mirror of
https://github.com/siderolabs/talos.git
synced 2025-10-02 11:11:12 +02:00
92314e47bf
This is mostly same as the way `apid` consumes certificates generated by `machined` via COSI API connection. Service `trustd` consumes two resources: * `secrets.Trustd` which contains `trustd` server TLS certificates and it gets refreshed as e.g. node IP changes * `secrets.OSRoot` which contains Talos API CA and join token This PR fixes an issue with `trustd` certs not always including all IPs of the node, as previously `trustd` certs will only capture addresses of the node at the moment of `trustd` startup. Another thing is that refactoring allows to dynamically change API CA and join token. This needs more work, but `trustd` should now pick up changes without any additional changes. Fixes #5863 Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>