Disable upload, as credentials are broken.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit ab6cb3dfa34a6a030a899cc0180b862c40c6fcb5)
See https://github.com/kubernetes/kubernetes/releases/tag/v1.32.2
The Go modules haven't been tagged yet, but it should not be important.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 1b4464c8a65600b923d9790656f25e245db2e0aa)
This fixes#10347
The core issue was that Talos nftables chain had priority 0 (`filter`),
while kube-proxy does DNAT for node ports at priority -110 (before Talos
can see source traffic), so Talos rule doesn't match.
Move Talos priority to -140, so it runs before kube-proxy.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 9463ac23e77067f6dce2c22a33e3937357745303)
Update to the latest 6.12.x.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit faa1490033df0a843010fa7154096d84f415afce)
Also update runc to 1.2.4.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 1be5f8ff25ac7042ee3334f657d6604ec5f8501d)
This way it's easy to re-enable NRI plugins with a simple change.
See https://github.com/siderolabs/talos/discussions/10068
I tested that it works e2e with NRI plugins repository.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 6d605fc8595e2f06e43529966e396f2ae403c76c)
This still allows running install on 1 GiB hardware.
Fixes#10024
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 82ea44a6b2aa0a35861ca454a09503a81332f824)
Create a dummy SELinux file_contexts file to mitigate the warning. We do not rely on libselinux for labeling, so empty file suffices.
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
(cherry picked from commit bd85bd5b731463a42b7c82c66e9add251a280d26)
To be backported to Talos 1.9.1.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 73c82e3e5625ec1899f93312a671dfe6dffaea61)
Final Kubernetes release for Talos 1.9.0.
Also update COSI to pull in a fix for watch restarts:
https://github.com/cosi-project/runtime/pull/512
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit d45e8d1d1da28ca1b311198588d723cb491527eb)
This fixes an issue like that:
* the system disk is say 10GiB
* STATE is fixed 100 MiB always
* EPHEMERAL is configured to be min 6 GiB, max 100 GiB
As the EPHEMERAL/STATE provisioning order was not defined, EPHEMERAL
might be created first, occupying whole disk and leaving no space left
for STATE.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 61b1489a0f0868c5b7e124544520bc46badef85c)
Also contains various small fixes to the documentation.
Fixes#9853Fixes#9901
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 10da553ef0dde5f87f09321400239baa51929a36)
Update to the latest 6.12.x, fixes kexec reboot in QEMU.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit d946ccae31b87559a06cb1cefcefe8f937b73d8b)
Couple of syntax and grammar corrections.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
(cherry picked from commit cb4d9d673432e4a0fba0d87bc64fde620d991082)
Provide separate `integration/image-cache` tag.
Closes#9860
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
(cherry picked from commit c4724fc97598d8764b00fb56971d997a349a92e5)
Fixes#9615
The are no integration tests, this is to be addressed later.
I did manual tests so far.
Also includes first draft of the documentation.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
New config field `machine.network.searchDomains` supports specifying custom search domains.
For the node it will look something like this:
```
nameserver 127.0.0.53
search my-custom-search-name.com my-custom-search-name2.com
```
For the pods it will look something like this:
```
search default.svc.cluster.local svc.cluster.local cluster.local my-custom-search-name.com my-custom-search-name2.com
nameserver 10.96.0.10
options ndots:5
```
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
For 1.9, we keep it disabled until it gets more production ready in
1.10.
It still can be enabled with `selinux=1`.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#9731
The wipe doesn't require a reboot, but it requires the blockdevice not
to be used as a volume.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
