Add advertisedNetworks filter to KubeSpan configuration that allows
filtering which additional networks (e.g., pod CIDRs) are advertised
over KubeSpan when advertiseKubernetesNetworks is enabled.
Signed-off-by: Daniil Kivenko <daniil.kivenko@p2p.org>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This implements a way to run a debug container with a provided image on
the node.
The container runs with privileged profile, allowing to issue debugging
commands (e.g. using some advanced network tools) to troubleshoot a
machine.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This command was always hidden, rename it to `debug-tool` to free up the
`talosctl debug` for #12932.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Update pkgs with Linux 6.18.6 and dm-integrity module added.
Drops some crc kmods, as they are now compiled in.
See https://github.com/siderolabs/pkgs/pull/1447
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Same as for any other resource - layering per source, and proper merge
across layers, so we can see where it comes from.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add support for negative max size values in volume configuration.
Negative max size represents the amount of space to be left free on the device, rather than the size the volume should consume.
For example, a max size of "-10GiB" means the volume can grow to the device size minus 10GiB.
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
Changing `.cluster.controlPlane.endpoint=$NEW` will cause old tokens to be no longer valid.
We want to ensure that new tokens are issued using the `.cluster.controlPlane.endpoint=$NEW` value,
but all the existing tokens (issued using `.cluster.controlPlane.endpoint=$OLD`) are still accepted.
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
In API Server, passing extra args with `service-account-issuer` will add them to default value.
Fixes#11694
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
BREAKING: internal resources for the components use different
representation of AxtraArgs, resulting in modified types in protocol
buffers.
Signed-off-by: Mateusz Urbanek <mateusz.urbanek.98@gmail.com>
Migrate KubeSpan configuration to support multi-document format.
Add version-aware support for talosctl cluster create and gen config.
Uses multi-doc format for Talos 1.13+, legacy format for 1.12 and earlier.
Signed-off-by: Pranav Patil <pranavppatil767@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
After changing `talsoctl images k8s-bundle and talos-bundle`
we stopped printing some of the images to release notes.
This fixes that issue.
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
* add SSA via the new go-kubernetes library implementation to talosctl `upgrade-k8s` command
* add SSA via direct ResourceInterface call into talos (machined) with a manual inventory update
* add an integration test for ssa functionality
Co-authored-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Signed-off-by: Orzelius <33936483+Orzelius@users.noreply.github.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The interactive installer has been deprecated since v1.12 cycle,
now removed completely including the API method.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Also changes the bootloader interface.
Disks are formatted/created with pre-populated source directories in Install/Image mode.
Signed-off-by: Noel Georgi <git@frezbo.dev>
s/default/k8s-bundle
s/source-bundle/talos-bundle
for UX consistency when generating lists of images used by talos.
Remove non-k8s images from k8s-bundle list.
Signed-off-by: Justin Garrison <justin.garrison@siderolabs.com>
74d35900af0f6451426b70eec3b6db4b72eb993c was supposed to disable the k8s
tests on memory-restricted workers, but instead made the tests only run
on memory-restricted workers.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>