Include all core packages into SBOM, make sure Talos is built with the
same Go versions as pkgs.
Signed-off-by: Dmitrii Sharshakov <dmitry.sharshakov@siderolabs.com>
This change aims to standardize the boot process. It introduces the
concept of a phase, which is comprised of tasks. Phases are ran in serial and
the tasks that make up a phase are ran concurrently.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
The responsibility of init should only be to mount the rootfs. This
change moves Talos specific logic into machined. This will allow us to
define a version of Talos in a single binary instead of split across
two. This will enable cleaner upgrades and helps make the codebase
easier to reason about.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
These were disabled in previous versions of Talos since BPF was
completely disabled. With this change, we now implement all recommended
sysctls.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
We need /etc/resolv.conf to be writable so that networkd can update it.
This change achieves this by creating a symlink at /etc/resolv.conf that
points to /var/resolv.conf.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This PR will fix a bug where the non-init nodes were not generating
their certs locally and relying on trustd instead. This broke down
because we aren't saving the CA key when we're generating with the
trustd identity function (because we don't need it for workers).
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
Without this, the check for the existence of the symlinks created in the
rootfs preparation step will always fail. On a reboot init will fail
because it tries to create a symlink that already exists.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
In order to accomodate the various ways that SSL certs are managed by
the different Linux distros, kubeadm creates control plane compoents
with volume mounts of the type DirectoryOrCreate to all well known SSL
cert locations. This change creates symlinks to /etc/ss/certs at all the
well known paths to account for the fact that the rootfs is read-only.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
