upgrade to talos 1.11.1

Author: rgl

.terraform.lock.hcl

@@ -89,7 +89,7 @@ Install talosctl:
 ```bash
 # see https://github.com/siderolabs/talos/releases
 # renovate: datasource=github-releases depName=siderolabs/talos
-talos_version='1.10.7'
+talos_version='1.11.1'
 wget https://github.com/siderolabs/talos/releases/download/v$talos_version/talosctl-linux-amd64
 sudo install talosctl-linux-amd64 /usr/local/bin/talosctl
 rm talosctl-linux-amd64
@@ -511,7 +511,7 @@ Update the talos extensions to match the talos version:
 Talos:
 
 ```bash
-# see https://www.talos.dev/v1.10/advanced/troubleshooting-control-plane/
+# see https://www.talos.dev/v1.11/advanced/troubleshooting-control-plane/
 talosctl -n $all support && rm -rf support && 7z x -osupport support.zip && code support
 talosctl -n $c0 service ext-qemu-guest-agent status
 talosctl -n $c0 service etcd status

README.md

@@ -44,7 +44,7 @@ locals {
   cilium_external_lb_manifest = join("---\n", [for d in local.cilium_external_lb_manifests : yamlencode(d)])
 }
 
-// see https://www.talos.dev/v1.10/kubernetes-guides/network/deploying-cilium/#method-4-helm-manifests-inline-install
+// see https://www.talos.dev/v1.11/kubernetes-guides/network/deploying-cilium/#method-4-helm-manifests-inline-install
 // see https://docs.cilium.io/en/stable/network/servicemesh/ingress/
 // see https://docs.cilium.io/en/stable/gettingstarted/hubble_setup/
 // see https://docs.cilium.io/en/stable/gettingstarted/hubble/

cilium.tf

@@ -11,20 +11,20 @@ talos_image_builder="$(perl -e 'print ((`uname -r` =~ /^(\d+\.\d+)/ && $1 >= 6.1
 
 # see https://github.com/siderolabs/talos/releases
 # renovate: datasource=github-releases depName=siderolabs/talos
-talos_version="1.10.7"
+talos_version="1.11.1"
 
 # see https://github.com/siderolabs/extensions/pkgs/container/qemu-guest-agent
 # see https://github.com/siderolabs/extensions/tree/main/guest-agents/qemu-guest-agent
-talos_qemu_guest_agent_extension_tag="10.0.2@sha256:ce20e4459b26623e9dddba1be10097746b519c587614685bc4330aceee107c74"
+talos_qemu_guest_agent_extension_tag="10.0.2@sha256:84b42d779721ddab71e0d5c12e10399d6bdd03af0aaa0dafd240e2724d724675"
 
 # see https://github.com/siderolabs/extensions/pkgs/container/drbd
 # see https://github.com/siderolabs/extensions/tree/main/storage/drbd
 # see https://github.com/LINBIT/drbd
-talos_drbd_extension_tag="9.2.14-v1.10.7@sha256:1c54ef1d97d5eacb3de749aac198d5313cc3513ca348e994c6c080a3bf2440eb"
+talos_drbd_extension_tag="9.2.14-v1.11.1@sha256:004b24fc5d3d41369a7f016d10e894436293d8478debfa769e204522e7cc0925"
 
 # see https://github.com/siderolabs/extensions/pkgs/container/spin
 # see https://github.com/siderolabs/extensions/tree/main/container-runtime/spin
-talos_spin_extension_tag="v0.19.0@sha256:c88e8b1a6de4acd8d98f6aacc716c8e9aef3f7962d04893b49afc77d013b8ba2"
+talos_spin_extension_tag="v0.20.0@sha256:ec5cd8479e9174105aac93bbda2b6ab3d7be91167e7dc13a1884246fd4efa315"
 
 # see https://github.com/piraeusdatastore/piraeus-operator/releases
 # renovate: datasource=github-releases depName=piraeusdatastore/piraeus-operator
@@ -67,9 +67,9 @@ function update-talos-extensions {
 }
 
 function build_talos_image__imager {
-  # see https://www.talos.dev/v1.10/talos-guides/install/boot-assets/
-  # see https://www.talos.dev/v1.10/advanced/metal-network-configuration/
-  # see Profile type at https://github.com/siderolabs/talos/blob/v1.10.7/pkg/imager/profile/profile.go#L23-L46
+  # see https://www.talos.dev/v1.11/talos-guides/install/boot-assets/
+  # see https://www.talos.dev/v1.11/advanced/metal-network-configuration/
+  # see Profile type at https://github.com/siderolabs/talos/blob/v1.11.1/pkg/imager/profile/profile.go#L23-L46
   local talos_version_tag="v$talos_version"
   rm -rf tmp/talos
   mkdir -p tmp/talos
@@ -110,7 +110,7 @@ EOF
 }
 
 function build_talos_image__image_factory {
-  # see https://www.talos.dev/v1.10/learn-more/image-factory/
+  # see https://www.talos.dev/v1.11/learn-more/image-factory/
   # see https://github.com/siderolabs/image-factory?tab=readme-ov-file#http-frontend-api
   local talos_version_tag="v$talos_version"
   rm -rf tmp/talos
@@ -222,11 +222,36 @@ function piraeus-install {
   # see https://linbit.com/drbd-user-guide/linstor-guide-1_0-en/#ch-kubernetes
   # see 5.7.1. Available Parameters in a Storage Class at https://linbit.com/drbd-user-guide/linstor-guide-1_0-en/#s-kubernetes-sc-parameters
   # see https://linbit.com/drbd-user-guide/drbd-guide-9_0-en/
-  # see https://www.talos.dev/v1.10/kubernetes-guides/configuration/storage/#piraeus--linstor
+  # see https://www.talos.dev/v1.11/kubernetes-guides/configuration/storage/#piraeus--linstor
   step 'piraeus install'
   kubectl apply --server-side -k "https://github.com/piraeusdatastore/piraeus-operator//config/default?ref=v$piraeus_operator_version"
   step 'piraeus wait'
   kubectl wait pod --timeout=15m --for=condition=Ready -n piraeus-datastore -l app.kubernetes.io/component=piraeus-operator
+  # wait until the webhook endpoint is available.
+  # NB this is required to workaround:
+  #   Error from server (InternalError): error when creating "STDIN": Internal error occurred: failed calling webhook "vlinstorsatelliteconfiguration.kb.io": failed to call webhook: Post "https://piraeus-operator-webhook-service.piraeus-datastore.svc:443/validate-piraeus-io-v1-linstorsatelliteconfiguration?timeout=10s": dial tcp 10.97.116.20:443: connect: operation not permitted
+  while [ \
+    "$(
+      kubectl \
+      run \
+      test-piraeus-webhook \
+      --namespace piraeus-datastore \
+      --restart Never \
+      --rm \
+      --wait \
+      --stdin \
+      --tty \
+      --image alpine/curl:8.14.1 \
+      -- \
+      curl \
+        --insecure \
+        --silent \
+        --fail-with-body \
+        --header content-type:application/json \
+        https://piraeus-operator-webhook-service.piraeus-datastore:443/validate-piraeus-io-v1-linstorsatelliteconfiguration?timeout=5s \
+        | head -1 | jq .response.status.code
+    )" != "400" \
+  ]; do sleep 5; done
   step 'piraeus configure'
   kubectl apply -n piraeus-datastore -f - <<'EOF'
 apiVersion: piraeus.io/v1

do

@@ -18,7 +18,7 @@ terraform {
     # see https://github.com/siderolabs/terraform-provider-talos
     talos = {
       source  = "siderolabs/talos"
-      version = "0.8.1"
+      version = "0.9.0"
     }
     # see https://registry.terraform.io/providers/hashicorp/helm
     # see https://github.com/hashicorp/terraform-provider-helm

providers.tf

@@ -18,15 +18,15 @@ locals {
       #    talos image, which is created in the installed state.
       #install = {}
       features = {
-        # see https://www.talos.dev/v1.10/kubernetes-guides/configuration/kubeprism/
+        # see https://www.talos.dev/v1.11/kubernetes-guides/configuration/kubeprism/
         # see talosctl -n $c0 read /etc/kubernetes/kubeconfig-kubelet | yq .clusters[].cluster.server
         # NB if you use a non-default CNI, you must configure it to use the
         #    https://localhost:7445 kube-apiserver endpoint.
         kubePrism = {
           enabled = true
           port    = 7445
         }
-        # see https://www.talos.dev/v1.10/talos-guides/network/host-dns/
+        # see https://www.talos.dev/v1.11/talos-guides/network/host-dns/
         hostDNS = {
           enabled              = true
           forwardKubeDNSToHost = true
@@ -82,8 +82,8 @@ locals {
       #    from https://discovery.talos.dev/ (or a custom and paid one running
       #    locally in your network).
       # NB without this, talosctl get members, always returns an empty set.
-      # see https://www.talos.dev/v1.10/talos-guides/discovery/
-      # see https://www.talos.dev/v1.10/reference/configuration/v1alpha1/config/#Config.cluster.discovery
+      # see https://www.talos.dev/v1.11/talos-guides/discovery/
+      # see https://www.talos.dev/v1.11/reference/configuration/v1alpha1/config/#Config.cluster.discovery
       # see https://github.com/siderolabs/talos/issues/9980
       # see https://github.com/siderolabs/talos/commit/c12b52491456d1e52204eb290d0686a317358c7c
       discovery = {
@@ -109,12 +109,12 @@ locals {
   }
 }
 
-// see https://registry.terraform.io/providers/siderolabs/talos/0.8.1/docs/resources/machine_secrets
+// see https://registry.terraform.io/providers/siderolabs/talos/0.9.0/docs/resources/machine_secrets
 resource "talos_machine_secrets" "talos" {
   talos_version = "v${var.talos_version}"
 }
 
-// see https://registry.terraform.io/providers/siderolabs/talos/0.8.1/docs/data-sources/machine_configuration
+// see https://registry.terraform.io/providers/siderolabs/talos/0.9.0/docs/data-sources/machine_configuration
 data "talos_machine_configuration" "controller" {
   cluster_name       = var.cluster_name
   cluster_endpoint   = var.cluster_endpoint
@@ -130,7 +130,7 @@ data "talos_machine_configuration" "controller" {
       machine = {
         network = {
           interfaces = [
-            # see https://www.talos.dev/v1.10/talos-guides/network/vip/
+            # see https://www.talos.dev/v1.11/talos-guides/network/vip/
             {
               interface = "eth0"
               dhcp      = true
@@ -212,7 +212,7 @@ data "talos_machine_configuration" "controller" {
   ]
 }
 
-// see https://registry.terraform.io/providers/siderolabs/talos/0.8.1/docs/data-sources/machine_configuration
+// see https://registry.terraform.io/providers/siderolabs/talos/0.9.0/docs/data-sources/machine_configuration
 data "talos_machine_configuration" "worker" {
   cluster_name       = var.cluster_name
   cluster_endpoint   = var.cluster_endpoint
@@ -227,14 +227,14 @@ data "talos_machine_configuration" "worker" {
   ]
 }
 
-// see https://registry.terraform.io/providers/siderolabs/talos/0.8.1/docs/data-sources/client_configuration
+// see https://registry.terraform.io/providers/siderolabs/talos/0.9.0/docs/data-sources/client_configuration
 data "talos_client_configuration" "talos" {
   cluster_name         = var.cluster_name
   client_configuration = talos_machine_secrets.talos.client_configuration
   endpoints            = [for node in local.controller_nodes : node.address]
 }
 
-// see https://registry.terraform.io/providers/siderolabs/talos/0.8.1/docs/resources/cluster_kubeconfig
+// see https://registry.terraform.io/providers/siderolabs/talos/0.9.0/docs/resources/cluster_kubeconfig
 resource "talos_cluster_kubeconfig" "talos" {
   client_configuration = talos_machine_secrets.talos.client_configuration
   endpoint             = local.controller_nodes[0].address
@@ -244,7 +244,7 @@ resource "talos_cluster_kubeconfig" "talos" {
   ]
 }
 
-// see https://registry.terraform.io/providers/siderolabs/talos/0.8.1/docs/resources/machine_configuration_apply
+// see https://registry.terraform.io/providers/siderolabs/talos/0.9.0/docs/resources/machine_configuration_apply
 resource "talos_machine_configuration_apply" "controller" {
   count                       = var.controller_count
   client_configuration        = talos_machine_secrets.talos.client_configuration
@@ -265,7 +265,7 @@ resource "talos_machine_configuration_apply" "controller" {
   ]
 }
 
-// see https://registry.terraform.io/providers/siderolabs/talos/0.8.1/docs/resources/machine_configuration_apply
+// see https://registry.terraform.io/providers/siderolabs/talos/0.9.0/docs/resources/machine_configuration_apply
 resource "talos_machine_configuration_apply" "worker" {
   count                       = var.worker_count
   client_configuration        = talos_machine_secrets.talos.client_configuration
@@ -286,7 +286,7 @@ resource "talos_machine_configuration_apply" "worker" {
   ]
 }
 
-// see https://registry.terraform.io/providers/siderolabs/talos/0.8.1/docs/resources/machine_bootstrap
+// see https://registry.terraform.io/providers/siderolabs/talos/0.9.0/docs/resources/machine_bootstrap
 resource "talos_machine_bootstrap" "talos" {
   client_configuration = talos_machine_secrets.talos.client_configuration
   endpoint             = local.controller_nodes[0].address

talos.tf

@@ -1,17 +1,17 @@
 # see https://github.com/siderolabs/talos/releases
-# see https://www.talos.dev/v1.10/introduction/support-matrix/
+# see https://www.talos.dev/v1.11/introduction/support-matrix/
 variable "talos_version" {
   type = string
   # renovate: datasource=github-releases depName=siderolabs/talos
-  default = "1.10.7"
+  default = "1.11.1"
   validation {
     condition     = can(regex("^\\d+(\\.\\d+)+", var.talos_version))
     error_message = "Must be a version number."
   }
 }
 
 # see https://github.com/siderolabs/kubelet/pkgs/container/kubelet
-# see https://www.talos.dev/v1.10/introduction/support-matrix/
+# see https://www.talos.dev/v1.11/introduction/support-matrix/
 variable "kubernetes_version" {
   type = string
   # renovate: datasource=github-releases depName=siderolabs/kubelet
@@ -102,7 +102,7 @@ variable "worker_count" {
 
 variable "talos_libvirt_base_volume_name" {
   type    = string
-  default = "talos-1.10.7.qcow2"
+  default = "talos-1.11.1.qcow2"
   validation {
     condition     = can(regex(".+\\.qcow2+$", var.talos_libvirt_base_volume_name))
     error_message = "Must be a name with a .qcow2 extension."