From e722721ca34f3bd2668d73e95a45f38aaf63da29 Mon Sep 17 00:00:00 2001 From: Rui Lopes Date: Sun, 21 Sep 2025 07:08:09 +0000 Subject: [PATCH] upgrade to talos 1.11.1 --- .terraform.lock.hcl | 34 +++++++++++++++++----------------- README.md | 4 ++-- cilium.tf | 2 +- do | 43 ++++++++++++++++++++++++++++++++++--------- providers.tf | 2 +- talos.tf | 26 +++++++++++++------------- variables.tf | 8 ++++---- 7 files changed, 72 insertions(+), 47 deletions(-) diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index c35795c..9896618 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -74,24 +74,24 @@ provider "registry.terraform.io/rgl/kustomizer" { } provider "registry.terraform.io/siderolabs/talos" { - version = "0.8.1" - constraints = "0.8.1" + version = "0.9.0" + constraints = "0.9.0" hashes = [ - "h1:rhNnAJ4MLaKZ5hNbdFzUJYxEFg0Es5+jg+WlzQ1D/g4=", - "zh:02aeea4001ea216d37fd948e0760971f2525d31609d75dd1a7871f483e43260d", - "zh:0bd6d2f9b6daf9cec0e20d1e22cad635983b5c071c106a3bec51be283c9fa254", + "h1:srV7rO0fGWWGUzYH0W7oIr2XHWCqL+LX83fOt3nQPa0=", "zh:0fa82a384b25a58b65523e0ea4768fa1212b1f5cfc0c9379d31162454fedcc9d", - "zh:290ced18cfa372681d53522b5ea6c392206e90181ef0884719768b3ef627d077", - "zh:3270a27a483d2be332915e339b910a4810fb16505e060fc4a988b0d653f06d90", - "zh:34f91c967ae25219abc81d21a477d3fc514c62a73084bfb9d3d2d1490e98070b", - "zh:46a0eb4397e97d9dc354087ce1b16ccdca3876b0e339d7ec1919002a43aa0a6d", - "zh:4d382770c97675c6b4355a91f50b38f9b6bd088707834c9efb308e608bbdae48", - "zh:6ec2828c419615cce850ba1eafffee2797cae62876999f3b0a163c17f579c97a", - "zh:9405b011c631d9fb001d8b96a1657e071181434960543e857fb14ec2230618b0", - "zh:a9a6f6824793e811ec52c0b1c4b8d19855c851120a91f7617ffa7e36aa65710a", - "zh:aa472818c7880c7cf19f5bd584dcf513a3daa2fe636d4af730b0bcf495eadebf", - "zh:cd6037f6267987fb606f98b1a425d71a1826289ac39e62973a45b60f0f37de06", - "zh:ddea6372fef17de6648018c4c64b87acecaba9f5443fcf46ff3d92c048605b30", - "zh:e367b0359c8b413f705ded1d0d7b4a3c09cee1bd0028337faa80a150b08b945a", + "zh:249ab08b810bb96ef7c35354a12622907df7cbda59c83ff314ee85e8b851128d", + "zh:4f284c21f0cb4b7012fdb231ebba4803e5c389f7ea380fb5958ebfa6b822d055", + "zh:6049f8d06bc92ab1a46d56c2b37799e6a1b7ce3c61905acf8f0c2009942be8ac", + "zh:7de5f0a6429c6856ade3c7e59d5041a7fe8e0010aea14a2074e91f8a526283ce", + "zh:9760420cf5feec0550556664962bc6f1af45115b9ea5bcbf47aa9bffd3dd4ac2", + "zh:9860272a9fbcea65393c478dc579ad2677a44338de24677702ce699a027801aa", + "zh:a60311a8bf267b18dcf1c8250f45e371b51c6aef086e037a3f9496602f190187", + "zh:b74c119b2a964cae8d17b5b5f14c8eecf44708e3817c1f65ac89b813856aed98", + "zh:bc33e14650052c246ac2e6492a0a24755d4e8d27cb7259e3996f07b0537f2c77", + "zh:c4bc2c65b3dcef2508c14dbbfc18937c5ede11670c02a644cbc28c83a57de92b", + "zh:c98bf4809220568d76ea2db232a88a60c29fd90d4c9e2f8c8a68cf91ceed066a", + "zh:de0179ee9c55bf36d3474049ceac3a105ed7bc1fb9c4787d4076c4b15d268b66", + "zh:e99e019d950131c2c4259c1cbca1d072cb813bdfdbbbf9359f5901d6b7542a0d", + "zh:feb941cc673692c6858f96590f3ca082683a62aa2d2842b9bfffcd327eb840d3", ] } diff --git a/README.md b/README.md index d54a1c1..7b4fb41 100644 --- a/README.md +++ b/README.md @@ -89,7 +89,7 @@ Install talosctl: ```bash # see https://github.com/siderolabs/talos/releases # renovate: datasource=github-releases depName=siderolabs/talos -talos_version='1.10.7' +talos_version='1.11.1' wget https://github.com/siderolabs/talos/releases/download/v$talos_version/talosctl-linux-amd64 sudo install talosctl-linux-amd64 /usr/local/bin/talosctl rm talosctl-linux-amd64 @@ -511,7 +511,7 @@ Update the talos extensions to match the talos version: Talos: ```bash -# see https://www.talos.dev/v1.10/advanced/troubleshooting-control-plane/ +# see https://www.talos.dev/v1.11/advanced/troubleshooting-control-plane/ talosctl -n $all support && rm -rf support && 7z x -osupport support.zip && code support talosctl -n $c0 service ext-qemu-guest-agent status talosctl -n $c0 service etcd status diff --git a/cilium.tf b/cilium.tf index 1491616..c826c9a 100644 --- a/cilium.tf +++ b/cilium.tf @@ -44,7 +44,7 @@ locals { cilium_external_lb_manifest = join("---\n", [for d in local.cilium_external_lb_manifests : yamlencode(d)]) } -// see https://www.talos.dev/v1.10/kubernetes-guides/network/deploying-cilium/#method-4-helm-manifests-inline-install +// see https://www.talos.dev/v1.11/kubernetes-guides/network/deploying-cilium/#method-4-helm-manifests-inline-install // see https://docs.cilium.io/en/stable/network/servicemesh/ingress/ // see https://docs.cilium.io/en/stable/gettingstarted/hubble_setup/ // see https://docs.cilium.io/en/stable/gettingstarted/hubble/ diff --git a/do b/do index 5aef852..90fa9d8 100755 --- a/do +++ b/do @@ -11,20 +11,20 @@ talos_image_builder="$(perl -e 'print ((`uname -r` =~ /^(\d+\.\d+)/ && $1 >= 6.1 # see https://github.com/siderolabs/talos/releases # renovate: datasource=github-releases depName=siderolabs/talos -talos_version="1.10.7" +talos_version="1.11.1" # see https://github.com/siderolabs/extensions/pkgs/container/qemu-guest-agent # see https://github.com/siderolabs/extensions/tree/main/guest-agents/qemu-guest-agent -talos_qemu_guest_agent_extension_tag="10.0.2@sha256:ce20e4459b26623e9dddba1be10097746b519c587614685bc4330aceee107c74" +talos_qemu_guest_agent_extension_tag="10.0.2@sha256:84b42d779721ddab71e0d5c12e10399d6bdd03af0aaa0dafd240e2724d724675" # see https://github.com/siderolabs/extensions/pkgs/container/drbd # see https://github.com/siderolabs/extensions/tree/main/storage/drbd # see https://github.com/LINBIT/drbd -talos_drbd_extension_tag="9.2.14-v1.10.7@sha256:1c54ef1d97d5eacb3de749aac198d5313cc3513ca348e994c6c080a3bf2440eb" +talos_drbd_extension_tag="9.2.14-v1.11.1@sha256:004b24fc5d3d41369a7f016d10e894436293d8478debfa769e204522e7cc0925" # see https://github.com/siderolabs/extensions/pkgs/container/spin # see https://github.com/siderolabs/extensions/tree/main/container-runtime/spin -talos_spin_extension_tag="v0.19.0@sha256:c88e8b1a6de4acd8d98f6aacc716c8e9aef3f7962d04893b49afc77d013b8ba2" +talos_spin_extension_tag="v0.20.0@sha256:ec5cd8479e9174105aac93bbda2b6ab3d7be91167e7dc13a1884246fd4efa315" # see https://github.com/piraeusdatastore/piraeus-operator/releases # renovate: datasource=github-releases depName=piraeusdatastore/piraeus-operator @@ -67,9 +67,9 @@ function update-talos-extensions { } function build_talos_image__imager { - # see https://www.talos.dev/v1.10/talos-guides/install/boot-assets/ - # see https://www.talos.dev/v1.10/advanced/metal-network-configuration/ - # see Profile type at https://github.com/siderolabs/talos/blob/v1.10.7/pkg/imager/profile/profile.go#L23-L46 + # see https://www.talos.dev/v1.11/talos-guides/install/boot-assets/ + # see https://www.talos.dev/v1.11/advanced/metal-network-configuration/ + # see Profile type at https://github.com/siderolabs/talos/blob/v1.11.1/pkg/imager/profile/profile.go#L23-L46 local talos_version_tag="v$talos_version" rm -rf tmp/talos mkdir -p tmp/talos @@ -110,7 +110,7 @@ EOF } function build_talos_image__image_factory { - # see https://www.talos.dev/v1.10/learn-more/image-factory/ + # see https://www.talos.dev/v1.11/learn-more/image-factory/ # see https://github.com/siderolabs/image-factory?tab=readme-ov-file#http-frontend-api local talos_version_tag="v$talos_version" rm -rf tmp/talos @@ -222,11 +222,36 @@ function piraeus-install { # see https://linbit.com/drbd-user-guide/linstor-guide-1_0-en/#ch-kubernetes # see 5.7.1. Available Parameters in a Storage Class at https://linbit.com/drbd-user-guide/linstor-guide-1_0-en/#s-kubernetes-sc-parameters # see https://linbit.com/drbd-user-guide/drbd-guide-9_0-en/ - # see https://www.talos.dev/v1.10/kubernetes-guides/configuration/storage/#piraeus--linstor + # see https://www.talos.dev/v1.11/kubernetes-guides/configuration/storage/#piraeus--linstor step 'piraeus install' kubectl apply --server-side -k "https://github.com/piraeusdatastore/piraeus-operator//config/default?ref=v$piraeus_operator_version" step 'piraeus wait' kubectl wait pod --timeout=15m --for=condition=Ready -n piraeus-datastore -l app.kubernetes.io/component=piraeus-operator + # wait until the webhook endpoint is available. + # NB this is required to workaround: + # Error from server (InternalError): error when creating "STDIN": Internal error occurred: failed calling webhook "vlinstorsatelliteconfiguration.kb.io": failed to call webhook: Post "https://piraeus-operator-webhook-service.piraeus-datastore.svc:443/validate-piraeus-io-v1-linstorsatelliteconfiguration?timeout=10s": dial tcp 10.97.116.20:443: connect: operation not permitted + while [ \ + "$( + kubectl \ + run \ + test-piraeus-webhook \ + --namespace piraeus-datastore \ + --restart Never \ + --rm \ + --wait \ + --stdin \ + --tty \ + --image alpine/curl:8.14.1 \ + -- \ + curl \ + --insecure \ + --silent \ + --fail-with-body \ + --header content-type:application/json \ + https://piraeus-operator-webhook-service.piraeus-datastore:443/validate-piraeus-io-v1-linstorsatelliteconfiguration?timeout=5s \ + | head -1 | jq .response.status.code + )" != "400" \ + ]; do sleep 5; done step 'piraeus configure' kubectl apply -n piraeus-datastore -f - <<'EOF' apiVersion: piraeus.io/v1 diff --git a/providers.tf b/providers.tf index e2c0e3f..441b1ce 100644 --- a/providers.tf +++ b/providers.tf @@ -18,7 +18,7 @@ terraform { # see https://github.com/siderolabs/terraform-provider-talos talos = { source = "siderolabs/talos" - version = "0.8.1" + version = "0.9.0" } # see https://registry.terraform.io/providers/hashicorp/helm # see https://github.com/hashicorp/terraform-provider-helm diff --git a/talos.tf b/talos.tf index 33c8431..cfbeb76 100644 --- a/talos.tf +++ b/talos.tf @@ -18,7 +18,7 @@ locals { # talos image, which is created in the installed state. #install = {} features = { - # see https://www.talos.dev/v1.10/kubernetes-guides/configuration/kubeprism/ + # see https://www.talos.dev/v1.11/kubernetes-guides/configuration/kubeprism/ # see talosctl -n $c0 read /etc/kubernetes/kubeconfig-kubelet | yq .clusters[].cluster.server # NB if you use a non-default CNI, you must configure it to use the # https://localhost:7445 kube-apiserver endpoint. @@ -26,7 +26,7 @@ locals { enabled = true port = 7445 } - # see https://www.talos.dev/v1.10/talos-guides/network/host-dns/ + # see https://www.talos.dev/v1.11/talos-guides/network/host-dns/ hostDNS = { enabled = true forwardKubeDNSToHost = true @@ -82,8 +82,8 @@ locals { # from https://discovery.talos.dev/ (or a custom and paid one running # locally in your network). # NB without this, talosctl get members, always returns an empty set. - # see https://www.talos.dev/v1.10/talos-guides/discovery/ - # see https://www.talos.dev/v1.10/reference/configuration/v1alpha1/config/#Config.cluster.discovery + # see https://www.talos.dev/v1.11/talos-guides/discovery/ + # see https://www.talos.dev/v1.11/reference/configuration/v1alpha1/config/#Config.cluster.discovery # see https://github.com/siderolabs/talos/issues/9980 # see https://github.com/siderolabs/talos/commit/c12b52491456d1e52204eb290d0686a317358c7c discovery = { @@ -109,12 +109,12 @@ locals { } } -// see https://registry.terraform.io/providers/siderolabs/talos/0.8.1/docs/resources/machine_secrets +// see https://registry.terraform.io/providers/siderolabs/talos/0.9.0/docs/resources/machine_secrets resource "talos_machine_secrets" "talos" { talos_version = "v${var.talos_version}" } -// see https://registry.terraform.io/providers/siderolabs/talos/0.8.1/docs/data-sources/machine_configuration +// see https://registry.terraform.io/providers/siderolabs/talos/0.9.0/docs/data-sources/machine_configuration data "talos_machine_configuration" "controller" { cluster_name = var.cluster_name cluster_endpoint = var.cluster_endpoint @@ -130,7 +130,7 @@ data "talos_machine_configuration" "controller" { machine = { network = { interfaces = [ - # see https://www.talos.dev/v1.10/talos-guides/network/vip/ + # see https://www.talos.dev/v1.11/talos-guides/network/vip/ { interface = "eth0" dhcp = true @@ -212,7 +212,7 @@ data "talos_machine_configuration" "controller" { ] } -// see https://registry.terraform.io/providers/siderolabs/talos/0.8.1/docs/data-sources/machine_configuration +// see https://registry.terraform.io/providers/siderolabs/talos/0.9.0/docs/data-sources/machine_configuration data "talos_machine_configuration" "worker" { cluster_name = var.cluster_name cluster_endpoint = var.cluster_endpoint @@ -227,14 +227,14 @@ data "talos_machine_configuration" "worker" { ] } -// see https://registry.terraform.io/providers/siderolabs/talos/0.8.1/docs/data-sources/client_configuration +// see https://registry.terraform.io/providers/siderolabs/talos/0.9.0/docs/data-sources/client_configuration data "talos_client_configuration" "talos" { cluster_name = var.cluster_name client_configuration = talos_machine_secrets.talos.client_configuration endpoints = [for node in local.controller_nodes : node.address] } -// see https://registry.terraform.io/providers/siderolabs/talos/0.8.1/docs/resources/cluster_kubeconfig +// see https://registry.terraform.io/providers/siderolabs/talos/0.9.0/docs/resources/cluster_kubeconfig resource "talos_cluster_kubeconfig" "talos" { client_configuration = talos_machine_secrets.talos.client_configuration endpoint = local.controller_nodes[0].address @@ -244,7 +244,7 @@ resource "talos_cluster_kubeconfig" "talos" { ] } -// see https://registry.terraform.io/providers/siderolabs/talos/0.8.1/docs/resources/machine_configuration_apply +// see https://registry.terraform.io/providers/siderolabs/talos/0.9.0/docs/resources/machine_configuration_apply resource "talos_machine_configuration_apply" "controller" { count = var.controller_count client_configuration = talos_machine_secrets.talos.client_configuration @@ -265,7 +265,7 @@ resource "talos_machine_configuration_apply" "controller" { ] } -// see https://registry.terraform.io/providers/siderolabs/talos/0.8.1/docs/resources/machine_configuration_apply +// see https://registry.terraform.io/providers/siderolabs/talos/0.9.0/docs/resources/machine_configuration_apply resource "talos_machine_configuration_apply" "worker" { count = var.worker_count client_configuration = talos_machine_secrets.talos.client_configuration @@ -286,7 +286,7 @@ resource "talos_machine_configuration_apply" "worker" { ] } -// see https://registry.terraform.io/providers/siderolabs/talos/0.8.1/docs/resources/machine_bootstrap +// see https://registry.terraform.io/providers/siderolabs/talos/0.9.0/docs/resources/machine_bootstrap resource "talos_machine_bootstrap" "talos" { client_configuration = talos_machine_secrets.talos.client_configuration endpoint = local.controller_nodes[0].address diff --git a/variables.tf b/variables.tf index 86c392f..7b4abcc 100644 --- a/variables.tf +++ b/variables.tf @@ -1,9 +1,9 @@ # see https://github.com/siderolabs/talos/releases -# see https://www.talos.dev/v1.10/introduction/support-matrix/ +# see https://www.talos.dev/v1.11/introduction/support-matrix/ variable "talos_version" { type = string # renovate: datasource=github-releases depName=siderolabs/talos - default = "1.10.7" + default = "1.11.1" validation { condition = can(regex("^\\d+(\\.\\d+)+", var.talos_version)) error_message = "Must be a version number." @@ -11,7 +11,7 @@ variable "talos_version" { } # see https://github.com/siderolabs/kubelet/pkgs/container/kubelet -# see https://www.talos.dev/v1.10/introduction/support-matrix/ +# see https://www.talos.dev/v1.11/introduction/support-matrix/ variable "kubernetes_version" { type = string # renovate: datasource=github-releases depName=siderolabs/kubelet @@ -102,7 +102,7 @@ variable "worker_count" { variable "talos_libvirt_base_volume_name" { type = string - default = "talos-1.10.7.qcow2" + default = "talos-1.11.1.qcow2" validation { condition = can(regex(".+\\.qcow2+$", var.talos_libvirt_base_volume_name)) error_message = "Must be a name with a .qcow2 extension."