This is needed to make sure that those steps don't run in parallel on
release builds, as they write same output files.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
With system extensions, size of the `initramfs` might increase
significantly. With 1000 MiB `/boot`, as we store `A` and `B` boot
directories, we have 500 MiB for each Talos boot (size of the kernel and
initramfs).
Fixes#5096
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
When IPv6 is disabled entirely, we should not try to set `accept_ra`,
since it does not exist.
This performs a check before adding the default kernel parameter.
Fixes#5087
Signed-off-by: Seán C McCord <ulexus@gmail.com>
They were discovered as we tagged 1.0.0 version:
* wrong deprecated version
* incompatibility in extension compatibility checks
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#5080
This updates all package dependencies to 1.0 versions.
Add a GPL note to README.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
No actual change to the dependencies, simply using released versions of
Go modules.
Also bump containerd to 1.6.1 (it should have went with containerd
1.6.1).
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
They haven't been actually used, it reduces initramfs size by ~600KB,
and iscsi will be re-packages as a system extension.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#4947
It turns out there's something related to boot process in BIOS mode
which leads to initramfs corruption on later `kexec`.
Booting via GRUB is always successful.
Problem with kexec was confirmed with:
* direct boot via QEMU
* QEMU boot via iPXE (bundled with QEMU)
The root cause is not known, but the only visible difference is the
placement of RAMDISK with UEFI and BIOS boots:
```
[ 0.005508] RAMDISK: [mem 0x312dd000-0x34965fff]
```
or:
```
[ 0.003821] RAMDISK: [mem 0x711aa000-0x747a7fff]
```
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Set memory/cpu resource reservation for system processes.
It helps system processes to allocate memory on memory pressure
situation.
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Set default route to metaserver, which exists only on eth0 interface.
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#5003
This implements a way to configure API server admission plugins via
Talos machine configuration.
If Pod Security admission is enabled, default cluster-wide policy is
generated which enforces baseline policy.
Policy can be overridden per-namespace.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Second way to collect talos and pod logs in the cluster.
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#4694
User services run alongside with Talos system services.
Every user service container root filesystem should be already present
in the Talos root filesystem.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
As `_out` is a shared volume across Drone steps, we should prefetch CLI
dependencies early, as fetching them concurrently from multiple steps
might lead to surpising results.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This feature allow to us use low source port <1024 to make a http calls.
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Newest version of github.com/mdlayher/arp backed by the improved
https://github.com/mdlayher/packet package. There's no stable release
of arp yet but I'd like to get back around to that now that I'm stabilizing underlying pieces.
Signed-off-by: Matt Layher <mdlayher@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Updated wording, added some cross references, and generally updated the
controlplane troubleshooting document.
Signed-off-by: Seán C McCord <ulexus@gmail.com>
Instead of bundling the apiserver audit logs with the rest of the
apiserver logs, we should store them separately to file, assuring
reasonable defaults for retention and rotation.
Fixes#5000
Signed-off-by: Seán C McCord <ulexus@gmail.com>
I believe it serves no purpose in GRUB config: GRUB pre-loads
`initramfs` into memory anyways, so kernel doesn't need to know, nor has
now way to load it from anywhere.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#4987
As machinery is supposed to be widely used project, and gRPC lacks
proper support to override default codec easily, it might come into
conflict with other projects.
Instead, move codec to core talos, and register it explicitly in the
server code (which covers machined, apid, trustd) and client code
(talosctl).
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
