpec) {
- spec.DNSServers = []netip.Addr{netip.MustParseAddr(constants.DefaultPrimaryResolver), netip.MustParseAddr(constants.DefaultSecondaryResolver)}
+ spec.NameServers = []network.NameServerSpec{
+ {Addr: netip.MustParseAddr(constants.DefaultPrimaryResolver)},
+ {Addr: netip.MustParseAddr(constants.DefaultSecondaryResolver)},
+ }
spec.ConfigLayer = network.ConfigDefault
if cfg == nil ||
@@ -209,7 +213,9 @@ func (ctrl *ResolverConfigController) parseCmdline(logger *zap.Logger) (spec net
return spec
}
- spec.DNSServers = settings.DNSAddresses
+ spec.NameServers = xslices.Map(settings.DNSAddresses, func(addr netip.Addr) network.NameServerSpec {
+ return network.NameServerSpec{Addr: addr}
+ })
spec.ConfigLayer = network.ConfigCmdline
return spec
@@ -229,7 +235,14 @@ func (ctrl *ResolverConfigController) parseMachineConfiguration(cfgProvider talo
return spec, false
}
- spec.DNSServers = slices.Clone(resolvers)
+ spec.NameServers = xslices.Map(resolvers, func(r talosconfig.NetworkResolver) network.NameServerSpec {
+ return network.NameServerSpec{
+ Addr: r.Addr,
+ Protocol: r.Protocol,
+ TLSServerName: r.TLSServerName,
+ }
+ })
+
spec.SearchDomains = slices.Clone(searchDomains)
spec.ConfigLayer = network.ConfigMachineConfiguration
diff --git a/internal/app/machined/pkg/controllers/network/resolver_config_test.go b/internal/app/machined/pkg/controllers/network/resolver_config_test.go
index 288cc091e..ead50f3df 100644
--- a/internal/app/machined/pkg/controllers/network/resolver_config_test.go
+++ b/internal/app/machined/pkg/controllers/network/resolver_config_test.go
@@ -21,6 +21,7 @@ import (
networkcfg "github.com/siderolabs/talos/pkg/machinery/config/types/network"
"github.com/siderolabs/talos/pkg/machinery/config/types/v1alpha1"
"github.com/siderolabs/talos/pkg/machinery/constants"
+ "github.com/siderolabs/talos/pkg/machinery/nethelpers"
"github.com/siderolabs/talos/pkg/machinery/resources/config"
"github.com/siderolabs/talos/pkg/machinery/resources/network"
)
@@ -38,10 +39,10 @@ func (suite *ResolverConfigSuite) TestDefaults() {
"default/resolvers",
}, func(r *network.ResolverSpec, asrt *assert.Assertions) {
asrt.Equal(
- []netip.Addr{
- netip.MustParseAddr(constants.DefaultPrimaryResolver),
- netip.MustParseAddr(constants.DefaultSecondaryResolver),
- }, r.TypedSpec().DNSServers,
+ []network.NameServerSpec{
+ {Addr: netip.MustParseAddr(constants.DefaultPrimaryResolver)},
+ {Addr: netip.MustParseAddr(constants.DefaultSecondaryResolver)},
+ }, r.TypedSpec().NameServers,
)
asrt.Empty(r.TypedSpec().SearchDomains)
asrt.Equal(network.ConfigDefault, r.TypedSpec().ConfigLayer)
@@ -87,10 +88,10 @@ func (suite *ResolverConfigSuite) TestWithHostnameStatus() {
"default/resolvers",
}, func(r *network.ResolverSpec, asrt *assert.Assertions) {
asrt.Equal(
- []netip.Addr{
- netip.MustParseAddr(constants.DefaultPrimaryResolver),
- netip.MustParseAddr(constants.DefaultSecondaryResolver),
- }, r.TypedSpec().DNSServers,
+ []network.NameServerSpec{
+ {Addr: netip.MustParseAddr(constants.DefaultPrimaryResolver)},
+ {Addr: netip.MustParseAddr(constants.DefaultSecondaryResolver)},
+ }, r.TypedSpec().NameServers,
)
asrt.Equal([]string{"example.org"}, r.TypedSpec().SearchDomains)
asrt.Equal(network.ConfigDefault, r.TypedSpec().ConfigLayer)
@@ -145,10 +146,10 @@ func (suite *ResolverConfigSuite) TestCmdline() {
"cmdline/resolvers",
}, func(r *network.ResolverSpec, asrt *assert.Assertions) {
asrt.Equal(
- []netip.Addr{
- netip.MustParseAddr("10.0.0.1"),
- netip.MustParseAddr("10.0.0.2"),
- }, r.TypedSpec().DNSServers,
+ []network.NameServerSpec{
+ {Addr: netip.MustParseAddr("10.0.0.1")},
+ {Addr: netip.MustParseAddr("10.0.0.2")},
+ }, r.TypedSpec().NameServers,
)
asrt.Empty(r.TypedSpec().SearchDomains)
},
@@ -185,16 +186,16 @@ func (suite *ResolverConfigSuite) TestMachineConfigurationLegacy() {
suite.Create(cfg)
- ctest.AssertResources(
+ ctest.AssertResources( //nolint:dupl
suite,
[]string{
"configuration/resolvers",
}, func(r *network.ResolverSpec, asrt *assert.Assertions) {
asrt.Equal(
- []netip.Addr{
- netip.MustParseAddr("2.2.2.2"),
- netip.MustParseAddr("3.3.3.3"),
- }, r.TypedSpec().DNSServers,
+ []network.NameServerSpec{
+ {Addr: netip.MustParseAddr("2.2.2.2")},
+ {Addr: netip.MustParseAddr("3.3.3.3")},
+ }, r.TypedSpec().NameServers,
)
asrt.Equal(
@@ -237,16 +238,16 @@ func (suite *ResolverConfigSuite) TestMachineConfigurationNewStyle() {
cfg := config.NewMachineConfig(ctr)
suite.Create(cfg)
- ctest.AssertResources(
+ ctest.AssertResources( //nolint:dupl
suite,
[]string{
"configuration/resolvers",
}, func(r *network.ResolverSpec, asrt *assert.Assertions) {
asrt.Equal(
- []netip.Addr{
- netip.MustParseAddr("2.2.2.2"),
- netip.MustParseAddr("3.3.3.3"),
- }, r.TypedSpec().DNSServers,
+ []network.NameServerSpec{
+ {Addr: netip.MustParseAddr("2.2.2.2")},
+ {Addr: netip.MustParseAddr("3.3.3.3")},
+ }, r.TypedSpec().NameServers,
)
asrt.Equal(
@@ -262,6 +263,47 @@ func (suite *ResolverConfigSuite) TestMachineConfigurationNewStyle() {
ctest.AssertNoResource[*network.ResolverSpec](suite, "configuration/resolvers", rtestutils.WithNamespace(network.ConfigNamespaceName))
}
+func (suite *ResolverConfigSuite) TestMachineConfigurationDNSOverTLS() {
+ suite.Require().NoError(suite.Runtime().RegisterController(&netctrl.ResolverConfigController{}))
+
+ rc := networkcfg.NewResolverConfigV1Alpha1()
+ rc.ResolverNameservers = []networkcfg.NameserverConfig{
+ {
+ Address: networkcfg.Addr{Addr: netip.MustParseAddr("9.9.9.9")},
+ Protocol: nethelpers.DNSProtocolDNSOverTLS,
+ TLSServerName: "dns.quad9.net",
+ },
+ {
+ Address: networkcfg.Addr{Addr: netip.MustParseAddr("8.8.8.8")},
+ },
+ }
+
+ ctr, err := container.New(rc)
+ suite.Require().NoError(err)
+
+ cfg := config.NewMachineConfig(ctr)
+ suite.Create(cfg)
+
+ ctest.AssertResources(
+ suite,
+ []string{
+ "configuration/resolvers",
+ }, func(r *network.ResolverSpec, asrt *assert.Assertions) {
+ asrt.Equal(
+ []network.NameServerSpec{
+ {
+ Addr: netip.MustParseAddr("9.9.9.9"),
+ Protocol: nethelpers.DNSProtocolDNSOverTLS,
+ TLSServerName: "dns.quad9.net",
+ },
+ {Addr: netip.MustParseAddr("8.8.8.8")},
+ }, r.TypedSpec().NameServers,
+ )
+ },
+ rtestutils.WithNamespace(network.ConfigNamespaceName),
+ )
+}
+
func TestResolverConfigSuite(t *testing.T) {
t.Parallel()
diff --git a/internal/app/machined/pkg/controllers/network/resolver_merge.go b/internal/app/machined/pkg/controllers/network/resolver_merge.go
index 6343964e2..8e21d91fc 100644
--- a/internal/app/machined/pkg/controllers/network/resolver_merge.go
+++ b/internal/app/machined/pkg/controllers/network/resolver_merge.go
@@ -7,7 +7,6 @@ package network
import (
"cmp"
- "net/netip"
"slices"
"github.com/cosi-project/runtime/pkg/controller"
@@ -50,21 +49,23 @@ func NewResolverMergeController() controller.Controller {
switch spec.ConfigLayer { //nolint:exhaustive
case final.ConfigLayer:
// simply append server lists on the same layer
- final.DNSServers = append(final.DNSServers, spec.DNSServers...)
+ final.NameServers = append(final.NameServers, spec.NameServers...)
case network.ConfigMachineConfiguration:
// machine configuration overrides previous layers, but only when DNS servers are set
- if len(spec.DNSServers) > 0 {
- final.DNSServers = slices.Clone(spec.DNSServers)
+ if len(spec.NameServers) > 0 {
+ final.NameServers = slices.Clone(spec.NameServers)
}
default:
// otherwise, do a smart merge across IPv4/IPv6
- mergeDNSServers(&final.DNSServers, spec.DNSServers)
+ mergeNameServers(&final.NameServers, spec.NameServers)
}
final.ConfigLayer = spec.ConfigLayer
}
- if final.DNSServers != nil {
+ if final.NameServers != nil {
+ final.Convert() // convert deprecated fields for backward compatibility
+
return map[resource.ID]*network.ResolverSpecSpec{
network.ResolverID: &final,
}
@@ -75,25 +76,25 @@ func NewResolverMergeController() controller.Controller {
)
}
-func mergeDNSServers(dst *[]netip.Addr, src []netip.Addr) {
+func mergeNameServers(dst *[]network.NameServerSpec, src []network.NameServerSpec) {
if *dst == nil {
*dst = slices.Clone(src)
return
}
- srcHasV4 := slices.IndexFunc(src, netip.Addr.Is4) != -1
- srcHasV6 := slices.IndexFunc(src, netip.Addr.Is6) != -1
- dstHasV4 := slices.IndexFunc(*dst, netip.Addr.Is4) != -1
- dstHasV6 := slices.IndexFunc(*dst, netip.Addr.Is6) != -1
+ srcHasV4 := slices.IndexFunc(src, func(ns network.NameServerSpec) bool { return ns.Addr.Is4() }) != -1
+ srcHasV6 := slices.IndexFunc(src, func(ns network.NameServerSpec) bool { return ns.Addr.Is6() }) != -1
+ dstHasV4 := slices.IndexFunc(*dst, func(ns network.NameServerSpec) bool { return ns.Addr.Is4() }) != -1
+ dstHasV6 := slices.IndexFunc(*dst, func(ns network.NameServerSpec) bool { return ns.Addr.Is6() }) != -1
// if old set has IPv4, and new one doesn't, preserve IPv4
// and same vice versa for IPv6
switch {
case dstHasV4 && !srcHasV4:
- *dst = slices.Concat(src, xslices.Filter(*dst, netip.Addr.Is4))
+ *dst = slices.Concat(src, xslices.Filter(*dst, func(ns network.NameServerSpec) bool { return ns.Addr.Is4() }))
case dstHasV6 && !srcHasV6:
- *dst = slices.Concat(src, xslices.Filter(*dst, netip.Addr.Is6))
+ *dst = slices.Concat(src, xslices.Filter(*dst, func(ns network.NameServerSpec) bool { return ns.Addr.Is6() }))
default:
*dst = slices.Clone(src)
}
diff --git a/internal/app/machined/pkg/controllers/network/resolver_merge_test.go b/internal/app/machined/pkg/controllers/network/resolver_merge_test.go
index 1608a6a84..6c5d823cc 100644
--- a/internal/app/machined/pkg/controllers/network/resolver_merge_test.go
+++ b/internal/app/machined/pkg/controllers/network/resolver_merge_test.go
@@ -17,6 +17,7 @@ import (
"github.com/siderolabs/talos/internal/app/machined/pkg/controllers/ctest"
netctrl "github.com/siderolabs/talos/internal/app/machined/pkg/controllers/network"
"github.com/siderolabs/talos/pkg/machinery/constants"
+ "github.com/siderolabs/talos/pkg/machinery/nethelpers"
"github.com/siderolabs/talos/pkg/machinery/resources/network"
)
@@ -31,28 +32,34 @@ func (suite *ResolverMergeSuite) assertResolvers(requiredIDs []string, check fun
func (suite *ResolverMergeSuite) TestMerge() {
def := network.NewResolverSpec(network.ConfigNamespaceName, "default/resolvers")
*def.TypedSpec() = network.ResolverSpecSpec{
- DNSServers: []netip.Addr{
- netip.MustParseAddr(constants.DefaultPrimaryResolver),
- netip.MustParseAddr(constants.DefaultSecondaryResolver),
+ NameServers: []network.NameServerSpec{
+ {Addr: netip.MustParseAddr(constants.DefaultPrimaryResolver)},
+ {Addr: netip.MustParseAddr(constants.DefaultSecondaryResolver)},
},
ConfigLayer: network.ConfigDefault,
}
dhcp1 := network.NewResolverSpec(network.ConfigNamespaceName, "dhcp/eth0")
*dhcp1.TypedSpec() = network.ResolverSpecSpec{
- DNSServers: []netip.Addr{netip.MustParseAddr("1.1.2.0")},
+ NameServers: []network.NameServerSpec{
+ {Addr: netip.MustParseAddr("1.1.2.0")},
+ },
ConfigLayer: network.ConfigOperator,
}
dhcp2 := network.NewResolverSpec(network.ConfigNamespaceName, "dhcp/eth1")
*dhcp2.TypedSpec() = network.ResolverSpecSpec{
- DNSServers: []netip.Addr{netip.MustParseAddr("1.1.2.1")},
+ NameServers: []network.NameServerSpec{
+ {Addr: netip.MustParseAddr("1.1.2.1")},
+ },
ConfigLayer: network.ConfigOperator,
}
static := network.NewResolverSpec(network.ConfigNamespaceName, "configuration/resolvers")
*static.TypedSpec() = network.ResolverSpecSpec{
- DNSServers: []netip.Addr{netip.MustParseAddr("2.2.2.2")},
+ NameServers: []network.NameServerSpec{
+ {Addr: netip.MustParseAddr("2.2.2.2")},
+ },
SearchDomains: []string{"example.com", "example.org", "example.net"},
ConfigLayer: network.ConfigMachineConfiguration,
}
@@ -65,7 +72,15 @@ func (suite *ResolverMergeSuite) TestMerge() {
[]string{
"resolvers",
}, func(r *network.ResolverSpec, asrt *assert.Assertions) {
- asrt.Equal(*static.TypedSpec(), *r.TypedSpec())
+ asrt.Equal(
+ []network.NameServerSpec{
+ {Addr: netip.MustParseAddr("2.2.2.2")},
+ }, r.TypedSpec().NameServers,
+ )
+ asrt.Equal(
+ []netip.Addr{netip.MustParseAddr("2.2.2.2")}, r.TypedSpec().DNSServers, //nolint:staticcheck
+ )
+ asrt.Equal(network.ConfigMachineConfiguration, r.TypedSpec().ConfigLayer)
asrt.Equal([]string{"example.com", "example.org", "example.net"}, r.TypedSpec().SearchDomains)
},
)
@@ -76,7 +91,13 @@ func (suite *ResolverMergeSuite) TestMerge() {
[]string{
"resolvers",
}, func(r *network.ResolverSpec, asrt *assert.Assertions) {
- asrt.Equal([]netip.Addr{netip.MustParseAddr("1.1.2.0"), netip.MustParseAddr("1.1.2.1")}, r.TypedSpec().DNSServers)
+ asrt.Equal(
+ []network.NameServerSpec{
+ {Addr: netip.MustParseAddr("1.1.2.0")},
+ {Addr: netip.MustParseAddr("1.1.2.1")},
+ }, r.TypedSpec().NameServers,
+ )
+ asrt.Equal([]netip.Addr{netip.MustParseAddr("1.1.2.0"), netip.MustParseAddr("1.1.2.1")}, r.TypedSpec().DNSServers) //nolint:staticcheck
},
)
}
@@ -84,22 +105,27 @@ func (suite *ResolverMergeSuite) TestMerge() {
func (suite *ResolverMergeSuite) TestMergeIPv46() {
def := network.NewResolverSpec(network.ConfigNamespaceName, "default/resolvers")
*def.TypedSpec() = network.ResolverSpecSpec{
- DNSServers: []netip.Addr{
- netip.MustParseAddr(constants.DefaultPrimaryResolver),
- netip.MustParseAddr(constants.DefaultSecondaryResolver),
+ NameServers: []network.NameServerSpec{
+ {Addr: netip.MustParseAddr(constants.DefaultPrimaryResolver)},
+ {Addr: netip.MustParseAddr(constants.DefaultSecondaryResolver)},
},
ConfigLayer: network.ConfigDefault,
}
platform := network.NewResolverSpec(network.ConfigNamespaceName, "platform/resolvers")
*platform.TypedSpec() = network.ResolverSpecSpec{
- DNSServers: []netip.Addr{netip.MustParseAddr("1.1.2.0"), netip.MustParseAddr("fe80::1")},
+ NameServers: []network.NameServerSpec{
+ {Addr: netip.MustParseAddr("1.1.2.0")},
+ {Addr: netip.MustParseAddr("fe80::1")},
+ },
ConfigLayer: network.ConfigPlatform,
}
dhcp := network.NewResolverSpec(network.ConfigNamespaceName, "dhcp/eth1")
*dhcp.TypedSpec() = network.ResolverSpecSpec{
- DNSServers: []netip.Addr{netip.MustParseAddr("1.1.2.1")},
+ NameServers: []network.NameServerSpec{
+ {Addr: netip.MustParseAddr("1.1.2.1")},
+ },
ConfigLayer: network.ConfigOperator,
}
@@ -112,7 +138,11 @@ func (suite *ResolverMergeSuite) TestMergeIPv46() {
"resolvers",
}, func(r *network.ResolverSpec, asrt *assert.Assertions) {
asrt.Equal(network.ConfigOperator, r.TypedSpec().ConfigLayer)
- asrt.Equal(`["1.1.2.1" "fe80::1"]`, fmt.Sprintf("%q", r.TypedSpec().DNSServers))
+ asrt.Equal([]network.NameServerSpec{
+ {Addr: netip.MustParseAddr("1.1.2.1")},
+ {Addr: netip.MustParseAddr("fe80::1")},
+ }, r.TypedSpec().NameServers)
+ asrt.Equal(`["1.1.2.1" "fe80::1"]`, fmt.Sprintf("%q", r.TypedSpec().DNSServers)) //nolint:staticcheck
},
)
}
@@ -120,16 +150,18 @@ func (suite *ResolverMergeSuite) TestMergeIPv46() {
func (suite *ResolverMergeSuite) TestMergeSearchDomainsOnlyConfig() {
def := network.NewResolverSpec(network.ConfigNamespaceName, "default/resolvers")
*def.TypedSpec() = network.ResolverSpecSpec{
- DNSServers: []netip.Addr{
- netip.MustParseAddr(constants.DefaultPrimaryResolver),
- netip.MustParseAddr(constants.DefaultSecondaryResolver),
+ NameServers: []network.NameServerSpec{
+ {Addr: netip.MustParseAddr(constants.DefaultPrimaryResolver)},
+ {Addr: netip.MustParseAddr(constants.DefaultSecondaryResolver)},
},
ConfigLayer: network.ConfigDefault,
}
dhcp := network.NewResolverSpec(network.ConfigNamespaceName, "dhcp/eth0")
*dhcp.TypedSpec() = network.ResolverSpecSpec{
- DNSServers: []netip.Addr{netip.MustParseAddr("192.168.131.1")},
+ NameServers: []network.NameServerSpec{
+ {Addr: netip.MustParseAddr("192.168.131.1")},
+ },
SearchDomains: []string{"somewhere.com", "home.lab"},
ConfigLayer: network.ConfigOperator,
}
@@ -148,7 +180,11 @@ func (suite *ResolverMergeSuite) TestMergeSearchDomainsOnlyConfig() {
[]string{
"resolvers",
}, func(r *network.ResolverSpec, asrt *assert.Assertions) {
- asrt.Equal([]netip.Addr{netip.MustParseAddr("192.168.131.1")}, r.TypedSpec().DNSServers)
+ asrt.Equal([]netip.Addr{netip.MustParseAddr("192.168.131.1")}, r.TypedSpec().DNSServers) //nolint:staticcheck
+ asrt.Equal([]network.NameServerSpec{
+ {Addr: netip.MustParseAddr("192.168.131.1")},
+ }, r.TypedSpec().NameServers)
+ asrt.Equal(network.ConfigMachineConfiguration, r.TypedSpec().ConfigLayer)
asrt.Equal([]string{"another.lab", "somewhere.com", "home.lab"}, r.TypedSpec().SearchDomains)
},
)
@@ -157,16 +193,18 @@ func (suite *ResolverMergeSuite) TestMergeSearchDomainsOnlyConfig() {
func (suite *ResolverMergeSuite) TestMergeIPv6OnlyConfig() {
def := network.NewResolverSpec(network.ConfigNamespaceName, "default/resolvers")
*def.TypedSpec() = network.ResolverSpecSpec{
- DNSServers: []netip.Addr{
- netip.MustParseAddr(constants.DefaultPrimaryResolver),
- netip.MustParseAddr(constants.DefaultSecondaryResolver),
+ NameServers: []network.NameServerSpec{
+ {Addr: netip.MustParseAddr(constants.DefaultPrimaryResolver)},
+ {Addr: netip.MustParseAddr(constants.DefaultSecondaryResolver)},
},
ConfigLayer: network.ConfigDefault,
}
cfg := network.NewResolverSpec(network.ConfigNamespaceName, "cfg/resolvers")
*cfg.TypedSpec() = network.ResolverSpecSpec{
- DNSServers: []netip.Addr{netip.MustParseAddr("fe80::1")},
+ NameServers: []network.NameServerSpec{
+ {Addr: netip.MustParseAddr("fe80::1")},
+ },
ConfigLayer: network.ConfigMachineConfiguration,
}
@@ -179,7 +217,65 @@ func (suite *ResolverMergeSuite) TestMergeIPv6OnlyConfig() {
"resolvers",
}, func(r *network.ResolverSpec, asrt *assert.Assertions) {
asrt.Equal(network.ConfigMachineConfiguration, r.TypedSpec().ConfigLayer)
- asrt.Equal(`["fe80::1"]`, fmt.Sprintf("%q", r.TypedSpec().DNSServers))
+ asrt.Equal([]network.NameServerSpec{
+ {Addr: netip.MustParseAddr("fe80::1")},
+ }, r.TypedSpec().NameServers)
+ asrt.Equal(`["fe80::1"]`, fmt.Sprintf("%q", r.TypedSpec().DNSServers)) //nolint:staticcheck
+ },
+ )
+}
+
+func (suite *ResolverMergeSuite) TestMergeDNSOverTLS() {
+ def := network.NewResolverSpec(network.ConfigNamespaceName, "default/resolvers")
+ *def.TypedSpec() = network.ResolverSpecSpec{
+ NameServers: []network.NameServerSpec{
+ {Addr: netip.MustParseAddr(constants.DefaultPrimaryResolver)},
+ {Addr: netip.MustParseAddr(constants.DefaultSecondaryResolver)},
+ },
+ ConfigLayer: network.ConfigDefault,
+ }
+
+ static := network.NewResolverSpec(network.ConfigNamespaceName, "configuration/resolvers")
+ *static.TypedSpec() = network.ResolverSpecSpec{
+ NameServers: []network.NameServerSpec{
+ {
+ Addr: netip.MustParseAddr("9.9.9.9"),
+ Protocol: nethelpers.DNSProtocolDNSOverTLS,
+ TLSServerName: "dns.quad9.net",
+ },
+ {
+ Addr: netip.MustParseAddr("8.8.8.8"),
+ },
+ },
+ ConfigLayer: network.ConfigMachineConfiguration,
+ }
+
+ for _, res := range []resource.Resource{def, static} {
+ suite.Create(res)
+ }
+
+ suite.assertResolvers(
+ []string{
+ "resolvers",
+ }, func(r *network.ResolverSpec, asrt *assert.Assertions) {
+ asrt.Equal(network.ConfigMachineConfiguration, r.TypedSpec().ConfigLayer)
+ asrt.Equal(
+ []netip.Addr{netip.MustParseAddr("9.9.9.9"), netip.MustParseAddr("8.8.8.8")},
+ r.TypedSpec().DNSServers, //nolint:staticcheck
+ )
+ asrt.Equal(
+ []network.NameServerSpec{
+ {
+ Addr: netip.MustParseAddr("9.9.9.9"),
+ Protocol: nethelpers.DNSProtocolDNSOverTLS,
+ TLSServerName: "dns.quad9.net",
+ },
+ {
+ Addr: netip.MustParseAddr("8.8.8.8"),
+ },
+ },
+ r.TypedSpec().NameServers,
+ )
},
)
}
diff --git a/internal/app/machined/pkg/controllers/network/resolver_spec.go b/internal/app/machined/pkg/controllers/network/resolver_spec.go
index 32d752ee9..b1a7809cd 100644
--- a/internal/app/machined/pkg/controllers/network/resolver_spec.go
+++ b/internal/app/machined/pkg/controllers/network/resolver_spec.go
@@ -7,11 +7,13 @@ package network
import (
"context"
"fmt"
+ "slices"
"github.com/cosi-project/runtime/pkg/controller"
"github.com/cosi-project/runtime/pkg/resource"
"github.com/cosi-project/runtime/pkg/safe"
"github.com/cosi-project/runtime/pkg/state"
+ "github.com/siderolabs/gen/xslices"
"go.uber.org/zap"
"github.com/siderolabs/talos/pkg/machinery/resources/network"
@@ -88,13 +90,14 @@ func (ctrl *ResolverSpecController) Run(ctx context.Context, r controller.Runtim
case resource.PhaseRunning:
logger.Info(
"setting resolvers",
- zap.Stringers("resolvers", spec.TypedSpec().DNSServers),
- zap.Strings("searchDomains", spec.TypedSpec().SearchDomains),
+ zap.Strings("resolvers", xslices.Map(spec.TypedSpec().NameServers, network.NameServerSpec.String)),
+ zap.Strings("search_domains", spec.TypedSpec().SearchDomains),
)
if err = safe.WriterModify(ctx, r, network.NewResolverStatus(network.NamespaceName, spec.Metadata().ID()), func(r *network.ResolverStatus) error {
- r.TypedSpec().DNSServers = spec.TypedSpec().DNSServers
+ r.TypedSpec().DNSServers = slices.Clone(spec.TypedSpec().DNSServers) //nolint:staticcheck
r.TypedSpec().SearchDomains = spec.TypedSpec().SearchDomains
+ r.TypedSpec().NameServers = slices.Clone(spec.TypedSpec().NameServers)
return nil
}); err != nil {
diff --git a/internal/app/machined/pkg/controllers/network/resolver_spec_test.go b/internal/app/machined/pkg/controllers/network/resolver_spec_test.go
index 4889e9f9f..b15678b5d 100644
--- a/internal/app/machined/pkg/controllers/network/resolver_spec_test.go
+++ b/internal/app/machined/pkg/controllers/network/resolver_spec_test.go
@@ -27,14 +27,16 @@ func (suite *ResolverSpecSuite) TestSpec() {
spec := network.NewResolverSpec(network.NamespaceName, "resolvers")
*spec.TypedSpec() = network.ResolverSpecSpec{
- DNSServers: []netip.Addr{netip.MustParseAddr(constants.DefaultPrimaryResolver)},
+ NameServers: []network.NameServerSpec{{Addr: netip.MustParseAddr(constants.DefaultPrimaryResolver)}},
+ DNSServers: []netip.Addr{netip.MustParseAddr(constants.DefaultPrimaryResolver)}, //nolint:staticcheck // backward compatibility
ConfigLayer: network.ConfigDefault,
}
suite.Create(spec)
ctest.AssertResource(suite, "resolvers", func(r *network.ResolverStatus, asrt *assert.Assertions) {
- asrt.Equal([]netip.Addr{netip.MustParseAddr(constants.DefaultPrimaryResolver)}, r.TypedSpec().DNSServers)
+ asrt.Equal([]netip.Addr{netip.MustParseAddr(constants.DefaultPrimaryResolver)}, r.TypedSpec().DNSServers) //nolint:staticcheck // backward compatibility
+ asrt.Equal([]network.NameServerSpec{{Addr: netip.MustParseAddr(constants.DefaultPrimaryResolver)}}, r.TypedSpec().NameServers)
})
}
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/aws/aws.go b/internal/app/machined/pkg/runtime/v1alpha1/platform/aws/aws.go
index c9796f671..35b6e0ae3 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/aws/aws.go
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/aws/aws.go
@@ -26,6 +26,7 @@ import (
"github.com/siderolabs/talos/internal/app/machined/pkg/runtime/v1alpha1/platform/internal/netutils"
"github.com/siderolabs/talos/pkg/machinery/constants"
"github.com/siderolabs/talos/pkg/machinery/imager/quirks"
+ "github.com/siderolabs/talos/pkg/machinery/nethelpers"
"github.com/siderolabs/talos/pkg/machinery/resources/network"
runtimeres "github.com/siderolabs/talos/pkg/machinery/resources/runtime"
)
@@ -224,10 +225,18 @@ func (a *AWS) ParseMetadata(metadata *MetadataConfig) (*runtime.PlatformNetworkC
dns, _ := netip.ParseAddr(awsIPv6DNSServer) //nolint:errcheck
- networkConfig.Resolvers = append(networkConfig.Resolvers, network.ResolverSpecSpec{
- DNSServers: []netip.Addr{dns},
+ resolverSpec := network.ResolverSpecSpec{
+ NameServers: []network.NameServerSpec{
+ {
+ Addr: dns,
+ Protocol: nethelpers.DNSProtocolDefault,
+ },
+ },
ConfigLayer: network.ConfigPlatform,
- })
+ }
+ resolverSpec.Convert()
+
+ networkConfig.Resolvers = append(networkConfig.Resolvers, resolverSpec)
}
}
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/aws/testdata/expected-v6.yaml b/internal/app/machined/pkg/runtime/v1alpha1/platform/aws/testdata/expected-v6.yaml
index 615b736c2..6f2c69b95 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/aws/testdata/expected-v6.yaml
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/aws/testdata/expected-v6.yaml
@@ -15,6 +15,10 @@ hostnames:
resolvers:
- dnsServers:
- fd00:ec2::253
+ nameServers:
+ - addr: fd00:ec2::253
+ protocol: Do53
+ tlsServerName: ""
layer: platform
timeServers:
- timeServers:
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/aws/testdata/expected-v6only.yaml b/internal/app/machined/pkg/runtime/v1alpha1/platform/aws/testdata/expected-v6only.yaml
index 26473ffba..8dd8aeb3f 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/aws/testdata/expected-v6only.yaml
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/aws/testdata/expected-v6only.yaml
@@ -15,6 +15,10 @@ hostnames:
resolvers:
- dnsServers:
- fd00:ec2::253
+ nameServers:
+ - addr: fd00:ec2::253
+ protocol: Do53
+ tlsServerName: ""
layer: platform
timeServers:
- timeServers:
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/container/container.go b/internal/app/machined/pkg/runtime/v1alpha1/platform/container/container.go
index b0ea54d87..f760d448f 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/container/container.go
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/container/container.go
@@ -72,7 +72,7 @@ func (c *Container) NetworkConfiguration(ctx context.Context, _ state.State, ch
return err
}
- if len(resolverSpec.DNSServers) > 0 {
+ if len(resolverSpec.NameServers) > 0 {
networkConfig.Resolvers = append(networkConfig.Resolvers, resolverSpec)
}
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/container/internal/files/resolv.go b/internal/app/machined/pkg/runtime/v1alpha1/platform/container/internal/files/resolv.go
index 01bfa1aac..ee204b064 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/container/internal/files/resolv.go
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/container/internal/files/resolv.go
@@ -9,6 +9,7 @@ import (
"net/netip"
"os"
+ "github.com/siderolabs/talos/pkg/machinery/nethelpers"
"github.com/siderolabs/talos/pkg/machinery/resources/network"
)
@@ -34,9 +35,14 @@ func ReadResolvConf(path string) (network.ResolverSpecSpec, error) {
line = bytes.TrimSpace(bytes.TrimPrefix(line, []byte("nameserver")))
if addr, err := netip.ParseAddr(string(line)); err == nil {
- resolverSpec.DNSServers = append(resolverSpec.DNSServers, addr)
+ resolverSpec.NameServers = append(resolverSpec.NameServers, network.NameServerSpec{
+ Addr: addr,
+ Protocol: nethelpers.DNSProtocolDefault,
+ })
}
}
+ resolverSpec.Convert()
+
return resolverSpec, nil
}
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/container/internal/files/resolv_test.go b/internal/app/machined/pkg/runtime/v1alpha1/platform/container/internal/files/resolv_test.go
index 7d7053d1d..cbc224ba4 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/container/internal/files/resolv_test.go
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/container/internal/files/resolv_test.go
@@ -11,6 +11,7 @@ import (
"github.com/stretchr/testify/require"
"github.com/siderolabs/talos/internal/app/machined/pkg/runtime/v1alpha1/platform/container/internal/files"
+ "github.com/siderolabs/talos/pkg/machinery/resources/network"
)
func TestReadResolvConf(t *testing.T) {
@@ -19,8 +20,8 @@ func TestReadResolvConf(t *testing.T) {
spec, err := files.ReadResolvConf("testdata/resolv.conf")
require.NoError(t, err)
- require.Equal(t, []netip.Addr{
- netip.MustParseAddr("127.0.0.53"),
- netip.MustParseAddr("::1"),
- }, spec.DNSServers)
+ require.Equal(t, []network.NameServerSpec{
+ {Addr: netip.MustParseAddr("127.0.0.53")},
+ {Addr: netip.MustParseAddr("::1")},
+ }, spec.NameServers)
}
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/digitalocean/digitalocean.go b/internal/app/machined/pkg/runtime/v1alpha1/platform/digitalocean/digitalocean.go
index 77d0ef89e..ac5082bca 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/digitalocean/digitalocean.go
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/digitalocean/digitalocean.go
@@ -13,6 +13,7 @@ import (
"strconv"
"github.com/cosi-project/runtime/pkg/state"
+ "github.com/siderolabs/gen/xslices"
"github.com/siderolabs/go-procfs/procfs"
"github.com/siderolabs/talos/internal/app/machined/pkg/runtime"
@@ -62,10 +63,18 @@ func (d *DigitalOcean) ParseMetadata(metadata *MetadataConfig) (*runtime.Platfor
}
}
- networkConfig.Resolvers = append(networkConfig.Resolvers, network.ResolverSpecSpec{
- DNSServers: dnsIPs,
+ resolverSpec := network.ResolverSpecSpec{
+ NameServers: xslices.Map(dnsIPs, func(addr netip.Addr) network.NameServerSpec {
+ return network.NameServerSpec{
+ Addr: addr,
+ Protocol: nethelpers.DNSProtocolDefault,
+ }
+ }),
ConfigLayer: network.ConfigPlatform,
- })
+ }
+ resolverSpec.Convert()
+
+ networkConfig.Resolvers = append(networkConfig.Resolvers, resolverSpec)
}
networkConfig.Links = append(networkConfig.Links, network.LinkSpecSpec{
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/digitalocean/testdata/expected.yaml b/internal/app/machined/pkg/runtime/v1alpha1/platform/digitalocean/testdata/expected.yaml
index d40e6cb45..d75a0f8a8 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/digitalocean/testdata/expected.yaml
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/digitalocean/testdata/expected.yaml
@@ -83,6 +83,13 @@ resolvers:
- dnsServers:
- 67.207.67.2
- 67.207.67.3
+ nameServers:
+ - addr: 67.207.67.2
+ protocol: Do53
+ tlsServerName: ""
+ - addr: 67.207.67.3
+ protocol: Do53
+ tlsServerName: ""
layer: platform
timeServers: []
operators: []
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/gcp/gcp.go b/internal/app/machined/pkg/runtime/v1alpha1/platform/gcp/gcp.go
index 6e556970f..1f3c115cb 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/gcp/gcp.go
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/gcp/gcp.go
@@ -56,10 +56,18 @@ func (g *GCP) ParseMetadata(metadata *MetadataConfig, interfaces []NetworkInterf
dns, _ := netip.ParseAddr(gcpResolverServer) //nolint:errcheck
- networkConfig.Resolvers = append(networkConfig.Resolvers, network.ResolverSpecSpec{
- DNSServers: []netip.Addr{dns},
+ resolverSpec := network.ResolverSpecSpec{
+ NameServers: []network.NameServerSpec{
+ {
+ Addr: dns,
+ Protocol: nethelpers.DNSProtocolDefault,
+ },
+ },
ConfigLayer: network.ConfigPlatform,
- })
+ }
+ resolverSpec.Convert()
+
+ networkConfig.Resolvers = append(networkConfig.Resolvers, resolverSpec)
networkConfig.TimeServers = append(networkConfig.TimeServers, network.TimeServerSpecSpec{
NTPServers: []string{gcpTimeServer},
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/gcp/testdata/expected.yaml b/internal/app/machined/pkg/runtime/v1alpha1/platform/gcp/testdata/expected.yaml
index 69e4a0d4f..57e71bd47 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/gcp/testdata/expected.yaml
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/gcp/testdata/expected.yaml
@@ -33,6 +33,10 @@ hostnames:
resolvers:
- dnsServers:
- 169.254.169.254
+ nameServers:
+ - addr: 169.254.169.254
+ protocol: Do53
+ tlsServerName: ""
layer: platform
timeServers:
- timeServers:
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/nocloud/metadata.go b/internal/app/machined/pkg/runtime/v1alpha1/platform/nocloud/metadata.go
index de49389ff..17254f37d 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/nocloud/metadata.go
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/nocloud/metadata.go
@@ -22,6 +22,7 @@ import (
"github.com/cosi-project/runtime/pkg/safe"
"github.com/cosi-project/runtime/pkg/state"
"github.com/siderolabs/gen/maps"
+ "github.com/siderolabs/gen/xslices"
yaml "go.yaml.in/yaml/v4"
networkadapter "github.com/siderolabs/talos/internal/app/machined/pkg/adapters/network"
@@ -427,10 +428,18 @@ func (n *Nocloud) applyNetworkConfigV1(ctx context.Context, config *NetworkConfi
}
}
- networkConfig.Resolvers = append(networkConfig.Resolvers, network.ResolverSpecSpec{
- DNSServers: dnsIPs,
+ resolverSpec := network.ResolverSpecSpec{
+ NameServers: xslices.Map(dnsIPs, func(addr netip.Addr) network.NameServerSpec {
+ return network.NameServerSpec{
+ Addr: addr,
+ Protocol: nethelpers.DNSProtocolDefault,
+ }
+ }),
ConfigLayer: network.ConfigPlatform,
- })
+ }
+ resolverSpec.Convert()
+
+ networkConfig.Resolvers = append(networkConfig.Resolvers, resolverSpec)
case "bond":
name := ntwrk.Interfaces
@@ -917,10 +926,18 @@ func (n *Nocloud) applyNetworkConfigV2(ctx context.Context, config *NetworkConfi
}
if len(dnsIPs) > 0 {
- networkConfig.Resolvers = append(networkConfig.Resolvers, network.ResolverSpecSpec{
- DNSServers: dnsIPs,
+ resolverSpec := network.ResolverSpecSpec{
+ NameServers: xslices.Map(dnsIPs, func(addr netip.Addr) network.NameServerSpec {
+ return network.NameServerSpec{
+ Addr: addr,
+ Protocol: nethelpers.DNSProtocolDefault,
+ }
+ }),
ConfigLayer: network.ConfigPlatform,
- })
+ }
+ resolverSpec.Convert()
+
+ networkConfig.Resolvers = append(networkConfig.Resolvers, resolverSpec)
}
return needsReconcile, nil
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/nocloud/testdata/expected-v1-pnap.yaml b/internal/app/machined/pkg/runtime/v1alpha1/platform/nocloud/testdata/expected-v1-pnap.yaml
index eee6c6c83..b106ba80e 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/nocloud/testdata/expected-v1-pnap.yaml
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/nocloud/testdata/expected-v1-pnap.yaml
@@ -96,6 +96,13 @@ resolvers:
- dnsServers:
- 8.8.8.8
- 8.8.4.4
+ nameServers:
+ - addr: 8.8.8.8
+ protocol: Do53
+ tlsServerName: ""
+ - addr: 8.8.4.4
+ protocol: Do53
+ tlsServerName: ""
layer: platform
timeServers: []
operators: []
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/nocloud/testdata/expected-v1.yaml b/internal/app/machined/pkg/runtime/v1alpha1/platform/nocloud/testdata/expected-v1.yaml
index d1e0c752f..c04cac25b 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/nocloud/testdata/expected-v1.yaml
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/nocloud/testdata/expected-v1.yaml
@@ -94,6 +94,10 @@ hostnames:
resolvers:
- dnsServers:
- 192.168.1.1
+ nameServers:
+ - addr: 192.168.1.1
+ protocol: Do53
+ tlsServerName: ""
layer: platform
timeServers: []
operators: []
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/nocloud/testdata/expected-v2-nocloud-ipv6-on-link.yaml b/internal/app/machined/pkg/runtime/v1alpha1/platform/nocloud/testdata/expected-v2-nocloud-ipv6-on-link.yaml
index 14c3643ea..f2906946b 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/nocloud/testdata/expected-v2-nocloud-ipv6-on-link.yaml
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/nocloud/testdata/expected-v2-nocloud-ipv6-on-link.yaml
@@ -76,6 +76,13 @@ resolvers:
- dnsServers:
- 1.1.1.1
- 2606:4700:4700::1111
+ nameServers:
+ - addr: 1.1.1.1
+ protocol: Do53
+ tlsServerName: ""
+ - addr: 2606:4700:4700::1111
+ protocol: Do53
+ tlsServerName: ""
layer: platform
timeServers: []
operators: []
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/nocloud/testdata/expected-v2.yaml b/internal/app/machined/pkg/runtime/v1alpha1/platform/nocloud/testdata/expected-v2.yaml
index b97464a81..b7de05f00 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/nocloud/testdata/expected-v2.yaml
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/nocloud/testdata/expected-v2.yaml
@@ -192,6 +192,16 @@ resolvers:
- 8.8.8.8
- 1.1.1.1
- 2.2.2.2
+ nameServers:
+ - addr: 8.8.8.8
+ protocol: Do53
+ tlsServerName: ""
+ - addr: 1.1.1.1
+ protocol: Do53
+ tlsServerName: ""
+ - addr: 2.2.2.2
+ protocol: Do53
+ tlsServerName: ""
layer: platform
timeServers: []
operators:
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/dns_test.go b/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/dns_test.go
index ffd73592e..a022ecda7 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/dns_test.go
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/dns_test.go
@@ -103,7 +103,7 @@ NAME = "test"
var dnsStrs []string
- for _, ip := range resolver.DNSServers {
+ for _, ip := range resolver.DNSServers { //nolint:staticcheck
dnsStrs = append(dnsStrs, ip.String())
}
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/opennebula.go b/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/opennebula.go
index 8d525ff2c..b451fa711 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/opennebula.go
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/opennebula.go
@@ -17,6 +17,7 @@ import (
"github.com/cosi-project/runtime/pkg/state"
"github.com/hashicorp/go-envparse"
+ "github.com/siderolabs/gen/xslices"
"github.com/siderolabs/go-procfs/procfs"
"github.com/siderolabs/talos/internal/app/machined/pkg/runtime"
@@ -827,11 +828,19 @@ func (o *OpenNebula) ParseMetadata(st state.State, oneContextPlain []byte) (*run
}
if len(allDNSIPs)+len(allSearchDomains) > 0 {
- networkConfig.Resolvers = append(networkConfig.Resolvers, network.ResolverSpecSpec{
- DNSServers: allDNSIPs,
+ resolverSpec := network.ResolverSpecSpec{
+ NameServers: xslices.Map(allDNSIPs, func(addr netip.Addr) network.NameServerSpec {
+ return network.NameServerSpec{
+ Addr: addr,
+ Protocol: nethelpers.DNSProtocolDefault,
+ }
+ }),
SearchDomains: allSearchDomains,
ConfigLayer: network.ConfigPlatform,
- })
+ }
+ resolverSpec.Convert()
+
+ networkConfig.Resolvers = append(networkConfig.Resolvers, resolverSpec)
}
hostnameSpec := network.HostnameSpecSpec{
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/testdata/expected.yaml b/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/testdata/expected.yaml
index 6cb4168fe..4f0992095 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/testdata/expected.yaml
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/testdata/expected.yaml
@@ -66,6 +66,19 @@ resolvers:
- 192.168.1.1
- 8.8.8.8
- 1.1.1.1
+ nameServers:
+ - addr: 9.9.9.9
+ protocol: Do53
+ tlsServerName: ""
+ - addr: 192.168.1.1
+ protocol: Do53
+ tlsServerName: ""
+ - addr: 8.8.8.8
+ protocol: Do53
+ tlsServerName: ""
+ - addr: 1.1.1.1
+ protocol: Do53
+ tlsServerName: ""
layer: platform
searchDomains:
- global.example.com
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/testdata/expected_no_network_flag.yaml b/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/testdata/expected_no_network_flag.yaml
index 6cb4168fe..4f0992095 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/testdata/expected_no_network_flag.yaml
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/testdata/expected_no_network_flag.yaml
@@ -66,6 +66,19 @@ resolvers:
- 192.168.1.1
- 8.8.8.8
- 1.1.1.1
+ nameServers:
+ - addr: 9.9.9.9
+ protocol: Do53
+ tlsServerName: ""
+ - addr: 192.168.1.1
+ protocol: Do53
+ tlsServerName: ""
+ - addr: 8.8.8.8
+ protocol: Do53
+ tlsServerName: ""
+ - addr: 1.1.1.1
+ protocol: Do53
+ tlsServerName: ""
layer: platform
searchDomains:
- global.example.com
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/openstack/openstack.go b/internal/app/machined/pkg/runtime/v1alpha1/platform/openstack/openstack.go
index f207f8bc2..24a692655 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/openstack/openstack.go
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/openstack/openstack.go
@@ -20,6 +20,7 @@ import (
"github.com/cenkalti/backoff/v4"
"github.com/cosi-project/runtime/pkg/safe"
"github.com/cosi-project/runtime/pkg/state"
+ "github.com/siderolabs/gen/xslices"
"github.com/siderolabs/go-procfs/procfs"
networkadapter "github.com/siderolabs/talos/internal/app/machined/pkg/adapters/network"
@@ -82,10 +83,18 @@ func (o *OpenStack) ParseMetadata(
}
if len(dnsIPs) > 0 {
- networkConfig.Resolvers = append(networkConfig.Resolvers, network.ResolverSpecSpec{
- DNSServers: dnsIPs,
+ resolverSpec := network.ResolverSpecSpec{
+ NameServers: xslices.Map(dnsIPs, func(addr netip.Addr) network.NameServerSpec {
+ return network.NameServerSpec{
+ Addr: addr,
+ Protocol: nethelpers.DNSProtocolDefault,
+ }
+ }),
ConfigLayer: network.ConfigPlatform,
- })
+ }
+ resolverSpec.Convert()
+
+ networkConfig.Resolvers = append(networkConfig.Resolvers, resolverSpec)
}
hostInterfaces, err := safe.StateListAll[*network.LinkStatus](ctx, st)
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/openstack/testdata/expected.yaml b/internal/app/machined/pkg/runtime/v1alpha1/platform/openstack/testdata/expected.yaml
index 64441491d..d7aab1e5d 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/openstack/testdata/expected.yaml
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/openstack/testdata/expected.yaml
@@ -187,6 +187,13 @@ resolvers:
- dnsServers:
- 8.8.8.8
- 1.1.1.1
+ nameServers:
+ - addr: 8.8.8.8
+ protocol: Do53
+ tlsServerName: ""
+ - addr: 1.1.1.1
+ protocol: Do53
+ tlsServerName: ""
layer: platform
timeServers: []
operators:
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/oracle/oracle.go b/internal/app/machined/pkg/runtime/v1alpha1/platform/oracle/oracle.go
index 571772b09..243633a7f 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/oracle/oracle.go
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/oracle/oracle.go
@@ -101,10 +101,18 @@ func (o *Oracle) ParseMetadata(interfaceAddresses []NetworkConfig, metadata *Met
dns, _ := netip.ParseAddr(oracleResolverServer) //nolint:errcheck
- networkConfig.Resolvers = append(networkConfig.Resolvers, network.ResolverSpecSpec{
- DNSServers: []netip.Addr{dns},
+ resolverSpec := network.ResolverSpecSpec{
+ NameServers: []network.NameServerSpec{
+ {
+ Addr: dns,
+ Protocol: nethelpers.DNSProtocolDefault,
+ },
+ },
ConfigLayer: network.ConfigPlatform,
- })
+ }
+ resolverSpec.Convert()
+
+ networkConfig.Resolvers = append(networkConfig.Resolvers, resolverSpec)
networkConfig.TimeServers = append(networkConfig.TimeServers, network.TimeServerSpecSpec{
NTPServers: []string{oracleTimeServer},
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/oracle/testdata/expected.yaml b/internal/app/machined/pkg/runtime/v1alpha1/platform/oracle/testdata/expected.yaml
index f68ebae6d..2e15ac72d 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/oracle/testdata/expected.yaml
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/oracle/testdata/expected.yaml
@@ -20,6 +20,10 @@ hostnames:
resolvers:
- dnsServers:
- 169.254.169.254
+ nameServers:
+ - addr: 169.254.169.254
+ protocol: Do53
+ tlsServerName: ""
layer: platform
timeServers:
- timeServers:
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/upcloud/testdata/expected.yaml b/internal/app/machined/pkg/runtime/v1alpha1/platform/upcloud/testdata/expected.yaml
index 6a962b9a3..c54add784 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/upcloud/testdata/expected.yaml
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/upcloud/testdata/expected.yaml
@@ -56,6 +56,19 @@ resolvers:
- 94.237.40.9
- 2a04:3540:53::1
- 2a04:3544:53::1
+ nameServers:
+ - addr: 94.237.127.9
+ protocol: Do53
+ tlsServerName: ""
+ - addr: 94.237.40.9
+ protocol: Do53
+ tlsServerName: ""
+ - addr: 2a04:3540:53::1
+ protocol: Do53
+ tlsServerName: ""
+ - addr: 2a04:3544:53::1
+ protocol: Do53
+ tlsServerName: ""
layer: platform
timeServers: []
operators:
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/upcloud/upcloud.go b/internal/app/machined/pkg/runtime/v1alpha1/platform/upcloud/upcloud.go
index ec2e3bc6a..68f24fc31 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/upcloud/upcloud.go
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/upcloud/upcloud.go
@@ -12,6 +12,7 @@ import (
"net/netip"
"github.com/cosi-project/runtime/pkg/state"
+ "github.com/siderolabs/gen/xslices"
"github.com/siderolabs/go-procfs/procfs"
"github.com/siderolabs/talos/internal/app/machined/pkg/runtime"
@@ -155,10 +156,18 @@ func (u *UpCloud) ParseMetadata(metadata *MetadataConfig) (*runtime.PlatformNetw
}
if len(dnsIPs) > 0 {
- networkConfig.Resolvers = append(networkConfig.Resolvers, network.ResolverSpecSpec{
- DNSServers: dnsIPs,
+ resolverSpec := network.ResolverSpecSpec{
+ NameServers: xslices.Map(dnsIPs, func(addr netip.Addr) network.NameServerSpec {
+ return network.NameServerSpec{
+ Addr: addr,
+ Protocol: nethelpers.DNSProtocolDefault,
+ }
+ }),
ConfigLayer: network.ConfigPlatform,
- })
+ }
+ resolverSpec.Convert()
+
+ networkConfig.Resolvers = append(networkConfig.Resolvers, resolverSpec)
}
for _, ipStr := range publicIPs {
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/vmware/metadata.go b/internal/app/machined/pkg/runtime/v1alpha1/platform/vmware/metadata.go
index 4646329bf..ef5d1c07e 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/platform/vmware/metadata.go
+++ b/internal/app/machined/pkg/runtime/v1alpha1/platform/vmware/metadata.go
@@ -14,6 +14,7 @@ import (
"github.com/cosi-project/runtime/pkg/safe"
"github.com/cosi-project/runtime/pkg/state"
+ "github.com/siderolabs/gen/xslices"
"github.com/siderolabs/talos/internal/app/machined/pkg/runtime"
"github.com/siderolabs/talos/pkg/machinery/nethelpers"
@@ -256,10 +257,18 @@ func (v *VMware) ApplyNetworkConfigV2(ctx context.Context, st state.State, confi
}
if len(dnsIPs) > 0 {
- networkConfig.Resolvers = append(networkConfig.Resolvers, network.ResolverSpecSpec{
- DNSServers: dnsIPs,
+ resolverSpec := network.ResolverSpecSpec{
+ NameServers: xslices.Map(dnsIPs, func(addr netip.Addr) network.NameServerSpec {
+ return network.NameServerSpec{
+ Addr: addr,
+ Protocol: nethelpers.DNSProtocolDefault,
+ }
+ }),
ConfigLayer: network.ConfigPlatform,
- })
+ }
+ resolverSpec.Convert()
+
+ networkConfig.Resolvers = append(networkConfig.Resolvers, resolverSpec)
}
return nil
diff --git a/internal/pkg/dashboard/components/networkinfo.go b/internal/pkg/dashboard/components/networkinfo.go
index d28b7a6cc..066470953 100644
--- a/internal/pkg/dashboard/components/networkinfo.go
+++ b/internal/pkg/dashboard/components/networkinfo.go
@@ -243,7 +243,7 @@ func (widget *NetworkInfo) gateway(statuses []*network.RouteStatus) string {
}
func (widget *NetworkInfo) resolvers(status *network.ResolverStatus) string {
- strs := xslices.Map(status.TypedSpec().DNSServers, netip.Addr.String)
+ strs := xslices.Map(status.TypedSpec().DNSServers, netip.Addr.String) //nolint:staticcheck // backward compatibility
if len(strs) == 0 {
return none
diff --git a/internal/pkg/dashboard/formdata.go b/internal/pkg/dashboard/formdata.go
index 8b79a7592..f52551549 100644
--- a/internal/pkg/dashboard/formdata.go
+++ b/internal/pkg/dashboard/formdata.go
@@ -12,6 +12,7 @@ import (
"unicode"
"github.com/hashicorp/go-multierror"
+ "github.com/siderolabs/gen/xslices"
"github.com/siderolabs/talos/internal/app/machined/pkg/runtime"
"github.com/siderolabs/talos/pkg/machinery/nethelpers"
@@ -74,10 +75,13 @@ func (formData *NetworkConfigFormData) ToPlatformNetworkConfig() (*runtime.Platf
if len(dnsServers) > 0 {
config.Resolvers = []network.ResolverSpecSpec{
{
- DNSServers: dnsServers,
+ NameServers: xslices.Map(dnsServers, func(addr netip.Addr) network.NameServerSpec {
+ return network.NameServerSpec{Addr: addr}
+ }),
ConfigLayer: network.ConfigPlatform,
},
}
+ config.Resolvers[0].Convert() // handle conversion for backward compatibility
}
timeServers := formData.splitInputList(formData.TimeServers)
diff --git a/internal/pkg/dashboard/formdata_test.go b/internal/pkg/dashboard/formdata_test.go
index c898e386b..c83b7e286 100644
--- a/internal/pkg/dashboard/formdata_test.go
+++ b/internal/pkg/dashboard/formdata_test.go
@@ -118,6 +118,10 @@ func TestFilledFormNoIface(t *testing.T) {
ConfigLayer: network.ConfigPlatform,
}},
Resolvers: []network.ResolverSpecSpec{{
+ NameServers: []network.NameServerSpec{
+ {Addr: netip.MustParseAddr("1.2.3.4")},
+ {Addr: netip.MustParseAddr("5.6.7.8")},
+ },
DNSServers: []netip.Addr{
netip.MustParseAddr("1.2.3.4"),
netip.MustParseAddr("5.6.7.8"),
diff --git a/pkg/machinery/api/resource/definitions/enums/enums.pb.go b/pkg/machinery/api/resource/definitions/enums/enums.pb.go
index 0a9581cec..652bf7baf 100644
--- a/pkg/machinery/api/resource/definitions/enums/enums.pb.go
+++ b/pkg/machinery/api/resource/definitions/enums/enums.pb.go
@@ -857,6 +857,53 @@ func (NethelpersConntrackState) EnumDescriptor() ([]byte, []int) {
return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{14}
}
+// NethelpersDNSProtocol is a kind of DNS protocol.
+type NethelpersDNSProtocol int32
+
+const (
+ NethelpersDNSProtocol_DNS_PROTOCOL_DEFAULT NethelpersDNSProtocol = 0
+ NethelpersDNSProtocol_DNS_PROTOCOL_DNS_OVER_TLS NethelpersDNSProtocol = 1
+)
+
+// Enum value maps for NethelpersDNSProtocol.
+var (
+ NethelpersDNSProtocol_name = map[int32]string{
+ 0: "DNS_PROTOCOL_DEFAULT",
+ 1: "DNS_PROTOCOL_DNS_OVER_TLS",
+ }
+ NethelpersDNSProtocol_value = map[string]int32{
+ "DNS_PROTOCOL_DEFAULT": 0,
+ "DNS_PROTOCOL_DNS_OVER_TLS": 1,
+ }
+)
+
+func (x NethelpersDNSProtocol) Enum() *NethelpersDNSProtocol {
+ p := new(NethelpersDNSProtocol)
+ *p = x
+ return p
+}
+
+func (x NethelpersDNSProtocol) String() string {
+ return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (NethelpersDNSProtocol) Descriptor() protoreflect.EnumDescriptor {
+ return file_resource_definitions_enums_enums_proto_enumTypes[15].Descriptor()
+}
+
+func (NethelpersDNSProtocol) Type() protoreflect.EnumType {
+ return &file_resource_definitions_enums_enums_proto_enumTypes[15]
+}
+
+func (x NethelpersDNSProtocol) Number() protoreflect.EnumNumber {
+ return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use NethelpersDNSProtocol.Descriptor instead.
+func (NethelpersDNSProtocol) EnumDescriptor() ([]byte, []int) {
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{15}
+}
+
// NethelpersDuplex wraps ethtool.Duplex for YAML marshaling.
type NethelpersDuplex int32
@@ -891,11 +938,11 @@ func (x NethelpersDuplex) String() string {
}
func (NethelpersDuplex) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[15].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[16].Descriptor()
}
func (NethelpersDuplex) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[15]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[16]
}
func (x NethelpersDuplex) Number() protoreflect.EnumNumber {
@@ -904,7 +951,7 @@ func (x NethelpersDuplex) Number() protoreflect.EnumNumber {
// Deprecated: Use NethelpersDuplex.Descriptor instead.
func (NethelpersDuplex) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{15}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{16}
}
// NethelpersFailOverMAC is a MAC failover mode.
@@ -941,11 +988,11 @@ func (x NethelpersFailOverMAC) String() string {
}
func (NethelpersFailOverMAC) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[16].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[17].Descriptor()
}
func (NethelpersFailOverMAC) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[16]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[17]
}
func (x NethelpersFailOverMAC) Number() protoreflect.EnumNumber {
@@ -954,7 +1001,7 @@ func (x NethelpersFailOverMAC) Number() protoreflect.EnumNumber {
// Deprecated: Use NethelpersFailOverMAC.Descriptor instead.
func (NethelpersFailOverMAC) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{16}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{17}
}
// NethelpersFamily is a network family.
@@ -991,11 +1038,11 @@ func (x NethelpersFamily) String() string {
}
func (NethelpersFamily) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[17].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[18].Descriptor()
}
func (NethelpersFamily) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[17]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[18]
}
func (x NethelpersFamily) Number() protoreflect.EnumNumber {
@@ -1004,7 +1051,7 @@ func (x NethelpersFamily) Number() protoreflect.EnumNumber {
// Deprecated: Use NethelpersFamily.Descriptor instead.
func (NethelpersFamily) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{17}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{18}
}
// NethelpersICMPType is a ICMP packet type.
@@ -1047,11 +1094,11 @@ func (x NethelpersICMPType) String() string {
}
func (NethelpersICMPType) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[18].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[19].Descriptor()
}
func (NethelpersICMPType) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[18]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[19]
}
func (x NethelpersICMPType) Number() protoreflect.EnumNumber {
@@ -1060,7 +1107,7 @@ func (x NethelpersICMPType) Number() protoreflect.EnumNumber {
// Deprecated: Use NethelpersICMPType.Descriptor instead.
func (NethelpersICMPType) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{18}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{19}
}
// NethelpersLACPRate is a LACP rate.
@@ -1094,11 +1141,11 @@ func (x NethelpersLACPRate) String() string {
}
func (NethelpersLACPRate) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[19].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[20].Descriptor()
}
func (NethelpersLACPRate) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[19]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[20]
}
func (x NethelpersLACPRate) Number() protoreflect.EnumNumber {
@@ -1107,7 +1154,7 @@ func (x NethelpersLACPRate) Number() protoreflect.EnumNumber {
// Deprecated: Use NethelpersLACPRate.Descriptor instead.
func (NethelpersLACPRate) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{19}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{20}
}
// NethelpersLinkType is a link type.
@@ -1366,11 +1413,11 @@ func (x NethelpersLinkType) String() string {
}
func (NethelpersLinkType) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[20].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[21].Descriptor()
}
func (NethelpersLinkType) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[20]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[21]
}
func (x NethelpersLinkType) Number() protoreflect.EnumNumber {
@@ -1379,7 +1426,7 @@ func (x NethelpersLinkType) Number() protoreflect.EnumNumber {
// Deprecated: Use NethelpersLinkType.Descriptor instead.
func (NethelpersLinkType) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{20}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{21}
}
// NethelpersMatchOperator is a netfilter match operator.
@@ -1413,11 +1460,11 @@ func (x NethelpersMatchOperator) String() string {
}
func (NethelpersMatchOperator) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[21].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[22].Descriptor()
}
func (NethelpersMatchOperator) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[21]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[22]
}
func (x NethelpersMatchOperator) Number() protoreflect.EnumNumber {
@@ -1426,7 +1473,7 @@ func (x NethelpersMatchOperator) Number() protoreflect.EnumNumber {
// Deprecated: Use NethelpersMatchOperator.Descriptor instead.
func (NethelpersMatchOperator) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{21}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{22}
}
// NethelpersNfTablesChainHook wraps nftables.ChainHook for YAML marshaling.
@@ -1469,11 +1516,11 @@ func (x NethelpersNfTablesChainHook) String() string {
}
func (NethelpersNfTablesChainHook) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[22].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[23].Descriptor()
}
func (NethelpersNfTablesChainHook) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[22]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[23]
}
func (x NethelpersNfTablesChainHook) Number() protoreflect.EnumNumber {
@@ -1482,7 +1529,7 @@ func (x NethelpersNfTablesChainHook) Number() protoreflect.EnumNumber {
// Deprecated: Use NethelpersNfTablesChainHook.Descriptor instead.
func (NethelpersNfTablesChainHook) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{22}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{23}
}
// NethelpersNfTablesChainPriority wraps nftables.ChainPriority for YAML marshaling.
@@ -1552,11 +1599,11 @@ func (x NethelpersNfTablesChainPriority) String() string {
}
func (NethelpersNfTablesChainPriority) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[23].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[24].Descriptor()
}
func (NethelpersNfTablesChainPriority) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[23]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[24]
}
func (x NethelpersNfTablesChainPriority) Number() protoreflect.EnumNumber {
@@ -1565,7 +1612,7 @@ func (x NethelpersNfTablesChainPriority) Number() protoreflect.EnumNumber {
// Deprecated: Use NethelpersNfTablesChainPriority.Descriptor instead.
func (NethelpersNfTablesChainPriority) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{23}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{24}
}
// NethelpersNfTablesVerdict wraps nftables.Verdict for YAML marshaling.
@@ -1599,11 +1646,11 @@ func (x NethelpersNfTablesVerdict) String() string {
}
func (NethelpersNfTablesVerdict) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[24].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[25].Descriptor()
}
func (NethelpersNfTablesVerdict) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[24]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[25]
}
func (x NethelpersNfTablesVerdict) Number() protoreflect.EnumNumber {
@@ -1612,7 +1659,7 @@ func (x NethelpersNfTablesVerdict) Number() protoreflect.EnumNumber {
// Deprecated: Use NethelpersNfTablesVerdict.Descriptor instead.
func (NethelpersNfTablesVerdict) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{24}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{25}
}
// NethelpersOperationalState wraps rtnetlink.OperationalState for YAML marshaling.
@@ -1661,11 +1708,11 @@ func (x NethelpersOperationalState) String() string {
}
func (NethelpersOperationalState) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[25].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[26].Descriptor()
}
func (NethelpersOperationalState) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[25]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[26]
}
func (x NethelpersOperationalState) Number() protoreflect.EnumNumber {
@@ -1674,7 +1721,7 @@ func (x NethelpersOperationalState) Number() protoreflect.EnumNumber {
// Deprecated: Use NethelpersOperationalState.Descriptor instead.
func (NethelpersOperationalState) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{25}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{26}
}
// NethelpersPort wraps ethtool.Port for YAML marshaling.
@@ -1726,11 +1773,11 @@ func (x NethelpersPort) String() string {
}
func (NethelpersPort) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[26].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[27].Descriptor()
}
func (NethelpersPort) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[26]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[27]
}
func (x NethelpersPort) Number() protoreflect.EnumNumber {
@@ -1739,7 +1786,7 @@ func (x NethelpersPort) Number() protoreflect.EnumNumber {
// Deprecated: Use NethelpersPort.Descriptor instead.
func (NethelpersPort) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{26}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{27}
}
// NethelpersPrimaryReselect is an ARP targets mode.
@@ -1776,11 +1823,11 @@ func (x NethelpersPrimaryReselect) String() string {
}
func (NethelpersPrimaryReselect) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[27].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[28].Descriptor()
}
func (NethelpersPrimaryReselect) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[27]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[28]
}
func (x NethelpersPrimaryReselect) Number() protoreflect.EnumNumber {
@@ -1789,7 +1836,7 @@ func (x NethelpersPrimaryReselect) Number() protoreflect.EnumNumber {
// Deprecated: Use NethelpersPrimaryReselect.Descriptor instead.
func (NethelpersPrimaryReselect) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{27}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{28}
}
// NethelpersProtocol is a inet protocol.
@@ -1832,11 +1879,11 @@ func (x NethelpersProtocol) String() string {
}
func (NethelpersProtocol) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[28].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[29].Descriptor()
}
func (NethelpersProtocol) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[28]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[29]
}
func (x NethelpersProtocol) Number() protoreflect.EnumNumber {
@@ -1845,7 +1892,7 @@ func (x NethelpersProtocol) Number() protoreflect.EnumNumber {
// Deprecated: Use NethelpersProtocol.Descriptor instead.
func (NethelpersProtocol) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{28}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{29}
}
// NethelpersRouteFlag wraps RTM_F_* constants.
@@ -1900,11 +1947,11 @@ func (x NethelpersRouteFlag) String() string {
}
func (NethelpersRouteFlag) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[29].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[30].Descriptor()
}
func (NethelpersRouteFlag) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[29]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[30]
}
func (x NethelpersRouteFlag) Number() protoreflect.EnumNumber {
@@ -1913,7 +1960,7 @@ func (x NethelpersRouteFlag) Number() protoreflect.EnumNumber {
// Deprecated: Use NethelpersRouteFlag.Descriptor instead.
func (NethelpersRouteFlag) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{29}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{30}
}
// NethelpersRouteProtocol is a routing protocol.
@@ -2007,11 +2054,11 @@ func (x NethelpersRouteProtocol) String() string {
}
func (NethelpersRouteProtocol) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[30].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[31].Descriptor()
}
func (NethelpersRouteProtocol) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[30]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[31]
}
func (x NethelpersRouteProtocol) Number() protoreflect.EnumNumber {
@@ -2020,7 +2067,7 @@ func (x NethelpersRouteProtocol) Number() protoreflect.EnumNumber {
// Deprecated: Use NethelpersRouteProtocol.Descriptor instead.
func (NethelpersRouteProtocol) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{30}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{31}
}
// NethelpersRouteType is a route type.
@@ -2084,11 +2131,11 @@ func (x NethelpersRouteType) String() string {
}
func (NethelpersRouteType) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[31].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[32].Descriptor()
}
func (NethelpersRouteType) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[31]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[32]
}
func (x NethelpersRouteType) Number() protoreflect.EnumNumber {
@@ -2097,7 +2144,7 @@ func (x NethelpersRouteType) Number() protoreflect.EnumNumber {
// Deprecated: Use NethelpersRouteType.Descriptor instead.
func (NethelpersRouteType) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{31}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{32}
}
// NethelpersRoutingRuleAction is a routing rule action.
@@ -2140,11 +2187,11 @@ func (x NethelpersRoutingRuleAction) String() string {
}
func (NethelpersRoutingRuleAction) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[32].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[33].Descriptor()
}
func (NethelpersRoutingRuleAction) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[32]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[33]
}
func (x NethelpersRoutingRuleAction) Number() protoreflect.EnumNumber {
@@ -2153,7 +2200,7 @@ func (x NethelpersRoutingRuleAction) Number() protoreflect.EnumNumber {
// Deprecated: Use NethelpersRoutingRuleAction.Descriptor instead.
func (NethelpersRoutingRuleAction) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{32}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{33}
}
// NethelpersRoutingTable is a routing table ID.
@@ -2949,11 +2996,11 @@ func (x NethelpersRoutingTable) String() string {
}
func (NethelpersRoutingTable) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[33].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[34].Descriptor()
}
func (NethelpersRoutingTable) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[33]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[34]
}
func (x NethelpersRoutingTable) Number() protoreflect.EnumNumber {
@@ -2962,7 +3009,7 @@ func (x NethelpersRoutingTable) Number() protoreflect.EnumNumber {
// Deprecated: Use NethelpersRoutingTable.Descriptor instead.
func (NethelpersRoutingTable) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{33}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{34}
}
// NethelpersScope is an address scope.
@@ -3005,11 +3052,11 @@ func (x NethelpersScope) String() string {
}
func (NethelpersScope) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[34].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[35].Descriptor()
}
func (NethelpersScope) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[34]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[35]
}
func (x NethelpersScope) Number() protoreflect.EnumNumber {
@@ -3018,7 +3065,7 @@ func (x NethelpersScope) Number() protoreflect.EnumNumber {
// Deprecated: Use NethelpersScope.Descriptor instead.
func (NethelpersScope) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{34}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{35}
}
// NethelpersVLANProtocol is a VLAN protocol.
@@ -3055,11 +3102,11 @@ func (x NethelpersVLANProtocol) String() string {
}
func (NethelpersVLANProtocol) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[35].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[36].Descriptor()
}
func (NethelpersVLANProtocol) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[35]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[36]
}
func (x NethelpersVLANProtocol) Number() protoreflect.EnumNumber {
@@ -3068,7 +3115,7 @@ func (x NethelpersVLANProtocol) Number() protoreflect.EnumNumber {
// Deprecated: Use NethelpersVLANProtocol.Descriptor instead.
func (NethelpersVLANProtocol) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{35}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{36}
}
// NethelpersWOLMode wraps ethtool.WOLMode for YAML marshaling.
@@ -3120,11 +3167,11 @@ func (x NethelpersWOLMode) String() string {
}
func (NethelpersWOLMode) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[36].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[37].Descriptor()
}
func (NethelpersWOLMode) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[36]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[37]
}
func (x NethelpersWOLMode) Number() protoreflect.EnumNumber {
@@ -3133,7 +3180,7 @@ func (x NethelpersWOLMode) Number() protoreflect.EnumNumber {
// Deprecated: Use NethelpersWOLMode.Descriptor instead.
func (NethelpersWOLMode) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{36}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{37}
}
// BlockEncryptionKeyType describes encryption key type.
@@ -3173,11 +3220,11 @@ func (x BlockEncryptionKeyType) String() string {
}
func (BlockEncryptionKeyType) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[37].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[38].Descriptor()
}
func (BlockEncryptionKeyType) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[37]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[38]
}
func (x BlockEncryptionKeyType) Number() protoreflect.EnumNumber {
@@ -3186,7 +3233,7 @@ func (x BlockEncryptionKeyType) Number() protoreflect.EnumNumber {
// Deprecated: Use BlockEncryptionKeyType.Descriptor instead.
func (BlockEncryptionKeyType) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{37}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{38}
}
// BlockEncryptionProviderType describes encryption provider type.
@@ -3220,11 +3267,11 @@ func (x BlockEncryptionProviderType) String() string {
}
func (BlockEncryptionProviderType) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[38].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[39].Descriptor()
}
func (BlockEncryptionProviderType) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[38]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[39]
}
func (x BlockEncryptionProviderType) Number() protoreflect.EnumNumber {
@@ -3233,7 +3280,7 @@ func (x BlockEncryptionProviderType) Number() protoreflect.EnumNumber {
// Deprecated: Use BlockEncryptionProviderType.Descriptor instead.
func (BlockEncryptionProviderType) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{38}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{39}
}
// BlockFilesystemType describes filesystem type.
@@ -3282,11 +3329,11 @@ func (x BlockFilesystemType) String() string {
}
func (BlockFilesystemType) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[39].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[40].Descriptor()
}
func (BlockFilesystemType) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[39]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[40]
}
func (x BlockFilesystemType) Number() protoreflect.EnumNumber {
@@ -3295,7 +3342,7 @@ func (x BlockFilesystemType) Number() protoreflect.EnumNumber {
// Deprecated: Use BlockFilesystemType.Descriptor instead.
func (BlockFilesystemType) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{39}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{40}
}
// BlockFSParameterType describes Filesystem Parameter type.
@@ -3332,11 +3379,11 @@ func (x BlockFSParameterType) String() string {
}
func (BlockFSParameterType) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[40].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[41].Descriptor()
}
func (BlockFSParameterType) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[40]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[41]
}
func (x BlockFSParameterType) Number() protoreflect.EnumNumber {
@@ -3345,7 +3392,7 @@ func (x BlockFSParameterType) Number() protoreflect.EnumNumber {
// Deprecated: Use BlockFSParameterType.Descriptor instead.
func (BlockFSParameterType) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{40}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{41}
}
// BlockVolumePhase describes volume phase.
@@ -3397,11 +3444,11 @@ func (x BlockVolumePhase) String() string {
}
func (BlockVolumePhase) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[41].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[42].Descriptor()
}
func (BlockVolumePhase) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[41]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[42]
}
func (x BlockVolumePhase) Number() protoreflect.EnumNumber {
@@ -3410,7 +3457,7 @@ func (x BlockVolumePhase) Number() protoreflect.EnumNumber {
// Deprecated: Use BlockVolumePhase.Descriptor instead.
func (BlockVolumePhase) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{41}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{42}
}
// BlockVolumeType describes volume type.
@@ -3459,11 +3506,11 @@ func (x BlockVolumeType) String() string {
}
func (BlockVolumeType) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[42].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[43].Descriptor()
}
func (BlockVolumeType) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[42]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[43]
}
func (x BlockVolumeType) Number() protoreflect.EnumNumber {
@@ -3472,7 +3519,7 @@ func (x BlockVolumeType) Number() protoreflect.EnumNumber {
// Deprecated: Use BlockVolumeType.Descriptor instead.
func (BlockVolumeType) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{42}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{43}
}
// CriImageCacheStatus describes image cache status type.
@@ -3512,11 +3559,11 @@ func (x CriImageCacheStatus) String() string {
}
func (CriImageCacheStatus) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[43].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[44].Descriptor()
}
func (CriImageCacheStatus) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[43]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[44]
}
func (x CriImageCacheStatus) Number() protoreflect.EnumNumber {
@@ -3525,7 +3572,7 @@ func (x CriImageCacheStatus) Number() protoreflect.EnumNumber {
// Deprecated: Use CriImageCacheStatus.Descriptor instead.
func (CriImageCacheStatus) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{43}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{44}
}
// CriImageCacheCopyStatus describes image cache copy status type.
@@ -3565,11 +3612,11 @@ func (x CriImageCacheCopyStatus) String() string {
}
func (CriImageCacheCopyStatus) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[44].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[45].Descriptor()
}
func (CriImageCacheCopyStatus) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[44]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[45]
}
func (x CriImageCacheCopyStatus) Number() protoreflect.EnumNumber {
@@ -3578,7 +3625,7 @@ func (x CriImageCacheCopyStatus) Number() protoreflect.EnumNumber {
// Deprecated: Use CriImageCacheCopyStatus.Descriptor instead.
func (CriImageCacheCopyStatus) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{44}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{45}
}
// KubespanPeerState is KubeSpan peer current state.
@@ -3615,11 +3662,11 @@ func (x KubespanPeerState) String() string {
}
func (KubespanPeerState) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[45].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[46].Descriptor()
}
func (KubespanPeerState) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[45]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[46]
}
func (x KubespanPeerState) Number() protoreflect.EnumNumber {
@@ -3628,7 +3675,7 @@ func (x KubespanPeerState) Number() protoreflect.EnumNumber {
// Deprecated: Use KubespanPeerState.Descriptor instead.
func (KubespanPeerState) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{45}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{46}
}
// NetworkConfigLayer describes network configuration layers, with lowest priority first.
@@ -3671,11 +3718,11 @@ func (x NetworkConfigLayer) String() string {
}
func (NetworkConfigLayer) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[46].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[47].Descriptor()
}
func (NetworkConfigLayer) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[46]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[47]
}
func (x NetworkConfigLayer) Number() protoreflect.EnumNumber {
@@ -3684,7 +3731,7 @@ func (x NetworkConfigLayer) Number() protoreflect.EnumNumber {
// Deprecated: Use NetworkConfigLayer.Descriptor instead.
func (NetworkConfigLayer) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{46}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{47}
}
// NetworkOperator enumerates Talos network operators.
@@ -3721,11 +3768,11 @@ func (x NetworkOperator) String() string {
}
func (NetworkOperator) Descriptor() protoreflect.EnumDescriptor {
- return file_resource_definitions_enums_enums_proto_enumTypes[47].Descriptor()
+ return file_resource_definitions_enums_enums_proto_enumTypes[48].Descriptor()
}
func (NetworkOperator) Type() protoreflect.EnumType {
- return &file_resource_definitions_enums_enums_proto_enumTypes[47]
+ return &file_resource_definitions_enums_enums_proto_enumTypes[48]
}
func (x NetworkOperator) Number() protoreflect.EnumNumber {
@@ -3734,7 +3781,7 @@ func (x NetworkOperator) Number() protoreflect.EnumNumber {
// Deprecated: Use NetworkOperator.Descriptor instead.
func (NetworkOperator) EnumDescriptor() ([]byte, []int) {
- return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{47}
+ return file_resource_definitions_enums_enums_proto_rawDescGZIP(), []int{48}
}
var File_resource_definitions_enums_enums_proto protoreflect.FileDescriptor
@@ -3827,7 +3874,10 @@ const file_resource_definitions_enums_enums_proto_rawDesc = "" +
"\x13CONNTRACK_STATE_NEW\x10\b\x12\x1b\n" +
"\x17CONNTRACK_STATE_RELATED\x10\x04\x12\x1f\n" +
"\x1bCONNTRACK_STATE_ESTABLISHED\x10\x02\x12\x1b\n" +
- "\x17CONNTRACK_STATE_INVALID\x10\x01*4\n" +
+ "\x17CONNTRACK_STATE_INVALID\x10\x01*P\n" +
+ "\x15NethelpersDNSProtocol\x12\x18\n" +
+ "\x14DNS_PROTOCOL_DEFAULT\x10\x00\x12\x1d\n" +
+ "\x19DNS_PROTOCOL_DNS_OVER_TLS\x10\x01*4\n" +
"\x10NethelpersDuplex\x12\b\n" +
"\x04HALF\x10\x00\x12\b\n" +
"\x04FULL\x10\x01\x12\f\n" +
@@ -4419,7 +4469,7 @@ func file_resource_definitions_enums_enums_proto_rawDescGZIP() []byte {
return file_resource_definitions_enums_enums_proto_rawDescData
}
-var file_resource_definitions_enums_enums_proto_enumTypes = make([]protoimpl.EnumInfo, 48)
+var file_resource_definitions_enums_enums_proto_enumTypes = make([]protoimpl.EnumInfo, 49)
var file_resource_definitions_enums_enums_proto_goTypes = []any{
(RuntimeMachineStage)(0), // 0: talos.resource.definitions.enums.RuntimeMachineStage
(RuntimeSELinuxState)(0), // 1: talos.resource.definitions.enums.RuntimeSELinuxState
@@ -4436,39 +4486,40 @@ var file_resource_definitions_enums_enums_proto_goTypes = []any{
(NethelpersBondXmitHashPolicy)(0), // 12: talos.resource.definitions.enums.NethelpersBondXmitHashPolicy
(NethelpersClientIdentifier)(0), // 13: talos.resource.definitions.enums.NethelpersClientIdentifier
(NethelpersConntrackState)(0), // 14: talos.resource.definitions.enums.NethelpersConntrackState
- (NethelpersDuplex)(0), // 15: talos.resource.definitions.enums.NethelpersDuplex
- (NethelpersFailOverMAC)(0), // 16: talos.resource.definitions.enums.NethelpersFailOverMAC
- (NethelpersFamily)(0), // 17: talos.resource.definitions.enums.NethelpersFamily
- (NethelpersICMPType)(0), // 18: talos.resource.definitions.enums.NethelpersICMPType
- (NethelpersLACPRate)(0), // 19: talos.resource.definitions.enums.NethelpersLACPRate
- (NethelpersLinkType)(0), // 20: talos.resource.definitions.enums.NethelpersLinkType
- (NethelpersMatchOperator)(0), // 21: talos.resource.definitions.enums.NethelpersMatchOperator
- (NethelpersNfTablesChainHook)(0), // 22: talos.resource.definitions.enums.NethelpersNfTablesChainHook
- (NethelpersNfTablesChainPriority)(0), // 23: talos.resource.definitions.enums.NethelpersNfTablesChainPriority
- (NethelpersNfTablesVerdict)(0), // 24: talos.resource.definitions.enums.NethelpersNfTablesVerdict
- (NethelpersOperationalState)(0), // 25: talos.resource.definitions.enums.NethelpersOperationalState
- (NethelpersPort)(0), // 26: talos.resource.definitions.enums.NethelpersPort
- (NethelpersPrimaryReselect)(0), // 27: talos.resource.definitions.enums.NethelpersPrimaryReselect
- (NethelpersProtocol)(0), // 28: talos.resource.definitions.enums.NethelpersProtocol
- (NethelpersRouteFlag)(0), // 29: talos.resource.definitions.enums.NethelpersRouteFlag
- (NethelpersRouteProtocol)(0), // 30: talos.resource.definitions.enums.NethelpersRouteProtocol
- (NethelpersRouteType)(0), // 31: talos.resource.definitions.enums.NethelpersRouteType
- (NethelpersRoutingRuleAction)(0), // 32: talos.resource.definitions.enums.NethelpersRoutingRuleAction
- (NethelpersRoutingTable)(0), // 33: talos.resource.definitions.enums.NethelpersRoutingTable
- (NethelpersScope)(0), // 34: talos.resource.definitions.enums.NethelpersScope
- (NethelpersVLANProtocol)(0), // 35: talos.resource.definitions.enums.NethelpersVLANProtocol
- (NethelpersWOLMode)(0), // 36: talos.resource.definitions.enums.NethelpersWOLMode
- (BlockEncryptionKeyType)(0), // 37: talos.resource.definitions.enums.BlockEncryptionKeyType
- (BlockEncryptionProviderType)(0), // 38: talos.resource.definitions.enums.BlockEncryptionProviderType
- (BlockFilesystemType)(0), // 39: talos.resource.definitions.enums.BlockFilesystemType
- (BlockFSParameterType)(0), // 40: talos.resource.definitions.enums.BlockFSParameterType
- (BlockVolumePhase)(0), // 41: talos.resource.definitions.enums.BlockVolumePhase
- (BlockVolumeType)(0), // 42: talos.resource.definitions.enums.BlockVolumeType
- (CriImageCacheStatus)(0), // 43: talos.resource.definitions.enums.CriImageCacheStatus
- (CriImageCacheCopyStatus)(0), // 44: talos.resource.definitions.enums.CriImageCacheCopyStatus
- (KubespanPeerState)(0), // 45: talos.resource.definitions.enums.KubespanPeerState
- (NetworkConfigLayer)(0), // 46: talos.resource.definitions.enums.NetworkConfigLayer
- (NetworkOperator)(0), // 47: talos.resource.definitions.enums.NetworkOperator
+ (NethelpersDNSProtocol)(0), // 15: talos.resource.definitions.enums.NethelpersDNSProtocol
+ (NethelpersDuplex)(0), // 16: talos.resource.definitions.enums.NethelpersDuplex
+ (NethelpersFailOverMAC)(0), // 17: talos.resource.definitions.enums.NethelpersFailOverMAC
+ (NethelpersFamily)(0), // 18: talos.resource.definitions.enums.NethelpersFamily
+ (NethelpersICMPType)(0), // 19: talos.resource.definitions.enums.NethelpersICMPType
+ (NethelpersLACPRate)(0), // 20: talos.resource.definitions.enums.NethelpersLACPRate
+ (NethelpersLinkType)(0), // 21: talos.resource.definitions.enums.NethelpersLinkType
+ (NethelpersMatchOperator)(0), // 22: talos.resource.definitions.enums.NethelpersMatchOperator
+ (NethelpersNfTablesChainHook)(0), // 23: talos.resource.definitions.enums.NethelpersNfTablesChainHook
+ (NethelpersNfTablesChainPriority)(0), // 24: talos.resource.definitions.enums.NethelpersNfTablesChainPriority
+ (NethelpersNfTablesVerdict)(0), // 25: talos.resource.definitions.enums.NethelpersNfTablesVerdict
+ (NethelpersOperationalState)(0), // 26: talos.resource.definitions.enums.NethelpersOperationalState
+ (NethelpersPort)(0), // 27: talos.resource.definitions.enums.NethelpersPort
+ (NethelpersPrimaryReselect)(0), // 28: talos.resource.definitions.enums.NethelpersPrimaryReselect
+ (NethelpersProtocol)(0), // 29: talos.resource.definitions.enums.NethelpersProtocol
+ (NethelpersRouteFlag)(0), // 30: talos.resource.definitions.enums.NethelpersRouteFlag
+ (NethelpersRouteProtocol)(0), // 31: talos.resource.definitions.enums.NethelpersRouteProtocol
+ (NethelpersRouteType)(0), // 32: talos.resource.definitions.enums.NethelpersRouteType
+ (NethelpersRoutingRuleAction)(0), // 33: talos.resource.definitions.enums.NethelpersRoutingRuleAction
+ (NethelpersRoutingTable)(0), // 34: talos.resource.definitions.enums.NethelpersRoutingTable
+ (NethelpersScope)(0), // 35: talos.resource.definitions.enums.NethelpersScope
+ (NethelpersVLANProtocol)(0), // 36: talos.resource.definitions.enums.NethelpersVLANProtocol
+ (NethelpersWOLMode)(0), // 37: talos.resource.definitions.enums.NethelpersWOLMode
+ (BlockEncryptionKeyType)(0), // 38: talos.resource.definitions.enums.BlockEncryptionKeyType
+ (BlockEncryptionProviderType)(0), // 39: talos.resource.definitions.enums.BlockEncryptionProviderType
+ (BlockFilesystemType)(0), // 40: talos.resource.definitions.enums.BlockFilesystemType
+ (BlockFSParameterType)(0), // 41: talos.resource.definitions.enums.BlockFSParameterType
+ (BlockVolumePhase)(0), // 42: talos.resource.definitions.enums.BlockVolumePhase
+ (BlockVolumeType)(0), // 43: talos.resource.definitions.enums.BlockVolumeType
+ (CriImageCacheStatus)(0), // 44: talos.resource.definitions.enums.CriImageCacheStatus
+ (CriImageCacheCopyStatus)(0), // 45: talos.resource.definitions.enums.CriImageCacheCopyStatus
+ (KubespanPeerState)(0), // 46: talos.resource.definitions.enums.KubespanPeerState
+ (NetworkConfigLayer)(0), // 47: talos.resource.definitions.enums.NetworkConfigLayer
+ (NetworkOperator)(0), // 48: talos.resource.definitions.enums.NetworkOperator
}
var file_resource_definitions_enums_enums_proto_depIdxs = []int32{
0, // [0:0] is the sub-list for method output_type
@@ -4488,7 +4539,7 @@ func file_resource_definitions_enums_enums_proto_init() {
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: unsafe.Slice(unsafe.StringData(file_resource_definitions_enums_enums_proto_rawDesc), len(file_resource_definitions_enums_enums_proto_rawDesc)),
- NumEnums: 48,
+ NumEnums: 49,
NumMessages: 0,
NumExtensions: 0,
NumServices: 0,
diff --git a/pkg/machinery/api/resource/definitions/network/network.pb.go b/pkg/machinery/api/resource/definitions/network/network.pb.go
index 7e3ddfb88..70546eee8 100644
--- a/pkg/machinery/api/resource/definitions/network/network.pb.go
+++ b/pkg/machinery/api/resource/definitions/network/network.pb.go
@@ -2544,6 +2544,67 @@ func (x *LinkStatusSpec) GetVrfMaster() *VRFMasterSpec {
return nil
}
+// NameServerSpec describes a single DNS nameserver with additional configuration.
+type NameServerSpec struct {
+ state protoimpl.MessageState `protogen:"open.v1"`
+ Addr *common.NetIP `protobuf:"bytes,1,opt,name=addr,proto3" json:"addr,omitempty"`
+ Protocol enums.NethelpersDNSProtocol `protobuf:"varint,2,opt,name=protocol,proto3,enum=talos.resource.definitions.enums.NethelpersDNSProtocol" json:"protocol,omitempty"`
+ TlsServerName string `protobuf:"bytes,3,opt,name=tls_server_name,json=tlsServerName,proto3" json:"tls_server_name,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
+}
+
+func (x *NameServerSpec) Reset() {
+ *x = NameServerSpec{}
+ mi := &file_resource_definitions_network_network_proto_msgTypes[27]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+}
+
+func (x *NameServerSpec) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*NameServerSpec) ProtoMessage() {}
+
+func (x *NameServerSpec) ProtoReflect() protoreflect.Message {
+ mi := &file_resource_definitions_network_network_proto_msgTypes[27]
+ if x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use NameServerSpec.ProtoReflect.Descriptor instead.
+func (*NameServerSpec) Descriptor() ([]byte, []int) {
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{27}
+}
+
+func (x *NameServerSpec) GetAddr() *common.NetIP {
+ if x != nil {
+ return x.Addr
+ }
+ return nil
+}
+
+func (x *NameServerSpec) GetProtocol() enums.NethelpersDNSProtocol {
+ if x != nil {
+ return x.Protocol
+ }
+ return enums.NethelpersDNSProtocol(0)
+}
+
+func (x *NameServerSpec) GetTlsServerName() string {
+ if x != nil {
+ return x.TlsServerName
+ }
+ return ""
+}
+
// NfTablesAddressMatch describes the match on the IP address.
type NfTablesAddressMatch struct {
state protoimpl.MessageState `protogen:"open.v1"`
@@ -2556,7 +2617,7 @@ type NfTablesAddressMatch struct {
func (x *NfTablesAddressMatch) Reset() {
*x = NfTablesAddressMatch{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[27]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[28]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -2568,7 +2629,7 @@ func (x *NfTablesAddressMatch) String() string {
func (*NfTablesAddressMatch) ProtoMessage() {}
func (x *NfTablesAddressMatch) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[27]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[28]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -2581,7 +2642,7 @@ func (x *NfTablesAddressMatch) ProtoReflect() protoreflect.Message {
// Deprecated: Use NfTablesAddressMatch.ProtoReflect.Descriptor instead.
func (*NfTablesAddressMatch) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{27}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{28}
}
func (x *NfTablesAddressMatch) GetIncludeSubnets() []*common.NetIPPrefix {
@@ -2619,7 +2680,7 @@ type NfTablesChainSpec struct {
func (x *NfTablesChainSpec) Reset() {
*x = NfTablesChainSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[28]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[29]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -2631,7 +2692,7 @@ func (x *NfTablesChainSpec) String() string {
func (*NfTablesChainSpec) ProtoMessage() {}
func (x *NfTablesChainSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[28]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[29]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -2644,7 +2705,7 @@ func (x *NfTablesChainSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use NfTablesChainSpec.ProtoReflect.Descriptor instead.
func (*NfTablesChainSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{28}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{29}
}
func (x *NfTablesChainSpec) GetType() string {
@@ -2696,7 +2757,7 @@ type NfTablesClampMSS struct {
func (x *NfTablesClampMSS) Reset() {
*x = NfTablesClampMSS{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[29]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[30]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -2708,7 +2769,7 @@ func (x *NfTablesClampMSS) String() string {
func (*NfTablesClampMSS) ProtoMessage() {}
func (x *NfTablesClampMSS) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[29]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[30]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -2721,7 +2782,7 @@ func (x *NfTablesClampMSS) ProtoReflect() protoreflect.Message {
// Deprecated: Use NfTablesClampMSS.ProtoReflect.Descriptor instead.
func (*NfTablesClampMSS) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{29}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{30}
}
func (x *NfTablesClampMSS) GetMtu() uint32 {
@@ -2741,7 +2802,7 @@ type NfTablesConntrackStateMatch struct {
func (x *NfTablesConntrackStateMatch) Reset() {
*x = NfTablesConntrackStateMatch{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[30]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[31]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -2753,7 +2814,7 @@ func (x *NfTablesConntrackStateMatch) String() string {
func (*NfTablesConntrackStateMatch) ProtoMessage() {}
func (x *NfTablesConntrackStateMatch) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[30]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[31]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -2766,7 +2827,7 @@ func (x *NfTablesConntrackStateMatch) ProtoReflect() protoreflect.Message {
// Deprecated: Use NfTablesConntrackStateMatch.ProtoReflect.Descriptor instead.
func (*NfTablesConntrackStateMatch) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{30}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{31}
}
func (x *NfTablesConntrackStateMatch) GetStates() []enums.NethelpersConntrackState {
@@ -2786,7 +2847,7 @@ type NfTablesICMPTypeMatch struct {
func (x *NfTablesICMPTypeMatch) Reset() {
*x = NfTablesICMPTypeMatch{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[31]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[32]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -2798,7 +2859,7 @@ func (x *NfTablesICMPTypeMatch) String() string {
func (*NfTablesICMPTypeMatch) ProtoMessage() {}
func (x *NfTablesICMPTypeMatch) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[31]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[32]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -2811,7 +2872,7 @@ func (x *NfTablesICMPTypeMatch) ProtoReflect() protoreflect.Message {
// Deprecated: Use NfTablesICMPTypeMatch.ProtoReflect.Descriptor instead.
func (*NfTablesICMPTypeMatch) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{31}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{32}
}
func (x *NfTablesICMPTypeMatch) GetTypes() []enums.NethelpersICMPType {
@@ -2832,7 +2893,7 @@ type NfTablesIfNameMatch struct {
func (x *NfTablesIfNameMatch) Reset() {
*x = NfTablesIfNameMatch{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[32]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[33]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -2844,7 +2905,7 @@ func (x *NfTablesIfNameMatch) String() string {
func (*NfTablesIfNameMatch) ProtoMessage() {}
func (x *NfTablesIfNameMatch) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[32]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[33]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -2857,7 +2918,7 @@ func (x *NfTablesIfNameMatch) ProtoReflect() protoreflect.Message {
// Deprecated: Use NfTablesIfNameMatch.ProtoReflect.Descriptor instead.
func (*NfTablesIfNameMatch) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{32}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{33}
}
func (x *NfTablesIfNameMatch) GetOperator() enums.NethelpersMatchOperator {
@@ -2887,7 +2948,7 @@ type NfTablesLayer4Match struct {
func (x *NfTablesLayer4Match) Reset() {
*x = NfTablesLayer4Match{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[33]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[34]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -2899,7 +2960,7 @@ func (x *NfTablesLayer4Match) String() string {
func (*NfTablesLayer4Match) ProtoMessage() {}
func (x *NfTablesLayer4Match) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[33]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[34]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -2912,7 +2973,7 @@ func (x *NfTablesLayer4Match) ProtoReflect() protoreflect.Message {
// Deprecated: Use NfTablesLayer4Match.ProtoReflect.Descriptor instead.
func (*NfTablesLayer4Match) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{33}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{34}
}
func (x *NfTablesLayer4Match) GetProtocol() enums.NethelpersProtocol {
@@ -2953,7 +3014,7 @@ type NfTablesLimitMatch struct {
func (x *NfTablesLimitMatch) Reset() {
*x = NfTablesLimitMatch{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[34]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[35]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -2965,7 +3026,7 @@ func (x *NfTablesLimitMatch) String() string {
func (*NfTablesLimitMatch) ProtoMessage() {}
func (x *NfTablesLimitMatch) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[34]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[35]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -2978,7 +3039,7 @@ func (x *NfTablesLimitMatch) ProtoReflect() protoreflect.Message {
// Deprecated: Use NfTablesLimitMatch.ProtoReflect.Descriptor instead.
func (*NfTablesLimitMatch) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{34}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{35}
}
func (x *NfTablesLimitMatch) GetPacketRatePerSecond() uint64 {
@@ -3006,7 +3067,7 @@ type NfTablesMark struct {
func (x *NfTablesMark) Reset() {
*x = NfTablesMark{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[35]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[36]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3018,7 +3079,7 @@ func (x *NfTablesMark) String() string {
func (*NfTablesMark) ProtoMessage() {}
func (x *NfTablesMark) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[35]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[36]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3031,7 +3092,7 @@ func (x *NfTablesMark) ProtoReflect() protoreflect.Message {
// Deprecated: Use NfTablesMark.ProtoReflect.Descriptor instead.
func (*NfTablesMark) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{35}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{36}
}
func (x *NfTablesMark) GetMask() uint32 {
@@ -3065,7 +3126,7 @@ type NfTablesPortMatch struct {
func (x *NfTablesPortMatch) Reset() {
*x = NfTablesPortMatch{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[36]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[37]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3077,7 +3138,7 @@ func (x *NfTablesPortMatch) String() string {
func (*NfTablesPortMatch) ProtoMessage() {}
func (x *NfTablesPortMatch) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[36]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[37]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3090,7 +3151,7 @@ func (x *NfTablesPortMatch) ProtoReflect() protoreflect.Message {
// Deprecated: Use NfTablesPortMatch.ProtoReflect.Descriptor instead.
func (*NfTablesPortMatch) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{36}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{37}
}
func (x *NfTablesPortMatch) GetRanges() []*PortRange {
@@ -3121,7 +3182,7 @@ type NfTablesRule struct {
func (x *NfTablesRule) Reset() {
*x = NfTablesRule{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[37]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[38]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3133,7 +3194,7 @@ func (x *NfTablesRule) String() string {
func (*NfTablesRule) ProtoMessage() {}
func (x *NfTablesRule) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[37]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[38]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3146,7 +3207,7 @@ func (x *NfTablesRule) ProtoReflect() protoreflect.Message {
// Deprecated: Use NfTablesRule.ProtoReflect.Descriptor instead.
func (*NfTablesRule) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{37}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{38}
}
func (x *NfTablesRule) GetMatchOIfName() *NfTablesIfNameMatch {
@@ -3246,7 +3307,7 @@ type NodeAddressFilterSpec struct {
func (x *NodeAddressFilterSpec) Reset() {
*x = NodeAddressFilterSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[38]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[39]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3258,7 +3319,7 @@ func (x *NodeAddressFilterSpec) String() string {
func (*NodeAddressFilterSpec) ProtoMessage() {}
func (x *NodeAddressFilterSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[38]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[39]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3271,7 +3332,7 @@ func (x *NodeAddressFilterSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use NodeAddressFilterSpec.ProtoReflect.Descriptor instead.
func (*NodeAddressFilterSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{38}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{39}
}
func (x *NodeAddressFilterSpec) GetIncludeSubnets() []*common.NetIPPrefix {
@@ -3298,7 +3359,7 @@ type NodeAddressSortAlgorithmSpec struct {
func (x *NodeAddressSortAlgorithmSpec) Reset() {
*x = NodeAddressSortAlgorithmSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[39]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[40]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3310,7 +3371,7 @@ func (x *NodeAddressSortAlgorithmSpec) String() string {
func (*NodeAddressSortAlgorithmSpec) ProtoMessage() {}
func (x *NodeAddressSortAlgorithmSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[39]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[40]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3323,7 +3384,7 @@ func (x *NodeAddressSortAlgorithmSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use NodeAddressSortAlgorithmSpec.ProtoReflect.Descriptor instead.
func (*NodeAddressSortAlgorithmSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{39}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{40}
}
func (x *NodeAddressSortAlgorithmSpec) GetAlgorithm() enums.NethelpersAddressSortAlgorithm {
@@ -3344,7 +3405,7 @@ type NodeAddressSpec struct {
func (x *NodeAddressSpec) Reset() {
*x = NodeAddressSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[40]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[41]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3356,7 +3417,7 @@ func (x *NodeAddressSpec) String() string {
func (*NodeAddressSpec) ProtoMessage() {}
func (x *NodeAddressSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[40]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[41]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3369,7 +3430,7 @@ func (x *NodeAddressSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use NodeAddressSpec.ProtoReflect.Descriptor instead.
func (*NodeAddressSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{40}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{41}
}
func (x *NodeAddressSpec) GetAddresses() []*common.NetIPPrefix {
@@ -3402,7 +3463,7 @@ type OperatorSpecSpec struct {
func (x *OperatorSpecSpec) Reset() {
*x = OperatorSpecSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[41]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[42]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3414,7 +3475,7 @@ func (x *OperatorSpecSpec) String() string {
func (*OperatorSpecSpec) ProtoMessage() {}
func (x *OperatorSpecSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[41]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[42]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3427,7 +3488,7 @@ func (x *OperatorSpecSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use OperatorSpecSpec.ProtoReflect.Descriptor instead.
func (*OperatorSpecSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{41}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{42}
}
func (x *OperatorSpecSpec) GetOperator() enums.NetworkOperator {
@@ -3501,7 +3562,7 @@ type PlatformConfigSpec struct {
func (x *PlatformConfigSpec) Reset() {
*x = PlatformConfigSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[42]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[43]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3513,7 +3574,7 @@ func (x *PlatformConfigSpec) String() string {
func (*PlatformConfigSpec) ProtoMessage() {}
func (x *PlatformConfigSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[42]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[43]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3526,7 +3587,7 @@ func (x *PlatformConfigSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use PlatformConfigSpec.ProtoReflect.Descriptor instead.
func (*PlatformConfigSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{42}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{43}
}
func (x *PlatformConfigSpec) GetAddresses() []*AddressSpecSpec {
@@ -3612,7 +3673,7 @@ type PortRange struct {
func (x *PortRange) Reset() {
*x = PortRange{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[43]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[44]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3624,7 +3685,7 @@ func (x *PortRange) String() string {
func (*PortRange) ProtoMessage() {}
func (x *PortRange) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[43]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[44]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3637,7 +3698,7 @@ func (x *PortRange) ProtoReflect() protoreflect.Message {
// Deprecated: Use PortRange.ProtoReflect.Descriptor instead.
func (*PortRange) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{43}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{44}
}
func (x *PortRange) GetLo() uint32 {
@@ -3673,7 +3734,7 @@ type ProbeSpecSpec struct {
func (x *ProbeSpecSpec) Reset() {
*x = ProbeSpecSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[44]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[45]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3685,7 +3746,7 @@ func (x *ProbeSpecSpec) String() string {
func (*ProbeSpecSpec) ProtoMessage() {}
func (x *ProbeSpecSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[44]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[45]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3698,7 +3759,7 @@ func (x *ProbeSpecSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use ProbeSpecSpec.ProtoReflect.Descriptor instead.
func (*ProbeSpecSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{44}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{45}
}
func (x *ProbeSpecSpec) GetInterval() *durationpb.Duration {
@@ -3749,7 +3810,7 @@ type ProbeStatusSpec struct {
func (x *ProbeStatusSpec) Reset() {
*x = ProbeStatusSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[45]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[46]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3761,7 +3822,7 @@ func (x *ProbeStatusSpec) String() string {
func (*ProbeStatusSpec) ProtoMessage() {}
func (x *ProbeStatusSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[45]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[46]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3774,7 +3835,7 @@ func (x *ProbeStatusSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use ProbeStatusSpec.ProtoReflect.Descriptor instead.
func (*ProbeStatusSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{45}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{46}
}
func (x *ProbeStatusSpec) GetSuccess() bool {
@@ -3793,17 +3854,22 @@ func (x *ProbeStatusSpec) GetLastError() string {
// ResolverSpecSpec describes DNS resolvers.
type ResolverSpecSpec struct {
- state protoimpl.MessageState `protogen:"open.v1"`
+ state protoimpl.MessageState `protogen:"open.v1"`
+ // DNSServers is a flat list of DNS server IP addresses.
+ //
+ // Deprecated: This field is deprecated in favor of NameServers which contain more information.
DnsServers []*common.NetIP `protobuf:"bytes,1,rep,name=dns_servers,json=dnsServers,proto3" json:"dns_servers,omitempty"`
ConfigLayer enums.NetworkConfigLayer `protobuf:"varint,2,opt,name=config_layer,json=configLayer,proto3,enum=talos.resource.definitions.enums.NetworkConfigLayer" json:"config_layer,omitempty"`
SearchDomains []string `protobuf:"bytes,3,rep,name=search_domains,json=searchDomains,proto3" json:"search_domains,omitempty"`
+ // NameServers is a list of DNS servers with additional configuration.
+ NameServers []*NameServerSpec `protobuf:"bytes,4,rep,name=name_servers,json=nameServers,proto3" json:"name_servers,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ResolverSpecSpec) Reset() {
*x = ResolverSpecSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[46]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[47]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3815,7 +3881,7 @@ func (x *ResolverSpecSpec) String() string {
func (*ResolverSpecSpec) ProtoMessage() {}
func (x *ResolverSpecSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[46]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[47]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3828,7 +3894,7 @@ func (x *ResolverSpecSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use ResolverSpecSpec.ProtoReflect.Descriptor instead.
func (*ResolverSpecSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{46}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{47}
}
func (x *ResolverSpecSpec) GetDnsServers() []*common.NetIP {
@@ -3852,18 +3918,30 @@ func (x *ResolverSpecSpec) GetSearchDomains() []string {
return nil
}
+func (x *ResolverSpecSpec) GetNameServers() []*NameServerSpec {
+ if x != nil {
+ return x.NameServers
+ }
+ return nil
+}
+
// ResolverStatusSpec describes DNS resolvers.
type ResolverStatusSpec struct {
- state protoimpl.MessageState `protogen:"open.v1"`
- DnsServers []*common.NetIP `protobuf:"bytes,1,rep,name=dns_servers,json=dnsServers,proto3" json:"dns_servers,omitempty"`
- SearchDomains []string `protobuf:"bytes,2,rep,name=search_domains,json=searchDomains,proto3" json:"search_domains,omitempty"`
+ state protoimpl.MessageState `protogen:"open.v1"`
+ // DNSServers is a flat list of DNS server IP addresses.
+ //
+ // Deprecated: This field is deprecated in favor of NameServers which contain more information.
+ DnsServers []*common.NetIP `protobuf:"bytes,1,rep,name=dns_servers,json=dnsServers,proto3" json:"dns_servers,omitempty"`
+ SearchDomains []string `protobuf:"bytes,2,rep,name=search_domains,json=searchDomains,proto3" json:"search_domains,omitempty"`
+ // NameServers is a list of DNS servers with additional configuration.
+ NameServers []*NameServerSpec `protobuf:"bytes,4,rep,name=name_servers,json=nameServers,proto3" json:"name_servers,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ResolverStatusSpec) Reset() {
*x = ResolverStatusSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[47]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[48]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3875,7 +3953,7 @@ func (x *ResolverStatusSpec) String() string {
func (*ResolverStatusSpec) ProtoMessage() {}
func (x *ResolverStatusSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[47]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[48]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3888,7 +3966,7 @@ func (x *ResolverStatusSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use ResolverStatusSpec.ProtoReflect.Descriptor instead.
func (*ResolverStatusSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{47}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{48}
}
func (x *ResolverStatusSpec) GetDnsServers() []*common.NetIP {
@@ -3905,6 +3983,13 @@ func (x *ResolverStatusSpec) GetSearchDomains() []string {
return nil
}
+func (x *ResolverStatusSpec) GetNameServers() []*NameServerSpec {
+ if x != nil {
+ return x.NameServers
+ }
+ return nil
+}
+
// RouteSpecSpec describes the route.
type RouteSpecSpec struct {
state protoimpl.MessageState `protogen:"open.v1"`
@@ -3927,7 +4012,7 @@ type RouteSpecSpec struct {
func (x *RouteSpecSpec) Reset() {
*x = RouteSpecSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[48]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[49]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3939,7 +4024,7 @@ func (x *RouteSpecSpec) String() string {
func (*RouteSpecSpec) ProtoMessage() {}
func (x *RouteSpecSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[48]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[49]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3952,7 +4037,7 @@ func (x *RouteSpecSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use RouteSpecSpec.ProtoReflect.Descriptor instead.
func (*RouteSpecSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{48}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{49}
}
func (x *RouteSpecSpec) GetFamily() enums.NethelpersFamily {
@@ -4068,7 +4153,7 @@ type RouteStatusSpec struct {
func (x *RouteStatusSpec) Reset() {
*x = RouteStatusSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[49]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[50]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -4080,7 +4165,7 @@ func (x *RouteStatusSpec) String() string {
func (*RouteStatusSpec) ProtoMessage() {}
func (x *RouteStatusSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[49]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[50]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -4093,7 +4178,7 @@ func (x *RouteStatusSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use RouteStatusSpec.ProtoReflect.Descriptor instead.
func (*RouteStatusSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{49}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{50}
}
func (x *RouteStatusSpec) GetFamily() enums.NethelpersFamily {
@@ -4207,7 +4292,7 @@ type RoutingRuleSpecSpec struct {
func (x *RoutingRuleSpecSpec) Reset() {
*x = RoutingRuleSpecSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[50]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[51]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -4219,7 +4304,7 @@ func (x *RoutingRuleSpecSpec) String() string {
func (*RoutingRuleSpecSpec) ProtoMessage() {}
func (x *RoutingRuleSpecSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[50]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[51]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -4232,7 +4317,7 @@ func (x *RoutingRuleSpecSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use RoutingRuleSpecSpec.ProtoReflect.Descriptor instead.
func (*RoutingRuleSpecSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{50}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{51}
}
func (x *RoutingRuleSpecSpec) GetFamily() enums.NethelpersFamily {
@@ -4331,7 +4416,7 @@ type RoutingRuleStatusSpec struct {
func (x *RoutingRuleStatusSpec) Reset() {
*x = RoutingRuleStatusSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[51]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[52]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -4343,7 +4428,7 @@ func (x *RoutingRuleStatusSpec) String() string {
func (*RoutingRuleStatusSpec) ProtoMessage() {}
func (x *RoutingRuleStatusSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[51]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[52]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -4356,7 +4441,7 @@ func (x *RoutingRuleStatusSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use RoutingRuleStatusSpec.ProtoReflect.Descriptor instead.
func (*RoutingRuleStatusSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{51}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{52}
}
func (x *RoutingRuleStatusSpec) GetFamily() enums.NethelpersFamily {
@@ -4439,7 +4524,7 @@ type STPSpec struct {
func (x *STPSpec) Reset() {
*x = STPSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[52]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[53]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -4451,7 +4536,7 @@ func (x *STPSpec) String() string {
func (*STPSpec) ProtoMessage() {}
func (x *STPSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[52]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[53]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -4464,7 +4549,7 @@ func (x *STPSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use STPSpec.ProtoReflect.Descriptor instead.
func (*STPSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{52}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{53}
}
func (x *STPSpec) GetEnabled() bool {
@@ -4487,7 +4572,7 @@ type StatusSpec struct {
func (x *StatusSpec) Reset() {
*x = StatusSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[53]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[54]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -4499,7 +4584,7 @@ func (x *StatusSpec) String() string {
func (*StatusSpec) ProtoMessage() {}
func (x *StatusSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[53]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[54]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -4512,7 +4597,7 @@ func (x *StatusSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use StatusSpec.ProtoReflect.Descriptor instead.
func (*StatusSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{53}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{54}
}
func (x *StatusSpec) GetAddressReady() bool {
@@ -4556,7 +4641,7 @@ type TCPProbeSpec struct {
func (x *TCPProbeSpec) Reset() {
*x = TCPProbeSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[54]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[55]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -4568,7 +4653,7 @@ func (x *TCPProbeSpec) String() string {
func (*TCPProbeSpec) ProtoMessage() {}
func (x *TCPProbeSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[54]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[55]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -4581,7 +4666,7 @@ func (x *TCPProbeSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use TCPProbeSpec.ProtoReflect.Descriptor instead.
func (*TCPProbeSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{54}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{55}
}
func (x *TCPProbeSpec) GetEndpoint() string {
@@ -4610,7 +4695,7 @@ type TimeServerSpecSpec struct {
func (x *TimeServerSpecSpec) Reset() {
*x = TimeServerSpecSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[55]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[56]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -4622,7 +4707,7 @@ func (x *TimeServerSpecSpec) String() string {
func (*TimeServerSpecSpec) ProtoMessage() {}
func (x *TimeServerSpecSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[55]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[56]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -4635,7 +4720,7 @@ func (x *TimeServerSpecSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use TimeServerSpecSpec.ProtoReflect.Descriptor instead.
func (*TimeServerSpecSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{55}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{56}
}
func (x *TimeServerSpecSpec) GetNtpServers() []string {
@@ -4670,7 +4755,7 @@ type TimeServerStatusSpec struct {
func (x *TimeServerStatusSpec) Reset() {
*x = TimeServerStatusSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[56]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[57]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -4682,7 +4767,7 @@ func (x *TimeServerStatusSpec) String() string {
func (*TimeServerStatusSpec) ProtoMessage() {}
func (x *TimeServerStatusSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[56]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[57]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -4695,7 +4780,7 @@ func (x *TimeServerStatusSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use TimeServerStatusSpec.ProtoReflect.Descriptor instead.
func (*TimeServerStatusSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{56}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{57}
}
func (x *TimeServerStatusSpec) GetNtpServers() []string {
@@ -4724,7 +4809,7 @@ type VIPEquinixMetalSpec struct {
func (x *VIPEquinixMetalSpec) Reset() {
*x = VIPEquinixMetalSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[57]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[58]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -4736,7 +4821,7 @@ func (x *VIPEquinixMetalSpec) String() string {
func (*VIPEquinixMetalSpec) ProtoMessage() {}
func (x *VIPEquinixMetalSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[57]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[58]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -4749,7 +4834,7 @@ func (x *VIPEquinixMetalSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use VIPEquinixMetalSpec.ProtoReflect.Descriptor instead.
func (*VIPEquinixMetalSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{57}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{58}
}
func (x *VIPEquinixMetalSpec) GetProjectId() string {
@@ -4785,7 +4870,7 @@ type VIPHCloudSpec struct {
func (x *VIPHCloudSpec) Reset() {
*x = VIPHCloudSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[58]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[59]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -4797,7 +4882,7 @@ func (x *VIPHCloudSpec) String() string {
func (*VIPHCloudSpec) ProtoMessage() {}
func (x *VIPHCloudSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[58]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[59]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -4810,7 +4895,7 @@ func (x *VIPHCloudSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use VIPHCloudSpec.ProtoReflect.Descriptor instead.
func (*VIPHCloudSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{58}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{59}
}
func (x *VIPHCloudSpec) GetDeviceId() int64 {
@@ -4847,7 +4932,7 @@ type VIPOperatorSpec struct {
func (x *VIPOperatorSpec) Reset() {
*x = VIPOperatorSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[59]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[60]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -4859,7 +4944,7 @@ func (x *VIPOperatorSpec) String() string {
func (*VIPOperatorSpec) ProtoMessage() {}
func (x *VIPOperatorSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[59]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[60]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -4872,7 +4957,7 @@ func (x *VIPOperatorSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use VIPOperatorSpec.ProtoReflect.Descriptor instead.
func (*VIPOperatorSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{59}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{60}
}
func (x *VIPOperatorSpec) GetIp() *common.NetIP {
@@ -4916,7 +5001,7 @@ type VLANSpec struct {
func (x *VLANSpec) Reset() {
*x = VLANSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[60]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[61]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -4928,7 +5013,7 @@ func (x *VLANSpec) String() string {
func (*VLANSpec) ProtoMessage() {}
func (x *VLANSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[60]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[61]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -4941,7 +5026,7 @@ func (x *VLANSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use VLANSpec.ProtoReflect.Descriptor instead.
func (*VLANSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{60}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{61}
}
func (x *VLANSpec) GetVid() uint32 {
@@ -4968,7 +5053,7 @@ type VRFMasterSpec struct {
func (x *VRFMasterSpec) Reset() {
*x = VRFMasterSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[61]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[62]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -4980,7 +5065,7 @@ func (x *VRFMasterSpec) String() string {
func (*VRFMasterSpec) ProtoMessage() {}
func (x *VRFMasterSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[61]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[62]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -4993,7 +5078,7 @@ func (x *VRFMasterSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use VRFMasterSpec.ProtoReflect.Descriptor instead.
func (*VRFMasterSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{61}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{62}
}
func (x *VRFMasterSpec) GetTable() enums.NethelpersRoutingTable {
@@ -5013,7 +5098,7 @@ type VRFSlave struct {
func (x *VRFSlave) Reset() {
*x = VRFSlave{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[62]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[63]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -5025,7 +5110,7 @@ func (x *VRFSlave) String() string {
func (*VRFSlave) ProtoMessage() {}
func (x *VRFSlave) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[62]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[63]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -5038,7 +5123,7 @@ func (x *VRFSlave) ProtoReflect() protoreflect.Message {
// Deprecated: Use VRFSlave.ProtoReflect.Descriptor instead.
func (*VRFSlave) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{62}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{63}
}
func (x *VRFSlave) GetMasterName() string {
@@ -5062,7 +5147,7 @@ type WireguardPeer struct {
func (x *WireguardPeer) Reset() {
*x = WireguardPeer{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[63]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[64]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -5074,7 +5159,7 @@ func (x *WireguardPeer) String() string {
func (*WireguardPeer) ProtoMessage() {}
func (x *WireguardPeer) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[63]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[64]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -5087,7 +5172,7 @@ func (x *WireguardPeer) ProtoReflect() protoreflect.Message {
// Deprecated: Use WireguardPeer.ProtoReflect.Descriptor instead.
func (*WireguardPeer) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{63}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{64}
}
func (x *WireguardPeer) GetPublicKey() string {
@@ -5141,7 +5226,7 @@ type WireguardSpec struct {
func (x *WireguardSpec) Reset() {
*x = WireguardSpec{}
- mi := &file_resource_definitions_network_network_proto_msgTypes[64]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[65]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -5153,7 +5238,7 @@ func (x *WireguardSpec) String() string {
func (*WireguardSpec) ProtoMessage() {}
func (x *WireguardSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_network_network_proto_msgTypes[64]
+ mi := &file_resource_definitions_network_network_proto_msgTypes[65]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -5166,7 +5251,7 @@ func (x *WireguardSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use WireguardSpec.ProtoReflect.Descriptor instead.
func (*WireguardSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{64}
+ return file_resource_definitions_network_network_proto_rawDescGZIP(), []int{65}
}
func (x *WireguardSpec) GetPrivateKey() string {
@@ -5460,7 +5545,11 @@ const file_resource_definitions_network_network_proto_rawDesc = "" +
"\x05alias\x18\x1f \x01(\tR\x05alias\x12\x1b\n" +
"\talt_names\x18 \x03(\tR\baltNames\x12P\n" +
"\n" +
- "vrf_master\x18! \x01(\v21.talos.resource.definitions.network.VRFMasterSpecR\tvrfMaster\"\xaa\x01\n" +
+ "vrf_master\x18! \x01(\v21.talos.resource.definitions.network.VRFMasterSpecR\tvrfMaster\"\xb0\x01\n" +
+ "\x0eNameServerSpec\x12!\n" +
+ "\x04addr\x18\x01 \x01(\v2\r.common.NetIPR\x04addr\x12S\n" +
+ "\bprotocol\x18\x02 \x01(\x0e27.talos.resource.definitions.enums.NethelpersDNSProtocolR\bprotocol\x12&\n" +
+ "\x0ftls_server_name\x18\x03 \x01(\tR\rtlsServerName\"\xaa\x01\n" +
"\x14NfTablesAddressMatch\x12<\n" +
"\x0finclude_subnets\x18\x01 \x03(\v2\x13.common.NetIPPrefixR\x0eincludeSubnets\x12<\n" +
"\x0fexclude_subnets\x18\x02 \x03(\v2\x13.common.NetIPPrefixR\x0eexcludeSubnets\x12\x16\n" +
@@ -5550,16 +5639,18 @@ const file_resource_definitions_network_network_proto_rawDesc = "" +
"\x0fProbeStatusSpec\x12\x18\n" +
"\asuccess\x18\x01 \x01(\bR\asuccess\x12\x1d\n" +
"\n" +
- "last_error\x18\x02 \x01(\tR\tlastError\"\xc2\x01\n" +
+ "last_error\x18\x02 \x01(\tR\tlastError\"\x99\x02\n" +
"\x10ResolverSpecSpec\x12.\n" +
"\vdns_servers\x18\x01 \x03(\v2\r.common.NetIPR\n" +
"dnsServers\x12W\n" +
"\fconfig_layer\x18\x02 \x01(\x0e24.talos.resource.definitions.enums.NetworkConfigLayerR\vconfigLayer\x12%\n" +
- "\x0esearch_domains\x18\x03 \x03(\tR\rsearchDomains\"k\n" +
+ "\x0esearch_domains\x18\x03 \x03(\tR\rsearchDomains\x12U\n" +
+ "\fname_servers\x18\x04 \x03(\v22.talos.resource.definitions.network.NameServerSpecR\vnameServers\"\xc2\x01\n" +
"\x12ResolverStatusSpec\x12.\n" +
"\vdns_servers\x18\x01 \x03(\v2\r.common.NetIPR\n" +
"dnsServers\x12%\n" +
- "\x0esearch_domains\x18\x02 \x03(\tR\rsearchDomains\"\xde\x05\n" +
+ "\x0esearch_domains\x18\x02 \x03(\tR\rsearchDomains\x12U\n" +
+ "\fname_servers\x18\x04 \x03(\v22.talos.resource.definitions.network.NameServerSpecR\vnameServers\"\xde\x05\n" +
"\rRouteSpecSpec\x12J\n" +
"\x06family\x18\x01 \x01(\x0e22.talos.resource.definitions.enums.NethelpersFamilyR\x06family\x125\n" +
"\vdestination\x18\x02 \x01(\v2\x13.common.NetIPPrefixR\vdestination\x12%\n" +
@@ -5689,7 +5780,7 @@ func file_resource_definitions_network_network_proto_rawDescGZIP() []byte {
return file_resource_definitions_network_network_proto_rawDescData
}
-var file_resource_definitions_network_network_proto_msgTypes = make([]protoimpl.MessageInfo, 66)
+var file_resource_definitions_network_network_proto_msgTypes = make([]protoimpl.MessageInfo, 67)
var file_resource_definitions_network_network_proto_goTypes = []any{
(*AddressSpecSpec)(nil), // 0: talos.resource.definitions.network.AddressSpecSpec
(*AddressStatusSpec)(nil), // 1: talos.resource.definitions.network.AddressStatusSpec
@@ -5718,242 +5809,248 @@ var file_resource_definitions_network_network_proto_goTypes = []any{
(*LinkRefreshSpec)(nil), // 24: talos.resource.definitions.network.LinkRefreshSpec
(*LinkSpecSpec)(nil), // 25: talos.resource.definitions.network.LinkSpecSpec
(*LinkStatusSpec)(nil), // 26: talos.resource.definitions.network.LinkStatusSpec
- (*NfTablesAddressMatch)(nil), // 27: talos.resource.definitions.network.NfTablesAddressMatch
- (*NfTablesChainSpec)(nil), // 28: talos.resource.definitions.network.NfTablesChainSpec
- (*NfTablesClampMSS)(nil), // 29: talos.resource.definitions.network.NfTablesClampMSS
- (*NfTablesConntrackStateMatch)(nil), // 30: talos.resource.definitions.network.NfTablesConntrackStateMatch
- (*NfTablesICMPTypeMatch)(nil), // 31: talos.resource.definitions.network.NfTablesICMPTypeMatch
- (*NfTablesIfNameMatch)(nil), // 32: talos.resource.definitions.network.NfTablesIfNameMatch
- (*NfTablesLayer4Match)(nil), // 33: talos.resource.definitions.network.NfTablesLayer4Match
- (*NfTablesLimitMatch)(nil), // 34: talos.resource.definitions.network.NfTablesLimitMatch
- (*NfTablesMark)(nil), // 35: talos.resource.definitions.network.NfTablesMark
- (*NfTablesPortMatch)(nil), // 36: talos.resource.definitions.network.NfTablesPortMatch
- (*NfTablesRule)(nil), // 37: talos.resource.definitions.network.NfTablesRule
- (*NodeAddressFilterSpec)(nil), // 38: talos.resource.definitions.network.NodeAddressFilterSpec
- (*NodeAddressSortAlgorithmSpec)(nil), // 39: talos.resource.definitions.network.NodeAddressSortAlgorithmSpec
- (*NodeAddressSpec)(nil), // 40: talos.resource.definitions.network.NodeAddressSpec
- (*OperatorSpecSpec)(nil), // 41: talos.resource.definitions.network.OperatorSpecSpec
- (*PlatformConfigSpec)(nil), // 42: talos.resource.definitions.network.PlatformConfigSpec
- (*PortRange)(nil), // 43: talos.resource.definitions.network.PortRange
- (*ProbeSpecSpec)(nil), // 44: talos.resource.definitions.network.ProbeSpecSpec
- (*ProbeStatusSpec)(nil), // 45: talos.resource.definitions.network.ProbeStatusSpec
- (*ResolverSpecSpec)(nil), // 46: talos.resource.definitions.network.ResolverSpecSpec
- (*ResolverStatusSpec)(nil), // 47: talos.resource.definitions.network.ResolverStatusSpec
- (*RouteSpecSpec)(nil), // 48: talos.resource.definitions.network.RouteSpecSpec
- (*RouteStatusSpec)(nil), // 49: talos.resource.definitions.network.RouteStatusSpec
- (*RoutingRuleSpecSpec)(nil), // 50: talos.resource.definitions.network.RoutingRuleSpecSpec
- (*RoutingRuleStatusSpec)(nil), // 51: talos.resource.definitions.network.RoutingRuleStatusSpec
- (*STPSpec)(nil), // 52: talos.resource.definitions.network.STPSpec
- (*StatusSpec)(nil), // 53: talos.resource.definitions.network.StatusSpec
- (*TCPProbeSpec)(nil), // 54: talos.resource.definitions.network.TCPProbeSpec
- (*TimeServerSpecSpec)(nil), // 55: talos.resource.definitions.network.TimeServerSpecSpec
- (*TimeServerStatusSpec)(nil), // 56: talos.resource.definitions.network.TimeServerStatusSpec
- (*VIPEquinixMetalSpec)(nil), // 57: talos.resource.definitions.network.VIPEquinixMetalSpec
- (*VIPHCloudSpec)(nil), // 58: talos.resource.definitions.network.VIPHCloudSpec
- (*VIPOperatorSpec)(nil), // 59: talos.resource.definitions.network.VIPOperatorSpec
- (*VLANSpec)(nil), // 60: talos.resource.definitions.network.VLANSpec
- (*VRFMasterSpec)(nil), // 61: talos.resource.definitions.network.VRFMasterSpec
- (*VRFSlave)(nil), // 62: talos.resource.definitions.network.VRFSlave
- (*WireguardPeer)(nil), // 63: talos.resource.definitions.network.WireguardPeer
- (*WireguardSpec)(nil), // 64: talos.resource.definitions.network.WireguardSpec
- nil, // 65: talos.resource.definitions.network.EthernetSpecSpec.FeaturesEntry
- (*common.NetIPPrefix)(nil), // 66: common.NetIPPrefix
- (enums.NethelpersFamily)(0), // 67: talos.resource.definitions.enums.NethelpersFamily
- (enums.NethelpersScope)(0), // 68: talos.resource.definitions.enums.NethelpersScope
- (enums.NetworkConfigLayer)(0), // 69: talos.resource.definitions.enums.NetworkConfigLayer
- (*common.NetIP)(nil), // 70: common.NetIP
- (enums.NethelpersBondMode)(0), // 71: talos.resource.definitions.enums.NethelpersBondMode
- (enums.NethelpersBondXmitHashPolicy)(0), // 72: talos.resource.definitions.enums.NethelpersBondXmitHashPolicy
- (enums.NethelpersLACPRate)(0), // 73: talos.resource.definitions.enums.NethelpersLACPRate
- (enums.NethelpersARPValidate)(0), // 74: talos.resource.definitions.enums.NethelpersARPValidate
- (enums.NethelpersARPAllTargets)(0), // 75: talos.resource.definitions.enums.NethelpersARPAllTargets
- (enums.NethelpersPrimaryReselect)(0), // 76: talos.resource.definitions.enums.NethelpersPrimaryReselect
- (enums.NethelpersFailOverMAC)(0), // 77: talos.resource.definitions.enums.NethelpersFailOverMAC
- (enums.NethelpersADSelect)(0), // 78: talos.resource.definitions.enums.NethelpersADSelect
- (enums.NethelpersADLACPActive)(0), // 79: talos.resource.definitions.enums.NethelpersADLACPActive
- (enums.NethelpersClientIdentifier)(0), // 80: talos.resource.definitions.enums.NethelpersClientIdentifier
- (enums.NethelpersWOLMode)(0), // 81: talos.resource.definitions.enums.NethelpersWOLMode
- (enums.NethelpersPort)(0), // 82: talos.resource.definitions.enums.NethelpersPort
- (enums.NethelpersDuplex)(0), // 83: talos.resource.definitions.enums.NethelpersDuplex
- (*common.URL)(nil), // 84: common.URL
- (*durationpb.Duration)(nil), // 85: google.protobuf.Duration
- (*common.NetIPPort)(nil), // 86: common.NetIPPort
- (enums.NethelpersLinkType)(0), // 87: talos.resource.definitions.enums.NethelpersLinkType
- (enums.NethelpersOperationalState)(0), // 88: talos.resource.definitions.enums.NethelpersOperationalState
- (enums.NethelpersNfTablesChainHook)(0), // 89: talos.resource.definitions.enums.NethelpersNfTablesChainHook
- (enums.NethelpersNfTablesChainPriority)(0), // 90: talos.resource.definitions.enums.NethelpersNfTablesChainPriority
- (enums.NethelpersNfTablesVerdict)(0), // 91: talos.resource.definitions.enums.NethelpersNfTablesVerdict
- (enums.NethelpersConntrackState)(0), // 92: talos.resource.definitions.enums.NethelpersConntrackState
- (enums.NethelpersICMPType)(0), // 93: talos.resource.definitions.enums.NethelpersICMPType
- (enums.NethelpersMatchOperator)(0), // 94: talos.resource.definitions.enums.NethelpersMatchOperator
- (enums.NethelpersProtocol)(0), // 95: talos.resource.definitions.enums.NethelpersProtocol
- (enums.NethelpersAddressSortAlgorithm)(0), // 96: talos.resource.definitions.enums.NethelpersAddressSortAlgorithm
- (enums.NetworkOperator)(0), // 97: talos.resource.definitions.enums.NetworkOperator
- (*runtime.PlatformMetadataSpec)(nil), // 98: talos.resource.definitions.runtime.PlatformMetadataSpec
- (enums.NethelpersRoutingTable)(0), // 99: talos.resource.definitions.enums.NethelpersRoutingTable
- (enums.NethelpersRouteType)(0), // 100: talos.resource.definitions.enums.NethelpersRouteType
- (enums.NethelpersRouteProtocol)(0), // 101: talos.resource.definitions.enums.NethelpersRouteProtocol
- (enums.NethelpersRoutingRuleAction)(0), // 102: talos.resource.definitions.enums.NethelpersRoutingRuleAction
- (enums.NethelpersVLANProtocol)(0), // 103: talos.resource.definitions.enums.NethelpersVLANProtocol
+ (*NameServerSpec)(nil), // 27: talos.resource.definitions.network.NameServerSpec
+ (*NfTablesAddressMatch)(nil), // 28: talos.resource.definitions.network.NfTablesAddressMatch
+ (*NfTablesChainSpec)(nil), // 29: talos.resource.definitions.network.NfTablesChainSpec
+ (*NfTablesClampMSS)(nil), // 30: talos.resource.definitions.network.NfTablesClampMSS
+ (*NfTablesConntrackStateMatch)(nil), // 31: talos.resource.definitions.network.NfTablesConntrackStateMatch
+ (*NfTablesICMPTypeMatch)(nil), // 32: talos.resource.definitions.network.NfTablesICMPTypeMatch
+ (*NfTablesIfNameMatch)(nil), // 33: talos.resource.definitions.network.NfTablesIfNameMatch
+ (*NfTablesLayer4Match)(nil), // 34: talos.resource.definitions.network.NfTablesLayer4Match
+ (*NfTablesLimitMatch)(nil), // 35: talos.resource.definitions.network.NfTablesLimitMatch
+ (*NfTablesMark)(nil), // 36: talos.resource.definitions.network.NfTablesMark
+ (*NfTablesPortMatch)(nil), // 37: talos.resource.definitions.network.NfTablesPortMatch
+ (*NfTablesRule)(nil), // 38: talos.resource.definitions.network.NfTablesRule
+ (*NodeAddressFilterSpec)(nil), // 39: talos.resource.definitions.network.NodeAddressFilterSpec
+ (*NodeAddressSortAlgorithmSpec)(nil), // 40: talos.resource.definitions.network.NodeAddressSortAlgorithmSpec
+ (*NodeAddressSpec)(nil), // 41: talos.resource.definitions.network.NodeAddressSpec
+ (*OperatorSpecSpec)(nil), // 42: talos.resource.definitions.network.OperatorSpecSpec
+ (*PlatformConfigSpec)(nil), // 43: talos.resource.definitions.network.PlatformConfigSpec
+ (*PortRange)(nil), // 44: talos.resource.definitions.network.PortRange
+ (*ProbeSpecSpec)(nil), // 45: talos.resource.definitions.network.ProbeSpecSpec
+ (*ProbeStatusSpec)(nil), // 46: talos.resource.definitions.network.ProbeStatusSpec
+ (*ResolverSpecSpec)(nil), // 47: talos.resource.definitions.network.ResolverSpecSpec
+ (*ResolverStatusSpec)(nil), // 48: talos.resource.definitions.network.ResolverStatusSpec
+ (*RouteSpecSpec)(nil), // 49: talos.resource.definitions.network.RouteSpecSpec
+ (*RouteStatusSpec)(nil), // 50: talos.resource.definitions.network.RouteStatusSpec
+ (*RoutingRuleSpecSpec)(nil), // 51: talos.resource.definitions.network.RoutingRuleSpecSpec
+ (*RoutingRuleStatusSpec)(nil), // 52: talos.resource.definitions.network.RoutingRuleStatusSpec
+ (*STPSpec)(nil), // 53: talos.resource.definitions.network.STPSpec
+ (*StatusSpec)(nil), // 54: talos.resource.definitions.network.StatusSpec
+ (*TCPProbeSpec)(nil), // 55: talos.resource.definitions.network.TCPProbeSpec
+ (*TimeServerSpecSpec)(nil), // 56: talos.resource.definitions.network.TimeServerSpecSpec
+ (*TimeServerStatusSpec)(nil), // 57: talos.resource.definitions.network.TimeServerStatusSpec
+ (*VIPEquinixMetalSpec)(nil), // 58: talos.resource.definitions.network.VIPEquinixMetalSpec
+ (*VIPHCloudSpec)(nil), // 59: talos.resource.definitions.network.VIPHCloudSpec
+ (*VIPOperatorSpec)(nil), // 60: talos.resource.definitions.network.VIPOperatorSpec
+ (*VLANSpec)(nil), // 61: talos.resource.definitions.network.VLANSpec
+ (*VRFMasterSpec)(nil), // 62: talos.resource.definitions.network.VRFMasterSpec
+ (*VRFSlave)(nil), // 63: talos.resource.definitions.network.VRFSlave
+ (*WireguardPeer)(nil), // 64: talos.resource.definitions.network.WireguardPeer
+ (*WireguardSpec)(nil), // 65: talos.resource.definitions.network.WireguardSpec
+ nil, // 66: talos.resource.definitions.network.EthernetSpecSpec.FeaturesEntry
+ (*common.NetIPPrefix)(nil), // 67: common.NetIPPrefix
+ (enums.NethelpersFamily)(0), // 68: talos.resource.definitions.enums.NethelpersFamily
+ (enums.NethelpersScope)(0), // 69: talos.resource.definitions.enums.NethelpersScope
+ (enums.NetworkConfigLayer)(0), // 70: talos.resource.definitions.enums.NetworkConfigLayer
+ (*common.NetIP)(nil), // 71: common.NetIP
+ (enums.NethelpersBondMode)(0), // 72: talos.resource.definitions.enums.NethelpersBondMode
+ (enums.NethelpersBondXmitHashPolicy)(0), // 73: talos.resource.definitions.enums.NethelpersBondXmitHashPolicy
+ (enums.NethelpersLACPRate)(0), // 74: talos.resource.definitions.enums.NethelpersLACPRate
+ (enums.NethelpersARPValidate)(0), // 75: talos.resource.definitions.enums.NethelpersARPValidate
+ (enums.NethelpersARPAllTargets)(0), // 76: talos.resource.definitions.enums.NethelpersARPAllTargets
+ (enums.NethelpersPrimaryReselect)(0), // 77: talos.resource.definitions.enums.NethelpersPrimaryReselect
+ (enums.NethelpersFailOverMAC)(0), // 78: talos.resource.definitions.enums.NethelpersFailOverMAC
+ (enums.NethelpersADSelect)(0), // 79: talos.resource.definitions.enums.NethelpersADSelect
+ (enums.NethelpersADLACPActive)(0), // 80: talos.resource.definitions.enums.NethelpersADLACPActive
+ (enums.NethelpersClientIdentifier)(0), // 81: talos.resource.definitions.enums.NethelpersClientIdentifier
+ (enums.NethelpersWOLMode)(0), // 82: talos.resource.definitions.enums.NethelpersWOLMode
+ (enums.NethelpersPort)(0), // 83: talos.resource.definitions.enums.NethelpersPort
+ (enums.NethelpersDuplex)(0), // 84: talos.resource.definitions.enums.NethelpersDuplex
+ (*common.URL)(nil), // 85: common.URL
+ (*durationpb.Duration)(nil), // 86: google.protobuf.Duration
+ (*common.NetIPPort)(nil), // 87: common.NetIPPort
+ (enums.NethelpersLinkType)(0), // 88: talos.resource.definitions.enums.NethelpersLinkType
+ (enums.NethelpersOperationalState)(0), // 89: talos.resource.definitions.enums.NethelpersOperationalState
+ (enums.NethelpersDNSProtocol)(0), // 90: talos.resource.definitions.enums.NethelpersDNSProtocol
+ (enums.NethelpersNfTablesChainHook)(0), // 91: talos.resource.definitions.enums.NethelpersNfTablesChainHook
+ (enums.NethelpersNfTablesChainPriority)(0), // 92: talos.resource.definitions.enums.NethelpersNfTablesChainPriority
+ (enums.NethelpersNfTablesVerdict)(0), // 93: talos.resource.definitions.enums.NethelpersNfTablesVerdict
+ (enums.NethelpersConntrackState)(0), // 94: talos.resource.definitions.enums.NethelpersConntrackState
+ (enums.NethelpersICMPType)(0), // 95: talos.resource.definitions.enums.NethelpersICMPType
+ (enums.NethelpersMatchOperator)(0), // 96: talos.resource.definitions.enums.NethelpersMatchOperator
+ (enums.NethelpersProtocol)(0), // 97: talos.resource.definitions.enums.NethelpersProtocol
+ (enums.NethelpersAddressSortAlgorithm)(0), // 98: talos.resource.definitions.enums.NethelpersAddressSortAlgorithm
+ (enums.NetworkOperator)(0), // 99: talos.resource.definitions.enums.NetworkOperator
+ (*runtime.PlatformMetadataSpec)(nil), // 100: talos.resource.definitions.runtime.PlatformMetadataSpec
+ (enums.NethelpersRoutingTable)(0), // 101: talos.resource.definitions.enums.NethelpersRoutingTable
+ (enums.NethelpersRouteType)(0), // 102: talos.resource.definitions.enums.NethelpersRouteType
+ (enums.NethelpersRouteProtocol)(0), // 103: talos.resource.definitions.enums.NethelpersRouteProtocol
+ (enums.NethelpersRoutingRuleAction)(0), // 104: talos.resource.definitions.enums.NethelpersRoutingRuleAction
+ (enums.NethelpersVLANProtocol)(0), // 105: talos.resource.definitions.enums.NethelpersVLANProtocol
}
var file_resource_definitions_network_network_proto_depIdxs = []int32{
- 66, // 0: talos.resource.definitions.network.AddressSpecSpec.address:type_name -> common.NetIPPrefix
- 67, // 1: talos.resource.definitions.network.AddressSpecSpec.family:type_name -> talos.resource.definitions.enums.NethelpersFamily
- 68, // 2: talos.resource.definitions.network.AddressSpecSpec.scope:type_name -> talos.resource.definitions.enums.NethelpersScope
- 69, // 3: talos.resource.definitions.network.AddressSpecSpec.config_layer:type_name -> talos.resource.definitions.enums.NetworkConfigLayer
- 66, // 4: talos.resource.definitions.network.AddressStatusSpec.address:type_name -> common.NetIPPrefix
- 70, // 5: talos.resource.definitions.network.AddressStatusSpec.local:type_name -> common.NetIP
- 70, // 6: talos.resource.definitions.network.AddressStatusSpec.broadcast:type_name -> common.NetIP
- 70, // 7: talos.resource.definitions.network.AddressStatusSpec.anycast:type_name -> common.NetIP
- 70, // 8: talos.resource.definitions.network.AddressStatusSpec.multicast:type_name -> common.NetIP
- 67, // 9: talos.resource.definitions.network.AddressStatusSpec.family:type_name -> talos.resource.definitions.enums.NethelpersFamily
- 68, // 10: talos.resource.definitions.network.AddressStatusSpec.scope:type_name -> talos.resource.definitions.enums.NethelpersScope
- 71, // 11: talos.resource.definitions.network.BondMasterSpec.mode:type_name -> talos.resource.definitions.enums.NethelpersBondMode
- 72, // 12: talos.resource.definitions.network.BondMasterSpec.hash_policy:type_name -> talos.resource.definitions.enums.NethelpersBondXmitHashPolicy
- 73, // 13: talos.resource.definitions.network.BondMasterSpec.lacp_rate:type_name -> talos.resource.definitions.enums.NethelpersLACPRate
- 74, // 14: talos.resource.definitions.network.BondMasterSpec.arp_validate:type_name -> talos.resource.definitions.enums.NethelpersARPValidate
- 75, // 15: talos.resource.definitions.network.BondMasterSpec.arp_all_targets:type_name -> talos.resource.definitions.enums.NethelpersARPAllTargets
- 76, // 16: talos.resource.definitions.network.BondMasterSpec.primary_reselect:type_name -> talos.resource.definitions.enums.NethelpersPrimaryReselect
- 77, // 17: talos.resource.definitions.network.BondMasterSpec.fail_over_mac:type_name -> talos.resource.definitions.enums.NethelpersFailOverMAC
- 78, // 18: talos.resource.definitions.network.BondMasterSpec.ad_select:type_name -> talos.resource.definitions.enums.NethelpersADSelect
- 70, // 19: talos.resource.definitions.network.BondMasterSpec.arpip_targets:type_name -> common.NetIP
- 70, // 20: talos.resource.definitions.network.BondMasterSpec.nsip6_targets:type_name -> common.NetIP
- 79, // 21: talos.resource.definitions.network.BondMasterSpec.adlacp_active:type_name -> talos.resource.definitions.enums.NethelpersADLACPActive
- 52, // 22: talos.resource.definitions.network.BridgeMasterSpec.stp:type_name -> talos.resource.definitions.network.STPSpec
+ 67, // 0: talos.resource.definitions.network.AddressSpecSpec.address:type_name -> common.NetIPPrefix
+ 68, // 1: talos.resource.definitions.network.AddressSpecSpec.family:type_name -> talos.resource.definitions.enums.NethelpersFamily
+ 69, // 2: talos.resource.definitions.network.AddressSpecSpec.scope:type_name -> talos.resource.definitions.enums.NethelpersScope
+ 70, // 3: talos.resource.definitions.network.AddressSpecSpec.config_layer:type_name -> talos.resource.definitions.enums.NetworkConfigLayer
+ 67, // 4: talos.resource.definitions.network.AddressStatusSpec.address:type_name -> common.NetIPPrefix
+ 71, // 5: talos.resource.definitions.network.AddressStatusSpec.local:type_name -> common.NetIP
+ 71, // 6: talos.resource.definitions.network.AddressStatusSpec.broadcast:type_name -> common.NetIP
+ 71, // 7: talos.resource.definitions.network.AddressStatusSpec.anycast:type_name -> common.NetIP
+ 71, // 8: talos.resource.definitions.network.AddressStatusSpec.multicast:type_name -> common.NetIP
+ 68, // 9: talos.resource.definitions.network.AddressStatusSpec.family:type_name -> talos.resource.definitions.enums.NethelpersFamily
+ 69, // 10: talos.resource.definitions.network.AddressStatusSpec.scope:type_name -> talos.resource.definitions.enums.NethelpersScope
+ 72, // 11: talos.resource.definitions.network.BondMasterSpec.mode:type_name -> talos.resource.definitions.enums.NethelpersBondMode
+ 73, // 12: talos.resource.definitions.network.BondMasterSpec.hash_policy:type_name -> talos.resource.definitions.enums.NethelpersBondXmitHashPolicy
+ 74, // 13: talos.resource.definitions.network.BondMasterSpec.lacp_rate:type_name -> talos.resource.definitions.enums.NethelpersLACPRate
+ 75, // 14: talos.resource.definitions.network.BondMasterSpec.arp_validate:type_name -> talos.resource.definitions.enums.NethelpersARPValidate
+ 76, // 15: talos.resource.definitions.network.BondMasterSpec.arp_all_targets:type_name -> talos.resource.definitions.enums.NethelpersARPAllTargets
+ 77, // 16: talos.resource.definitions.network.BondMasterSpec.primary_reselect:type_name -> talos.resource.definitions.enums.NethelpersPrimaryReselect
+ 78, // 17: talos.resource.definitions.network.BondMasterSpec.fail_over_mac:type_name -> talos.resource.definitions.enums.NethelpersFailOverMAC
+ 79, // 18: talos.resource.definitions.network.BondMasterSpec.ad_select:type_name -> talos.resource.definitions.enums.NethelpersADSelect
+ 71, // 19: talos.resource.definitions.network.BondMasterSpec.arpip_targets:type_name -> common.NetIP
+ 71, // 20: talos.resource.definitions.network.BondMasterSpec.nsip6_targets:type_name -> common.NetIP
+ 80, // 21: talos.resource.definitions.network.BondMasterSpec.adlacp_active:type_name -> talos.resource.definitions.enums.NethelpersADLACPActive
+ 53, // 22: talos.resource.definitions.network.BridgeMasterSpec.stp:type_name -> talos.resource.definitions.network.STPSpec
6, // 23: talos.resource.definitions.network.BridgeMasterSpec.vlan:type_name -> talos.resource.definitions.network.BridgeVLANSpec
- 80, // 24: talos.resource.definitions.network.ClientIdentifierSpec.client_identifier:type_name -> talos.resource.definitions.enums.NethelpersClientIdentifier
+ 81, // 24: talos.resource.definitions.network.ClientIdentifierSpec.client_identifier:type_name -> talos.resource.definitions.enums.NethelpersClientIdentifier
7, // 25: talos.resource.definitions.network.DHCP4OperatorSpec.client_identifier:type_name -> talos.resource.definitions.network.ClientIdentifierSpec
7, // 26: talos.resource.definitions.network.DHCP6OperatorSpec.client_identifier:type_name -> talos.resource.definitions.network.ClientIdentifierSpec
14, // 27: talos.resource.definitions.network.EthernetSpecSpec.rings:type_name -> talos.resource.definitions.network.EthernetRingsSpec
- 65, // 28: talos.resource.definitions.network.EthernetSpecSpec.features:type_name -> talos.resource.definitions.network.EthernetSpecSpec.FeaturesEntry
+ 66, // 28: talos.resource.definitions.network.EthernetSpecSpec.features:type_name -> talos.resource.definitions.network.EthernetSpecSpec.FeaturesEntry
11, // 29: talos.resource.definitions.network.EthernetSpecSpec.channels:type_name -> talos.resource.definitions.network.EthernetChannelsSpec
- 81, // 30: talos.resource.definitions.network.EthernetSpecSpec.wake_on_lan:type_name -> talos.resource.definitions.enums.NethelpersWOLMode
- 82, // 31: talos.resource.definitions.network.EthernetStatusSpec.port:type_name -> talos.resource.definitions.enums.NethelpersPort
- 83, // 32: talos.resource.definitions.network.EthernetStatusSpec.duplex:type_name -> talos.resource.definitions.enums.NethelpersDuplex
+ 82, // 30: talos.resource.definitions.network.EthernetSpecSpec.wake_on_lan:type_name -> talos.resource.definitions.enums.NethelpersWOLMode
+ 83, // 31: talos.resource.definitions.network.EthernetStatusSpec.port:type_name -> talos.resource.definitions.enums.NethelpersPort
+ 84, // 32: talos.resource.definitions.network.EthernetStatusSpec.duplex:type_name -> talos.resource.definitions.enums.NethelpersDuplex
15, // 33: talos.resource.definitions.network.EthernetStatusSpec.rings:type_name -> talos.resource.definitions.network.EthernetRingsStatus
13, // 34: talos.resource.definitions.network.EthernetStatusSpec.features:type_name -> talos.resource.definitions.network.EthernetFeatureStatus
12, // 35: talos.resource.definitions.network.EthernetStatusSpec.channels:type_name -> talos.resource.definitions.network.EthernetChannelsStatus
- 81, // 36: talos.resource.definitions.network.EthernetStatusSpec.wake_on_lan:type_name -> talos.resource.definitions.enums.NethelpersWOLMode
- 84, // 37: talos.resource.definitions.network.HTTPProbeSpec.url:type_name -> common.URL
- 85, // 38: talos.resource.definitions.network.HTTPProbeSpec.timeout:type_name -> google.protobuf.Duration
- 86, // 39: talos.resource.definitions.network.HostDNSConfigSpec.listen_addresses:type_name -> common.NetIPPort
- 70, // 40: talos.resource.definitions.network.HostDNSConfigSpec.service_host_dns_address:type_name -> common.NetIP
- 70, // 41: talos.resource.definitions.network.HostDNSConfigSpec.service_host_dns_address_v6:type_name -> common.NetIP
- 69, // 42: talos.resource.definitions.network.HostnameSpecSpec.config_layer:type_name -> talos.resource.definitions.enums.NetworkConfigLayer
- 87, // 43: talos.resource.definitions.network.LinkSpecSpec.type:type_name -> talos.resource.definitions.enums.NethelpersLinkType
+ 82, // 36: talos.resource.definitions.network.EthernetStatusSpec.wake_on_lan:type_name -> talos.resource.definitions.enums.NethelpersWOLMode
+ 85, // 37: talos.resource.definitions.network.HTTPProbeSpec.url:type_name -> common.URL
+ 86, // 38: talos.resource.definitions.network.HTTPProbeSpec.timeout:type_name -> google.protobuf.Duration
+ 87, // 39: talos.resource.definitions.network.HostDNSConfigSpec.listen_addresses:type_name -> common.NetIPPort
+ 71, // 40: talos.resource.definitions.network.HostDNSConfigSpec.service_host_dns_address:type_name -> common.NetIP
+ 71, // 41: talos.resource.definitions.network.HostDNSConfigSpec.service_host_dns_address_v6:type_name -> common.NetIP
+ 70, // 42: talos.resource.definitions.network.HostnameSpecSpec.config_layer:type_name -> talos.resource.definitions.enums.NetworkConfigLayer
+ 88, // 43: talos.resource.definitions.network.LinkSpecSpec.type:type_name -> talos.resource.definitions.enums.NethelpersLinkType
3, // 44: talos.resource.definitions.network.LinkSpecSpec.bond_slave:type_name -> talos.resource.definitions.network.BondSlave
5, // 45: talos.resource.definitions.network.LinkSpecSpec.bridge_slave:type_name -> talos.resource.definitions.network.BridgeSlave
- 60, // 46: talos.resource.definitions.network.LinkSpecSpec.vlan:type_name -> talos.resource.definitions.network.VLANSpec
+ 61, // 46: talos.resource.definitions.network.LinkSpecSpec.vlan:type_name -> talos.resource.definitions.network.VLANSpec
2, // 47: talos.resource.definitions.network.LinkSpecSpec.bond_master:type_name -> talos.resource.definitions.network.BondMasterSpec
4, // 48: talos.resource.definitions.network.LinkSpecSpec.bridge_master:type_name -> talos.resource.definitions.network.BridgeMasterSpec
- 64, // 49: talos.resource.definitions.network.LinkSpecSpec.wireguard:type_name -> talos.resource.definitions.network.WireguardSpec
- 69, // 50: talos.resource.definitions.network.LinkSpecSpec.config_layer:type_name -> talos.resource.definitions.enums.NetworkConfigLayer
- 61, // 51: talos.resource.definitions.network.LinkSpecSpec.vrf_master:type_name -> talos.resource.definitions.network.VRFMasterSpec
- 62, // 52: talos.resource.definitions.network.LinkSpecSpec.vrf_slave:type_name -> talos.resource.definitions.network.VRFSlave
- 87, // 53: talos.resource.definitions.network.LinkStatusSpec.type:type_name -> talos.resource.definitions.enums.NethelpersLinkType
- 88, // 54: talos.resource.definitions.network.LinkStatusSpec.operational_state:type_name -> talos.resource.definitions.enums.NethelpersOperationalState
- 82, // 55: talos.resource.definitions.network.LinkStatusSpec.port:type_name -> talos.resource.definitions.enums.NethelpersPort
- 83, // 56: talos.resource.definitions.network.LinkStatusSpec.duplex:type_name -> talos.resource.definitions.enums.NethelpersDuplex
- 60, // 57: talos.resource.definitions.network.LinkStatusSpec.vlan:type_name -> talos.resource.definitions.network.VLANSpec
+ 65, // 49: talos.resource.definitions.network.LinkSpecSpec.wireguard:type_name -> talos.resource.definitions.network.WireguardSpec
+ 70, // 50: talos.resource.definitions.network.LinkSpecSpec.config_layer:type_name -> talos.resource.definitions.enums.NetworkConfigLayer
+ 62, // 51: talos.resource.definitions.network.LinkSpecSpec.vrf_master:type_name -> talos.resource.definitions.network.VRFMasterSpec
+ 63, // 52: talos.resource.definitions.network.LinkSpecSpec.vrf_slave:type_name -> talos.resource.definitions.network.VRFSlave
+ 88, // 53: talos.resource.definitions.network.LinkStatusSpec.type:type_name -> talos.resource.definitions.enums.NethelpersLinkType
+ 89, // 54: talos.resource.definitions.network.LinkStatusSpec.operational_state:type_name -> talos.resource.definitions.enums.NethelpersOperationalState
+ 83, // 55: talos.resource.definitions.network.LinkStatusSpec.port:type_name -> talos.resource.definitions.enums.NethelpersPort
+ 84, // 56: talos.resource.definitions.network.LinkStatusSpec.duplex:type_name -> talos.resource.definitions.enums.NethelpersDuplex
+ 61, // 57: talos.resource.definitions.network.LinkStatusSpec.vlan:type_name -> talos.resource.definitions.network.VLANSpec
4, // 58: talos.resource.definitions.network.LinkStatusSpec.bridge_master:type_name -> talos.resource.definitions.network.BridgeMasterSpec
2, // 59: talos.resource.definitions.network.LinkStatusSpec.bond_master:type_name -> talos.resource.definitions.network.BondMasterSpec
- 64, // 60: talos.resource.definitions.network.LinkStatusSpec.wireguard:type_name -> talos.resource.definitions.network.WireguardSpec
- 61, // 61: talos.resource.definitions.network.LinkStatusSpec.vrf_master:type_name -> talos.resource.definitions.network.VRFMasterSpec
- 66, // 62: talos.resource.definitions.network.NfTablesAddressMatch.include_subnets:type_name -> common.NetIPPrefix
- 66, // 63: talos.resource.definitions.network.NfTablesAddressMatch.exclude_subnets:type_name -> common.NetIPPrefix
- 89, // 64: talos.resource.definitions.network.NfTablesChainSpec.hook:type_name -> talos.resource.definitions.enums.NethelpersNfTablesChainHook
- 90, // 65: talos.resource.definitions.network.NfTablesChainSpec.priority:type_name -> talos.resource.definitions.enums.NethelpersNfTablesChainPriority
- 37, // 66: talos.resource.definitions.network.NfTablesChainSpec.rules:type_name -> talos.resource.definitions.network.NfTablesRule
- 91, // 67: talos.resource.definitions.network.NfTablesChainSpec.policy:type_name -> talos.resource.definitions.enums.NethelpersNfTablesVerdict
- 92, // 68: talos.resource.definitions.network.NfTablesConntrackStateMatch.states:type_name -> talos.resource.definitions.enums.NethelpersConntrackState
- 93, // 69: talos.resource.definitions.network.NfTablesICMPTypeMatch.types:type_name -> talos.resource.definitions.enums.NethelpersICMPType
- 94, // 70: talos.resource.definitions.network.NfTablesIfNameMatch.operator:type_name -> talos.resource.definitions.enums.NethelpersMatchOperator
- 95, // 71: talos.resource.definitions.network.NfTablesLayer4Match.protocol:type_name -> talos.resource.definitions.enums.NethelpersProtocol
- 36, // 72: talos.resource.definitions.network.NfTablesLayer4Match.match_source_port:type_name -> talos.resource.definitions.network.NfTablesPortMatch
- 36, // 73: talos.resource.definitions.network.NfTablesLayer4Match.match_destination_port:type_name -> talos.resource.definitions.network.NfTablesPortMatch
- 31, // 74: talos.resource.definitions.network.NfTablesLayer4Match.match_icmp_type:type_name -> talos.resource.definitions.network.NfTablesICMPTypeMatch
- 43, // 75: talos.resource.definitions.network.NfTablesPortMatch.ranges:type_name -> talos.resource.definitions.network.PortRange
- 32, // 76: talos.resource.definitions.network.NfTablesRule.match_o_if_name:type_name -> talos.resource.definitions.network.NfTablesIfNameMatch
- 91, // 77: talos.resource.definitions.network.NfTablesRule.verdict:type_name -> talos.resource.definitions.enums.NethelpersNfTablesVerdict
- 35, // 78: talos.resource.definitions.network.NfTablesRule.match_mark:type_name -> talos.resource.definitions.network.NfTablesMark
- 35, // 79: talos.resource.definitions.network.NfTablesRule.set_mark:type_name -> talos.resource.definitions.network.NfTablesMark
- 27, // 80: talos.resource.definitions.network.NfTablesRule.match_source_address:type_name -> talos.resource.definitions.network.NfTablesAddressMatch
- 27, // 81: talos.resource.definitions.network.NfTablesRule.match_destination_address:type_name -> talos.resource.definitions.network.NfTablesAddressMatch
- 33, // 82: talos.resource.definitions.network.NfTablesRule.match_layer4:type_name -> talos.resource.definitions.network.NfTablesLayer4Match
- 32, // 83: talos.resource.definitions.network.NfTablesRule.match_i_if_name:type_name -> talos.resource.definitions.network.NfTablesIfNameMatch
- 29, // 84: talos.resource.definitions.network.NfTablesRule.clamp_mss:type_name -> talos.resource.definitions.network.NfTablesClampMSS
- 34, // 85: talos.resource.definitions.network.NfTablesRule.match_limit:type_name -> talos.resource.definitions.network.NfTablesLimitMatch
- 30, // 86: talos.resource.definitions.network.NfTablesRule.match_conntrack_state:type_name -> talos.resource.definitions.network.NfTablesConntrackStateMatch
- 66, // 87: talos.resource.definitions.network.NodeAddressFilterSpec.include_subnets:type_name -> common.NetIPPrefix
- 66, // 88: talos.resource.definitions.network.NodeAddressFilterSpec.exclude_subnets:type_name -> common.NetIPPrefix
- 96, // 89: talos.resource.definitions.network.NodeAddressSortAlgorithmSpec.algorithm:type_name -> talos.resource.definitions.enums.NethelpersAddressSortAlgorithm
- 66, // 90: talos.resource.definitions.network.NodeAddressSpec.addresses:type_name -> common.NetIPPrefix
- 96, // 91: talos.resource.definitions.network.NodeAddressSpec.sort_algorithm:type_name -> talos.resource.definitions.enums.NethelpersAddressSortAlgorithm
- 97, // 92: talos.resource.definitions.network.OperatorSpecSpec.operator:type_name -> talos.resource.definitions.enums.NetworkOperator
- 8, // 93: talos.resource.definitions.network.OperatorSpecSpec.dhcp4:type_name -> talos.resource.definitions.network.DHCP4OperatorSpec
- 9, // 94: talos.resource.definitions.network.OperatorSpecSpec.dhcp6:type_name -> talos.resource.definitions.network.DHCP6OperatorSpec
- 59, // 95: talos.resource.definitions.network.OperatorSpecSpec.vip:type_name -> talos.resource.definitions.network.VIPOperatorSpec
- 69, // 96: talos.resource.definitions.network.OperatorSpecSpec.config_layer:type_name -> talos.resource.definitions.enums.NetworkConfigLayer
- 0, // 97: talos.resource.definitions.network.PlatformConfigSpec.addresses:type_name -> talos.resource.definitions.network.AddressSpecSpec
- 25, // 98: talos.resource.definitions.network.PlatformConfigSpec.links:type_name -> talos.resource.definitions.network.LinkSpecSpec
- 48, // 99: talos.resource.definitions.network.PlatformConfigSpec.routes:type_name -> talos.resource.definitions.network.RouteSpecSpec
- 21, // 100: talos.resource.definitions.network.PlatformConfigSpec.hostnames:type_name -> talos.resource.definitions.network.HostnameSpecSpec
- 46, // 101: talos.resource.definitions.network.PlatformConfigSpec.resolvers:type_name -> talos.resource.definitions.network.ResolverSpecSpec
- 55, // 102: talos.resource.definitions.network.PlatformConfigSpec.time_servers:type_name -> talos.resource.definitions.network.TimeServerSpecSpec
- 41, // 103: talos.resource.definitions.network.PlatformConfigSpec.operators:type_name -> talos.resource.definitions.network.OperatorSpecSpec
- 70, // 104: talos.resource.definitions.network.PlatformConfigSpec.external_ips:type_name -> common.NetIP
- 44, // 105: talos.resource.definitions.network.PlatformConfigSpec.probes:type_name -> talos.resource.definitions.network.ProbeSpecSpec
- 98, // 106: talos.resource.definitions.network.PlatformConfigSpec.metadata:type_name -> talos.resource.definitions.runtime.PlatformMetadataSpec
- 85, // 107: talos.resource.definitions.network.ProbeSpecSpec.interval:type_name -> google.protobuf.Duration
- 54, // 108: talos.resource.definitions.network.ProbeSpecSpec.tcp:type_name -> talos.resource.definitions.network.TCPProbeSpec
- 69, // 109: talos.resource.definitions.network.ProbeSpecSpec.config_layer:type_name -> talos.resource.definitions.enums.NetworkConfigLayer
- 18, // 110: talos.resource.definitions.network.ProbeSpecSpec.http:type_name -> talos.resource.definitions.network.HTTPProbeSpec
- 70, // 111: talos.resource.definitions.network.ResolverSpecSpec.dns_servers:type_name -> common.NetIP
- 69, // 112: talos.resource.definitions.network.ResolverSpecSpec.config_layer:type_name -> talos.resource.definitions.enums.NetworkConfigLayer
- 70, // 113: talos.resource.definitions.network.ResolverStatusSpec.dns_servers:type_name -> common.NetIP
- 67, // 114: talos.resource.definitions.network.RouteSpecSpec.family:type_name -> talos.resource.definitions.enums.NethelpersFamily
- 66, // 115: talos.resource.definitions.network.RouteSpecSpec.destination:type_name -> common.NetIPPrefix
- 70, // 116: talos.resource.definitions.network.RouteSpecSpec.source:type_name -> common.NetIP
- 70, // 117: talos.resource.definitions.network.RouteSpecSpec.gateway:type_name -> common.NetIP
- 99, // 118: talos.resource.definitions.network.RouteSpecSpec.table:type_name -> talos.resource.definitions.enums.NethelpersRoutingTable
- 68, // 119: talos.resource.definitions.network.RouteSpecSpec.scope:type_name -> talos.resource.definitions.enums.NethelpersScope
- 100, // 120: talos.resource.definitions.network.RouteSpecSpec.type:type_name -> talos.resource.definitions.enums.NethelpersRouteType
- 101, // 121: talos.resource.definitions.network.RouteSpecSpec.protocol:type_name -> talos.resource.definitions.enums.NethelpersRouteProtocol
- 69, // 122: talos.resource.definitions.network.RouteSpecSpec.config_layer:type_name -> talos.resource.definitions.enums.NetworkConfigLayer
- 67, // 123: talos.resource.definitions.network.RouteStatusSpec.family:type_name -> talos.resource.definitions.enums.NethelpersFamily
- 66, // 124: talos.resource.definitions.network.RouteStatusSpec.destination:type_name -> common.NetIPPrefix
- 70, // 125: talos.resource.definitions.network.RouteStatusSpec.source:type_name -> common.NetIP
- 70, // 126: talos.resource.definitions.network.RouteStatusSpec.gateway:type_name -> common.NetIP
- 99, // 127: talos.resource.definitions.network.RouteStatusSpec.table:type_name -> talos.resource.definitions.enums.NethelpersRoutingTable
- 68, // 128: talos.resource.definitions.network.RouteStatusSpec.scope:type_name -> talos.resource.definitions.enums.NethelpersScope
- 100, // 129: talos.resource.definitions.network.RouteStatusSpec.type:type_name -> talos.resource.definitions.enums.NethelpersRouteType
- 101, // 130: talos.resource.definitions.network.RouteStatusSpec.protocol:type_name -> talos.resource.definitions.enums.NethelpersRouteProtocol
- 67, // 131: talos.resource.definitions.network.RoutingRuleSpecSpec.family:type_name -> talos.resource.definitions.enums.NethelpersFamily
- 66, // 132: talos.resource.definitions.network.RoutingRuleSpecSpec.src:type_name -> common.NetIPPrefix
- 66, // 133: talos.resource.definitions.network.RoutingRuleSpecSpec.dst:type_name -> common.NetIPPrefix
- 99, // 134: talos.resource.definitions.network.RoutingRuleSpecSpec.table:type_name -> talos.resource.definitions.enums.NethelpersRoutingTable
- 102, // 135: talos.resource.definitions.network.RoutingRuleSpecSpec.action:type_name -> talos.resource.definitions.enums.NethelpersRoutingRuleAction
- 69, // 136: talos.resource.definitions.network.RoutingRuleSpecSpec.config_layer:type_name -> talos.resource.definitions.enums.NetworkConfigLayer
- 67, // 137: talos.resource.definitions.network.RoutingRuleStatusSpec.family:type_name -> talos.resource.definitions.enums.NethelpersFamily
- 66, // 138: talos.resource.definitions.network.RoutingRuleStatusSpec.src:type_name -> common.NetIPPrefix
- 66, // 139: talos.resource.definitions.network.RoutingRuleStatusSpec.dst:type_name -> common.NetIPPrefix
- 99, // 140: talos.resource.definitions.network.RoutingRuleStatusSpec.table:type_name -> talos.resource.definitions.enums.NethelpersRoutingTable
- 102, // 141: talos.resource.definitions.network.RoutingRuleStatusSpec.action:type_name -> talos.resource.definitions.enums.NethelpersRoutingRuleAction
- 85, // 142: talos.resource.definitions.network.TCPProbeSpec.timeout:type_name -> google.protobuf.Duration
- 69, // 143: talos.resource.definitions.network.TimeServerSpecSpec.config_layer:type_name -> talos.resource.definitions.enums.NetworkConfigLayer
- 70, // 144: talos.resource.definitions.network.VIPOperatorSpec.ip:type_name -> common.NetIP
- 57, // 145: talos.resource.definitions.network.VIPOperatorSpec.equinix_metal:type_name -> talos.resource.definitions.network.VIPEquinixMetalSpec
- 58, // 146: talos.resource.definitions.network.VIPOperatorSpec.h_cloud:type_name -> talos.resource.definitions.network.VIPHCloudSpec
- 103, // 147: talos.resource.definitions.network.VLANSpec.protocol:type_name -> talos.resource.definitions.enums.NethelpersVLANProtocol
- 99, // 148: talos.resource.definitions.network.VRFMasterSpec.table:type_name -> talos.resource.definitions.enums.NethelpersRoutingTable
- 85, // 149: talos.resource.definitions.network.WireguardPeer.persistent_keepalive_interval:type_name -> google.protobuf.Duration
- 66, // 150: talos.resource.definitions.network.WireguardPeer.allowed_ips:type_name -> common.NetIPPrefix
- 63, // 151: talos.resource.definitions.network.WireguardSpec.peers:type_name -> talos.resource.definitions.network.WireguardPeer
- 152, // [152:152] is the sub-list for method output_type
- 152, // [152:152] is the sub-list for method input_type
- 152, // [152:152] is the sub-list for extension type_name
- 152, // [152:152] is the sub-list for extension extendee
- 0, // [0:152] is the sub-list for field type_name
+ 65, // 60: talos.resource.definitions.network.LinkStatusSpec.wireguard:type_name -> talos.resource.definitions.network.WireguardSpec
+ 62, // 61: talos.resource.definitions.network.LinkStatusSpec.vrf_master:type_name -> talos.resource.definitions.network.VRFMasterSpec
+ 71, // 62: talos.resource.definitions.network.NameServerSpec.addr:type_name -> common.NetIP
+ 90, // 63: talos.resource.definitions.network.NameServerSpec.protocol:type_name -> talos.resource.definitions.enums.NethelpersDNSProtocol
+ 67, // 64: talos.resource.definitions.network.NfTablesAddressMatch.include_subnets:type_name -> common.NetIPPrefix
+ 67, // 65: talos.resource.definitions.network.NfTablesAddressMatch.exclude_subnets:type_name -> common.NetIPPrefix
+ 91, // 66: talos.resource.definitions.network.NfTablesChainSpec.hook:type_name -> talos.resource.definitions.enums.NethelpersNfTablesChainHook
+ 92, // 67: talos.resource.definitions.network.NfTablesChainSpec.priority:type_name -> talos.resource.definitions.enums.NethelpersNfTablesChainPriority
+ 38, // 68: talos.resource.definitions.network.NfTablesChainSpec.rules:type_name -> talos.resource.definitions.network.NfTablesRule
+ 93, // 69: talos.resource.definitions.network.NfTablesChainSpec.policy:type_name -> talos.resource.definitions.enums.NethelpersNfTablesVerdict
+ 94, // 70: talos.resource.definitions.network.NfTablesConntrackStateMatch.states:type_name -> talos.resource.definitions.enums.NethelpersConntrackState
+ 95, // 71: talos.resource.definitions.network.NfTablesICMPTypeMatch.types:type_name -> talos.resource.definitions.enums.NethelpersICMPType
+ 96, // 72: talos.resource.definitions.network.NfTablesIfNameMatch.operator:type_name -> talos.resource.definitions.enums.NethelpersMatchOperator
+ 97, // 73: talos.resource.definitions.network.NfTablesLayer4Match.protocol:type_name -> talos.resource.definitions.enums.NethelpersProtocol
+ 37, // 74: talos.resource.definitions.network.NfTablesLayer4Match.match_source_port:type_name -> talos.resource.definitions.network.NfTablesPortMatch
+ 37, // 75: talos.resource.definitions.network.NfTablesLayer4Match.match_destination_port:type_name -> talos.resource.definitions.network.NfTablesPortMatch
+ 32, // 76: talos.resource.definitions.network.NfTablesLayer4Match.match_icmp_type:type_name -> talos.resource.definitions.network.NfTablesICMPTypeMatch
+ 44, // 77: talos.resource.definitions.network.NfTablesPortMatch.ranges:type_name -> talos.resource.definitions.network.PortRange
+ 33, // 78: talos.resource.definitions.network.NfTablesRule.match_o_if_name:type_name -> talos.resource.definitions.network.NfTablesIfNameMatch
+ 93, // 79: talos.resource.definitions.network.NfTablesRule.verdict:type_name -> talos.resource.definitions.enums.NethelpersNfTablesVerdict
+ 36, // 80: talos.resource.definitions.network.NfTablesRule.match_mark:type_name -> talos.resource.definitions.network.NfTablesMark
+ 36, // 81: talos.resource.definitions.network.NfTablesRule.set_mark:type_name -> talos.resource.definitions.network.NfTablesMark
+ 28, // 82: talos.resource.definitions.network.NfTablesRule.match_source_address:type_name -> talos.resource.definitions.network.NfTablesAddressMatch
+ 28, // 83: talos.resource.definitions.network.NfTablesRule.match_destination_address:type_name -> talos.resource.definitions.network.NfTablesAddressMatch
+ 34, // 84: talos.resource.definitions.network.NfTablesRule.match_layer4:type_name -> talos.resource.definitions.network.NfTablesLayer4Match
+ 33, // 85: talos.resource.definitions.network.NfTablesRule.match_i_if_name:type_name -> talos.resource.definitions.network.NfTablesIfNameMatch
+ 30, // 86: talos.resource.definitions.network.NfTablesRule.clamp_mss:type_name -> talos.resource.definitions.network.NfTablesClampMSS
+ 35, // 87: talos.resource.definitions.network.NfTablesRule.match_limit:type_name -> talos.resource.definitions.network.NfTablesLimitMatch
+ 31, // 88: talos.resource.definitions.network.NfTablesRule.match_conntrack_state:type_name -> talos.resource.definitions.network.NfTablesConntrackStateMatch
+ 67, // 89: talos.resource.definitions.network.NodeAddressFilterSpec.include_subnets:type_name -> common.NetIPPrefix
+ 67, // 90: talos.resource.definitions.network.NodeAddressFilterSpec.exclude_subnets:type_name -> common.NetIPPrefix
+ 98, // 91: talos.resource.definitions.network.NodeAddressSortAlgorithmSpec.algorithm:type_name -> talos.resource.definitions.enums.NethelpersAddressSortAlgorithm
+ 67, // 92: talos.resource.definitions.network.NodeAddressSpec.addresses:type_name -> common.NetIPPrefix
+ 98, // 93: talos.resource.definitions.network.NodeAddressSpec.sort_algorithm:type_name -> talos.resource.definitions.enums.NethelpersAddressSortAlgorithm
+ 99, // 94: talos.resource.definitions.network.OperatorSpecSpec.operator:type_name -> talos.resource.definitions.enums.NetworkOperator
+ 8, // 95: talos.resource.definitions.network.OperatorSpecSpec.dhcp4:type_name -> talos.resource.definitions.network.DHCP4OperatorSpec
+ 9, // 96: talos.resource.definitions.network.OperatorSpecSpec.dhcp6:type_name -> talos.resource.definitions.network.DHCP6OperatorSpec
+ 60, // 97: talos.resource.definitions.network.OperatorSpecSpec.vip:type_name -> talos.resource.definitions.network.VIPOperatorSpec
+ 70, // 98: talos.resource.definitions.network.OperatorSpecSpec.config_layer:type_name -> talos.resource.definitions.enums.NetworkConfigLayer
+ 0, // 99: talos.resource.definitions.network.PlatformConfigSpec.addresses:type_name -> talos.resource.definitions.network.AddressSpecSpec
+ 25, // 100: talos.resource.definitions.network.PlatformConfigSpec.links:type_name -> talos.resource.definitions.network.LinkSpecSpec
+ 49, // 101: talos.resource.definitions.network.PlatformConfigSpec.routes:type_name -> talos.resource.definitions.network.RouteSpecSpec
+ 21, // 102: talos.resource.definitions.network.PlatformConfigSpec.hostnames:type_name -> talos.resource.definitions.network.HostnameSpecSpec
+ 47, // 103: talos.resource.definitions.network.PlatformConfigSpec.resolvers:type_name -> talos.resource.definitions.network.ResolverSpecSpec
+ 56, // 104: talos.resource.definitions.network.PlatformConfigSpec.time_servers:type_name -> talos.resource.definitions.network.TimeServerSpecSpec
+ 42, // 105: talos.resource.definitions.network.PlatformConfigSpec.operators:type_name -> talos.resource.definitions.network.OperatorSpecSpec
+ 71, // 106: talos.resource.definitions.network.PlatformConfigSpec.external_ips:type_name -> common.NetIP
+ 45, // 107: talos.resource.definitions.network.PlatformConfigSpec.probes:type_name -> talos.resource.definitions.network.ProbeSpecSpec
+ 100, // 108: talos.resource.definitions.network.PlatformConfigSpec.metadata:type_name -> talos.resource.definitions.runtime.PlatformMetadataSpec
+ 86, // 109: talos.resource.definitions.network.ProbeSpecSpec.interval:type_name -> google.protobuf.Duration
+ 55, // 110: talos.resource.definitions.network.ProbeSpecSpec.tcp:type_name -> talos.resource.definitions.network.TCPProbeSpec
+ 70, // 111: talos.resource.definitions.network.ProbeSpecSpec.config_layer:type_name -> talos.resource.definitions.enums.NetworkConfigLayer
+ 18, // 112: talos.resource.definitions.network.ProbeSpecSpec.http:type_name -> talos.resource.definitions.network.HTTPProbeSpec
+ 71, // 113: talos.resource.definitions.network.ResolverSpecSpec.dns_servers:type_name -> common.NetIP
+ 70, // 114: talos.resource.definitions.network.ResolverSpecSpec.config_layer:type_name -> talos.resource.definitions.enums.NetworkConfigLayer
+ 27, // 115: talos.resource.definitions.network.ResolverSpecSpec.name_servers:type_name -> talos.resource.definitions.network.NameServerSpec
+ 71, // 116: talos.resource.definitions.network.ResolverStatusSpec.dns_servers:type_name -> common.NetIP
+ 27, // 117: talos.resource.definitions.network.ResolverStatusSpec.name_servers:type_name -> talos.resource.definitions.network.NameServerSpec
+ 68, // 118: talos.resource.definitions.network.RouteSpecSpec.family:type_name -> talos.resource.definitions.enums.NethelpersFamily
+ 67, // 119: talos.resource.definitions.network.RouteSpecSpec.destination:type_name -> common.NetIPPrefix
+ 71, // 120: talos.resource.definitions.network.RouteSpecSpec.source:type_name -> common.NetIP
+ 71, // 121: talos.resource.definitions.network.RouteSpecSpec.gateway:type_name -> common.NetIP
+ 101, // 122: talos.resource.definitions.network.RouteSpecSpec.table:type_name -> talos.resource.definitions.enums.NethelpersRoutingTable
+ 69, // 123: talos.resource.definitions.network.RouteSpecSpec.scope:type_name -> talos.resource.definitions.enums.NethelpersScope
+ 102, // 124: talos.resource.definitions.network.RouteSpecSpec.type:type_name -> talos.resource.definitions.enums.NethelpersRouteType
+ 103, // 125: talos.resource.definitions.network.RouteSpecSpec.protocol:type_name -> talos.resource.definitions.enums.NethelpersRouteProtocol
+ 70, // 126: talos.resource.definitions.network.RouteSpecSpec.config_layer:type_name -> talos.resource.definitions.enums.NetworkConfigLayer
+ 68, // 127: talos.resource.definitions.network.RouteStatusSpec.family:type_name -> talos.resource.definitions.enums.NethelpersFamily
+ 67, // 128: talos.resource.definitions.network.RouteStatusSpec.destination:type_name -> common.NetIPPrefix
+ 71, // 129: talos.resource.definitions.network.RouteStatusSpec.source:type_name -> common.NetIP
+ 71, // 130: talos.resource.definitions.network.RouteStatusSpec.gateway:type_name -> common.NetIP
+ 101, // 131: talos.resource.definitions.network.RouteStatusSpec.table:type_name -> talos.resource.definitions.enums.NethelpersRoutingTable
+ 69, // 132: talos.resource.definitions.network.RouteStatusSpec.scope:type_name -> talos.resource.definitions.enums.NethelpersScope
+ 102, // 133: talos.resource.definitions.network.RouteStatusSpec.type:type_name -> talos.resource.definitions.enums.NethelpersRouteType
+ 103, // 134: talos.resource.definitions.network.RouteStatusSpec.protocol:type_name -> talos.resource.definitions.enums.NethelpersRouteProtocol
+ 68, // 135: talos.resource.definitions.network.RoutingRuleSpecSpec.family:type_name -> talos.resource.definitions.enums.NethelpersFamily
+ 67, // 136: talos.resource.definitions.network.RoutingRuleSpecSpec.src:type_name -> common.NetIPPrefix
+ 67, // 137: talos.resource.definitions.network.RoutingRuleSpecSpec.dst:type_name -> common.NetIPPrefix
+ 101, // 138: talos.resource.definitions.network.RoutingRuleSpecSpec.table:type_name -> talos.resource.definitions.enums.NethelpersRoutingTable
+ 104, // 139: talos.resource.definitions.network.RoutingRuleSpecSpec.action:type_name -> talos.resource.definitions.enums.NethelpersRoutingRuleAction
+ 70, // 140: talos.resource.definitions.network.RoutingRuleSpecSpec.config_layer:type_name -> talos.resource.definitions.enums.NetworkConfigLayer
+ 68, // 141: talos.resource.definitions.network.RoutingRuleStatusSpec.family:type_name -> talos.resource.definitions.enums.NethelpersFamily
+ 67, // 142: talos.resource.definitions.network.RoutingRuleStatusSpec.src:type_name -> common.NetIPPrefix
+ 67, // 143: talos.resource.definitions.network.RoutingRuleStatusSpec.dst:type_name -> common.NetIPPrefix
+ 101, // 144: talos.resource.definitions.network.RoutingRuleStatusSpec.table:type_name -> talos.resource.definitions.enums.NethelpersRoutingTable
+ 104, // 145: talos.resource.definitions.network.RoutingRuleStatusSpec.action:type_name -> talos.resource.definitions.enums.NethelpersRoutingRuleAction
+ 86, // 146: talos.resource.definitions.network.TCPProbeSpec.timeout:type_name -> google.protobuf.Duration
+ 70, // 147: talos.resource.definitions.network.TimeServerSpecSpec.config_layer:type_name -> talos.resource.definitions.enums.NetworkConfigLayer
+ 71, // 148: talos.resource.definitions.network.VIPOperatorSpec.ip:type_name -> common.NetIP
+ 58, // 149: talos.resource.definitions.network.VIPOperatorSpec.equinix_metal:type_name -> talos.resource.definitions.network.VIPEquinixMetalSpec
+ 59, // 150: talos.resource.definitions.network.VIPOperatorSpec.h_cloud:type_name -> talos.resource.definitions.network.VIPHCloudSpec
+ 105, // 151: talos.resource.definitions.network.VLANSpec.protocol:type_name -> talos.resource.definitions.enums.NethelpersVLANProtocol
+ 101, // 152: talos.resource.definitions.network.VRFMasterSpec.table:type_name -> talos.resource.definitions.enums.NethelpersRoutingTable
+ 86, // 153: talos.resource.definitions.network.WireguardPeer.persistent_keepalive_interval:type_name -> google.protobuf.Duration
+ 67, // 154: talos.resource.definitions.network.WireguardPeer.allowed_ips:type_name -> common.NetIPPrefix
+ 64, // 155: talos.resource.definitions.network.WireguardSpec.peers:type_name -> talos.resource.definitions.network.WireguardPeer
+ 156, // [156:156] is the sub-list for method output_type
+ 156, // [156:156] is the sub-list for method input_type
+ 156, // [156:156] is the sub-list for extension type_name
+ 156, // [156:156] is the sub-list for extension extendee
+ 0, // [0:156] is the sub-list for field type_name
}
func init() { file_resource_definitions_network_network_proto_init() }
@@ -5967,7 +6064,7 @@ func file_resource_definitions_network_network_proto_init() {
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: unsafe.Slice(unsafe.StringData(file_resource_definitions_network_network_proto_rawDesc), len(file_resource_definitions_network_network_proto_rawDesc)),
NumEnums: 0,
- NumMessages: 66,
+ NumMessages: 67,
NumExtensions: 0,
NumServices: 0,
},
diff --git a/pkg/machinery/api/resource/definitions/network/network_vtproto.pb.go b/pkg/machinery/api/resource/definitions/network/network_vtproto.pb.go
index 5d6948dfa..dd0c1337a 100644
--- a/pkg/machinery/api/resource/definitions/network/network_vtproto.pb.go
+++ b/pkg/machinery/api/resource/definitions/network/network_vtproto.pb.go
@@ -2443,6 +2443,73 @@ func (m *LinkStatusSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) {
return len(dAtA) - i, nil
}
+func (m *NameServerSpec) MarshalVT() (dAtA []byte, err error) {
+ if m == nil {
+ return nil, nil
+ }
+ size := m.SizeVT()
+ dAtA = make([]byte, size)
+ n, err := m.MarshalToSizedBufferVT(dAtA[:size])
+ if err != nil {
+ return nil, err
+ }
+ return dAtA[:n], nil
+}
+
+func (m *NameServerSpec) MarshalToVT(dAtA []byte) (int, error) {
+ size := m.SizeVT()
+ return m.MarshalToSizedBufferVT(dAtA[:size])
+}
+
+func (m *NameServerSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) {
+ if m == nil {
+ return 0, nil
+ }
+ i := len(dAtA)
+ _ = i
+ var l int
+ _ = l
+ if m.unknownFields != nil {
+ i -= len(m.unknownFields)
+ copy(dAtA[i:], m.unknownFields)
+ }
+ if len(m.TlsServerName) > 0 {
+ i -= len(m.TlsServerName)
+ copy(dAtA[i:], m.TlsServerName)
+ i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.TlsServerName)))
+ i--
+ dAtA[i] = 0x1a
+ }
+ if m.Protocol != 0 {
+ i = protohelpers.EncodeVarint(dAtA, i, uint64(m.Protocol))
+ i--
+ dAtA[i] = 0x10
+ }
+ if m.Addr != nil {
+ if vtmsg, ok := interface{}(m.Addr).(interface {
+ MarshalToSizedBufferVT([]byte) (int, error)
+ }); ok {
+ size, err := vtmsg.MarshalToSizedBufferVT(dAtA[:i])
+ if err != nil {
+ return 0, err
+ }
+ i -= size
+ i = protohelpers.EncodeVarint(dAtA, i, uint64(size))
+ } else {
+ encoded, err := proto.Marshal(m.Addr)
+ if err != nil {
+ return 0, err
+ }
+ i -= len(encoded)
+ copy(dAtA[i:], encoded)
+ i = protohelpers.EncodeVarint(dAtA, i, uint64(len(encoded)))
+ }
+ i--
+ dAtA[i] = 0xa
+ }
+ return len(dAtA) - i, nil
+}
+
func (m *NfTablesAddressMatch) MarshalVT() (dAtA []byte, err error) {
if m == nil {
return nil, nil
@@ -3783,6 +3850,18 @@ func (m *ResolverSpecSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) {
i -= len(m.unknownFields)
copy(dAtA[i:], m.unknownFields)
}
+ if len(m.NameServers) > 0 {
+ for iNdEx := len(m.NameServers) - 1; iNdEx >= 0; iNdEx-- {
+ size, err := m.NameServers[iNdEx].MarshalToSizedBufferVT(dAtA[:i])
+ if err != nil {
+ return 0, err
+ }
+ i -= size
+ i = protohelpers.EncodeVarint(dAtA, i, uint64(size))
+ i--
+ dAtA[i] = 0x22
+ }
+ }
if len(m.SearchDomains) > 0 {
for iNdEx := len(m.SearchDomains) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.SearchDomains[iNdEx])
@@ -3854,6 +3933,18 @@ func (m *ResolverStatusSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) {
i -= len(m.unknownFields)
copy(dAtA[i:], m.unknownFields)
}
+ if len(m.NameServers) > 0 {
+ for iNdEx := len(m.NameServers) - 1; iNdEx >= 0; iNdEx-- {
+ size, err := m.NameServers[iNdEx].MarshalToSizedBufferVT(dAtA[:i])
+ if err != nil {
+ return 0, err
+ }
+ i -= size
+ i = protohelpers.EncodeVarint(dAtA, i, uint64(size))
+ i--
+ dAtA[i] = 0x22
+ }
+ }
if len(m.SearchDomains) > 0 {
for iNdEx := len(m.SearchDomains) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.SearchDomains[iNdEx])
@@ -6169,6 +6260,33 @@ func (m *LinkStatusSpec) SizeVT() (n int) {
return n
}
+func (m *NameServerSpec) SizeVT() (n int) {
+ if m == nil {
+ return 0
+ }
+ var l int
+ _ = l
+ if m.Addr != nil {
+ if size, ok := interface{}(m.Addr).(interface {
+ SizeVT() int
+ }); ok {
+ l = size.SizeVT()
+ } else {
+ l = proto.Size(m.Addr)
+ }
+ n += 1 + l + protohelpers.SizeOfVarint(uint64(l))
+ }
+ if m.Protocol != 0 {
+ n += 1 + protohelpers.SizeOfVarint(uint64(m.Protocol))
+ }
+ l = len(m.TlsServerName)
+ if l > 0 {
+ n += 1 + l + protohelpers.SizeOfVarint(uint64(l))
+ }
+ n += len(m.unknownFields)
+ return n
+}
+
func (m *NfTablesAddressMatch) SizeVT() (n int) {
if m == nil {
return 0
@@ -6705,6 +6823,12 @@ func (m *ResolverSpecSpec) SizeVT() (n int) {
n += 1 + l + protohelpers.SizeOfVarint(uint64(l))
}
}
+ if len(m.NameServers) > 0 {
+ for _, e := range m.NameServers {
+ l = e.SizeVT()
+ n += 1 + l + protohelpers.SizeOfVarint(uint64(l))
+ }
+ }
n += len(m.unknownFields)
return n
}
@@ -6733,6 +6857,12 @@ func (m *ResolverStatusSpec) SizeVT() (n int) {
n += 1 + l + protohelpers.SizeOfVarint(uint64(l))
}
}
+ if len(m.NameServers) > 0 {
+ for _, e := range m.NameServers {
+ l = e.SizeVT()
+ n += 1 + l + protohelpers.SizeOfVarint(uint64(l))
+ }
+ }
n += len(m.unknownFields)
return n
}
@@ -13508,6 +13638,152 @@ func (m *LinkStatusSpec) UnmarshalVT(dAtA []byte) error {
}
return nil
}
+func (m *NameServerSpec) UnmarshalVT(dAtA []byte) error {
+ l := len(dAtA)
+ iNdEx := 0
+ for iNdEx < l {
+ preIndex := iNdEx
+ var wire uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return protohelpers.ErrIntOverflow
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ wire |= uint64(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ fieldNum := int32(wire >> 3)
+ wireType := int(wire & 0x7)
+ if wireType == 4 {
+ return fmt.Errorf("proto: NameServerSpec: wiretype end group for non-group")
+ }
+ if fieldNum <= 0 {
+ return fmt.Errorf("proto: NameServerSpec: illegal tag %d (wire type %d)", fieldNum, wire)
+ }
+ switch fieldNum {
+ case 1:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Addr", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return protohelpers.ErrIntOverflow
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= int(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return protohelpers.ErrInvalidLength
+ }
+ postIndex := iNdEx + msglen
+ if postIndex < 0 {
+ return protohelpers.ErrInvalidLength
+ }
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ if m.Addr == nil {
+ m.Addr = &common.NetIP{}
+ }
+ if unmarshal, ok := interface{}(m.Addr).(interface {
+ UnmarshalVT([]byte) error
+ }); ok {
+ if err := unmarshal.UnmarshalVT(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ } else {
+ if err := proto.Unmarshal(dAtA[iNdEx:postIndex], m.Addr); err != nil {
+ return err
+ }
+ }
+ iNdEx = postIndex
+ case 2:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Protocol", wireType)
+ }
+ m.Protocol = 0
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return protohelpers.ErrIntOverflow
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ m.Protocol |= enums.NethelpersDNSProtocol(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ case 3:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field TlsServerName", wireType)
+ }
+ var stringLen uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return protohelpers.ErrIntOverflow
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ stringLen |= uint64(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ intStringLen := int(stringLen)
+ if intStringLen < 0 {
+ return protohelpers.ErrInvalidLength
+ }
+ postIndex := iNdEx + intStringLen
+ if postIndex < 0 {
+ return protohelpers.ErrInvalidLength
+ }
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.TlsServerName = string(dAtA[iNdEx:postIndex])
+ iNdEx = postIndex
+ default:
+ iNdEx = preIndex
+ skippy, err := protohelpers.Skip(dAtA[iNdEx:])
+ if err != nil {
+ return err
+ }
+ if (skippy < 0) || (iNdEx+skippy) < 0 {
+ return protohelpers.ErrInvalidLength
+ }
+ if (iNdEx + skippy) > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.unknownFields = append(m.unknownFields, dAtA[iNdEx:iNdEx+skippy]...)
+ iNdEx += skippy
+ }
+ }
+
+ if iNdEx > l {
+ return io.ErrUnexpectedEOF
+ }
+ return nil
+}
func (m *NfTablesAddressMatch) UnmarshalVT(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
@@ -16626,6 +16902,40 @@ func (m *ResolverSpecSpec) UnmarshalVT(dAtA []byte) error {
}
m.SearchDomains = append(m.SearchDomains, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
+ case 4:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field NameServers", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return protohelpers.ErrIntOverflow
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= int(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return protohelpers.ErrInvalidLength
+ }
+ postIndex := iNdEx + msglen
+ if postIndex < 0 {
+ return protohelpers.ErrInvalidLength
+ }
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.NameServers = append(m.NameServers, &NameServerSpec{})
+ if err := m.NameServers[len(m.NameServers)-1].UnmarshalVT(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := protohelpers.Skip(dAtA[iNdEx:])
@@ -16751,6 +17061,40 @@ func (m *ResolverStatusSpec) UnmarshalVT(dAtA []byte) error {
}
m.SearchDomains = append(m.SearchDomains, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
+ case 4:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field NameServers", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return protohelpers.ErrIntOverflow
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= int(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return protohelpers.ErrInvalidLength
+ }
+ postIndex := iNdEx + msglen
+ if postIndex < 0 {
+ return protohelpers.ErrInvalidLength
+ }
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.NameServers = append(m.NameServers, &NameServerSpec{})
+ if err := m.NameServers[len(m.NameServers)-1].UnmarshalVT(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := protohelpers.Skip(dAtA[iNdEx:])
diff --git a/pkg/machinery/config/config/network.go b/pkg/machinery/config/config/network.go
index a3a88a2dc..0cf298192 100644
--- a/pkg/machinery/config/config/network.go
+++ b/pkg/machinery/config/config/network.go
@@ -113,9 +113,16 @@ type NetworkHostnameConfig interface {
AutoHostname() nethelpers.AutoHostnameKind
}
+// NetworkResolver is a single instance of a DNS resolver configuration.
+type NetworkResolver struct {
+ Addr netip.Addr
+ Protocol nethelpers.DNSProtocol
+ TLSServerName string
+}
+
// NetworkResolverConfig defines a resolver configuration.
type NetworkResolverConfig interface {
- Resolvers() []netip.Addr
+ Resolvers() []NetworkResolver
SearchDomains() []string
DisableSearchDomain() bool
}
diff --git a/pkg/machinery/config/container/validate.go b/pkg/machinery/config/container/validate.go
index fe83d4953..420ef031d 100644
--- a/pkg/machinery/config/container/validate.go
+++ b/pkg/machinery/config/container/validate.go
@@ -14,6 +14,7 @@ import (
"github.com/siderolabs/talos/pkg/machinery/config"
"github.com/siderolabs/talos/pkg/machinery/config/machine"
"github.com/siderolabs/talos/pkg/machinery/config/validation"
+ "github.com/siderolabs/talos/pkg/machinery/nethelpers"
)
// Validate checks configuration and returns warnings and fatal errors (as multierror).
@@ -133,6 +134,24 @@ func (container *Container) validateContainer(mode validation.RuntimeMode) error
}
}
+ // DNS protocols besides plain UDP/TCP can't be used without HostDNS
+ if dnsConfig := container.NetworkResolverConfig(); dnsConfig != nil {
+ hasNonDefaultDNS := false
+
+ for _, ns := range dnsConfig.Resolvers() {
+ if ns.Protocol != nethelpers.DNSProtocolDefault {
+ hasNonDefaultDNS = true
+ }
+ }
+
+ if hasNonDefaultDNS {
+ hostDNSConfig := container.NetworkHostDNSConfig()
+ if hostDNSConfig == nil || !hostDNSConfig.HostDNSEnabled() {
+ errs = multierror.Append(errs, fmt.Errorf("hostDNS must be enabled when using non-default DNS protocols"))
+ }
+ }
+ }
+
// control plane specific checks
if container.Machine() != nil && container.Machine().Type().IsControlPlane() {
hasLegacyEtcdEncryptionConfig := container.Cluster() != nil && (container.Cluster().SecretboxEncryptionSecret() != "" || container.Cluster().AESCBCEncryptionSecret() != "")
diff --git a/pkg/machinery/config/container/validate_test.go b/pkg/machinery/config/container/validate_test.go
index d4178e6a5..66abedc1c 100644
--- a/pkg/machinery/config/container/validate_test.go
+++ b/pkg/machinery/config/container/validate_test.go
@@ -20,6 +20,7 @@ import (
"github.com/siderolabs/talos/pkg/machinery/config/types/siderolink"
"github.com/siderolabs/talos/pkg/machinery/config/types/v1alpha1"
"github.com/siderolabs/talos/pkg/machinery/constants"
+ "github.com/siderolabs/talos/pkg/machinery/nethelpers"
blockres "github.com/siderolabs/talos/pkg/machinery/resources/block"
)
@@ -257,6 +258,17 @@ func TestValidateContainer(t *testing.T) {
HostDNSForwardKubeDNSToHost: new(true),
}
+ resolverConfigDoT := network.NewResolverConfigV1Alpha1()
+ resolverConfigDoT.ResolverNameservers = []network.NameserverConfig{
+ {
+ Address: network.Addr{
+ Addr: netip.MustParseAddr("1.1.1.1"),
+ },
+ Protocol: nethelpers.DNSProtocolDNSOverTLS,
+ TLSServerName: "cloudflare-dns.com",
+ },
+ }
+
for _, tt := range []struct {
name string
documents []config.Document
@@ -307,6 +319,15 @@ func TestValidateContainer(t *testing.T) {
documents: []config.Document{hostDNSResolverConfig, v1alpha1Cfg},
inContainer: true,
},
+ {
+ name: "DoT without hostDNS",
+ documents: []config.Document{resolverConfigDoT},
+ expectedError: "1 error occurred:\n\t* hostDNS must be enabled when using non-default DNS protocols\n\n",
+ },
+ {
+ name: "DoT with hostDNS",
+ documents: []config.Document{resolverConfigDoT, v1alpha1CfgHostDNS},
+ },
} {
t.Run(tt.name, func(t *testing.T) {
t.Parallel()
@@ -314,15 +335,13 @@ func TestValidateContainer(t *testing.T) {
ctr, err := container.New(tt.documents...)
require.NoError(t, err)
- warnings, err := ctr.Validate(validationMode{inContainer: tt.inContainer})
+ _, err = ctr.Validate(validationMode{inContainer: tt.inContainer})
if tt.expectedError == "" {
require.NoError(t, err)
} else {
require.EqualError(t, err, tt.expectedError)
}
-
- require.Nil(t, warnings)
})
}
}
diff --git a/pkg/machinery/config/machine/type_string.go b/pkg/machinery/config/machine/type_string.go
index 7a3ad60b0..9527820f0 100644
--- a/pkg/machinery/config/machine/type_string.go
+++ b/pkg/machinery/config/machine/type_string.go
@@ -19,8 +19,9 @@ const _Type_name = "unknowninitcontrolplaneworker"
var _Type_index = [...]uint8{0, 7, 11, 23, 29}
func (i Type) String() string {
- if i < 0 || i >= Type(len(_Type_index)-1) {
+ idx := int(i) - 0
+ if i < 0 || idx >= len(_Type_index)-1 {
return "Type(" + strconv.FormatInt(int64(i), 10) + ")"
}
- return _Type_name[_Type_index[i]:_Type_index[i+1]]
+ return _Type_name[_Type_index[idx]:_Type_index[idx+1]]
}
diff --git a/pkg/machinery/config/schemas/config.schema.json b/pkg/machinery/config/schemas/config.schema.json
index afa19bd27..4fcfd6a55 100644
--- a/pkg/machinery/config/schemas/config.schema.json
+++ b/pkg/machinery/config/schemas/config.schema.json
@@ -2779,6 +2779,23 @@
"description": "The IP address of the nameserver.\n",
"markdownDescription": "The IP address of the nameserver.",
"x-intellij-html-description": "\u003cp\u003eThe IP address of the nameserver.\u003c/p\u003e\n"
+ },
+ "protocol": {
+ "enum": [
+ "Do53",
+ "DoT"
+ ],
+ "title": "protocol",
+ "description": "A DNS protocol to use.\n\nThe default protocol is plain DNS (Do53) (DNS over TCP/UDP), but this can be set\nto DoT to use DNS over TLS (RFC 7858) for encrypted DNS queries to this nameserver.\n\nNote: DNS over TLS requires a correct system clock to validate certificates.\nIf NTP is configured with hostnames that need to be resolved through DoT, the\nboot may stall: NTP needs DNS, and DoT needs valid time. Either rely on the\nhardware clock, configure NTP servers by IP, or keep at least one plain-DNS\nfallback nameserver.\n",
+ "markdownDescription": "A DNS protocol to use.\n\nThe default protocol is plain DNS (`Do53`) (DNS over TCP/UDP), but this can be set\nto `DoT` to use DNS over TLS (RFC 7858) for encrypted DNS queries to this nameserver.\n\nNote: DNS over TLS requires a correct system clock to validate certificates.\nIf NTP is configured with hostnames that need to be resolved through DoT, the\nboot may stall: NTP needs DNS, and DoT needs valid time. Either rely on the\nhardware clock, configure NTP servers by IP, or keep at least one plain-DNS\nfallback nameserver.",
+ "x-intellij-html-description": "\u003cp\u003eA DNS protocol to use.\u003c/p\u003e\n\n\u003cp\u003eThe default protocol is plain DNS (\u003ccode\u003eDo53\u003c/code\u003e) (DNS over TCP/UDP), but this can be set\nto \u003ccode\u003eDoT\u003c/code\u003e to use DNS over TLS (RFC 7858) for encrypted DNS queries to this nameserver.\u003c/p\u003e\n\n\u003cp\u003eNote: DNS over TLS requires a correct system clock to validate certificates.\nIf NTP is configured with hostnames that need to be resolved through DoT, the\nboot may stall: NTP needs DNS, and DoT needs valid time. Either rely on the\nhardware clock, configure NTP servers by IP, or keep at least one plain-DNS\nfallback nameserver.\u003c/p\u003e\n"
+ },
+ "tlsServerName": {
+ "type": "string",
+ "title": "tlsServerName",
+ "description": "TLS server name to validate the nameserver certificate against.\n\nThis field should be set, if the protocol is set to DoT.\nThe value is used both as the SNI sent during the TLS handshake and as the name\nverified against the server certificate.\n",
+ "markdownDescription": "TLS server name to validate the nameserver certificate against.\n\nThis field should be set, if the protocol is set to `DoT`.\nThe value is used both as the SNI sent during the TLS handshake and as the name\nverified against the server certificate.",
+ "x-intellij-html-description": "\u003cp\u003eTLS server name to validate the nameserver certificate against.\u003c/p\u003e\n\n\u003cp\u003eThis field should be set, if the protocol is set to \u003ccode\u003eDoT\u003c/code\u003e.\nThe value is used both as the SNI sent during the TLS handshake and as the name\nverified against the server certificate.\u003c/p\u003e\n"
}
},
"additionalProperties": false,
diff --git a/pkg/machinery/config/types/network/network_doc.go b/pkg/machinery/config/types/network/network_doc.go
index eac5d4f3b..cdc8de50d 100644
--- a/pkg/machinery/config/types/network/network_doc.go
+++ b/pkg/machinery/config/types/network/network_doc.go
@@ -1513,6 +1513,8 @@ func (ResolverConfigV1Alpha1) Doc() *encoder.Doc {
doc.AddExample("", exampleResolverConfigV1Alpha3())
+ doc.AddExample("", exampleResolverConfigV1Alpha4())
+
return doc
}
@@ -1535,10 +1537,29 @@ func (NameserverConfig) Doc() *encoder.Doc {
Description: "The IP address of the nameserver.",
Comments: [3]string{"" /* encoder.HeadComment */, "The IP address of the nameserver." /* encoder.LineComment */, "" /* encoder.FootComment */},
},
+ {
+ Name: "protocol",
+ Type: "DNSProtocol",
+ Note: "",
+ Description: "A DNS protocol to use.\n\nThe default protocol is plain DNS (`Do53`) (DNS over TCP/UDP), but this can be set\nto `DoT` to use DNS over TLS (RFC 7858) for encrypted DNS queries to this nameserver.\n\nNote: DNS over TLS requires a correct system clock to validate certificates.\nIf NTP is configured with hostnames that need to be resolved through DoT, the\nboot may stall: NTP needs DNS, and DoT needs valid time. Either rely on the\nhardware clock, configure NTP servers by IP, or keep at least one plain-DNS\nfallback nameserver.",
+ Comments: [3]string{"" /* encoder.HeadComment */, "A DNS protocol to use." /* encoder.LineComment */, "" /* encoder.FootComment */},
+ Values: []string{
+ "Do53",
+ "DoT",
+ },
+ },
+ {
+ Name: "tlsServerName",
+ Type: "string",
+ Note: "",
+ Description: "TLS server name to validate the nameserver certificate against.\n\nThis field should be set, if the protocol is set to `DoT`.\nThe value is used both as the SNI sent during the TLS handshake and as the name\nverified against the server certificate.",
+ Comments: [3]string{"" /* encoder.HeadComment */, "TLS server name to validate the nameserver certificate against." /* encoder.LineComment */, "" /* encoder.FootComment */},
+ },
},
}
doc.Fields[0].AddExample("", Addr{netip.MustParseAddr("10.0.0.1")})
+ doc.Fields[2].AddExample("", "dns1.example.com")
return doc
}
diff --git a/pkg/machinery/config/types/network/resolver.go b/pkg/machinery/config/types/network/resolver.go
index ae83e6b38..42445cadd 100644
--- a/pkg/machinery/config/types/network/resolver.go
+++ b/pkg/machinery/config/types/network/resolver.go
@@ -8,6 +8,7 @@ package network
import (
"errors"
+ "fmt"
"net/netip"
"slices"
@@ -21,6 +22,7 @@ import (
"github.com/siderolabs/talos/pkg/machinery/config/types/meta"
"github.com/siderolabs/talos/pkg/machinery/config/types/v1alpha1"
"github.com/siderolabs/talos/pkg/machinery/config/validation"
+ "github.com/siderolabs/talos/pkg/machinery/nethelpers"
)
// ResolverKind is a ResolverConfig document kind.
@@ -51,6 +53,7 @@ var (
// - value: exampleResolverConfigV1Alpha1()
// - value: exampleResolverConfigV1Alpha2()
// - value: exampleResolverConfigV1Alpha3()
+// - value: exampleResolverConfigV1Alpha4()
// alias: ResolverConfig
// schemaRoot: true
// schemaMeta: v1alpha1/ResolverConfig
@@ -89,6 +92,32 @@ type NameserverConfig struct {
// type: string
// pattern: ^[0-9a-f.:]+$
Address Addr `yaml:"address"`
+ // description: |
+ // A DNS protocol to use.
+ //
+ // The default protocol is plain DNS (`Do53`) (DNS over TCP/UDP), but this can be set
+ // to `DoT` to use DNS over TLS (RFC 7858) for encrypted DNS queries to this nameserver.
+ //
+ // Note: DNS over TLS requires a correct system clock to validate certificates.
+ // If NTP is configured with hostnames that need to be resolved through DoT, the
+ // boot may stall: NTP needs DNS, and DoT needs valid time. Either rely on the
+ // hardware clock, configure NTP servers by IP, or keep at least one plain-DNS
+ // fallback nameserver.
+ // values:
+ // - "Do53"
+ // - "DoT"
+ Protocol nethelpers.DNSProtocol `yaml:"protocol,omitempty"`
+ // description: |
+ // TLS server name to validate the nameserver certificate against.
+ //
+ // This field should be set, if the protocol is set to `DoT`.
+ // The value is used both as the SNI sent during the TLS handshake and as the name
+ // verified against the server certificate.
+ //
+ // examples:
+ // - value: >
+ // "dns1.example.com"
+ TLSServerName string `yaml:"tlsServerName,omitempty"`
}
// SearchDomainsConfig represents search domains configuration.
@@ -180,6 +209,24 @@ func exampleResolverConfigV1Alpha3() *ResolverConfigV1Alpha1 {
return cfg
}
+func exampleResolverConfigV1Alpha4() *ResolverConfigV1Alpha1 {
+ cfg := NewResolverConfigV1Alpha1()
+ cfg.ResolverNameservers = []NameserverConfig{
+ {
+ Address: Addr{netip.MustParseAddr("9.9.9.9")},
+ Protocol: nethelpers.DNSProtocolDNSOverTLS,
+ TLSServerName: "dns.quad9.net",
+ },
+ {
+ Address: Addr{netip.MustParseAddr("2620:fe::fe")},
+ Protocol: nethelpers.DNSProtocolDNSOverTLS,
+ TLSServerName: "dns.quad9.net",
+ },
+ }
+
+ return cfg
+}
+
// Clone implements config.Document interface.
func (s *ResolverConfigV1Alpha1) Clone() config.Document {
return s.DeepCopy()
@@ -209,8 +256,13 @@ func (s *ResolverConfigV1Alpha1) V1Alpha1ConflictValidate(v1alpha1Cfg *v1alpha1.
}
// Validate implements config.Validator interface.
+//
+//nolint:gocyclo
func (s *ResolverConfigV1Alpha1) Validate(validation.RuntimeMode, ...validation.Option) ([]string, error) {
- var errs error
+ var (
+ warnings []string
+ errs error
+ )
if !value.IsZero(s.ResolverHostDNS) {
if !s.HostDNSEnabled() {
@@ -224,13 +276,50 @@ func (s *ResolverConfigV1Alpha1) Validate(validation.RuntimeMode, ...validation.
}
}
- return nil, errs
+ nonRegularDNS := 0
+
+ for idx, ns := range s.ResolverNameservers {
+ switch ns.Protocol {
+ case nethelpers.DNSProtocolDNSOverTLS:
+ nonRegularDNS++
+
+ if ns.TLSServerName == "" {
+ errs = errors.Join(errs, fmt.Errorf("tlsServerName must be set when protocol is DoT: entry %d", idx))
+ }
+
+ case nethelpers.DNSProtocolDefault:
+ if ns.TLSServerName != "" {
+ errs = errors.Join(errs, fmt.Errorf("tlsServerName must be empty when protocol is Do53: entry %d", idx))
+ }
+ default:
+ errs = errors.Join(errs, fmt.Errorf("unsupported DNS protocol: entry %d", idx))
+ }
+
+ if !ns.Address.IsValid() {
+ errs = errors.Join(errs, fmt.Errorf("nameserver address must be a valid IP: entry %d", idx))
+ }
+ }
+
+ if nonRegularDNS > 0 && nonRegularDNS == len(s.ResolverNameservers) {
+ warnings = append(
+ warnings,
+ "all configured nameservers use DNS over TLS: validating certificates requires a correct system clock, "+
+ "so boot may stall when NTP servers are configured by hostname; consider keeping at least one plain-DNS fallback "+
+ "or configuring NTP servers by IP address",
+ )
+ }
+
+ return warnings, errs
}
// Resolvers implements NetworkResolverConfig interface.
-func (s *ResolverConfigV1Alpha1) Resolvers() []netip.Addr {
- return xslices.Map(s.ResolverNameservers, func(ns NameserverConfig) netip.Addr {
- return ns.Address.Addr
+func (s *ResolverConfigV1Alpha1) Resolvers() []config.NetworkResolver {
+ return xslices.Map(s.ResolverNameservers, func(ns NameserverConfig) config.NetworkResolver {
+ return config.NetworkResolver{
+ Addr: ns.Address.Addr,
+ Protocol: ns.Protocol,
+ TLSServerName: ns.TLSServerName,
+ }
})
}
diff --git a/pkg/machinery/config/types/network/resolver_test.go b/pkg/machinery/config/types/network/resolver_test.go
index 0e8858443..3a9bba0db 100644
--- a/pkg/machinery/config/types/network/resolver_test.go
+++ b/pkg/machinery/config/types/network/resolver_test.go
@@ -17,6 +17,7 @@ import (
"github.com/siderolabs/talos/pkg/machinery/config/types/meta"
"github.com/siderolabs/talos/pkg/machinery/config/types/network"
"github.com/siderolabs/talos/pkg/machinery/config/types/v1alpha1"
+ "github.com/siderolabs/talos/pkg/machinery/nethelpers"
)
//go:embed testdata/resolverconfig.yaml
@@ -34,7 +35,9 @@ func TestResolverConfigMarshalStability(t *testing.T) {
Address: network.Addr{Addr: netip.MustParseAddr("10.0.0.1")},
},
{
- Address: network.Addr{Addr: netip.MustParseAddr("2001:4860:4860::8888")},
+ Address: network.Addr{Addr: netip.MustParseAddr("2001:4860:4860::8888")},
+ Protocol: nethelpers.DNSProtocolDNSOverTLS,
+ TLSServerName: "dns.google",
},
}
cfg.ResolverSearchDomains = network.SearchDomainsConfig{
@@ -92,7 +95,9 @@ func TestResolverConfigUnmarshal(t *testing.T) {
Address: network.Addr{Addr: netip.MustParseAddr("10.0.0.1")},
},
{
- Address: network.Addr{Addr: netip.MustParseAddr("2001:4860:4860::8888")},
+ Address: network.Addr{Addr: netip.MustParseAddr("2001:4860:4860::8888")},
+ Protocol: nethelpers.DNSProtocolDNSOverTLS,
+ TLSServerName: "dns.google",
},
},
ResolverSearchDomains: network.SearchDomainsConfig{
@@ -224,11 +229,16 @@ func TestResolverV1Alpha1ConflictValidate(t *testing.T) {
func TestResolverV1Alpha1Validate(t *testing.T) {
t.Parallel()
+ const dotOnlyWarning = "all configured nameservers use DNS over TLS: validating certificates requires a correct system clock, " +
+ "so boot may stall when NTP servers are configured by hostname; consider keeping at least one plain-DNS fallback " +
+ "or configuring NTP servers by IP address"
+
for _, test := range []struct {
name string
cfg func() *network.ResolverConfigV1Alpha1
- expectedError string
+ expectedError string
+ expectedWarnings []string
}{
{
name: "empty",
@@ -275,12 +285,97 @@ func TestResolverV1Alpha1Validate(t *testing.T) {
return cfg
},
},
+ {
+ name: "DoT mixed with plain DNS, no warning",
+ cfg: func() *network.ResolverConfigV1Alpha1 {
+ cfg := network.NewResolverConfigV1Alpha1()
+ cfg.ResolverNameservers = []network.NameserverConfig{
+ {
+ Address: network.Addr{Addr: netip.MustParseAddr("9.9.9.9")},
+ Protocol: nethelpers.DNSProtocolDNSOverTLS,
+ TLSServerName: "dns.quad9.net",
+ },
+ {
+ Address: network.Addr{Addr: netip.MustParseAddr("8.8.8.8")},
+ },
+ }
+
+ return cfg
+ },
+ },
+ {
+ name: "DoT only, warns about clock dependency",
+ cfg: func() *network.ResolverConfigV1Alpha1 {
+ cfg := network.NewResolverConfigV1Alpha1()
+ cfg.ResolverNameservers = []network.NameserverConfig{
+ {
+ Address: network.Addr{Addr: netip.MustParseAddr("9.9.9.9")},
+ Protocol: nethelpers.DNSProtocolDNSOverTLS,
+ TLSServerName: "dns.quad9.net",
+ },
+ {
+ Address: network.Addr{Addr: netip.MustParseAddr("1.1.1.1")},
+ Protocol: nethelpers.DNSProtocolDNSOverTLS,
+ TLSServerName: "cloudflare-dns.com",
+ },
+ }
+
+ return cfg
+ },
+ expectedWarnings: []string{dotOnlyWarning},
+ },
+ {
+ name: "tlsServerName without an address",
+ cfg: func() *network.ResolverConfigV1Alpha1 {
+ cfg := network.NewResolverConfigV1Alpha1()
+ cfg.ResolverNameservers = []network.NameserverConfig{
+ {
+ TLSServerName: "dns.quad9.net",
+ },
+ }
+
+ return cfg
+ },
+ expectedError: "tlsServerName must be empty when protocol is Do53: entry 0\nnameserver address must be a valid IP: entry 0",
+ },
+ {
+ name: "DoT without tlsServerName",
+ cfg: func() *network.ResolverConfigV1Alpha1 {
+ cfg := network.NewResolverConfigV1Alpha1()
+ cfg.ResolverNameservers = []network.NameserverConfig{
+ {
+ Address: network.Addr{Addr: netip.MustParseAddr("9.9.9.9")},
+ Protocol: nethelpers.DNSProtocolDNSOverTLS,
+ },
+ }
+
+ return cfg
+ },
+ expectedError: "tlsServerName must be set when protocol is DoT: entry 0",
+ expectedWarnings: []string{dotOnlyWarning},
+ },
+ {
+ name: "Do53 with tlsServerName set",
+ cfg: func() *network.ResolverConfigV1Alpha1 {
+ cfg := network.NewResolverConfigV1Alpha1()
+ cfg.ResolverNameservers = []network.NameserverConfig{
+ {
+ Address: network.Addr{Addr: netip.MustParseAddr("8.8.8.8")},
+ Protocol: nethelpers.DNSProtocolDefault,
+ TLSServerName: "dns.google",
+ },
+ }
+
+ return cfg
+ },
+ expectedError: "tlsServerName must be empty when protocol is Do53: entry 0",
+ },
} {
t.Run(test.name, func(t *testing.T) {
t.Parallel()
warnings, err := test.cfg().Validate(validationMode{})
- assert.Nil(t, warnings)
+ assert.Equal(t, test.expectedWarnings, warnings)
if test.expectedError != "" {
assert.EqualError(t, err, test.expectedError)
diff --git a/pkg/machinery/config/types/network/testdata/resolverconfig.yaml b/pkg/machinery/config/types/network/testdata/resolverconfig.yaml
index 0cb1ceef1..ec1a820cf 100644
--- a/pkg/machinery/config/types/network/testdata/resolverconfig.yaml
+++ b/pkg/machinery/config/types/network/testdata/resolverconfig.yaml
@@ -3,6 +3,8 @@ kind: ResolverConfig
nameservers:
- address: 10.0.0.1
- address: 2001:4860:4860::8888
+ protocol: DoT
+ tlsServerName: dns.google
searchDomains:
domains:
- example.org
diff --git a/pkg/machinery/config/types/v1alpha1/v1alpha1_network_bridge.go b/pkg/machinery/config/types/v1alpha1/v1alpha1_network_bridge.go
index 27a4c81d9..d1d05a46d 100644
--- a/pkg/machinery/config/types/v1alpha1/v1alpha1_network_bridge.go
+++ b/pkg/machinery/config/types/v1alpha1/v1alpha1_network_bridge.go
@@ -48,16 +48,19 @@ func (c *Config) AutoHostname() nethelpers.AutoHostnameKind {
}
// Resolvers implements config.NetworkResolverConfig interface.
-func (c *Config) Resolvers() []netip.Addr {
+func (c *Config) Resolvers() []config.NetworkResolver {
if c.MachineConfig == nil || c.MachineConfig.MachineNetwork == nil {
return nil
}
- var result []netip.Addr
+ var result []config.NetworkResolver
for _, r := range c.MachineConfig.MachineNetwork.NameServers {
if addr, err := netip.ParseAddr(r); err == nil {
- result = append(result, addr)
+ result = append(result, config.NetworkResolver{
+ Addr: addr,
+ Protocol: nethelpers.DNSProtocolDefault,
+ })
}
}
diff --git a/pkg/machinery/config/types/v1alpha1/v1alpha1_network_bridge_test.go b/pkg/machinery/config/types/v1alpha1/v1alpha1_network_bridge_test.go
index fb245d3ed..b7e5b2c5b 100644
--- a/pkg/machinery/config/types/v1alpha1/v1alpha1_network_bridge_test.go
+++ b/pkg/machinery/config/types/v1alpha1/v1alpha1_network_bridge_test.go
@@ -9,10 +9,11 @@ import (
"testing"
"time"
+ "github.com/siderolabs/gen/xslices"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
- "github.com/siderolabs/talos/pkg/machinery/config"
+ "github.com/siderolabs/talos/pkg/machinery/config/config"
"github.com/siderolabs/talos/pkg/machinery/config/container"
"github.com/siderolabs/talos/pkg/machinery/config/types/network"
"github.com/siderolabs/talos/pkg/machinery/config/types/v1alpha1"
@@ -355,7 +356,12 @@ func TestResolverBridging(t *testing.T) {
require.NotNil(t, resolverConfig)
- assert.Equal(t, test.expectedNameservers, resolverConfig.Resolvers())
+ assert.Equal(t, xslices.Map(test.expectedNameservers, func(addr netip.Addr) config.NetworkResolver {
+ return config.NetworkResolver{
+ Addr: addr,
+ Protocol: nethelpers.DNSProtocolDefault,
+ }
+ }), resolverConfig.Resolvers())
assert.Equal(t, test.expectedSearchDomains, resolverConfig.SearchDomains())
assert.Equal(t, test.expectedDisableSearch, resolverConfig.DisableSearchDomain())
})
diff --git a/pkg/machinery/nethelpers/arpalltargets_enumer.go b/pkg/machinery/nethelpers/arpalltargets_enumer.go
index e397787be..49f26a449 100644
--- a/pkg/machinery/nethelpers/arpalltargets_enumer.go
+++ b/pkg/machinery/nethelpers/arpalltargets_enumer.go
@@ -1,4 +1,4 @@
-// Code generated by "enumer -type=ARPAllTargets,ARPValidate,AddressFlag,AddressSortAlgorithm,ADSelect,ADLACPActive,AutoHostnameKind,BondMode,BondXmitHashPolicy,ClientIdentifier,ConntrackState,DefaultAction,Duplex,Family,LACPRate,LinkFlag,LinkType,MatchOperator,NfTablesChainHook,NfTablesChainPriority,NfTablesVerdict,OperationalState,Port,PrimaryReselect,Protocol,RouteFlag,RouteProtocol,RouteType,RoutingRuleAction,RoutingTable,Scope,Status,VLANProtocol,WOLMode -linecomment -text"; DO NOT EDIT.
+// Code generated by "enumer -type=ARPAllTargets,ARPValidate,AddressFlag,AddressSortAlgorithm,ADSelect,ADLACPActive,AutoHostnameKind,BondMode,BondXmitHashPolicy,ClientIdentifier,ConntrackState,DefaultAction,DNSProtocol,Duplex,Family,LACPRate,LinkFlag,LinkType,MatchOperator,NfTablesChainHook,NfTablesChainPriority,NfTablesVerdict,OperationalState,Port,PrimaryReselect,Protocol,RouteFlag,RouteProtocol,RouteType,RoutingRuleAction,RoutingTable,Scope,Status,VLANProtocol,WOLMode -linecomment -text"; DO NOT EDIT.
package nethelpers
@@ -1127,6 +1127,88 @@ func (i *DefaultAction) UnmarshalText(text []byte) error {
return err
}
+const _DNSProtocolName = "Do53DoT"
+
+var _DNSProtocolIndex = [...]uint8{0, 4, 7}
+
+const _DNSProtocolLowerName = "do53dot"
+
+func (i DNSProtocol) String() string {
+ if i >= DNSProtocol(len(_DNSProtocolIndex)-1) {
+ return fmt.Sprintf("DNSProtocol(%d)", i)
+ }
+ return _DNSProtocolName[_DNSProtocolIndex[i]:_DNSProtocolIndex[i+1]]
+}
+
+// An "invalid array index" compiler error signifies that the constant values have changed.
+// Re-run the stringer command to generate them again.
+func _DNSProtocolNoOp() {
+ var x [1]struct{}
+ _ = x[DNSProtocolDefault-(0)]
+ _ = x[DNSProtocolDNSOverTLS-(1)]
+}
+
+var _DNSProtocolValues = []DNSProtocol{DNSProtocolDefault, DNSProtocolDNSOverTLS}
+
+var _DNSProtocolNameToValueMap = map[string]DNSProtocol{
+ _DNSProtocolName[0:4]: DNSProtocolDefault,
+ _DNSProtocolLowerName[0:4]: DNSProtocolDefault,
+ _DNSProtocolName[4:7]: DNSProtocolDNSOverTLS,
+ _DNSProtocolLowerName[4:7]: DNSProtocolDNSOverTLS,
+}
+
+var _DNSProtocolNames = []string{
+ _DNSProtocolName[0:4],
+ _DNSProtocolName[4:7],
+}
+
+// DNSProtocolString retrieves an enum value from the enum constants string name.
+// Throws an error if the param is not part of the enum.
+func DNSProtocolString(s string) (DNSProtocol, error) {
+ if val, ok := _DNSProtocolNameToValueMap[s]; ok {
+ return val, nil
+ }
+
+ if val, ok := _DNSProtocolNameToValueMap[strings.ToLower(s)]; ok {
+ return val, nil
+ }
+ return 0, fmt.Errorf("%s does not belong to DNSProtocol values", s)
+}
+
+// DNSProtocolValues returns all values of the enum
+func DNSProtocolValues() []DNSProtocol {
+ return _DNSProtocolValues
+}
+
+// DNSProtocolStrings returns a slice of all String values of the enum
+func DNSProtocolStrings() []string {
+ strs := make([]string, len(_DNSProtocolNames))
+ copy(strs, _DNSProtocolNames)
+ return strs
+}
+
+// IsADNSProtocol returns "true" if the value is listed in the enum definition. "false" otherwise
+func (i DNSProtocol) IsADNSProtocol() bool {
+ for _, v := range _DNSProtocolValues {
+ if i == v {
+ return true
+ }
+ }
+ return false
+}
+
+// MarshalText implements the encoding.TextMarshaler interface for DNSProtocol
+func (i DNSProtocol) MarshalText() ([]byte, error) {
+ return []byte(i.String()), nil
+}
+
+// UnmarshalText implements the encoding.TextUnmarshaler interface for DNSProtocol
+func (i *DNSProtocol) UnmarshalText(text []byte) error {
+ var err error
+ *i, err = DNSProtocolString(string(text))
+ return err
+}
+
const (
_DuplexName_0 = "HalfFull"
_DuplexLowerName_0 = "halffull"
diff --git a/pkg/machinery/nethelpers/dnsprotocol.go b/pkg/machinery/nethelpers/dnsprotocol.go
new file mode 100644
index 000000000..4e6267a4c
--- /dev/null
+++ b/pkg/machinery/nethelpers/dnsprotocol.go
@@ -0,0 +1,16 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+package nethelpers
+
+// DNSProtocol is a kind of DNS protocol.
+type DNSProtocol byte
+
+// DNSProtocol constants.
+//
+//structprotogen:gen_enum
+const (
+ DNSProtocolDefault DNSProtocol = iota // Do53
+ DNSProtocolDNSOverTLS // DoT
+)
diff --git a/pkg/machinery/nethelpers/nethelpers.go b/pkg/machinery/nethelpers/nethelpers.go
index 33d9cc62a..fa940aa17 100644
--- a/pkg/machinery/nethelpers/nethelpers.go
+++ b/pkg/machinery/nethelpers/nethelpers.go
@@ -5,5 +5,5 @@
// Package nethelpers provides types and type wrappers to support network resources.
package nethelpers
-//go:generate go tool github.com/dmarkham/enumer -type=ARPAllTargets,ARPValidate,AddressFlag,AddressSortAlgorithm,ADSelect,ADLACPActive,AutoHostnameKind,BondMode,BondXmitHashPolicy,ClientIdentifier,ConntrackState,DefaultAction,Duplex,Family,LACPRate,LinkFlag,LinkType,MatchOperator,NfTablesChainHook,NfTablesChainPriority,NfTablesVerdict,OperationalState,Port,PrimaryReselect,Protocol,RouteFlag,RouteProtocol,RouteType,RoutingRuleAction,RoutingTable,Scope,Status,VLANProtocol,WOLMode -linecomment -text
+//go:generate go tool github.com/dmarkham/enumer -type=ARPAllTargets,ARPValidate,AddressFlag,AddressSortAlgorithm,ADSelect,ADLACPActive,AutoHostnameKind,BondMode,BondXmitHashPolicy,ClientIdentifier,ConntrackState,DefaultAction,DNSProtocol,Duplex,Family,LACPRate,LinkFlag,LinkType,MatchOperator,NfTablesChainHook,NfTablesChainPriority,NfTablesVerdict,OperationalState,Port,PrimaryReselect,Protocol,RouteFlag,RouteProtocol,RouteType,RoutingRuleAction,RoutingTable,Scope,Status,VLANProtocol,WOLMode -linecomment -text
//go:generate go tool github.com/dmarkham/enumer -type=FailOverMAC -linecomment
diff --git a/pkg/machinery/resources/network/address_spec_test.go b/pkg/machinery/resources/network/address_spec_test.go
index 48d863c98..f67a792c6 100644
--- a/pkg/machinery/resources/network/address_spec_test.go
+++ b/pkg/machinery/resources/network/address_spec_test.go
@@ -17,6 +17,8 @@ import (
)
func TestAddressSpecMarshalYAML(t *testing.T) {
+ t.Parallel()
+
spec := network.AddressSpecSpec{
Address: netip.MustParsePrefix("192.168.3.6/27"),
LinkName: "eth0",
diff --git a/pkg/machinery/resources/network/condition_test.go b/pkg/machinery/resources/network/condition_test.go
index 9786fc319..8a40b0593 100644
--- a/pkg/machinery/resources/network/condition_test.go
+++ b/pkg/machinery/resources/network/condition_test.go
@@ -20,11 +20,11 @@ import (
)
func TestCondition(t *testing.T) {
+ t.Parallel()
+
ctx, ctxCancel := context.WithTimeout(t.Context(), time.Second)
t.Cleanup(ctxCancel)
- t.Parallel()
-
for _, tt := range []struct {
Name string
Status network.StatusSpec
diff --git a/pkg/machinery/resources/network/deep_copy.generated.go b/pkg/machinery/resources/network/deep_copy.generated.go
index fcfd1db9f..fb0395b9a 100644
--- a/pkg/machinery/resources/network/deep_copy.generated.go
+++ b/pkg/machinery/resources/network/deep_copy.generated.go
@@ -594,6 +594,10 @@ func (o ResolverSpecSpec) DeepCopy() ResolverSpecSpec {
cp.DNSServers = make([]netip.Addr, len(o.DNSServers))
copy(cp.DNSServers, o.DNSServers)
}
+ if o.NameServers != nil {
+ cp.NameServers = make([]NameServerSpec, len(o.NameServers))
+ copy(cp.NameServers, o.NameServers)
+ }
if o.SearchDomains != nil {
cp.SearchDomains = make([]string, len(o.SearchDomains))
copy(cp.SearchDomains, o.SearchDomains)
@@ -608,6 +612,10 @@ func (o ResolverStatusSpec) DeepCopy() ResolverStatusSpec {
cp.DNSServers = make([]netip.Addr, len(o.DNSServers))
copy(cp.DNSServers, o.DNSServers)
}
+ if o.NameServers != nil {
+ cp.NameServers = make([]NameServerSpec, len(o.NameServers))
+ copy(cp.NameServers, o.NameServers)
+ }
if o.SearchDomains != nil {
cp.SearchDomains = make([]string, len(o.SearchDomains))
copy(cp.SearchDomains, o.SearchDomains)
diff --git a/pkg/machinery/resources/network/device_config_spec_test.go b/pkg/machinery/resources/network/device_config_spec_test.go
index 96af13fba..b3609f4ee 100644
--- a/pkg/machinery/resources/network/device_config_spec_test.go
+++ b/pkg/machinery/resources/network/device_config_spec_test.go
@@ -16,6 +16,8 @@ import (
)
func TestDeviceConfigProtobufMarshal(t *testing.T) {
+ t.Parallel()
+
d := &v1alpha1.Device{
DeviceInterface: "eth0",
DeviceAddresses: []string{"10.0.0.8/32"},
diff --git a/pkg/machinery/resources/network/hostname_spec_test.go b/pkg/machinery/resources/network/hostname_spec_test.go
index 39b6b1374..13fea4fb0 100644
--- a/pkg/machinery/resources/network/hostname_spec_test.go
+++ b/pkg/machinery/resources/network/hostname_spec_test.go
@@ -15,6 +15,8 @@ import (
)
func TestHostnameSpecMarshalYAML(t *testing.T) {
+ t.Parallel()
+
spec := network.HostnameSpecSpec{
Hostname: "foo",
Domainname: "example.com",
diff --git a/pkg/machinery/resources/network/link_spec_test.go b/pkg/machinery/resources/network/link_spec_test.go
index 418ab8bea..eeeed6155 100644
--- a/pkg/machinery/resources/network/link_spec_test.go
+++ b/pkg/machinery/resources/network/link_spec_test.go
@@ -19,6 +19,8 @@ import (
)
func TestLinkSpecMarshalYAML(t *testing.T) {
+ t.Parallel()
+
spec := network.LinkSpecSpec{
Name: "eth0",
Logical: true,
diff --git a/pkg/machinery/resources/network/link_status_test.go b/pkg/machinery/resources/network/link_status_test.go
index d607b3844..31f3d451a 100644
--- a/pkg/machinery/resources/network/link_status_test.go
+++ b/pkg/machinery/resources/network/link_status_test.go
@@ -21,6 +21,8 @@ import (
)
func TestLinkStatusMarshalYAML(t *testing.T) {
+ t.Parallel()
+
hwAddr, err := net.ParseMAC("01:23:45:67:89:ab")
require.NoError(t, err)
diff --git a/pkg/machinery/resources/network/link_test.go b/pkg/machinery/resources/network/link_test.go
index 4bccb4dfc..8d4f19b95 100644
--- a/pkg/machinery/resources/network/link_test.go
+++ b/pkg/machinery/resources/network/link_test.go
@@ -15,6 +15,8 @@ import (
)
func TestWireguardPeer(t *testing.T) {
+ t.Parallel()
+
key1 := "2t4fMmV1fBhI6RgoUzHp9BoWLT7oq0C/fOV17f7FqTI="
key2 := "zHyf80qsjQ1EfiXkjxaLf9K9VZ6YRwcXx8GrpXQ6/yQ="
diff --git a/pkg/machinery/resources/network/network_test.go b/pkg/machinery/resources/network/network_test.go
index 10df3b08c..991d4032f 100644
--- a/pkg/machinery/resources/network/network_test.go
+++ b/pkg/machinery/resources/network/network_test.go
@@ -23,6 +23,8 @@ import (
)
func TestRegisterResource(t *testing.T) {
+ t.Parallel()
+
ctx := t.Context()
resources := state.WrapCore(namespaced.NewState(inmem.Build))
diff --git a/pkg/machinery/resources/network/operator_spec_test.go b/pkg/machinery/resources/network/operator_spec_test.go
index f35e54de5..7a2890c96 100644
--- a/pkg/machinery/resources/network/operator_spec_test.go
+++ b/pkg/machinery/resources/network/operator_spec_test.go
@@ -16,6 +16,8 @@ import (
)
func TestOperatorSpecMarshalYAML(t *testing.T) {
+ t.Parallel()
+
spec := network.OperatorSpecSpec{
Operator: network.OperatorDHCP4,
LinkName: "eth0",
diff --git a/pkg/machinery/resources/network/resolver_spec.go b/pkg/machinery/resources/network/resolver_spec.go
index b3523a458..70ed0ed65 100644
--- a/pkg/machinery/resources/network/resolver_spec.go
+++ b/pkg/machinery/resources/network/resolver_spec.go
@@ -11,7 +11,9 @@ import (
"github.com/cosi-project/runtime/pkg/resource/meta"
"github.com/cosi-project/runtime/pkg/resource/protobuf"
"github.com/cosi-project/runtime/pkg/resource/typed"
+ "github.com/siderolabs/gen/xslices"
+ "github.com/siderolabs/talos/pkg/machinery/nethelpers"
"github.com/siderolabs/talos/pkg/machinery/proto"
)
@@ -24,13 +26,39 @@ type ResolverSpec = typed.Resource[ResolverSpecSpec, ResolverSpecExtension]
// ResolverID is the ID of the singleton instance.
const ResolverID resource.ID = "resolvers"
+// NameServerSpec describes a single DNS nameserver with additional configuration.
+//
+//gotagsrewrite:gen
+type NameServerSpec struct {
+ Addr netip.Addr `yaml:"addr" protobuf:"1"`
+ Protocol nethelpers.DNSProtocol `yaml:"protocol" protobuf:"2"`
+ TLSServerName string `yaml:"tlsServerName" protobuf:"3"`
+}
+
+// String returns a string representation of the NameServerSpec for logging purposes.
+func (ns NameServerSpec) String() string {
+ switch ns.Protocol {
+ case nethelpers.DNSProtocolDNSOverTLS:
+ return ns.Addr.String() + " (DoT, TLS Server Name: " + ns.TLSServerName + ")"
+ case nethelpers.DNSProtocolDefault:
+ return ns.Addr.String()
+ default:
+ return ns.Addr.String() + " (Unknown Protocol)"
+ }
+}
+
// ResolverSpecSpec describes DNS resolvers.
//
//gotagsrewrite:gen
type ResolverSpecSpec struct {
- DNSServers []netip.Addr `yaml:"dnsServers" protobuf:"1"`
- ConfigLayer ConfigLayer `yaml:"layer" protobuf:"2"`
- SearchDomains []string `yaml:"searchDomains,omitempty" protobuf:"3"`
+ // DNSServers is a flat list of DNS server IP addresses.
+ //
+ // Deprecated: This field is deprecated in favor of NameServers which contain more information.
+ DNSServers []netip.Addr `yaml:"dnsServers" protobuf:"1"`
+ // NameServers is a list of DNS servers with additional configuration.
+ NameServers []NameServerSpec `yaml:"nameServers,omitempty" protobuf:"4"`
+ ConfigLayer ConfigLayer `yaml:"layer" protobuf:"2"`
+ SearchDomains []string `yaml:"searchDomains,omitempty" protobuf:"3"`
}
// NewResolverSpec initializes a ResolverSpec resource.
@@ -41,6 +69,22 @@ func NewResolverSpec(namespace resource.Namespace, id resource.ID) *ResolverSpec
)
}
+// Convert handles conversion of deprecated fields to the new ones and vice versa for backward compatibility.
+func (s *ResolverSpecSpec) Convert() {
+ if s.NameServers == nil && s.DNSServers != nil {
+ s.NameServers = xslices.Map(s.DNSServers, func(addr netip.Addr) NameServerSpec {
+ return NameServerSpec{
+ Addr: addr,
+ Protocol: nethelpers.DNSProtocolDefault,
+ }
+ })
+ } else if s.DNSServers == nil && s.NameServers != nil {
+ s.DNSServers = xslices.Map(s.NameServers, func(ns NameServerSpec) netip.Addr {
+ return ns.Addr
+ })
+ }
+}
+
// ResolverSpecExtension provides auxiliary methods for ResolverSpec.
type ResolverSpecExtension struct{}
diff --git a/pkg/machinery/resources/network/resolver_spec_test.go b/pkg/machinery/resources/network/resolver_spec_test.go
index 4a98918ac..9e2b29e6f 100644
--- a/pkg/machinery/resources/network/resolver_spec_test.go
+++ b/pkg/machinery/resources/network/resolver_spec_test.go
@@ -12,10 +12,13 @@ import (
"github.com/stretchr/testify/require"
"go.yaml.in/yaml/v4"
+ "github.com/siderolabs/talos/pkg/machinery/nethelpers"
"github.com/siderolabs/talos/pkg/machinery/resources/network"
)
func TestResolverSpecMarshalYAML(t *testing.T) {
+ t.Parallel()
+
spec := network.ResolverSpecSpec{
DNSServers: []netip.Addr{netip.MustParseAddr("1.1.1.1"), netip.MustParseAddr("8.8.8.8")},
ConfigLayer: network.ConfigPlatform,
@@ -33,3 +36,28 @@ func TestResolverSpecMarshalYAML(t *testing.T) {
assert.Equal(t, spec, spec2)
}
+
+func TestResolverSpecConvert(t *testing.T) {
+ t.Parallel()
+
+ spec := network.ResolverSpecSpec{
+ DNSServers: []netip.Addr{netip.MustParseAddr("1.1.1.1"), netip.MustParseAddr("8.8.8.8")},
+ ConfigLayer: network.ConfigPlatform,
+ SearchDomains: []string{"example.com"},
+ }
+ spec.Convert()
+
+ assert.Equal(t, []network.NameServerSpec{
+ {Addr: netip.MustParseAddr("1.1.1.1")},
+ {Addr: netip.MustParseAddr("8.8.8.8")},
+ }, spec.NameServers)
+
+ spec = network.ResolverSpecSpec{
+ NameServers: []network.NameServerSpec{{Addr: netip.MustParseAddr("3.3.3.3"), Protocol: nethelpers.DNSProtocolDefault, TLSServerName: "dns.example.com"}},
+ ConfigLayer: network.ConfigPlatform,
+ SearchDomains: []string{"example.com"},
+ }
+ spec.Convert()
+
+ assert.Equal(t, []netip.Addr{netip.MustParseAddr("3.3.3.3")}, spec.DNSServers)
+}
diff --git a/pkg/machinery/resources/network/resolver_status.go b/pkg/machinery/resources/network/resolver_status.go
index d9aeac18f..f011b23bd 100644
--- a/pkg/machinery/resources/network/resolver_status.go
+++ b/pkg/machinery/resources/network/resolver_status.go
@@ -25,8 +25,13 @@ type ResolverStatus = typed.Resource[ResolverStatusSpec, ResolverStatusExtension
//
//gotagsrewrite:gen
type ResolverStatusSpec struct {
- DNSServers []netip.Addr `yaml:"dnsServers" protobuf:"1"`
- SearchDomains []string `yaml:"searchDomains" protobuf:"2"`
+ // DNSServers is a flat list of DNS server IP addresses.
+ //
+ // Deprecated: This field is deprecated in favor of NameServers which contain more information.
+ DNSServers []netip.Addr `yaml:"dnsServers" protobuf:"1"`
+ // NameServers is a list of DNS servers with additional configuration.
+ NameServers []NameServerSpec `yaml:"nameServers,omitempty" protobuf:"4"`
+ SearchDomains []string `yaml:"searchDomains" protobuf:"2"`
}
// NewResolverStatus initializes a ResolverStatus resource.
diff --git a/pkg/machinery/resources/network/route_spec_test.go b/pkg/machinery/resources/network/route_spec_test.go
index 12acccdca..75acc9cb0 100644
--- a/pkg/machinery/resources/network/route_spec_test.go
+++ b/pkg/machinery/resources/network/route_spec_test.go
@@ -17,6 +17,8 @@ import (
)
func TestRoutSpecMarshalYAML(t *testing.T) {
+ t.Parallel()
+
spec := network.RouteSpecSpec{
Family: nethelpers.FamilyInet6,
Destination: netip.MustParsePrefix("192.168.3.4/25"),
diff --git a/pkg/machinery/resources/network/timeserver_spec_test.go b/pkg/machinery/resources/network/timeserver_spec_test.go
index 4d59b6b53..0041c3634 100644
--- a/pkg/machinery/resources/network/timeserver_spec_test.go
+++ b/pkg/machinery/resources/network/timeserver_spec_test.go
@@ -15,6 +15,8 @@ import (
)
func TestTimeServerSpecMarshalYAML(t *testing.T) {
+ t.Parallel()
+
spec := network.TimeServerSpecSpec{
NTPServers: []string{"pool.ntp.org"},
ConfigLayer: network.ConfigPlatform,
diff --git a/pkg/machinery/resources/network/ula_test.go b/pkg/machinery/resources/network/ula_test.go
index cdb1336d0..c28594f77 100644
--- a/pkg/machinery/resources/network/ula_test.go
+++ b/pkg/machinery/resources/network/ula_test.go
@@ -13,5 +13,7 @@ import (
)
func TestULAPrefix(t *testing.T) {
+ t.Parallel()
+
assert.Equal(t, "fd7f:175a:b97c:5602::/64", network.ULAPrefix("8XuV9TZHW08DOk3bVxQjH9ih_TBKjnh-j44tsCLSBzo=", network.ULAKubeSpan).String())
}
diff --git a/website/content/v1.14/reference/api.md b/website/content/v1.14/reference/api.md
index b51f3183f..fb4fd13ad 100644
--- a/website/content/v1.14/reference/api.md
+++ b/website/content/v1.14/reference/api.md
@@ -310,6 +310,7 @@ description: Talos gRPC API reference.
- [NethelpersBondXmitHashPolicy](#talos.resource.definitions.enums.NethelpersBondXmitHashPolicy)
- [NethelpersClientIdentifier](#talos.resource.definitions.enums.NethelpersClientIdentifier)
- [NethelpersConntrackState](#talos.resource.definitions.enums.NethelpersConntrackState)
+ - [NethelpersDNSProtocol](#talos.resource.definitions.enums.NethelpersDNSProtocol)
- [NethelpersDuplex](#talos.resource.definitions.enums.NethelpersDuplex)
- [NethelpersFailOverMAC](#talos.resource.definitions.enums.NethelpersFailOverMAC)
- [NethelpersFamily](#talos.resource.definitions.enums.NethelpersFamily)
@@ -544,6 +545,7 @@ description: Talos gRPC API reference.
- [LinkRefreshSpec](#talos.resource.definitions.network.LinkRefreshSpec)
- [LinkSpecSpec](#talos.resource.definitions.network.LinkSpecSpec)
- [LinkStatusSpec](#talos.resource.definitions.network.LinkStatusSpec)
+ - [NameServerSpec](#talos.resource.definitions.network.NameServerSpec)
- [NfTablesAddressMatch](#talos.resource.definitions.network.NfTablesAddressMatch)
- [NfTablesChainSpec](#talos.resource.definitions.network.NfTablesChainSpec)
- [NfTablesClampMSS](#talos.resource.definitions.network.NfTablesClampMSS)
@@ -5316,6 +5318,18 @@ NethelpersConntrackState is a conntrack state.
+
+
+### NethelpersDNSProtocol
+NethelpersDNSProtocol is a kind of DNS protocol.
+
+| Name | Number | Description |
+| ---- | ------ | ----------- |
+| DNS_PROTOCOL_DEFAULT | 0 | |
+| DNS_PROTOCOL_DNS_OVER_TLS | 1 | |
+
+
+
### NethelpersDuplex
@@ -9584,6 +9598,23 @@ LinkStatusSpec describes status of rendered secrets.
+
+
+### NameServerSpec
+NameServerSpec describes a single DNS nameserver with additional configuration.
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| addr | [common.NetIP](#common.NetIP) | | |
+| protocol | [talos.resource.definitions.enums.NethelpersDNSProtocol](#talos.resource.definitions.enums.NethelpersDNSProtocol) | | |
+| tls_server_name | [string](#string) | | |
+
+
+
+
+
+
### NfTablesAddressMatch
@@ -9938,9 +9969,10 @@ ResolverSpecSpec describes DNS resolvers.
| Field | Type | Label | Description |
| ----- | ---- | ----- | ----------- |
-| dns_servers | [common.NetIP](#common.NetIP) | repeated | |
+| dns_servers | [common.NetIP](#common.NetIP) | repeated | DNSServers is a flat list of DNS server IP addresses.
Deprecated: This field is deprecated in favor of NameServers which contain more information. |
| config_layer | [talos.resource.definitions.enums.NetworkConfigLayer](#talos.resource.definitions.enums.NetworkConfigLayer) | | |
| search_domains | [string](#string) | repeated | |
+| name_servers | [NameServerSpec](#talos.resource.definitions.network.NameServerSpec) | repeated | NameServers is a list of DNS servers with additional configuration. |
@@ -9955,8 +9987,9 @@ ResolverStatusSpec describes DNS resolvers.
| Field | Type | Label | Description |
| ----- | ---- | ----- | ----------- |
-| dns_servers | [common.NetIP](#common.NetIP) | repeated | |
+| dns_servers | [common.NetIP](#common.NetIP) | repeated | DNSServers is a flat list of DNS server IP addresses.
Deprecated: This field is deprecated in favor of NameServers which contain more information. |
| search_domains | [string](#string) | repeated | |
+| name_servers | [NameServerSpec](#talos.resource.definitions.network.NameServerSpec) | repeated | NameServers is a list of DNS servers with additional configuration. |
diff --git a/website/content/v1.14/reference/configuration/network/resolverconfig.md b/website/content/v1.14/reference/configuration/network/resolverconfig.md
index 3cdd21b58..e4853dc36 100644
--- a/website/content/v1.14/reference/configuration/network/resolverconfig.md
+++ b/website/content/v1.14/reference/configuration/network/resolverconfig.md
@@ -19,7 +19,13 @@ kind: ResolverConfig
# A list of nameservers (DNS servers) to use for resolving domain names.
nameservers:
- address: 1.1.1.1 # The IP address of the nameserver.
+
+ # # TLS server name to validate the nameserver certificate against.
+ # tlsServerName: dns1.example.com
- address: ff08::1 # The IP address of the nameserver.
+
+ # # TLS server name to validate the nameserver certificate against.
+ # tlsServerName: dns1.example.com
# Configuration for search domains (in /etc/resolv.conf).
searchDomains:
# A list of search domains to be used for DNS resolution.
@@ -45,6 +51,19 @@ hostDNS:
resolveMemberNames: true # Resolve member hostnames using the host DNS resolver.
{{< /highlight >}}
+{{< highlight yaml >}}
+apiVersion: v1alpha1
+kind: ResolverConfig
+# A list of nameservers (DNS servers) to use for resolving domain names.
+nameservers:
+ - address: 9.9.9.9 # The IP address of the nameserver.
+ protocol: DoT # A DNS protocol to use.
+ tlsServerName: dns.quad9.net # TLS server name to validate the nameserver certificate against.
+ - address: 2620:fe::fe # The IP address of the nameserver.
+ protocol: DoT # A DNS protocol to use.
+ tlsServerName: dns.quad9.net # TLS server name to validate the nameserver certificate against.
+{{< /highlight >}}
+
| Field | Type | Description | Value(s) |
|-------|------|-------------|----------|
@@ -67,6 +86,10 @@ NameserverConfig represents a single nameserver configuration.
|`address` |Addr |The IP address of the nameserver. Show example(s)
{{< highlight yaml >}}
address: 10.0.0.1
{{< /highlight >}}
The default protocol is plain DNS (`Do53`) (DNS over TCP/UDP), but this can be set
to `DoT` to use DNS over TLS (RFC 7858) for encrypted DNS queries to this nameserver.
Note: DNS over TLS requires a correct system clock to validate certificates.
If NTP is configured with hostnames that need to be resolved through DoT, the
boot may stall: NTP needs DNS, and DoT needs valid time. Either rely on the
hardware clock, configure NTP servers by IP, or keep at least one plain-DNS
fallback nameserver. |`Do53`
`DoT`
|
+|`tlsServerName` |string |TLS server name to validate the nameserver certificate against.
This field should be set, if the protocol is set to `DoT`.
The value is used both as the SNI sent during the TLS handshake and as the name
verified against the server certificate. Show example(s)
{{< highlight yaml >}}
+tlsServerName: dns1.example.com
+{{< /highlight >}}