Fixes#3941
Also fixes route source address to be address, not a CIDR, as the Linux
kernel keeps it this way actually.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Adds a non-secret unique cluster identifier and a shared secret cluster
membership key for use by membership validation and discovery
mechanisms.
Fixes#4070
Signed-off-by: Seán C McCord <ulexus@gmail.com>
Talos supports automatic virtual IP for the control plane with pure
layer 2 connectivity. Equinix Metal API supports assigning shared IPs to
the nodes, this PR combines existing virtual IP functionality with calls
to EM API to move the IP address on EM side to the leader node.
The only thing which should be supplied in the machine configuration is
the Equinix Metal API token, every other setting is automatically
discovered automatically by Talos.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#3940
This changes machine configuration in a backwards compatible way to
allow multiple `.addresses` to be specified for the interface (and for
VLANs). Old field `.cidr` is still processed and used, but new
deployments should move to `.addresses`. This allows to stop using
interface duplication workarounds to assign multiple IPs to the
interface.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This feature comes as PSP is deprecated and going to be removed in 1.25.
In preparation for that, add an option to disable PSP which was always
enabled in Talos by default.
To keep backwards compatibility, PSP is still enabled by default.
See also #3971
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Co-authored-by: Adam Szucs-Matyas <szucsitg@gmail.com>
No need to do hacks with multiple interface entries just to get multiple
addressing methods
Fixes#2804
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Resources code extensively uses DeepCopy to prevent in-memory copy of
the resource to be mutated outside of the resource model.
Previous implementation relied on YAML serialization to copy the
machine configuration which was slow, potentially might lead to panics
and it generates pressure on garbage collection.
This implementation uses k8s code generator to generate DeepCopy methods
with some manual helpers when code generator can't handle it.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Plus, convert a few absolute URLs with a version number to relative URLs without versions.
Signed-off-by: Alexey Palazhchenko <alexey.palazhchenko@gmail.com>
