No major bumps, except for CoreDNS 1.12.1, mostly updating Go modules.
Update pkgs/tools to final v1.10.0 versions.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add a new page describing how to enable SELinux as well as development details on working with the policy.
Signed-off-by: Dmitrii Sharshakov <dmitry.sharshakov@siderolabs.com>
User volumes are identified by a short name which serves both
as a `/var/mnt` mount point and a partition label.
User volumes can be added and removed on the fly, and they are
automatically propagated into the `kubelet` mount namespace.
Also deprecate `.machine.disks`.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fix UKI boot detection
Also fix bug introduced by #10640 which imported the unix package making
talosctl non-unix builds broken.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Brings in Linux 6.12.21, go 1.24.2.
Also updates Go dependencies, golangci-lint, etc.
The configuration was migrated, fix new linting errors.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
They were broken for some time, and depend on Image Gallery we dropped
as well.
Update docs and CI scripts.
Fixes#10035
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The program is called structprotogen not gotagsrewite. This example
was most likely not updated when the program got bootstrapped.
Signed-off-by: Tobias Kohlbau <tobias@kohlbau.de>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Otherwise the archive is corrupted due to QEMU still writing to the logs while they are being archived
ci: enable --with-json-logs by default for e2e-qemu
Also pull in golangci fixes
Signed-off-by: Dmitrii Sharshakov <dmitry.sharshakov@siderolabs.com>
- Remove all reliance on finalizers.
- Add `Close` method to CoreDNS `Proxy` struct.
- Wait for `Runner.Serve` to complete.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Update to the latest 1.33.0 updated to get main on 1.33 for upcoming
Talos 1.10.
Update go-kubernetes to the version supporting 1.33.x.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Generate `installer` from `imager` so installer always have UKI's.
Push `installer-base` which just contains base tools to install.
Fixes: #10188Fixes: #10323
Signed-off-by: Noel Georgi <git@frezbo.dev>
Also pull in usrmerged tools, so remove older hacks. Add a fixed enumer fork with Go 1.24 compatibility.
Signed-off-by: Dmitrii Sharshakov <dmitry.sharshakov@siderolabs.com>
This fixes#10347
The core issue was that Talos nftables chain had priority 0 (`filter`),
while kube-proxy does DNAT for node ports at priority -110 (before Talos
can see source traffic), so Talos rule doesn't match.
Move Talos priority to -140, so it runs before kube-proxy.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Support showing current feature state, and changing features on the fly.
The output and interface should be similar to `ethtool`.
We don't support legacy feature names.
```
node: 172.20.0.5
metadata:
namespace: network
type: EthernetStatuses.net.talos.dev
id: enp0s2
version: 2
owner: network.EthernetStatusController
phase: running
created: 2025-02-10T11:40:32Z
updated: 2025-02-10T11:40:32Z
spec:
linkState: true
port: Other
duplex: Unknown
rings:
rx-max: 256
tx-max: 256
rx: 256
tx: 256
tx-push: false
rx-push: false
features:
tx-scatter-gather: on
tx-checksum-ipv4: off [fixed]
tx-checksum-ip-generic: on
tx-checksum-ipv6: off [fixed]
highdma: on [fixed]
tx-scatter-gather-fraglist: off [fixed]
tx-vlan-hw-insert: off [fixed]
rx-vlan-hw-parse: off [fixed]
rx-vlan-filter: on [fixed]
vlan-challenged: off [fixed]
tx-generic-segmentation: on
rx-gro: on
rx-lro: off [fixed]
tx-tcp-segmentation: on
tx-gso-robust: on [fixed]
tx-tcp-ecn-segmentation: on
tx-tcp-mangleid-segmentation: off
tx-tcp6-segmentation: on
tx-fcoe-segmentation: off [fixed]
tx-gre-segmentation: off [fixed]
tx-gre-csum-segmentation: off [fixed]
tx-ipxip4-segmentation: off [fixed]
tx-ipxip6-segmentation: off [fixed]
tx-udp_tnl-segmentation: off [fixed]
tx-udp_tnl-csum-segmentation: off [fixed]
tx-gso-partial: off [fixed]
tx-tunnel-remcsum-segmentation: off [fixed]
tx-sctp-segmentation: off [fixed]
tx-esp-segmentation: off [fixed]
tx-udp-segmentation: off
tx-gso-list: off [fixed]
tx-checksum-fcoe-crc: off [fixed]
tx-checksum-sctp: off [fixed]
rx-ntuple-filter: off [fixed]
rx-hashing: off [fixed]
rx-checksum: on [fixed]
tx-nocache-copy: off
loopback: off [fixed]
rx-fcs: off [fixed]
rx-all: off [fixed]
tx-vlan-stag-hw-insert: off [fixed]
rx-vlan-stag-hw-parse: off [fixed]
rx-vlan-stag-filter: off [fixed]
l2-fwd-offload: off [fixed]
hw-tc-offload: off [fixed]
esp-hw-offload: off [fixed]
esp-tx-csum-hw-offload: off [fixed]
rx-udp_tunnel-port-offload: off [fixed]
tls-hw-tx-offload: off [fixed]
tls-hw-rx-offload: off [fixed]
rx-gro-hw: on
tls-hw-record: off [fixed]
rx-gro-list: off
macsec-hw-offload: off [fixed]
rx-udp-gro-forwarding: off
hsr-tag-ins-offload: off [fixed]
hsr-tag-rm-offload: off [fixed]
hsr-fwd-offload: off [fixed]
hsr-dup-offload: off [fixed]
```
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Update tools, pkgs and extras to use fully bootstrapped [Stageˣ]-derived toolchain for building Talos and its dependencies.
This brings in changes related to root being usrmerged now, so some paths have changed. Extras have been cleaned up: use only the needed package.
Addresses: #10187
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
