This PR fixes a mistake in the bridge support docs and the reference to its docs in changelog.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Creating a new GRPC client for containerd and CRI every time we do a health check creates a lot of garbage. With this PR, we create them once and reuse them instead.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Talos v1.0 and later versions are unable to boot in a Proxmox
VM with "kvm64" set as its Processor Type. We add an
instruction in the Proxmox Guide for setting Processor Type
to "host". Talos v1.0 requires the x86-64-v2
microarchitecture, which is very common today.
Signed-off-by: Philipp Sauter <philipp.sauter@siderolabs.com>
There are no changes between 0.3.2 and 0.3.3, but 0.3.2 tag was force
pushed causing stale checksum in Go checksum database.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
When we query kubelet API to populate the StaticPodStatuses, instead of checking for ownerReferences to be empty, we check the annotation "kubernetes.io/config.source" value so we avoid including standalone pods (that are regular pods but not part of a replicaset).
We also optimize their fetching by avoiding to unmarshal the fields we do not need.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
sudo -E doesn't keep $HOME on all platforms. Change to
--preserve-home=HOME to tell sudo to especially kee $HOME to prevent
config being generated in /root/.talos
Signed-off-by: hobyte <simolu8@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
The URL to fetch the configuration for a talos node is given by the
talos.config kernel parameter. We add support for 4 variables ${uuid},
${serial}, ${mac} and ${hostname} which substitute the device UUID,
DMI-sourced serial number, MAC address of the first network interface to
be up and the hostname respectively.
Fixes#3272
Signed-off-by: Philipp Sauter <philipp.sauter@siderolabs.com>
Previously crypto library handled only RSA-SHA512, as generated by
Talos, but this is a problem when migrating `kubeadm` cluster to Talos.
See https://github.com/siderolabs/crypto/pull/25
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
`DNSServiceIP` was assumed to be IPv4 when only one CIDR is specified
which was leading to a malformed CoreDNS manifest.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
The default qemu binary was only set as qemu-system-<arch>.
Signed-off-by: Davincible <david.brouwer.99@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This change replaces the gzipped tar with a gzipped image, which
DigitalOcean natively supports uploading, and means that it can be
linked directly to the image when using, for example, Terraform.
Signed-off-by: Ryan Heywood <me@ryansquared.pub>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
If no port is supplied for the SideroLink API endpoint and the https
schema is used, then assume port 443 is wanted.
Signed-off-by: Tim Jones <tim.jones@siderolabs.com>
As we submit results to Certified Kubernetes, we provide metadata which
should be updated now, and also we lost the logo in our assets.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
When integration tests run without data from Talos provisioner (e.g.
against AWS/GCP), it should work only with `talosconfig` as an input.
This specific flow was missing filling out `infoWrapper` properly.
Clean up things a bit by reducing code duplication.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
We skip the client-side health endpoint test that relies on the discovery service if the discovery service is not enabled for the cluster. Related to siderolabs#5554.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Query the discovery service to fetch the node list and use the results in health checks. Closes siderolabs#5554.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Previously Talos would not shutdown gracefully if hyper-v issued the
'perform_shutdown' call. Said call would execute '/sbin/poweroff' which
did not exist in Talos. We hardlink machined to '/sbin/poweroff' and
make it send a shutdown API call to PID 1 machined.
Fixes#5641
Signed-off-by: Philipp Sauter <philipp.sauter@siderolabs.com>
Add docs on using OpenEBS Jiva that works well with local storage and
`iscsi-tools` extension.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Signed-off-by: Spencer Smith <spencer.smith@talos-systems.com>
Introduce `cluster.NodeInfo` to represent the basic info about a node which can be used in the health checks. This information, where possible, will be populated by the discovery service in following PRs. Part of siderolabs#5554.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Previously talosctl would accept multiple nodes for the bootstrap
command which is a strictly single-node operation. Talosctl will abort
the bootstrap command if more than one node is specified either as a
command-line flag or in talosconfig.
Fixes#5636
Signed-off-by: Philipp Sauter <philipp.sauter@siderolabs.com>
With Pod Security, we need to allow privileged for rook-ceph.
This fix was lost when reverting day-two.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Add more contextual description of the discovery service
to the KubeSpan docs, and a link to the repo.
Signed-off-by: Tim Jones <tim.jones@siderolabs.com>
Keep using old defaults: if the scheme is not specified, assume
"insecure" gRPC.
If `https://` scheme is specified, use gRPC with default TLS config
(which assumes default trusted CAs, no client cert).
Also fixes a bug when gRPC endpoint was passed in raw form, this won't
work with actual scheme.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This allows to build a custom Talos image which comes with some system
extension bundled in. Sometimes we might need to have an extension in
the initial image, e.g. `vmtoolsd` for VMWare Talos image.
Syntax:
```
make image-aws \
IMAGER_SYSTEM_EXTENSIONS="ghcr.io/siderolabs/amd-ucode:..."
```
System extensions are not supported for now for ISO images, as they
don't go through the common installer flow (#5725).
Also it might be nice to add a simple way to generate just
`initramfs.xz` with system extensions bundled in (e.g. for PXE booting).
(#5726)
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
