mirror of
https://github.com/siderolabs/talos.git
synced 2025-10-28 06:51:34 +01:00
ce63abb219
Talos now supports new type of encryption keys which rely on Sealing/Unsealing randomly generated bytes with a KMS server:
```
systemDiskEncryption:
ephemeral:
keys:
- kms:
endpoint: https://1.2.3.4:443
slot: 0
```
gRPC API definitions and a simple reference implementation of the KMS server can be found in this
[repository](https://github.com/siderolabs/kms-client/blob/main/cmd/kms-server/main.go).
Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
88 lines
2.1 KiB
Protocol Buffer
Executable File
88 lines
2.1 KiB
Protocol Buffer
Executable File
syntax = "proto3";
|
|
|
|
package talos.resource.definitions.runtime;
|
|
|
|
option go_package = "github.com/siderolabs/talos/pkg/machinery/api/resource/definitions/runtime";
|
|
|
|
import "common/common.proto";
|
|
import "resource/definitions/enums/enums.proto";
|
|
|
|
// DevicesStatusSpec is the spec for devices status.
|
|
message DevicesStatusSpec {
|
|
bool ready = 1;
|
|
}
|
|
|
|
// EventSinkConfigSpec describes configuration of Talos event log streaming.
|
|
message EventSinkConfigSpec {
|
|
string endpoint = 1;
|
|
}
|
|
|
|
// KernelModuleSpecSpec describes Linux kernel module to load.
|
|
message KernelModuleSpecSpec {
|
|
string name = 1;
|
|
repeated string parameters = 2;
|
|
}
|
|
|
|
// KernelParamSpecSpec describes status of the defined sysctls.
|
|
message KernelParamSpecSpec {
|
|
string value = 1;
|
|
bool ignore_errors = 2;
|
|
}
|
|
|
|
// KernelParamStatusSpec describes status of the defined sysctls.
|
|
message KernelParamStatusSpec {
|
|
string current = 1;
|
|
string default = 2;
|
|
bool unsupported = 3;
|
|
}
|
|
|
|
// KmsgLogConfigSpec describes configuration for kmsg log streaming.
|
|
message KmsgLogConfigSpec {
|
|
repeated common.URL destinations = 1;
|
|
}
|
|
|
|
// MachineStatusSpec describes status of the defined sysctls.
|
|
message MachineStatusSpec {
|
|
talos.resource.definitions.enums.RuntimeMachineStage stage = 1;
|
|
MachineStatusStatus status = 2;
|
|
}
|
|
|
|
// MachineStatusStatus describes machine current status at the stage.
|
|
message MachineStatusStatus {
|
|
bool ready = 1;
|
|
repeated UnmetCondition unmet_conditions = 2;
|
|
}
|
|
|
|
// MetaKeySpec describes status of the defined sysctls.
|
|
message MetaKeySpec {
|
|
string value = 1;
|
|
}
|
|
|
|
// MountStatusSpec describes status of the defined sysctls.
|
|
message MountStatusSpec {
|
|
string source = 1;
|
|
string target = 2;
|
|
string filesystem_type = 3;
|
|
repeated string options = 4;
|
|
bool encrypted = 5;
|
|
}
|
|
|
|
// PlatformMetadataSpec describes platform metadata properties.
|
|
message PlatformMetadataSpec {
|
|
string platform = 1;
|
|
string hostname = 2;
|
|
string region = 3;
|
|
string zone = 4;
|
|
string instance_type = 5;
|
|
string instance_id = 6;
|
|
string provider_id = 7;
|
|
bool spot = 8;
|
|
}
|
|
|
|
// UnmetCondition is a failure which prevents machine from being ready at the stage.
|
|
message UnmetCondition {
|
|
string name = 1;
|
|
string reason = 2;
|
|
}
|
|
|