Add NVIDIA arm64 test matrix.
Also ensure we have a known baseline for nvidia cdi files,
so if upstream adds more files and we don't install to right location
the test would fail.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Add RoutingRuleConfig multi-doc config type for management of routing rules.
KubeSpan now uses COSI resources instead of direct kernel management.
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
Also sync tools, now the kernel is built with LLVM 22.1.
See https://github.com/siderolabs/pkgs/issues/1479 for the context.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add symlinks that are expected by nvidia-gpu-operator.
These symlinks point to empty files when nvidia-container-toolkit extension is not added.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Add support for whole machine-wide image verification configuration.
Configuration is a set of rules applied top-down to the image reference,
each specifying a specific cosign-based identity or static public key
claim.
Talos provides a machined API to verify an image reference, resolving it
to the digest on the way as needed.
Talos itself hooks up in the image verification process, while
containerd CRI plugin accesses same API via the machined socket.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add new `talosctl install` command using the LifecycleService.Install
streaming API with support for insecure (maintenance) mode and progress
reporting. Refactor `talosctl upgrade` to use the new
LifecycleService.Upgrade streaming API with automatic fallback to the
legacy MachineService.Upgrade path for older Talos versions.
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
Implement new minimal Install/Upgrade LifecycleService API with streaming
support for real-time progress reporting. Add protobuf definitions, gRPC
service implementation, and client bindings.
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
Allow LinkAliasConfig names like net%d to match multiple links and assign
sequential aliases in alphabetical order, skipping links already claimed by
earlier alias configs. Add validation for the format verb and controller
tests covering ordering and reconciliation on link changes.
Signed-off-by: Nico Berlee <nico.berlee@on2it.net>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Via tools/pkgs, also pulling in Clang-built Linux
Update go.mod dependencies
Fix linter errors with new golangci-lint, modernize, use new()
Signed-off-by: Dmitrii Sharshakov <dmitry.sharshakov@siderolabs.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Not updating Go modules yet, as there's a dependency conflict via
fluxcd/pkg/ssa right now due to removed autoscaling API in k8s.io/api.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add advertisedNetworks filter to KubeSpan configuration that allows
filtering which additional networks (e.g., pod CIDRs) are advertised
over KubeSpan when advertiseKubernetesNetworks is enabled.
Signed-off-by: Daniil Kivenko <daniil.kivenko@p2p.org>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This implements a way to run a debug container with a provided image on
the node.
The container runs with privileged profile, allowing to issue debugging
commands (e.g. using some advanced network tools) to troubleshoot a
machine.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This command was always hidden, rename it to `debug-tool` to free up the
`talosctl debug` for #12932.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Update pkgs with Linux 6.18.6 and dm-integrity module added.
Drops some crc kmods, as they are now compiled in.
See https://github.com/siderolabs/pkgs/pull/1447
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Same as for any other resource - layering per source, and proper merge
across layers, so we can see where it comes from.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add support for negative max size values in volume configuration.
Negative max size represents the amount of space to be left free on the device, rather than the size the volume should consume.
For example, a max size of "-10GiB" means the volume can grow to the device size minus 10GiB.
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
