Add NVIDIA arm64 test matrix.
Also ensure we have a known baseline for nvidia cdi files,
so if upstream adds more files and we don't install to right location
the test would fail.
Signed-off-by: Noel Georgi <git@frezbo.dev>
These new APIs only support one2one proxying, so they don't have any
hacks, and look as regular gRPC APIs.
Old APIs are deprecated, but still supported.
Implement client-side multiplexing in `talosctl`, provide fallback to
old APIs for legacy Talos versions.
New APIs include removing an image, importing an image.
Extracted from #12392
Co-authored-by: Laura Brehm <laurabrehm@hey.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add more NVIDIA tests covering all supported OSS and Proprietary LTS and Production driver versions.
Fixes: #11398
Signed-off-by: Noel Georgi <git@frezbo.dev>
The previous fix#10354 was not full/complete.
The problem lies in the fact that `kube-proxy` creates a rule like:
```
chain nat-prerouting {
type nat hook prerouting priority dstnat; policy accept;
jump services
}
```
This chain has a prerouting hook, which gets executed before Talos's
input hook, and rewrites (does DNAT) for NodePort services before Talos
has a chance to block the packet, but rewritten packet hits the input
chain with DNAT address, or might be forwarded to another host and never
hit the firewall again.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
