When bootkube service fails, it can clean up manifests after itself, but
it only happens if we give it a chance to shut down cleanly. If boot
sequence times out, `machined` does emergency reboot and it doesn't let
`bootkube` do the cleanup.
So this fix has two paths:
* synchronize boot/bootstrap sequence timeouts with bootkube asset
timeout;
* cleanup bootkube-generated manifests and bootkube service startup.
Also logs errors on initial phases like `labelNodeAsMaster` to provide
some feedback on why boot is stuck.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
In order to perform upgrades the way we would like, it is important that
we avoid any bind mounts into containers. This change ensures that all
system services get their config via stdin.
Signed-off-by: Andrew Rynhard <andrew@rynhard.io>
Bootkube recover process (and `talosctl recover`) was actually
regenerating assets each time `recover` runs forcing control plane to be
at the state when cluster got created. This PR fixes that by running
recover process correctly.
Recovery via etcd was fixed to handle encrypted etcd data:
it follows the way `apiserver` handles encryption at rest, and as at
the moment AES CBC is the only supported encryption method, code simply
follows the same path.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This moves `pkg/config`, `pkg/client` and `pkg/constants`
under `pkg/machinery` umbrella.
And `pkg/machinery` is published as Go module inside Talos repository.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This makes `pkg/config` directly importable from other projects.
There should be no functional changes.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This moves to using a boolean value to determine if we need to
cleanup the manifests directory.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This moves `bootkube start` into container which runs pretty much like
any other Talos service.
This resolves issues with bootkube log and provides better isolation.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
