This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [ghcr.io/siderolabs/talosctl](https://github.com/siderolabs/talos) | minor | `v1.10.4` -> `v1.11.1` |
---
### Release Notes
<details>
<summary>siderolabs/talos (ghcr.io/siderolabs/talosctl)</summary>
### [`v1.11.1`](https://github.com/siderolabs/talos/releases/tag/v1.11.1)
[Compare Source](https://github.com/siderolabs/talos/compare/v1.11.0...v1.11.1)
##### [Talos 1.11.1](https://github.com/siderolabs/talos/releases/tag/v1.11.1) (2025-09-08)
Welcome to the v1.11.1 release of Talos!
Please try out the release binaries and report any issues at
<https://github.com/siderolabs/talos/issues>.
##### Component Updates
Linux: 6.12.45
CoreDNS: 1.12.3
Talos is built with Go 1.24.6.
##### Contributors
- Andrey Smirnov
- Markus Freitag
- Olivier Doucet
- Sammy ETUR
##### Changes
<details><summary>7 commits</summary>
<p>
- [@​`8e85c83`](https://github.com/siderolabs/talos/commit/8e85c8362) release(v1.11.1): prepare release
- [@​`ff8644c`](https://github.com/siderolabs/talos/commit/ff8644cd2) fix: correctly handle status-code 204
- [@​`7d5fe2d`](https://github.com/siderolabs/talos/commit/7d5fe2d0f) feat: update Linux kernel (memcg\_v1, ublk)
- [@​`9e310a9`](https://github.com/siderolabs/talos/commit/9e310a9dd) fix: enable support for VMWare arm64
- [@​`f7620f0`](https://github.com/siderolabs/talos/commit/f7620f028) feat: update CoreDNS to 1.12.3
- [@​`01bf2f6`](https://github.com/siderolabs/talos/commit/01bf2f6f9) feat: add SOCKS5 proxy support to dynamic proxy dialer
- [@​`8a578bc`](https://github.com/siderolabs/talos/commit/8a578bc4a) feat: update Linux to 6.12.45
</p>
</details>
##### Changes from siderolabs/pkgs
<details><summary>3 commits</summary>
<p>
- [siderolabs/pkgs@`1a25681`](https://github.com/siderolabs/pkgs/commit/1a25681) feat: enable ublk support
- [siderolabs/pkgs@`95f0be4`](https://github.com/siderolabs/pkgs/commit/95f0be4) fix: enable memcg v1
- [siderolabs/pkgs@`e1c333c`](https://github.com/siderolabs/pkgs/commit/e1c333c) feat: update Linux to 6.12.45
</p>
</details>
##### Dependency Changes
- **cloud.google.com/go/compute/metadata**           v0.7.0 -> v0.8.0
- **github.com/aws/aws-sdk-go-v2/config**            v1.29.17 -> v1.31.2
- **github.com/aws/aws-sdk-go-v2/feature/ec2/imds**  v1.16.32 -> v1.18.4
- **github.com/aws/smithy-go**                       v1.22.4 -> v1.22.5
- **github.com/miekg/dns**                           v1.1.67 -> v1.1.68
- **github.com/siderolabs/pkgs**                     v1.11.0-15-g2ac857a -> v1.11.0-18-g1a25681
- **github.com/siderolabs/talos/pkg/machinery**      v1.11.0 -> v1.11.1
- **golang.org/x/net**                               v0.42.0 -> v0.43.0
- **golang.org/x/sys**                               v0.34.0 -> v0.35.0
- **golang.org/x/term**                              v0.33.0 -> v0.34.0
- **golang.org/x/text**                              v0.27.0 -> v0.28.0
- **google.golang.org/grpc**                         v1.73.0 -> v1.75.0
- **google.golang.org/protobuf**                     v1.36.6 -> v1.36.8
Previous release can be found at [v1.11.0](https://github.com/siderolabs/talos/releases/tag/v1.11.0)
##### Images
```
ghcr.io/siderolabs/flannel:v0.27.2
registry.k8s.io/coredns/coredns:v1.12.3
gcr.io/etcd-development/etcd:v3.6.4
registry.k8s.io/kube-apiserver:v1.34.0
registry.k8s.io/kube-controller-manager:v1.34.0
registry.k8s.io/kube-scheduler:v1.34.0
registry.k8s.io/kube-proxy:v1.34.0
ghcr.io/siderolabs/kubelet:v1.34.0
ghcr.io/siderolabs/installer:v1.11.1
registry.k8s.io/pause:3.10
```
### [`v1.11.0`](https://github.com/siderolabs/talos/blob/HEAD/CHANGELOG.md#Changes-since-v1110-alpha2)
[Compare Source](https://github.com/siderolabs/talos/compare/v1.10.7...v1.11.0)
<details><summary>1 commit</summary>
<p>
- [`777335f23`](777335f234) chore: improve cloud image uploader resilience
</p>
</details>
### [`v1.10.7`](https://github.com/siderolabs/talos/releases/tag/v1.10.7)
[Compare Source](https://github.com/siderolabs/talos/compare/v1.10.6...v1.10.7)
##### [Talos 1.10.7](https://github.com/siderolabs/talos/releases/tag/v1.10.7) (2025-08-26)
Welcome to the v1.10.7 release of Talos!
Please try out the release binaries and report any issues at
<https://github.com/siderolabs/talos/issues>.
##### Component Updates
Linux: 6.12.43
Kubernetes: 1.33.4
Talos is built with Go 1.24.6.
##### Contributors
- Andrey Smirnov
##### Changes
<details><summary>6 commits</summary>
<p>
- [@​`71de2e2`](https://github.com/siderolabs/talos/commit/71de2e23b) release(v1.10.7): prepare release
- [@​`d7936de`](https://github.com/siderolabs/talos/commit/d7936dec6) fix: image cache lockup on a missing volume
- [@​`f6541fa`](https://github.com/siderolabs/talos/commit/f6541fa71) fix: live reload of TLS client config for discovery client
- [@​`29cfd9f`](https://github.com/siderolabs/talos/commit/29cfd9fd0) fix: enforce minimum size on user volumes if not set explicitly
- [@​`83dcca3`](https://github.com/siderolabs/talos/commit/83dcca3c7) feat: add [`F71808E`](https://github.com/siderolabs/talos/commit/F71808E) watchdog driver
- [@​`3f05c39`](https://github.com/siderolabs/talos/commit/3f05c3922) feat: update Linux and Kubernetes
</p>
</details>
##### Changes from siderolabs/discovery-client
<details><summary>3 commits</summary>
<p>
- [siderolabs/discovery-client@`0bffa6f`](https://github.com/siderolabs/discovery-client/commit/0bffa6f) fix: allow TLS config to be passed as a function
- [siderolabs/discovery-client@`09c6687`](https://github.com/siderolabs/discovery-client/commit/09c6687) chore: fix project name in release.toml
- [siderolabs/discovery-client@`71b0c6d`](https://github.com/siderolabs/discovery-client/commit/71b0c6d) fix: add FIPS-140-3 strict compliance
</p>
</details>
##### Changes from siderolabs/pkgs
<details><summary>5 commits</summary>
<p>
- [siderolabs/pkgs@`88700c7`](https://github.com/siderolabs/pkgs/commit/88700c7) feat: update Linux to 6.12.43
- [siderolabs/pkgs@`4cf5eeb`](https://github.com/siderolabs/pkgs/commit/4cf5eeb) fix: re-enable CPUSETS\_V1 cgroups controller
- [siderolabs/pkgs@`8a14125`](https://github.com/siderolabs/pkgs/commit/8a14125) feat: update backportable dependencies
- [siderolabs/pkgs@`69b9cdc`](https://github.com/siderolabs/pkgs/commit/69b9cdc) feat: enable [`F71808E`](https://github.com/siderolabs/talos/commit/F71808E) watchdog driver
- [siderolabs/pkgs@`7ffefa9`](https://github.com/siderolabs/pkgs/commit/7ffefa9) feat: update Go to 1.24.6
</p>
</details>
##### Changes from siderolabs/tools
<details><summary>1 commit</summary>
<p>
- [siderolabs/tools@`306d9d9`](https://github.com/siderolabs/tools/commit/306d9d9) feat: update Go to 1.24.6
</p>
</details>
##### Dependency Changes
- **github.com/siderolabs/discovery-client**     v0.1.11 -> v0.1.13
- **github.com/siderolabs/pkgs**                 v1.10.0-29-g2e6dd0a -> v1.10.0-34-g88700c7
- **github.com/siderolabs/talos/pkg/machinery**  v1.10.6 -> v1.10.7
- **github.com/siderolabs/tools**                v1.10.0-5-g31fd099 -> v1.10.0-6-g306d9d9
- **google.golang.org/grpc**                     v1.71.3 -> v1.73.0
- **k8s.io/api**                                 v0.33.2 -> v0.33.4
- **k8s.io/apiserver**                           v0.33.2 -> v0.33.4
- **k8s.io/client-go**                           v0.33.2 -> v0.33.4
- **k8s.io/component-base**                      v0.33.2 -> v0.33.4
- **k8s.io/kube-scheduler**                      v0.33.2 -> v0.33.4
- **k8s.io/kubectl**                             v0.33.2 -> v0.33.4
- **k8s.io/kubelet**                             v0.33.2 -> v0.33.4
- **k8s.io/pod-security-admission**              v0.33.2 -> v0.33.4
Previous release can be found at [v1.10.6](https://github.com/siderolabs/talos/releases/tag/v1.10.6)
##### Images
```
ghcr.io/siderolabs/flannel:v0.26.7
registry.k8s.io/coredns/coredns:v1.12.1
gcr.io/etcd-development/etcd:v3.5.21
registry.k8s.io/kube-apiserver:v1.33.4
registry.k8s.io/kube-controller-manager:v1.33.4
registry.k8s.io/kube-scheduler:v1.33.4
registry.k8s.io/kube-proxy:v1.33.4
ghcr.io/siderolabs/kubelet:v1.33.4
ghcr.io/siderolabs/installer:v1.10.7
registry.k8s.io/pause:3.10
```
### [`v1.10.6`](https://github.com/siderolabs/talos/releases/tag/v1.10.6)
[Compare Source](https://github.com/siderolabs/talos/compare/v1.10.5...v1.10.6)
##### [Talos 1.10.6](https://github.com/siderolabs/talos/releases/tag/v1.10.6) (2025-07-31)
Welcome to the v1.10.6 release of Talos!
Please try out the release binaries and report any issues at
<https://github.com/siderolabs/talos/issues>.
##### Component Updates
Linux: 6.12.40
Kubernetes: 1.33.3
Talos is built with Go 1.24.5.
##### Contributors
- Andrey Smirnov
- Andrew Longwill
- Mateusz Urbanek
##### Changes
<details><summary>8 commits</summary>
<p>
- [@​`cfa6c98`](https://github.com/siderolabs/talos/commit/cfa6c98ce) release(v1.10.6): prepare release
- [@​`7553089`](https://github.com/siderolabs/talos/commit/755308906) fix: issues with reading GPT
- [@​`bb1cdc8`](https://github.com/siderolabs/talos/commit/bb1cdc86b) fix: issue with volume remount on service restart
- [@​`e8bbe4a`](https://github.com/siderolabs/talos/commit/e8bbe4a51) chore: tag aws snapshots created via ci with the image name
- [@​`e595225`](https://github.com/siderolabs/talos/commit/e59522577) feat: include AMD encrypted mem modules into base
- [@​`68a4852`](https://github.com/siderolabs/talos/commit/68a485269) fix: add more bootloader probe logs on upgrade
- [@​`d76649d`](https://github.com/siderolabs/talos/commit/d76649dd5) fix: talos endpoint might not be created in Kubernetes
- [@​`e621759`](https://github.com/siderolabs/talos/commit/e62175948) feat: update Linux to 6.12.40
</p>
</details>
##### Changes from siderolabs/gen
<details><summary>1 commit</summary>
<p>
- [siderolabs/gen@`044d921`](https://github.com/siderolabs/gen/commit/044d921) feat: add xslices.Deduplicate
</p>
</details>
##### Changes from siderolabs/pkgs
<details><summary>5 commits</summary>
<p>
- [siderolabs/pkgs@`2e6dd0a`](https://github.com/siderolabs/pkgs/commit/2e6dd0a) feat: update Linux to 6.12.40
- [siderolabs/pkgs@`3657b7d`](https://github.com/siderolabs/pkgs/commit/3657b7d) feat: update Linux to 6.12.38
- [siderolabs/pkgs@`a8e77ff`](https://github.com/siderolabs/pkgs/commit/a8e77ff) feat: enable AMD encrypted memory
- [siderolabs/pkgs@`8dd783f`](https://github.com/siderolabs/pkgs/commit/8dd783f) feat: update Linux to 6.12.36 and firmware
- [siderolabs/pkgs@`7e49fce`](https://github.com/siderolabs/pkgs/commit/7e49fce) feat: update tools and toolchain
</p>
</details>
##### Changes from siderolabs/tools
<details><summary>1 commit</summary>
<p>
- [siderolabs/tools@`31fd099`](https://github.com/siderolabs/tools/commit/31fd099) feat: update Go to 1.24.5
</p>
</details>
##### Dependency Changes
- **github.com/siderolabs/gen**                  v0.8.4 -> v0.8.5
- **github.com/siderolabs/go-blockdevice/v2**    v2.0.16 -> v2.0.19
- **github.com/siderolabs/pkgs**                 v1.10.0-24-g28fa97d -> v1.10.0-29-g2e6dd0a
- **github.com/siderolabs/talos/pkg/machinery**  v1.10.5 -> v1.10.6
- **github.com/siderolabs/tools**                v1.10.0-4-g9d54ed4 -> v1.10.0-5-g31fd099
- **golang.org/x/sync**                          v0.15.0 -> v0.16.0
- **golang.org/x/sys**                           v0.33.0 -> v0.34.0
- **golang.org/x/text**                          v0.26.0 -> v0.27.0
Previous release can be found at [v1.10.5](https://github.com/siderolabs/talos/releases/tag/v1.10.5)
##### Images
```
ghcr.io/siderolabs/flannel:v0.26.7
registry.k8s.io/coredns/coredns:v1.12.1
gcr.io/etcd-development/etcd:v3.5.21
registry.k8s.io/kube-apiserver:v1.33.3
registry.k8s.io/kube-controller-manager:v1.33.3
registry.k8s.io/kube-scheduler:v1.33.3
registry.k8s.io/kube-proxy:v1.33.3
ghcr.io/siderolabs/kubelet:v1.33.3
ghcr.io/siderolabs/installer:v1.10.6
registry.k8s.io/pause:3.10
```
### [`v1.10.5`](https://github.com/siderolabs/talos/releases/tag/v1.10.5)
[Compare Source](https://github.com/siderolabs/talos/compare/v1.10.4...v1.10.5)
##### [Talos 1.10.5](https://github.com/siderolabs/talos/releases/tag/v1.10.5) (2025-07-03)
Welcome to the v1.10.5 release of Talos!
Please try out the release binaries and report any issues at
<https://github.com/siderolabs/talos/issues>.
##### Azure
Talos on Azure now defaults to MTU of 1400 bytes for the `eth0` interface to avoid packet fragmentation issues.
The default MTU can be overriden with machine configuration.
##### Component Updates
Linux: 6.12.35
Kubernetes: 1.33.2
Talos is built with Go 1.24.4.
##### Contributors
- Andrey Smirnov
- Noel Georgi
##### Changes
<details><summary>9 commits</summary>
<p>
- [@​`55fc623`](https://github.com/siderolabs/talos/commit/55fc62331) release(v1.10.5): prepare release
- [@​`b84e150`](https://github.com/siderolabs/talos/commit/b84e15037) feat: update Kubernetes default to 1.33.2
- [@​`2017ec2`](https://github.com/siderolabs/talos/commit/2017ec228) fix: add limited retries for not found images
- [@​`b3e510a`](https://github.com/siderolabs/talos/commit/b3e510ac5) chore: improve cloud image uploader resilience
- [@​`4a40cdd`](https://github.com/siderolabs/talos/commit/4a40cddbb) fix: hold user volume mount point across kubelet restarts
- [@​`9e1f347`](https://github.com/siderolabs/talos/commit/9e1f347f5) fix: etcd recover with multiple advertised addresses
- [@​`f85ff5f`](https://github.com/siderolabs/talos/commit/f85ff5fa8) feat: update Linux to 6.12.35
- [@​`87ed1b5`](https://github.com/siderolabs/talos/commit/87ed1b589) fix: treat context canceled as expected error on image pull
- [@​`9a0644a`](https://github.com/siderolabs/talos/commit/9a0644a64) fix: set default MTU on Azure to 1400
</p>
</details>
##### Changes from siderolabs/pkgs
<details><summary>2 commits</summary>
<p>
- [siderolabs/pkgs@`28fa97d`](https://github.com/siderolabs/pkgs/commit/28fa97d) fix: iptables url
- [siderolabs/pkgs@`6109fe6`](https://github.com/siderolabs/pkgs/commit/6109fe6) feat: update dependencies
</p>
</details>
##### Dependency Changes
- **github.com/siderolabs/pkgs**                 v1.10.0-22-g51e388c -> v1.10.0-24-g28fa97d
- **github.com/siderolabs/talos/pkg/machinery**  v1.10.4 -> v1.10.5
- **k8s.io/api**                                 v0.33.1 -> v0.33.2
- **k8s.io/apiserver**                           v0.33.1 -> v0.33.2
- **k8s.io/client-go**                           v0.33.1 -> v0.33.2
- **k8s.io/component-base**                      v0.33.1 -> v0.33.2
- **k8s.io/kube-scheduler**                      v0.33.1 -> v0.33.2
- **k8s.io/kubectl**                             v0.33.1 -> v0.33.2
- **k8s.io/kubelet**                             v0.33.1 -> v0.33.2
- **k8s.io/pod-security-admission**              v0.33.1 -> v0.33.2
Previous release can be found at [v1.10.4](https://github.com/siderolabs/talos/releases/tag/v1.10.4)
##### Images
```
ghcr.io/siderolabs/flannel:v0.26.7
registry.k8s.io/coredns/coredns:v1.12.1
gcr.io/etcd-development/etcd:v3.5.21
registry.k8s.io/kube-apiserver:v1.33.2
registry.k8s.io/kube-controller-manager:v1.33.2
registry.k8s.io/kube-scheduler:v1.33.2
registry.k8s.io/kube-proxy:v1.33.2
ghcr.io/siderolabs/kubelet:v1.33.2
ghcr.io/siderolabs/installer:v1.10.5
registry.k8s.io/pause:3.10
```
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45OS4xIiwidXBkYXRlZEluVmVyIjoiNDEuMTE2LjUiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImltYWdlIl19-->
Reviewed-on: #1409
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
		
	
		
			
				
	
	
		
			294 lines
		
	
	
		
			8.2 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			294 lines
		
	
	
		
			8.2 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| etcd-backup:
 | |
|   controllers:
 | |
|     main:
 | |
|       type: cronjob
 | |
|       pod:
 | |
|         nodeSelector:
 | |
|           node-role.kubernetes.io/control-plane: ""
 | |
|         tolerations:
 | |
|           - key: node-role.kubernetes.io/control-plane
 | |
|             operator: Exists
 | |
|             effect: NoSchedule
 | |
|       cronjob:
 | |
|         suspend: false
 | |
|         concurrencyPolicy: Forbid
 | |
|         timeZone: US/Central
 | |
|         schedule: "0 2 * * *"
 | |
|         startingDeadlineSeconds: 90
 | |
|         successfulJobsHistory: 3
 | |
|         failedJobsHistory: 3
 | |
|         backoffLimit: 3
 | |
|         parallelism: 1
 | |
|       containers:
 | |
|         main:
 | |
|           image:
 | |
|             repository: ghcr.io/siderolabs/talos-backup
 | |
|             tag: v0.1.0-beta.3@sha256:05c86663b251a407551dc948097e32e163a345818117eb52c573b0447bd0c7a7
 | |
|             pullPolicy: IfNotPresent
 | |
|           command:
 | |
|             - /talos-backup
 | |
|           workingDir: /tmp
 | |
|           securityContext:
 | |
|             runAsUser: 1000
 | |
|             runAsGroup: 1000
 | |
|             allowPrivilegeEscalation: false
 | |
|             runAsNonRoot: true
 | |
|             capabilities:
 | |
|               drop:
 | |
|                 - ALL
 | |
|             seccompProfile:
 | |
|               type: RuntimeDefault
 | |
|           env:
 | |
|             - name: AWS_ACCESS_KEY_ID
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: talos-etcd-backup-secret
 | |
|                   key: AWS_ACCESS_KEY_ID
 | |
|             - name: AWS_SECRET_ACCESS_KEY
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: talos-etcd-backup-secret
 | |
|                   key: AWS_SECRET_ACCESS_KEY
 | |
|             - name: AWS_REGION
 | |
|               value: nyc3
 | |
|             - name: CUSTOM_S3_ENDPOINT
 | |
|               value: https://nyc3.digitaloceanspaces.com
 | |
|             - name: BUCKET
 | |
|               value: talos-backups-bee8585f7b8a4d0239c9b823
 | |
|             - name: S3_PREFIX
 | |
|               value: "cl01tl/etcd"
 | |
|             - name: CLUSTER_NAME
 | |
|               value: "cl01tl"
 | |
|             - name: AGE_X25519_PUBLIC_KEY
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: talos-etcd-backup-secret
 | |
|                   key: AGE_X25519_PUBLIC_KEY
 | |
|             - name: USE_PATH_STYLE
 | |
|               value: "false"
 | |
|           resources:
 | |
|             requests:
 | |
|               cpu: 100m
 | |
|               memory: 128Mi
 | |
|         s3-prune:
 | |
|           image:
 | |
|             repository: d3fk/s3cmd
 | |
|             tag: latest@sha256:1bfc474932010f786286b08622dc4f4154ada2db5b080c86126740cb24c6bf4f
 | |
|             pullPolicy: IfNotPresent
 | |
|           command:
 | |
|             - /bin/sh
 | |
|           args:
 | |
|             - -ec
 | |
|             - |
 | |
|               export DATE_RANGE=$(date -d @$(( $(date +%s) - 1209600 )) +%Y-%m-%dT%H:%M:%SZ);
 | |
|               export FILE_MATCH="$BUCKET/cl01tl/etcd/cl01tl-$DATE_RANGE.snap.age"
 | |
|               echo ">> Running S3 prune for Talos backup repository"
 | |
|               echo ">> Backups prior to '$DATE_RANGE' will be removed"
 | |
|               echo ">> Backups to be removed:"
 | |
|               s3cmd ls ${BUCKET}/cl01tl/etcd/ |
 | |
|                 awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}'
 | |
|               echo ">> Deleting ..."
 | |
|               s3cmd ls ${BUCKET}/cl01tl/etcd/ |
 | |
|                 awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}' |
 | |
|                 while read file; do
 | |
|                   s3cmd del "$file";
 | |
|                 done;
 | |
|               echo ">> Completed S3 prune for Talos backup repository"
 | |
|           env:
 | |
|             - name: BUCKET
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: talos-etcd-backup-secret
 | |
|                   key: BUCKET
 | |
|           resources:
 | |
|             requests:
 | |
|               cpu: 100m
 | |
|               memory: 128Mi
 | |
|   persistence:
 | |
|     tmp:
 | |
|       type: emptyDir
 | |
|       medium: Memory
 | |
|       advancedMounts:
 | |
|         main:
 | |
|           main:
 | |
|             - path: /tmp
 | |
|               readOnly: false
 | |
|     talos:
 | |
|       type: emptyDir
 | |
|       medium: Memory
 | |
|       advancedMounts:
 | |
|         main:
 | |
|           main:
 | |
|             - path: /.talos
 | |
|               readOnly: false
 | |
|     secret:
 | |
|       enabled: true
 | |
|       type: secret
 | |
|       name: talos-backup-secrets
 | |
|       advancedMounts:
 | |
|         main:
 | |
|           main:
 | |
|             - path: /var/run/secrets/talos.dev
 | |
|               readOnly: true
 | |
|               mountPropagation: None
 | |
|     s3cmd-config:
 | |
|       enabled: true
 | |
|       type: secret
 | |
|       name: talos-etcd-backup-secret
 | |
|       advancedMounts:
 | |
|         main:
 | |
|           s3-prune:
 | |
|             - path: /root/.s3cfg
 | |
|               readOnly: true
 | |
|               mountPropagation: None
 | |
|               subPath: .s3cfg
 | |
| etcd-defrag:
 | |
|   global:
 | |
|     fullnameOverride: etcd-defrag
 | |
|   controllers:
 | |
|     defrag-1:
 | |
|       type: cronjob
 | |
|       pod:
 | |
|         nodeSelector:
 | |
|           node-role.kubernetes.io/control-plane: ""
 | |
|         tolerations:
 | |
|           - key: node-role.kubernetes.io/control-plane
 | |
|             operator: Exists
 | |
|             effect: NoSchedule
 | |
|       cronjob:
 | |
|         suspend: false
 | |
|         concurrencyPolicy: Forbid
 | |
|         timeZone: US/Central
 | |
|         schedule: "0 0 * * 0"
 | |
|         startingDeadlineSeconds: 90
 | |
|         successfulJobsHistory: 3
 | |
|         failedJobsHistory: 3
 | |
|         backoffLimit: 3
 | |
|         parallelism: 1
 | |
|       containers:
 | |
|         main:
 | |
|           image:
 | |
|             repository: ghcr.io/siderolabs/talosctl
 | |
|             tag: v1.11.1
 | |
|             pullPolicy: IfNotPresent
 | |
|           args:
 | |
|             - etcd
 | |
|             - defrag
 | |
|             - -n
 | |
|             - "10.232.1.11"
 | |
|           env:
 | |
|             - name: TALOSCONFIG
 | |
|               value: /tmp/.talos/config
 | |
|           resources:
 | |
|             requests:
 | |
|               cpu: 100m
 | |
|               memory: 128Mi
 | |
|     defrag-2:
 | |
|       type: cronjob
 | |
|       pod:
 | |
|         nodeSelector:
 | |
|           node-role.kubernetes.io/control-plane: ""
 | |
|         tolerations:
 | |
|           - key: node-role.kubernetes.io/control-plane
 | |
|             operator: Exists
 | |
|             effect: NoSchedule
 | |
|       cronjob:
 | |
|         suspend: false
 | |
|         concurrencyPolicy: Forbid
 | |
|         timeZone: US/Central
 | |
|         schedule: "10 0 * * 0"
 | |
|         startingDeadlineSeconds: 90
 | |
|         successfulJobsHistory: 3
 | |
|         failedJobsHistory: 3
 | |
|         backoffLimit: 3
 | |
|         parallelism: 1
 | |
|       containers:
 | |
|         main:
 | |
|           image:
 | |
|             repository: ghcr.io/siderolabs/talosctl
 | |
|             tag: v1.11.1
 | |
|             pullPolicy: IfNotPresent
 | |
|           args:
 | |
|             - etcd
 | |
|             - defrag
 | |
|             - -n
 | |
|             - "10.232.1.12"
 | |
|           env:
 | |
|             - name: TALOSCONFIG
 | |
|               value: /tmp/.talos/config
 | |
|           resources:
 | |
|             requests:
 | |
|               cpu: 100m
 | |
|               memory: 128Mi
 | |
|     defrag-3:
 | |
|       type: cronjob
 | |
|       pod:
 | |
|         nodeSelector:
 | |
|           node-role.kubernetes.io/control-plane: ""
 | |
|         tolerations:
 | |
|           - key: node-role.kubernetes.io/control-plane
 | |
|             operator: Exists
 | |
|             effect: NoSchedule
 | |
|       cronjob:
 | |
|         suspend: false
 | |
|         concurrencyPolicy: Forbid
 | |
|         timeZone: US/Central
 | |
|         schedule: "20 0 * * 0"
 | |
|         startingDeadlineSeconds: 90
 | |
|         successfulJobsHistory: 3
 | |
|         failedJobsHistory: 3
 | |
|         backoffLimit: 3
 | |
|         parallelism: 1
 | |
|       containers:
 | |
|         main:
 | |
|           image:
 | |
|             repository: ghcr.io/siderolabs/talosctl
 | |
|             tag: v1.11.1
 | |
|             pullPolicy: IfNotPresent
 | |
|           args:
 | |
|             - etcd
 | |
|             - defrag
 | |
|             - -n
 | |
|             - "10.232.1.13"
 | |
|           env:
 | |
|             - name: TALOSCONFIG
 | |
|               value: /tmp/.talos/config
 | |
|           resources:
 | |
|             requests:
 | |
|               cpu: 100m
 | |
|               memory: 128Mi
 | |
|   persistence:
 | |
|     talos-config-1:
 | |
|       enabled: true
 | |
|       type: secret
 | |
|       name: talos-etcd-defrag-secret
 | |
|       advancedMounts:
 | |
|         defrag-1:
 | |
|           main:
 | |
|             - path: /tmp/.talos/config
 | |
|               readOnly: true
 | |
|               mountPropagation: None
 | |
|               subPath: config
 | |
|     talos-config-2:
 | |
|       enabled: true
 | |
|       type: secret
 | |
|       name: talos-etcd-defrag-secret
 | |
|       advancedMounts:
 | |
|         defrag-2:
 | |
|           main:
 | |
|             - path: /tmp/.talos/config
 | |
|               readOnly: true
 | |
|               mountPropagation: None
 | |
|               subPath: config
 | |
|     talos-config-3:
 | |
|       enabled: true
 | |
|       type: secret
 | |
|       name: talos-etcd-defrag-secret
 | |
|       advancedMounts:
 | |
|         defrag-3:
 | |
|           main:
 | |
|             - path: /tmp/.talos/config
 | |
|               readOnly: true
 | |
|               mountPropagation: None
 | |
|               subPath: config
 |