mirrors/talos
1
0
Fork 0
mirror of https://github.com/siderolabs/talos.git synced 2025-10-04 04:01:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
3,568 Commits 28 Branches 540 Tags
Commit Graph

6 Commits

Author SHA1 Message Date
Andrey Smirnov
c2c2d65bc9
refactor: use COSI access filter for resource access 
This replaces old resource API filter the new one based on new COSI
feature to filter access to the resources.

There should be no functional changes.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
 2022-08-08 17:25:09 +04:00
Dmitriy Matrenichev
4dbbf4ac50
chore: add generic methods and use them part #2 
Use things from #5702.

Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
 2022-06-09 23:10:02 +08:00
Andrey Smirnov
f2997c0f22
chore: bump dependencies 
dependabot + go-mod-outdated

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
 2022-06-06 23:27:17 +04:00
Andrey Smirnov
acf1ac0f1a
feat: show human-readable aliases in talosctl get rd 
Sample:

```
ID                                                ALIASES
addressspecs.net.talos.dev                        addressspec as
addressstatuses.net.talos.dev                     address addresses addressstatus as
affiliates.cluster.talos.dev                      affiliate
apicertificates.secrets.talos.dev                 apicertificate ac acs
certsans.secrets.talos.dev                        certsan csan csans
cpustats.perf.talos.dev                           cpustat cpus
discoveryconfigs.cluster.talos.dev                discoveryconfig dc dcs
endpoints.kubernetes.talos.dev                    endpoint
etcdrootsecrets.secrets.talos.dev                 etcdrootsecret ers
etcdsecrets.secrets.talos.dev                     etcdsecret es
etcfilespecs.files.talos.dev                      etcfilespec efs
etcfilestatuses.files.talos.dev                   etcfilestatus efs
hardwareaddresses.net.talos.dev                   hardwareaddress ha has
hostnamespecs.net.talos.dev                       hostnamespec hs
hostnamestatuses.net.talos.dev                    hostname hostnamestatus hs
identities.cluster.talos.dev                      identity
kernelparamdefaultspecs.runtime.talos.dev         kernelparamdefaultspec kpds
kernelparamspecs.runtime.talos.dev                kernelparamspec kps
kernelparamstatuses.runtime.talos.dev             sysctls kernelparameters kernelparams kernelparamstatus kps
kubeletconfigs.kubernetes.talos.dev               kubeletconfig kc kcs
kubeletsecrets.secrets.talos.dev                  kubeletsecret ks
kubeletspecs.kubernetes.talos.dev                 kubeletspec ks
kubernetescontrolplaneconfigs.config.talos.dev    kubernetescontrolplaneconfig kcpc kcpcs
kubernetesrootsecrets.secrets.talos.dev           kubernetesrootsecret krs
kubernetessecrets.secrets.talos.dev               kubernetessecret ks
kubespanconfigs.kubespan.talos.dev                kubespanconfig ksc kscs
kubespanendpoints.kubespan.talos.dev              kubespanendpoint kse kses
kubespanidentities.kubespan.talos.dev             kubespanidentity ksi ksis
kubespanpeerspecs.kubespan.talos.dev              kubespanpeerspec ksps
kubespanpeerstatuses.kubespan.talos.dev           kubespanpeerstatus ksps
linkrefreshes.net.talos.dev                       linkrefresh lr lrs
linkspecs.net.talos.dev                           linkspec ls
linkstatuses.net.talos.dev                        link links linkstatus ls
machineconfigs.config.talos.dev                   machineconfig mc mcs
machinetypes.config.talos.dev                     machinetype mt mts
manifests.kubernetes.talos.dev                    manifest
manifeststatuses.kubernetes.talos.dev             manifeststatus ms
members.cluster.talos.dev                         member
memorystats.perf.talos.dev                        memorystat ms
mountstatuses.runtime.talos.dev                   mounts mountstatus ms
namespaces.meta.cosi.dev                          ns namespace
networkstatuses.net.talos.dev                     netstatus netstatuses networkstatus ns
nodeaddresses.net.talos.dev                       nodeaddress na nas
nodeaddressfilters.net.talos.dev                  nodeaddressfilter naf nafs
nodeipconfigs.kubernetes.talos.dev                nodeipconfig nipc nipcs
nodeips.kubernetes.talos.dev                      nodeip nip nips
nodenames.kubernetes.talos.dev                    nodename
operatorspecs.net.talos.dev                       operatorspec os
osrootsecrets.secrets.talos.dev                   osrootsecret osrs
resolverspecs.net.talos.dev                       resolverspec rs
resolverstatuses.net.talos.dev                    resolvers resolverstatus rs
resourcedefinitions.meta.cosi.dev                 resourcedefinition rd rds
routespecs.net.talos.dev                          routespec rs
routestatuses.net.talos.dev                       route routes routestatus rs
secretstatuses.kubernetes.talos.dev               secretstatus ss
services.v1alpha1.talos.dev                       svc service
staticpods.kubernetes.talos.dev                   staticpod sp sps
staticpodstatuses.kubernetes.talos.dev            podstatus staticpodstatus sps
timeserverspecs.net.talos.dev                     timeserverspec tss
timeserverstatuses.net.talos.dev                  timeserver timeservers timeserverstatus tss
timestatuses.v1alpha1.talos.dev                   timestatus ts
```

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
 2021-12-17 20:37:37 +03:00
Andrey Smirnov
97ffa7a645
feat: upgrade kubelet version in talosctl upgrade-k8s 
Fixes #4656

As now changes to kubelet configuration can be applied without a reboot,
`talosctl upgrade-k8s` can handle the kubelet upgrades as well.

The gist is simply modifying machine config and waiting for `Node`
version to be updated, rest of the code is required for reliability of
the process.

Also fixed a bug in the API while watching deleted items with
tombstones.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
 2021-12-08 21:12:17 +03:00
Andrey Smirnov
2b5204200a
feat: enable resource API in the maintenance mode 
This basically provides `talosctl get --insecure` in maintenance mode.
Only non-sensitive resources are available (equivalent to having
`os:reader` role in the Talos client certificate).

Changes:

* refactored insecure/maintenance client setup in talosctl
* `LinkStatus` is no longer sensitive as it shows only Wireguard public
key, `LinkSpec` still contains private key for obvious reasons
* maintenance mode injects `os:reader` role implicitly

The motivation behind this PR is to deprecate networkd-era interfaces &
routes APIs which are being used in TUI installer, and we need a
replacement.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
 2021-09-22 21:36:34 +03:00