This detangles the gRPC client code from the userdata code. The
motivation behind this is to make creating clients more simple and not
dependent on our configuration format.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This changes the controlplane logic to write the audit policy to disk
from a common template instead of using trustd to distribute it.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
Writing system logs to /var/log breaks upgrades. The system disk unmount
fails with EBUSY. For now we can log to /run/system/log to avoid this.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
Added a property to userdata to allow a network interface to be ignored,
such that Talos will perform no operations on it (including DHCP).
Also added kernel commandline parameter (talos.network.interface.ignore)
to specify a network interface should be ignored.
Also allows chaining of kernel cmdline parameter Contains() where the
parameter in question does not exist.
Fixes#1124
Signed-off-by: Seán C McCord <ulexus@gmail.com>
This PR will upgrade to the latest beta of v1.16 in order to get us
closer to catching the v1.16.0 release as soon as it drops.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This adds a well defined task for handling all overlay mount points that
are required by the system.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
In order to facilitate upgrades and resets that are capable of
manipulating the system block device, we need to run an instance of
containerd that has zero dependencies on the disk. We run containerd
purely in memory for running system services.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
Part of the API refactor; this introduces a gRPC server for ntp.
This allows the ability to query node time and check time against
specific ntp servers.
This refactor also moves the ntp functionality into a sub package for
better project organization.
Signed-off-by: Brad Beam <brad.beam@talos-systems.com>
Part of the API refactor; this introduces a gRPC server for proxyd
to expose some of the internal state.
Signed-off-by: Brad Beam <brad.beam@talos-systems.com>
This changes the data partition name to something more appropriate. We
chose ephemeral to make it very clear that the disk should not be used
for application data.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This PR updates the kubernetes version constant, as well as pulls in the
new kubeadm image with the last alpha of v1.16.0 baked in. Additionally,
moves the CNI daemon sets to apps/v1, since they're now out of beta.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This PR will bump the hyperkube version so that we've got fixes for some
pretty critical CVEs: CVE-2019-11247 and CVE-2019-11249
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
