Andrey Smirnov

> Alternatively, if this feature won't be implemented: What would be the recommended encryption setup for a small home cluster? It depends on the threat model. If you just want...

> As far as I understand, that wouldn't protect me from an attacker that takes the device and then starts poking at services automatically launched on it. I realize that...

That's true, but really unusual for servers which are supposed to handle unattended reboots, so ymmv.

We will be looking towards providing CDN for other image types as well, but it will be probably in 2025. The first request (non-cached) will still go without CDN, and...

This looks like resource exhaustion, e.g. all CPU used by some workloads. I would recommend to install monitoring.

``` lookup xxxxx.siderolink.omni.siderolabs.io on [::1]:53: read udp [::1]:34050->[::1]:53: read: connection refused ``` this is not HostDNS, but rather looks like `/etc/resolv.conf` was never written (?)

There is not enough information to help you. From the logs it looks like `kube-apiserver` doesn't run, but we can't guess why. We have a [Troubleshooting](https://www.talos.dev/v1.10/introduction/troubleshooting/) guide.

iSCSI support is compiled into the Linux kernel, so it doesn't need a module. As for the failure, I guess you need to investigate more to find the root cause.

I don't think it's fair to test with `iscsiadm` within the container. A proper way would be to `nsenter` mount namespace of PID1 and run `iscsiadm` from the host (Talos...

Much easier way: ``` kubectl debug -it node/ --image alpine --profile=sysadmin -n kube-system ... nsenter -t 1 -m .... ``` But if iscsiadm works, you need to look into your...