siderolabs · talos-bot · Dec 26, 2024 · Dec 18, 2024 · Dec 19, 2024 · Dec 19, 2024
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -1,6 +1,6 @@
 {
     "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-    "description": "THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.\n\nGenerated on 2024-12-16T18:02:24Z by kres 318187b.\n\n",
+    "description": "THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.",
     "prHeader": "Update Request | Renovate Bot",
     "extends": [
         ":dependencyDashboard",

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-12-17T10:40:00Z by kres 318187b.
+# Generated on 2024-12-26T12:26:49Z by kres fcff05e.
 
 name: default
 concurrency:
@@ -2190,6 +2190,16 @@ jobs:
           VIA_MAINTENANCE_MODE: "true"
         run: |
           sudo -E make e2e-qemu
+      - name: e2e-min-requirements
+        env:
+          GITHUB_STEP_NAME: ${{ github.job}}-e2e-min-requirements
+          IMAGE_REGISTRY: registry.dev.siderolabs.io
+          QEMU_MEMORY_CONTROLPLANES: "2048"
+          QEMU_MEMORY_WORKERS: "1024"
+          QEMU_SYSTEM_DISK_SIZE: "10240"
+          SHORT_INTEGRATION_TEST: "yes"
+        run: |
+          sudo -E make e2e-qemu
       - name: save artifacts
         if: always()
         uses: actions/upload-artifact@v4
@@ -3350,6 +3360,8 @@ jobs:
           QEMU_EXTRA_DISKS: "3"
           QEMU_EXTRA_DISKS_DRIVERS: ide,nvme
           QEMU_EXTRA_DISKS_SIZE: "10240"
+          QEMU_MEMORY_CONTROLPLANES: "4096"
+          QEMU_MEMORY_WORKERS: "4096"
           TAG_SUFFIX: -race
           WITH_CONFIG_PATCH_WORKER: '@hack/test/patches/ephemeral-nvme.yaml:@hack/test/patches/dm-raid-module.yaml'
         run: |

diff --git a/.github/workflows/integration-misc-1-cron.yaml b/.github/workflows/integration-misc-1-cron.yaml
@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-11-28T13:53:18Z by kres 232fe63.
+# Generated on 2024-12-24T15:00:58Z by kres fcff05e.
 
 name: integration-misc-1-cron
 concurrency:
@@ -104,6 +104,16 @@ jobs:
           VIA_MAINTENANCE_MODE: "true"
         run: |
           sudo -E make e2e-qemu
+      - name: e2e-min-requirements
+        env:
+          GITHUB_STEP_NAME: ${{ github.job}}-e2e-min-requirements
+          IMAGE_REGISTRY: registry.dev.siderolabs.io
+          QEMU_MEMORY_CONTROLPLANES: "2048"
+          QEMU_MEMORY_WORKERS: "1024"
+          QEMU_SYSTEM_DISK_SIZE: "10240"
+          SHORT_INTEGRATION_TEST: "yes"
+        run: |
+          sudo -E make e2e-qemu
       - name: save artifacts
         if: always()
         uses: actions/upload-artifact@v4

diff --git a/.github/workflows/integration-qemu-race-cron.yaml b/.github/workflows/integration-qemu-race-cron.yaml
@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-11-28T13:53:18Z by kres 232fe63.
+# Generated on 2024-12-25T15:13:54Z by kres fcff05e.
 
 name: integration-qemu-race-cron
 concurrency:
@@ -94,6 +94,8 @@ jobs:
           QEMU_EXTRA_DISKS: "3"
           QEMU_EXTRA_DISKS_DRIVERS: ide,nvme
           QEMU_EXTRA_DISKS_SIZE: "10240"
+          QEMU_MEMORY_CONTROLPLANES: "4096"
+          QEMU_MEMORY_WORKERS: "4096"
           TAG_SUFFIX: -race
           WITH_CONFIG_PATCH_WORKER: '@hack/test/patches/ephemeral-nvme.yaml:@hack/test/patches/dm-raid-module.yaml'
         run: |

diff --git a/.kres.yaml b/.kres.yaml
@@ -756,6 +756,16 @@ spec:
             VIA_MAINTENANCE_MODE: true
             DISABLE_DHCP_HOSTNAME: true
             IMAGE_REGISTRY: registry.dev.siderolabs.io
+        - name: e2e-min-requirements
+          command: e2e-qemu
+          withSudo: true
+          environment:
+            GITHUB_STEP_NAME: ${{ github.job}}-e2e-min-requirements
+            SHORT_INTEGRATION_TEST: yes
+            QEMU_MEMORY_WORKERS: 1024
+            QEMU_MEMORY_CONTROLPLANES: 2048
+            QEMU_SYSTEM_DISK_SIZE: 10240
+            IMAGE_REGISTRY: registry.dev.siderolabs.io
         - name: save-talos-logs
           conditions:
             - always
@@ -1267,6 +1277,8 @@ spec:
             QEMU_EXTRA_DISKS_SIZE: "10240"
             QEMU_EXTRA_DISKS_DRIVERS: "ide,nvme"
             WITH_CONFIG_PATCH_WORKER: "@hack/test/patches/ephemeral-nvme.yaml:@hack/test/patches/dm-raid-module.yaml"
+            QEMU_MEMORY_CONTROLPLANES: 4096 # race-enabled Talos consumes lots of RAM
+            QEMU_MEMORY_WORKERS: 4096
             TAG_SUFFIX: -race
             IMAGE_REGISTRY: registry.dev.siderolabs.io
         - name: save-talos-logs

diff --git a/Dockerfile b/Dockerfile
@@ -732,7 +732,7 @@ COPY ./hack/cleanup.sh /toolchain/bin/cleanup.sh
 RUN <<END
     cleanup.sh /rootfs
     mkdir -pv /rootfs/{boot/EFI,etc/cri/conf.d/hosts,lib/firmware,usr/etc,usr/local/share,usr/share/zoneinfo/Etc,mnt,system,opt,.extra}
-    mkdir -pv /rootfs/{etc/kubernetes/manifests,etc/cni/net.d,etc/ssl/certs,usr/libexec/kubernetes,/usr/local/lib/kubelet/credentialproviders}
+    mkdir -pv /rootfs/{etc/kubernetes/manifests,etc/cni/net.d,etc/ssl/certs,usr/libexec/kubernetes,/usr/local/lib/kubelet/credentialproviders,etc/selinux/targeted/contexts/files}
     mkdir -pv /rootfs/opt/{containerd/bin,containerd/lib}
 END
 COPY --chmod=0644 hack/zoneinfo/Etc/UTC /rootfs/usr/share/zoneinfo/Etc/UTC
@@ -745,7 +745,7 @@ COPY --chmod=0644 hack/udevd/90-selinux.rules /rootfs/usr/lib/udev/rules.d/
 COPY --chmod=0644 hack/lvm.conf /rootfs/etc/lvm/lvm.conf
 RUN <<END
     ln -s /usr/share/zoneinfo/Etc/UTC /rootfs/etc/localtime
-    touch /rootfs/etc/{extensions.yaml,resolv.conf,hosts,os-release,machine-id,cri/conf.d/cri.toml,cri/conf.d/01-registries.part,cri/conf.d/20-customization.part,cri/conf.d/base-spec.json,ssl/certs/ca-certificates}
+    touch /rootfs/etc/{extensions.yaml,resolv.conf,hosts,os-release,machine-id,cri/conf.d/cri.toml,cri/conf.d/01-registries.part,cri/conf.d/20-customization.part,cri/conf.d/base-spec.json,ssl/certs/ca-certificates,selinux/targeted/contexts/files/file_contexts}
     ln -s ca-certificates /rootfs/etc/ssl/certs/ca-certificates.crt
     ln -s /etc/ssl /rootfs/etc/pki
     ln -s /etc/ssl /rootfs/usr/share/ca-certificates
@@ -808,7 +808,7 @@ COPY ./hack/cleanup.sh /toolchain/bin/cleanup.sh
 RUN <<END
     cleanup.sh /rootfs
     mkdir -pv /rootfs/{boot/EFI,etc/cri/conf.d/hosts,lib/firmware,usr/etc,usr/local/share,usr/share/zoneinfo/Etc,mnt,system,opt,.extra}
-    mkdir -pv /rootfs/{etc/kubernetes/manifests,etc/cni/net.d,etc/ssl/certs,usr/libexec/kubernetes,/usr/local/lib/kubelet/credentialproviders}
+    mkdir -pv /rootfs/{etc/kubernetes/manifests,etc/cni/net.d,etc/ssl/certs,usr/libexec/kubernetes,/usr/local/lib/kubelet/credentialproviders,etc/selinux/targeted/contexts/files}
     mkdir -pv /rootfs/opt/{containerd/bin,containerd/lib}
 END
 COPY --chmod=0644 hack/zoneinfo/Etc/UTC /rootfs/usr/share/zoneinfo/Etc/UTC
@@ -821,7 +821,7 @@ COPY --chmod=0644 hack/udevd/90-selinux.rules /rootfs/usr/lib/udev/rules.d/
 COPY --chmod=0644 hack/lvm.conf /rootfs/etc/lvm/lvm.conf
 RUN <<END
     ln -s /usr/share/zoneinfo/Etc/UTC /rootfs/etc/localtime
-    touch /rootfs/etc/{extensions.yaml,resolv.conf,hosts,os-release,machine-id,cri/conf.d/cri.toml,cri/conf.d/01-registries.part,cri/conf.d/20-customization.part,cri/conf.d/base-spec.json,ssl/certs/ca-certificates}
+    touch /rootfs/etc/{extensions.yaml,resolv.conf,hosts,os-release,machine-id,cri/conf.d/cri.toml,cri/conf.d/01-registries.part,cri/conf.d/20-customization.part,cri/conf.d/base-spec.json,ssl/certs/ca-certificates,selinux/targeted/contexts/files/file_contexts}
     ln -s /etc/ssl /rootfs/etc/pki
     ln -s ca-certificates /rootfs/etc/ssl/certs/ca-certificates.crt
     ln -s /etc/ssl /rootfs/usr/share/ca-certificates
@@ -942,25 +942,9 @@ FROM install-artifacts-${INSTALLER_ARCH} AS install-artifacts
 FROM alpine:3.20.3 AS installer-image
 ARG SOURCE_DATE_EPOCH
 ENV SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH}
+ARG INSTALLER_PKGS
 RUN apk add --no-cache --update --no-scripts \
-    bash \
-    binutils-aarch64 \
-    binutils-x86_64 \
-    cpio \
-    dosfstools \
-    e2fsprogs \
-    efibootmgr \
-    kmod \
-    mtools \
-    pigz \
-    qemu-img \
-    squashfs-tools \
-    tar \
-    util-linux \
-    xfsprogs \
-    xorriso \
-    xz \
-    zstd
+    ${INSTALLER_PKGS}
 ARG TARGETARCH
 ENV TARGETARCH=${TARGETARCH}
 COPY --from=installer-build /installer /bin/installer

diff --git a/Makefile b/Makefile
@@ -22,7 +22,7 @@ TOOLS ?= ghcr.io/siderolabs/tools:v1.9.0-1-geaad82f
 DEBUG_TOOLS_SOURCE := scratch
 
 PKGS_PREFIX ?= ghcr.io/siderolabs
-PKGS ?= v1.9.0-12-g9576b97
+PKGS ?= v1.9.0-15-g45c4ba4
 EXTRAS ?= v1.9.0
 
 KRES_IMAGE ?= ghcr.io/siderolabs/kres:latest
@@ -125,8 +125,32 @@ TESTPKGS ?= github.com/siderolabs/talos/...
 RELEASES ?= v1.7.7 v1.8.1
 SHORT_INTEGRATION_TEST ?=
 CUSTOM_CNI_URL ?=
+
 INSTALLER_ARCH ?= all
+INSTALLER_ONLY_PKGS ?= \
+    bash \
+    cpio \
+    efibootmgr \
+    kmod \
+    squashfs-tools \
+    xfsprogs \
+    xz \
+    zstd
+
+IMAGER_EXTRA_PKGS ?= \
+    binutils-aarch64 \
+    binutils-x86_64 \
+    dosfstools \
+    e2fsprogs \
+    mtools \
+    pigz \
+    qemu-img \
+    tar \
+    xorriso
+
+INSTALLER_PKGS ?= $(INSTALLER_ONLY_PKGS) $(IMAGER_EXTRA_PKGS)
 IMAGER_ARGS ?=
+
 MORE_IMAGES ?=
 
 CGO_ENABLED ?= 0
@@ -195,6 +219,7 @@ COMMON_ARGS += --build-arg=SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH)
 COMMON_ARGS += --build-arg=ARTIFACTS=$(ARTIFACTS)
 COMMON_ARGS += --build-arg=TESTPKGS=$(TESTPKGS)
 COMMON_ARGS += --build-arg=INSTALLER_ARCH=$(INSTALLER_ARCH)
+COMMON_ARGS += --build-arg=INSTALLER_PKGS="$(INSTALLER_PKGS)"
 COMMON_ARGS += --build-arg=CGO_ENABLED=$(CGO_ENABLED)
 COMMON_ARGS += --build-arg=GO_BUILDFLAGS="$(GO_BUILDFLAGS)"
 COMMON_ARGS += --build-arg=GO_BUILDFLAGS_TALOSCTL="$(GO_BUILDFLAGS_TALOSCTL)"
@@ -369,7 +394,7 @@ sd-stub: ## Outputs the systemd-stub to the artifact directory.
 
 .PHONY: installer
 installer: ## Builds the container image for the installer and outputs it to the registry.
-	@INSTALLER_ARCH=targetarch  \
+	@INSTALLER_ARCH=targetarch INSTALLER_PKGS="$(INSTALLER_ONLY_PKGS)" \
 		$(MAKE) registry-$@
 
 .PHONY: imager

diff --git a/cmd/talosctl/cmd/talos/bootstrap.go b/cmd/talosctl/cmd/talos/bootstrap.go
@@ -28,9 +28,9 @@ var bootstrapCmd = &cobra.Command{
 	Use:   "bootstrap",
 	Short: "Bootstrap the etcd cluster on the specified node.",
 	Long: `When Talos cluster is created etcd service on control plane nodes enter the join loop waiting
-to join etcd peers from other control plane nodes. One node should be picked as the boostrap node.
-When boostrap command is issued, the node aborts join process and bootstraps etcd cluster as a single node cluster.
-Other control plane nodes will join etcd cluster once Kubernetes is boostrapped on the bootstrap node.
+to join etcd peers from other control plane nodes. One node should be picked as the bootstrap node.
+When bootstrap command is issued, the node aborts join process and bootstraps etcd cluster as a single node cluster.
+Other control plane nodes will join etcd cluster once Kubernetes is bootstrapped on the bootstrap node.
 
 This command should not be used when "init" type node are used.
 

diff --git a/cmd/talosctl/cmd/talos/support.go b/cmd/talosctl/cmd/talos/support.go
@@ -12,6 +12,7 @@ import (
 	"io"
 	"os"
 	"strings"
+	"sync"
 	"text/tabwriter"
 
 	"github.com/cosi-project/runtime/pkg/resource"
@@ -111,7 +112,7 @@ var supportCmd = &cobra.Command{
 }
 
 func collectData(dest *os.File, progress chan bundle.Progress) error {
-	return WithClient(func(ctx context.Context, c *client.Client) error {
+	return WithClientNoNodes(func(ctx context.Context, c *client.Client) error {
 		clientset, err := getKubernetesClient(ctx, c)
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "Failed to create kubernetes client %s\n", err)
@@ -142,11 +143,7 @@ func collectData(dest *os.File, progress chan bundle.Progress) error {
 }
 
 func getKubernetesClient(ctx context.Context, c *client.Client) (*k8s.Clientset, error) {
-	if len(GlobalArgs.Endpoints) == 0 {
-		fmt.Fprintln(os.Stderr, "No endpoints set for the cluster, the command might not be able to get kubeconfig")
-	}
-
-	kubeconfig, err := c.Kubeconfig(client.WithNodes(ctx, GlobalArgs.Endpoints...))
+	kubeconfig, err := c.Kubeconfig(ctx)
 	if err != nil {
 		return nil, err
 	}
@@ -284,6 +281,7 @@ func showProgress(progress <-chan bundle.Progress, errors *supportBundleErrors)
 	uiprogress.Start()
 
 	type nodeProgress struct {
+		mu    sync.Mutex
 		state string
 		bar   *uiprogress.Bar
 	}
@@ -298,29 +296,39 @@ func showProgress(progress <-chan bundle.Progress, errors *supportBundleErrors)
 			ok bool
 		)
 
-		if np, ok = nodes[p.Source]; !ok {
+		src := p.Source
+
+		if _, ok = nodes[p.Source]; !ok {
 			bar := uiprogress.AddBar(p.Total)
 			bar = bar.AppendCompleted().PrependElapsed()
 
-			src := p.Source
-
 			np = &nodeProgress{
 				state: "initializing...",
 				bar:   bar,
 			}
 
-			bar.AppendFunc(func(b *uiprogress.Bar) string {
-				return fmt.Sprintf("%s: %s", src, np.state)
-			})
+			bar.AppendFunc(
+				func(src string, np *nodeProgress) func(b *uiprogress.Bar) string {
+					return func(b *uiprogress.Bar) string {
+						np.mu.Lock()
+						defer np.mu.Unlock()
+
+						return fmt.Sprintf("%s: %s", src, np.state)
+					}
+				}(src, np),
+			)
 
 			bar.Width = 20
 
 			nodes[src] = np
 		} else {
-			np = nodes[p.Source]
+			np = nodes[src]
 		}
 
+		np.mu.Lock()
 		np.state = p.State
+		np.mu.Unlock()
+
 		np.bar.Incr()
 	}
 

diff --git a/go.mod b/go.mod
@@ -67,7 +67,7 @@ require (
 	github.com/containerd/platforms v1.0.0-rc.0
 	github.com/containerd/typeurl/v2 v2.2.3
 	github.com/containernetworking/cni v1.2.3
-	github.com/containernetworking/plugins v1.6.0
+	github.com/containernetworking/plugins v1.6.1
 	github.com/coredns/coredns v1.11.3
 	github.com/coreos/go-iptables v0.8.0
 	github.com/cosi-project/runtime v0.7.6
@@ -122,7 +122,7 @@ require (
 	github.com/nberlee/go-netstat v0.1.2
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.0
-	github.com/opencontainers/runc v1.2.2
+	github.com/opencontainers/runc v1.2.3
 	github.com/opencontainers/runtime-spec v1.2.0
 	github.com/packethost/packngo v0.31.0
 	github.com/pelletier/go-toml/v2 v2.2.3
@@ -142,7 +142,7 @@ require (
 	github.com/siderolabs/gen v0.7.0
 	github.com/siderolabs/go-api-signature v0.3.6
 	github.com/siderolabs/go-blockdevice v0.4.8
-	github.com/siderolabs/go-blockdevice/v2 v2.0.7
+	github.com/siderolabs/go-blockdevice/v2 v2.0.9
 	github.com/siderolabs/go-circular v0.2.1
 	github.com/siderolabs/go-cmd v0.1.3
 	github.com/siderolabs/go-copy v0.1.0
@@ -157,7 +157,7 @@ require (
 	github.com/siderolabs/go-retry v0.3.3
 	github.com/siderolabs/go-smbios v0.3.3
 	github.com/siderolabs/go-tail v0.1.1
-	github.com/siderolabs/go-talos-support v0.1.1
+	github.com/siderolabs/go-talos-support v0.1.2
 	github.com/siderolabs/grpc-proxy v0.5.1
 	github.com/siderolabs/kms-client v0.1.0
 	github.com/siderolabs/net v0.4.0
@@ -241,7 +241,7 @@ require (
 	github.com/coreos/go-semver v0.3.1 // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
-	github.com/cyphar/filepath-securejoin v0.3.4 // indirect
+	github.com/cyphar/filepath-securejoin v0.3.5 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
@@ -368,7 +368,7 @@ require (
 	kernel.org/pub/linux/libs/security/libcap/psx v1.2.72 // indirect
 	rsc.io/qr v0.2.0 // indirect
 	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
-	sigs.k8s.io/knftables v0.0.17 // indirect
+	sigs.k8s.io/knftables v0.0.18 // indirect
 	sigs.k8s.io/kustomize/api v0.18.0 // indirect
 	sigs.k8s.io/kustomize/kyaml v0.18.1 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect