The builtin recover func is scoped to the current go routine, and since
our boot sequence is kicked off in its' own go routine, we were failing
to recover from panics.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
The goal with the docker based cluster is to provide developers with an
easy way to run Kubernetes on their local machines. Most of the time,
they won't need more than 1 master. This defaults cluster creation to 1
master.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
Because `platform.Name()` returns the capitalized name but the baremetal
platform kernel commandline option expects the lowercase 'metal', we
ignore the case of the platform when doing the platform match checking
in `ostctl install`.
Fixes#1249
Signed-off-by: Seán C McCord <ulexus@gmail.com>
This adds more methods to the Cluster interface that allows for more
granular control of the cluster network settings.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This moves from translating a config into an internal config
representation, to using an interface. The idea is that an interface
gives us stronger compile time checks, and will prevent us from having to copy
from on struct to another. As long as a concrete type implements the
Configurator interface, it can be used to provide instructions to Talos.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This introduces the functionality for discovering external addresses configured on an intance.
This allows us to automatically append these external addresses to our certificate SANs so we can
access the machines from these addresses without having to know about them ahead of time.
Signed-off-by: Brad Beam <brad.beam@talos-systems.com>
This change allows for discovery of the control plane IPs. The
motivation behind this is to remove the static IP requirement. The
endpoints are discovered by machined, and passed into OSD as arguments
in order to avoid the need to mount /var/lib/kubelet/pki.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This detangles the gRPC client code from the userdata code. The
motivation behind this is to make creating clients more simple and not
dependent on our configuration format.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This changes the controlplane logic to write the audit policy to disk
from a common template instead of using trustd to distribute it.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This change allows us to generate the EncryptionConfig on each
controlplane node. The benefit is that we no longer need to distibute
the EncryptionConfig via trustd.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
The changes we needed in the clone plugin have been merged. We should
use the official plugin to minimize what we have to maintain.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This change ensures that the installer has access to the machine config
so that it can set the extra kernel arguments when installing.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This adds a label to the installer image that indicates the version. We
can build automation around this in a number of different ways, but one
of the use cases we have immediately is to use this label to determine
which version of Talos is at a given channel. For example, if we were to
implement an "edge" channel, we could periodically check for an image
with the tag "edge" and use the version label to determine if a node is
running the current version of edge. Even if we don't use the labels for our
channel implementation, its' still useful information to have.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This makes working with the API much cleaner as a client. Using gob
doesn't give the client a well-known type to work with in the API
definition.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
In general it is better if we default to single requests, and then gate
streams behind a flag. This makes the processes subcommand work in this
way and puts the streamed data behind a `--watch` flag.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
In order for other projects to make use of our APIs, they must not
reside underneath the internal directory. This moves the protobuf
definitions to a top-level "api" directory and scopes them according to
their domain. This change also removes generated code from the gitignore
file so that users don't have to generate the code themseleves.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
Writing system logs to /var/log breaks upgrades. The system disk unmount
fails with EBUSY. For now we can log to /run/system/log to avoid this.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This is not the best solution to this, but it stops the bleeding. We can
conditionally build the log base path based on the service logs
requested.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
The default of 24 hours is much too short for the admin credentials.
This makes them expire in a year.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
