Update to the latest 1.33.0 updated to get main on 1.33 for upcoming
Talos 1.10.
Update go-kubernetes to the version supporting 1.33.x.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Generate `installer` from `imager` so installer always have UKI's.
Push `installer-base` which just contains base tools to install.
Fixes: #10188Fixes: #10323
Signed-off-by: Noel Georgi <git@frezbo.dev>
Also pull in usrmerged tools, so remove older hacks. Add a fixed enumer fork with Go 1.24 compatibility.
Signed-off-by: Dmitrii Sharshakov <dmitry.sharshakov@siderolabs.com>
This fixes#10347
The core issue was that Talos nftables chain had priority 0 (`filter`),
while kube-proxy does DNAT for node ports at priority -110 (before Talos
can see source traffic), so Talos rule doesn't match.
Move Talos priority to -140, so it runs before kube-proxy.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Support showing current feature state, and changing features on the fly.
The output and interface should be similar to `ethtool`.
We don't support legacy feature names.
```
node: 172.20.0.5
metadata:
namespace: network
type: EthernetStatuses.net.talos.dev
id: enp0s2
version: 2
owner: network.EthernetStatusController
phase: running
created: 2025-02-10T11:40:32Z
updated: 2025-02-10T11:40:32Z
spec:
linkState: true
port: Other
duplex: Unknown
rings:
rx-max: 256
tx-max: 256
rx: 256
tx: 256
tx-push: false
rx-push: false
features:
tx-scatter-gather: on
tx-checksum-ipv4: off [fixed]
tx-checksum-ip-generic: on
tx-checksum-ipv6: off [fixed]
highdma: on [fixed]
tx-scatter-gather-fraglist: off [fixed]
tx-vlan-hw-insert: off [fixed]
rx-vlan-hw-parse: off [fixed]
rx-vlan-filter: on [fixed]
vlan-challenged: off [fixed]
tx-generic-segmentation: on
rx-gro: on
rx-lro: off [fixed]
tx-tcp-segmentation: on
tx-gso-robust: on [fixed]
tx-tcp-ecn-segmentation: on
tx-tcp-mangleid-segmentation: off
tx-tcp6-segmentation: on
tx-fcoe-segmentation: off [fixed]
tx-gre-segmentation: off [fixed]
tx-gre-csum-segmentation: off [fixed]
tx-ipxip4-segmentation: off [fixed]
tx-ipxip6-segmentation: off [fixed]
tx-udp_tnl-segmentation: off [fixed]
tx-udp_tnl-csum-segmentation: off [fixed]
tx-gso-partial: off [fixed]
tx-tunnel-remcsum-segmentation: off [fixed]
tx-sctp-segmentation: off [fixed]
tx-esp-segmentation: off [fixed]
tx-udp-segmentation: off
tx-gso-list: off [fixed]
tx-checksum-fcoe-crc: off [fixed]
tx-checksum-sctp: off [fixed]
rx-ntuple-filter: off [fixed]
rx-hashing: off [fixed]
rx-checksum: on [fixed]
tx-nocache-copy: off
loopback: off [fixed]
rx-fcs: off [fixed]
rx-all: off [fixed]
tx-vlan-stag-hw-insert: off [fixed]
rx-vlan-stag-hw-parse: off [fixed]
rx-vlan-stag-filter: off [fixed]
l2-fwd-offload: off [fixed]
hw-tc-offload: off [fixed]
esp-hw-offload: off [fixed]
esp-tx-csum-hw-offload: off [fixed]
rx-udp_tunnel-port-offload: off [fixed]
tls-hw-tx-offload: off [fixed]
tls-hw-rx-offload: off [fixed]
rx-gro-hw: on
tls-hw-record: off [fixed]
rx-gro-list: off
macsec-hw-offload: off [fixed]
rx-udp-gro-forwarding: off
hsr-tag-ins-offload: off [fixed]
hsr-tag-rm-offload: off [fixed]
hsr-fwd-offload: off [fixed]
hsr-dup-offload: off [fixed]
```
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Update tools, pkgs and extras to use fully bootstrapped [Stageˣ]-derived toolchain for building Talos and its dependencies.
This brings in changes related to root being usrmerged now, so some paths have changed. Extras have been cleaned up: use only the needed package.
Addresses: #10187
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
Starting with Talos 1.10, the default generated ISO's will use GRUB for
BIOS boot and sd-boot for EFI boot.
Fixes: #10192
Signed-off-by: Noel Georgi <git@frezbo.dev>
The previous fix was completely wrong.
See #10097
The core part of the problem was that `dosfstools` was not installed in
the `installer`, so this causes a busybox version of it to be used which
is totally broken for 4k disks.
Adds an integration test.
go-blockdevice updates revert first partition alignment for 4k disks and
allow `talosctl cluster create` to detect properly installation status.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Get the image list using `registry.k8s.io/conformance` image instead of hardcoding it.
Add new command `talosctl image integration` to create a proper list of k8s integration images for
`talosctl images cache-create` command.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
This way it's easy to re-enable NRI plugins with a simple change.
See https://github.com/siderolabs/talos/discussions/10068
I tested that it works e2e with NRI plugins repository.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Drop Equinix Metal e2e tests, due to EM machines mostly not booting
properly over PXE, drop the test as it adds no value.
Fixes: #10034
Signed-off-by: Noel Georgi <git@frezbo.dev>
Create a dummy SELinux file_contexts file to mitigate the warning. We do not rely on libselinux for labeling, so empty file suffices.
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
Final Kubernetes release for Talos 1.9.0.
Also update COSI to pull in a fix for watch restarts:
https://github.com/cosi-project/runtime/pull/512
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This fixes an issue like that:
* the system disk is say 10GiB
* STATE is fixed 100 MiB always
* EPHEMERAL is configured to be min 6 GiB, max 100 GiB
As the EPHEMERAL/STATE provisioning order was not defined, EPHEMERAL
might be created first, occupying whole disk and leaving no space left
for STATE.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
