This PR will provide a basis for running e2e tests on GCE several times
a day. We'll need to add a cron event to the drone repo once merged.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
We need /etc/resolv.conf to be writable so that networkd can update it.
This change achieves this by creating a symlink at /etc/resolv.conf that
points to /var/resolv.conf.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This relies on two PRs to the buildkit:
* https://github.com/moby/buildkit/pull/1081
* https://github.com/moby/buildkit/pull/1085
Sysfs fix was merged to upstream, so updated tag, while using
`Dockerfile` slug I can switch to dockerfile2llb with support for
`--security=insecure`.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR will fix a bug where the non-init nodes were not generating
their certs locally and relying on trustd instead. This broke down
because we aren't saving the CA key when we're generating with the
trustd identity function (because we don't need it for workers).
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This PR is needed so that the eth0 device will have the proper mtu when
coming online in google cloud
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
We should only set the hostname to the actual host name instead of FQDN.
This hasnt been much of an issue, but GCE does return the FQDN for the
hostname field in dhcp.
Signed-off-by: Brad Beam <brad.beam@talos-systems.com>
This PR adds the ability to set mtu for the cluster create networks.
Default is 1440, which seems to be the default for calico.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
Without this, the check for the existence of the symlinks created in the
rootfs preparation step will always fail. On a reboot init will fail
because it tries to create a symlink that already exists.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
In order to accomodate the various ways that SSL certs are managed by
the different Linux distros, kubeadm creates control plane compoents
with volume mounts of the type DirectoryOrCreate to all well known SSL
cert locations. This change creates symlinks to /etc/ss/certs at all the
well known paths to account for the fact that the rootfs is read-only.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
Switch from `StringSliceVar` to `StringArrayVar` to maintain commas
in kernel args.
Update entrypoint script to allow specifying extra kernel args.
Remove default console settings in kernel config.
Signed-off-by: Brad Beam <brad.beam@talos-systems.com>
Now that we manage dependencies manually, we need to explicitly build
the kernel target so that vmlinuz and vmlinux are placed into the build
directory.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
Temporary workaround while we get more information on the
specifics for what is failing.
Ref: #795
Signed-off-by: Brad Beam <brad.beam@talos-systems.com>
Minor improvements to help when debugging.
Without this, if bringing up the default interface fails, the logs can
be misleading.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This uses the correct mount flag for read-only.
We mistakenly had the flag for opening a file as read-only.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
In addition to adding a flag, this adds a field to the user data that allows
for extra kernel arguments to be specified.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This is preparation for implementing CRI runner.
CRI client moved into its own package, I split it into multiple files
and added rudimentary tests for it.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This makes test launch their own isolated instance of containerd with
its own root/state directories and listening socket address. Each test
brings this instance up/down on its own.
Add options to override containerd address in the code (used only in the
tests).
Enable parallel go test runs once again.
P.S. I wish I could share that 'SetupSuite' phase across the tests, but
afaik there's no way in Go to share `_test.go` code across packages. If
we put it as normal package, this might pull in test dependencies (like
`testify`) into production code, which I don't like.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
When we receive all the necessary files from trustd, we cancel the context. This
was treated as an error case and a message was logged accordingly. However,
this case was not really an error versus a signal to stop trying to fetch a
given file.
Fixes#723
Add basic FileSet tests. Minor refactor to FileSet call to allow easier testing
Add context canceled test for download
Add config tests and trustd coverage
Signed-off-by: Brad Beam <brad.beam@talos-systems.com>
This change removes the test-container step, and consolidates it to only a
test step. This prevents the build of the test container being done
twice.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
Decided to combine two very small changes (which I'm now grumpy at myself for doing).
First, we'll update the toolchain image versions to allow for the use of a new containerd and runc. Also updated go.mod and go.sum to make use of newer containerd version. Closes#743 and #744.
Second, I added the bit of logic to osctl config generate to determine the working directory and let the user know that we created the various yaml files there. Closes#760.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This change fixes a bug that caused installations to fail.
On each iteration, the previously discovered block devices were dropped because the `probed` variable was reassigned.
We now append the discovered block devices to a slice declared outside the for loop.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This version of conform fixes a few message format errors that were confusing when a policy was violated.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This PR moves the reset API to the init API definition.
It leverages the same code we use for upgrades.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This PR also makes use of two new options:
- maximumOfOneCommit: enforces that a commit is only one commit ahead of master
- requireCommitBody: requires that a commit contains a body
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This refactors metrics interface to remove containerd-specific stuff and
make it common for CRI & containerd.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
