Provides capability to add extra headers in cases where files can only be fetched with token based authenction.
Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
feat: extra manifest headers for fetching manifests
- Changed config to map of key value pairs.
Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
fix: added docs for new extra headers fetch
Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
fix: fix linter issue
Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
BREAKING CHANGE: This PR fixes a bug where we were only passing `cluster.local` to the
kubelet configuration. It will also pull in a new version of the
bootkube fork to ensure that custom domains got propogated down to the
API Server certs, as well as the CoreDNS configuration for a cluster.
Existing users should be aware that, if they were previously trying to
use this option in machine configs, that an upgrade will may break
their cluster. It will update a kubelet flag with the new domain, but
CoreDNS and API Server certs will not change since bootkube has already
run. One option may be to change these values manually inside the
Kubernetes cluster. However, it may prove easier to rebuild the cluster
if necessary.
Additionally, this PR also exposes a flag to `osctl config generate`
to allow tweaking this domain value as well.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
Fixes#1906
This provides lifetime as duration relative to kubeconfig generation
time (the moment `osctl kubeconfig` was called).
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This extracts admin kubeconfig generation out of bootkube, now based on
Talos x509 library. On each API request for `kubeconfig`, config is
generated on the fly and sent back on the wire.
This fixes two issues:
* any master node can now generate `kubeconfig` (worker nodes can do
that too, but that should probably change in the future)
* after upgrade-and-wipe the disk scenario, `osctl kubeconfig` still
works
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR aims to fix the ability to pass extra flags to control plane
components. This will close#1523
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This PR will add the new cluster name field to our bootkube options.
This allows for the generated kubeconfig to include the context-name for
the default context.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This PR allows for pod checkpointer and coredns images to be customized
for bootkube. We can already customize the hyperkube image and all other
images used by bootkube are CNI-related and can be customized with the
"custom" CNI setup.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This PR will add an `additionalManifests` field to the config data that
allows users to specify a list of URLs that they'd like to fetch
manifests from. These manifests will then be added to the bootkube asset
directory and applied during the bootkube service.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
In our config we allow users to override the etcd and kubelet images,
but we don't actually make use of the fields. This ensures that user
specified images are honored.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This PR will allow users to specify one or many URLs for CNI so that
they can bypass bootkube deploying flannel and bring their own. Will
close#1593
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This allows for an arbitrary set of args to be passed to etcd. Due to
the fact the we do the discovery of the current cluster state, we
blacklist initial-cluster. Additionally, we black list args that would
makes sense to modify, like the path to the certs.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This PR moves to using the full URL for endpoint instead of trying to
hardcode 6443 in various places like we were doing.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
Since we no longer have the static IP requirement, we can update all
references to the "master IPs" to use the control plane endpoint.
This adds support for creating more than one node using the qemu-boot.sh
script.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This adds a setter for the certificate SANs and sets the hostname based
on info from the platform.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This adds more methods to the Cluster interface that allows for more
granular control of the cluster network settings.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This moves from translating a config into an internal config
representation, to using an interface. The idea is that an interface
gives us stronger compile time checks, and will prevent us from having to copy
from on struct to another. As long as a concrete type implements the
Configurator interface, it can be used to provide instructions to Talos.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
