The final Kubernetes version for Talos v1.13.0.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit ecf2fa855b8eb19731b228990a3acbe1430ccad4)
Also fix one more place when version.Name wasn't used properly.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 4ba11156fd164a0d94538508f5c028f249deed50)
Getting ready for 1.36.0 final release.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit b7512d9125b623d2bb92e3a8b5839e85e1309a39)
Allow to set build NAME on build, propagate it down to more consumers.
Expose name in `Version` resource, and use that in the dashboard
next to Talos version.
Fix some places where `Name` was hardcoded.
Propagate Name down to UKI build.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 968ec1e0ca26eb1f0de0836e0a55df09dea7dafe)
Also clean up some imports in go.mod, reduce replaced modules.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 9c34591144f1e2fc759fdc6d56694541eb9f241a)
Whitelist services which can access the file socket, refuse other
connections.
Fixes#12701
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 038cb87354eea1c1ff4612bdd13d1e77e595955a)
Update to the latest available release.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit b1a02f3681c7e361ee6a3ef3d230b47480b48408)
Also sync tools, now the kernel is built with LLVM 22.1.
See https://github.com/siderolabs/pkgs/issues/1479 for the context.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add support for whole machine-wide image verification configuration.
Configuration is a set of rules applied top-down to the image reference,
each specifying a specific cosign-based identity or static public key
claim.
Talos provides a machined API to verify an image reference, resolving it
to the digest on the way as needed.
Talos itself hooks up in the image verification process, while
containerd CRI plugin accesses same API via the machined socket.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Via tools/pkgs, also pulling in Clang-built Linux
Update go.mod dependencies
Fix linter errors with new golangci-lint, modernize, use new()
Signed-off-by: Dmitrii Sharshakov <dmitry.sharshakov@siderolabs.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Not updating Go modules yet, as there's a dependency conflict via
fluxcd/pkg/ssa right now due to removed autoscaling API in k8s.io/api.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Instead of defaulting to one2many, list explicitly one2many supported
APIs.
The idea is that any new API will only be "normal" gRPC API, so we can
flip the switch, and consider one2many APIs as "legacy".
Extracted from #12392
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Update pkgs with Linux 6.18.6 and dm-integrity module added.
Drops some crc kmods, as they are now compiled in.
See https://github.com/siderolabs/pkgs/pull/1447
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Also changes the bootloader interface.
Disks are formatted/created with pre-populated source directories in Install/Image mode.
Signed-off-by: Noel Georgi <git@frezbo.dev>
