Changes `gen config` to output `controlplane` and `join` machine config
types only. Users can manually set the `type` to `init` if they need to.
Signed-off-by: Andrew Rynhard <andrew@rynhard.io>
The structure of the controllers is really similar to addresses and
routes:
* `LinkSpec` resource describes desired link state
* `LinkConfig` controller generates `LinkSpecs` based on machine
configuration and kernel cmdline
* `LinkMerge` controller merges multiple configuration sources into a
single `LinkSpec` paying attention to the config layer priority
* `LinkSpec` controller applies the specs to the kernel state
Controller `LinkStatus` (which was implemented before) watches the
kernel state and publishes current link status.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Fixes: https://github.com/talos-systems/talos/issues/3556
Introduce `coredns.disabled` flag to the machine config that allows
turning off coredns deployment during cluster bootstrap.
Signed-off-by: Artem Chernyshev <artem.0xD2@gmail.com>
Remove `parsebool.sh` script as it's causing issues when the
release-tool is running `Makefile` commands to extract variable values.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
AWS now has opt-in regions which are not enabled by default, so we need
to ignore such regions to avoid failures.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
REGISTRY_MIRROR_FLAGS can be already defined in the environment with .env or .envrc file.
Use it for easier and faster local e2e tests.
Signed-off-by: Alexey Palazhchenko <alexey.palazhchenko@gmail.com>
Command implements two modes:
* `fast`: conformance suite is run at maximum speed
* `certified`: conformance suite is run in serial mode, results
are capture to produce artifacts ready for CNCF submission process
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Inline manifests work exactly same way as extra manifests, but the
manifest itself can be stored in the config body.
Example config patch:
```
--config-patch '[{"op": "replace", "path": "/cluster/inlineManifests", "value": [{"name": "foo", "contents": "apiVersion: v1\nkind: Namespace\nmetadata:\n name: ci\n"}]}]'
```
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
When Talos `controlplane` node is waiting for a bootstrap, `etcd`
contents can be recovered from a snapshot created with
`talosctl etcd snapshot` on a healthy cluster.
Bootstrap process goes same way as before, but the etcd data directory
is recovered from the snapshot.
This flow enables disaster recovery for the control plane: given that
periodic backups are available, destroy control plane nodes, re-create
them with the same config, and bootstrap one node with the saved
snapshot to recover etcd state at the time of the snapshot.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR pulls in an updated cluster api aws version, ensuring the CRDs
are closer to what's expected when we patch the CAPA image later in the
setup. We will eventually move to 0.6.5 as soon as it's cut.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This does proper caching for Go modules so that when go.mod/go.sum are
changed, only updated modules are downloaded vs. all of them.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Fixes: https://github.com/talos-systems/talos/issues/3323
Not exactly matching with udevd generated `by-<id>` symlinks, but should
provide sufficient amount of property selectors to be able to pick
specific disks for any kind of disk: sd card, hdd, ssd, nvme.
Signed-off-by: Artem Chernyshev <artem.0xD2@gmail.com>
This removes container images for the aforementioned services, they are
now built into `machined` executable which launches one or another
service based on `argv[0]`.
Containers are started with rootfs directory which contains only a
single executable file for the service.
This creates rootfs on squashfs for each container in
`/opt/<container>`.
Service `networkd` is not touched as it's handled in #3350.
This removes all the image imports, snapshots and other things which
were associated with the existing way to run containers.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This replaces `git-chglog` with the `talos-systems/release-tool`.
We need to make sure we update `hack/release.toml` as we do PRs to make
sure we highlight any important feature or update as we go.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR makes sure we set a cloud provider version, which will make our
AWS tests pass again.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
CNI was removed from build-container which works fine for
`talosctl cluster create` clusters as it installs its own CNI, but fails
for upgrade tests as they were never updated for the CNI bundle.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This adds a VIP (virtual IP) option to the network configuration of an
interface, which will allow a set of nodes to share a floating IP
address among them. For now, this is restricted to control plane use
and only a single shared IP is supported.
Fixes#3111
Signed-off-by: Seán C McCord <ulexus@gmail.com>
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This adds new `IMAGE_REGISTRY` variable (similar to `IMAGE_TAG`) which
affects only the registry image gets pushed to, but it's not built into
the binaries and images as a default registry.
This fixes a problem when release builds reference our CI local
registry.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
State partition encryption support adds a new section to the machine config.
And a new step to the sequencer flow which saves encryption
configuration object as json serialized value in the META partition.
Everything else is the same as is for the ephemeral partition.
Additionally enabled state partition encryption in the disk encryption
integration tests.
Signed-off-by: Artem Chernyshev <artem.0xD2@gmail.com>
