Generating YAML using text templates is going to stop working because of
proper escaping.
Also fix unrelated issue with `cloud.google.com/go` module which got
split into submodules, and now this conflicts with each other.
Fixes#7180
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
- replace `interface{}` with `any` using `gofmt -r 'interface{} -> any -w'`
- replace `a = []T{}` with `var a []T` where possible.
- replace `a = []T{}` with `a = make([]T, 0, len(b))` where possible.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
The `kubeconfig` can be fetched from one Talos node, while Kubernetes
API request might land on `kube-apiserver` on a different node which
might have time slightly out of sync.
The minimum time diff between the two might lead to `Unauthorized` error
on first use:
```
1 authentication.go:70] "Unable to authenticate the request" err="[x509: certificate has expired or is not yet valid: current time 2023-06-13T15:30:51Z is before 2023-06-13T15:30:52Z, verifying certificate SN=314179687645609956480346926163236202072, SKID=, AKID=E9:9E:A8:1E:0B:6C:8B:AB:1B:2B:7E:17:14:CF:A4:0A:82:6B:42:67 failed: x509: certificate has expired or is not yet valid: current time 2023-06-13T15:30:51Z is before 2023-06-13T15:30:52Z]"
```
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
See #7230
Refactor more config interfaces, move config accessor interfaces
to different package to break the dependency loop.
Make `.RawV1Alpha1()` method typed to avoid type assertions everywhere.
No functional changes.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Making organization a interface for preparing to avoid giving
system:masters access to the talosctl kubeconfig generated certificate.
Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
There's a cyclic dependency on siderolink library which imports talos
machinery back. We will fix that after we get talos pushed under a new
name.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#6156
Now access from Talos itself goes with `talos:admin` username in the
Kubernetes API server audit log, while access with admin kubeconfig goes
with `admin` username as before.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
