Talos + Sidero + SideroLink Notes
Goals
- Better understand how Talos server lifecycles work when managed by Sidero and ClusterAPI.
- Determine security best practices.
- Contribute issues and documentation based on what is found.
bzub bzub
bzub
/ talos_sidero_siderolink_notes.md
Last active
January 18, 2023 16:22
Talos + Sidero + SideroLink Notes
View talos_sidero_siderolink_notes.md
View sidero_hacks.md
Sidero Hacks
Delete Cluster, Keep PKI
You just need to keep the CLUSTER_NAME-ca and CLUSTER_NAME-talos secrets around.
To do this you an remove the owner reference from them.
cluster_name="example-cluster"
View nothing.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # nothing |
View flatcar_firecracker.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env sh | |
| set -e | |
| command="${1}" | |
| usage="${0} start|stop" | |
| if [ -z "${command}" ]; then | |
| echo "ERROR: command argument required. [start|stop]" | |
| echo "${usage}" | |
| exit 1 |
View merge2_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {`nested associative -- add same name, different path`, | |
| ` | |
| kind: Deployment | |
| volumes: | |
| - name: vol1 | |
| projected: | |
| sources: | |
| - secret: | |
| name: source1 | |
| optional: false |
View main.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "os" | |
| "sigs.k8s.io/kustomize/kyaml/yaml" | |
| ) | |
| func main() { |
View test_log.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ==> Checking that code complies with gofmt requirements... | |
| TF_ACC=1 go test $(go list ./... |grep -v 'vendor') -v -timeout 240m | |
| === RUN TestPluginVersion | |
| --- PASS: TestPluginVersion (0.00s) | |
| PASS | |
| ok github.com/terraform-providers/terraform-provider-acme 0.013s | |
| === RUN TestResourceACMERegistrationMigrateState | |
| 2019/01/14 03:59:39 [DEBUG] Migrating acme_registration state: old v0 state: &terraform.InstanceState{ID:"regurl", Attributes:map[string]string{"registration_body":"regbody", "registration_url":"https://acme-staging.api.letsencrypt.org/acme/reg/123456789", "registration_new_authz_url":"https://acme-staging.api.letsencrypt.org/acme/new-authz", "registration_tos_url":"https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf", "server_url":"https://acme-staging.api.letsencrypt.org/directory", "account_key_pem":"key", "email_address":"nobody@example.com"}, Ephemeral:terraform.EphemeralState{ConnInfo:map[string]string(nil), Type:""}, Meta:map[string]interface {}(nil), Tainted:false, mu:sync.Mutex{ |
View test_log.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ==> Checking that code complies with gofmt requirements... | |
| TF_ACC=1 go test $(go list ./... |grep -v 'vendor') -v -timeout 240m | |
| === RUN TestPluginVersion | |
| --- PASS: TestPluginVersion (0.00s) | |
| PASS | |
| ok github.com/terraform-providers/terraform-provider-acme 0.013s | |
| === RUN TestResourceACMERegistrationMigrateState | |
| 2019/01/14 01:48:06 [DEBUG] Migrating acme_registration state: old v0 state: &terraform.InstanceState{ID:"regurl", Attributes:map[string]string{"registration_tos_url":"https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf", "server_url":"https://acme-staging.api.letsencrypt.org/directory", "account_key_pem":"key", "email_address":"nobody@example.com", "registration_body":"regbody", "registration_url":"https://acme-staging.api.letsencrypt.org/acme/reg/123456789", "registration_new_authz_url":"https://acme-staging.api.letsencrypt.org/acme/new-authz"}, Ephemeral:terraform.EphemeralState{ConnInfo:map[string]string(nil), Type:""}, Meta:map[string]interface {}(nil), Tainted:false, mu:sync.Mutex{ |
View test_log.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ==> Checking that code complies with gofmt requirements... | |
| TF_ACC=1 go test $(go list ./... |grep -v 'vendor') -v -timeout 240m | |
| === RUN TestPluginVersion | |
| --- PASS: TestPluginVersion (0.00s) | |
| PASS | |
| ok github.com/terraform-providers/terraform-provider-acme (cached) | |
| === RUN TestResourceACMERegistrationMigrateState | |
| 2019/01/14 00:21:28 [DEBUG] Migrating acme_registration state: old v0 state: &terraform.InstanceState{ID:"regurl", Attributes:map[string]string{"account_key_pem":"key", "email_address":"nobody@example.com", "registration_body":"regbody", "registration_url":"https://acme-staging.api.letsencrypt.org/acme/reg/123456789", "registration_new_authz_url":"https://acme-staging.api.letsencrypt.org/acme/new-authz", "registration_tos_url":"https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf", "server_url":"https://acme-staging.api.letsencrypt.org/directory"}, Ephemeral:terraform.EphemeralState{ConnInfo:map[string]string(nil), Type:""}, Meta:map[string]interface {}(nil), Tainted:false, mu:sync.Mute |
NewerOlder