Fixes#10097
See https://github.com/siderolabs/go-blockdevice/pull/121
I added an option to QEMU provisioner to create disks with custom block
sizes (supported for some disk types).
Unfortunately, this case can't be built as a regression as QEMU's
firmware boots fine with ESP partition at 256/1024/2048 LBA.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
1. Don't set max cgroups limit if race mode is enabled (only in test
mode). When e.g. apid/trustd are built with race detector on, they
consume 10x the memory.
2. Fix a data race in `talosctl support` when showing UI progress.
3. Fix an issue pulling `kubeconfig` in `talosctl support` - pull from
endpoints (controlplanes) without setting any nodes.
Fixes#10036
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Mostly by using new version of `go-uefi` module and streaming instead of loading all at once.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
At the moment, we don't use/support aliases, but we might in the future.
Altnames are filled out by `systemd-udevd`.
This PR has two parts:
* show aliases & altnames in `LinkStatus`
* match links by aliases/altnames when we configure
addresses/routes/links
This should make a transition to `systemd-udevd` less painful if the
previous link name is in `altNames`.
Forked rtnetlink for https://github.com/jsimonetti/rtnetlink/pull/241
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Scenario: copy contents of the ISO to the USB VFAT stick.
Make sure VFAT filesystem has a label `TALOS_*`.
Fixes#9936
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Final Kubernetes release for Talos 1.9.0.
Also update COSI to pull in a fix for watch restarts:
https://github.com/cosi-project/runtime/pull/512
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Implement a feature flag, a resource which controls the flow.
This controls the volume configuration, mounting, etc.
Fixes#9767
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#9731
The wipe doesn't require a reboot, but it requires the blockdevice not
to be used as a volume.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Split from #9596 (without IPv6 stuff). This PR does this things:
- Refactored `DNSResolveCacheController`. Most of the logic moved to `dns` package types. Simplify and streamline logic.
- Replace most of the goroutine orchestration with suture package.
- Support per-item reaction to the dns listeners/servers failing to start. This allows us to ignore IPv6 errors if it's disabled.
- Support per-item reaction to the dns listeners/servers failing to stop.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Adds a auditd service that gathers all audit logs from kernel.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
This PR does those things:
- Fixes race condition where controller could potentially modify upstream, while other controller is copying its internals to the slice.
- Simplifies `run` function in `DNSUpstreamController` by removing all `Idx` handling.
- Removes `Idx` field from `DNSUpstream`. Upstreams are now sorted by their id with №X prefix.
- `Proxy` Stop is now called from the finalizer. In combination with iterators, this ensures that we only stop upstream when it's fully unreachable.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Bring in new tools, pkgs, update Go dependencies and others.
In preparation for Talos 1.9.0-alpha.0.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Unify usage of proto codec v2 across our projects.
Bump grpc library to 1.67.1 and ensure that we it still works with HTTP/2 ALPN value changes.
For https://github.com/siderolabs/talos/issues/9404
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Fixes#9466
There are two fixes:
* fix the actual panic via https://github.com/siderolabs/go-circular/pull/5
* prevent similar issues in the future by installing a panic handler
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fix the flow when a failing key slot leads to repeated attempts to open
the volume, while it's already open, but the failure was to sync other
keys.
Refactor the code to get rid of variable assignment in the outer block
from closures.
Fixes#9415
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
See #9412
I'll keep the issue open to track upstream PR status and remove replace
directives.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes: #7081
Review all reservations and limits set, test under stress load (using
both memory and CPU).
The goal: system components (Talos itself) and runtime (kubelet, CRI)
should survive under extreme resource starvation (workloads consuming
all CPU/memory).
Uses #9337 to visualize changes, but doesn't depend on it.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Run SideroLink API server via TLS with self-signed certificate, inject
that certificate into Talos via `talos.config.inline=`.
Fix a couple of place where our special TLS root CA provider supporting
reloading on the fly was not used.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This implements the first round of changes, replacing the volume backend
with the new implementation, while keeping most of the external
interfaces intact.
See #8367
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
