Fixed a typo in the disk-wipe instructions.
Signed-off-by: Andrew Symington <andrew.c.symington@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This add documentation on how to setup the Turing RK1 with Talos the
first time.
Booting can be done with eMMC or NVMe (using a U-Boot SPI image on
eMMC)
This commit also add Turing RK1 to the SBC support matrix.
Signed-off-by: Nico Berlee <nico.berlee@on2it.net>
Signed-off-by: Noel Georgi <git@frezbo.dev>
Fix some 404 link errors and typo.
Signed-off-by: Mohammad Amin Mokhtari <41728922+aminmokhtari94@users.noreply.github.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#9615
The are no integration tests, this is to be addressed later.
I did manual tests so far.
Also includes first draft of the documentation.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
New config field `machine.network.searchDomains` supports specifying custom search domains.
For the node it will look something like this:
```
nameserver 127.0.0.53
search my-custom-search-name.com my-custom-search-name2.com
```
For the pods it will look something like this:
```
search default.svc.cluster.local svc.cluster.local cluster.local my-custom-search-name.com my-custom-search-name2.com
nameserver 10.96.0.10
options ndots:5
```
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Fixes#9820
This only affects volumes with multiple key slots configured.
Make sync issues non-fatal, so that if some keys fail to sync, proceed
with normal boot, but record an error in the `VolumeStatus` resource.
When opening, correctly try all key slots.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The problem was with specific disk selector `!system_disk` - in previous
implementation, as `system_disk` defaulted to false even if the system
disk is not known yet, this might result in picking up a disk which is
going to be system disk before system disk is picked.
In new implementation, as `system_disk` is not set before it is
detected, the condition containing `system_disk` (in either way) would
fail to execute and volume provision will be delayed until system disk
is detected.
Also:
Fixes#9809
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add an explicit example of kubelet config.
Signed-off-by: Rémi Paulmier <remi.paulmier@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Implement SELinux labeling support in EtcFileController, label both squashfs and runtime-created files in /etc and /system/etc.
Add corresponding test cases.
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
Implement a feature flag, a resource which controls the flow.
This controls the volume configuration, mounting, etc.
Fixes#9767
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
* Save image in OCI format, so imager can either use as OCI input or from
a registry.
* Support caching layers to a path, so subsequent runs are faster
Signed-off-by: Noel Georgi <git@frezbo.dev>
Label mounted filesystems like ephemeral, overlay mounts, as well as data directories (going to become volumes later).
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
Fixes#9731
The wipe doesn't require a reboot, but it requires the blockdevice not
to be used as a volume.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This should fix the problem of including bond members by MAC address
when MAC address changes as the link becomes part of the bond.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#9691
This closes the race between the node registration and the moment
`NodeApplyController` would apply the taint.
As the taint is exactly same as added by `NodeApplyController`, it will
be owned by the controller, so it can be removed if
`allowSchedulingOnControlplanes` is enabled in the machine config while
the cluster is running.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#9613
This has two changes:
* adjust Talos registry resolver to match containerd (CRI) resolver: use
by default upstream as a fallback
* add a machine config option to skip upstream as a fallback, and adjust
CRI configuration accordingly
See https://github.com/containerd/containerd/blob/main/docs/hosts.md#registry-configuration---examples
for details on CRI's `hosts.toml`.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This is going to be used to detect disks that are safe to wipe.
For blockdevices, track secondaries as direct references, e.g. encrypted
`STATE` partition might have secondary `vda5`.
For disks, re-map secondaries to be whole devices names, e.g. `vda`.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Rewrite matcher to take out old go-blockdevice library out of the way,
implementing translation from go-blockdevice format to CEL.
Implement facilities to build CEL expressions programmatically.
Now we can add a machine config disk match expression (CEL) easily.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Adds a missing `--talosconfig` parameter. Without it, talosctl would
connect to a local cluster which could confuse users following the
guide.
Signed-off-by: Variant9 <13605369+holly-hacker@users.noreply.github.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Save `support.zip` always, also use a different folder for saving logs,
so we can save artifacts of multi cluster tests.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Dashboard now shows the active frequency of each CPU core when cpufreq
is available on non-virtualized systems, enhancing real-time accuracy.
Solves the issue of displaying 0MHz on certain SBCs due to
/proc/cpuinfo limitations.
Signed-off-by: Nico Berlee <nico.berlee@on2it.net>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The resource in the examples had been retired a while ago, update docs
accordingly.
Fixes#9651
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#9607
Use docker CLI syntax, support any kind of mounts supported by docker
CLI.
Also drop modules from `talos` container image, as it's useless to
provide modules in container mode.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
