Drop Equinix Metal e2e tests, due to EM machines mostly not booting
properly over PXE, drop the test as it adds no value.
Fixes: #10034
Signed-off-by: Noel Georgi <git@frezbo.dev>
Create a dummy SELinux file_contexts file to mitigate the warning. We do not rely on libselinux for labeling, so empty file suffices.
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
Final Kubernetes release for Talos 1.9.0.
Also update COSI to pull in a fix for watch restarts:
https://github.com/cosi-project/runtime/pull/512
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This fixes an issue like that:
* the system disk is say 10GiB
* STATE is fixed 100 MiB always
* EPHEMERAL is configured to be min 6 GiB, max 100 GiB
As the EPHEMERAL/STATE provisioning order was not defined, EPHEMERAL
might be created first, occupying whole disk and leaving no space left
for STATE.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#9615
The are no integration tests, this is to be addressed later.
I did manual tests so far.
Also includes first draft of the documentation.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
New config field `machine.network.searchDomains` supports specifying custom search domains.
For the node it will look something like this:
```
nameserver 127.0.0.53
search my-custom-search-name.com my-custom-search-name2.com
```
For the pods it will look something like this:
```
search default.svc.cluster.local svc.cluster.local cluster.local my-custom-search-name.com my-custom-search-name2.com
nameserver 10.96.0.10
options ndots:5
```
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
For 1.9, we keep it disabled until it gets more production ready in
1.10.
It still can be enabled with `selinux=1`.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#9731
The wipe doesn't require a reboot, but it requires the blockdevice not
to be used as a volume.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Drop i915 and amdgpu drivers from Talos rootfs, these will be packaged
as extensions containing both firmware and drivers.
Some modules like `ttm`, `i2c-algo-bit` etc have been left off since they are used by both amdgpu and
i915, so makes sense to keep in plain talos.
Part of: #9728
Signed-off-by: Noel Georgi <git@frezbo.dev>
This should fix the problem of including bond members by MAC address
when MAC address changes as the link becomes part of the bond.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#9613
This has two changes:
* adjust Talos registry resolver to match containerd (CRI) resolver: use
by default upstream as a fallback
* add a machine config option to skip upstream as a fallback, and adjust
CRI configuration accordingly
See https://github.com/containerd/containerd/blob/main/docs/hosts.md#registry-configuration---examples
for details on CRI's `hosts.toml`.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Rewrite matcher to take out old go-blockdevice library out of the way,
implementing translation from go-blockdevice format to CEL.
Implement facilities to build CEL expressions programmatically.
Now we can add a machine config disk match expression (CEL) easily.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Save `support.zip` always, also use a different folder for saving logs,
so we can save artifacts of multi cluster tests.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Conditionally mount selinuxfs only if it's present.
Fix AppArmor tests, `apparmor` and other minor LSM's and set
`apparmor=1`.
Signed-off-by: Noel Georgi <git@frezbo.dev>
