This introduces new configuration settings to configure
advertised/listen subnets. For backwards compatibility when using no
settings or old 'subnet' argument, etcd still listens on all addresses.
If new `advertisedSubnets` is being used, this automatically limits etcd
listen addresses to the same value. `listenSubnets` can be configured
also explicitly e.g. to listen on additional addresses for some other
scenarios (e.g. accessing etcd from outside of the cluster).
See #5668
One more thing left (for a separate PR) is to update etcd advertised
URLs on the fly.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This PR supports skipping node registration from K8s.
This is an adavnced use case and only needs to be used in special cases.
In this mode Kubelet only runs the static pods.
Fixes: #5847
Operations that will be broken:
- `talosctl cluster create` would eventually timeout since it expects
nodes to be registered.
- `talosctl health` since it expects nodes to be registered.
- `talosctl upgrade-k8s` since it expects nodes to be registered. Static
pods can still be updated by editing the machine config..
Signed-off-by: Noel Georgi <git@frezbo.dev>
This is incompatible with Calico and Cilium in default configuration, as
it's not easy to figure out exact PodCIDRs of the node.
We change the default but provide the option to revert the old behavior.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Use machine-id as the source for the default hostname (e.g. `talos-2gd-76y`) instead of DHCP-assigned IP (e.g. `talos-172-20-0-2`). This way, DHCP IP changes won't impact the hostname. Defaults to true for Talos version >=1.2.
Closessiderolabs/talos#5896.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
The end result is that every Talos CLI accepts both JSON and strategic
patches to patch machine configuration.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
There should be no functional change with this PR.
The primary driver is supporting strategic merge configuration patches.
For such type of patches machine config should be loaded from incomplete
fragments, so it becomes critically important to distinguish between a
field having zero value vs. field being set in YAML.
E.g. with following struct:
```go
struct { AEnabled *bool `yaml:"a"` }
```
It's possible to distinguish between:
```yaml
a: false
```
and no metion of `a` in YAML.
Merging process trewats zero values as "not set" (skips them when
merging), so it's important to allow overriding value to explicit
`false`.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This PR fixes a mistake in the bridge support docs and the reference to its docs in changelog.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
