532 Commits

Author SHA1 Message Date
Andrey Smirnov
e0eee7fcc6
test: use clusterctl.yaml overrides after org rename
`clusterctl init` can't follow redirects.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-03-24 14:13:22 +03:00
Andrey Smirnov
883d401f9f
chore: rename github organization to siderolabs
Go module import paths still use talos-systems, packages use new
siderolabs name.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-03-23 21:07:46 +03:00
Tim Jones
d1294d014f
chore: add day-two tests for e2e-qemu
Uses Sidero Labs d2ctl to install a small sample of
common cluster services to ensure the Talos cluster
is capable.

Signed-off-by: Tim Jones <tim.jones@siderolabs.com>
2022-03-22 20:53:07 +01:00
Andrey Smirnov
a6240e4b67
feat: update Linux to 5.15.30
Also updates linux-firmware, OpenSSL to 1.1.1n.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-03-22 20:52:32 +03:00
Andrey Smirnov
b6691b3508
chore: bump dependencies
dependabot + go-mod-outdated

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-03-21 18:24:00 +03:00
Andrey Smirnov
9d69fb6b40
feat: update Kubernetes to 1.23.5
Note: some Go modules are not tagged yet, see https://github.com/kubernetes/kubernetes/issues/108763

See https://github.com/kubernetes/kubernetes/releases/tag/v1.23.5

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-03-17 14:45:46 +03:00
Andrey Smirnov
caf800fe84
feat: implement D-Bus systemd-compatible shutdown for kubelet
Add a mock D-Bus daemon and a mock logind implementation over D-Bus.

Kubelet gets a handle to the D-Bus socket, connects over it to our
logind mock and negotiates shutdown activities.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-03-16 13:57:46 +03:00
Caleb Woodbine
d256b5c5e4
docs: fix spelling mistakes
Resolve spelling with `misspell -w .`

Signed-off-by: Caleb Woodbine <calebwoodbine.public@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-03-15 15:38:25 +03:00
Noel Georgi
5fdedae208
chore: bump kernel to 5.15.28
Bump kernel to 5.15.28

ref: https://github.com/talos-systems/pkgs/pull/417

Signed-off-by: Noel Georgi <git@frezbo.dev>
2022-03-14 23:53:42 +05:30
Andrey Smirnov
714e5eca63
chore: bump dependencies
dependabot + go-mod-outdated

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-03-14 16:48:37 +03:00
Andrey Smirnov
0aa23cb327
feat: update pkgs to 1.0 versions, Go 1.17.8
Fixes #5080

This updates all package dependencies to 1.0 versions.

Add a GPL note to README.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-03-04 19:18:59 +03:00
Noel Georgi
dc8e9ed4a5
feat: bond interfaces from kernel cmdline
Support bond interfaces from kernel cmdline using `bond=` format

Fixes: #4765

Signed-off-by: Noel Georgi <git@frezbo.dev>
2022-03-03 23:54:53 +05:30
Andrey Smirnov
77158a61fd
chore: rename v0.15 to v1.0
Next release of Talos will be v1.0 🎉

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-03-03 00:25:43 +03:00
Andrey Smirnov
22a4d6b3e6
feat: update containerd to 1.6.1
Also update Linux to 5.15.26.

See https://github.com/talos-systems/pkgs/pull/410

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-03-02 22:48:30 +03:00
Andrey Smirnov
09efa62f68
chore: re-enable kexec and default to UEFI booting in tests
Fixes #4947

It turns out there's something related to boot process in BIOS mode
which leads to initramfs corruption on later `kexec`.

Booting via GRUB is always successful.

Problem with kexec was confirmed with:

* direct boot via QEMU
* QEMU boot via iPXE (bundled with QEMU)

The root cause is not known, but the only visible difference is the
placement of RAMDISK with UEFI and BIOS boots:

```
[    0.005508] RAMDISK: [mem 0x312dd000-0x34965fff]
```

or:

```
[    0.003821] RAMDISK: [mem 0x711aa000-0x747a7fff]
```

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-03-02 21:52:18 +03:00
Noel Georgi
8975a56eb2
docs: fix typo in release notes
Fix typo in release notes

Signed-off-by: Noel Georgi <git@frezbo.dev>
2022-03-03 00:03:57 +05:30
Andrey Smirnov
7b33ffbd85
chore: update pkgs and extras
This brings in the following changes:

* https://github.com/talos-systems/pkgs/pull/404
* https://github.com/talos-systems/pkgs/pull/405
* https://github.com/talos-systems/pkgs/pull/406
* https://github.com/talos-systems/pkgs/pull/407

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-02-28 23:19:24 +03:00
Andrey Smirnov
c5992c2bf8
chore: bump dependencies
dependabot + go-mod-outdated

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-02-28 22:51:53 +03:00
Andrey Smirnov
f81fb9f7cf
feat: implement sysfs
Fixes: https://github.com/talos-systems/talos/issues/4703

Co-authored-by: Dmitriy Matrenichev <lepage+gh@protonmail.com>
Co-authored-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
2022-02-28 17:51:02 +03:00
Andrey Smirnov
eb40b9254f
feat: add a way to override kubelet configuration via machine config
Fixes #4629

Note: some fields are enforced by Talos and are not overridable.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-02-25 17:39:01 +03:00
Noel Georgi
dc23715478
chore: update packet to equinix
Update `packet` to `equinix` for `talos.platform` kernel argument

Fixes: #5010

Signed-off-by: Noel Georgi <git@frezbo.dev>
2022-02-25 00:50:02 +05:30
Andrey Smirnov
7917b1aca0
feat: support admission control configuration and Pod Security admission
Fixes #5003

This implements a way to configure API server admission plugins via
Talos machine configuration.

If Pod Security admission is enabled, default cluster-wide policy is
generated which enforces baseline policy.

Policy can be overridden per-namespace.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-02-24 16:18:15 +03:00
Andrey Smirnov
b2bf3117ff
feat: implement extension services
Fixes #4694

User services run alongside with Talos system services.
Every user service container root filesystem should be already present
in the Talos root filesystem.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-02-22 23:11:20 +03:00
Andrey Smirnov
614adf0ffd
feat: update xfsprogs to 5.14.2, replace LibreSSL with OpenSSL
See #4985

Also a bit more cleanup of the rootfs contents.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-02-21 21:31:41 +03:00
Andrey Smirnov
673fe2ebf7
feat: disable PSP by default for Talos >= 0.15
This flips the switch in the machine config to skip PSP deployment.

See #5003

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-02-21 17:46:45 +03:00
Seán C McCord
4d419a007f
feat: store audit logs to disk
Instead of bundling the apiserver audit logs with the rest of the
apiserver logs, we should store them separately to file, assuring
reasonable defaults for retention and rotation.

Fixes #5000

Signed-off-by: Seán C McCord <ulexus@gmail.com>
2022-02-21 09:12:27 -05:00
Andrey Smirnov
8ef3d85bc4
chore: bump dependencies
Dependabot + go-mod-outdated.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-02-21 16:01:33 +03:00
Noel Georgi
8a634d5648
chore: bump tools, pkgs, extras
Bump tools, pkgs and extras

Ref:
- https://github.com/talos-systems/tools/pull/171
- https://github.com/talos-systems/extras/pull/39
- https://github.com/talos-systems/pkgs/pull/403

Signed-off-by: Noel Georgi <git@frezbo.dev>
2022-02-21 14:49:57 +05:30
Seán C McCord
a5fb271ac8
feat: enable protectKernelDefaults in kubelet_spec
Enable the kubelet's builtin kernel configuration checks.
Also limits streaming connection timeout.

Fixes #5002
Fixes #4990

Signed-off-by: Seán C McCord <ulexus@gmail.com>
2022-02-18 11:03:06 -05:00
Andrey Smirnov
0fe34b3581
feat: update Kubernetes to 1.23.4
See https://github.com/kubernetes/kubernetes/releases/tag/v1.23.4

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-02-17 23:50:34 +03:00
Andrey Smirnov
00ccaf13fb
feat: update CoreDNS to 1.9.0
See https://github.com/coredns/coredns/blob/master/notes/coredns-1.9.0.md

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-02-16 18:12:33 +03:00
Andrey Smirnov
a9a47b7559
feat: update containerd to 1.6.0
See https://github.com/talos-systems/pkgs/pull/400

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-02-16 17:42:26 +03:00
Andrey Smirnov
bddd53fc4a
chore: bump dependencies
Some via dependabot, some via go-mod-outdated.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-02-15 21:22:53 +03:00
Andrey Smirnov
1e9f0ad4c6
feat: update Go to 1.17.7, Linux to 5.15.23
See:

* https://github.com/talos-systems/tools/pull/168
* https://github.com/talos-systems/pkgs/pull/395
* https://github.com/talos-systems/pkgs/pull/397
* https://github.com/talos-systems/extras/pull/37

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-02-11 17:40:12 +03:00
Charlie Haley
fef99892d5
chore: pin kubernetes version to talosctl gen config
Pin talos default k8s version to `talosctl gen config`

Signed-off-by: Charlie Haley <charlie.haley@hotmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-02-11 16:47:49 +03:00
Andrey Smirnov
c6bca1b33b
docs: add guide on system extensions
This is very first guide, we can expand it as we get more details.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-02-10 22:04:36 +03:00
Andrey Smirnov
492b156dab
feat: implement static pods via machine configuration
Fixes #4727

On worker nodes, static pods are injected, but status can't be monitored
by Talos. On control plane nodes full status is available via
`StaticPodStatus`.

Pod definition is left as `Unstructured` in the machine configuration,
and no specific validation is performed to avoid pulling in Kubernetes
libraries into Talos machinery package.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-02-10 18:37:19 +03:00
Andrey Smirnov
0da370dfef
test: unlock CABPT/CACPPT provider versions
We should always test latest versions of our providers.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-02-10 00:14:15 +03:00
Noel Georgi
4f391cd5c5
chore: bump kernel to 5.15.22
Bump kernel to 5.15.22 stable

Ref: https://github.com/talos-systems/pkgs/pull/391

Signed-off-by: Noel Georgi <git@frezbo.dev>
2022-02-09 21:17:50 +05:30
Noel Georgi
9302058319
chore: update kernel to 5.15.21
Ump kernel to 5.15.21 stable

Ref: https://github.com/talos-systems/pkgs/pull/390

Signed-off-by: Noel Georgi <git@frezbo.dev>
2022-02-07 20:05:18 +05:30
Andrey Smirnov
c7186ed080
chore: bump dependencies
Dependabot + go-mod-outdated.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-02-07 16:26:15 +03:00
Philipp Sauter
9ee470f955
feat: set /etc/localtime to UTC
Adds a timezone file for UTC to the rootfs and create a symlink for it
at /etc/localtime

Fixes #4840

Signed-off-by: Philipp Sauter <sauterp@protonmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-02-07 15:44:19 +03:00
Andrey Smirnov
e47387e419
chore: bump CAPI to 1.0.4
This release contains cert-manager download fix.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-02-03 18:19:42 +03:00
Andrey Smirnov
5462f5ed18
feat: update etcd to 3.5.2
See https://github.com/etcd-io/etcd/blob/main/CHANGELOG/CHANGELOG-3.5.md

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-02-03 17:25:08 +03:00
Noel Georgi
446972f211
chore: bump kernel to 5.15.19
Bump kernel to 5.15.19 stable

Signed-off-by: Noel Georgi <git@frezbo.dev>
2022-02-02 02:23:33 +05:30
Bernard Sébastien
7f0b3aae0a
feat: add multiple config patches, patches from files, YAML support
Include filename content if value begins with @ (see curl for example).

Add multiple config-path option on cmdline to apply them in order.

ex:

```
talosctl-linux-amd64 gen config talos1 https://127.0.0.1:6443 --config-patch-control-plan @cidrs.json --config-patch-worker @sysctls-workders.json --config-path @cluster-name.json
```

Load JSON patch from YAML.

This applies to all commands handling config patches.

Closes: https://github.com/talos-systems/talos/issues/4764

Signed-off-by: Sébastien Bernard <sbernard@nerim.net>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-01-31 22:50:46 +03:00
Noel Georgi
036644f7a0
chore: bump kernel to 5.15.18
Bump kernel to 5.15.18 stable

Signed-off-by: Noel Georgi <git@frezbo.dev>
2022-01-31 21:54:22 +05:30
Noel Georgi
65e64d425e
chore: update kernel to stable 5.15.17
Bump kernel to 5.15.17

Signed-off-by: Noel Georgi <git@frezbo.dev>
2022-01-27 23:10:27 +05:30
Noel Georgi
151c9df091
chore: add CSI tests for e2e-qemu
Add tests for using rook as CSI for e2e-qemu
Allow specifying cpu/memory for workers

Signed-off-by: Noel Georgi <git@frezbo.dev>
2022-01-27 20:06:10 +05:30
Andrey Smirnov
0bf161dffb
test: add integration test for system extensions
This verifies system extensions via the gVisor system extension.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
2022-01-26 23:29:15 +03:00