talos

talos copied to clipboard

research: provide sane default restricted pod security, limit access to mounting `/system`

5

This is more of a research ticket to collect some data. There are two problems we need to solve: * Talos should provide sane default pod restriction policy (e.g. forbid...

smira

Support for pod user namespaces

8

This issue is to track Talos's support for user namespaces[^0] in Kubernetes pods. User namespaces allow for strict separation between the root user in pods and the root user on...

Piccirello

MachineConfig.disks nofail and other options

10

Currently Talos reboots system if machine.disks.* is not found. 1. It will be grate skip that error, it helps to fix disk problems or any issues. 2. second disk can...

sergelogvinov

Support for Raspberry PI4 2Gb for control plane

1

## Feature Request Lower memory check requirements (or a cli option to bypass the memory check). ### Description In a homelab setup a Raspberry PI 2Gb is enough to run...

febus982

## Feature Request Allow to set a webhook backend for the control plane audit logs. ### Description The k8s control plane can send its audit logs to a specified webhook...

Issif

Support for routing rules and tables

15

## Feature Request Support for routing rules and tables in the machine config ### Description For various setups on Bare Metal, more advanced routing configuration possibilities are needed. This would...

dedene

shasum.txt doesn't match binary name

1

## Bug Report ### Description [sha256sum.txt](https://github.com/siderolabs/talos/releases/download/v1.6.7/sha256sum.txt) file looks like this `99540b1d3bbc4d7bd41e8dfd5027941bed5eb29eff09756aed513b41e391eac9 _out/talosctl-linux-amd64` However, uploaded binary to the releases is named [talosctl-linux-amd64](https://github.com/siderolabs/talos/releases/download/v1.6.7/talosctl-linux-amd64) This causes some automation tool to fail shasum check....

shinebayar-g

talosctl bootstrap fails on Azure Stack Hub

2

## Bug Report ### Description Following the [Azure](https://www.talos.dev/v1.6/talos-guides/install/cloud-platforms/azure/) installation guide on Azure Stack Hub. The `talosctl bootstrap` step fails with ``` $ talosctl --talosconfig ./talosconfig bootstrap error executing bootstrap: rpc...

a01fe

Something like `osctl ls --xattr` would be nice: https://github.com/pkg/xattr

andrewrynhard

fix: bpf program failes due of linux LSM Lockdown

16

# Pull Request ## What? (description) When secureboot images are used, talos by default sets lockdown to confidentiality (lockdown=confidentiality). This will prevent bfp based programs to run properly. BFP is...

chifu1234