mirrors/talos
1
0
Fork 0
mirror of https://github.com/siderolabs/talos.git synced 2025-12-24 10:51:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

chore: prepare talos for 1.13

Browse Source 
Add compatibility with 1.13 and fix/upgrade tests.

Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
This commit is contained in:
Mateusz Urbanek 2025-12-11 09:43:55 +01:00
parent c0935030ac
commit bb62b29edb
No known key found for this signature in database
GPG Key ID: F16F84591E26D77F
15 changed files with 471 additions and 212 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Dockerfile
View File

@ -1288,10 +1288,10 @@ FROM scratch AS proto-docs-build
COPY --from=generate-build-clean /api/docs/api.md /api.md
FROM scratch AS docs
COPY --from=docs-build /tmp/configuration/ /website/content/v1.12/reference/configuration/
COPY --from=docs-build /tmp/cli.md /website/content/v1.12/reference/
COPY --from=docs-build /tmp/schemas /website/content/v1.12/schemas/
COPY --from=proto-docs-build /api.md /website/content/v1.12/reference/
COPY --from=docs-build /tmp/configuration/ /website/content/v1.13/reference/configuration/
COPY --from=docs-build /tmp/cli.md /website/content/v1.13/reference/
COPY --from=docs-build /tmp/schemas /website/content/v1.13/schemas/
COPY --from=proto-docs-build /api.md /website/content/v1.13/reference/
# The talosctl-cni-bundle builds the CNI bundle for talosctl.

2
README.md
View File

@ -57,7 +57,7 @@ See [Contributing](CONTRIBUTING.md) for our guidelines.
## License
<a href="https://github.com/siderolabs/talos/blob/master/LICENSE">
<img alt="GitHub" src="https://img.shields.io/github/license/siderolabs/talos?style=flat-square">
<img alt="GitHub" src="https://img.shields.io/github/license/siderolabs/talos">
</a>
Some software we distribute is under the General Public License family of licenses or other licenses that require we provide you with the source code.

199
hack/release.toml
View File

@ -18,206 +18,9 @@ preface = """
[notes.updates]
title = "Component Updates"
description = """\
Linux: 6.18.0
Kubernetes: 1.35.0-rc.1
CNI Plugins: 1.9.0
cryptsetup: 2.8.1
LVM2: 2_03_37
systemd-udevd: 257.8
runc: 1.3.4
CoreDNS: 1.13.1
etcd: 3.6.6
Flannel: 0.27.4
Flannel CNI plugin: v1.8.0-flannel2
containerd: 2.1.5
> For Talos 1.13 only:
> containerd: 2.2.0
containerd: 2.2.0
Talos is built with Go 1.25.5.
"""
[notes.luks2]
title = "Encrypted Volumes"
description = """\
Talos Linux now consistently provides mapped names for encrypted volumes in the format `/dev/mapper/luks2-<volume-id>`.
This change should not affect system or user volumes, but might allow easier identification of encrypted volumes,
and specifically for raw encrypted volumes.
"""
[notes.disk-encryption]
title = "Disk Encryption"
description = """\
Talos versions prior to v1.12 used the state of PCR 7 and signed policies locked to PCR 11 for TPM based disk encryption.
Talos now supports configuring which PCRs states are to be used for TPM based disk encryption via the `options.pcrs`
field in the `tpm` section of the disk encryption configuration.
If user doesn't specify any options Talos defaults to using PCR 7 for backwards compatibility with existing installations.
This change was made to improve compatibility with systems that may have varying states in PCR 7 due to UEFI Secure Boot configurations
and users may wish to disable locking to PCR 7 state entirely.
Signed PCR policies will still be bound to PCR 11.
The currently used PCR's can be seen with `talosctl get volumestatus <volume> -o yaml` command.
"""
[notes.kspp]
title = "Kernel Security Posture Profile (KSPP)"
description = """\
Talos now enables a stricter set of KSPP sysctl settings by default.
The list of overridden settings is available with `talosctl get kernelparamstatus` command.
"""
[notes.extra-binaries]
title = "Extra Binaries"
description = """\
Talos Linux now ships with `nft` binary in the rootfs to support CNIs which shell out to `nft` command.
"""
[notes.ethernet-config]
title = "Ethernet Configuration"
description = """\
The Ethernet configuration now includes a `wakeOnLAN` field to enable Wake-on-LAN (WOL) support.
This field can be set to enable WOL and specify the desired WOL modes.
"""
[notes.embedded-config]
title = "Embedded Config"
description = """\
Talos Linux now supports [embedding the machine configuration](https://www.talos.dev/v1.12/talos-guides/configuration/acquire/) directly into the boot image.
"""
[notes.feature-lock]
title = "Feature Lock"
description = """\
Talos now ignores the following machine configuration fields:
- `machine.features.rbac` (locked to true)
- `machine.features.apidCheckExtKeyUsage` (locked to true)
- `cluster.apiServer.disablePodSecurityPolicy` (locked to true)
These fields were removed from the default machine configuration schema in v1.12 and are now always set to the locked values above.
"""
[notes.etcd]
title = "etcd"
description = """\
etcd container image is now pulled from `registry.k8s.io/etcd` instead of `gcr.io/etcd-development/etcd`.
"""
[notes.talosctl]
title = "talosctl image cache-serve"
description = """\
`talosctl` includes new subcommand `image cache-serve`.
It allows serving the created OCI image registry over HTTP/HTTPS.
It is a read-only registry, meaning images cannot be pushed to it, but the backing storage can be updated by re-running the `cache-create` command;
Additionally `talosctl image cache-create` has some changes:
* new flag `--layout`: `oci` (_default_), `flat`:
* `oci` preserves current behavior;
* `flat` does not repack artifact layer, but moves it to a destination directory, allowing it to be served by `talosctl image cache-serve`;
* changed flag `--platform`: now can accept multiple os/arch combinations:
* comma separated (`--platform=linux/amd64,linux/arm64`);
* multiple instances (`--platform=linux/amd64 --platform=linux/arm64`);
"""
[notes.force-reboot]
title = "Talos force reboot"
description = """\
Talos now supports a "force" reboot mode, which allows skipping the graceful userland termination.
It can be used in situations where a userland service (e.g. the kubelet) gets stuck during graceful shutdown, causing the regular reboot flow to fail.
In addition, `talosctl` was updated to support this feature via `talosctl reboot --mode force`.
"""
[notes.kernel-module]
title = "Kernel Module"
description = """\
Talos now supports optionally disabling kernel module signature verification by setting `module.sig_enforce=0` kernel parameter.
By default module signature verification is enabled (`module.sig_enforce=1`).
When using Factory or Imager supply as `-module.sig_enfore module.sig_enforce=0` kernel parameters to disable module signature enforcement.
"""
[notes.grub]
title = "GRUB"
description = """\
Talos Linux introduces new machine configuration option `.machine.install.grubUseUKICmdline` to control whether GRUB should use the kernel command line
provided by the boot assets (UKI) or to use the command line constructed by Talos itself (legacy behavior).
This option defaults to `true` for new installations, which means that GRUB will use the command line from the UKI, making it easier to customize kernel parameters via boot asset generation.
For existing installations upgrading to v1.12, this option will default to `false` to preserve the legacy behavior.
"""
[notes.directory-user-volumes]
title = "New User Volume type - bind"
description = """\
New field in UserVolumeConfig - `volumeType` that defaults to `partition`, but can be set to `directory`.
When set to `directory`, provisioning and filesystem operations are skipped and a directory is created under `/var/mnt/<name>`.
The `directory` type enables lightweight storage volumes backed by a host directory, instead of requiring a full block device partition.
When `volumeType = "directory"`:
- A directory is created at `/var/mnt/<metadata.name>`;
- `provisioning`, `filesystem` and `encryption` are prohibited.
Note: this mode does not provide filesystem-level isolation and inherits the EPHEMERAL partition capacity limits.
It should not be used for workloads requiring predictable storage quotas.
"""
[notes.registry-configuration]
title = "CRI Registry Configuration"
description = """\
The CRI registry configuration in v1apha1 legacy machine configuration under `.machine.registries` is now deprecated, but still supported for backwards compatibility.
New configuration documents `RegistryMirrorConfig`, `RegistryAuthConfig` and `RegistryTLSConfig` should be used instead.
"""
[notes.disk-user-volumes]
title = "New User Volume type - disk"
description = """\
`volumeType` in UserVolumeConfig can be set to `disk`.
When set to `disk`, a full block device is used for the volume.
When `volumeType = "disk"`:
- Size specific settings are not allowed in the provisioning block (`minSize`, `maxSize`, `grow`).
"""
[notes.uefi-boot]
title = "UEFI Boot"
description = """\
When using UEFI boot with systemd-boot as bootloader (on new installs of Talos from 1.10+ onwards), Talos will now not touch the UEFI boot order.
Talos 1.11 made a fix to create UEFI boot entry and set the boot order as first entry, but this behavior caused issues on some systems.
To avoid further issues, Talos will now only create the UEFI boot entry if it does not exist, but will not modify the boot order.
"""
[notes.network-configuration]
title = "Network Configuration"
description = """\
The network configuration under `.machine.network` (with the exception of KubeSpan) has been deprecated, but it is still supported for backwards compatibility.
See [documentation](https://docs.siderolabs.com/talos/v1.12/networking/configuration/overview) for more information.
"""
[notes.apiserver-cipher-suites]
title = "API Server Cipher Suites"
description = """\
The Kubernetes API server in Talos has been updated to use a more secure set of TLS cipher suites by default.
This is in line with a set of best practices documented in CIS 1.12 benchmark.
You can still expand the list of supported cipher suites via the `cluster.apiServer.extraArgs."tls-cipher-suites"` machine configuration field if needed.
"""
[notes.kernel-log]
title = "Kernel Log"
description = """\
The kernel log (dmesg) is now also available as the service log named `kernel` (`talosctl logs kernel`).
"""
[notes.persistent-logs]
title = "Persistent logs"
description = """\
Talos now stores system component logs in /var/log, featuring automatic log rotation and keeping two most
recent log files. This change allows collecting logs from Talos like on any other Linux system.
"""
[make_deps]

3
pkg/machinery/compatibility/kubernetes_version.go
View File

@ -13,6 +13,7 @@ import (
"github.com/siderolabs/talos/pkg/machinery/compatibility/talos110"
"github.com/siderolabs/talos/pkg/machinery/compatibility/talos111"
"github.com/siderolabs/talos/pkg/machinery/compatibility/talos112"
"github.com/siderolabs/talos/pkg/machinery/compatibility/talos113"
"github.com/siderolabs/talos/pkg/machinery/compatibility/talos12"
"github.com/siderolabs/talos/pkg/machinery/compatibility/talos13"
"github.com/siderolabs/talos/pkg/machinery/compatibility/talos14"
@ -73,6 +74,8 @@ func (v *KubernetesVersion) SupportedWith(target *TalosVersion) error {
minK8sVersion, maxK8sVersion = talos111.MinimumKubernetesVersion, talos111.MaximumKubernetesVersion
case talos112.MajorMinor: // upgrades to 1.12.x
minK8sVersion, maxK8sVersion = talos112.MinimumKubernetesVersion, talos112.MaximumKubernetesVersion
case talos113.MajorMinor: // upgrades to 1.13.x
minK8sVersion, maxK8sVersion = talos113.MinimumKubernetesVersion, talos113.MaximumKubernetesVersion
default:
return fmt.Errorf("compatibility with version %s is not supported", target.String())
}

37
pkg/machinery/compatibility/kubernetes_version_test.go
View File

@ -385,12 +385,45 @@ func TestKubernetesCompatibility112(t *testing.T) {
}
}
func TestKubernetesCompatibility113(t *testing.T) {
for _, tt := range []kubernetesVersionTest{
{
kubernetesVersion: "1.31.1",
target: "1.13.0",
},
{
kubernetesVersion: "1.32.1",
target: "1.13.0",
},
{
kubernetesVersion: "1.35.3",
target: "1.13.0-beta.0",
},
{
kubernetesVersion: "1.36.0-rc.0",
target: "1.13.7",
},
{
kubernetesVersion: "1.37.0-alpha.0",
target: "1.13.0",
expectedError: "version of Kubernetes 1.37.0-alpha.0 is too new to be used with Talos 1.13.0",
},
{
kubernetesVersion: "1.30.1",
target: "1.13.0",
expectedError: "version of Kubernetes 1.30.1 is too old to be used with Talos 1.13.0",
},
} {
runKubernetesVersionTest(t, tt)
}
}
func TestKubernetesCompatibilityUnsupported(t *testing.T) {
for _, tt := range []kubernetesVersionTest{
{
kubernetesVersion: "1.25.0",
target: "1.13.0-alpha.0",
expectedError: "compatibility with version 1.13.0-alpha.0 is not supported",
target: "1.14.0-alpha.0",
expectedError: "compatibility with version 1.14.0-alpha.0 is not supported",
},
{
kubernetesVersion: "1.25.0",

2
pkg/machinery/compatibility/talos112/talos112.go
View File

@ -9,7 +9,7 @@ import (
"github.com/blang/semver/v4"
)
// MajorMinor is the major.minor version of Talos 1.11.
// MajorMinor is the major.minor version of Talos 1.12.
var MajorMinor = [2]uint64{1, 12}
// MinimumHostUpgradeVersion is the minimum version of Talos that can be upgraded to 1.12.

28
pkg/machinery/compatibility/talos113/talos113.go Normal file
View File

@ -0,0 +1,28 @@
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
// Package talos113 provides compatibility constants for Talos 1.13.
package talos113
import (
"github.com/blang/semver/v4"
)
// MajorMinor is the major.minor version of Talos 1.13.
var MajorMinor = [2]uint64{1, 13}
// MinimumHostUpgradeVersion is the minimum version of Talos that can be upgraded to 1.13.
var MinimumHostUpgradeVersion = semver.MustParse("1.11.0")
// MaximumHostDowngradeVersion is the maximum (not inclusive) version of Talos that can be downgraded to 1.13.
var MaximumHostDowngradeVersion = semver.MustParse("1.15.0")
// DeniedHostUpgradeVersions are the versions of Talos that cannot be upgraded to 1.13.
var DeniedHostUpgradeVersions []semver.Version
// MinimumKubernetesVersion is the minimum version of Kubernetes is supported with 1.13.
var MinimumKubernetesVersion = semver.MustParse("1.31.0")
// MaximumKubernetesVersion is the maximum version of Kubernetes is supported with 1.13.
var MaximumKubernetesVersion = semver.MustParse("1.36.99")

4
pkg/machinery/compatibility/talos_version.go
View File

@ -15,6 +15,7 @@ import (
"github.com/siderolabs/talos/pkg/machinery/compatibility/talos110"
"github.com/siderolabs/talos/pkg/machinery/compatibility/talos111"
"github.com/siderolabs/talos/pkg/machinery/compatibility/talos112"
"github.com/siderolabs/talos/pkg/machinery/compatibility/talos113"
"github.com/siderolabs/talos/pkg/machinery/compatibility/talos12"
"github.com/siderolabs/talos/pkg/machinery/compatibility/talos13"
"github.com/siderolabs/talos/pkg/machinery/compatibility/talos14"
@ -111,6 +112,9 @@ func (v *TalosVersion) UpgradeableFrom(host *TalosVersion) error {
case talos112.MajorMinor: // upgrades to 1.12.x
minHostUpgradeVersion, maxHostDowngradeVersion = talos112.MinimumHostUpgradeVersion, talos112.MaximumHostDowngradeVersion
deniedHostUpgradeVersions = talos112.DeniedHostUpgradeVersions
case talos113.MajorMinor: // upgrades to 1.13.x
minHostUpgradeVersion, maxHostDowngradeVersion = talos113.MinimumHostUpgradeVersion, talos113.MaximumHostDowngradeVersion
deniedHostUpgradeVersions = talos113.DeniedHostUpgradeVersions
default:
return fmt.Errorf("upgrades to version %s are not supported", v.version.String())
}

53
pkg/machinery/compatibility/talos_version_test.go
View File

@ -400,9 +400,9 @@ func TestTalosUpgradeCompatibility111(t *testing.T) {
expectedError: `host version 1.8.0 is too old to upgrade to Talos 1.11.0`,
},
{
host: "1.13.0-alpha.0",
target: "1.11.0",
expectedError: `host version 1.13.0-alpha.0 is too new to downgrade to Talos 1.11.0`,
host: "1.14.0-alpha.0",
target: "1.12.0",
expectedError: `host version 1.14.0-alpha.0 is too new to downgrade to Talos 1.12.0`,
},
} {
runTalosVersionTest(t, tt)
@ -450,12 +450,53 @@ func TestTalosUpgradeCompatibility112(t *testing.T) {
}
}
func TestTalosUpgradeCompatibility113(t *testing.T) {
for _, tt := range []talosVersionTest{
{
host: "1.11.0",
target: "1.13.0",
},
{
host: "1.12.0-alpha.0",
target: "1.13.0",
},
{
host: "1.11.0",
target: "1.13.0-alpha.0",
},
{
host: "1.12.3",
target: "1.13.1",
},
{
host: "1.13.0-beta.0",
target: "1.13.0",
},
{
host: "1.13.5",
target: "1.13.3",
},
{
host: "1.10.0",
target: "1.13.0",
expectedError: `host version 1.10.0 is too old to upgrade to Talos 1.13.0`,
},
{
host: "1.15.0-alpha.0",
target: "1.13.0",
expectedError: `host version 1.15.0-alpha.0 is too new to downgrade to Talos 1.13.0`,
},
} {
runTalosVersionTest(t, tt)
}
}
func TestTalosUpgradeCompatibilityUnsupported(t *testing.T) {
for _, tt := range []talosVersionTest{
{
host: "1.3.0",
target: "1.13.0-alpha.0",
expectedError: `upgrades to version 1.13.0-alpha.0 are not supported`,
host: "1.5.0",
target: "1.15.0-alpha.0",
expectedError: `upgrades to version 1.15.0-alpha.0 are not supported`,
},
{
host: "1.4.0",

1
pkg/machinery/config/contract.go
View File

@ -25,6 +25,7 @@ type VersionContract struct {
// Well-known Talos version contracts.
var (
TalosVersionCurrent = (*VersionContract)(nil)
TalosVersion1_13 = &VersionContract{1, 13}
TalosVersion1_12 = &VersionContract{1, 12}
TalosVersion1_11 = &VersionContract{1, 11}
TalosVersion1_10 = &VersionContract{1, 10}

94
pkg/machinery/config/types/v1alpha1/testdata/stability/v1.13/base-controlplane.yaml vendored Normal file
View File

@ -0,0 +1,94 @@
version: v1alpha1
debug: false
persist: true
machine:
type: controlplane
token: d8cwfa.eyvpi0xwxyarbfid
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQakNCOGFBREFnRUNBaEI5cStGVXpodzkycHVPemtpNzB1eGRNQVVHQXl0bGNEQVFNUTR3REFZRFZRUUsKRXdWMFlXeHZjekFlRncweU16RXdNVEl4TURRMk1EbGFGdzB6TXpFd01Ea3hNRFEyTURsYU1CQXhEakFNQmdOVgpCQW9UQlhSaGJHOXpNQ293QlFZREsyVndBeUVBaHVLczZxeCtKWi8wWG8ybXdpQUNjK1EwSVYySGhMd3ozVTZICmUxemZjS2lqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVSlgzWlVNRktWWFZ5NWhKWQozZG9NWENpVEJZRXdCUVlESzJWd0EwRUFCbUxrbDhITmQ3cUpEN3VqQkk2UG9abVRQQWlEcU9GQ0NTVDZJYlZDClF3UzQ1bk1tMldtalRIc3ZrYU5FQ0dneTBhQXJaaFdsbnVYWUswY0t3Z2VJQ0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0KTUM0Q0FRQXdCUVlESzJWd0JDSUVJTURXbklEdVpSdlhQcW1tbSt6bk15SWMrdk53ZjdnYksvSmR3WC9iN2d1RQotLS0tLUVORCBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0K
certSANs: []
kubelet:
image: ghcr.io/siderolabs/kubelet:v1.28.0
defaultRuntimeSeccompProfileEnabled: true
disableManifestsDirectory: true
network: {}
install:
wipe: false
grubUseUKICmdline: true
features:
diskQuotaSupport: true
kubePrism:
enabled: true
port: 7445
hostDNS:
enabled: true
forwardKubeDNSToHost: true
nodeLabels:
node.kubernetes.io/exclude-from-external-load-balancers: ""
cluster:
id: 0raF93qnkMvF-FZNuvyGozXNdLiT2FOWSlyBaW4PR-w=
secret: pofHbABZq7VXuObsdLdy/bHmz6hlMHZ3p8+6WKrv1ic=
controlPlane:
endpoint: https://base:6443
clusterName: base
network:
dnsDomain: cluster.local
podSubnets:
- 10.244.0.0/16
serviceSubnets:
- 10.96.0.0/12
token: inn7ol.u4ehnti8qyls9ymo
secretboxEncryptionSecret: 45yd2Ke+sytiICojDf8aibTfgt99nzJmO53cjDqrCto=
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpVENDQVMrZ0F3SUJBZ0lRYm1hNDNPalRwR0I5TjVxOVFEc3RFekFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSXpNVEF4TWpFd05EWXdPVm9YRFRNek1UQXdPVEV3TkRZdwpPVm93RlRFVE1CRUdBMVVFQ2hNS2EzVmlaWEp1WlhSbGN6QlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VICkEwSUFCTXNhRWZ5R3lFb0xyK0p1Wk91dkVVaXVNMStIQjZvZGtSdVV3ZEJ0ODdacDd1SkVoaEFsZitxNFFjT3gKcFRpZnBIRHJBOEFURjNCWUlFRmFXZ0xPTld1allUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWRCZ05WSFNVRQpGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFCkZnUVU0ZEVkM1RoVzRKWlVWcXR1OEFZNWx1NUhQeGN3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUpJbkFMb0EKY1VhRUp4VlJ5dkhQenFQcTBvaGJOY2oyT3N2d3VKUFMzSktVQWlCSmhwNGFWMG9zUURRSGJnbjdXUWFYaHZFTwo5bWxTbVRURTAyOXBWb0YyWkE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUVZbFloNzVTUTZ6VUJFTUZ6em5pUzZuVVg3Q2VxQ013S3k0RTZHVEVFMGNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFeXhvUi9JYklTZ3V2NG01azY2OFJTSzR6WDRjSHFoMlJHNVRCMEczenRtbnU0a1NHRUNWLwo2cmhCdzdHbE9KK2tjT3NEd0JNWGNGZ2dRVnBhQXM0MWF3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
aggregatorCA:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJYakNDQVFXZ0F3SUJBZ0lRWnNnVDRZZzVxRkNIbS9QTnV5QUVSekFLQmdncWhrak9QUVFEQWpBQU1CNFgKRFRJek1UQXhNakV3TkRZd09Wb1hEVE16TVRBd09URXdORFl3T1Zvd0FEQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxRwpTTTQ5QXdFSEEwSUFCRmQ1eEhFWHhZRndQeTdaWjhmd3FHRGU2YVQ5ZmxNRVlWZENRNDlEaWZobWVteTVDaHZRCnlVRkpZcFM4b21HODVTS1dnOEpFTkoyNnhEdm9WMFBCS2srallUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWQKQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZApCZ05WSFE0RUZnUVV4K0xab1FrYjlmOTN0Y0g4NnZjOUc2ZE13T2t3Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnClhudDVXdmEzOGtWVTB3NjExMEp4bU43Qm5zcWl2NnNMaXlJNXRUR1BDQk1DSUZDQlJ3RXZSYTNnU3pkdXB6ajcKQVJLV3NlK3V5YW9rMnlNYXZnaUVITWpUCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUlMblhpQ3hOWU1CWHpncjVuYmc3bnVtUWM2UGlHaXdmWUN2eFF3Tlhxc3dvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFVjNuRWNSZkZnWEEvTHRsbngvQ29ZTjdwcFAxK1V3UmhWMEpEajBPSitHWjZiTGtLRzlESgpRVWxpbEx5aVliemxJcGFEd2tRMG5ickVPK2hYUThFcVR3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
serviceAccount:
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUlHVElBQjZZUzV0cFcrUnYxeDBPY09Jb1h0SXgzdGZteVFZNGxOWWRCbmpvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFQ3drbVVTUmtrbnlOc0NjTFJNUTlmZWx6cFY0dDdIdlNRcnp6ZGRvK2pWYmlqd2kwVVE1YQp0VW8vZkxQbDlBckVNOHNRWTVOSlgraVdxYjFkQWFXa2VnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
apiServer:
image: registry.k8s.io/kube-apiserver:v1.28.0
admissionControl:
- name: PodSecurity
configuration:
apiVersion: pod-security.admission.config.k8s.io/v1alpha1
defaults:
audit: restricted
audit-version: latest
enforce: baseline
enforce-version: latest
warn: restricted
warn-version: latest
exemptions:
namespaces:
- kube-system
runtimeClasses: []
usernames: []
kind: PodSecurityConfiguration
auditPolicy:
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: Metadata
controllerManager:
image: registry.k8s.io/kube-controller-manager:v1.28.0
proxy:
image: registry.k8s.io/kube-proxy:v1.28.0
scheduler:
image: registry.k8s.io/kube-scheduler:v1.28.0
discovery:
enabled: true
registries:
kubernetes:
disabled: true
service: {}
etcd:
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmVENDQVNPZ0F3SUJBZ0lRVkNTWmFQU3Z0TlZTcjYrVkRyUks0akFLQmdncWhrak9QUVFEQWpBUE1RMHcKQ3dZRFZRUUtFd1JsZEdOa01CNFhEVEl6TVRBeE1qRXdORFl3T1ZvWERUTXpNVEF3T1RFd05EWXdPVm93RHpFTgpNQXNHQTFVRUNoTUVaWFJqWkRCWk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQk9wVXN0MHN3MEJZCkFDN0hpTGNrRElvdVdTRVhWTlJVWE42UmNLTWVRQU9VOEhJQkZBaTJlS2Rka2VJOEhZOTJNWTU1U21xQlhNK3cKRTh0RFgyT3kxSk9qWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjRApBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVejVmai9oZTZoUjhMCkFRTU5qTjgxNS8zV3B6d3dDZ1lJS29aSXpqMEVBd0lEU0FBd1JRSWdFWWcyTlp3NkExek02eURNWTRHN1JPVkwKc0JOU0VhSDd4VmVSalBSblAvZ0NJUURiYzFMNmI0SkU0MCtuUCtYNG5pZlB0QWp5REhhUzVMS0YzQWZkUkRWdApMUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU03Q2VnMk1GQW5TM3ROMzV6QTc0aFZ3VElkTkthK0ZwUHlYVERCdU4wVFlvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFNmxTeTNTekRRRmdBTHNlSXR5UU1paTVaSVJkVTFGUmMzcEZ3b3g1QUE1VHdjZ0VVQ0xaNApwMTJSNGp3ZGozWXhqbmxLYW9GY3o3QVR5ME5mWTdMVWt3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
---
apiVersion: v1alpha1
kind: HostnameConfig
auto: stable

52
pkg/machinery/config/types/v1alpha1/testdata/stability/v1.13/base-worker.yaml vendored Normal file
View File

@ -0,0 +1,52 @@
version: v1alpha1
debug: false
persist: true
machine:
type: worker
token: d8cwfa.eyvpi0xwxyarbfid
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQakNCOGFBREFnRUNBaEI5cStGVXpodzkycHVPemtpNzB1eGRNQVVHQXl0bGNEQVFNUTR3REFZRFZRUUsKRXdWMFlXeHZjekFlRncweU16RXdNVEl4TURRMk1EbGFGdzB6TXpFd01Ea3hNRFEyTURsYU1CQXhEakFNQmdOVgpCQW9UQlhSaGJHOXpNQ293QlFZREsyVndBeUVBaHVLczZxeCtKWi8wWG8ybXdpQUNjK1EwSVYySGhMd3ozVTZICmUxemZjS2lqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVSlgzWlVNRktWWFZ5NWhKWQozZG9NWENpVEJZRXdCUVlESzJWd0EwRUFCbUxrbDhITmQ3cUpEN3VqQkk2UG9abVRQQWlEcU9GQ0NTVDZJYlZDClF3UzQ1bk1tMldtalRIc3ZrYU5FQ0dneTBhQXJaaFdsbnVYWUswY0t3Z2VJQ0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: ""
certSANs: []
kubelet:
image: ghcr.io/siderolabs/kubelet:v1.28.0
defaultRuntimeSeccompProfileEnabled: true
disableManifestsDirectory: true
network: {}
install:
wipe: false
grubUseUKICmdline: true
features:
diskQuotaSupport: true
kubePrism:
enabled: true
port: 7445
hostDNS:
enabled: true
forwardKubeDNSToHost: true
cluster:
id: 0raF93qnkMvF-FZNuvyGozXNdLiT2FOWSlyBaW4PR-w=
secret: pofHbABZq7VXuObsdLdy/bHmz6hlMHZ3p8+6WKrv1ic=
controlPlane:
endpoint: https://base:6443
clusterName: base
network:
dnsDomain: cluster.local
podSubnets:
- 10.244.0.0/16
serviceSubnets:
- 10.96.0.0/12
token: inn7ol.u4ehnti8qyls9ymo
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpVENDQVMrZ0F3SUJBZ0lRYm1hNDNPalRwR0I5TjVxOVFEc3RFekFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSXpNVEF4TWpFd05EWXdPVm9YRFRNek1UQXdPVEV3TkRZdwpPVm93RlRFVE1CRUdBMVVFQ2hNS2EzVmlaWEp1WlhSbGN6QlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VICkEwSUFCTXNhRWZ5R3lFb0xyK0p1Wk91dkVVaXVNMStIQjZvZGtSdVV3ZEJ0ODdacDd1SkVoaEFsZitxNFFjT3gKcFRpZnBIRHJBOEFURjNCWUlFRmFXZ0xPTld1allUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWRCZ05WSFNVRQpGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFCkZnUVU0ZEVkM1RoVzRKWlVWcXR1OEFZNWx1NUhQeGN3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUpJbkFMb0EKY1VhRUp4VlJ5dkhQenFQcTBvaGJOY2oyT3N2d3VKUFMzSktVQWlCSmhwNGFWMG9zUURRSGJnbjdXUWFYaHZFTwo5bWxTbVRURTAyOXBWb0YyWkE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: ""
discovery:
enabled: true
registries:
kubernetes:
disabled: true
service: {}
---
apiVersion: v1alpha1
kind: HostnameConfig
auto: stable

123
pkg/machinery/config/types/v1alpha1/testdata/stability/v1.13/overrides-controlplane.yaml vendored Normal file
View File

@ -0,0 +1,123 @@
version: v1alpha1
debug: false
persist: true
machine:
type: controlplane
token: d8cwfa.eyvpi0xwxyarbfid
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQakNCOGFBREFnRUNBaEI5cStGVXpodzkycHVPemtpNzB1eGRNQVVHQXl0bGNEQVFNUTR3REFZRFZRUUsKRXdWMFlXeHZjekFlRncweU16RXdNVEl4TURRMk1EbGFGdzB6TXpFd01Ea3hNRFEyTURsYU1CQXhEakFNQmdOVgpCQW9UQlhSaGJHOXpNQ293QlFZREsyVndBeUVBaHVLczZxeCtKWi8wWG8ybXdpQUNjK1EwSVYySGhMd3ozVTZICmUxemZjS2lqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVSlgzWlVNRktWWFZ5NWhKWQozZG9NWENpVEJZRXdCUVlESzJWd0EwRUFCbUxrbDhITmQ3cUpEN3VqQkk2UG9abVRQQWlEcU9GQ0NTVDZJYlZDClF3UzQ1bk1tMldtalRIc3ZrYU5FQ0dneTBhQXJaaFdsbnVYWUswY0t3Z2VJQ0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0KTUM0Q0FRQXdCUVlESzJWd0JDSUVJTURXbklEdVpSdlhQcW1tbSt6bk15SWMrdk53ZjdnYksvSmR3WC9iN2d1RQotLS0tLUVORCBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0K
certSANs:
- foo
- bar
kubelet:
image: ghcr.io/siderolabs/kubelet:v1.28.0
extraMounts:
- destination: /var/opt
type: bind
source: /var/opt
options:
- rshared
defaultRuntimeSeccompProfileEnabled: true
disableManifestsDirectory: true
network: {}
install:
disk: /dev/vda
extraKernelArgs:
- foo=bar
- bar=baz
wipe: false
grubUseUKICmdline: true
sysctls:
foo: bar
features:
diskQuotaSupport: true
kubePrism:
enabled: true
port: 7445
hostDNS:
enabled: true
forwardKubeDNSToHost: true
nodeLabels:
node.kubernetes.io/exclude-from-external-load-balancers: ""
cluster:
id: 0raF93qnkMvF-FZNuvyGozXNdLiT2FOWSlyBaW4PR-w=
secret: pofHbABZq7VXuObsdLdy/bHmz6hlMHZ3p8+6WKrv1ic=
controlPlane:
endpoint: https://base:6443
localAPIServerPort: 5443
clusterName: base
network:
cni:
name: custom
urls:
- https://example.com/cni.yaml
dnsDomain: example.com
podSubnets:
- 10.244.0.0/16
serviceSubnets:
- 10.96.0.0/12
token: inn7ol.u4ehnti8qyls9ymo
secretboxEncryptionSecret: 45yd2Ke+sytiICojDf8aibTfgt99nzJmO53cjDqrCto=
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpVENDQVMrZ0F3SUJBZ0lRYm1hNDNPalRwR0I5TjVxOVFEc3RFekFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSXpNVEF4TWpFd05EWXdPVm9YRFRNek1UQXdPVEV3TkRZdwpPVm93RlRFVE1CRUdBMVVFQ2hNS2EzVmlaWEp1WlhSbGN6QlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VICkEwSUFCTXNhRWZ5R3lFb0xyK0p1Wk91dkVVaXVNMStIQjZvZGtSdVV3ZEJ0ODdacDd1SkVoaEFsZitxNFFjT3gKcFRpZnBIRHJBOEFURjNCWUlFRmFXZ0xPTld1allUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWRCZ05WSFNVRQpGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFCkZnUVU0ZEVkM1RoVzRKWlVWcXR1OEFZNWx1NUhQeGN3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUpJbkFMb0EKY1VhRUp4VlJ5dkhQenFQcTBvaGJOY2oyT3N2d3VKUFMzSktVQWlCSmhwNGFWMG9zUURRSGJnbjdXUWFYaHZFTwo5bWxTbVRURTAyOXBWb0YyWkE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUVZbFloNzVTUTZ6VUJFTUZ6em5pUzZuVVg3Q2VxQ013S3k0RTZHVEVFMGNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFeXhvUi9JYklTZ3V2NG01azY2OFJTSzR6WDRjSHFoMlJHNVRCMEczenRtbnU0a1NHRUNWLwo2cmhCdzdHbE9KK2tjT3NEd0JNWGNGZ2dRVnBhQXM0MWF3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
aggregatorCA:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJYakNDQVFXZ0F3SUJBZ0lRWnNnVDRZZzVxRkNIbS9QTnV5QUVSekFLQmdncWhrak9QUVFEQWpBQU1CNFgKRFRJek1UQXhNakV3TkRZd09Wb1hEVE16TVRBd09URXdORFl3T1Zvd0FEQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxRwpTTTQ5QXdFSEEwSUFCRmQ1eEhFWHhZRndQeTdaWjhmd3FHRGU2YVQ5ZmxNRVlWZENRNDlEaWZobWVteTVDaHZRCnlVRkpZcFM4b21HODVTS1dnOEpFTkoyNnhEdm9WMFBCS2srallUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWQKQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZApCZ05WSFE0RUZnUVV4K0xab1FrYjlmOTN0Y0g4NnZjOUc2ZE13T2t3Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnClhudDVXdmEzOGtWVTB3NjExMEp4bU43Qm5zcWl2NnNMaXlJNXRUR1BDQk1DSUZDQlJ3RXZSYTNnU3pkdXB6ajcKQVJLV3NlK3V5YW9rMnlNYXZnaUVITWpUCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUlMblhpQ3hOWU1CWHpncjVuYmc3bnVtUWM2UGlHaXdmWUN2eFF3Tlhxc3dvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFVjNuRWNSZkZnWEEvTHRsbngvQ29ZTjdwcFAxK1V3UmhWMEpEajBPSitHWjZiTGtLRzlESgpRVWxpbEx5aVliemxJcGFEd2tRMG5ickVPK2hYUThFcVR3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
serviceAccount:
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUlHVElBQjZZUzV0cFcrUnYxeDBPY09Jb1h0SXgzdGZteVFZNGxOWWRCbmpvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFQ3drbVVTUmtrbnlOc0NjTFJNUTlmZWx6cFY0dDdIdlNRcnp6ZGRvK2pWYmlqd2kwVVE1YQp0VW8vZkxQbDlBckVNOHNRWTVOSlgraVdxYjFkQWFXa2VnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
apiServer:
image: registry.k8s.io/kube-apiserver:v1.28.0
certSANs:
- foo
- bar
admissionControl:
- name: PodSecurity
configuration:
apiVersion: pod-security.admission.config.k8s.io/v1alpha1
defaults:
audit: restricted
audit-version: latest
enforce: baseline
enforce-version: latest
warn: restricted
warn-version: latest
exemptions:
namespaces:
- kube-system
runtimeClasses: []
usernames: []
kind: PodSecurityConfiguration
auditPolicy:
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: Metadata
controllerManager:
image: registry.k8s.io/kube-controller-manager:v1.28.0
proxy:
image: registry.k8s.io/kube-proxy:v1.28.0
scheduler:
image: registry.k8s.io/kube-scheduler:v1.28.0
discovery:
enabled: true
registries:
kubernetes:
disabled: true
service: {}
etcd:
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmVENDQVNPZ0F3SUJBZ0lRVkNTWmFQU3Z0TlZTcjYrVkRyUks0akFLQmdncWhrak9QUVFEQWpBUE1RMHcKQ3dZRFZRUUtFd1JsZEdOa01CNFhEVEl6TVRBeE1qRXdORFl3T1ZvWERUTXpNVEF3T1RFd05EWXdPVm93RHpFTgpNQXNHQTFVRUNoTUVaWFJqWkRCWk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQk9wVXN0MHN3MEJZCkFDN0hpTGNrRElvdVdTRVhWTlJVWE42UmNLTWVRQU9VOEhJQkZBaTJlS2Rka2VJOEhZOTJNWTU1U21xQlhNK3cKRTh0RFgyT3kxSk9qWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjRApBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVejVmai9oZTZoUjhMCkFRTU5qTjgxNS8zV3B6d3dDZ1lJS29aSXpqMEVBd0lEU0FBd1JRSWdFWWcyTlp3NkExek02eURNWTRHN1JPVkwKc0JOU0VhSDd4VmVSalBSblAvZ0NJUURiYzFMNmI0SkU0MCtuUCtYNG5pZlB0QWp5REhhUzVMS0YzQWZkUkRWdApMUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU03Q2VnMk1GQW5TM3ROMzV6QTc0aFZ3VElkTkthK0ZwUHlYVERCdU4wVFlvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFNmxTeTNTekRRRmdBTHNlSXR5UU1paTVaSVJkVTFGUmMzcEZ3b3g1QUE1VHdjZ0VVQ0xaNApwMTJSNGp3ZGozWXhqbmxLYW9GY3o3QVR5ME5mWTdMVWt3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
allowSchedulingOnControlPlanes: true
---
apiVersion: v1alpha1
kind: RegistryMirrorConfig
name: ghcr.io
endpoints:
- url: https://ghcr.io.my-mirror.com
---
apiVersion: v1alpha1
kind: HostnameConfig
auto: stable

76
pkg/machinery/config/types/v1alpha1/testdata/stability/v1.13/overrides-worker.yaml vendored Normal file
View File

@ -0,0 +1,76 @@
version: v1alpha1
debug: false
persist: true
machine:
type: worker
token: d8cwfa.eyvpi0xwxyarbfid
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQakNCOGFBREFnRUNBaEI5cStGVXpodzkycHVPemtpNzB1eGRNQVVHQXl0bGNEQVFNUTR3REFZRFZRUUsKRXdWMFlXeHZjekFlRncweU16RXdNVEl4TURRMk1EbGFGdzB6TXpFd01Ea3hNRFEyTURsYU1CQXhEakFNQmdOVgpCQW9UQlhSaGJHOXpNQ293QlFZREsyVndBeUVBaHVLczZxeCtKWi8wWG8ybXdpQUNjK1EwSVYySGhMd3ozVTZICmUxemZjS2lqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVSlgzWlVNRktWWFZ5NWhKWQozZG9NWENpVEJZRXdCUVlESzJWd0EwRUFCbUxrbDhITmQ3cUpEN3VqQkk2UG9abVRQQWlEcU9GQ0NTVDZJYlZDClF3UzQ1bk1tMldtalRIc3ZrYU5FQ0dneTBhQXJaaFdsbnVYWUswY0t3Z2VJQ0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: ""
certSANs:
- foo
- bar
kubelet:
image: ghcr.io/siderolabs/kubelet:v1.28.0
extraMounts:
- destination: /var/opt
type: bind
source: /var/opt
options:
- rshared
defaultRuntimeSeccompProfileEnabled: true
disableManifestsDirectory: true
network: {}
install:
disk: /dev/vda
extraKernelArgs:
- foo=bar
- bar=baz
wipe: false
grubUseUKICmdline: true
sysctls:
foo: bar
features:
diskQuotaSupport: true
kubePrism:
enabled: true
port: 7445
hostDNS:
enabled: true
forwardKubeDNSToHost: true
cluster:
id: 0raF93qnkMvF-FZNuvyGozXNdLiT2FOWSlyBaW4PR-w=
secret: pofHbABZq7VXuObsdLdy/bHmz6hlMHZ3p8+6WKrv1ic=
controlPlane:
endpoint: https://base:6443
clusterName: base
network:
cni:
name: custom
urls:
- https://example.com/cni.yaml
dnsDomain: example.com
podSubnets:
- 10.244.0.0/16
serviceSubnets:
- 10.96.0.0/12
token: inn7ol.u4ehnti8qyls9ymo
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpVENDQVMrZ0F3SUJBZ0lRYm1hNDNPalRwR0I5TjVxOVFEc3RFekFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSXpNVEF4TWpFd05EWXdPVm9YRFRNek1UQXdPVEV3TkRZdwpPVm93RlRFVE1CRUdBMVVFQ2hNS2EzVmlaWEp1WlhSbGN6QlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VICkEwSUFCTXNhRWZ5R3lFb0xyK0p1Wk91dkVVaXVNMStIQjZvZGtSdVV3ZEJ0ODdacDd1SkVoaEFsZitxNFFjT3gKcFRpZnBIRHJBOEFURjNCWUlFRmFXZ0xPTld1allUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWRCZ05WSFNVRQpGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFCkZnUVU0ZEVkM1RoVzRKWlVWcXR1OEFZNWx1NUhQeGN3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUpJbkFMb0EKY1VhRUp4VlJ5dkhQenFQcTBvaGJOY2oyT3N2d3VKUFMzSktVQWlCSmhwNGFWMG9zUURRSGJnbjdXUWFYaHZFTwo5bWxTbVRURTAyOXBWb0YyWkE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: ""
discovery:
enabled: true
registries:
kubernetes:
disabled: true
service: {}
---
apiVersion: v1alpha1
kind: RegistryMirrorConfig
name: ghcr.io
endpoints:
- url: https://ghcr.io.my-mirror.com
---
apiVersion: v1alpha1
kind: HostnameConfig
auto: stable

1
pkg/machinery/config/types/v1alpha1/v1alpha1_stability_test.go
View File

@ -47,6 +47,7 @@ func TestConfigEncodingStability(t *testing.T) {
config.TalosVersion1_10,
config.TalosVersion1_11,
config.TalosVersion1_12,
config.TalosVersion1_13,
}
currentVersion := ensure.Value(semver.ParseTolerant(gendata.VersionTag))