Fixes#9214
This finishes the work which started in
https://github.com/siderolabs/pkgs/pull/906, but it never got finished.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit f57d1f07e9a690237eeaaadc6314d6da225ed625)
See https://github.com/flannel-io/flannel/releases/tag/v0.25.3
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 9fcc9b84152cb186324c13e317575f6da8b7bfa6)
Signed-off-by: Noel Georgi <git@frezbo.dev>
This PR moves the GCP tests to a new project there. I'm working on consolidating projects, names, and doing some reservations out there.
Signed-off-by: Spencer Smith <spencer.smith@talos-systems.com>
(cherry picked from commit 6663068bbd1750fd57ddf9ca63b0f305d895b33b)
Updates to match 1.7.0-beta.1 release.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 54dac5ed40698b8886096c620ac19ed55a4b99a1)
In Talos, kubelet (and kube-proxy) images use `iptables-wrapper` script
to detect which version of `iptables` (legacy or NFT) to use.
The script assumes that `kubelet` runs on the host, and uses whatever
version of `iptables` which is being used by the host. In Talos,
`kubelet` runs in a container which has same `iptables-wrapper` script,
and it defaults to `legacy` mode in our case.
We can't check the `kubelet` image, as it would affect all Talos
version, so instead pre-create the chains/tables in `nftables` so that
kubelet will pick up `nft` version of `iptables`, and `kube-proxy` will
do the same.
Without this fix, the problem arises from the mix of `nft` used by Talos
for the firewall and Kubernetes world relying on `legacy` (`xtables`).
Fixes https://github.com/siderolabs/kubelet/issues/77
See e139a11535/iptables-wrapper-installer.sh (L102-L130)
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit ff2c427b04963d69ba2eaa1084a0a078d742b9ac)
Also add a note about how-to enable dns caching for k8s pods.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
(cherry picked from commit 5622f0e450eda589f4b9a2af28b8517d08c2aae2)
Dynamically map Kubernetes and Talos API ports to an available port on
the host, so every cluster gets its own unique set of parts.
As part of the changes, refactor the provision library and interfaces,
dropping old weird interfaces replacing with (hopefully) much more
descriprive names.
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Update Go to 1.22.2, update Go modules to resolve
[HTTP/2 issue](https://www.kb.cert.org/vuls/id/421644).
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add support for the Akamai(Linode) platform
Signed-off-by: Evan Johnson <ejohnson@akamai.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This PR ensures that we can test our siderolink communication using embedded siderolink-agent.
If `--with-siderolink` provided during `talos cluster create` talosctl will embed proper kernel string and setup `siderolink-agent` as a separate process. It should be used with combination of `--skip-injecting-config` and `--with-apply-config` (the latter will use newly generated IPv6 siderolink addresses which talosctl passes to the agent as a "pre-bind").
Fixes#8392
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
This allows to roll all nodes to use a new CA, to refresh it, or e.g.
when the `talosconfig` was exposed accidentally.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Implement `Install` for imager overlays.
Also add support for generating installers.
Depends on: #8377Fixes: #8350Fixes: #8351Fixes: #8350
Signed-off-by: Noel Georgi <git@frezbo.dev>
Drop the Kubernetes manifests as static files clean up (this is only
needed for upgrades from 1.2.x).
Fix Talos handling of cgroup hierarchy: if started in container in a
non-root cgroup hiearachy, use that to handle proper cgroup paths.
Add a test for a simple TinK mode (Talos-in-Kubernetes).
Update the docs.
Fixes#8274
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
