If we don't pre-build, it's getting built each time the `e2e-*` step
runs, and we have some running in parallel.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Set the additional description fields for vscode/monaco/jetbrains editors.
Strip the markdown formatting from the plain description.
Additionally, fix the description of the field `aescbcEncryptionSecret`.
Related to siderolabs/talos#6705.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
This excludes it out of the `NodeAddress`.
Needs extra testing to confirm that it actually still works as anchor
IP.
Fixes#6760
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
As the client returns wrapped errors, unwrap them using our own method
which does `errors.As` instead of gRPC one which doesn't do unwrapping.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
The supposed format with multiple adverised URLs is:
`name=u1,name=u2`
Previously Talos generated:
`name=u1,u2`
(which is wrong)
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Extend `docgen` tool to generate a JSON schema for `v1alpha1.Config` if a new optional cli arg is provided.
Extend the YAML-structured code comments on config fields to allow overriding the generated schema.
Add custom schemas for complex types.
Related to siderolabs/talos#6705.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Signed-off-by: Steve Francis <steve.francis@talos-systems.com>
Replaced multiple curl examples to get the correct talosctl with a curl that executes the install script.
For some reason `go-mod-outdated` didn't work for me, so I had to do
this manually.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
This improves the performance of the I/O operations if the underlying
filesystem supports it.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Run `depmod` during install/upgrades when extensions provide kernel
modules and `modules.dep` needs to be re-generated. This also allows
modules of same name from kernel to co-exist. Modules in `extras`
folder takes precedence over `in-built` ones.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Fixes#6707
There was a race condition between different parts of the service code:
`Stop` waits for the event which is published before the service is
removed from the `running[id]` map, so if one does `Stop` followed by
`Start` (this is what `services restart` API does), by the time it goes
to `Start` it might be still in the `running[id]` map, so `Start` does
nothing.
Overall this code should be rewritten and simplified, but for now move
out sending these "terminal" events out so that by the time the event is
published, the service is stopped and removed from the `running[id]`
map.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This is (still) being used in Talos to handle upgrade rollbacks.
There were multiple problems with this code, and one of them leads to
panic if the tag is written multiple times without deletion:
```
github.com/siderolabs/talos/internal/app/machined/pkg/runtime/v1alpha1/bootloader/adv/syslinux.ADV.SetTagBytes({0xc00175bc00?, 0x1f11dbe?, 0xed4f4d?}, 0x0?, {0xc000afb7f0?, 0x400?, 0x0?})
/src/internal/app/machined/pkg/runtime/v1alpha1/bootloader/adv/syslinux/syslinux.go:125 +0x270
github.com/siderolabs/talos/internal/app/machined/pkg/runtime/v1alpha1/bootloader/adv/syslinux.ADV.SetTag(...)
/src/internal/app/machined/pkg/runtime/v1alpha1/bootloader/adv/syslinux/syslinux.go:95
github.com/siderolabs/talos/cmd/installer/pkg/install.(*Installer).Install(0xc0004374a0, 0x5)
/src/cmd/installer/pkg/install/install.go
```
The `uint8()` conversion was causing overflow and wrong index when ADV
real length is over 255.
Fix multiple writes of the same tag by deleting previous value first.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Change TCP maximum segment size if it goes through the KubeSpan to match
KubeSpan MTU.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
As with #6724, controlplane node kubelet doesn't use control plane
endpoint anymore, run the test on the worker node instead of cp node.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
`structprotogen` now supports generating enums directly instead of using predeclared file and hardcoded types. To use this functionality, simply put `structprotogen:gen_enum` in the comment above const block, you want to have the proto definitions for.
Closes#6215
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
While following this guide I found that one reference to rpi_4 wasn't
updated to rpi_generic yet, this commit fixes that.
Signed-off-by: Cees-Jan Kiewiet <ceesjank@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This switches the last usage of Kubernetes controlplane endpoint to use
`localhost` (itself) for controlplane nodes.
Worker nodes still use cluster-wide controlplane endpoint.
This allows controlplane nodes to boot fully even if the controlplane
endpoint (e.g. loadbalancer) doesn't function.
The process of joining etcd still requires either a discovery service or
a proper functioning controlplane endpoint.
With this fix, Talos controlplane nodes can boot successfully without a
loadbalancer being up, while worker nodes obviously won't join.
This improves Talos behavior in single-node clusters when controlplane
endpoint is not available, the node will still boot just fine and
function properly.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This simply uses existing `talos.experimental.wipe` kernel flag to wipe
the currently installed Talos.
This allows to use Talos ISO to reset the system disk and revert back to
maintenance mode.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
When the sequence fails hard, Talos does automatic reboot, so reflect
this in the machine status properly.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This allows to safely recover out of space quota issues, and perform
degragmentation as needed.
`talosctl etcd status` command provides lots of information about the
cluster health.
See docs for more details.
Fixes#4889
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
These endpoints are used for workers to find the addresses of the
controlplane nodes to connect to `trustd` to issue certificates of
`apid`.
These endpoints today come from two sources:
* discovery service data
* Kubernetes API server endpoints
This PR adds to the list static entry based on the Kubernetes control
plane endpoint in the machine config.
E.g. if the loadbalancer is used for the controlplane endpoint, and that
loadbalancer also proxies requests for port 50001 (trustd), this static
endpoint will provide workers with connectivity to trustd even if the
discovery service is disabled, and Kubernetes API is not up.
If this endpoint doesn't provide any trustd API, Talos will still try
other endpoints.
Talos does server certificate validation when calling trustd,
so including malicious endpoints doesn't cause any harm, as malicious
endpoint can't provider proper server certificate.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Adds a new sub-command to talosctl config. It takes in the context to be
deleted as argument and supports glob matching.
A local flag --noconfirm|-y can be passed to bypass the confirmation
prompt.
It also supports dry run by passing the --dry-run flag similar to
apply-config and edit commands.
Example:
$ talosctl config remove 'ctx-*'
Remove context ctx-a? (y/N): y
Remove context ctx-b? (y/N): y
Signed-off-by: Murtaza Udaipurwala <murtaza@murtazau.xyz>
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
I missed that before cutting 1.4.0-alpha.0 release, which means
unfortunately that Talos 1.4.0-alpha.0 can't upgrade Talos
1.4.0-alpha.0.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Introduce ipv6 to the google cloud.
It also can work with dhcpv6 is on.
But the route receives through RA packages which not working.
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Bumps tools/pkgs/extras to the latest.
Bumps Go modules.
Enables adaptive capacity for COSI state.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This seems to happen specifically for CRDs, regular Kubernetes resources
have some extra magic.
Fixes#6663
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This got broken with a sequence of changes related to not unmarshalling
resources when using `get`.
Rewrite the completion to be more straightforward and use easier
methods.
Make shell completion work even when `nodes` are not set.
Fixes#6646
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Add SCHULZ Systemtechnik GmbH to adopters list.
Signed-off-by: Samuel Kees <83597284+samuelkees@users.noreply.github.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
Making organization a interface for preparing to avoid giving
system:masters access to the talosctl kubeconfig generated certificate.
Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Talos has no wireless support & wireless kernel drivers,
so disabling it the recommended way might actually might save power consumption.
It could save ~45 mA:
https://forums.raspberrypi.com/viewtopic.php?t=257144#p1568474
Or 'The WiFi half of the wireless chip will be powered but be held in reset':
https://forums.raspberrypi.com/viewtopic.php?t=343854#p2060246
Either way, it does not hurt and it should be treated the same as bluetooth.
Signed-off-by: Nico Berlee <nico.berlee@on2it.net>
Signed-off-by: Noel Georgi <git@frezbo.dev>
This install script detects the platform and architecture, and downloads the correct talosctl, and checks the gpg checksums.
It also installs and chmods the binary.
Signed-off-by: Andrew Rynhard <andrew@rynhard.io>
