This builds a bundle with CNI plugins for talosctl which is
automatically downloaded by `talosctl` if CNI plugins are missing.
CNI directories are moved by default to the `~/.talos/cni` path.
Also add a bunch of pre-flight checks to the QEMU provisioner to make it
easier to bootstrap the Talos QEMU cluster.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
User-disks are supported by QEMU and Firecracker providers.
Can be defined by using the following parameters:
```
--user-disk /mount/path:1GB
```
Can get more than 1 user disk.
Same set of user disks will be created for all master and worker nodes.
Additionally enable user-disks in qemu e2e test.
Signed-off-by: Artem Chernyshev <artem.0xD2@gmail.com>
Comments encoding works, defaults encoding works.
Docgen was revamped: now it generates go files.
While markdown files are all handled by
`pkg/machinery/config/encoder/markdown.go`.
Changed scheme for docs. Now it no longer relies on a single `doc.go` in
the root of a package. Instead it can generate separate `*_doc.go` files
for each file in the package. `docgen` now expects to get 3 params
instead of 2. 3rd parameter is used to define a unique method name for
getting the list of structs in the file.
Backward compatibility is supported if we define package name as the 3rd
parameter.
1st parameter no longer scans whole current directory, instead it points
to the particular file that should be processed by docgen.
`talosctl docs` command now supports two flags: `--config` and `--cli`.
They allow generating only docs for v1alpha1 configs or for talosctl. If
no flags are defined, all docs are generated.
Additionally made field types clickable in the output markdown file.
Signed-off-by: Artem Chernyshev <artem.0xD2@gmail.com>
This PR pulls in the latest version of our CAPI providers, as well as
makes some minor tweaks to our bash scripts to disable terminal output
of commands during certain actions.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This uses `talosctl images`. This way it's easy to find installer image
or talos image for any release.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
By default, build outside of Drone works the same and builds only amd64
version, loads images back into dockerd, etc.
If multiple platforms are used, multi-arch images are built which can't
be exported to docker or to `.tar` image, they're always pushed to the
registry (even for PR builds to our internal CI registry).
Artifacts as files (initramfs, kernel) now have `-arch` suffix:
`vmlinuz-amd64`, `initramfs-amd64.xz`. "Magic" script normalizes output
paths depending on whether single platform or multiple platforms were
given.
VM provisioners accept magic `${ARCH}` in initramfs/kernel paths which
gets replaced by cluster architecture.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Add sonobuoy runner code with log fetching on failure. Use hand-picked
set of e2e tests to run: verify basic pod functionality, verify service
connectivity.
Add option `--run-e2e` to the `talosctl health` to run quick e2e test to
verify cluster health.
Add option to run provision tests with custom CNI, run one track of
provision tests with Cilium.
Bump Cilium to 1.8.2.
Talos 0.6 won't uncordon node automatically after upgrade from 0.5, as
0.5 doesn't put annotation. Workaround that in upgrade tests.
Bump upgrade test version to 0.6.0 release.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This moves to using grub instead of syslinux.
BREAKING CHANGE: Single node upgrades will fail in this change. This
will also break the A/B fallback setup since this version introduces
an entirely new partition scheme, that any fallback will not know about.
We plan on addressing these issues in a follow up change.
Signed-off-by: Andrew Rynhard <andrew@rynhard.io>
This PR will update the CI testing to make use of our control plane
provider, as well as the other CAPI components.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
As the build runs inside containers which are part of a single pod, we
need to clean up networking bits (bridge interface, etc.), so that it
doesn't cause problems for other steps.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Fixes#2363#2364#2370#2371
Several changes packed together:
* use compressed `vmlinuz` everywhere, firecracker provisioner
uncompresses it before first use, drop `vmlinux`
* handle reboots in qemu launcher to support reset API case, update
empty disk check to handle reset behavior (erasing partition table)
* make bootloader support default in provisioners, and flag to disable
that
* early support for target architecture for qemu provisioner
This should allow us to use `qemu` in CI/CD (not included into this PR):
integration test passes with qemu.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Starts and stops qemu VMs, has some initial configuration subset.
Sets up networking through CNI tools, sets up DHCP server which gives IP
addresses to nodes.
Signed-off-by: Artem Chernyshev <artem.0xD2@gmail.com>
Fixes#2330
CLI tests require node discovery as `--nodes` flag is enforced for most
of the `talosctl commands`.
For clusters created via `talosctl cluster create`, cluster provisioner
state provides all the necessary information, but clusters created via
CAPI don't have the state attached.
API tests rely on Talos and Kubernetes APIs to fetch kubeconfig and
access Nodes K8s API.
CLI tests should rely only on CLI tools, so we use `kubectl get nodes` +
`talosctl kubeconfig` to fetch list of master and worker nodes.
This discovery method relies on "bootstrap" node being set in
`talosconfig` (to fetch `kubeconfig`).
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
We're not using load balancer for `apid` (always using client-side load
balancing), so we can remove this safely.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
With load-balancing enabled by default running `talosctl` without
`--nodes` is risky, as it might hit any control plane by default without
`--nodes`.
Only two commands do not enforce this check, as they do their own node
contexts: `crashdump` and `health` (client-side).
Integration tests were updated to always supply `--nodes` cli argument,
while doing that I refactored the storage for discovered nodes to use
existing `cluster.Info` interface.
The downside is that with e2e CAPI tests CLI tests will be mostly
skipped as we don't support discovery in CLI tests at the momemnt. This
can be fixed by using `talosctl kubeconfig` + `kubectl get nodes` for
node discovery.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR brings in the latest version of clusterctl that has built-in
support for the talos repos. I'll be chasing this with a move to using
the control-plane provider as well!
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
When cluster fails to be bootstrapped or it fails the health check, it's
hard to find the root cause without the logs.
This change adds optional crashdump (it dumps firecracker logs or docker
logs) after provisioning failure. It's not enabled by default.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR fixes the fix where we try to cleanup sonobuoy. We did that
successfully, but still got errors b/c we were immediately trying to
create service accounts in a namespace that was being deleted. This
should fix that. The sonobuoy default wait period is 1hr, should be
plenty.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This PR will make sure that, if we're going to retry sonobuoy, we run
the delete command first to clean up any dangling resources.
Closes#2266.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
Just a copy of `integration` pipeline with the same trigger as `nightly`
pipeline, so we can have two separate pipelines and two notifications
for better visibility.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
As many pipelines inherit steps from `default_steps`, take out
`e2e-firecracker-short` from `default_steps`.
`e2e` pipeline only relies on `e2e-docker`.
`integration` pipeline does full firecracker run with `e2e-firecracker`.
`release` pipeline manually pulls in `e2e-firecracker-short` to be on
the safe side.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This adds new flug to `cluster create` to launch cluster with custom
CNI, `integration` pipeline gets a new step to run short test with
Cilium 1.8.0 CNI.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This moves full integratation test and provision tests to
the `integration` pipeline.
Docker test wasn't affected much, as anyways docker can't run long
integration tests, so it mostly affects firecracker and provision tests.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
CAPI-based steps are using docker Talos cluster built at `e2e-docker`
stage as a bootstrap cluster. Share the config via volume which is
attached to specific steps.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
e2e tests are running in `/tmp/e2e` directory, so all the firecracker VM
virtual disk are going to `/tmp` directory. As `/tmp` was mounted as
`tmpfs`, this was putting high pressure on build host memory. Memory is
also used for docker containers, firecracker VMs, etc. Build host has
fast NVMe disks, so no good reason to keep `/tmp` in memory.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This moves our test scripts to using the bootstrap API. Some
automation around invoking the bootstrap API was also added
to give the same ease of use when creating clusters with the
CLI.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This PR will update k8s to the latest 1.18 release and bump sonobuoy to
help resolve some e2e flakes. Also adds some retry logic around the
sonobuoy run.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
With Go 1.14.3 we can run race-enabled code on muslc, so this opens path
to run unit-tests-race under Talos environment with rootfs, enabling all
the tests to run under race detector.
Also fixed the tests run by specifying platform in the test environment.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR will ensure that the firecracker provision tests will only run
after a successful e2e_firecracker run. This is being added in hopes of
freeing up some resources during CI testing and making things more
stable.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
Bump timeouts for reset API test as K8s control plane teardown might
take 3 minutes on its own.
Bump Go Firecracker SDK timeout when talking to firecracker process.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR will update our testing ocde to make use of the clusterctl tool,
as well as use the newer versions of various providers and updated
manifests.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
Instead of keeping a CHANGELOG for each release in the master branch, a
single CHANGELOG should be used since it will move into release branches
anyways. This prevents us from having to keep the files in sync across
master and the release branch. This also adds better tooling for
generating the CHANGELOG.md.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This sets the size of the ephemeral partition to the maximum
allowed size at installation time. We have reports of `xfs_growfs` causing
extremely slow boot times when the disk is 1TB or more. In our research
we found evidence that `xfs_growfs` is an expensive operation when
growing to a size of 10 times or more of the base. Instead, users should
create the disk close to the max disk size at install time. The
difference being that `mkfs.xfs` will handle larger disks better.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This PR removes the references to adding in the random CPU trust to the
kernel for all v0.4 docs, as well as in the iso command in the
installer. This is no longer needed with the newer linux kernel.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This PR does the following:
- updates the conform config
- cleans up conform scopes
- moves slash commands to the talos-bot
- adds a check list to the pull request template
- disables codecov comments
- uses `BOT_TOKEN` so all actions are performed as the talos-bot user
- adds a `make conformance` target to make it easy for contributors to
check their commit before creating a PR
- bumps golangci-lint to v1.24.0
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
