Containers created with `talosctl cluster create` are ran with readonly
filesystem. This more accurately mimics standard Talos.
Signed-off-by: Andrew Rynhard <andrew@rynhard.io>
The following commands:
* `talosctl get`
* `talosctl edit mc`, `talosctl patch mc`
Now these commands don't fully unmarshal resources from protobuf
representation, but rather use YAML representation.
This allows `talosctl` version to be out of sync with Talos version.
Still other commands do full unmarshaling (e.g. `talosctl upgrade-k8s`),
so `talosctl` should match Talos to avoid issues.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Introduce new DHCP operator option to skip hostname request/response,
and use that in OpenStack platform.
OpenStack configures interface with DHCP, while providing dummy hostname
over DHCP and proper hostname over metadata. As operators override
platform settings, DHCP hostname takes over OpenStack hostname. As a
fix, ignore DHCP hostname while on OpenStack.
Fixes#6350
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Example, set interface IP address by MAC:
```cmdline: ip=172.20.0.2::172.20.0.1:255.255.255.0::enx001122aabbcc```
Interface MAC is `00:11:22:aa:bb:cc`.
Source: https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This implements a simple way to upgrade Talos node running in
maintenance mode (only if Talos is installed, i.e. if `STATE` and
`EPHEMERAL` partitions are wiped).
Upgrade is only available over SideroLink for security reasons.
Upgrade in maintenance mode doesn't support any options, and it works
without machine configuration, so proxy environment variables are not
available, registry mirrors can't be used, and extensions are not
installed.
Fixes#6224
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Add resource `AuditPolicyConfigs.kubernetes.talos.dev`.
It can be changed through machine config `cluster.apiServer.auditPolicy`
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
We add a filter to the `talosctl get` command that allows users to
specify a jsonpath filter. Now they can reduce the information that is
printed to only the parts they are interested in.
Fixes#6109
Signed-off-by: Philipp Sauter <philipp.sauter@siderolabs.com>
This commit adds support for building Talos for the
Compute Module 4 and other generic Raspberry Pi
hardware.
Fixes: #6273
Signed-off-by: Kris Reeves <kris@pressbuttonllc.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
See #6333
Using permanent address fixes issues with mis-matching the links after
they got bonded.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Permanent address is only available for physical links, and it might be
different from the 'hardware address': when bonding, 'hardware address'
gets overridden from the bond master, while 'permanent address' still
shows MAC of the interface.
This part of the fix for incorrect bonding issue on Equinix Metal.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#6302
This allows Talos to proceed if some manifest is invalid (or malformed),
while aborts the loop on connection errors (when `kube-apiserver` is not
ready).
This fixes a problem when a single resource might stop all manifests
from being applied and preventing a cluster bootstrap.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This adds metadata annotations and fixes some hanging watch loops.
There should be no functional changes for Talos.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
- Provide editable component diagram
(diagrams.net).
- Document for both 1.2 and 1.3.
Signed-off-by: Sander Maijers <3374183+sanmai-NL@users.noreply.github.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
