Use CCM to set correctly external IPs.
Signed-off-by: Adolfo Ochagavía <github@adolfo.ochagavia.nl>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Update KSPP related URLs and fix acronym typo from "KSSP" to "KSPP".
Signed-off-by: Dan Rue <drue@therub.org>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes: #7081
Review all reservations and limits set, test under stress load (using
both memory and CPU).
The goal: system components (Talos itself) and runtime (kubelet, CRI)
should survive under extreme resource starvation (workloads consuming
all CPU/memory).
Uses #9337 to visualize changes, but doesn't depend on it.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This is specifically for the glibc extension to support nvidia container
toolkit.
Signed-off-by: Jean-Francois Roy <jf@devklog.net>
Signed-off-by: Noel Georgi <git@frezbo.dev>
Support lvm auto-activation as per
https://man7.org/linux/man-pages/man7/lvmautoactivation.7.html.
This changes from how Talos previously used to unconditionally tried to
activate all volume groups to based on udev events.
Fixes: #9300
Signed-off-by: Noel Georgi <git@frezbo.dev>
Document security vulnerability reporting process.
Minor fixes in other docs, and add OpenSSF badge.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
When a map key is deleted, it should be deleted as a whole.
Before the fix it was zeroing out map value by key.
Fixes#9325
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Run SideroLink API server via TLS with self-signed certificate, inject
that certificate into Talos via `talos.config.inline=`.
Fix a couple of place where our special TLS root CA provider supporting
reloading on the fly was not used.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Due to the bug introduced when refactoring for PTP devices, invalid NTP
responses (including for example NTP kiss of death), were incorrectly
handled when only a single NTP server was used.
The error was logged, but the response was used to adjust the time which
leads to unexpected time jumps.
Properly ignore any invalid NTP response.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The fix in #9233 wasn't correct, as it was looking for number of
replicas in a "random" ReplicaSet. If the deployment has multiple
replica sets, it leads to unexpected results.
Instead, read the Deployment resource directly.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
`List` returns a sorted (by id) list of resources. This doesn't work when the order of dns upstreams is important. Because of that
add an `Idx` field to the "DNSUpstreams.net.talos.dev" resource, so we can preserve order.
Fixes#9274
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
In the status controller, there was a wrong method to parse the endpoint
which doesn't account for all supported formats.
Use already parsed version in the config resource instead.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
We should ignore this, it's a totally an optional feature used in
containers (Talos on its own kernel has ethtool-netlink).
Fixes#9296
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The initramfs unarchive won't work as it's extension is `xz` while the
actual compression is `zst`.
Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
Otherwise the internal code might assume that the service is still
running and healthy, never issuing a health change event.
Fixes#9271
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add support for uploading images to GCP in cloud image uploader.
GCP is not enabled by default since it's going to be used for e2e-tests
for now.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Move META constants out to machinery, and fix up imports. The internal
`pkg/meta` package shold not be consumed in public-facing commands.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The previous code didn't work, as it was manipulating args before they
were reset by the platform.
Also it was producing wrong order of console args.
Both fixed, plus a unit-test.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This implements the first round of changes, replacing the volume backend
with the new implementation, while keeping most of the external
interfaces intact.
See #8367
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Pause sequencer till the boot timeout if talos is booted from ISO/PXE, but
an existing talos is installed to disk and
`talos.iso.boot.halt_if_installed` kernel argument is set.
Fixes: #9232
Signed-off-by: Noel Georgi <git@frezbo.dev>
Kaniko adds an entry for the root folder `/` in its tarballs.
Processing the file causes the process to hang when trying to
recreate the destination directory.
The root directory already exists, so it triggers an error, but as the
errors were not correctly propagated, the process hangs forever.
Fix both issues.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Talos config files greater than 32kb will create an error when trying to
create Hetzner servers. This also applies for the default configuration.
Signed-off-by: Josia Scheytt <jscheytt@googlemail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
When you run the helm install, you get an error saying kubeProxyReplacement requires a value of true or false and not disabled
Signed-off-by: Amadeus Mader <156795523+a-mader@users.noreply.github.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
Update tools, pkgs, extras, Go dependencies, Go tools, etc.
Linux 6.6.47 and containerd 2.0.0-rc.4.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
