mirror of
https://github.com/outbackdingo/cozystack.git
synced 2026-01-28 18:18:41 +00:00
Compare commits
4 Commits
v0.21.0
...
secureboot
| Author | SHA1 | Date | |
|---|---|---|---|
|
942b636f68 | ||
|
|
c6edf6cb9e | ||
|
|
b6e27cb3dc | ||
|
|
f1e11451fa |
@@ -113,8 +113,6 @@ machine:
|
||||
- usermode_helper=disabled
|
||||
- name: zfs
|
||||
- name: spl
|
||||
install:
|
||||
image: ghcr.io/aenix-io/cozystack/talos:v1.8.4
|
||||
files:
|
||||
- content: |
|
||||
[plugins]
|
||||
@@ -142,6 +140,9 @@ EOT
|
||||
|
||||
cat > patch-controlplane.yaml <<\EOT
|
||||
machine:
|
||||
nodeLabels:
|
||||
node.kubernetes.io/exclude-from-external-load-balancers:
|
||||
$patch: delete
|
||||
network:
|
||||
interfaces:
|
||||
- interface: eth0
|
||||
|
||||
@@ -4,4 +4,4 @@ description: Separated tenant namespace
|
||||
icon: /logos/tenant.svg
|
||||
|
||||
type: application
|
||||
version: 1.6.4
|
||||
version: 1.6.5
|
||||
|
||||
@@ -31,6 +31,9 @@ rules:
|
||||
- apiGroups: ["rbac.authorization.k8s.io"]
|
||||
resources: ["roles"]
|
||||
verbs: ["get"]
|
||||
- apiGroups: ["apps.cozystack.io"]
|
||||
resources: ['*']
|
||||
verbs: ['*']
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
|
||||
@@ -94,7 +94,8 @@ tenant 1.6.0 df448b99
|
||||
tenant 1.6.1 edbbb9be
|
||||
tenant 1.6.2 ccedc5fe
|
||||
tenant 1.6.3 2057bb96
|
||||
tenant 1.6.4 HEAD
|
||||
tenant 1.6.4 3c9e50a4
|
||||
tenant 1.6.5 HEAD
|
||||
virtual-machine 0.1.4 f2015d6
|
||||
virtual-machine 0.1.5 7cd7de7
|
||||
virtual-machine 0.2.0 5ca8823
|
||||
|
||||
@@ -38,8 +38,8 @@ image-cozystack:
|
||||
rm -f images/cozystack.json
|
||||
|
||||
image-talos:
|
||||
test -f ../../../_out/assets/installer-amd64.tar || make talos-installer
|
||||
docker load -i ../../../_out/assets/installer-amd64.tar
|
||||
test -f ../../../_out/assets/installer-amd64-secureboot.tar || make talos-installer
|
||||
docker load -i ../../../_out/assets/installer-amd64-secureboot.tar
|
||||
docker tag ghcr.io/siderolabs/installer:$(TALOS_VERSION) $(REGISTRY)/talos:$(call settag,$(TALOS_VERSION))
|
||||
docker push $(REGISTRY)/talos:$(call settag,$(TALOS_VERSION))
|
||||
|
||||
@@ -59,8 +59,17 @@ image-matchbox:
|
||||
|
||||
assets: talos-iso talos-nocloud talos-metal
|
||||
|
||||
talos-initramfs talos-kernel talos-installer talos-iso talos-nocloud talos-metal:
|
||||
talos-initramfs talos-kernel talos-installer talos-iso talos-nocloud talos-metal: secureboot-keys
|
||||
mkdir -p ../../../_out/assets
|
||||
docker rm -f talos-imager 2>/dev/null || true
|
||||
docker run -d --rm --name talos-imager --privileged -v /dev:/dev --entrypoint=/bin/sleep "ghcr.io/siderolabs/imager:$(TALOS_VERSION)" infinity
|
||||
docker cp ../../../_out/secureboot talos-imager:/secureboot && \
|
||||
cat images/talos/profiles/$(subst talos-,,$@).yaml | \
|
||||
docker run --rm -i -v /dev:/dev --privileged "ghcr.io/siderolabs/imager:$(TALOS_VERSION)" --tar-to-stdout - | \
|
||||
tar -C ../../../_out/assets -xzf-
|
||||
docker exec -i talos-imager /bin/imager --tar-to-stdout - | \
|
||||
tar -C ../../../_out/assets -xzf- ; \
|
||||
docker rm -f talos-imager
|
||||
|
||||
secureboot-keys:
|
||||
test -d ../../../_out/secureboot || ( \
|
||||
talosctl gen secureboot uki --common-name "SecureBoot Key" -o ../../../_out/secureboot/ && \
|
||||
talosctl gen secureboot pcr -o ../../../_out/secureboot/ )
|
||||
|
||||
@@ -3,14 +3,14 @@
|
||||
arch: amd64
|
||||
platform: metal
|
||||
secureboot: false
|
||||
version: v1.8.4
|
||||
version: v1.9.1
|
||||
input:
|
||||
kernel:
|
||||
path: /usr/install/amd64/vmlinuz
|
||||
initramfs:
|
||||
path: /usr/install/amd64/initramfs.xz
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.8.4
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.1
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241210
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
|
||||
@@ -19,8 +19,8 @@ input:
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20241112
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.1
|
||||
- imageRef: ghcr.io/kvaps/talos/zfs:2.2.7-v1.9.1-2-gc043c0a
|
||||
output:
|
||||
kind: initramfs
|
||||
imageOptions: {}
|
||||
|
||||
@@ -2,15 +2,15 @@
|
||||
# do not edit it
|
||||
arch: amd64
|
||||
platform: metal
|
||||
secureboot: false
|
||||
version: v1.8.4
|
||||
version: v1.9.1
|
||||
secureboot: true
|
||||
input:
|
||||
kernel:
|
||||
path: /usr/install/amd64/vmlinuz
|
||||
initramfs:
|
||||
path: /usr/install/amd64/initramfs.xz
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.8.4
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.1
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241210
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
|
||||
@@ -19,9 +19,12 @@ input:
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20241112
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.1
|
||||
- imageRef: ghcr.io/kvaps/talos/zfs:2.2.7-v1.9.1-2-gc043c0a
|
||||
output:
|
||||
kind: installer
|
||||
imageOptions: {}
|
||||
outFormat: raw
|
||||
customization:
|
||||
extraKernelArgs:
|
||||
- -selinux
|
||||
|
||||
@@ -3,14 +3,14 @@
|
||||
arch: amd64
|
||||
platform: metal
|
||||
secureboot: false
|
||||
version: v1.8.4
|
||||
version: v1.9.1
|
||||
input:
|
||||
kernel:
|
||||
path: /usr/install/amd64/vmlinuz
|
||||
initramfs:
|
||||
path: /usr/install/amd64/initramfs.xz
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.8.4
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.1
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241210
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
|
||||
@@ -19,8 +19,8 @@ input:
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20241112
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.1
|
||||
- imageRef: ghcr.io/kvaps/talos/zfs:2.2.7-v1.9.1-2-gc043c0a
|
||||
output:
|
||||
kind: iso
|
||||
imageOptions: {}
|
||||
|
||||
@@ -3,14 +3,14 @@
|
||||
arch: amd64
|
||||
platform: metal
|
||||
secureboot: false
|
||||
version: v1.8.4
|
||||
version: v1.9.1
|
||||
input:
|
||||
kernel:
|
||||
path: /usr/install/amd64/vmlinuz
|
||||
initramfs:
|
||||
path: /usr/install/amd64/initramfs.xz
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.8.4
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.1
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241210
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
|
||||
@@ -19,8 +19,8 @@ input:
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20241112
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.1
|
||||
- imageRef: ghcr.io/kvaps/talos/zfs:2.2.7-v1.9.1-2-gc043c0a
|
||||
output:
|
||||
kind: kernel
|
||||
imageOptions: {}
|
||||
|
||||
@@ -3,14 +3,14 @@
|
||||
arch: amd64
|
||||
platform: metal
|
||||
secureboot: false
|
||||
version: v1.8.4
|
||||
version: v1.9.1
|
||||
input:
|
||||
kernel:
|
||||
path: /usr/install/amd64/vmlinuz
|
||||
initramfs:
|
||||
path: /usr/install/amd64/initramfs.xz
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.8.4
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.1
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241210
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
|
||||
@@ -19,8 +19,8 @@ input:
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20241112
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.1
|
||||
- imageRef: ghcr.io/kvaps/talos/zfs:2.2.7-v1.9.1-2-gc043c0a
|
||||
output:
|
||||
kind: image
|
||||
imageOptions: { diskSize: 1306525696, diskFormat: raw }
|
||||
|
||||
@@ -3,14 +3,14 @@
|
||||
arch: amd64
|
||||
platform: nocloud
|
||||
secureboot: false
|
||||
version: v1.8.4
|
||||
version: v1.9.1
|
||||
input:
|
||||
kernel:
|
||||
path: /usr/install/amd64/vmlinuz
|
||||
initramfs:
|
||||
path: /usr/install/amd64/initramfs.xz
|
||||
baseInstaller:
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.8.4
|
||||
imageRef: ghcr.io/siderolabs/installer:v1.9.1
|
||||
systemExtensions:
|
||||
- imageRef: ghcr.io/siderolabs/amd-ucode:20241210
|
||||
- imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
|
||||
@@ -19,8 +19,8 @@ input:
|
||||
- imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/intel-ucode:20241112
|
||||
- imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
|
||||
- imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
|
||||
- imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.1
|
||||
- imageRef: ghcr.io/kvaps/talos/zfs:2.2.7-v1.9.1-2-gc043c0a
|
||||
output:
|
||||
kind: image
|
||||
imageOptions: { diskSize: 1306525696, diskFormat: raw }
|
||||
|
||||
Reference in New Issue
Block a user