This option must be defined at the proto level in order to have an
import path that is reasonably usable
Signed-off-by: Eddie Zaneski <eddiezane@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This is an attempt to fix many issues related with trying to use Service
IP for host DNS.
Fixes#9196
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes https://github.com/siderolabs/extensions/issues/448
Bundle some CNI standard plugins plus Flannel CNI plugin (as Flannel is
the default CNI in Talos) in the Talos `initramfs`.
With this change, no plugin install is required, so the `install-cni`
step is dropped from the Flannel default manifest.
The bundled plugins:
```
$ talosctl -n 172.20.0.2 ls -lH /opt/cni/bin/
NODE MODE UID GID SIZE(B) LASTMOD NAME
172.20.0.2 drwxr-xr-x 0 0 109 B 7 hours ago .
172.20.0.2 -rwxr-xr-x 0 0 3.2 MB 7 hours ago bridge
172.20.0.2 -rwxr-xr-x 0 0 3.3 MB 7 hours ago firewall
172.20.0.2 -rwxr-xr-x 0 0 2.4 MB 7 hours ago flannel
172.20.0.2 -rwxr-xr-x 0 0 2.4 MB 7 hours ago host-local
172.20.0.2 -rwxr-xr-x 0 0 2.4 MB 7 hours ago loopback
172.20.0.2 -rwxr-xr-x 0 0 2.8 MB 7 hours ago portmap
```
The `initramfs` for amd64 grows 67 -> 73 MiB with this change.
The path `/opt/cni/bin` is still an overlay mount, so extra plugins can
be dropped to this directory (no change here).
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Extensions are posted the following way:
`extensions.talos.dev/<name>=<version>`
The name should be valid as a label (annotation) key.
If the value is valid as a label value, use labels, otherwise use
annotations.
Also implements node annotations in the machine config as a side-effect.
Fixes#9089Fixes#8971
See #9070
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This PR adds the support for CoreDNS forwarding to host DNS. We try to bind on 9th address on the first element from
`serviceSubnets` and create a simple service so k8s will not attempt to rebind it.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Co-authored-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Fixes#7379
Add possibility to configure the controlplane static pod resources via
APIServer, ControllerManager and Scheduler configs.
Signed-off-by: LukasAuerbeck <17929465+LukasAuerbeck@users.noreply.github.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This commit adds support for API load balancer. Quick way to enable it is during cluster creation using new `api-server-balancer-port` flag (0 by default - disabled). When enabled all API request will be routed across
cluster control plane endpoints.
Closes#7191
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Fixes#7233
Waiting for node readiness now happens in the `MachineStatus` controller
which won't mark the node as ready until Kubernetes `Node` is ready.
Handling cordoning/uncordining happens with help of additional resource
in `NodeApplyController`.
New controller provides reactive `NodeStatus` resource to see current
status of Kubernetes `Node`.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
See #7233
The controlplane label is simply injected into existing controller-based
node label flow.
For controlplane taint default NoScheduleTaint, additional controller &
resource was implemented to handle node taints.
This also fixes a problem with `allowSchedulingOnControlPlanes` not
being reactive to config changes - now it is.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This PR adds support for creating a list of API endpoints (each is pair of host and port).
It gets them from
- Machine config cluster endpoint.
- Localhost with LocalAPIServerPort if machine is control panel.
- netip.Addr[0] and port from affiliates if they are control panels.
For #7191
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
This is controlled with a feature flag which gets enabled automatically
for Talos 1.5+.
Fixes#7181
If enabled, configures kubelet to use project quotas to track xfs volume
usage, which is much more efficient than doing `du` periodically.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
We add the `nodeLabels` key to the machine config to allow users to add
node labels to the kubernetes Node object. A controller
reads the nodeLabels from the machine config and applies them via the
kubernetes API.
Older versions of talosctl will throw an unknown keys error if `edit mc`
is called on a node with this change.
Fixes#6301
Signed-off-by: Philipp Sauter <philipp.sauter@siderolabs.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
There's a cyclic dependency on siderolink library which imports talos
machinery back. We will fix that after we get talos pushed under a new
name.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Previously static pod manifests were written to and read from a folder
on the disk. We add a controller that cleans up the default static pod
manifests on the disk and serves them as a PodList manifest via HTTP.
The to the manifest is injected into the kubelet. File based static pod
manifests are still supported and may be enabled by setting the key
kubelet -> enableManifestsDirectory in the machine config.
Fixes#5494
Signed-off-by: Philipp Sauter <philipp.sauter@siderolabs.com>
Add resource `AuditPolicyConfigs.kubernetes.talos.dev`.
It can be changed through machine config `cluster.apiServer.auditPolicy`
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This commit adds structprotogen tool which is used to generate proto file from Go structs.
Closes#6078.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
