The new command `talosctl cgroups` fetches cgroups snapshot from the
machine, parses it fully, enhances with additional information (e.g.
resolves pod names), and presents a customizable view of cgroups
configuration (e.g. limits) and current consumption.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This is to suppress warnings on failure to load plugins, which were
harmless, but confusing.
Fixes#9393
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Update tools, pkgs, extras.
Brings in Go 1.23.1, Linux 6.6.52, new xfsprogs, etc.
Fork docs.
Add new version contract, etc.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
We do it for Talos itself to minimize the memory footprint and binary
size for the `dashboard` when part of Talos, while for `talosctl` we
want to have better support of various terminals.
Fixes#9377
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes: #7081
Review all reservations and limits set, test under stress load (using
both memory and CPU).
The goal: system components (Talos itself) and runtime (kubelet, CRI)
should survive under extreme resource starvation (workloads consuming
all CPU/memory).
Uses #9337 to visualize changes, but doesn't depend on it.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This is specifically for the glibc extension to support nvidia container
toolkit.
Signed-off-by: Jean-Francois Roy <jf@devklog.net>
Signed-off-by: Noel Georgi <git@frezbo.dev>
Document security vulnerability reporting process.
Minor fixes in other docs, and add OpenSSF badge.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
When a map key is deleted, it should be deleted as a whole.
Before the fix it was zeroing out map value by key.
Fixes#9325
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Run SideroLink API server via TLS with self-signed certificate, inject
that certificate into Talos via `talos.config.inline=`.
Fix a couple of place where our special TLS root CA provider supporting
reloading on the fly was not used.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Due to the bug introduced when refactoring for PTP devices, invalid NTP
responses (including for example NTP kiss of death), were incorrectly
handled when only a single NTP server was used.
The error was logged, but the response was used to adjust the time which
leads to unexpected time jumps.
Properly ignore any invalid NTP response.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The fix in #9233 wasn't correct, as it was looking for number of
replicas in a "random" ReplicaSet. If the deployment has multiple
replica sets, it leads to unexpected results.
Instead, read the Deployment resource directly.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
`List` returns a sorted (by id) list of resources. This doesn't work when the order of dns upstreams is important. Because of that
add an `Idx` field to the "DNSUpstreams.net.talos.dev" resource, so we can preserve order.
Fixes#9274
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
In the status controller, there was a wrong method to parse the endpoint
which doesn't account for all supported formats.
Use already parsed version in the config resource instead.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
We should ignore this, it's a totally an optional feature used in
containers (Talos on its own kernel has ethtool-netlink).
Fixes#9296
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The initramfs unarchive won't work as it's extension is `xz` while the
actual compression is `zst`.
Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
Otherwise the internal code might assume that the service is still
running and healthy, never issuing a health change event.
Fixes#9271
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add support for uploading images to GCP in cloud image uploader.
GCP is not enabled by default since it's going to be used for e2e-tests
for now.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Move META constants out to machinery, and fix up imports. The internal
`pkg/meta` package shold not be consumed in public-facing commands.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
